Trojaner-Board - Windows 7 schwarzer Bildschirm mit Maus nach dem booten

Trojaner-Board (https://www.trojaner-board.de/)

- Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)

- - Windows 7 schwarzer Bildschirm mit Maus nach dem booten (https://www.trojaner-board.de/125876-windows-7-schwarzer-bildschirm-maus-booten.html)

Windows 7 schwarzer Bildschirm mit Maus nach dem booten

Hallo Zusammen,

habe mir letztes Jahr einen Stand-PC bei Terra gekauft.
Der lief auch die ganze Zeit, bis er letzte Woche beim Startversuch auf einem schwarzen Bildschirm mit einem funktionierenden Mauszeiger hängen blieb.
Haben nur die 4 bunten Windows 7 logo farben augleuchten sehen, eine Anmeldung hat noch nihct stattgefunden, und danach bliebt der Bildschirm schwarz (auch über Nacht). Habe den PC zum kleinen Händler gebracht. Die haben mit einer Linuxinstallation zugriff auf das System bekommen und mit Kaspersky 5 Viren entfernt. Dort hat der Rechner dann (wohl) fehlerfrei funktioniert. Zu hause dann das gleiche Problem wieder.
Hin und wieder (ca. jedes 20 Mal booten) läuft der Bootvorgang durch, ich kann mich anmelden und sehe meine Desktop. Nur kein Icon funktioniert, obgleich es optisch den Anschein erweckt gedrückt worden zu sein. Auch das Startmenü ist funktionsfrei sowie das Systray und die Schenllstartleist auch.
Im abgesicherten Modus komme ich an das System, aber nicht an die Daten und Programme.
Habe das halbe Internet schon durchsucht, aber nichts gefunden.
Vielleicht kennt das ja einer von Euch
Was kann das sein ?
Was kann ich machen.

Gruss
Thomas

Funktioniert noch der abgesicherte Modus mit Netzwerktreibern? Mit Internetverbindung?

Abgesicherter Modus zur Bereinigung

Windows mit F8-Taste beim Start in den abgesicherten Modus bringen.
Starte den Rechner in den abgesicherten Modus mit Netzwerktreibern:

Werde ich sofort gleich ausprobieren.
Habe den Rechner erstmal vom Netz genommen, damit er nihct noch mehr anstellen kann.
Ich melde mich...

Habe den Rechner im abgesicherten Modus mit Netzwerktreibern gestartet.
Habe sfc /scannow durchgeführt => Alle OK.
Habe die Auflösung im abgesicherten Modus auf 1024x768 hochgesetzt.
Habe den Graphikkartentreiber gelöscht, in der Hoffnung, dass dieser nach einem Neustart automatisch neu installiert wird. Wurde er nicht. Kiste funktioniert aber wieder, in 1024x768 und im normalen Modus.
Bisher ...:pfeiff:
Werde jetzt noch ein paar mal booten und mich dann wiedre melden ....

Wenn dieser Modus funktioniert, kannst du erstmal routinemäßig einen Vollscan mit malwarebytes machen und Log posten. =>ALLE lokalen Datenträger (außer CD/DVD) überprüfen lassen!
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Die Funde mit Malwarebytes bitte alle entfernen, sodass sie in der Quarantäne von Malwarebytes aufgehoben werden! NICHTS voreilig aus der Quarantäne entfernen!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

hier steht das Log

Hier schonmal der Bericht von Malware ...
Alles weitere morgen ...

Malwarebytes Anti-Malware (Test) 1.65.1.1000
www.malwarebytes.org

Datenbank Version: v2012.10.22.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
derneuste :: DERNEUSTE-PC [Administrator]

Schutz: Aktiviert

22.10.2012 19:26:15
mbam-log-2012-10-22 (19-26-15).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|E:\|J:\|L:\|M:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 743755
Laufzeit: 3 Stunde(n), 43 Minute(n), 17 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 3
M:\Musik\2010\Musik\Noch brennen\Setup.exe (Trojan.Downloader) -> Erfolgreich gelöscht und in Quarantäne gestellt.
M:\FUNSTUFF\2004-10\Elch.exe (Spyware.Passwords.XGen) -> Erfolgreich gelöscht und in Quarantäne gestellt.
M:\FUNSTUFF\2004-07\Olympics_1.exe (Spyware.Passwords.XGen) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

Guten morgen zusammen,

nachdem ich nun gestern nach einem schnellen Suchlauf nichts gefunden habe, habe ich nach einen vollständigen Scan drei Viren/trojaner auf einer externen Festplatte gefunden. Ich habe ich auf "Ausgewähltes entfernen" geklickt, wie in der Dolku (http://www.trojaner-board.de/51187-a...i-malware.html) beschrieben, und den PC neu gebootet. Dann blieb er beim
-ersten Mal beim dem Mauszeiger auf schwarzem Bildschirm hängen
- beim zweiten Mal beim schwarzen Bildschirm ohne Mauszeiger und
- beim dritten Mal wieder beim Mauszeiger auf schwarzem Bildschirm.

Jetzt ist er wieder aus.
Was ist passiert? Er hat doch die ganze Zeit ein paar Tage ohne Probleme funktioniert.

Werde mal das Eset im abgesicherten Modus späater ausproblieren.

Gruss
derzapfer

PS: 19 Windows updates wurden auch noch bei einem der letzten Neustarts installiert ...

Zitat:

Die haben mit einer Linuxinstallation zugriff auf das System bekommen und mit Kaspersky 5 Viren entfernt.

Hab die dir eigentlich mitgeteilt was genau gefunden wurde? Oder auch einfach nur lapidar "es wurden fünf Viren gefunden"? ;)

Beim Ausdrucken des Viruses stand immer 010101010...

Wie soll man das jetzt verstehen?
Es muss doch gemeldet worden sein was genau gefunden wurde in welcher Datei
Wer wollte da etwas ausdrucken - unter Linux?

Zwischenbericht:
Ich war leider nicht dabei und habe das auch nihct hinterfragt. Da es sich um einen Kollegen handelt, glaube ich schon dass der mir keinen "Scheiss" erzählt.
Es geht doch in erste Linie um den Rechner, nicht um "Schuldzuweisungen" oder "Kompetenzinfragestellungen", oder ?
Nihcts dest trotz gebe ich Dir Recht, wäre Infos über den früheren Fund aufschlussreich. Ich werde mal versuchen mehr herauszubekommen, ggf. finde ich noch eine Logdatei (von dem ersten (5) Virusfund) auf dem PC. Die poste ich dann später hier.
Ich habe die Kiste gestern mal wieder im abgesicherten Modus mit Netzwerk gestartet und wieder eine vollständige Malwarebytesuche durchgeführt. Es wurde nichts gefunden. Werde heute mich auch mal mit Eset auseinandersetzen.

Kann ich sonst noch was tun ?

Gruss Thomas

Zitat:

Es geht doch in erste Linie um den Rechner, nicht um "Schuldzuweisungen" oder "Kompetenzinfragestellungen", oder ?

Darum geht es mir ja nun auch wirklich nicht, ich wollte lediglich nachvollziehen können was da so passierte und was in dem LinuxRescueSystem an Schädlingen gefunden wurde. Aber das lässt sich ja nun nicht mehr sagen, egal.

Mach bitte ein Log mit

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop.

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

hallo Cosinus,

hört sich ja gefährllich an, aber werde ich heute abend sofort mal machen.
Ich melde mich und poste.
Danke und LG
derzapfer

ohne Worte, ausser: Avira war noch aktiv...

Combofix Logfile:

Code:

ComboFix 12-10-25.02 - xxxxxxxx 25.10.2012  21:53:02.1.2 - x64 NETWORK

Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.3581.2751 [GMT 2:00]

ausgeführt von:: c:\users\derneuste\Desktop\ComboFix.exe

AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}

SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

 * Neuer Wiederherstellungspunkt wurde erstellt

.

.

(((((((((((((((((((((((   Dateien erstellt von 2012-09-25 bis 2012-10-25  ))))))))))))))))))))))))))))))

.

.

2012-10-22 17:16 . 2012-09-29 17:54        25928        ----a-w-        c:\windows\system32\drivers\mbam.sys

2012-10-21 17:11 . 2012-08-21 21:01        245760        ----a-w-        c:\windows\system32\OxpsConverter.exe

2012-10-21 17:11 . 2012-08-31 18:19        1659760        ----a-w-        c:\windows\system32\drivers\ntfs.sys

2012-10-21 17:11 . 2012-08-30 18:03        5559664        ----a-w-        c:\windows\system32\ntoskrnl.exe

2012-10-21 17:11 . 2012-08-30 17:12        3914096        ----a-w-        c:\windows\SysWow64\ntoskrnl.exe

2012-10-21 17:11 . 2012-08-30 17:12        3968880        ----a-w-        c:\windows\SysWow64\ntkrnlpa.exe

2012-10-21 17:11 . 2012-08-20 18:48        424448        ----a-w-        c:\windows\system32\KernelBase.dll

2012-10-21 17:11 . 2012-08-20 18:48        1162240        ----a-w-        c:\windows\system32\kernel32.dll

2012-10-21 17:08 . 2012-10-17 00:31        9291768        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{B34CFA47-1DE6-4A69-B6E2-4187010A7D5E}\mpengine.dll

2012-10-21 17:07 . 2012-08-11 00:56        715776        ----a-w-        c:\windows\system32\kerberos.dll

2012-10-21 17:07 . 2012-08-10 23:56        542208        ----a-w-        c:\windows\SysWow64\kerberos.dll

2012-10-21 17:04 . 2012-06-02 05:41        1464320        ----a-w-        c:\windows\system32\crypt32.dll

2012-10-21 17:04 . 2012-06-02 04:36        1159680        ----a-w-        c:\windows\SysWow64\crypt32.dll

2012-10-21 17:04 . 2012-06-02 05:41        184320        ----a-w-        c:\windows\system32\cryptsvc.dll

2012-10-21 17:04 . 2012-06-02 05:41        140288        ----a-w-        c:\windows\system32\cryptnet.dll

2012-10-21 17:04 . 2012-06-02 04:36        140288        ----a-w-        c:\windows\SysWow64\cryptsvc.dll

2012-10-21 17:04 . 2012-06-02 04:36        103936        ----a-w-        c:\windows\SysWow64\cryptnet.dll

2012-10-13 11:53 . 2012-10-18 22:48        --------        d-----w-        c:\program files (x86)\Microsoft Silverlight

2012-10-13 11:53 . 2012-10-18 22:48        --------        d-----w-        c:\program files\Microsoft Silverlight

2012-10-13 10:48 . 2012-10-13 10:48        --------        d-----w-        c:\users\derneuste\AppData\Roaming\Malwarebytes

2012-10-13 10:48 . 2012-10-13 10:48        --------        d-----w-        c:\programdata\Malwarebytes

2012-10-13 10:48 . 2012-10-22 17:16        --------        d-----w-        c:\program files (x86)\Malwarebytes' Anti-Malware

2012-10-12 16:59 . 2012-10-13 11:45        --------        d-----w-        C:\Kaspersky Rescue Disk 10.0

2012-10-02 23:17 . 2012-10-02 23:17        --------        d-----w-        c:\program files (x86)\Microsoft

2012-09-29 18:22 . 2012-09-29 18:22        --------        d-----w-        c:\users\derneuste\AppData\Local\Macromedia

.

.

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-10-11 19:29 . 2012-09-25 18:39        696760        ----a-w-        c:\windows\SysWow64\FlashPlayerApp.exe

2012-09-27 22:18 . 2012-01-10 06:50        65309168        ----a-w-        c:\windows\system32\MRT.exe

2012-08-24 11:15 . 2012-09-23 01:00        17810944        ----a-w-        c:\windows\system32\mshtml.dll

2012-08-24 10:39 . 2012-09-23 01:00        10925568        ----a-w-        c:\windows\system32\ieframe.dll

2012-08-24 10:31 . 2012-09-23 01:00        2312704        ----a-w-        c:\windows\system32\jscript9.dll

2012-08-24 10:22 . 2012-09-23 01:00        1346048        ----a-w-        c:\windows\system32\urlmon.dll

2012-08-24 10:21 . 2012-09-23 01:00        1392128        ----a-w-        c:\windows\system32\wininet.dll

2012-08-24 10:20 . 2012-09-23 01:00        1494528        ----a-w-        c:\windows\system32\inetcpl.cpl

2012-08-24 10:18 . 2012-09-23 01:00        237056        ----a-w-        c:\windows\system32\url.dll

2012-08-24 10:17 . 2012-09-23 01:00        85504        ----a-w-        c:\windows\system32\jsproxy.dll

2012-08-24 10:14 . 2012-09-23 01:00        173056        ----a-w-        c:\windows\system32\ieUnatt.exe

2012-08-24 10:14 . 2012-09-23 01:00        816640        ----a-w-        c:\windows\system32\jscript.dll

2012-08-24 10:13 . 2012-09-23 01:00        599040        ----a-w-        c:\windows\system32\vbscript.dll

2012-08-24 10:12 . 2012-09-23 01:00        2144768        ----a-w-        c:\windows\system32\iertutil.dll

2012-08-24 10:11 . 2012-09-23 01:00        729088        ----a-w-        c:\windows\system32\msfeeds.dll

2012-08-24 10:10 . 2012-09-23 01:00        96768        ----a-w-        c:\windows\system32\mshtmled.dll

2012-08-24 10:09 . 2012-09-23 01:00        2382848        ----a-w-        c:\windows\system32\mshtml.tlb

2012-08-24 10:04 . 2012-09-23 01:00        248320        ----a-w-        c:\windows\system32\ieui.dll

2012-08-24 06:59 . 2012-09-23 01:00        1800704        ----a-w-        c:\windows\SysWow64\jscript9.dll

2012-08-24 06:51 . 2012-09-23 01:00        1129472        ----a-w-        c:\windows\SysWow64\wininet.dll

2012-08-24 06:51 . 2012-09-23 01:00        1427968        ----a-w-        c:\windows\SysWow64\inetcpl.cpl

2012-08-24 06:47 . 2012-09-23 01:00        142848        ----a-w-        c:\windows\SysWow64\ieUnatt.exe

2012-08-24 06:47 . 2012-09-23 01:00        420864        ----a-w-        c:\windows\SysWow64\vbscript.dll

2012-08-24 06:43 . 2012-09-23 01:00        2382848        ----a-w-        c:\windows\SysWow64\mshtml.tlb

2012-08-22 18:12 . 2012-09-12 16:50        1913200        ----a-w-        c:\windows\system32\drivers\tcpip.sys

2012-08-22 18:12 . 2012-09-12 16:50        950128        ----a-w-        c:\windows\system32\drivers\ndis.sys

2012-08-22 18:12 . 2012-09-12 16:50        376688        ----a-w-        c:\windows\system32\drivers\netio.sys

2012-08-22 18:12 . 2012-09-12 16:50        288624        ----a-w-        c:\windows\system32\drivers\FWPKCLNT.SYS

2012-08-21 11:01 . 2012-09-23 10:36        33240        ----a-w-        c:\windows\system32\drivers\GEARAspiWDM.sys

2012-08-21 11:01 . 2012-02-04 12:28        125872        ----a-w-        c:\windows\system32\GEARAspi64.dll

2012-08-21 11:01 . 2012-02-04 12:28        106928        ----a-w-        c:\windows\SysWow64\GEARAspi.dll

2012-08-20 17:38 . 2012-10-21 17:10        44032        ----a-w-        c:\windows\apppatch\acwow64.dll

2012-08-02 17:58 . 2012-09-12 16:50        574464        ----a-w-        c:\windows\system32\d3d10level9.dll

2012-08-02 16:57 . 2012-09-12 16:50        490496        ----a-w-        c:\windows\SysWow64\d3d10level9.dll

.

.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2012-06-20 1519824]

.

[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]

.

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{BE7A24F5-69CB-4708-B77B-B1EDA6043B95}]

.

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{bff6b2ca-366c-4a90-b685-d87776deb0d2}]

2012-09-06 21:11        89288        ----a-w-        c:\progra~2\IMESHA~1\Mediabar\Datamngr\SRTOOL~1\searchresultsDx.dll

.

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]

2012-06-20 11:18        1519824        ----a-w-        c:\program files (x86)\Ask.com\GenericAskToolbar.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]

"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2012-06-20 1519824]

"{bff6b2ca-366c-4a90-b685-d87776deb0d2}"= "c:\progra~2\IMESHA~1\Mediabar\Datamngr\SRTOOL~1\searchresultsDx.dll" [2012-09-06 89288]

.

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]

[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

.

[HKEY_CLASSES_ROOT\clsid\{bff6b2ca-366c-4a90-b685-d87776deb0d2}]

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"PCSpeedUp"="c:\program files (x86)\PC Beschleunigen\PCSpeedUp.lnk" [2011-12-30 2197]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2011-09-16 115048]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-11-09 343168]

"avgnt"="e:\avira\AntiVir Desktop\avgnt.exe" [2012-08-08 348664]

"iSaverCtrl"="c:\program files (x86)\iSaver\iSaverCtrl.exe" [2010-04-19 1152512]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-27 59280]

"ApnUpdater"="c:\program files (x86)\Ask.com\Updater\Updater.exe" [2012-06-20 1568976]

"iTunesHelper"="c:\itunes\iTunesHelper.exe" [2012-09-09 421776]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-18 421888]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]

"Malwarebytes Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-09-29 766536]

"Malwarebytes Anti-Malware (cleanup)"="c:\programdata\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll" [2012-09-29 1089608]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"LoadAppInit_DLLs"=1 (0x1)

"AppInit_DLLs"=c:\progra~2\IMESHA~1\Mediabar\Datamngr\datamngr.dll c:\progra~2\IMESHA~1\Mediabar\Datamngr\IEBHO.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages        REG_MULTI_SZ           kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

R1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2011-09-15 27760]

R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]

R2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-11-09 361984]

R2 AntiVirSchedulerService;Avira Scheduler;e:\avira\AntiVir Desktop\sched.exe [2012-05-09 86224]

R2 AntiVirWebService;Avira Web Protection;e:\avira\AntiVir Desktop\AVWEBGRD.EXE [2012-05-09 465360]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 inpoutx64;inpoutx64;c:\windows\system32\Drivers\inpoutx64.sys [2011-12-22 15008]

R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-29 399432]

R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-29 676936]

R2 NIHardwareService;NIHardwareService;c:\program files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [2011-10-12 5739008]

R2 NitroReaderDriverReadSpool2;NitroPDFReaderDriverCreatorReadSpool2;c:\program files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe [2012-03-12 204792]

R2 PCSUService;PC Speed Up Service;c:\program files (x86)\PC Beschleunigen\PCSUService.exe [2011-11-07 235232]

R3 ahcix64s;ahcix64s;c:\windows\system32\drivers\ahcix64s.sys [2011-05-20 282704]

R3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-11-10 10567680]

R3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-11-10 325632]

R3 cpuz135;cpuz135;c:\users\ADMINI~1\AppData\Local\Temp\cpuz135\cpuz135_x64.sys [x]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-29 25928]

R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-10-25 115168]

R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys [2011-08-02 22528]

R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\drivers\nusb3hub.sys [2011-09-13 95744]

R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\drivers\nusb3xhc.sys [2011-09-13 212992]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]

R3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-08-02 51712]

R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2012-03-10 1255736]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]

S0 amd_sata;amd_sata;c:\windows\system32\drivers\amd_sata.sys [2011-04-15 79488]

S0 amd_xata;amd_xata;c:\windows\system32\drivers\amd_xata.sys [2011-04-15 40064]

S3 amdhub30;AMD USB 3.0 Hub Driver;c:\windows\system32\drivers\amdhub30.sys [2011-03-18 87168]

S3 amdiox64;AMD IO Driver;c:\windows\system32\drivers\amdiox64.sys [2010-02-18 46136]

S3 amdxhc;AMD USB 3.0 Host Controller Driver;c:\windows\system32\drivers\amdxhc.sys [2011-03-18 188544]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-09-29 646248]

.

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BE7A24F5-69CB-4708-B77B-B1EDA6043B95}]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-12-13 13374568]

"RtHDVBg_Dolby"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-11-15 2277992]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLs"=c:\progra~2\IMESHA~1\Mediabar\Datamngr\x64\datamngr.dll c:\progra~2\IMESHA~1\Mediabar\Datamngr\x64\IEBHO.dll

.

------- Zusätzlicher Suchlauf -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://search.imesh.net

mStart Page = hxxp://nmd.msn.com

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000

LSP: e:\avira\AntiVir Desktop\avsda.dll

TCP: Interfaces\{AFBD353B-2ECF-40CF-A0A7-08855C94329C}: NameServer = 192.168.2.1

FF - ProfilePath - c:\users\derneuste\AppData\Roaming\Mozilla\Firefox\Profiles\rnt99qkn.default\

FF - prefs.js: browser.search.selectedEngine - Ask.com

FF - prefs.js: browser.startup.homepage - www.google.de

FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=AVR-3&o=APN10395&locale=de_DE&apn_uid=195e2ea4-22e9-47d9-953a-f15c57de7352&apn_ptnrs=^ABT&apn_sauid=65C1CBDC-5422-4EF3-8342-C6820E44D459&apn_dtid=^YYYYYY^YY^DE&&q=

FF - ExtSQL: 2012-09-18 20:39; {bff6b2ca-366c-4a90-b685-d87776deb0d2}; c:\users\derneuste\AppData\Roaming\Mozilla\Firefox\Profiles\rnt99qkn.default\extensions\{bff6b2ca-366c-4a90-b685-d87776deb0d2}

FF - ExtSQL: 2012-09-18 20:39; {1FD91A9C-410C-4090-BBCC-55D3450EF433}; c:\program files (x86)\iMesh Applications\Mediabar\Datamngr\FirefoxExtension

FF - ExtSQL: 2012-09-29 10:43; {EEE6C361-6118-11DC-9C72-001320C79847}; c:\users\derneuste\AppData\Roaming\Mozilla\Firefox\Profiles\rnt99qkn.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi

FF - ExtSQL: !HIDDEN! 2012-09-18 20:39; {1FD91A9C-410C-4090-BBCC-55D3450EF433}; c:\program files (x86)\iMesh Applications\Mediabar\Datamngr\FirefoxExtension

.

- - - - Entfernte verwaiste Registrierungseinträge - - - -

.

Toolbar-Locked - (no file)

Toolbar-10 - (no file)

Wow6432Node-HKCU-Run-ZortamMp3MediaStudio - e:\zortam mp3 media studio\zmmspro.exe

Wow6432Node-HKLM-Run-<NO NAME> - (no file)

Toolbar-Locked - (no file)

Toolbar-10 - (no file)

AddRemove-MediaMonkey_is1 - e:\mediamonkey\unins000.exe

.

.

.

--------------------- Gesperrte Registrierungsschluessel ---------------------

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Zeit der Fertigstellung: 2012-10-25  22:03:49

ComboFix-quarantined-files.txt  2012-10-25 20:03

.

Vor Suchlauf: 16 Verzeichnis(se), 358.402.142.208 Bytes frei

Nach Suchlauf: 21 Verzeichnis(se), 358.521.847.808 Bytes frei

.

- - End Of File - - 3728A5D38C5D232FD4CE7066BBFC5759

--- --- ---

Zwischenbericht:
Nachdem ich gestern das combofix ausgeführt habe, läßt sich heute der PC ganz normal starten. Den AMD Graphikkartentreiber hat er allerdings immer noch nicht installiert. Das werde ich aktuell auch noch nicht manuell initiieren, da es nihct auszuschlliessen ist, dass in dem Bereich Graphikkarte etwas strubbelig ist.
Kümmere mich jetzt mal um ESET.

Ich berichte ...

Hier das Eset Log der 387 vermeintlichen Funde:

C:\Program Files (x86)\iMesh Applications\Mediabar\Datamngr\datamngr.dll a variant of Win32/Toolbar.SearchSuite application
C:\Program Files (x86)\iMesh Applications\Mediabar\Datamngr\datamngrUI.exe a variant of Win32/Toolbar.SearchSuite.A application
C:\Program Files (x86)\iMesh Applications\Mediabar\Datamngr\DnsBHO.dll a variant of Win32/Toolbar.SearchSuite application
C:\Program Files (x86)\iMesh Applications\Mediabar\Datamngr\IEBHO.dll a variant of Win32/Toolbar.SearchSuite application
C:\Users\derneuste\Downloads\SoftonicDownloader_fuer_album-cover-finder.exe Win32/SoftonicDownloader.C application
C:\Users\derneuste\Downloads\SoftonicDownloader_fuer_tagscanner.exe Win32/SoftonicDownloader.C application
E:\Laptop 25122010\Favoriten\Rest\computer\Sonstiges1\Fun & Games\Betting.lnk LNK/URL.B trojan
E:\Laptop 25122010\Favoriten\Rest\computer\Sonstiges1\Fun & Games\Casino Palace.lnk LNK/URL.B trojan
E:\Laptop 25122010\Favoriten\Rest\computer\Sonstiges1\Fun & Games\Casino.lnk LNK/URL.B trojan
E:\Laptop 25122010\Favoriten\Rest\computer\Sonstiges1\Fun & Games\Games.lnk LNK/URL.B trojan
E:\Laptop 25122010\Favoriten\Rest\computer\Sonstiges1\Fun & Games\Horoscope.lnk LNK/URL.B trojan
E:\Laptop 25122010\Favoriten\Rest\computer\Sonstiges1\Going Places\Air Tickets.lnk LNK/URL.B trojan
E:\Laptop 25122010\Favoriten\Rest\computer\Sonstiges1\Going Places\Car Rentals.lnk LNK/URL.B trojan
E:\Laptop 25122010\Favoriten\Rest\computer\Sonstiges1\Going Places\Hotel Deals.lnk LNK/URL.B trojan
E:\Laptop 25122010\Favoriten\Rest\computer\Sonstiges1\Going Places\Luggage.lnk LNK/URL.B trojan
E:\Laptop 25122010\Favoriten\Rest\computer\Sonstiges1\Going Places\Travel.lnk LNK/URL.B trojan
E:\Laptop 25122010\Favoriten\Rest\computer\Sonstiges1\Living\Dating.lnk LNK/URL.B trojan
E:\Laptop 25122010\Favoriten\Rest\computer\Sonstiges1\Living\Find a Degree.lnk LNK/URL.B trojan
E:\Laptop 25122010\Favoriten\Rest\computer\Sonstiges1\Living\Find a job.lnk LNK/URL.B trojan
E:\Laptop 25122010\Favoriten\Rest\computer\Sonstiges1\Living\Home.lnk LNK/URL.B trojan
E:\Laptop 25122010\Favoriten\Rest\computer\Sonstiges1\Living\Insurance.lnk LNK/URL.B trojan
E:\Laptop 25122010\Favoriten\Rest\computer\Sonstiges1\Shop\Auctions.lnk LNK/URL.B trojan
E:\Laptop 25122010\Favoriten\Rest\computer\Sonstiges1\Shop\Books.lnk LNK/URL.B trojan
E:\Laptop 25122010\Favoriten\Rest\computer\Sonstiges1\Shop\Computers.lnk LNK/URL.B trojan
E:\Laptop 25122010\Favoriten\Rest\computer\Sonstiges1\Shop\Discount.lnk LNK/URL.B trojan
E:\Laptop 25122010\Favoriten\Rest\computer\Sonstiges1\Shop\Flowers.lnk LNK/URL.B trojan
E:\Laptop 25122010\Favoriten\Rest\computer\Sonstiges1\Shop\Golf.lnk LNK/URL.B trojan
E:\Laptop 25122010\Favoriten\Rest\computer\Sonstiges1\Shop\Jewelry.lnk LNK/URL.B trojan
E:\Laptop 25122010\Favoriten\Rest\computer\Sonstiges1\Shop\Movies.lnk LNK/URL.B trojan
E:\Laptop 25122010\Favoriten\Rest\computer\Sonstiges1\Shop\Music.lnk LNK/URL.B trojan
E:\Laptop 25122010\Favoriten\Rest\computer\Sonstiges1\Shop\Online Store.lnk LNK/URL.B trojan
E:\Laptop 25122010\Favoriten\Rest\computer\Sonstiges1\Shop\Perfume.lnk LNK/URL.B trojan
E:\Laptop 25122010\Favoriten\Rest\computer\Sonstiges1\Shop\Sleepwear.lnk LNK/URL.B trojan
E:\Laptop 25122010\Favoriten\Rest\computer\Sonstiges1\Sonstiges\Fun & Games\Betting.lnk LNK/URL.B trojan
E:\Laptop 25122010\Favoriten\Rest\computer\Sonstiges1\Sonstiges\Fun & Games\Casino Palace.lnk LNK/URL.B trojan
E:\Laptop 25122010\Favoriten\Rest\computer\Sonstiges1\Sonstiges\Fun & Games\Casino.lnk LNK/URL.B trojan
E:\Laptop 25122010\Favoriten\Rest\computer\Sonstiges1\Sonstiges\Fun & Games\Games.lnk LNK/URL.B trojan
E:\Laptop 25122010\Favoriten\Rest\computer\Sonstiges1\Sonstiges\Fun & Games\Horoscope.lnk LNK/URL.B trojan
E:\Laptop 25122010\Favoriten\Rest\computer\Sonstiges1\Sonstiges\Going Places\Air Tickets.lnk LNK/URL.B trojan
E:\Laptop 25122010\Favoriten\Rest\computer\Sonstiges1\Sonstiges\Going Places\Car Rentals.lnk LNK/URL.B trojan
E:\Laptop 25122010\Favoriten\Rest\computer\Sonstiges1\Sonstiges\Going Places\Hotel Deals.lnk LNK/URL.B trojan
E:\Laptop 25122010\Favoriten\Rest\computer\Sonstiges1\Sonstiges\Going Places\Luggage.lnk LNK/URL.B trojan
E:\Laptop 25122010\Favoriten\Rest\computer\Sonstiges1\Sonstiges\Going Places\Travel.lnk LNK/URL.B trojan
E:\Laptop 25122010\Favoriten\Rest\computer\Sonstiges1\Sonstiges\Living\Dating.lnk LNK/URL.B trojan
E:\Laptop 25122010\Favoriten\Rest\computer\Sonstiges1\Sonstiges\Living\Find a Degree.lnk LNK/URL.B trojan
E:\Laptop 25122010\Favoriten\Rest\computer\Sonstiges1\Sonstiges\Living\Find a job.lnk LNK/URL.B trojan
E:\Laptop 25122010\Favoriten\Rest\computer\Sonstiges1\Sonstiges\Living\Home.lnk LNK/URL.B trojan
E:\Laptop 25122010\Favoriten\Rest\computer\Sonstiges1\Sonstiges\Living\Insurance.lnk LNK/URL.B trojan
E:\Laptop 25122010\Favoriten\Rest\computer\Sonstiges1\Sonstiges\Shop\Auctions.lnk LNK/URL.B trojan
E:\Laptop 25122010\Favoriten\Rest\computer\Sonstiges1\Sonstiges\Shop\Books.lnk LNK/URL.B trojan
E:\Laptop 25122010\Favoriten\Rest\computer\Sonstiges1\Sonstiges\Shop\Computers.lnk LNK/URL.B trojan
E:\Laptop 25122010\Favoriten\Rest\computer\Sonstiges1\Sonstiges\Shop\Discount.lnk LNK/URL.B trojan
E:\Laptop 25122010\Favoriten\Rest\computer\Sonstiges1\Sonstiges\Shop\Flowers.lnk LNK/URL.B trojan
E:\Laptop 25122010\Favoriten\Rest\computer\Sonstiges1\Sonstiges\Shop\Golf.lnk LNK/URL.B trojan
E:\Laptop 25122010\Favoriten\Rest\computer\Sonstiges1\Sonstiges\Shop\Jewelry.lnk LNK/URL.B trojan
E:\Laptop 25122010\Favoriten\Rest\computer\Sonstiges1\Sonstiges\Shop\Movies.lnk LNK/URL.B trojan
E:\Laptop 25122010\Favoriten\Rest\computer\Sonstiges1\Sonstiges\Shop\Music.lnk LNK/URL.B trojan
E:\Laptop 25122010\Favoriten\Rest\computer\Sonstiges1\Sonstiges\Shop\Online Store.lnk LNK/URL.B trojan
E:\Laptop 25122010\Favoriten\Rest\computer\Sonstiges1\Sonstiges\Shop\Perfume.lnk LNK/URL.B trojan
E:\Laptop 25122010\Favoriten\Rest\computer\Sonstiges1\Sonstiges\Shop\Sleepwear.lnk LNK/URL.B trojan
E:\Laptop 25122010\Favoriten\Rest\computer\Sonstiges1\Sonstiges\Technology\Adware Remover.lnk LNK/URL.B trojan
E:\Laptop 25122010\Favoriten\Rest\computer\Sonstiges1\Sonstiges\Technology\Anti-Virus.lnk LNK/URL.B trojan
E:\Laptop 25122010\Favoriten\Rest\computer\Sonstiges1\Sonstiges\Technology\PC Cleaner.lnk LNK/URL.B trojan
E:\Laptop 25122010\Favoriten\Rest\computer\Sonstiges1\Sonstiges\Technology\Tech & gadgets.lnk LNK/URL.B trojan
E:\Laptop 25122010\Favoriten\Rest\computer\Sonstiges1\Technology\Adware Remover.lnk LNK/URL.B trojan
E:\Laptop 25122010\Favoriten\Rest\computer\Sonstiges1\Technology\Anti-Virus.lnk LNK/URL.B trojan
E:\Laptop 25122010\Favoriten\Rest\computer\Sonstiges1\Technology\PC Cleaner.lnk LNK/URL.B trojan
E:\Laptop 25122010\Favoriten\Rest\computer\Sonstiges1\Technology\Tech & gadgets.lnk LNK/URL.B trojan
E:\Laptop 25122010\Favoriten\Rest\Fun & Games\Betting.lnk LNK/URL.B trojan
E:\Laptop 25122010\Favoriten\Rest\Fun & Games\Casino Palace.lnk LNK/URL.B trojan
E:\Laptop 25122010\Favoriten\Rest\Fun & Games\Casino.lnk LNK/URL.B trojan
E:\Laptop 25122010\Favoriten\Rest\Fun & Games\Games.lnk LNK/URL.B trojan
E:\Laptop 25122010\Favoriten\Rest\Fun & Games\Horoscope.lnk LNK/URL.B trojan
E:\Laptop 25122010\Favoriten\Rest\Going Places\Air Tickets.lnk LNK/URL.B trojan
E:\Laptop 25122010\Favoriten\Rest\Going Places\Car Rentals.lnk LNK/URL.B trojan
E:\Laptop 25122010\Favoriten\Rest\Going Places\Hotel Deals.lnk LNK/URL.B trojan
E:\Laptop 25122010\Favoriten\Rest\Going Places\Luggage.lnk LNK/URL.B trojan
E:\Laptop 25122010\Favoriten\Rest\Going Places\Travel.lnk LNK/URL.B trojan
E:\Laptop 25122010\Favoriten\Rest\Living\Dating.lnk LNK/URL.B trojan
E:\Laptop 25122010\Favoriten\Rest\Living\Find a Degree.lnk LNK/URL.B trojan
E:\Laptop 25122010\Favoriten\Rest\Living\Find a job.lnk LNK/URL.B trojan
E:\Laptop 25122010\Favoriten\Rest\Living\Home.lnk LNK/URL.B trojan
E:\Laptop 25122010\Favoriten\Rest\Living\Insurance.lnk LNK/URL.B trojan
E:\Laptop 25122010\Favoriten\Rest\Shop\Auctions.lnk LNK/URL.B trojan
E:\Laptop 25122010\Favoriten\Rest\Shop\Books.lnk LNK/URL.B trojan
E:\Laptop 25122010\Favoriten\Rest\Shop\Computers.lnk LNK/URL.B trojan
E:\Laptop 25122010\Favoriten\Rest\Shop\Discount.lnk LNK/URL.B trojan
E:\Laptop 25122010\Favoriten\Rest\Shop\Flowers.lnk LNK/URL.B trojan
E:\Laptop 25122010\Favoriten\Rest\Shop\Golf.lnk LNK/URL.B trojan
E:\Laptop 25122010\Favoriten\Rest\Shop\Jewelry.lnk LNK/URL.B trojan
E:\Laptop 25122010\Favoriten\Rest\Shop\Movies.lnk LNK/URL.B trojan
E:\Laptop 25122010\Favoriten\Rest\Shop\Music.lnk LNK/URL.B trojan
E:\Laptop 25122010\Favoriten\Rest\Shop\Online Store.lnk LNK/URL.B trojan
E:\Laptop 25122010\Favoriten\Rest\Shop\Perfume.lnk LNK/URL.B trojan
E:\Laptop 25122010\Favoriten\Rest\Shop\Sleepwear.lnk LNK/URL.B trojan
E:\Laptop 25122010\Favoriten\Rest\Sonstiges08\Fun & Games\Betting.lnk LNK/URL.B trojan
E:\Laptop 25122010\Favoriten\Rest\Sonstiges08\Fun & Games\Casino Palace.lnk LNK/URL.B trojan
E:\Laptop 25122010\Favoriten\Rest\Sonstiges08\Fun & Games\Casino.lnk LNK/URL.B trojan
E:\Laptop 25122010\Favoriten\Rest\Sonstiges08\Fun & Games\Games.lnk LNK/URL.B trojan
E:\Laptop 25122010\Favoriten\Rest\Sonstiges08\Fun & Games\Horoscope.lnk LNK/URL.B trojan
E:\Laptop 25122010\Favoriten\Rest\Sonstiges08\Going Places\Air Tickets.lnk LNK/URL.B trojan
E:\Laptop 25122010\Favoriten\Rest\Sonstiges08\Going Places\Car Rentals.lnk LNK/URL.B trojan
E:\Laptop 25122010\Favoriten\Rest\Sonstiges08\Going Places\Hotel Deals.lnk LNK/URL.B trojan
E:\Laptop 25122010\Favoriten\Rest\Sonstiges08\Going Places\Luggage.lnk LNK/URL.B trojan
E:\Laptop 25122010\Favoriten\Rest\Sonstiges08\Going Places\Travel.lnk LNK/URL.B trojan
E:\Laptop 25122010\Favoriten\Rest\Sonstiges08\Living\Dating.lnk LNK/URL.B trojan
E:\Laptop 25122010\Favoriten\Rest\Sonstiges08\Living\Find a Degree.lnk LNK/URL.B trojan
E:\Laptop 25122010\Favoriten\Rest\Sonstiges08\Living\Find a job.lnk LNK/URL.B trojan
E:\Laptop 25122010\Favoriten\Rest\Sonstiges08\Living\Home.lnk LNK/URL.B trojan
E:\Laptop 25122010\Favoriten\Rest\Sonstiges08\Living\Insurance.lnk LNK/URL.B trojan
E:\Laptop 25122010\Favoriten\Rest\Sonstiges08\Shop\Auctions.lnk LNK/URL.B trojan
E:\Laptop 25122010\Favoriten\Rest\Sonstiges08\Shop\Books.lnk LNK/URL.B trojan
E:\Laptop 25122010\Favoriten\Rest\Sonstiges08\Shop\Computers.lnk LNK/URL.B trojan
E:\Laptop 25122010\Favoriten\Rest\Sonstiges08\Shop\Discount.lnk LNK/URL.B trojan
E:\Laptop 25122010\Favoriten\Rest\Sonstiges08\Shop\Flowers.lnk LNK/URL.B trojan
E:\Laptop 25122010\Favoriten\Rest\Sonstiges08\Shop\Golf.lnk LNK/URL.B trojan
E:\Laptop 25122010\Favoriten\Rest\Sonstiges08\Shop\Jewelry.lnk LNK/URL.B trojan
E:\Laptop 25122010\Favoriten\Rest\Sonstiges08\Shop\Movies.lnk LNK/URL.B trojan
E:\Laptop 25122010\Favoriten\Rest\Sonstiges08\Shop\Music.lnk LNK/URL.B trojan
E:\Laptop 25122010\Favoriten\Rest\Sonstiges08\Shop\Online Store.lnk LNK/URL.B trojan
E:\Laptop 25122010\Favoriten\Rest\Sonstiges08\Shop\Perfume.lnk LNK/URL.B trojan
E:\Laptop 25122010\Favoriten\Rest\Sonstiges08\Shop\Sleepwear.lnk LNK/URL.B trojan
E:\Laptop 25122010\Favoriten\Rest\Sonstiges08\Technology\Adware Remover.lnk LNK/URL.B trojan
E:\Laptop 25122010\Favoriten\Rest\Sonstiges08\Technology\Anti-Virus.lnk LNK/URL.B trojan
E:\Laptop 25122010\Favoriten\Rest\Sonstiges08\Technology\PC Cleaner.lnk LNK/URL.B trojan
E:\Laptop 25122010\Favoriten\Rest\Sonstiges08\Technology\Tech & gadgets.lnk LNK/URL.B trojan
E:\Laptop 25122010\Favoriten\Rest\Sonstiges1\Fun & Games\Betting.lnk LNK/URL.B trojan
E:\Laptop 25122010\Favoriten\Rest\Sonstiges1\Fun & Games\Casino Palace.lnk LNK/URL.B trojan
E:\Laptop 25122010\Favoriten\Rest\Sonstiges1\Fun & Games\Casino.lnk LNK/URL.B trojan
E:\Laptop 25122010\Favoriten\Rest\Sonstiges1\Fun & Games\Games.lnk LNK/URL.B trojan
E:\Laptop 25122010\Favoriten\Rest\Sonstiges1\Fun & Games\Horoscope.lnk LNK/URL.B trojan
E:\Laptop 25122010\Favoriten\Rest\Sonstiges1\Going Places\Air Tickets.lnk LNK/URL.B trojan
E:\Laptop 25122010\Favoriten\Rest\Sonstiges1\Going Places\Car Rentals.lnk LNK/URL.B trojan
E:\Laptop 25122010\Favoriten\Rest\Sonstiges1\Going Places\Hotel Deals.lnk LNK/URL.B trojan
E:\Laptop 25122010\Favoriten\Rest\Sonstiges1\Going Places\Luggage.lnk LNK/URL.B trojan
E:\Laptop 25122010\Favoriten\Rest\Sonstiges1\Going Places\Travel.lnk LNK/URL.B trojan
E:\Laptop 25122010\Favoriten\Rest\Sonstiges1\Living\Dating.lnk LNK/URL.B trojan
E:\Laptop 25122010\Favoriten\Rest\Sonstiges1\Living\Find a Degree.lnk LNK/URL.B trojan
E:\Laptop 25122010\Favoriten\Rest\Sonstiges1\Living\Find a job.lnk LNK/URL.B trojan
E:\Laptop 25122010\Favoriten\Rest\Sonstiges1\Living\Home.lnk LNK/URL.B trojan
E:\Laptop 25122010\Favoriten\Rest\Sonstiges1\Living\Insurance.lnk LNK/URL.B trojan
E:\Laptop 25122010\Favoriten\Rest\Sonstiges1\Shop\Auctions.lnk LNK/URL.B trojan
E:\Laptop 25122010\Favoriten\Rest\Sonstiges1\Shop\Books.lnk LNK/URL.B trojan
E:\Laptop 25122010\Favoriten\Rest\Sonstiges1\Shop\Computers.lnk LNK/URL.B trojan
E:\Laptop 25122010\Favoriten\Rest\Sonstiges1\Shop\Discount.lnk LNK/URL.B trojan
E:\Laptop 25122010\Favoriten\Rest\Sonstiges1\Shop\Flowers.lnk LNK/URL.B trojan
E:\Laptop 25122010\Favoriten\Rest\Sonstiges1\Shop\Golf.lnk LNK/URL.B trojan
E:\Laptop 25122010\Favoriten\Rest\Sonstiges1\Shop\Jewelry.lnk LNK/URL.B trojan
E:\Laptop 25122010\Favoriten\Rest\Sonstiges1\Shop\Movies.lnk LNK/URL.B trojan
E:\Laptop 25122010\Favoriten\Rest\Sonstiges1\Shop\Music.lnk LNK/URL.B trojan
E:\Laptop 25122010\Favoriten\Rest\Sonstiges1\Shop\Online Store.lnk LNK/URL.B trojan
E:\Laptop 25122010\Favoriten\Rest\Sonstiges1\Shop\Perfume.lnk LNK/URL.B trojan
E:\Laptop 25122010\Favoriten\Rest\Sonstiges1\Shop\Sleepwear.lnk LNK/URL.B trojan
E:\Laptop 25122010\Favoriten\Rest\Sonstiges1\Sonstiges\Fun & Games\Betting.lnk LNK/URL.B trojan
E:\Laptop 25122010\Favoriten\Rest\Sonstiges1\Sonstiges\Fun & Games\Casino Palace.lnk LNK/URL.B trojan
E:\Laptop 25122010\Favoriten\Rest\Sonstiges1\Sonstiges\Fun & Games\Casino.lnk LNK/URL.B trojan
E:\Laptop 25122010\Favoriten\Rest\Sonstiges1\Sonstiges\Fun & Games\Games.lnk LNK/URL.B trojan
E:\Laptop 25122010\Favoriten\Rest\Sonstiges1\Sonstiges\Fun & Games\Horoscope.lnk LNK/URL.B trojan
E:\Laptop 25122010\Favoriten\Rest\Sonstiges1\Sonstiges\Going Places\Air Tickets.lnk LNK/URL.B trojan
E:\Laptop 25122010\Favoriten\Rest\Sonstiges1\Sonstiges\Going Places\Car Rentals.lnk LNK/URL.B trojan
E:\Laptop 25122010\Favoriten\Rest\Sonstiges1\Sonstiges\Going Places\Hotel Deals.lnk LNK/URL.B trojan
E:\Laptop 25122010\Favoriten\Rest\Sonstiges1\Sonstiges\Going Places\Luggage.lnk LNK/URL.B trojan
E:\Laptop 25122010\Favoriten\Rest\Sonstiges1\Sonstiges\Going Places\Travel.lnk LNK/URL.B trojan
E:\Laptop 25122010\Favoriten\Rest\Sonstiges1\Sonstiges\Living\Dating.lnk LNK/URL.B trojan
E:\Laptop 25122010\Favoriten\Rest\Sonstiges1\Sonstiges\Living\Find a Degree.lnk LNK/URL.B trojan
E:\Laptop 25122010\Favoriten\Rest\Sonstiges1\Sonstiges\Living\Find a job.lnk LNK/URL.B trojan
E:\Laptop 25122010\Favoriten\Rest\Sonstiges1\Sonstiges\Living\Home.lnk LNK/URL.B trojan
E:\Laptop 25122010\Favoriten\Rest\Sonstiges1\Sonstiges\Living\Insurance.lnk LNK/URL.B trojan
E:\Laptop 25122010\Favoriten\Rest\Sonstiges1\Sonstiges\Shop\Auctions.lnk LNK/URL.B trojan
E:\Laptop 25122010\Favoriten\Rest\Sonstiges1\Sonstiges\Shop\Books.lnk LNK/URL.B trojan
E:\Laptop 25122010\Favoriten\Rest\Sonstiges1\Sonstiges\Shop\Computers.lnk LNK/URL.B trojan
E:\Laptop 25122010\Favoriten\Rest\Sonstiges1\Sonstiges\Shop\Discount.lnk LNK/URL.B trojan
E:\Laptop 25122010\Favoriten\Rest\Sonstiges1\Sonstiges\Shop\Flowers.lnk LNK/URL.B trojan
E:\Laptop 25122010\Favoriten\Rest\Sonstiges1\Sonstiges\Shop\Golf.lnk LNK/URL.B trojan
E:\Laptop 25122010\Favoriten\Rest\Sonstiges1\Sonstiges\Shop\Jewelry.lnk LNK/URL.B trojan
E:\Laptop 25122010\Favoriten\Rest\Sonstiges1\Sonstiges\Shop\Movies.lnk LNK/URL.B trojan
E:\Laptop 25122010\Favoriten\Rest\Sonstiges1\Sonstiges\Shop\Music.lnk LNK/URL.B trojan
E:\Laptop 25122010\Favoriten\Rest\Sonstiges1\Sonstiges\Shop\Online Store.lnk LNK/URL.B trojan
E:\Laptop 25122010\Favoriten\Rest\Sonstiges1\Sonstiges\Shop\Perfume.lnk LNK/URL.B trojan
E:\Laptop 25122010\Favoriten\Rest\Sonstiges1\Sonstiges\Shop\Sleepwear.lnk LNK/URL.B trojan
E:\Laptop 25122010\Favoriten\Rest\Sonstiges1\Sonstiges\Technology\Adware Remover.lnk LNK/URL.B trojan
E:\Laptop 25122010\Favoriten\Rest\Sonstiges1\Sonstiges\Technology\Anti-Virus.lnk LNK/URL.B trojan
E:\Laptop 25122010\Favoriten\Rest\Sonstiges1\Sonstiges\Technology\PC Cleaner.lnk LNK/URL.B trojan
E:\Laptop 25122010\Favoriten\Rest\Sonstiges1\Sonstiges\Technology\Tech & gadgets.lnk LNK/URL.B trojan
E:\Laptop 25122010\Favoriten\Rest\Sonstiges1\Technology\Adware Remover.lnk LNK/URL.B trojan
E:\Laptop 25122010\Favoriten\Rest\Sonstiges1\Technology\Anti-Virus.lnk LNK/URL.B trojan
E:\Laptop 25122010\Favoriten\Rest\Sonstiges1\Technology\PC Cleaner.lnk LNK/URL.B trojan
E:\Laptop 25122010\Favoriten\Rest\Sonstiges1\Technology\Tech & gadgets.lnk LNK/URL.B trojan
E:\Laptop 25122010\Favoriten\Rest\Technology\Adware Remover.lnk LNK/URL.B trojan
E:\Laptop 25122010\Favoriten\Rest\Technology\Anti-Virus.lnk LNK/URL.B trojan
E:\Laptop 25122010\Favoriten\Rest\Technology\PC Cleaner.lnk LNK/URL.B trojan
E:\Laptop 25122010\Favoriten\Rest\Technology\Tech & gadgets.lnk LNK/URL.B trojan
J:\DERNEUSTE-PC\Backup Set 2012-04-16 080434\Backup Files 2012-04-16 080434\Backup files 17.zip Win32/SoftonicDownloader.C application
J:\DERNEUSTE-PC\Backup Set 2012-10-09 072555\Backup Files 2012-10-09 072555\Backup files 16.zip Win32/SoftonicDownloader.C application
J:\DERNEUSTE-PC\Backup Set 2012-10-21 190012\Backup Files 2012-10-21 190012\Backup files 15.zip Win32/SoftonicDownloader.C application
M:\Musik\2010\Musik\Noch brennen\SoftonicDownloader_fuer_pdf-split-and-merge.exe a variant of Win32/SoftonicDownloader.A application
M:\Musik\2010\Musik\Noch brennen\SoftonicDownloader_fuer_pdf24-pdf-creator.exe a variant of Win32/SoftonicDownloader.A application
M:\bilder\Hochzeit\Software\SoftonicDownloader50481.exe a variant of Win32/SoftonicDownloader.A application
M:\VC511\Neuer Ordner\Haus\Favoriten\Technology\Adware Remover.lnk LNK/URL.B trojan
M:\VC511\Neuer Ordner\Haus\Favoriten\Technology\Anti-Virus.lnk LNK/URL.B trojan
M:\VC511\Neuer Ordner\Haus\Favoriten\Technology\PC Cleaner.lnk LNK/URL.B trojan
M:\VC511\Neuer Ordner\Haus\Favoriten\Technology\Tech & gadgets.lnk LNK/URL.B trojan
M:\VC511\Neuer Ordner\Haus\Favoriten\Shop\Auctions.lnk LNK/URL.B trojan
M:\VC511\Neuer Ordner\Haus\Favoriten\Shop\Books.lnk LNK/URL.B trojan
M:\VC511\Neuer Ordner\Haus\Favoriten\Shop\Computers.lnk LNK/URL.B trojan
M:\VC511\Neuer Ordner\Haus\Favoriten\Shop\Discount.lnk LNK/URL.B trojan
M:\VC511\Neuer Ordner\Haus\Favoriten\Shop\Flowers.lnk LNK/URL.B trojan
M:\VC511\Neuer Ordner\Haus\Favoriten\Shop\Golf.lnk LNK/URL.B trojan
M:\VC511\Neuer Ordner\Haus\Favoriten\Shop\Jewelry.lnk LNK/URL.B trojan
M:\VC511\Neuer Ordner\Haus\Favoriten\Shop\Movies.lnk LNK/URL.B trojan
M:\VC511\Neuer Ordner\Haus\Favoriten\Shop\Music.lnk LNK/URL.B trojan
M:\VC511\Neuer Ordner\Haus\Favoriten\Shop\Online Store.lnk LNK/URL.B trojan
M:\VC511\Neuer Ordner\Haus\Favoriten\Shop\Perfume.lnk LNK/URL.B trojan
M:\VC511\Neuer Ordner\Haus\Favoriten\Shop\Sleepwear.lnk LNK/URL.B trojan
M:\VC511\Neuer Ordner\Haus\Favoriten\Living\Dating.lnk LNK/URL.B trojan
M:\VC511\Neuer Ordner\Haus\Favoriten\Living\Find a Degree.lnk LNK/URL.B trojan
M:\VC511\Neuer Ordner\Haus\Favoriten\Living\Find a job.lnk LNK/URL.B trojan
M:\VC511\Neuer Ordner\Haus\Favoriten\Living\Home.lnk LNK/URL.B trojan
M:\VC511\Neuer Ordner\Haus\Favoriten\Living\Insurance.lnk LNK/URL.B trojan
M:\VC511\Neuer Ordner\Haus\Favoriten\Going Places\Air Tickets.lnk LNK/URL.B trojan
M:\VC511\Neuer Ordner\Haus\Favoriten\Going Places\Car Rentals.lnk LNK/URL.B trojan
M:\VC511\Neuer Ordner\Haus\Favoriten\Going Places\Hotel Deals.lnk LNK/URL.B trojan
M:\VC511\Neuer Ordner\Haus\Favoriten\Going Places\Luggage.lnk LNK/URL.B trojan
M:\VC511\Neuer Ordner\Haus\Favoriten\Going Places\Travel.lnk LNK/URL.B trojan
M:\VC511\Neuer Ordner\Haus\Favoriten\Fun & Games\Betting.lnk LNK/URL.B trojan
M:\VC511\Neuer Ordner\Haus\Favoriten\Fun & Games\Casino Palace.lnk LNK/URL.B trojan
M:\VC511\Neuer Ordner\Haus\Favoriten\Fun & Games\Casino.lnk LNK/URL.B trojan
M:\VC511\Neuer Ordner\Haus\Favoriten\Fun & Games\Games.lnk LNK/URL.B trojan
M:\VC511\Neuer Ordner\Haus\Favoriten\Fun & Games\Horoscope.lnk LNK/URL.B trojan
M:\VC511\creditreform\Favoriten.zip LNK/URL.B trojan
M:\Stick Corsair\Neuer Ordner\Haus\Favoriten\Technology\Adware Remover.lnk LNK/URL.B trojan
M:\Stick Corsair\Neuer Ordner\Haus\Favoriten\Technology\Anti-Virus.lnk LNK/URL.B trojan
M:\Stick Corsair\Neuer Ordner\Haus\Favoriten\Technology\PC Cleaner.lnk LNK/URL.B trojan
M:\Stick Corsair\Neuer Ordner\Haus\Favoriten\Technology\Tech & gadgets.lnk LNK/URL.B trojan
M:\Stick Corsair\Neuer Ordner\Haus\Favoriten\Shop\Auctions.lnk LNK/URL.B trojan
M:\Stick Corsair\Neuer Ordner\Haus\Favoriten\Shop\Books.lnk LNK/URL.B trojan
M:\Stick Corsair\Neuer Ordner\Haus\Favoriten\Shop\Computers.lnk LNK/URL.B trojan
M:\Stick Corsair\Neuer Ordner\Haus\Favoriten\Shop\Discount.lnk LNK/URL.B trojan
M:\Stick Corsair\Neuer Ordner\Haus\Favoriten\Shop\Flowers.lnk LNK/URL.B trojan
M:\Stick Corsair\Neuer Ordner\Haus\Favoriten\Shop\Golf.lnk LNK/URL.B trojan
M:\Stick Corsair\Neuer Ordner\Haus\Favoriten\Shop\Jewelry.lnk LNK/URL.B trojan
M:\Stick Corsair\Neuer Ordner\Haus\Favoriten\Shop\Movies.lnk LNK/URL.B trojan
M:\Stick Corsair\Neuer Ordner\Haus\Favoriten\Shop\Music.lnk LNK/URL.B trojan
M:\Stick Corsair\Neuer Ordner\Haus\Favoriten\Shop\Online Store.lnk LNK/URL.B trojan
M:\Stick Corsair\Neuer Ordner\Haus\Favoriten\Shop\Perfume.lnk LNK/URL.B trojan
M:\Stick Corsair\Neuer Ordner\Haus\Favoriten\Shop\Sleepwear.lnk LNK/URL.B trojan
M:\Stick Corsair\Neuer Ordner\Haus\Favoriten\Living\Dating.lnk LNK/URL.B trojan
M:\Stick Corsair\Neuer Ordner\Haus\Favoriten\Living\Find a Degree.lnk LNK/URL.B trojan
M:\Stick Corsair\Neuer Ordner\Haus\Favoriten\Living\Find a job.lnk LNK/URL.B trojan
M:\Stick Corsair\Neuer Ordner\Haus\Favoriten\Living\Home.lnk LNK/URL.B trojan
M:\Stick Corsair\Neuer Ordner\Haus\Favoriten\Living\Insurance.lnk LNK/URL.B trojan
M:\Stick Corsair\Neuer Ordner\Haus\Favoriten\Going Places\Air Tickets.lnk LNK/URL.B trojan
M:\Stick Corsair\Neuer Ordner\Haus\Favoriten\Going Places\Car Rentals.lnk LNK/URL.B trojan
M:\Stick Corsair\Neuer Ordner\Haus\Favoriten\Going Places\Hotel Deals.lnk LNK/URL.B trojan
M:\Stick Corsair\Neuer Ordner\Haus\Favoriten\Going Places\Luggage.lnk LNK/URL.B trojan
M:\Stick Corsair\Neuer Ordner\Haus\Favoriten\Going Places\Travel.lnk LNK/URL.B trojan
M:\Stick Corsair\Neuer Ordner\Haus\Favoriten\Fun & Games\Betting.lnk LNK/URL.B trojan
M:\Stick Corsair\Neuer Ordner\Haus\Favoriten\Fun & Games\Casino Palace.lnk LNK/URL.B trojan
M:\Stick Corsair\Neuer Ordner\Haus\Favoriten\Fun & Games\Casino.lnk LNK/URL.B trojan
M:\Stick Corsair\Neuer Ordner\Haus\Favoriten\Fun & Games\Games.lnk LNK/URL.B trojan
M:\Stick Corsair\Neuer Ordner\Haus\Favoriten\Fun & Games\Horoscope.lnk LNK/URL.B trojan
M:\Stick\Haus Neu\Favoriten\Technology\Adware Remover.lnk LNK/URL.B trojan
M:\Stick\Haus Neu\Favoriten\Technology\Anti-Virus.lnk LNK/URL.B trojan
M:\Stick\Haus Neu\Favoriten\Technology\PC Cleaner.lnk LNK/URL.B trojan
M:\Stick\Haus Neu\Favoriten\Technology\Tech & gadgets.lnk LNK/URL.B trojan
M:\Stick\Haus Neu\Favoriten\Shop\Auctions.lnk LNK/URL.B trojan
M:\Stick\Haus Neu\Favoriten\Shop\Books.lnk LNK/URL.B trojan
M:\Stick\Haus Neu\Favoriten\Shop\Computers.lnk LNK/URL.B trojan
M:\Stick\Haus Neu\Favoriten\Shop\Discount.lnk LNK/URL.B trojan
M:\Stick\Haus Neu\Favoriten\Shop\Flowers.lnk LNK/URL.B trojan
M:\Stick\Haus Neu\Favoriten\Shop\Golf.lnk LNK/URL.B trojan
M:\Stick\Haus Neu\Favoriten\Shop\Jewelry.lnk LNK/URL.B trojan
M:\Stick\Haus Neu\Favoriten\Shop\Movies.lnk LNK/URL.B trojan
M:\Stick\Haus Neu\Favoriten\Shop\Music.lnk LNK/URL.B trojan
M:\Stick\Haus Neu\Favoriten\Shop\Online Store.lnk LNK/URL.B trojan
M:\Stick\Haus Neu\Favoriten\Shop\Perfume.lnk LNK/URL.B trojan
M:\Stick\Haus Neu\Favoriten\Shop\Sleepwear.lnk LNK/URL.B trojan
M:\Stick\Haus Neu\Favoriten\Living\Dating.lnk LNK/URL.B trojan
M:\Stick\Haus Neu\Favoriten\Living\Find a Degree.lnk LNK/URL.B trojan
M:\Stick\Haus Neu\Favoriten\Living\Find a job.lnk LNK/URL.B trojan
M:\Stick\Haus Neu\Favoriten\Living\Home.lnk LNK/URL.B trojan
M:\Stick\Haus Neu\Favoriten\Living\Insurance.lnk LNK/URL.B trojan
M:\Stick\Haus Neu\Favoriten\Going Places\Air Tickets.lnk LNK/URL.B trojan
M:\Stick\Haus Neu\Favoriten\Going Places\Car Rentals.lnk LNK/URL.B trojan
M:\Stick\Haus Neu\Favoriten\Going Places\Hotel Deals.lnk LNK/URL.B trojan
M:\Stick\Haus Neu\Favoriten\Going Places\Luggage.lnk LNK/URL.B trojan
M:\Stick\Haus Neu\Favoriten\Going Places\Travel.lnk LNK/URL.B trojan
M:\Stick\Haus Neu\Favoriten\Fun & Games\Betting.lnk LNK/URL.B trojan
M:\Stick\Haus Neu\Favoriten\Fun & Games\Casino Palace.lnk LNK/URL.B trojan
M:\Stick\Haus Neu\Favoriten\Fun & Games\Casino.lnk LNK/URL.B trojan
M:\Stick\Haus Neu\Favoriten\Fun & Games\Games.lnk LNK/URL.B trojan
M:\Stick\Haus Neu\Favoriten\Fun & Games\Horoscope.lnk LNK/URL.B trojan
M:\Stick\Favoriten\Technology\Adware Remover.lnk LNK/URL.B trojan
M:\Stick\Favoriten\Technology\Anti-Virus.lnk LNK/URL.B trojan
M:\Stick\Favoriten\Technology\PC Cleaner.lnk LNK/URL.B trojan
M:\Stick\Favoriten\Technology\Tech & gadgets.lnk LNK/URL.B trojan
M:\Stick\Favoriten\Shop\Auctions.lnk LNK/URL.B trojan
M:\Stick\Favoriten\Shop\Books.lnk LNK/URL.B trojan
M:\Stick\Favoriten\Shop\Computers.lnk LNK/URL.B trojan
M:\Stick\Favoriten\Shop\Discount.lnk LNK/URL.B trojan
M:\Stick\Favoriten\Shop\Flowers.lnk LNK/URL.B trojan
M:\Stick\Favoriten\Shop\Golf.lnk LNK/URL.B trojan
M:\Stick\Favoriten\Shop\Jewelry.lnk LNK/URL.B trojan
M:\Stick\Favoriten\Shop\Movies.lnk LNK/URL.B trojan
M:\Stick\Favoriten\Shop\Music.lnk LNK/URL.B trojan
M:\Stick\Favoriten\Shop\Online Store.lnk LNK/URL.B trojan
M:\Stick\Favoriten\Shop\Perfume.lnk LNK/URL.B trojan
M:\Stick\Favoriten\Shop\Sleepwear.lnk LNK/URL.B trojan
M:\Stick\Favoriten\Living\Dating.lnk LNK/URL.B trojan
M:\Stick\Favoriten\Living\Find a Degree.lnk LNK/URL.B trojan
M:\Stick\Favoriten\Living\Find a job.lnk LNK/URL.B trojan
M:\Stick\Favoriten\Living\Home.lnk LNK/URL.B trojan
M:\Stick\Favoriten\Living\Insurance.lnk LNK/URL.B trojan
M:\Stick\Favoriten\Going Places\Air Tickets.lnk LNK/URL.B trojan
M:\Stick\Favoriten\Going Places\Car Rentals.lnk LNK/URL.B trojan
M:\Stick\Favoriten\Going Places\Hotel Deals.lnk LNK/URL.B trojan
M:\Stick\Favoriten\Going Places\Luggage.lnk LNK/URL.B trojan
M:\Stick\Favoriten\Going Places\Travel.lnk LNK/URL.B trojan
M:\Stick\Favoriten\Fun & Games\Betting.lnk LNK/URL.B trojan
M:\Stick\Favoriten\Fun & Games\Casino Palace.lnk LNK/URL.B trojan
M:\Stick\Favoriten\Fun & Games\Casino.lnk LNK/URL.B trojan
M:\Stick\Favoriten\Fun & Games\Games.lnk LNK/URL.B trojan
M:\Stick\Favoriten\Fun & Games\Horoscope.lnk LNK/URL.B trojan
M:\Stick\stick_alt\Sonstiges\Favoriten\Technology\Adware Remover.lnk LNK/URL.B trojan
M:\Stick\stick_alt\Sonstiges\Favoriten\Technology\Anti-Virus.lnk LNK/URL.B trojan
M:\Stick\stick_alt\Sonstiges\Favoriten\Technology\PC Cleaner.lnk LNK/URL.B trojan
M:\Stick\stick_alt\Sonstiges\Favoriten\Technology\Tech & gadgets.lnk LNK/URL.B trojan
M:\Stick\stick_alt\Sonstiges\Favoriten\Shop\Auctions.lnk LNK/URL.B trojan
M:\Stick\stick_alt\Sonstiges\Favoriten\Shop\Books.lnk LNK/URL.B trojan
M:\Stick\stick_alt\Sonstiges\Favoriten\Shop\Computers.lnk LNK/URL.B trojan
M:\Stick\stick_alt\Sonstiges\Favoriten\Shop\Discount.lnk LNK/URL.B trojan
M:\Stick\stick_alt\Sonstiges\Favoriten\Shop\Flowers.lnk LNK/URL.B trojan
M:\Stick\stick_alt\Sonstiges\Favoriten\Shop\Golf.lnk LNK/URL.B trojan
M:\Stick\stick_alt\Sonstiges\Favoriten\Shop\Jewelry.lnk LNK/URL.B trojan
M:\Stick\stick_alt\Sonstiges\Favoriten\Shop\Movies.lnk LNK/URL.B trojan
M:\Stick\stick_alt\Sonstiges\Favoriten\Shop\Music.lnk LNK/URL.B trojan
M:\Stick\stick_alt\Sonstiges\Favoriten\Shop\Online Store.lnk LNK/URL.B trojan
M:\Stick\stick_alt\Sonstiges\Favoriten\Shop\Perfume.lnk LNK/URL.B trojan
M:\Stick\stick_alt\Sonstiges\Favoriten\Shop\Sleepwear.lnk LNK/URL.B trojan
M:\Stick\stick_alt\Sonstiges\Favoriten\Living\Dating.lnk LNK/URL.B trojan
M:\Stick\stick_alt\Sonstiges\Favoriten\Living\Find a Degree.lnk LNK/URL.B trojan
M:\Stick\stick_alt\Sonstiges\Favoriten\Living\Find a job.lnk LNK/URL.B trojan
M:\Stick\stick_alt\Sonstiges\Favoriten\Living\Home.lnk LNK/URL.B trojan
M:\Stick\stick_alt\Sonstiges\Favoriten\Living\Insurance.lnk LNK/URL.B trojan
M:\Stick\stick_alt\Sonstiges\Favoriten\Going Places\Air Tickets.lnk LNK/URL.B trojan
M:\Stick\stick_alt\Sonstiges\Favoriten\Going Places\Car Rentals.lnk LNK/URL.B trojan
M:\Stick\stick_alt\Sonstiges\Favoriten\Going Places\Hotel Deals.lnk LNK/URL.B trojan
M:\Stick\stick_alt\Sonstiges\Favoriten\Going Places\Luggage.lnk LNK/URL.B trojan
M:\Stick\stick_alt\Sonstiges\Favoriten\Going Places\Travel.lnk LNK/URL.B trojan
M:\Stick\stick_alt\Sonstiges\Favoriten\Fun & Games\Betting.lnk LNK/URL.B trojan
M:\Stick\stick_alt\Sonstiges\Favoriten\Fun & Games\Casino Palace.lnk LNK/URL.B trojan
M:\Stick\stick_alt\Sonstiges\Favoriten\Fun & Games\Casino.lnk LNK/URL.B trojan
M:\Stick\stick_alt\Sonstiges\Favoriten\Fun & Games\Games.lnk LNK/URL.B trojan
M:\Stick\stick_alt\Sonstiges\Favoriten\Fun & Games\Horoscope.lnk LNK/URL.B trojan
M:\Stick\stick_alt\Fav neu\Favoriten\Technology\Adware Remover.lnk LNK/URL.B trojan
M:\Stick\stick_alt\Fav neu\Favoriten\Technology\Anti-Virus.lnk LNK/URL.B trojan
M:\Stick\stick_alt\Fav neu\Favoriten\Technology\PC Cleaner.lnk LNK/URL.B trojan
M:\Stick\stick_alt\Fav neu\Favoriten\Technology\Tech & gadgets.lnk LNK/URL.B trojan
M:\Stick\stick_alt\Fav neu\Favoriten\Shop\Auctions.lnk LNK/URL.B trojan
M:\Stick\stick_alt\Fav neu\Favoriten\Shop\Books.lnk LNK/URL.B trojan
M:\Stick\stick_alt\Fav neu\Favoriten\Shop\Computers.lnk LNK/URL.B trojan
M:\Stick\stick_alt\Fav neu\Favoriten\Shop\Discount.lnk LNK/URL.B trojan
M:\Stick\stick_alt\Fav neu\Favoriten\Shop\Flowers.lnk LNK/URL.B trojan
M:\Stick\stick_alt\Fav neu\Favoriten\Shop\Golf.lnk LNK/URL.B trojan
M:\Stick\stick_alt\Fav neu\Favoriten\Shop\Jewelry.lnk LNK/URL.B trojan
M:\Stick\stick_alt\Fav neu\Favoriten\Shop\Movies.lnk LNK/URL.B trojan
M:\Stick\stick_alt\Fav neu\Favoriten\Shop\Music.lnk LNK/URL.B trojan
M:\Stick\stick_alt\Fav neu\Favoriten\Shop\Online Store.lnk LNK/URL.B trojan
M:\Stick\stick_alt\Fav neu\Favoriten\Shop\Perfume.lnk LNK/URL.B trojan
M:\Stick\stick_alt\Fav neu\Favoriten\Shop\Sleepwear.lnk LNK/URL.B trojan
M:\Stick\stick_alt\Fav neu\Favoriten\Living\Dating.lnk LNK/URL.B trojan
M:\Stick\stick_alt\Fav neu\Favoriten\Living\Find a Degree.lnk LNK/URL.B trojan
M:\Stick\stick_alt\Fav neu\Favoriten\Living\Find a job.lnk LNK/URL.B trojan
M:\Stick\stick_alt\Fav neu\Favoriten\Living\Home.lnk LNK/URL.B trojan
M:\Stick\stick_alt\Fav neu\Favoriten\Living\Insurance.lnk LNK/URL.B trojan
M:\Stick\stick_alt\Fav neu\Favoriten\Going Places\Air Tickets.lnk LNK/URL.B trojan
M:\Stick\stick_alt\Fav neu\Favoriten\Going Places\Car Rentals.lnk LNK/URL.B trojan
M:\Stick\stick_alt\Fav neu\Favoriten\Going Places\Hotel Deals.lnk LNK/URL.B trojan
M:\Stick\stick_alt\Fav neu\Favoriten\Going Places\Luggage.lnk LNK/URL.B trojan
M:\Stick\stick_alt\Fav neu\Favoriten\Going Places\Travel.lnk LNK/URL.B trojan
M:\Stick\stick_alt\Fav neu\Favoriten\Fun & Games\Betting.lnk LNK/URL.B trojan
M:\Stick\stick_alt\Fav neu\Favoriten\Fun & Games\Casino Palace.lnk LNK/URL.B trojan
M:\Stick\stick_alt\Fav neu\Favoriten\Fun & Games\Casino.lnk LNK/URL.B trojan
M:\Stick\stick_alt\Fav neu\Favoriten\Fun & Games\Games.lnk LNK/URL.B trojan
M:\Stick\stick_alt\Fav neu\Favoriten\Fun & Games\Horoscope.lnk LNK/URL.B trojan
M:\20110215 mit Hochzeit und Lequöre\bilder\Bilder\bilder\Software\SoftonicDownloader50481.exe a variant of Win32/SoftonicDownloader.A application
Operating memory a variant of Win32/Toolbar.SearchSuite application

Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.

Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

http://saved.im/mtg4nzy0ywy5/settings_2012-09-04.png

Danke schon mal für alles ...
Habe die Datei hochgeladen ...

LG
derzapfer

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.

Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehalalrm!

Starte die aswMBR.exe Vista und Win7 User aswMBR per Rechtsklick "als Administrator ausführen"
Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen) Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
Klicke auf Scan.
Warte bitte bis Scan finished successfully im DOS Fenster steht.
Drücke auf Save Log und speichere diese auf dem Desktop.

Poste mir die aswMBR.txt in deiner nächsten Antwort. Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit.

Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes:
Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.

OK, mache ich.
Poste ich morgen ...

Kannst Du denn schon was sagen ?
Wieviele Scanprogramme gibt es noch ? :-)

Gruss
dz

Lässt sich nicht pauschal sagen und es dauert länger je mehr Zeit du dir dabei lässt!

Ich werde versuchen schneller zu posten ...:lach:

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-11-01 17:50:33
-----------------------------
17:50:33.291 OS Version: Windows x64 6.1.7601 Service Pack 1
17:50:33.291 Number of processors: 2 586 0x100
17:50:33.291 ComputerName: xxx UserName:xxx
17:50:37.902 Initialize success
17:54:07.794 AVAST engine defs: 12110100
17:55:02.391 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000055
17:55:02.391 Disk 0 Vendor: ST310005 JC4B Size: 953869MB BusType: 11
17:55:02.407 Disk 0 MBR read successfully
17:55:02.407 Disk 0 MBR scan
17:55:02.407 Disk 0 Windows 7 default MBR code
17:55:02.422 Disk 0 Partition 1 00 07 HPFS/NTFS NTFS 478886 MB offset 2048
17:55:02.438 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 249999 MB offset 980760576
17:55:02.454 Disk 0 Partition - 00 0F Extended LBA 209623 MB offset 1492760576
17:55:02.469 Disk 0 Partition 3 80 (A) 27 Hidden NTFS WinRE NTFS 15358 MB offset 1922068480
17:55:02.500 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 209622 MB offset 1492762624
17:55:02.532 Disk 0 scanning C:\windows\system32\drivers
17:55:10.344 Service scanning
17:55:26.167 Modules scanning
17:55:26.667 Disk 0 trace - called modules:
17:55:26.683 ntoskrnl.exe CLASSPNP.SYS disk.sys amd_xata.sys ACPI.sys storport.sys hal.dll amd_sata.sys
17:55:26.683 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80042f3790]
17:55:26.699 3 CLASSPNP.SYS[fffff8800199d43f] -> nt!IofCallDriver -> [0xfffffa8003ec86c0]
17:55:26.699 5 amd_xata.sys[fffff8800114ea1d] -> nt!IofCallDriver -> [0xfffffa8003ec8e40]
17:55:26.714 7 ACPI.sys[fffff88000efd7a1] -> nt!IofCallDriver -> \Device\00000055[0xfffffa8003e7d350]
17:55:37.559 AVAST engine scan C:\windows
17:55:40.470 AVAST engine scan C:\windows\system32
17:55:41.290 Disk 0 MBR has been saved successfully to "C:\Users\derneuste\Desktop\MBR.dat"
17:55:41.305 The log file has been saved successfully to "C:\Users\derneuste\Desktop\aswMBR.txt"

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-11-01 17:50:33
-----------------------------
17:50:33.291 OS Version: Windows x64 6.1.7601 Service Pack 1
17:50:33.291 Number of processors: 2 586 0x100
17:50:33.291 ComputerName: DERNEUSTE-PC UserName: derneuste
17:50:37.902 Initialize success
17:54:07.794 AVAST engine defs: 12110100
17:55:02.391 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000055
17:55:02.391 Disk 0 Vendor: ST310005 JC4B Size: 953869MB BusType: 11
17:55:02.407 Disk 0 MBR read successfully
17:55:02.407 Disk 0 MBR scan
17:55:02.407 Disk 0 Windows 7 default MBR code
17:55:02.422 Disk 0 Partition 1 00 07 HPFS/NTFS NTFS 478886 MB offset 2048
17:55:02.438 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 249999 MB offset 980760576
17:55:02.454 Disk 0 Partition - 00 0F Extended LBA 209623 MB offset 1492760576
17:55:02.469 Disk 0 Partition 3 80 (A) 27 Hidden NTFS WinRE NTFS 15358 MB offset 1922068480
17:55:02.500 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 209622 MB offset 1492762624
17:55:02.532 Disk 0 scanning C:\windows\system32\drivers
17:55:10.344 Service scanning
17:55:26.167 Modules scanning
17:55:26.667 Disk 0 trace - called modules:
17:55:26.683 ntoskrnl.exe CLASSPNP.SYS disk.sys amd_xata.sys ACPI.sys storport.sys hal.dll amd_sata.sys
17:55:26.683 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80042f3790]
17:55:26.699 3 CLASSPNP.SYS[fffff8800199d43f] -> nt!IofCallDriver -> [0xfffffa8003ec86c0]
17:55:26.699 5 amd_xata.sys[fffff8800114ea1d] -> nt!IofCallDriver -> [0xfffffa8003ec8e40]
17:55:26.714 7 ACPI.sys[fffff88000efd7a1] -> nt!IofCallDriver -> \Device\00000055[0xfffffa8003e7d350]
17:55:37.559 AVAST engine scan C:\windows
17:55:40.470 AVAST engine scan C:\windows\system32
17:55:41.290 Disk 0 MBR has been saved successfully to "C:\Users\derneuste\Desktop\MBR.dat"
17:58:03.331 AVAST engine scan C:\windows\system32\drivers
17:58:12.865 AVAST engine scan C:\Users\derneuste
18:00:18.433 AVAST engine scan C:\ProgramData
18:00:45.820 Scan finished successfully
18:36:01.297 Disk 0 MBR has been saved successfully to "C:\Users\derneuste\Desktop\MBR.dat"
18:36:01.313 The log file has been saved successfully to "C:\Users\derneuste\Desktop\aswMBR.txt"

kann aber meistens nur abend.
Ich möchte mich noch mal für Deine Mühen bedanken...

Gruß und Dank an Cosinus - der Zapfer

Auch unaufällig. Eine Kontrolle mit OTL bitte:

Sieht ok aus, eine Kontrolle mit OTL bitte:

Doppelklick auf die OTL.exe
Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
Setze oben mittig den Haken bei Scanne alle Benutzer
Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
Unter Extra Registry, wähle bitte Use SafeList
Klicke nun auf Run Scan links oben
Wenn der Scan beendet wurde werden 2 Logfiles erstellt
Poste die Logfiles hier in den Thread.

Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

hier steht das Log

Code:

Hello World

OTL Text

Code:

OTL logfile created on: 03.11.2012 01:36:59 - Run 1

OTL by OldTimer - Version 3.2.69.0     Folder = C:\Usersxxx\Downloads

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

3,50 Gb Total Physical Memory | 1,74 Gb Available Physical Memory | 49,68% Memory free

6,99 Gb Paging File | 5,23 Gb Available in Paging File | 74,76% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 467,66 Gb Total Space | 334,08 Gb Free Space | 71,44% Space Free | Partition Type: NTFS

Drive E: | 244,14 Gb Total Space | 175,92 Gb Free Space | 72,06% Space Free | Partition Type: NTFS

Drive J: | 204,71 Gb Total Space | 50,69 Gb Free Space | 24,76% Space Free | Partition Type: NTFS

Drive L: | 298,01 Gb Total Space | 171,33 Gb Free Space | 57,49% Space Free | Partition Type: FAT32

Drive M: | 186,26 Gb Total Space | 13,74 Gb Free Space | 7,38% Space Free | Partition Type: FAT32

 

Computer Name: DERNEUSTE-PC | User Name: derneuste | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - C:\Users\derneuste\Downloads\OTL.exe (OldTimer Tools)

PRC - C:\Programme\AVAST Software\Avast\AvastUI.exe (AVAST Software)

PRC - C:\Programme\AVAST Software\Avast\AvastSvc.exe (AVAST Software)

PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

PRC - C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.)

PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)

PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)

PRC - C:\Program Files (x86)\iMesh Applications\Mediabar\Datamngr\datamngrUI.exe (iMesh, Inc)

PRC - C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe (SweetIM Technologies Ltd.)

PRC - E:\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)

PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)

PRC - C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)

PRC - E:\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)

PRC - E:\Avira\AntiVir Desktop\avwebgrd.exe (Avira Operations GmbH & Co. KG)

PRC - E:\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)

PRC - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)

PRC - C:\Program Files (x86)\iSaver\iSaverCtrl.exe (infoMantis GmbH)

 

 
 ========== Modules (No Company Name) ==========

 

MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()

MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()

MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()

MOD - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL ()

MOD - C:\PROGRA~2\MICROS~1\Office12\ADDINS\UMOUTL~1.DLL ()

MOD - C:\PROGRA~2\MICROS~1\Office12\OUTLCTL.DLL ()

MOD - C:\PROGRA~2\MICROS~1\Office12\ADDINS\COLLEA~1.DLL ()

 

 
 ========== Services (SafeList) ==========

 

SRV:64bit: - (AMD FUEL Service) -- c:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.)

SRV - (avast! Antivirus) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe (AVAST Software)

SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)

SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)

SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)

SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)

SRV - (AntiVirSchedulerService) -- E:\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)

SRV - (AntiVirWebService) -- E:\Avira\AntiVir Desktop\avwebgrd.exe (Avira Operations GmbH & Co. KG)

SRV - (AntiVirService) -- E:\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)

SRV - (NitroReaderDriverReadSpool2) -- C:\Programme\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe (Nitro PDF Software)

SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)

SRV - (wlcrasvc) -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)

SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)

SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (AVAST Software)

DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)

DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)

DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)

DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)

DRV:64bit: - (Fs_Rec) -- C:\windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)

DRV:64bit: - (inpoutx64) -- C:\Windows\SysNative\drivers\inpoutx64.sys (Highresolution Enterprises [www.highrez.co.uk])

DRV:64bit: - (RTHDMIAzAudService) -- C:\Windows\SysNative\drivers\RtHDMIVX.sys (Realtek Semiconductor Corp.)

DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )

DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH)

DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (Renesas Electronics Corporation)

DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (Renesas Electronics Corporation)

DRV:64bit: - (Netaapl) -- C:\Windows\SysNative\drivers\netaapl64.sys (Apple Inc.)

DRV:64bit: - (ahcix64s) -- C:\Windows\SysNative\drivers\ahcix64s.sys (Advanced Micro Devices, Inc)

DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation)

DRV:64bit: - (amd_sata) -- C:\Windows\SysNative\drivers\amd_sata.sys (Advanced Micro Devices)

DRV:64bit: - (amd_xata) -- C:\Windows\SysNative\drivers\amd_xata.sys (Advanced Micro Devices)

DRV:64bit: - (amdxhc) -- C:\Windows\SysNative\drivers\amdxhc.sys (Advanced Micro Devices, INC.)

DRV:64bit: - (amdhub30) -- C:\Windows\SysNative\drivers\amdhub30.sys (Advanced Micro Devices, INC.)

DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)

DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)

DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)

DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)

DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)

DRV:64bit: - (amdiox64) -- C:\Windows\SysNative\drivers\amdiox64.sys (Advanced Micro Devices)

DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)

DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)

DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)

DRV:64bit: - (61883) -- C:\Windows\SysNative\drivers\61883.sys (Microsoft Corporation)

DRV:64bit: - (Avc) -- C:\Windows\SysNative\drivers\avc.sys (Microsoft Corporation)

DRV:64bit: - (MSDV) -- C:\Windows\SysNative\drivers\msdv.sys (Microsoft Corporation)

DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)

DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)

DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)

DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)

DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD21}

IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&gct=ds&appid=1083&systemid=1&apn_dtid=IME001&apn_ptnrs=AG1&o=APN10653&apn_uid=3280454340074400&q={searchTerms}

IE:64bit: - HKLM\..\SearchScopes\{EFA2FEF8-C124-4225-9FCD-B5184E23CC78}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=MNMTDF&pc=MANM&src=IE-SearchBox

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://nmd.msn.com

IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD21}

IE - HKLM\..\SearchScopes\{2E03954E-89B9-46F7-AA70-B14847C6067C}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=MNMTDF&pc=MANM&src=IE-SearchBox

IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&gct=ds&appid=1083&systemid=1&apn_dtid=IME001&apn_ptnrs=AG1&o=APN10653&apn_uid=3280454340074400&q={searchTerms}

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.imesh.net

IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)

IE - HKCU\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD21}

IE - HKCU\..\SearchScopes\{08C703C6-13A6-4220-8A22-2DD3F116F128}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-3&o=APN10395&src=kw&q={searchTerms}&locale=&apn_ptnrs=^ABT&apn_dtid=^YYYYYY^YY^DE&apn_uid=195e2ea4-22e9-47d9-953a-f15c57de7352&apn_sauid=65C1CBDC-5422-4EF3-8342-C6820E44D459

IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&gct=ds&appid=1083&systemid=1&apn_dtid=IME001&apn_ptnrs=AG1&o=APN10653&apn_uid=3280454340074400&q={searchTerms}

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

 
 ========== FireFox ==========

 

FF - prefs.js..browser.search.defaultengine: "Ask.com"

FF - prefs.js..browser.search.defaultenginename: "Ask.com"

FF - prefs.js..browser.search.order.1: "Ask.com"

FF - prefs.js..browser.search.selectedEngine: "Ask.com"

FF - prefs.js..browser.startup.homepage: "www.google.de"

FF - prefs.js..extensions.enabledAddons: {1FD91A9C-410C-4090-BBCC-55D3450EF433}:1.0

FF - prefs.js..extensions.enabledAddons: {EEE6C361-6118-11DC-9C72-001320C79847}:1.6.0.3

FF - prefs.js..extensions.enabledAddons: wrc@avast.com:7.0.1474

FF - prefs.js..extensions.enabledAddons: toolbar@ask.com:3.15.4.100015

FF - prefs.js..keyword.URL: "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=AVR-3&o=APN10395&locale=de_DE&apn_uid=195e2ea4-22e9-47d9-953a-f15c57de7352&apn_ptnrs=^ABT&apn_sauid=65C1CBDC-5422-4EF3-8342-C6820E44D459&apn_dtid=^YYYYYY^YY^DE&&q="

FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=AVR-3&o=APN10395&locale=de_DE&apn_uid=195e2ea4-22e9-47d9-953a-f15c57de7352&apn_ptnrs=^ABT&apn_sauid=65C1CBDC-5422-4EF3-8342-C6820E44D459&apn_dtid=^YYYYYY^YY^DE&&q="

FF - user.js - File not found

 

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\itunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@nitropdf.com/NitroPDF: E:\PDF_Nitro\npnitromozilla.dll ( )

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012.11.02 21:54:57 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.10.26 21:56:42 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.10.26 21:56:39 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.10.26 21:56:42 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.10.26 21:56:39 | 000,000,000 | ---D | M]

 

[2012.09.18 19:39:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\derneuste\AppData\Roaming\mozilla\Extensions

[2012.10.25 20:38:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\derneuste\AppData\Roaming\mozilla\Firefox\Profiles\rnt99qkn.default\extensions

[2012.09.18 19:39:46 | 000,000,000 | ---D | M] (Search-Results Toolbar) -- C:\Users\derneuste\AppData\Roaming\mozilla\Firefox\Profiles\rnt99qkn.default\extensions\{bff6b2ca-366c-4a90-b685-d87776deb0d2}

[2012.08.25 10:17:47 | 000,000,000 | ---D | M] ("Avira SearchFree Toolbar plus Web Protection") -- C:\Users\derneuste\AppData\Roaming\mozilla\Firefox\Profiles\rnt99qkn.default\extensions\toolbar@ask.com

[2012.09.29 09:43:45 | 000,169,792 | ---- | M] () (No name found) -- C:\Users\derneuste\AppData\Roaming\mozilla\firefox\profiles\rnt99qkn.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi

[2012.11.02 21:03:08 | 000,002,413 | ---- | M] () -- C:\Users\derneuste\AppData\Roaming\mozilla\firefox\profiles\rnt99qkn.default\searchplugins\askcom.xml

[2012.09.18 19:39:38 | 000,002,685 | ---- | M] () -- C:\Users\derneuste\AppData\Roaming\mozilla\firefox\profiles\rnt99qkn.default\searchplugins\Search_Results.xml

[2012.09.25 19:40:20 | 000,003,915 | ---- | M] () -- C:\Users\derneuste\AppData\Roaming\mozilla\firefox\profiles\rnt99qkn.default\searchplugins\sweetim.xml

[2012.10.26 21:56:38 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions

[2012.09.18 19:39:53 | 000,000,000 | ---D | M] (DataMngr) -- C:\PROGRAM FILES (X86)\IMESH APPLICATIONS\MEDIABAR\DATAMNGR\FIREFOXEXTENSION

[2012.11.02 21:54:57 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF

[2012.10.26 21:56:42 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll

[2012.09.06 03:07:37 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml

[2012.09.06 03:07:37 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

[2012.09.06 03:07:37 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml

[2012.09.06 03:07:37 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml

[2012.09.18 19:39:38 | 000,002,685 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\Search_Results.xml

[2012.09.06 03:07:37 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml

[2012.09.06 03:07:37 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml

 

O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)

O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

O2:64bit: - BHO: (DataMngr) - {BE7A24F5-69CB-4708-B77B-B1EDA6043B95} - C:\PROGRA~2\IMESHA~1\Mediabar\Datamngr\x64\BROWSE~1.DLL (iMesh, Inc)

O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

O2 - BHO: (DataMngr) - {BE7A24F5-69CB-4708-B77B-B1EDA6043B95} - C:\PROGRA~2\IMESHA~1\Mediabar\Datamngr\BROWSE~1.DLL (iMesh, Inc)

O2 - BHO: (Search-Results Toolbar) - {bff6b2ca-366c-4a90-b685-d87776deb0d2} - C:\PROGRA~2\IMESHA~1\Mediabar\Datamngr\SRTOOL~1\searchresultsDx.dll (APN LLC)

O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)

O2 - BHO: (SweetPacks Browser Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)

O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)

O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

O3 - HKLM\..\Toolbar: (Search-Results Toolbar) - {bff6b2ca-366c-4a90-b685-d87776deb0d2} - C:\PROGRA~2\IMESHA~1\Mediabar\Datamngr\SRTOOL~1\searchresultsDx.dll (APN LLC)

O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)

O3 - HKLM\..\Toolbar: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)

O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.

O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O4:64bit: - HKLM..\Run: [RtHDVBg_Dolby] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)

O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)

O4 - HKLM..\Run: []  File not found

O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)

O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)

O4 - HKLM..\Run: [avgnt] E:\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)

O4 - HKLM..\Run: [DATAMNGR] C:\PROGRA~2\IMESHA~1\Mediabar\Datamngr\DATAMN~1.EXE (iMesh, Inc)

O4 - HKLM..\Run: [iSaverCtrl] C:\Program Files (x86)\iSaver\iSaverCtrl.exe (infoMantis GmbH)

O4 - HKLM..\Run: [NUSB3MON] c:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)

O4 - HKLM..\Run: [StartCCC] c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)

O4 - HKLM..\Run: [SweetIM] C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.)

O4 - HKLM..\Run: [Sweetpacks Communicator] C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe (SweetIM Technologies Ltd.)

O4 - HKCU..\RunOnce: [SimboApp] C:\Users\derneuste\AppData\Local\Temp\4108845567\simboapp.exe File not found

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found

O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - E:\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - E:\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - E:\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - E:\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - E:\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - E:\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - E:\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - E:\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000020 - E:\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - E:\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - E:\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)

O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - E:\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)

O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - E:\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)

O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - E:\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)

O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - E:\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)

O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - E:\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)

O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - E:\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)

O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - E:\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)

O13 - gopher Prefix: missing

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AFBD353B-2ECF-40CF-A0A7-08855C94329C}: NameServer = 192.168.2.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D30CE1CA-0DAE-4325-A5E1-A1AC77CE0A0E}: DhcpNameServer = 10.111.81.129 10.129.32.1

O18:64bit: - Protocol\Handler\livecall - No CLSID value found

O18:64bit: - Protocol\Handler\ms-help - No CLSID value found

O18:64bit: - Protocol\Handler\msnim - No CLSID value found

O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found

O18:64bit: - Protocol\Handler\wlpg - No CLSID value found

O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\IMESHA~1\Mediabar\Datamngr\x64\datamngr.dll) - C:\PROGRA~2\IMESHA~1\Mediabar\Datamngr\x64\datamngr.dll (iMesh, Inc)

O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\IMESHA~1\Mediabar\Datamngr\x64\IEBHO.dll) - C:\PROGRA~2\IMESHA~1\Mediabar\Datamngr\x64\IEBHO.dll (iMesh, Inc)

O20 - AppInit_DLLs: (C:\PROGRA~2\IMESHA~1\Mediabar\Datamngr\datamngr.dll) - C:\PROGRA~2\IMESHA~1\Mediabar\Datamngr\datamngr.dll (iMesh, Inc)

O20 - AppInit_DLLs: (C:\PROGRA~2\IMESHA~1\Mediabar\Datamngr\IEBHO.dll) - C:\PROGRA~2\IMESHA~1\Mediabar\Datamngr\IEBHO.dll (iMesh, Inc)

O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2012.11.02 21:55:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus

[2012.11.02 21:55:15 | 000,285,328 | ---- | C] (AVAST Software) -- C:\windows\SysNative\aswBoot.exe

[2012.11.02 21:55:15 | 000,071,600 | ---- | C] (AVAST Software) -- C:\windows\SysNative\drivers\aswMonFlt.sys

[2012.11.02 21:54:29 | 000,041,224 | ---- | C] (AVAST Software) -- C:\windows\avastSS.scr

[2012.11.02 21:54:28 | 000,227,648 | ---- | C] (AVAST Software) -- C:\windows\SysWow64\aswBoot.exe

[2012.11.02 21:54:14 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software

[2012.11.02 21:54:14 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software

[2012.10.30 18:40:15 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine

[2012.10.30 18:32:09 | 000,000,000 | ---D | C] -- C:\Users\derneuste\Desktop\Virensuchprogramme zT alt

[2012.10.29 22:30:22 | 000,000,000 | ---D | C] -- C:\Users\derneuste\AppData\Roaming\JAM Software

[2012.10.29 22:30:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TreeSize Professional

[2012.10.29 22:30:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\JAM Software

[2012.10.29 19:16:29 | 000,000,000 | ---D | C] -- C:\Users\derneuste\AppData\Local\{80886A99-B8E8-423C-A76E-B5C67B5625BB}

[2012.10.29 19:14:23 | 000,000,000 | ---D | C] -- C:\Users\derneuste\Local Settings

[2012.10.29 19:14:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip

[2012.10.29 19:14:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\7-Zip

[2012.10.26 21:56:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox

[2012.10.26 06:45:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET

[2012.10.26 06:36:36 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN

[2012.10.25 20:51:21 | 000,518,144 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe

[2012.10.25 20:51:21 | 000,406,528 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe

[2012.10.25 20:51:21 | 000,060,416 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe

[2012.10.25 20:46:58 | 000,000,000 | ---D | C] -- C:\Qoobox

[2012.10.25 20:46:46 | 000,000,000 | ---D | C] -- C:\windows\erdnt

[2012.10.22 18:16:14 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys

[2012.10.21 18:43:27 | 000,000,000 | ---D | C] -- C:\windows\Minidump

[2012.10.21 18:11:32 | 000,245,760 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\OxpsConverter.exe

[2012.10.21 18:11:22 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ntoskrnl.exe

[2012.10.21 18:11:22 | 003,914,096 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntoskrnl.exe

[2012.10.21 18:11:19 | 003,968,880 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntkrnlpa.exe

[2012.10.21 18:11:00 | 001,162,240 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\kernel32.dll

[2012.10.21 18:11:00 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\KernelBase.dll

[2012.10.21 18:10:59 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\conhost.exe

[2012.10.21 18:10:59 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wow64.dll

[2012.10.21 18:10:59 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\winsrv.dll

[2012.10.21 18:10:58 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wow64win.dll

[2012.10.21 18:10:58 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\setup16.exe

[2012.10.21 18:10:58 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ntvdm64.dll

[2012.10.21 18:10:58 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntvdm64.dll

[2012.10.21 18:10:58 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wow64cpu.dll

[2012.10.21 18:10:58 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\instnm.exe

[2012.10.21 18:10:58 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll

[2012.10.21 18:10:58 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wow32.dll

[2012.10.21 18:10:58 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll

[2012.10.21 18:10:58 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll

[2012.10.21 18:10:58 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll

[2012.10.21 18:10:58 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll

[2012.10.21 18:10:58 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll

[2012.10.21 18:10:58 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll

[2012.10.21 18:10:58 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll

[2012.10.21 18:10:58 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll

[2012.10.21 18:10:58 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll

[2012.10.21 18:10:58 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-memory-l1-1-0.dll

[2012.10.21 18:10:58 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll

[2012.10.21 18:10:58 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll

[2012.10.21 18:10:58 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll

[2012.10.21 18:10:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll

[2012.10.21 18:10:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll

[2012.10.21 18:10:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll

[2012.10.21 18:10:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll

[2012.10.21 18:10:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-profile-l1-1-0.dll

[2012.10.21 18:10:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-io-l1-1-0.dll

[2012.10.21 18:10:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll

[2012.10.21 18:10:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll

[2012.10.21 18:10:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll

[2012.10.21 18:10:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll

[2012.10.21 18:10:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll

[2012.10.21 18:10:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll

[2012.10.21 18:10:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-debug-l1-1-0.dll

[2012.10.21 18:10:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll

[2012.10.21 18:10:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll

[2012.10.21 18:10:57 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll

[2012.10.21 18:10:57 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-security-base-l1-1-0.dll

[2012.10.21 18:10:57 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-file-l1-1-0.dll

[2012.10.21 18:10:57 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll

[2012.10.21 18:10:57 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll

[2012.10.21 18:10:57 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll

[2012.10.21 18:10:57 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-synch-l1-1-0.dll

[2012.10.21 18:10:57 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll

[2012.10.21 18:10:57 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll

[2012.10.21 18:10:57 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-localization-l1-1-0.dll

[2012.10.21 18:10:57 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll

[2012.10.21 18:10:57 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll

[2012.10.21 18:10:57 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll

[2012.10.21 18:10:57 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll

[2012.10.21 18:10:57 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-misc-l1-1-0.dll

[2012.10.21 18:10:57 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll

[2012.10.21 18:10:57 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-heap-l1-1-0.dll

[2012.10.21 18:10:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-util-l1-1-0.dll

[2012.10.21 18:10:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-util-l1-1-0.dll

[2012.10.21 18:10:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-string-l1-1-0.dll

[2012.10.21 18:10:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-io-l1-1-0.dll

[2012.10.21 18:10:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll

[2012.10.21 18:10:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-handle-l1-1-0.dll

[2012.10.21 18:10:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll

[2012.10.21 18:10:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll

[2012.10.21 18:10:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-console-l1-1-0.dll

[2012.10.21 18:10:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-console-l1-1-0.dll

[2012.10.21 18:10:57 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\user.exe

[2012.10.21 18:10:29 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wintrust.dll

[2012.10.21 18:04:10 | 001,464,320 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\crypt32.dll

[2012.10.21 18:04:08 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\cryptnet.dll

[2012.10.13 12:53:43 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight

[2012.10.13 12:53:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight

[2012.10.13 11:48:38 | 000,000,000 | ---D | C] -- C:\Users\derneuste\AppData\Roaming\Malwarebytes

[2012.10.13 11:48:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2012.10.13 11:48:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2012.10.13 11:48:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware

[2012.10.12 17:59:38 | 000,000,000 | ---D | C] -- C:\Kaspersky Rescue Disk 10.0

 
 ========== Files - Modified Within 30 Days ==========

 

[2012.11.03 01:12:54 | 000,001,460 | ---- | M] () -- C:\Users\derneuste\Desktop\OTL.exe - Verknüpfung.lnk

[2012.11.02 21:55:18 | 000,001,965 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk

[2012.11.02 21:55:15 | 000,000,000 | ---- | M] () -- C:\windows\SysWow64\config.nt

[2012.11.02 21:09:25 | 000,016,976 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012.11.02 21:09:25 | 000,016,976 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012.11.02 21:01:54 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat

[2012.11.02 21:01:50 | 2816,389,120 | -HS- | M] () -- C:\hiberfil.sys

[2012.11.01 18:36:01 | 000,000,512 | ---- | M] () -- C:\Users\derneuste\Desktop\MBR.dat

[2012.10.30 23:51:55 | 000,071,600 | ---- | M] (AVAST Software) -- C:\windows\SysNative\drivers\aswMonFlt.sys

[2012.10.30 23:51:07 | 000,041,224 | ---- | M] (AVAST Software) -- C:\windows\avastSS.scr

[2012.10.30 23:50:59 | 000,227,648 | ---- | M] (AVAST Software) -- C:\windows\SysWow64\aswBoot.exe

[2012.10.30 23:50:30 | 000,285,328 | ---- | M] (AVAST Software) -- C:\windows\SysNative\aswBoot.exe

[2012.10.29 22:30:33 | 000,000,471 | ---- | M] () -- C:\windows\BRWMARK.INI

[2012.10.29 19:13:19 | 000,000,223 | ---- | M] () -- C:\Users\derneuste\Desktop\Search the Web.url

[2012.10.29 19:13:19 | 000,000,217 | ---- | M] () -- C:\Users\derneuste\Desktop\SweetPcFix.url

[2012.10.21 18:43:18 | 233,669,028 | ---- | M] () -- C:\windows\MEMORY.DMP

[2012.10.11 20:29:33 | 000,696,760 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerApp.exe

 
 ========== Files Created - No Company Name ==========

 

[2012.11.03 01:12:54 | 000,001,460 | ---- | C] () -- C:\Users\derneuste\Desktop\OTL.exe - Verknüpfung.lnk

[2012.11.02 21:55:18 | 000,001,965 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk

[2012.11.02 21:55:15 | 000,000,000 | ---- | C] () -- C:\windows\SysWow64\config.nt

[2012.11.01 17:55:41 | 000,000,512 | ---- | C] () -- C:\Users\derneuste\Desktop\MBR.dat

[2012.10.29 19:13:19 | 000,000,217 | ---- | C] () -- C:\Users\derneuste\Desktop\SweetPcFix.url

[2012.10.25 20:51:21 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe

[2012.10.25 20:51:21 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe

[2012.10.25 20:51:21 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe

[2012.10.25 20:51:21 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe

[2012.10.25 20:51:21 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe

[2012.10.21 18:43:18 | 233,669,028 | ---- | C] () -- C:\windows\MEMORY.DMP

[2012.10.21 18:01:27 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk

[2012.02.04 10:31:40 | 000,496,640 | ---- | C] () -- C:\windows\SysWow64\lame_enc.dll

[2012.02.04 10:31:40 | 000,131,176 | ---- | C] () -- C:\windows\SysWow64\mp3gain.exe

[2012.02.04 10:31:40 | 000,086,016 | ---- | C] () -- C:\windows\SysWow64\akrip32.dll

[2012.02.04 10:31:39 | 000,580,096 | ---- | C] () -- C:\windows\SysWow64\lame.exe

[2012.02.04 10:31:39 | 000,307,200 | ---- | C] () -- C:\windows\SysWow64\Mp3Ctrl.dll

[2012.02.04 10:31:38 | 000,003,180 | ---- | C] () -- C:\Users\derneuste\AppData\Local\ZortamMp3MediaStudio.iss

[2012.01.25 13:00:51 | 000,367,104 | ---- | C] () -- C:\windows\dmexmenu.dll

[2012.01.25 13:00:51 | 000,072,791 | ---- | C] () -- C:\windows\dmexlanguage.ini

[2012.01.12 08:02:30 | 000,000,471 | ---- | C] () -- C:\windows\BRWMARK.INI

[2012.01.12 08:02:30 | 000,000,034 | ---- | C] () -- C:\windows\SysWow64\bd4040cn.dat

[2012.01.12 08:02:30 | 000,000,026 | ---- | C] () -- C:\windows\BRPP2KA.INI

[2011.12.31 12:53:44 | 000,007,643 | ---- | C] () -- C:\Users\derneuste\AppData\Local\Resmon.ResmonCfg

[2011.12.19 13:21:19 | 000,000,000 | ---- | C] () -- C:\windows\ativpsrm.bin

[2011.12.14 07:53:04 | 000,204,960 | ---- | C] () -- C:\windows\SysWow64\ativvsvl.dat

[2011.12.14 07:53:04 | 000,157,152 | ---- | C] () -- C:\windows\SysWow64\ativvsva.dat

[2011.12.14 07:53:03 | 000,003,917 | ---- | C] () -- C:\windows\SysWow64\atipblag.dat

[2011.11.09 22:39:44 | 000,059,904 | ---- | C] () -- C:\windows\SysWow64\OpenVideo.dll

[2011.11.09 22:39:32 | 000,054,784 | ---- | C] () -- C:\windows\SysWow64\OVDecode.dll

 
 ========== ZeroAccess Check ==========

 

[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

 

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

 

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

 

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

 

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

 

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

 
 ========== Alternate Data Streams ==========

 

@Alternate Data Stream - 152 bytes -> C:\ProgramData\TEMP:8331D35A

@Alternate Data Stream - 100 bytes -> C:\ProgramData\TEMP:EBC2DB92
 

< End of report >

Extras.txt

Code:

OTL Extras logfile created on: 03.11.2012 01:36:59 - Run 1

OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\xxx\Downloads

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

3,50 Gb Total Physical Memory | 1,74 Gb Available Physical Memory | 49,68% Memory free

6,99 Gb Paging File | 5,23 Gb Available in Paging File | 74,76% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 467,66 Gb Total Space | 334,08 Gb Free Space | 71,44% Space Free | Partition Type: NTFS

Drive E: | 244,14 Gb Total Space | 175,92 Gb Free Space | 72,06% Space Free | Partition Type: NTFS

Drive J: | 204,71 Gb Total Space | 50,69 Gb Free Space | 24,76% Space Free | Partition Type: NTFS

Drive L: | 298,01 Gb Total Space | 171,33 Gb Free Space | 57,49% Space Free | Partition Type: FAT32

Drive M: | 186,26 Gb Total Space | 13,74 Gb Free Space | 7,38% Space Free | Partition Type: FAT32

 

Computer Name: DERNEUSTE-PC | User Name: derneuste | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Extra Registry (SafeList) ==========

 

 
 ========== File Associations ==========

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)

 

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

 
 ========== Shell Spawning ==========

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)

InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [MediaMonkey.1Play] -- "E:\MediaMonkey\MediaMonkey.exe" "%1"

Directory [MediaMonkey.2PlayNext] -- "E:\MediaMonkey\MediaMonkey.exe" /NEXT "%1"

Directory [MediaMonkey.3Enqueue] -- "E:\MediaMonkey\MediaMonkey.exe" /ADD "%1"

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [MediaMonkey.1Play] -- "E:\MediaMonkey\MediaMonkey.exe" "%1"

Directory [MediaMonkey.2PlayNext] -- "E:\MediaMonkey\MediaMonkey.exe" /NEXT "%1"

Directory [MediaMonkey.3Enqueue] -- "E:\MediaMonkey\MediaMonkey.exe" /ADD "%1"

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 
 ========== Security Center Settings ==========

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

"FirewallDisableNotify" = 0

"AntiVirusDisableNotify" = 0

"UpdatesDisableNotify" = 0

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

 
 ========== System Restore Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

 
 ========== Firewall Settings ==========

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

 
 ========== Authorized Applications List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

 

 
 ========== Vista Active Open Ports Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{20FBB5EB-99A0-42DB-B29B-95E7493D03C1}" = lport=2869 | protocol=6 | dir=in | app=system | 

"{3049C825-D488-4DA3-B3B4-E62169485D48}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 

"{3E5E5400-4E04-47FB-95D4-DF1A6E006C90}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 

"{3FF94C8B-00F0-46C9-911B-3E87AB25F5AE}" = rport=10243 | protocol=6 | dir=out | app=system | 

"{443C821F-B87B-4683-8158-0719BE06533A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 

"{541CBC2C-8E3D-4A8F-8B4F-E3E1A946F2E4}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 

"{616EF830-2F7F-45B2-A679-76DE25C640BE}" = lport=137 | protocol=17 | dir=in | app=system | 

"{641E1BD0-D187-40D8-95B8-092D9ACBDC7E}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 

"{72931074-907F-40D8-8A23-157338BC3F28}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 

"{72FF699C-8D56-4230-9B11-510A19251D2D}" = lport=138 | protocol=17 | dir=in | app=system | 

"{7F3614BF-5281-4C04-A7E2-DD16B9CD9850}" = lport=139 | protocol=6 | dir=in | app=system | 

"{9318B394-96C6-4024-BBD5-16CF086326FB}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 

"{9542F82F-9EA5-47AD-91CF-1E7EE4D9C617}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 

"{A3427852-3B59-478A-A1DF-B7E7D1101C73}" = rport=139 | protocol=6 | dir=out | app=system | 

"{A47E5180-433B-40D8-B75A-AD1B6504D072}" = rport=138 | protocol=17 | dir=out | app=system | 

"{C421D11C-1E92-4CBE-A8C4-ED8C05C05BFC}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 

"{CC796F37-CD1A-495C-A23F-B7CB548E84DE}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 

"{D5315284-EAA7-4D13-9D3F-582A0EF644E2}" = lport=445 | protocol=6 | dir=in | app=system | 

"{D825BDAE-DAAA-4C4E-8473-2AC56FE32FFD}" = rport=137 | protocol=17 | dir=out | app=system | 

"{D9787DF8-5048-4AF2-9D7E-F972D343BFBE}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 

"{E6707DF3-D2F5-4D3E-B9EE-C67DAEB68B3A}" = lport=10243 | protocol=6 | dir=in | app=system | 

"{EC614620-0EFF-4FA9-B710-800E536C7328}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe | 

"{ED53443E-B4D5-4D02-B872-6E58EFB04165}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 

"{F2C2D1A2-3F78-41CD-9106-6C81FC3236C7}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 

"{F5E788DC-F8D7-48D5-BD05-072D82B724D1}" = rport=445 | protocol=6 | dir=out | app=system | 

"{F7385103-B4F1-40E5-BB33-BDC5EE9C7FF2}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 

 
 ========== Vista Active Application Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{1A568008-57FB-463F-868A-78AB41098F9F}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 

"{1D374B86-FC52-419F-8603-A722EE4085F7}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 

"{1F2378A4-4081-4E83-81A0-3B7D2B245129}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 

"{250142E6-F321-443E-8D5B-16842CF9ED2E}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 

"{2D87A4E1-7D02-4A93-BD88-A002DDE44F0F}" = protocol=17 | dir=in | app=c:\windows\syswow64\msiexec.exe | 

"{371AB414-A435-42CE-ADCA-44C8498F4AFD}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 

"{389694AA-D77B-439E-B449-291B7EA9F70D}" = protocol=6 | dir=out | app=system | 

"{458969DF-C637-432A-A179-ECDBA5837111}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 

"{54479F16-3E01-4524-8B74-32BF1DBF84A6}" = protocol=6 | dir=in | app=c:\program files (x86)\imesh applications\imesh\imesh.exe | 

"{5677E414-FBBD-4C44-B810-BF16E846F41D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 

"{5C8EE087-996C-4F98-8D0E-0F144FE8316C}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 

"{652BFB55-E392-48B0-9B70-2B71E9133F0C}" = protocol=17 | dir=in | app=c:\program files (x86)\sweetim\communicator\sweetpacksupdatemanager.exe | 

"{6AEFD876-EBBD-4955-B174-55DE88A6B62C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 

"{6C9D638C-23AF-472F-AF46-AF01F6F949AB}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 

"{6EBABDD9-D621-49A1-ABE6-DF17830C529F}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 

"{7285B9F4-12A6-49C2-A053-918CD824AAD7}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 

"{72F7AF9B-56C5-4F74-82EB-F9318DE10F9A}" = protocol=6 | dir=in | app=c:\program files (x86)\imesh applications\mediabar\datamngr\srtool~1\dtuser.exe | 

"{7481F9BD-F521-46D8-8996-3876B4A8068F}" = protocol=6 | dir=in | app=c:\program files (x86)\sweetim\communicator\sweetpacksupdatemanager.exe | 

"{7FD5A2D2-E5BC-42BA-9C9A-0D932661AAED}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 

"{8238485B-D43B-42E2-AE8D-6EE5790CB605}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | 

"{9A6FDA7E-27D7-45F8-8192-71FF87F099F6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 

"{9FBB6CE4-6D9A-46C0-9F44-E907F7ED79CF}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 

"{A17550BF-9949-43D5-94BF-8969B65E5EE4}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 

"{A9324A41-5C3E-4729-ABEA-BB1166D42831}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 

"{AC22DDDB-ABF5-4054-84A9-A3C30FDD7B20}" = protocol=6 | dir=in | app=c:\windows\syswow64\msiexec.exe | 

"{B9FB8E14-C17B-4C1F-B867-E40435A00313}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 

"{CB5EA568-2DF1-426C-91BE-A2791B106193}" = protocol=17 | dir=in | app=c:\program files (x86)\imesh applications\imesh\imesh.exe | 

"{D1089845-536B-4F00-B456-0F0551821569}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 

"{DB9EA595-9769-4435-A662-D7AD0B6D6329}" = protocol=6 | dir=in | app=c:\program files (x86)\imesh applications\imesh\imesh.exe | 

"{DD2A2C6C-C8C9-48D1-A1B0-57303F662869}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 

"{DD3E584B-BF79-4266-AC72-14AC62268CC7}" = dir=in | app=c:\itunes\itunes.exe | 

"{DEBE0657-84DB-46E9-AAE5-60C98D865A8F}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 

"{DECD30F1-09CE-4C4A-915F-BA18A46643D6}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 

"{E53FE676-3212-4EF7-ABFA-71C80F7BABC7}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 

"{E9E324A2-0936-44CB-958B-588C08C624BB}" = protocol=17 | dir=in | app=c:\program files (x86)\imesh applications\mediabar\datamngr\srtool~1\dtuser.exe | 

"{EE3ECBA6-B08C-4C12-92D8-41F42E4D445B}" = protocol=17 | dir=in | app=c:\program files (x86)\imesh applications\imesh\imesh.exe | 

"{F2C64FFC-50AE-480A-86E0-1B36E6960748}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 

"{FA7C3A6D-6ED3-4894-A276-AA5C7FCF7A6B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 

"TCP Query User{175A9775-18B5-499F-850A-DACD0D211EB5}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | 

"TCP Query User{31217E38-C89C-48CA-856A-6D986AEE867C}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe | 

"TCP Query User{448A4D01-04BF-45DE-BC71-D6B18C784FA9}C:\program files (x86)\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe | 

"UDP Query User{4EF07B70-FBB6-4CB2-B8EC-BB747B39570F}C:\program files (x86)\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe | 

"UDP Query User{655AF68B-CC63-4542-84EA-76534E115BB2}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | 

"UDP Query User{70B8D477-D557-4A2D-8139-6291FE55BB74}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe | 

 
 ========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{0886900B-B2F3-452C-B580-60F1253F7F80}" = Native Instruments Controller Editor

"{0B8565BA-BAD5-4732-B122-5FD78EFC50A9}" = Native Instruments Service Center

"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack

"{11BA2B00-1495-47B8-BFA8-D08C605AB2CC}" = Windows Live Family Safety

"{1493B2AE-0261-47D2-B1AA-F4DAD0F6C48B}" = iTunes

"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector

"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant

"{4BC310C4-B898-46E2-B5FB-B85A30AA7142}" = iCloud

"{4D533F05-A3F6-F8A9-F1F6-FA6812089D36}" = AMD Drag and Drop Transcoding

"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime

"{62478EFF-4C2D-7C34-3CE4-23E1CF4A53DD}" = ccc-utility64

"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour

"{7446FE8D-C1F9-4D42-AAAE-5DBCE58605A6}" = Apple Mobile Device Support

"{76A9BB62-F6BC-83B7-B774-B4ED34009E62}" = AMD Fuel

"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007

"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007

"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting

"{A08E9F7F-D07D-4029-973D-D9DB7DF4A285}" = Nitro Reader 2

"{A8EC0CC0-AD8D-4244-B080-424EDF7A7634}" = Native Instruments Traktor 2

"{CE42CFF5-F477-D440-6CFB-6CBAE0008B91}" = AMD Catalyst Install Manager

"{CEA21F20-DBF4-464C-8B81-28B8508AFDDD}" = Windows Live Family Safety

"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources

"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources

"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter

"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319

"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client

"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service

"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile

"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit

"Free PDF to Word Converter_is1" = Free PDF to Word Converter 5.1.0.383

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion

"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer

"{0C43FE6B-E881-4AFC-B384-4AEBC90047E8}" = SweetPacks bundle uninstaller

"{0D4D67AB-C830-1787-5868-7EB8CDE396FD}" = Catalyst Control Center InstallProxy

"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime

"{12FCEE02-33A5-478A-A0B1-219E07BA0B47}" = MP3-Tag-Editor 3.10

"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger

"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update

"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions

"{2911F8A7-8513-7A0C-E02B-B4BF3260376D}" = CCC Help Hungarian

"{2ECA81CA-D932-4AD3-AD59-BF5CCF099C83}" = Catalyst Control Center - Branding

"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery

"{337944EB-8A7B-9A4F-5616-BE20776318B0}" = Catalyst Control Center Graphics Previews Common

"{376924D9-9D83-366E-8DF4-3785F7200572}" = CCC Help Greek

"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack

"{37D77500-8BAB-D917-A1E5-80DB5DBC90A4}" = CCC Help Polish

"{3DBF3B04-45ED-7839-A732-572F5132C87E}" = CCC Help French

"{3FCB5D68-F2EC-00BC-4F00-A921C894A670}" = Catalyst Control Center Localization All

"{4D161755-840F-40E8-B0F4-DAB6D1A15978}" = Heja BVB 

"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver

"{5449FB4F-1802-4D5B-A6D8-087DB1142147}" = Realtek HDMI Audio Driver for ATI

"{58184585-45B7-AC59-3367-CC89814C2657}" = AMD VISION Engine Control Center

"{5E1375CB-6792-4464-8715-CC3EC83D48FA}" = VirtualDJ Home FREE

"{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Apple Application Support

"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE

"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update

"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core

"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP

"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable

"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform

"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer

"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar

"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver

"{8B558624-36B9-7D51-AA9F-339E85E3C6CA}" = CCC Help Portuguese

"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime

"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT

"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007

"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007

"{90120000-0015-0407-0000-0000000FF1CE}_PROPLUS_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007

"{90120000-0016-0407-0000-0000000FF1CE}_PROPLUS_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007

"{90120000-0018-0407-0000-0000000FF1CE}_PROPLUS_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007

"{90120000-0019-0407-0000-0000000FF1CE}_PROPLUS_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007

"{90120000-001A-0407-0000-0000000FF1CE}_PROPLUS_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007

"{90120000-001B-0407-0000-0000000FF1CE}_PROPLUS_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007

"{90120000-001F-0407-0000-0000000FF1CE}_PROPLUS_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-040C-0000-0000000FF1CE}_PROPLUS_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007

"{90120000-001F-0410-0000-0000000FF1CE}_PROPLUS_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-002A-0000-1000-0000000FF1CE}_PROPLUS_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-002A-0407-1000-0000000FF1CE}_PROPLUS_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007

"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007

"{90120000-0044-0407-0000-0000000FF1CE}_PROPLUS_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007

"{90120000-006E-0407-0000-0000000FF1CE}_PROPLUS_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker

"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010

"{960C091F-A830-2964-D775-05ECD97484B5}" = CCC Help Spanish

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail

"{A0C9DF2B-89B5-4483-8983-18A68200F1B4}" = SweetIM for Messenger 3.7

"{A4A9D179-DF6D-3876-F1C4-F4D2F5B77F23}" = CCC Help English

"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer

"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common

"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer

"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch

"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh

"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie

"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail

"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common

"{C3E85EE9-5892-4142-B537-BCEB3DAC4C3D}" = Internet Explorer Toolbar 4.6 by SweetPacks

"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections

"{CA142FB8-084F-4B22-BCC7-890B0F42A0DF}" = Maximized Software iCoverArt

"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform

"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64

"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform

"{DB32230C-5CE1-8112-F793-A8124B25A60B}" = CCC Help Italian

"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh

"{DF9E978D-54DA-6E2B-E699-D161E31DA144}" = CCC Help German

"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10

"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker

"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger

"{EA8FA6BE-29BE-4AF2-9352-841F83215EB0}" = Update Manager for SweetPacks 1.1

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials

"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

"7-Zip" = 7-Zip 9.20

"Album Art Downloader XUI" = Album Art Downloader XUI 0.43

"Album Cover Finder_is1" = Album Cover Finder v.7.1.3

"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9

"avast" = avast! Free Antivirus

"Avira AntiVir Desktop" = Avira Free Antivirus

"CDex" = CDex - Open Source Digital Audio CD Extractor

"DMEXMENU" = DMEX Menu Extention (Uninstall only)

"ESET Online Scanner" = ESET Online Scanner v3

"Exact Audio Copy" = Exact Audio Copy 1.0beta3

"imeshtoolbar2" = Search-Results Toolbar

"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000

"MediaMonkey_is1" = MediaMonkey 4.0

"Mozilla Firefox 16.0.2 (x86 de)" = Mozilla Firefox 16.0.2 (x86 de)

"MozillaMaintenanceService" = Mozilla Maintenance Service

"Native Instruments Controller Editor" = Native Instruments Controller Editor

"Native Instruments Service Center" = Native Instruments Service Center

"Native Instruments Traktor 2" = Native Instruments Traktor 2

"PROPLUS" = Microsoft Office Professional Plus 2007

"SopCast" = SopCast 3.5.0

"TagScanner_is1" = TagScanner 5.1.607

"TreeSize Professional_is1" = TreeSize Professional V5.5.5

"Virtual DJ Home Edition - Atomix Productions" = Virtual DJ Home Edition - Atomix Productions

"WinLiveSuite" = Windows Live Essentials

"xp-AntiSpy" = xp-AntiSpy 3.98-1

"Zortam Mp3 Media Studio_is1" = Zortam Mp3 Media Studio 13.35

 
 ========== HKEY_CURRENT_USER Uninstall List ==========

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{79A765E1-C399-405B-85AF-466F52E918B0}" = Avira SearchFree Toolbar plus Web Protection Updater

 
 ========== Last 20 Event Log Errors ==========

 

[ Application Events ]

Error - 18.10.2012 01:22:57 | Computer Name = derneuste-PC | Source = Outlook | ID = 35

Description = Fehler beim Bestimmen, ob sich der Speicher im Crawlbereich befindet

 (Fehler=0x8007043c).

 

Error - 18.10.2012 01:22:59 | Computer Name = derneuste-PC | Source = Outlook | ID = 34

Description = Fehler beim Abrufen des Crawlbereichs-Managers. Fehler=0x8007043c.

 

Error - 18.10.2012 01:22:59 | Computer Name = derneuste-PC | Source = Outlook | ID = 35

Description = Fehler beim Bestimmen, ob sich der Speicher im Crawlbereich befindet

 (Fehler=0x8007043c).

 

Error - 18.10.2012 15:41:02 | Computer Name = derneuste-PC | Source = WinMgmt | ID = 10

Description = 

 

Error - 18.10.2012 18:50:05 | Computer Name = derneuste-PC | Source = Application Error | ID = 1000

Description = Name der fehlerhaften Anwendung: DrvInst.exe, Version: 6.1.7600.16385,

 Zeitstempel: 0x4a5bc2c6  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,

 Zeitstempel: 0x4ec4aa8e  Ausnahmecode: 0xc0000005  Fehleroffset: 0x000000000009970a

ID

 des fehlerhaften Prozesses: 0x9cc  Startzeit der fehlerhaften Anwendung: 0x01cdad82e9a7cddf

Pfad

 der fehlerhaften Anwendung: C:\windows\system32\DrvInst.exe  Pfad des fehlerhaften

 Moduls: C:\windows\SYSTEM32\ntdll.dll  Berichtskennung: 284088ad-1976-11e2-8f7a-50e54953e126

 

Error - 18.10.2012 18:51:12 | Computer Name = derneuste-PC | Source = WinMgmt | ID = 10

Description = 

 

Error - 18.10.2012 18:52:39 | Computer Name = derneuste-PC | Source = Application Error | ID = 1000

Description = Name der fehlerhaften Anwendung: CCC.exe, Version: 3.5.0.0, Zeitstempel:

 0x4ca242ed  Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.17651,

 Zeitstempel: 0x4e21213c  Ausnahmecode: 0xe0434f4d  Fehleroffset: 0x000000000000cacd

ID

 des fehlerhaften Prozesses: 0xf1c  Startzeit der fehlerhaften Anwendung: 0x01cdad833d59bca1

Pfad

 der fehlerhaften Anwendung: C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

Pfad

 des fehlerhaften Moduls: C:\windows\system32\KERNELBASE.dll  Berichtskennung: 839cccea-1976-11e2-8f7a-50e54953e126

 

Error - 21.10.2012 12:33:19 | Computer Name = derneuste-PC | Source = WinMgmt | ID = 10

Description = 

 

Error - 21.10.2012 12:35:57 | Computer Name = derneuste-PC | Source = Microsoft-Windows-LoadPerf | ID = 3011

Description = Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren

 für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich.

 

Error - 21.10.2012 12:36:01 | Computer Name = derneuste-PC | Source = Microsoft-Windows-LoadPerf | ID = 3002

Description = Der Textzeichenfolgenwert zur Beschreibung des Leistungsindikators

 in der Registrierung ist falsch formatiert. Die falsch formatierte Zeichenfolge

 ist "??A ". Das erste DWORD im Datenbereich enthält den Indexwert für die falsch

 formatierte Zeichenfolge, während das zweite und dritte DWORD im Datenbereich die

 letzten gültigen Indexwerte enthalten.

 

[ OSession Events ]

Error - 01.09.2012 10:38:49 | Computer Name = derneuste-PC | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:

 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 8265

 seconds with 0 seconds of active time.  This session ended with a crash.

 

[ System Events ]

Error - 25.10.2012 21:47:31 | Computer Name = derneuste-PC | Source = Service Control Manager | ID = 7001

Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der

 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068

 

Error - 25.10.2012 21:49:37 | Computer Name = derneuste-PC | Source = Service Control Manager | ID = 7001

Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der

 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068

 

Error - 25.10.2012 21:49:37 | Computer Name = derneuste-PC | Source = Service Control Manager | ID = 7001

Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der

 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068

 

Error - 25.10.2012 21:49:37 | Computer Name = derneuste-PC | Source = Service Control Manager | ID = 7001

Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der

 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068

 

Error - 25.10.2012 21:54:37 | Computer Name = derneuste-PC | Source = Service Control Manager | ID = 7001

Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der

 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068

 

Error - 25.10.2012 21:54:37 | Computer Name = derneuste-PC | Source = Service Control Manager | ID = 7001

Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der

 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068

 

Error - 25.10.2012 21:54:37 | Computer Name = derneuste-PC | Source = Service Control Manager | ID = 7001

Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der

 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068

 

Error - 25.10.2012 21:56:45 | Computer Name = derneuste-PC | Source = Service Control Manager | ID = 7001

Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der

 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068

 

Error - 25.10.2012 21:56:45 | Computer Name = derneuste-PC | Source = Service Control Manager | ID = 7001

Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der

 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068

 

Error - 25.10.2012 21:56:45 | Computer Name = derneuste-PC | Source = Service Control Manager | ID = 7001

Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der

 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068

 

 

< End of report >

Hallo Cosinus,

ich hoffe Du kannst damit was anfangen.

Vielen dank für Deine Mühen und Geduld

Gruss
Derzapfer

Code:

Scan Mode: Current user

Du hast den Haken bei Scanne alle Benutzer vergessen! Bitte das Log nochmal richtig machen

Hallo Cosinus,
was Du alles siehst ...

Auf ein Neues
Sollte jetzt alles richtig sein ...

Grus sund schönen Sonntag

Derzapfer

Code:

OTL logfile created on: 04.11.2012 16:50:04 - Run 2

OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\xxx\Downloads

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

3,50 Gb Total Physical Memory | 2,05 Gb Available Physical Memory | 58,50% Memory free

6,99 Gb Paging File | 5,31 Gb Available in Paging File | 75,88% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 467,66 Gb Total Space | 333,44 Gb Free Space | 71,30% Space Free | Partition Type: NTFS

Drive E: | 244,14 Gb Total Space | 175,88 Gb Free Space | 72,04% Space Free | Partition Type: NTFS

Drive J: | 204,71 Gb Total Space | 50,67 Gb Free Space | 24,75% Space Free | Partition Type: NTFS

Drive L: | 298,01 Gb Total Space | 171,33 Gb Free Space | 57,49% Space Free | Partition Type: FAT32

Drive M: | 186,26 Gb Total Space | 20,84 Gb Free Space | 11,19% Space Free | Partition Type: FAT32

 

Computer Name: DERNEUSTE-PC | User Name: derneuste | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - C:\Users\derneuste\Downloads\OTL.exe (OldTimer Tools)

PRC - C:\Programme\AVAST Software\Avast\AvastUI.exe (AVAST Software)

PRC - C:\Programme\AVAST Software\Avast\AvastSvc.exe (AVAST Software)

PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)

PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)

PRC - E:\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)

PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)

PRC - C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)

PRC - E:\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)

PRC - E:\Avira\AntiVir Desktop\avwebgrd.exe (Avira Operations GmbH & Co. KG)

PRC - E:\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)

PRC - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)

PRC - C:\Program Files (x86)\iSaver\iSaverCtrl.exe (infoMantis GmbH)

 

 
 ========== Modules (No Company Name) ==========

 

MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()

MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()

MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()

MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()

 

 
 ========== Services (SafeList) ==========

 

SRV:64bit: - (AMD FUEL Service) -- c:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.)

SRV - (avast! Antivirus) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe (AVAST Software)

SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)

SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)

SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)

SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)

SRV - (AntiVirSchedulerService) -- E:\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)

SRV - (AntiVirWebService) -- E:\Avira\AntiVir Desktop\avwebgrd.exe (Avira Operations GmbH & Co. KG)

SRV - (AntiVirService) -- E:\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)

SRV - (NitroReaderDriverReadSpool2) -- C:\Programme\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe (Nitro PDF Software)

SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)

SRV - (wlcrasvc) -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)

SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)

SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (AVAST Software)

DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)

DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)

DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)

DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)

DRV:64bit: - (Fs_Rec) -- C:\windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)

DRV:64bit: - (inpoutx64) -- C:\Windows\SysNative\drivers\inpoutx64.sys (Highresolution Enterprises [www.highrez.co.uk])

DRV:64bit: - (RTHDMIAzAudService) -- C:\Windows\SysNative\drivers\RtHDMIVX.sys (Realtek Semiconductor Corp.)

DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )

DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH)

DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (Renesas Electronics Corporation)

DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (Renesas Electronics Corporation)

DRV:64bit: - (Netaapl) -- C:\Windows\SysNative\drivers\netaapl64.sys (Apple Inc.)

DRV:64bit: - (ahcix64s) -- C:\Windows\SysNative\drivers\ahcix64s.sys (Advanced Micro Devices, Inc)

DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation)

DRV:64bit: - (amd_sata) -- C:\Windows\SysNative\drivers\amd_sata.sys (Advanced Micro Devices)

DRV:64bit: - (amd_xata) -- C:\Windows\SysNative\drivers\amd_xata.sys (Advanced Micro Devices)

DRV:64bit: - (amdxhc) -- C:\Windows\SysNative\drivers\amdxhc.sys (Advanced Micro Devices, INC.)

DRV:64bit: - (amdhub30) -- C:\Windows\SysNative\drivers\amdhub30.sys (Advanced Micro Devices, INC.)

DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)

DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)

DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)

DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)

DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)

DRV:64bit: - (amdiox64) -- C:\Windows\SysNative\drivers\amdiox64.sys (Advanced Micro Devices)

DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)

DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)

DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)

DRV:64bit: - (61883) -- C:\Windows\SysNative\drivers\61883.sys (Microsoft Corporation)

DRV:64bit: - (Avc) -- C:\Windows\SysNative\drivers\avc.sys (Microsoft Corporation)

DRV:64bit: - (MSDV) -- C:\Windows\SysNative\drivers\msdv.sys (Microsoft Corporation)

DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)

DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)

DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)

DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)

DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD21}

IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&gct=ds&appid=1083&systemid=1&apn_dtid=IME001&apn_ptnrs=AG1&o=APN10653&apn_uid=3280454340074400&q={searchTerms}

IE:64bit: - HKLM\..\SearchScopes\{EFA2FEF8-C124-4225-9FCD-B5184E23CC78}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=MNMTDF&pc=MANM&src=IE-SearchBox

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://nmd.msn.com

IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD21}

IE - HKLM\..\SearchScopes\{2E03954E-89B9-46F7-AA70-B14847C6067C}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=MNMTDF&pc=MANM&src=IE-SearchBox

IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&gct=ds&appid=1083&systemid=1&apn_dtid=IME001&apn_ptnrs=AG1&o=APN10653&apn_uid=3280454340074400&q={searchTerms}

 

 

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

 

 

IE - HKU\S-1-5-21-2060105697-235347385-2913916759-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.imesh.net

IE - HKU\S-1-5-21-2060105697-235347385-2913916759-1001\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)

IE - HKU\S-1-5-21-2060105697-235347385-2913916759-1001\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD21}

IE - HKU\S-1-5-21-2060105697-235347385-2913916759-1001\..\SearchScopes\{40FCBC03-113D-4A4E-9A0D-771855886A78}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-3&o=APN10395&src=kw&q={searchTerms}&locale=&apn_ptnrs=^ABT&apn_dtid=^YYYYYY^YY^DE&apn_uid=44a357d9-393a-40f1-b0d6-cd7765c20ae9&apn_sauid=8B05E438-3C3B-4CAF-9782-6361CCDB8502

IE - HKU\S-1-5-21-2060105697-235347385-2913916759-1001\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&gct=ds&appid=1083&systemid=1&apn_dtid=IME001&apn_ptnrs=AG1&o=APN10653&apn_uid=3280454340074400&q={searchTerms}

IE - HKU\S-1-5-21-2060105697-235347385-2913916759-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 
 ========== FireFox ==========

 

FF - prefs.js..browser.search.defaultengine: "Ask.com"

FF - prefs.js..browser.search.defaultenginename: "Ask.com"

FF - prefs.js..browser.search.order.1: "Ask.com"

FF - prefs.js..browser.search.selectedEngine: "Ask.com"

FF - prefs.js..browser.startup.homepage: "www.google.de"

FF - prefs.js..extensions.enabledAddons: {1FD91A9C-410C-4090-BBCC-55D3450EF433}:1.0

FF - prefs.js..extensions.enabledAddons: wrc@avast.com:7.0.1474

FF - prefs.js..extensions.enabledAddons: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20120926

FF - prefs.js..extensions.enabledAddons: toolbar@ask.com:3.15.4.100015

FF - prefs.js..keyword.URL: "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=AVR-3&o=APN10395&locale=de_DE&apn_uid=44a357d9-393a-40f1-b0d6-cd7765c20ae9&apn_ptnrs=^ABT&apn_sauid=8B05E438-3C3B-4CAF-9782-6361CCDB8502&apn_dtid=^YYYYYY^YY^DE&&q="

FF - user.js - File not found

 

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\itunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@nitropdf.com/NitroPDF: E:\PDF_Nitro\npnitromozilla.dll ( )

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012.11.02 21:54:57 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.10.26 21:56:42 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.10.26 21:56:39 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.10.26 21:56:42 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.10.26 21:56:39 | 000,000,000 | ---D | M]

 

[2012.09.18 19:39:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\derneuste\AppData\Roaming\mozilla\Extensions

[2012.11.04 14:34:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\derneuste\AppData\Roaming\mozilla\Firefox\Profiles\rnt99qkn.default\extensions

[2012.11.04 13:30:26 | 000,000,000 | ---D | M] (WOT) -- C:\Users\derneuste\AppData\Roaming\mozilla\Firefox\Profiles\rnt99qkn.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}

[2012.11.04 14:36:47 | 000,000,000 | ---D | M] ("Avira SearchFree Toolbar plus Web Protection") -- C:\Users\derneuste\AppData\Roaming\mozilla\Firefox\Profiles\rnt99qkn.default\extensions\toolbar@ask.com

[2012.11.04 14:36:48 | 000,002,413 | ---- | M] () -- C:\Users\derneuste\AppData\Roaming\mozilla\firefox\profiles\rnt99qkn.default\searchplugins\askcom.xml

[2012.09.18 19:39:38 | 000,002,685 | ---- | M] () -- C:\Users\derneuste\AppData\Roaming\mozilla\firefox\profiles\rnt99qkn.default\searchplugins\Search_Results.xml

[2012.09.25 19:40:20 | 000,003,915 | ---- | M] () -- C:\Users\derneuste\AppData\Roaming\mozilla\firefox\profiles\rnt99qkn.default\searchplugins\sweetim.xml

[2012.10.26 21:56:38 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions

[2012.09.18 19:39:53 | 000,000,000 | ---D | M] (DataMngr) -- C:\PROGRAM FILES (X86)\IMESH APPLICATIONS\MEDIABAR\DATAMNGR\FIREFOXEXTENSION

[2012.11.02 21:54:57 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF

[2012.10.26 21:56:42 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll

[2012.09.06 03:07:37 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml

[2012.09.06 03:07:37 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

[2012.09.06 03:07:37 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml

[2012.09.06 03:07:37 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml

[2012.09.18 19:39:38 | 000,002,685 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\Search_Results.xml

[2012.09.06 03:07:37 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml

[2012.09.06 03:07:37 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml

 

O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)

O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

O2:64bit: - BHO: (DataMngr) - {BE7A24F5-69CB-4708-B77B-B1EDA6043B95} - C:\PROGRA~2\IMESHA~1\Mediabar\Datamngr\x64\BROWSE~1.DLL (iMesh, Inc)

O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

O2 - BHO: (Search-Results Toolbar) - {bff6b2ca-366c-4a90-b685-d87776deb0d2} - C:\PROGRA~2\IMESHA~1\Mediabar\Datamngr\SRTOOL~1\searchresultsDx.dll (APN LLC)

O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)

O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)

O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

O3 - HKLM\..\Toolbar: (Search-Results Toolbar) - {bff6b2ca-366c-4a90-b685-d87776deb0d2} - C:\PROGRA~2\IMESHA~1\Mediabar\Datamngr\SRTOOL~1\searchresultsDx.dll (APN LLC)

O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)

O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.

O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O4:64bit: - HKLM..\Run: [RtHDVBg_Dolby] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)

O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)

O4 - HKLM..\Run: []  File not found

O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)

O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)

O4 - HKLM..\Run: [avgnt] E:\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)

O4 - HKLM..\Run: [DATAMNGR] C:\PROGRA~2\IMESHA~1\Mediabar\Datamngr\DATAMN~1.EXE (iMesh, Inc)

O4 - HKLM..\Run: [iSaverCtrl] C:\Program Files (x86)\iSaver\iSaverCtrl.exe (infoMantis GmbH)

O4 - HKLM..\Run: [NUSB3MON] c:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)

O4 - HKLM..\Run: [StartCCC] c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)

O4 - HKLM..\Run: [Sweetpacks Communicator] C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe File not found

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-2060105697-235347385-2913916759-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found

O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - E:\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - E:\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - E:\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - E:\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - E:\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - E:\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - E:\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - E:\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000020 - E:\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - E:\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - E:\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)

O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - E:\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)

O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - E:\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)

O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - E:\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)

O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - E:\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)

O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - E:\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)

O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - E:\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)

O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - E:\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)

O13 - gopher Prefix: missing

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AFBD353B-2ECF-40CF-A0A7-08855C94329C}: NameServer = 192.168.2.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D30CE1CA-0DAE-4325-A5E1-A1AC77CE0A0E}: DhcpNameServer = 10.111.81.129 10.129.32.1

O18:64bit: - Protocol\Handler\livecall - No CLSID value found

O18:64bit: - Protocol\Handler\ms-help - No CLSID value found

O18:64bit: - Protocol\Handler\msnim - No CLSID value found

O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found

O18:64bit: - Protocol\Handler\wlpg - No CLSID value found

O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\IMESHA~1\Mediabar\Datamngr\x64\datamngr.dll) - C:\PROGRA~2\IMESHA~1\Mediabar\Datamngr\x64\datamngr.dll (iMesh, Inc)

O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\IMESHA~1\Mediabar\Datamngr\x64\IEBHO.dll) - C:\PROGRA~2\IMESHA~1\Mediabar\Datamngr\x64\IEBHO.dll (iMesh, Inc)

O20 - AppInit_DLLs: (C:\PROGRA~2\IMESHA~1\Mediabar\Datamngr\datamngr.dll) - C:\PROGRA~2\IMESHA~1\Mediabar\Datamngr\datamngr.dll (iMesh, Inc)

O20 - AppInit_DLLs: (C:\PROGRA~2\IMESHA~1\Mediabar\Datamngr\IEBHO.dll) - C:\PROGRA~2\IMESHA~1\Mediabar\Datamngr\IEBHO.dll (iMesh, Inc)

O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2012.11.04 14:34:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira

[2012.11.04 14:34:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ask.com

[2012.11.04 14:16:37 | 000,000,000 | ---D | C] -- C:\ProgramData\SecTaskMan

[2012.11.04 14:16:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security Task Manager

[2012.11.04 14:16:34 | 000,000,000 | ---D | C] -- C:\Program Files\Security Task Manager

[2012.11.03 23:23:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Live Add-in

[2012.11.02 21:55:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus

[2012.11.02 21:55:15 | 000,285,328 | ---- | C] (AVAST Software) -- C:\windows\SysNative\aswBoot.exe

[2012.11.02 21:55:15 | 000,071,600 | ---- | C] (AVAST Software) -- C:\windows\SysNative\drivers\aswMonFlt.sys

[2012.11.02 21:54:29 | 000,041,224 | ---- | C] (AVAST Software) -- C:\windows\avastSS.scr

[2012.11.02 21:54:28 | 000,227,648 | ---- | C] (AVAST Software) -- C:\windows\SysWow64\aswBoot.exe

[2012.11.02 21:54:14 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software

[2012.11.02 21:54:14 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software

[2012.10.30 18:40:15 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine

[2012.10.30 18:32:09 | 000,000,000 | ---D | C] -- C:\Users\derneuste\Desktop\Virensuchprogramme zT alt

[2012.10.29 22:30:22 | 000,000,000 | ---D | C] -- C:\Users\derneuste\AppData\Roaming\JAM Software

[2012.10.29 22:30:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TreeSize Professional

[2012.10.29 22:30:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\JAM Software

[2012.10.29 19:16:29 | 000,000,000 | ---D | C] -- C:\Users\derneuste\AppData\Local\{80886A99-B8E8-423C-A76E-B5C67B5625BB}

[2012.10.29 19:14:23 | 000,000,000 | ---D | C] -- C:\Users\derneuste\Local Settings

[2012.10.29 19:14:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip

[2012.10.29 19:14:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\7-Zip

[2012.10.26 21:56:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox

[2012.10.26 06:45:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET

[2012.10.26 06:36:36 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN

[2012.10.25 20:51:21 | 000,518,144 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe

[2012.10.25 20:51:21 | 000,406,528 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe

[2012.10.25 20:51:21 | 000,060,416 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe

[2012.10.25 20:46:58 | 000,000,000 | ---D | C] -- C:\Qoobox

[2012.10.25 20:46:46 | 000,000,000 | ---D | C] -- C:\windows\erdnt

[2012.10.22 18:16:14 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys

[2012.10.21 18:43:27 | 000,000,000 | ---D | C] -- C:\windows\Minidump

[2012.10.21 18:11:32 | 000,245,760 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\OxpsConverter.exe

[2012.10.21 18:11:22 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ntoskrnl.exe

[2012.10.21 18:11:22 | 003,914,096 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntoskrnl.exe

[2012.10.21 18:11:19 | 003,968,880 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntkrnlpa.exe

[2012.10.21 18:11:00 | 001,162,240 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\kernel32.dll

[2012.10.21 18:11:00 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\KernelBase.dll

[2012.10.21 18:10:59 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\conhost.exe

[2012.10.21 18:10:59 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wow64.dll

[2012.10.21 18:10:59 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\winsrv.dll

[2012.10.21 18:10:58 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wow64win.dll

[2012.10.21 18:10:58 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\setup16.exe

[2012.10.21 18:10:58 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ntvdm64.dll

[2012.10.21 18:10:58 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntvdm64.dll

[2012.10.21 18:10:58 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wow64cpu.dll

[2012.10.21 18:10:58 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\instnm.exe

[2012.10.21 18:10:58 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll

[2012.10.21 18:10:58 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wow32.dll

[2012.10.21 18:10:58 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll

[2012.10.21 18:10:58 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll

[2012.10.21 18:10:58 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll

[2012.10.21 18:10:58 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll

[2012.10.21 18:10:58 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll

[2012.10.21 18:10:58 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll

[2012.10.21 18:10:58 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll

[2012.10.21 18:10:58 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll

[2012.10.21 18:10:58 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll

[2012.10.21 18:10:58 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-memory-l1-1-0.dll

[2012.10.21 18:10:58 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll

[2012.10.21 18:10:58 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll

[2012.10.21 18:10:58 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll

[2012.10.21 18:10:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll

[2012.10.21 18:10:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll

[2012.10.21 18:10:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll

[2012.10.21 18:10:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll

[2012.10.21 18:10:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-profile-l1-1-0.dll

[2012.10.21 18:10:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-io-l1-1-0.dll

[2012.10.21 18:10:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll

[2012.10.21 18:10:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll

[2012.10.21 18:10:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll

[2012.10.21 18:10:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll

[2012.10.21 18:10:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll

[2012.10.21 18:10:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll

[2012.10.21 18:10:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-debug-l1-1-0.dll

[2012.10.21 18:10:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll

[2012.10.21 18:10:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll

[2012.10.21 18:10:57 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll

[2012.10.21 18:10:57 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-security-base-l1-1-0.dll

[2012.10.21 18:10:57 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-file-l1-1-0.dll

[2012.10.21 18:10:57 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll

[2012.10.21 18:10:57 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll

[2012.10.21 18:10:57 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll

[2012.10.21 18:10:57 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-synch-l1-1-0.dll

[2012.10.21 18:10:57 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll

[2012.10.21 18:10:57 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll

[2012.10.21 18:10:57 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-localization-l1-1-0.dll

[2012.10.21 18:10:57 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll

[2012.10.21 18:10:57 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll

[2012.10.21 18:10:57 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll

[2012.10.21 18:10:57 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll

[2012.10.21 18:10:57 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-misc-l1-1-0.dll

[2012.10.21 18:10:57 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll

[2012.10.21 18:10:57 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-heap-l1-1-0.dll

[2012.10.21 18:10:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-util-l1-1-0.dll

[2012.10.21 18:10:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-util-l1-1-0.dll

[2012.10.21 18:10:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-string-l1-1-0.dll

[2012.10.21 18:10:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-io-l1-1-0.dll

[2012.10.21 18:10:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll

[2012.10.21 18:10:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-handle-l1-1-0.dll

[2012.10.21 18:10:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll

[2012.10.21 18:10:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll

[2012.10.21 18:10:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-console-l1-1-0.dll

[2012.10.21 18:10:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-console-l1-1-0.dll

[2012.10.21 18:10:57 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\user.exe

[2012.10.21 18:10:29 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wintrust.dll

[2012.10.21 18:04:10 | 001,464,320 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\crypt32.dll

[2012.10.21 18:04:08 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\cryptnet.dll

[2012.10.13 12:53:43 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight

[2012.10.13 12:53:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight

[2012.10.13 11:48:38 | 000,000,000 | ---D | C] -- C:\Users\derneuste\AppData\Roaming\Malwarebytes

[2012.10.13 11:48:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2012.10.13 11:48:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2012.10.13 11:48:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware

[2012.10.12 17:59:38 | 000,000,000 | ---D | C] -- C:\Kaspersky Rescue Disk 10.0

 
 ========== Files - Modified Within 30 Days ==========

 

[2012.11.04 16:02:57 | 000,016,976 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012.11.04 16:02:57 | 000,016,976 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012.11.04 15:55:20 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat

[2012.11.04 15:55:16 | 2816,389,120 | -HS- | M] () -- C:\hiberfil.sys

[2012.11.04 04:46:12 | 000,000,471 | ---- | M] () -- C:\windows\BRWMARK.INI

[2012.11.02 21:55:18 | 000,001,965 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk

[2012.11.02 21:55:15 | 000,000,000 | ---- | M] () -- C:\windows\SysWow64\config.nt

[2012.11.01 18:36:01 | 000,000,512 | ---- | M] () -- C:\Users\derneuste\Desktop\MBR.dat

[2012.10.30 23:51:55 | 000,071,600 | ---- | M] (AVAST Software) -- C:\windows\SysNative\drivers\aswMonFlt.sys

[2012.10.30 23:51:07 | 000,041,224 | ---- | M] (AVAST Software) -- C:\windows\avastSS.scr

[2012.10.30 23:50:59 | 000,227,648 | ---- | M] (AVAST Software) -- C:\windows\SysWow64\aswBoot.exe

[2012.10.30 23:50:30 | 000,285,328 | ---- | M] (AVAST Software) -- C:\windows\SysNative\aswBoot.exe

[2012.10.29 19:13:19 | 000,000,223 | ---- | M] () -- C:\Users\derneuste\Desktop\Search the Web.url

[2012.10.29 19:13:19 | 000,000,217 | ---- | M] () -- C:\Users\derneuste\Desktop\SweetPcFix.url

[2012.10.21 18:43:18 | 233,669,028 | ---- | M] () -- C:\windows\MEMORY.DMP

[2012.10.11 20:29:33 | 000,696,760 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerApp.exe

 
 ========== Files Created - No Company Name ==========

 

[2012.11.02 21:55:18 | 000,001,965 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk

[2012.11.02 21:55:15 | 000,000,000 | ---- | C] () -- C:\windows\SysWow64\config.nt

[2012.11.01 17:55:41 | 000,000,512 | ---- | C] () -- C:\Users\derneuste\Desktop\MBR.dat

[2012.10.29 19:13:19 | 000,000,217 | ---- | C] () -- C:\Users\derneuste\Desktop\SweetPcFix.url

[2012.10.25 20:51:21 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe

[2012.10.25 20:51:21 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe

[2012.10.25 20:51:21 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe

[2012.10.25 20:51:21 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe

[2012.10.25 20:51:21 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe

[2012.10.21 18:43:18 | 233,669,028 | ---- | C] () -- C:\windows\MEMORY.DMP

[2012.10.21 18:01:27 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk

[2012.02.04 10:31:40 | 000,496,640 | ---- | C] () -- C:\windows\SysWow64\lame_enc.dll

[2012.02.04 10:31:40 | 000,131,176 | ---- | C] () -- C:\windows\SysWow64\mp3gain.exe

[2012.02.04 10:31:40 | 000,086,016 | ---- | C] () -- C:\windows\SysWow64\akrip32.dll

[2012.02.04 10:31:39 | 000,580,096 | ---- | C] () -- C:\windows\SysWow64\lame.exe

[2012.02.04 10:31:39 | 000,307,200 | ---- | C] () -- C:\windows\SysWow64\Mp3Ctrl.dll

[2012.02.04 10:31:38 | 000,003,180 | ---- | C] () -- C:\Users\derneuste\AppData\Local\ZortamMp3MediaStudio.iss

[2012.01.25 13:00:51 | 000,367,104 | ---- | C] () -- C:\windows\dmexmenu.dll

[2012.01.25 13:00:51 | 000,072,791 | ---- | C] () -- C:\windows\dmexlanguage.ini

[2012.01.12 08:02:30 | 000,000,471 | ---- | C] () -- C:\windows\BRWMARK.INI

[2012.01.12 08:02:30 | 000,000,034 | ---- | C] () -- C:\windows\SysWow64\bd4040cn.dat

[2012.01.12 08:02:30 | 000,000,026 | ---- | C] () -- C:\windows\BRPP2KA.INI

[2011.12.31 12:53:44 | 000,007,643 | ---- | C] () -- C:\Users\derneuste\AppData\Local\Resmon.ResmonCfg

[2011.12.19 13:21:19 | 000,000,000 | ---- | C] () -- C:\windows\ativpsrm.bin

[2011.12.14 07:53:04 | 000,204,960 | ---- | C] () -- C:\windows\SysWow64\ativvsvl.dat

[2011.12.14 07:53:04 | 000,157,152 | ---- | C] () -- C:\windows\SysWow64\ativvsva.dat

[2011.12.14 07:53:03 | 000,003,917 | ---- | C] () -- C:\windows\SysWow64\atipblag.dat

[2011.11.09 22:39:44 | 000,059,904 | ---- | C] () -- C:\windows\SysWow64\OpenVideo.dll

[2011.11.09 22:39:32 | 000,054,784 | ---- | C] () -- C:\windows\SysWow64\OVDecode.dll

 
 ========== ZeroAccess Check ==========

 

[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

 

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

 

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

 

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

 

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

 

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

 
 ========== Alternate Data Streams ==========

 

@Alternate Data Stream - 152 bytes -> C:\ProgramData\TEMP:8331D35A

@Alternate Data Stream - 100 bytes -> C:\ProgramData\TEMP:EBC2DB92
 

< End of report >

Code:

OTL Extras logfile created on: 04.11.2012 16:50:04 - Run 2

OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\xxx\Downloads

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

3,50 Gb Total Physical Memory | 2,05 Gb Available Physical Memory | 58,50% Memory free

6,99 Gb Paging File | 5,31 Gb Available in Paging File | 75,88% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 467,66 Gb Total Space | 333,44 Gb Free Space | 71,30% Space Free | Partition Type: NTFS

Drive E: | 244,14 Gb Total Space | 175,88 Gb Free Space | 72,04% Space Free | Partition Type: NTFS

Drive J: | 204,71 Gb Total Space | 50,67 Gb Free Space | 24,75% Space Free | Partition Type: NTFS

Drive L: | 298,01 Gb Total Space | 171,33 Gb Free Space | 57,49% Space Free | Partition Type: FAT32

Drive M: | 186,26 Gb Total Space | 20,84 Gb Free Space | 11,19% Space Free | Partition Type: FAT32

 

Computer Name: DERNEUSTE-PC | User Name: derneuste | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Extra Registry (SafeList) ==========

 

 
 ========== File Associations ==========

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)

 

[HKEY_USERS\S-1-5-21-2060105697-235347385-2913916759-1001\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

 
 ========== Shell Spawning ==========

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)

InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [MediaMonkey.1Play] -- "E:\MediaMonkey\MediaMonkey.exe" "%1"

Directory [MediaMonkey.2PlayNext] -- "E:\MediaMonkey\MediaMonkey.exe" /NEXT "%1"

Directory [MediaMonkey.3Enqueue] -- "E:\MediaMonkey\MediaMonkey.exe" /ADD "%1"

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [MediaMonkey.1Play] -- "E:\MediaMonkey\MediaMonkey.exe" "%1"

Directory [MediaMonkey.2PlayNext] -- "E:\MediaMonkey\MediaMonkey.exe" /NEXT "%1"

Directory [MediaMonkey.3Enqueue] -- "E:\MediaMonkey\MediaMonkey.exe" /ADD "%1"

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 
 ========== Security Center Settings ==========

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

"FirewallDisableNotify" = 0

"AntiVirusDisableNotify" = 0

"UpdatesDisableNotify" = 0

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

 
 ========== System Restore Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

 
 ========== Firewall Settings ==========

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

 
 ========== Authorized Applications List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

 

 
 ========== Vista Active Open Ports Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{20FBB5EB-99A0-42DB-B29B-95E7493D03C1}" = lport=2869 | protocol=6 | dir=in | app=system | 

"{3049C825-D488-4DA3-B3B4-E62169485D48}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 

"{3E5E5400-4E04-47FB-95D4-DF1A6E006C90}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 

"{3FF94C8B-00F0-46C9-911B-3E87AB25F5AE}" = rport=10243 | protocol=6 | dir=out | app=system | 

"{443C821F-B87B-4683-8158-0719BE06533A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 

"{541CBC2C-8E3D-4A8F-8B4F-E3E1A946F2E4}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 

"{616EF830-2F7F-45B2-A679-76DE25C640BE}" = lport=137 | protocol=17 | dir=in | app=system | 

"{641E1BD0-D187-40D8-95B8-092D9ACBDC7E}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 

"{72931074-907F-40D8-8A23-157338BC3F28}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 

"{72FF699C-8D56-4230-9B11-510A19251D2D}" = lport=138 | protocol=17 | dir=in | app=system | 

"{7F3614BF-5281-4C04-A7E2-DD16B9CD9850}" = lport=139 | protocol=6 | dir=in | app=system | 

"{9318B394-96C6-4024-BBD5-16CF086326FB}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 

"{9542F82F-9EA5-47AD-91CF-1E7EE4D9C617}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 

"{A3427852-3B59-478A-A1DF-B7E7D1101C73}" = rport=139 | protocol=6 | dir=out | app=system | 

"{A47E5180-433B-40D8-B75A-AD1B6504D072}" = rport=138 | protocol=17 | dir=out | app=system | 

"{C421D11C-1E92-4CBE-A8C4-ED8C05C05BFC}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 

"{CC796F37-CD1A-495C-A23F-B7CB548E84DE}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 

"{D5315284-EAA7-4D13-9D3F-582A0EF644E2}" = lport=445 | protocol=6 | dir=in | app=system | 

"{D825BDAE-DAAA-4C4E-8473-2AC56FE32FFD}" = rport=137 | protocol=17 | dir=out | app=system | 

"{D9787DF8-5048-4AF2-9D7E-F972D343BFBE}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 

"{E6707DF3-D2F5-4D3E-B9EE-C67DAEB68B3A}" = lport=10243 | protocol=6 | dir=in | app=system | 

"{EC614620-0EFF-4FA9-B710-800E536C7328}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe | 

"{ED53443E-B4D5-4D02-B872-6E58EFB04165}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 

"{F2C2D1A2-3F78-41CD-9106-6C81FC3236C7}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 

"{F5E788DC-F8D7-48D5-BD05-072D82B724D1}" = rport=445 | protocol=6 | dir=out | app=system | 

"{F7385103-B4F1-40E5-BB33-BDC5EE9C7FF2}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 

 
 ========== Vista Active Application Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{1D374B86-FC52-419F-8603-A722EE4085F7}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 

"{1F2378A4-4081-4E83-81A0-3B7D2B245129}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 

"{250142E6-F321-443E-8D5B-16842CF9ED2E}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 

"{2D87A4E1-7D02-4A93-BD88-A002DDE44F0F}" = protocol=17 | dir=in | app=c:\windows\syswow64\msiexec.exe | 

"{371AB414-A435-42CE-ADCA-44C8498F4AFD}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 

"{389694AA-D77B-439E-B449-291B7EA9F70D}" = protocol=6 | dir=out | app=system | 

"{54479F16-3E01-4524-8B74-32BF1DBF84A6}" = protocol=6 | dir=in | app=c:\program files (x86)\imesh applications\imesh\imesh.exe | 

"{5677E414-FBBD-4C44-B810-BF16E846F41D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 

"{5C8EE087-996C-4F98-8D0E-0F144FE8316C}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 

"{652BFB55-E392-48B0-9B70-2B71E9133F0C}" = protocol=17 | dir=in | app=c:\program files (x86)\sweetim\communicator\sweetpacksupdatemanager.exe | 

"{6AEFD876-EBBD-4955-B174-55DE88A6B62C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 

"{6C9D638C-23AF-472F-AF46-AF01F6F949AB}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 

"{6EBABDD9-D621-49A1-ABE6-DF17830C529F}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 

"{72F7AF9B-56C5-4F74-82EB-F9318DE10F9A}" = protocol=6 | dir=in | app=c:\program files (x86)\imesh applications\mediabar\datamngr\srtool~1\dtuser.exe | 

"{7481F9BD-F521-46D8-8996-3876B4A8068F}" = protocol=6 | dir=in | app=c:\program files (x86)\sweetim\communicator\sweetpacksupdatemanager.exe | 

"{7FD5A2D2-E5BC-42BA-9C9A-0D932661AAED}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 

"{8238485B-D43B-42E2-AE8D-6EE5790CB605}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | 

"{9A6FDA7E-27D7-45F8-8192-71FF87F099F6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 

"{9FBB6CE4-6D9A-46C0-9F44-E907F7ED79CF}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 

"{A17550BF-9949-43D5-94BF-8969B65E5EE4}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 

"{A9324A41-5C3E-4729-ABEA-BB1166D42831}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 

"{AC22DDDB-ABF5-4054-84A9-A3C30FDD7B20}" = protocol=6 | dir=in | app=c:\windows\syswow64\msiexec.exe | 

"{B9FB8E14-C17B-4C1F-B867-E40435A00313}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 

"{CB5EA568-2DF1-426C-91BE-A2791B106193}" = protocol=17 | dir=in | app=c:\program files (x86)\imesh applications\imesh\imesh.exe | 

"{D1089845-536B-4F00-B456-0F0551821569}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 

"{DB9EA595-9769-4435-A662-D7AD0B6D6329}" = protocol=6 | dir=in | app=c:\program files (x86)\imesh applications\imesh\imesh.exe | 

"{DD2A2C6C-C8C9-48D1-A1B0-57303F662869}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 

"{DD3E584B-BF79-4266-AC72-14AC62268CC7}" = dir=in | app=c:\itunes\itunes.exe | 

"{DEBE0657-84DB-46E9-AAE5-60C98D865A8F}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 

"{DECD30F1-09CE-4C4A-915F-BA18A46643D6}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 

"{E53FE676-3212-4EF7-ABFA-71C80F7BABC7}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 

"{E9E324A2-0936-44CB-958B-588C08C624BB}" = protocol=17 | dir=in | app=c:\program files (x86)\imesh applications\mediabar\datamngr\srtool~1\dtuser.exe | 

"{EE3ECBA6-B08C-4C12-92D8-41F42E4D445B}" = protocol=17 | dir=in | app=c:\program files (x86)\imesh applications\imesh\imesh.exe | 

"{FA7C3A6D-6ED3-4894-A276-AA5C7FCF7A6B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 

"TCP Query User{175A9775-18B5-499F-850A-DACD0D211EB5}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | 

"TCP Query User{31217E38-C89C-48CA-856A-6D986AEE867C}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe | 

"TCP Query User{448A4D01-04BF-45DE-BC71-D6B18C784FA9}C:\program files (x86)\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe | 

"UDP Query User{4EF07B70-FBB6-4CB2-B8EC-BB747B39570F}C:\program files (x86)\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe | 

"UDP Query User{655AF68B-CC63-4542-84EA-76534E115BB2}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | 

"UDP Query User{70B8D477-D557-4A2D-8139-6291FE55BB74}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe | 

 
 ========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{0886900B-B2F3-452C-B580-60F1253F7F80}" = Native Instruments Controller Editor

"{0B8565BA-BAD5-4732-B122-5FD78EFC50A9}" = Native Instruments Service Center

"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack

"{11BA2B00-1495-47B8-BFA8-D08C605AB2CC}" = Windows Live Family Safety

"{1493B2AE-0261-47D2-B1AA-F4DAD0F6C48B}" = iTunes

"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector

"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant

"{4BC310C4-B898-46E2-B5FB-B85A30AA7142}" = iCloud

"{4D533F05-A3F6-F8A9-F1F6-FA6812089D36}" = AMD Drag and Drop Transcoding

"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime

"{62478EFF-4C2D-7C34-3CE4-23E1CF4A53DD}" = ccc-utility64

"{7446FE8D-C1F9-4D42-AAAE-5DBCE58605A6}" = Apple Mobile Device Support

"{76A9BB62-F6BC-83B7-B774-B4ED34009E62}" = AMD Fuel

"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007

"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007

"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting

"{A08E9F7F-D07D-4029-973D-D9DB7DF4A285}" = Nitro Reader 2

"{A8EC0CC0-AD8D-4244-B080-424EDF7A7634}" = Native Instruments Traktor 2

"{CE42CFF5-F477-D440-6CFB-6CBAE0008B91}" = AMD Catalyst Install Manager

"{CEA21F20-DBF4-464C-8B81-28B8508AFDDD}" = Windows Live Family Safety

"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources

"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources

"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter

"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319

"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client

"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service

"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile

"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit

"Free PDF to Word Converter_is1" = Free PDF to Word Converter 5.1.0.383

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion

"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer

"{0D4D67AB-C830-1787-5868-7EB8CDE396FD}" = Catalyst Control Center InstallProxy

"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime

"{12FCEE02-33A5-478A-A0B1-219E07BA0B47}" = MP3-Tag-Editor 3.10

"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger

"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update

"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions

"{2911F8A7-8513-7A0C-E02B-B4BF3260376D}" = CCC Help Hungarian

"{2ECA81CA-D932-4AD3-AD59-BF5CCF099C83}" = Catalyst Control Center - Branding

"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery

"{337944EB-8A7B-9A4F-5616-BE20776318B0}" = Catalyst Control Center Graphics Previews Common

"{376924D9-9D83-366E-8DF4-3785F7200572}" = CCC Help Greek

"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack

"{37D77500-8BAB-D917-A1E5-80DB5DBC90A4}" = CCC Help Polish

"{3DBF3B04-45ED-7839-A732-572F5132C87E}" = CCC Help French

"{3FCB5D68-F2EC-00BC-4F00-A921C894A670}" = Catalyst Control Center Localization All

"{4D161755-840F-40E8-B0F4-DAB6D1A15978}" = Heja BVB 

"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver

"{5449FB4F-1802-4D5B-A6D8-087DB1142147}" = Realtek HDMI Audio Driver for ATI

"{58184585-45B7-AC59-3367-CC89814C2657}" = AMD VISION Engine Control Center

"{5E1375CB-6792-4464-8715-CC3EC83D48FA}" = VirtualDJ Home FREE

"{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Apple Application Support

"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE

"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update

"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core

"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP

"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable

"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform

"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer

"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar

"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver

"{8B558624-36B9-7D51-AA9F-339E85E3C6CA}" = CCC Help Portuguese

"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime

"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT

"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007

"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007

"{90120000-0015-0407-0000-0000000FF1CE}_PROPLUS_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007

"{90120000-0016-0407-0000-0000000FF1CE}_PROPLUS_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007

"{90120000-0018-0407-0000-0000000FF1CE}_PROPLUS_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007

"{90120000-0019-0407-0000-0000000FF1CE}_PROPLUS_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007

"{90120000-001A-0407-0000-0000000FF1CE}_PROPLUS_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007

"{90120000-001B-0407-0000-0000000FF1CE}_PROPLUS_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007

"{90120000-001F-0407-0000-0000000FF1CE}_PROPLUS_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-040C-0000-0000000FF1CE}_PROPLUS_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007

"{90120000-001F-0410-0000-0000000FF1CE}_PROPLUS_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-002A-0000-1000-0000000FF1CE}_PROPLUS_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-002A-0407-1000-0000000FF1CE}_PROPLUS_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007

"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007

"{90120000-0044-0407-0000-0000000FF1CE}_PROPLUS_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007

"{90120000-006E-0407-0000-0000000FF1CE}_PROPLUS_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In

"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker

"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010

"{960C091F-A830-2964-D775-05ECD97484B5}" = CCC Help Spanish

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail

"{A4A9D179-DF6D-3876-F1C4-F4D2F5B77F23}" = CCC Help English

"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer

"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common

"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer

"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch

"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh

"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie

"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail

"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common

"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections

"{CA142FB8-084F-4B22-BCC7-890B0F42A0DF}" = Maximized Software iCoverArt

"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform

"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64

"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform

"{DB32230C-5CE1-8112-F793-A8124B25A60B}" = CCC Help Italian

"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh

"{DF9E978D-54DA-6E2B-E699-D161E31DA144}" = CCC Help German

"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10

"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker

"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5

"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials

"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

"7-Zip" = 7-Zip 9.20

"Album Art Downloader XUI" = Album Art Downloader XUI 0.43

"Album Cover Finder_is1" = Album Cover Finder v.7.1.3

"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9

"avast" = avast! Free Antivirus

"Avira AntiVir Desktop" = Avira Free Antivirus

"CDex" = CDex - Open Source Digital Audio CD Extractor

"DMEXMENU" = DMEX Menu Extention (Uninstall only)

"ESET Online Scanner" = ESET Online Scanner v3

"Exact Audio Copy" = Exact Audio Copy 1.0beta3

"imeshtoolbar2" = Search-Results Toolbar

"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000

"MediaMonkey_is1" = MediaMonkey 4.0

"Mozilla Firefox 16.0.2 (x86 de)" = Mozilla Firefox 16.0.2 (x86 de)

"MozillaMaintenanceService" = Mozilla Maintenance Service

"Native Instruments Controller Editor" = Native Instruments Controller Editor

"Native Instruments Service Center" = Native Instruments Service Center

"Native Instruments Traktor 2" = Native Instruments Traktor 2

"PROPLUS" = Microsoft Office Professional Plus 2007

"Security Task Manager" = Security Task Manager 1.8d

"SopCast" = SopCast 3.5.0

"TagScanner_is1" = TagScanner 5.1.607

"TreeSize Professional_is1" = TreeSize Professional V5.5.5

"Virtual DJ Home Edition - Atomix Productions" = Virtual DJ Home Edition - Atomix Productions

"WinLiveSuite" = Windows Live Essentials

"xp-AntiSpy" = xp-AntiSpy 3.98-1

"Zortam Mp3 Media Studio_is1" = Zortam Mp3 Media Studio 13.35

 
 ========== HKEY_USERS Uninstall List ==========

 

[HKEY_USERS\S-1-5-21-2060105697-235347385-2913916759-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{79A765E1-C399-405B-85AF-466F52E918B0}" = Avira SearchFree Toolbar plus Web Protection Updater

 
 ========== Last 20 Event Log Errors ==========

 

[ Application Events ]

Error - 21.10.2012 12:35:57 | Computer Name = derneuste-PC | Source = Microsoft-Windows-LoadPerf | ID = 3011

Description = Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren

 für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich.

 

Error - 21.10.2012 12:36:01 | Computer Name = derneuste-PC | Source = Microsoft-Windows-LoadPerf | ID = 3002

Description = Der Textzeichenfolgenwert zur Beschreibung des Leistungsindikators

 in der Registrierung ist falsch formatiert. Die falsch formatierte Zeichenfolge

 ist "??A ". Das erste DWORD im Datenbereich enthält den Indexwert für die falsch

 formatierte Zeichenfolge, während das zweite und dritte DWORD im Datenbereich die

 letzten gültigen Indexwerte enthalten.

 

Error - 21.10.2012 12:52:39 | Computer Name = derneuste-PC | Source = WinMgmt | ID = 10

Description = 

 

Error - 21.10.2012 12:57:08 | Computer Name = derneuste-PC | Source = WinMgmt | ID = 10

Description = 

 

Error - 21.10.2012 13:03:05 | Computer Name = derneuste-PC | Source = Microsoft-Windows-LoadPerf | ID = 3002

Description = Der Textzeichenfolgenwert zur Beschreibung des Leistungsindikators

 in der Registrierung ist falsch formatiert. Die falsch formatierte Zeichenfolge

 ist "??A ". Das erste DWORD im Datenbereich enthält den Indexwert für die falsch

 formatierte Zeichenfolge, während das zweite und dritte DWORD im Datenbereich die

 letzten gültigen Indexwerte enthalten.

 

Error - 21.10.2012 13:44:01 | Computer Name = derneuste-PC | Source = Bonjour Service | ID = 100

Description = 

 

Error - 21.10.2012 13:44:01 | Computer Name = derneuste-PC | Source = Bonjour Service | ID = 100

Description = 

 

Error - 21.10.2012 13:45:08 | Computer Name = derneuste-PC | Source = WinMgmt | ID = 10

Description = 

 

Error - 21.10.2012 13:48:38 | Computer Name = derneuste-PC | Source = Microsoft-Windows-LoadPerf | ID = 3002

Description = Der Textzeichenfolgenwert zur Beschreibung des Leistungsindikators

 in der Registrierung ist falsch formatiert. Die falsch formatierte Zeichenfolge

 ist "??A ". Das erste DWORD im Datenbereich enthält den Indexwert für die falsch

 formatierte Zeichenfolge, während das zweite und dritte DWORD im Datenbereich die

 letzten gültigen Indexwerte enthalten.

 

Error - 21.10.2012 16:07:27 | Computer Name = derneuste-PC | Source = Windows Backup | ID = 4104

Description = 

 

[ OSession Events ]

Error - 01.09.2012 10:38:49 | Computer Name = derneuste-PC | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:

 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 8265

 seconds with 0 seconds of active time.  This session ended with a crash.

 

[ System Events ]

Error - 25.10.2012 21:49:37 | Computer Name = derneuste-PC | Source = Service Control Manager | ID = 7001

Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der

 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068

 

Error - 25.10.2012 21:49:37 | Computer Name = derneuste-PC | Source = Service Control Manager | ID = 7001

Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der

 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068

 

Error - 25.10.2012 21:49:37 | Computer Name = derneuste-PC | Source = Service Control Manager | ID = 7001

Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der

 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068

 

Error - 25.10.2012 21:54:37 | Computer Name = derneuste-PC | Source = Service Control Manager | ID = 7001

Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der

 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068

 

Error - 25.10.2012 21:54:37 | Computer Name = derneuste-PC | Source = Service Control Manager | ID = 7001

Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der

 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068

 

Error - 25.10.2012 21:54:37 | Computer Name = derneuste-PC | Source = Service Control Manager | ID = 7001

Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der

 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068

 

Error - 25.10.2012 21:56:45 | Computer Name = derneuste-PC | Source = Service Control Manager | ID = 7001

Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der

 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068

 

Error - 25.10.2012 21:56:45 | Computer Name = derneuste-PC | Source = Service Control Manager | ID = 7001

Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der

 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068

 

Error - 25.10.2012 21:56:45 | Computer Name = derneuste-PC | Source = Service Control Manager | ID = 7001

Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der

 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068

 

Error - 30.10.2012 13:32:14 | Computer Name = derneuste-PC | Source = WMPNetworkSvc | ID = 866300

Description = 

 

 

< End of report >

Code:

PRC - C:\Programme\AVAST Software\Avast\AvastSvc.exe (AVAST Software)

PRC - E:\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)

Warum bitte AntiVir und Avast gleichtzeitig? :wtf:
Bitte sowas unbedingt sein lassen, Avast und AntVir werden sich irgendwann in die Quere kommen. Verwende immer nur einen Virenscanner mit Hintergrundwächter und nicht mehr! Wenn du dir zusätzliche "Meinungen" einholen willst, dann verwende Malwarebytes Free oder den Online Scanner von ESET.

Bitte einen der beiden umgehend deinstallieren! Ich würde dir empfehlen, Avast zu behalten.

Warum eigentlich hast du Avira nach E: installiert? Welchen Vorteil soll es bringen, Programme woanders hin zu installieren? :confused:

Ansonsten ist das Log nun soweit unauffällig. Aber Toolbars/Adware sollten wir noch entfernen.
Führe bitte nach der Deinstallation des überflüssigen Virenscanners den adwCleaner aus:

adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren

Downloade Dir bitte AdwCleaner auf deinen Desktop.

Falls der adwCleaner schon mal in der runtergeladen wurde, bitte die alte adwcleaner.exe löschen und neu runterladen!!

Starte die adwcleaner.exe mit einem Doppelklick.
Klicke auf Suche.
Nach Ende des Suchlaufs öffnet sich eine Textdatei.
Poste mir den Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner[Rx].txt. (x=fortlaufende Nummer)

Hallo Cosinus,
ich habe in den letzten Tagen/Wochen meinen (Avira) Virenscanner immer wiedre drüber laufen lassen. Ohne (Be-)Fund.
Die ganzen Tools von Dir haben immer wieder was gefunden.
Da ist mein Vertrauen in Avira geschrumpft und ich habe mich mal nach Avast umgeschaut.
Jetzt läuft AVASt fast jeden Tag komplett übers System.
Wollte AVIRA schon deinstallieren, habe aber eine Einstellung bei AVAST gesehen (kannte ich ich bisher auch nicht) , die eine paralle Installation von zwei Antivirusprogrammen erlaubt. Und zum Testen kann es nicht schaden... so meine Theorie.
Werde Avira deinstallieren, Deinen Eset /Malwarebyte Rat befolgen und Avast behalten.

Habe meine Festplatten so partioniert, dass ich sas BS und BS-nahe-Programme auf C, Daten auf D und übrigen Programme auf E habe.
Der Übersicht wegen ....

PS: Habe mir zur Sicherheit eine grosse Intenso (1TB) gekauft um, wenn das System dann endlich mal virenfrei ist, alle unwiederbringllichen Daten und sämtliche folgenden Sicherungen auf einer FP zu haben. Leider erkennt das WIndows-System die Festplatte, wie auch gestern diverse USB Sticks nicht, bzw. kann die Treiber nicht installieren.
Kann das was mit den Viren zu tun haben ?

Gruss und wieder vielen dank.

Melde mich wenn ich da mit dem Avira und dem adwCleaner gemacht habe...

Zitat:

Habe meine Festplatten so partioniert, dass ich sas BS und BS-nahe-Programme auf C, Daten auf D und übrigen Programme auf E habe.
Der Übersicht wegen ....

Und welchen Sinn macht das? Warum soll das übersichtlicher sein?
Das ist eher mehr Chaos wenn ein Teil der Programme auf C und ein anderer Teil auf D oder E liegt
Zudem schriebt jedes installierte Programm so oder so etwas in die Systempartition rein, völlig egal wohin man es installiert
Solltest du Windows mal neu installieren müssen und nur C formatieren, so kannst du die damals auf den anderen Laufwerken installierten Programme eh nicht nutzen, die müssen neu installiert werden

Zitat:

Leider erkennt das WIndows-System die Festplatte, wie auch gestern diverse USB Sticks nicht, bzw. kann die Treiber nicht installieren.

"Erkennt nicht" ist eine sehr dürftige Beschreibung
Für externe USB-Platten werden keine Treiber benötigt
Überprüf, ob die neue USB-Platte in der Datenträgervewaltung gelistet wird - wenn ja, dann stelle sicher, dass sie auch partitioniert und formatiert (NTFS) ist sowie ein Laufwerksbuchstabe zugewiesen ist.

Hallo Cosinus,

bei installierten Programmen gebe ich Dir absolut recht. Auch hat mich der ungleich verteilte Festplattenplatz auf meinen Partitionen auch schon zum Überdenken dieser Aufteilung gebracht. Progarmme die sich nicht in die Registry schreiben sollten aber nach einer C-Formatierung dennoch von E aus laufen, wenn ich damals im Unterricht richtig aufgepasst habe..., oder ?

Die Festplatte und diverse Sticks tauchen nirgendwo auf, weder in der Verwaltung noch im Win-Explorer. Ein Laufwerksbuchstabenzuweisung oder eine Formatierung war daher nicht möglich.
Habe auch beide Stecker des y-Kabels versucht- kein Erfolg.
Habe heute andere PCs (1x XP und 2x Win 7) ausprobiert, Gerätetreiber Anhang 45912 wurden installiert und die Festplatte war ansprech- und sichtbar...
Liegt als nicht an der Festplatte ...

Meinst Du ich kann mein System komplett sichern (wenn es denn mal mit der neuen FP klappt), Windows neu installieren und alles zurücksichern, ohne mir einen Virus von der Sicherung erneut auf das System zu kopieern ?

Gruss
Derzapfer

Zitat:

Progarmme die sich nicht in die Registry schreiben sollten aber nach einer C-Formatierung dennoch von E aus laufen, wenn ich damals im Unterricht richtig aufgepasst habe..., oder ?

Und wie willst du das genau wissen welches Programm ohne erneute Installation einfach so weiterläuft? Willst du einfach alles ausprobieren oder wie? :confused:
Sinn würde das NUR machen, wenn man sicher ist, das auf der Non-Systempartition ein Programmordner nur rein mit portable Apps bestückt ist

Zitat:

Meinst Du ich kann mein System komplett sichern (wenn es denn mal mit der neuen FP klappt), Windows neu installieren und alles zurücksichern, ohne mir einen Virus von der Sicherung erneut auf das System zu kopieern ?

Vllt erstmal versuchen die Chipsatztreiber /Treiber für das Mainboard zu installieren?

Hi Cosinus
Werde ich machen ...

Melde mich so schnell wie möglich, wenn ich Chipsatz- und Motherboardinfos gefunden habe um die Treiber installieren zu können.

Dank und Gruss
Derzapfer

Hi Cosinus,

was weiss die Welt jetzt nach den ganzen Posts über mich und mein PC ?
(Ich habe das Gefühl unwissend und blauäugig die Hosen runtergelassen zu haben)

Code:

# AdwCleaner v2.006 - Datei am 05/11/2012 um 18:47:55 erstellt

# Aktualisiert am 30/10/2012 von Xplode

# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)

# Benutzer : xxx- xxx

# Bootmodus : Normal

# Ausgeführt unter : C:\Users\derneuste\Desktop\Virensuchprogramme zT alt\adwcleaner.exe

# Option [Suche]
 
 

**** [Dienste] ****
 
 

***** [Dateien / Ordner] *****
 

Datei Gefunden : C:\Program Files (x86)\Mozilla FireFox\searchplugins\Search_Results.xml

Datei Gefunden : C:\Users\derneuste\AppData\Roaming\Mozilla\Firefox\Profiles\rnt99qkn.default\searchplugins\Askcom.xml

Datei Gefunden : C:\Users\derneuste\AppData\Roaming\Mozilla\Firefox\Profiles\rnt99qkn.default\searchplugins\Search_Results.xml

Datei Gefunden : C:\Users\derneuste\AppData\Roaming\Mozilla\Firefox\Profiles\rnt99qkn.default\searchplugins\SweetIm.xml

Datei Gefunden : C:\Users\derneuste\Desktop\Search The Web.url

Datei Gefunden : C:\Users\derneuste\Desktop\sweetpcfix.url

Ordner Gefunden : C:\Program Files (x86)\Ask.com

Ordner Gefunden : C:\Program Files (x86)\SweetIM

Ordner Gefunden : C:\ProgramData\boost_interprocess

Ordner Gefunden : C:\Users\DERNEU~1\AppData\Local\Temp\AskSearch

Ordner Gefunden : C:\Users\derneuste\AppData\LocalLow\AskToolbar

Ordner Gefunden : C:\Users\derneuste\AppData\Roaming\Mozilla\Firefox\Profiles\rnt99qkn.default\extensions\toolbar@ask.com

Ordner Gefunden : C:\Users\derneuste\AppData\Roaming\OpenCandy

Ordner Gefunden : C:\Users\Gast\AppData\LocalLow\AskToolbar

Ordner Gefunden : C:\Users\Itunes_Juliana\AppData\LocalLow\AskToolbar

Ordner Gefunden : C:\windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
 

***** [Registrierungsdatenbank] *****
 

Daten Gefunden : HKLM\..\Windows [AppInit_DLLs] = C:\PROGRA~2\IMESHA~1\Mediabar\Datamngr\datamngr.dll

Daten Gefunden : HKLM\..\Windows [AppInit_DLLs] = C:\PROGRA~2\IMESHA~1\Mediabar\Datamngr\IEBHO.dll

Schlüssel Gefunden : HKCU\Software\APN

Schlüssel Gefunden : HKCU\Software\APN DTX

Schlüssel Gefunden : HKCU\Software\AppDataLow\Software

Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\AskToolbar

Schlüssel Gefunden : HKCU\Software\Ask.com

Schlüssel Gefunden : HKCU\Software\Ask.com.tmp

Schlüssel Gefunden : HKCU\Software\DataMngr

Schlüssel Gefunden : HKCU\Software\DataMngr_Toolbar

Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}

Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{BE7A24F5-69CB-4708-B77B-B1EDA6043B95}

Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{BFF6B2CA-366C-4A90-B685-D87776DEB0D2}

Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}

Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BE7A24F5-69CB-4708-B77B-B1EDA6043B95}

Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BFF6B2CA-366C-4A90-B685-D87776DEB0D2}

Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}

Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}

Schlüssel Gefunden : HKCU\Software\Softonic

Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}

Schlüssel Gefunden : HKLM\Software\APN

Schlüssel Gefunden : HKLM\Software\AskToolbar

Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}

Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL

Schlüssel Gefunden : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd

Schlüssel Gefunden : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1

Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF

Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF

Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}

Schlüssel Gefunden : HKLM\Software\DataMngr

Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}

Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{474597C5-AB09-49D6-A4D5-2E8D7341384E}

Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{BFF6B2CA-366C-4A90-B685-D87776DEB0D2}

Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}

Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}

Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}

Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}

Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}

Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BFF6B2CA-366C-4A90-B685-D87776DEB0D2}

Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}

Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BFF6B2CA-366C-4A90-B685-D87776DEB0D2}

Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}

Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{474597C5-AB09-49D6-A4D5-2E8D7341384E}

Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{BE7A24F5-69CB-4708-B77B-B1EDA6043B95}

Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}

Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}

Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}

Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}

Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BE7A24F5-69CB-4708-B77B-B1EDA6043B95}

Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF

Schlüssel Gefunden : HKU\S-1-5-21-2060105697-235347385-2913916759-1001\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}

Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{00000000-6E41-4FD3-8538-502F5495E5FC}]

Wert Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater]

Wert Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [DataMngr]

Wert Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [Sweetpacks Communicator]

Wert Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{BFF6B2CA-366C-4A90-B685-D87776DEB0D2}]

Wert Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]
 

***** [Internet Browser] *****
 

-\\ Internet Explorer v9.0.8112.16421
 

[HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.imesh.net
 

-\\ Mozilla Firefox v16.0.2 (de)
 

Profilname : default 

Datei : C:\Users\derneuste\AppData\Roaming\Mozilla\Firefox\Profiles\rnt99qkn.default\prefs.js
 

Gefunden : user_pref("browser.search.defaultengine", "Ask.com");

Gefunden : user_pref("browser.search.defaultenginename", "Ask.com");

Gefunden : user_pref("browser.search.order.1", "Ask.com");

Gefunden : user_pref("browser.search.selectedEngine", "Ask.com");

Gefunden : user_pref("extensions.asktb.InstallDir", "C:\\Program Files (x86)\\Ask.com\\");

Gefunden : user_pref("extensions.asktb.apn_dbr", "ff_16.0.2");

Gefunden : user_pref("extensions.asktb.cbid", "^ABT");

Gefunden : user_pref("extensions.asktb.config-updated", false);

Gefunden : user_pref("extensions.asktb.crumb", "2012.11.04+05.33.31-toolbar009iad-DE-RG9ydG11bmQsR2VybWFueQ%3D%[...]

Gefunden : user_pref("extensions.asktb.default-channel-url-mask", "hxxp://avira-int.ask.com/web?q={query}&qsrc=[...]

Gefunden : user_pref("extensions.asktb.domain", "avira-int.ask.com");

Gefunden : user_pref("extensions.asktb.domainName", "avira-int.ask.com");

Gefunden : user_pref("extensions.asktb.dtid", "^YYYYYY^YY^DE");

Gefunden : user_pref("extensions.asktb.ff-original-keyword-url", "hxxp://dts.search-results.com/sr?src=ffb&gct=[...]

Gefunden : user_pref("extensions.asktb.first-restart-after-config-update", true);

Gefunden : user_pref("extensions.asktb.fresh-install", false);

Gefunden : user_pref("extensions.asktb.guid", "44a357d9-393a-40f1-b0d6-cd7765c20ae9");

Gefunden : user_pref("extensions.asktb.hxxp-header-whitelist-hosts", "[\"static-dev.en.dev.ask.com\", \"ask.com[...]

Gefunden : user_pref("extensions.asktb.if", "first");

Gefunden : user_pref("extensions.asktb.l", "dis");

Gefunden : user_pref("extensions.asktb.last-config-req", "1352137545356");

Gefunden : user_pref("extensions.asktb.locale", "de_DE");

Gefunden : user_pref("extensions.asktb.localePref", true);

Gefunden : user_pref("extensions.asktb.location", "Dortmund,Germany");

Gefunden : user_pref("extensions.asktb.notification-shown", true);

Gefunden : user_pref("extensions.asktb.o", "APN10395");

Gefunden : user_pref("extensions.asktb.overlay-reloaded-using-restart", true);

Gefunden : user_pref("extensions.asktb.qsrc", "2871");

Gefunden : user_pref("extensions.asktb.r", "2");

Gefunden : user_pref("extensions.asktb.sa", "YES");

Gefunden : user_pref("extensions.asktb.saguid", "8B05E438-3C3B-4CAF-9782-6361CCDB8502");

Gefunden : user_pref("extensions.asktb.search-suggestions-enabled", true);

Gefunden : user_pref("extensions.asktb.silent-upgrade-from-pre-newtabs-build", false);

Gefunden : user_pref("extensions.asktb.socialmini-native-on", true);

Gefunden : user_pref("extensions.asktb.themeid", "");

Gefunden : user_pref("extensions.asktb.timeinstalled", "04.11.2012 14:34:27");

Gefunden : user_pref("extensions.asktb.to", "");

Gefunden : user_pref("extensions.asktb.v", "3.15.4.100015");

Gefunden : user_pref("extensions.asktb.version", "5.15.4.23930");

Gefunden : user_pref("extensions.enabledAddons", "{1FD91A9C-410C-4090-BBCC-55D3450EF433}:1.0,wrc@avast.com:7.0.[...]

Gefunden : user_pref("keyword.URL", "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=AVR-3&o=APN10395&loc[...]
 

Profilname : default 

Datei : C:\Users\Itunes_Juliana\AppData\Roaming\Mozilla\Firefox\Profiles\33wl3otb.default\prefs.js
 

Gefunden : user_pref("browser.search.selectedEngine", "Ask.com");

Gefunden : user_pref("browser.search.order.1", "Ask.com");

Gefunden : user_pref("browser.search.defaultengine", "Ask.com");

Gefunden : user_pref("browser.search.defaultenginename", "Ask.com");

Gefunden : user_pref("keyword.URL", "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=AVR-3&o=APN10395&loc[...]

Gefunden : user_pref("extensions.asktb.ff-original-keyword-url", "");
 

Profilname : default 

Datei : C:\Users\Gast\AppData\Roaming\Mozilla\Firefox\Profiles\kpdwgzwt.default\prefs.js
 

Gefunden : user_pref("browser.search.selectedEngine", "Ask.com");

Gefunden : user_pref("browser.search.order.1", "Ask.com");

Gefunden : user_pref("browser.search.defaultengine", "Ask.com");

Gefunden : user_pref("browser.search.defaultenginename", "Ask.com");

Gefunden : user_pref("keyword.URL", "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=AVR-3&o=APN10395&loc[...]

Gefunden : user_pref("extensions.asktb.ff-original-keyword-url", "");
 

*************************
 

AdwCleaner[R1].txt - [11934 octets] - [05/11/2012 18:47:55]
 

########## EOF - C:\AdwCleaner[R1].txt - [11995 octets] ##########

Gruss derZapfer

PS: Wann löschen wir die gefundenen Programme und Viren eigentlich ?

Zitat:

PS: Wann löschen wir die gefundenen Programme und Viren eigentlich ?

Hast du den Strang irgendwie nicht verfolgt?!
Die anderen Logs waren unauffällig, was gibt es da zu löschen?
Und das Log vom adwCleaner hast du eben erst gerade gepostet!

adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen

Schließe alle offenen Programme und Browser.
Starte die adwcleaner.exe mit einem Doppelklick.
Klicke auf Löschen.
Bestätige jeweils mit Ok.
Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
Poste mir den Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner[Sx].txt. (x=fortlaufende Nummer)

Hi Cosinus,

ich habe so ein wenig den Überblick verloren bei all den Schädlingssuchprogrammen die ich habe, auf deine anraten hin, laufen lassen. Meine aber da wäre das eine oder andere Mal gewesen, wo Du schrobst, ich solle nichts löschen, wo aber ein Fund gewesen sei... ich hoffe das war verständlich :-)...
LG und danke ...
derzapfer

Code:

# AdwCleaner v2.005 - Datei am 06/11/2012 um 19:44:13 erstellt

# Aktualisiert am 14/10/2012 von Xplode

# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)

# Benutzer : xxx- DERNEUSTE-PC

# Bootmodus : Normal

# Ausgeführt unter : C:\Users\xxx\Downloads\AdwCleaner2005.exe

# Option [Löschen]
 
 

**** [Dienste] ****
 
 

***** [Dateien / Ordner] *****
 

Datei Gelöscht : C:\Program Files (x86)\Mozilla FireFox\searchplugins\Search_Results.xml

Datei Gelöscht : C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\rnt99qkn.default\searchplugins\Askcom.xml

Datei Gelöscht : C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\rnt99qkn.default\searchplugins\Search_Results.xml

Datei Gelöscht : C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\rnt99qkn.default\searchplugins\SweetIm.xml

Datei Gelöscht : C:\Users\xxx\Desktop\Search The Web.url

Datei Gelöscht : C:\Users\xxx\Desktop\sweetpcfix.url

Ordner Gelöscht : C:\Program Files (x86)\Ask.com

Ordner Gelöscht : C:\Program Files (x86)\SweetIM

Ordner Gelöscht : C:\ProgramData\boost_interprocess

Ordner Gelöscht : C:\Users\xxx~1\AppData\Local\Temp\AskSearch

Ordner Gelöscht : C:\Users\xxx\AppData\LocalLow\AskToolbar

Ordner Gelöscht : C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\rnt99qkn.default\extensions\toolbar@ask.com

Ordner Gelöscht : C:\Users\xxx\AppData\Roaming\OpenCandy

Ordner Gelöscht : C:\Users\Gast\AppData\LocalLow\AskToolbar

Ordner Gelöscht : C:\Users\Itunes_Juliana\AppData\LocalLow\AskToolbar

Ordner Gelöscht : C:\windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
 

***** [Registrierungsdatenbank] *****
 

Daten Gelöscht : HKLM\..\Windows [AppInit_DLLs] = C:\PROGRA~2\IMESHA~1\Mediabar\Datamngr\datamngr.dll C:\PROGRA~2\IMESHA~1\Mediabar\Datamngr\IEBHO.dll

Schlüssel Gelöscht : HKCU\Software\APN

Schlüssel Gelöscht : HKCU\Software\APN DTX

Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\AskToolbar

Schlüssel Gelöscht : HKCU\Software\Ask.com

Schlüssel Gelöscht : HKCU\Software\Ask.com.tmp

Schlüssel Gelöscht : HKCU\Software\DataMngr

Schlüssel Gelöscht : HKCU\Software\DataMngr_Toolbar

Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}

Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{BE7A24F5-69CB-4708-B77B-B1EDA6043B95}

Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}

Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BE7A24F5-69CB-4708-B77B-B1EDA6043B95}

Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}

Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}

Schlüssel Gelöscht : HKCU\Software\Softonic

Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}

Schlüssel Gelöscht : HKLM\Software\APN

Schlüssel Gelöscht : HKLM\Software\AskToolbar

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}

Schlüssel Gelöscht : HKLM\Software\DataMngr

Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}

Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{474597C5-AB09-49D6-A4D5-2E8D7341384E}

Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}

Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}

Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}

Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}

Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}

Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}

Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}

Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}

Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{474597C5-AB09-49D6-A4D5-2E8D7341384E}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{BE7A24F5-69CB-4708-B77B-B1EDA6043B95}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BE7A24F5-69CB-4708-B77B-B1EDA6043B95}

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF

Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{00000000-6E41-4FD3-8538-502F5495E5FC}]

Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater]

Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [DataMngr]

Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [Sweetpacks Communicator]

Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]
 

***** [Internet Browser] *****
 

-\\ Internet Explorer v9.0.8112.16421
 

Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.imesh.net --> hxxp://www.google.com
 

-\\ Mozilla Firefox v16.0.2 (de)
 

Profilname : default 

Datei : C:\Users\derneuste\AppData\Roaming\Mozilla\Firefox\Profiles\rnt99qkn.default\prefs.js
 

Gelöscht : user_pref("browser.search.defaultengine", "Ask.com");

Gelöscht : user_pref("browser.search.defaultenginename", "Ask.com");

Gelöscht : user_pref("browser.search.order.1", "Ask.com");

Gelöscht : user_pref("browser.search.selectedEngine", "Ask.com");

Gelöscht : user_pref("extensions.asktb.InstallDir", "C:\\Program Files (x86)\\Ask.com\\");

Gelöscht : user_pref("extensions.asktb.apn_dbr", "ff_16.0.2");

Gelöscht : user_pref("extensions.asktb.cbid", "^ABT");

Gelöscht : user_pref("extensions.asktb.config-updated", false);

Gelöscht : user_pref("extensions.asktb.crumb", "2012.11.04+05.33.31-toolbar009iad-DE-RG9ydG11bmQsR2VybWFueQ%3D%[...]

Gelöscht : user_pref("extensions.asktb.default-channel-url-mask", "hxxp://avira-int.ask.com/web?q={query}&qsrc=[...]

Gelöscht : user_pref("extensions.asktb.domain", "avira-int.ask.com");

Gelöscht : user_pref("extensions.asktb.domainName", "avira-int.ask.com");

Gelöscht : user_pref("extensions.asktb.dtid", "^YYYYYY^YY^DE");

Gelöscht : user_pref("extensions.asktb.ff-original-keyword-url", "hxxp://dts.search-results.com/sr?src=ffb&gct=[...]

Gelöscht : user_pref("extensions.asktb.fresh-install", false);

Gelöscht : user_pref("extensions.asktb.guid", "44a357d9-393a-40f1-b0d6-cd7765c20ae9");

Gelöscht : user_pref("extensions.asktb.hxxp-header-whitelist-hosts", "[\"static-dev.en.dev.ask.com\", \"ask.com[...]

Gelöscht : user_pref("extensions.asktb.if", "first");

Gelöscht : user_pref("extensions.asktb.l", "dis");

Gelöscht : user_pref("extensions.asktb.last-config-req", "1352141241128");

Gelöscht : user_pref("extensions.asktb.locale", "de_DE");

Gelöscht : user_pref("extensions.asktb.localePref", true);

Gelöscht : user_pref("extensions.asktb.location", "Dortmund,Germany");

Gelöscht : user_pref("extensions.asktb.notification-shown", true);

Gelöscht : user_pref("extensions.asktb.o", "APN10395");

Gelöscht : user_pref("extensions.asktb.overlay-reloaded-using-restart", true);

Gelöscht : user_pref("extensions.asktb.qsrc", "2871");

Gelöscht : user_pref("extensions.asktb.r", "2");

Gelöscht : user_pref("extensions.asktb.sa", "YES");

Gelöscht : user_pref("extensions.asktb.saguid", "8B05E438-3C3B-4CAF-9782-6361CCDB8502");

Gelöscht : user_pref("extensions.asktb.search-suggestions-enabled", true);

Gelöscht : user_pref("extensions.asktb.silent-upgrade-from-pre-newtabs-build", false);

Gelöscht : user_pref("extensions.asktb.socialmini-native-on", true);

Gelöscht : user_pref("extensions.asktb.themeid", "");

Gelöscht : user_pref("extensions.asktb.timeinstalled", "04.11.2012 14:34:27");

Gelöscht : user_pref("extensions.asktb.to", "");

Gelöscht : user_pref("extensions.asktb.v", "3.15.4.100015");

Gelöscht : user_pref("extensions.asktb.version", "5.15.4.23930");

Gelöscht : user_pref("extensions.enabledAddons", "{1FD91A9C-410C-4090-BBCC-55D3450EF433}:1.0,wrc@avast.com:7.0.[...]

Gelöscht : user_pref("keyword.URL", "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=AVR-3&o=APN10395&loc[...]
 

Profilname : default 

Datei : C:\Users\Itunes_Juliana\AppData\Roaming\Mozilla\Firefox\Profiles\33wl3otb.default\prefs.js
 

Gelöscht : user_pref("browser.search.selectedEngine", "Ask.com");

Gelöscht : user_pref("browser.search.order.1", "Ask.com");

Gelöscht : user_pref("browser.search.defaultengine", "Ask.com");

Gelöscht : user_pref("browser.search.defaultenginename", "Ask.com");

Gelöscht : user_pref("keyword.URL", "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=AVR-3&o=APN10395&loc[...]

Gelöscht : user_pref("extensions.asktb.ff-original-keyword-url", "");
 

Profilname : default 

Datei : C:\Users\Gast\AppData\Roaming\Mozilla\Firefox\Profiles\kpdwgzwt.default\prefs.js
 

Gelöscht : user_pref("browser.search.selectedEngine", "Ask.com");

Gelöscht : user_pref("browser.search.order.1", "Ask.com");

Gelöscht : user_pref("browser.search.defaultengine", "Ask.com");

Gelöscht : user_pref("browser.search.defaultenginename", "Ask.com");

Gelöscht : user_pref("keyword.URL", "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=AVR-3&o=APN10395&loc[...]

Gelöscht : user_pref("extensions.asktb.ff-original-keyword-url", "");
 

*************************
 

AdwCleaner[R1].txt - [12047 octets] - [05/11/2012 18:47:55]

AdwCleaner[R2].txt - [12108 octets] - [05/11/2012 18:52:45]

AdwCleaner[S1].txt - [11217 octets] - [06/11/2012 19:44:13]
 

########## EOF - C:\AdwCleaner[S1].txt - [11278 octets] ##########

Zitat:

ich habe so ein wenig den Überblick verloren bei all den Schädlingssuchprogrammen die ich habe,

Du machst auch nicht das was in meinen Anleitungen steht! :(

Zitat:

# Ausgeführt unter : C:\Users\xxx\Downloads\AdwCleaner2005.exe

Der adwClaner sollte auf den Desktop, damit einfach eine alte Version beim nächsten Download überschrieben werden kann! Du hälst dich aber nicht dran und legst es woanders ab!

Werde die Datei auf den Desktop legen...
Das Scanergebnis wird das wohl aber nicht beeinflusst haben!!

Gruss dz

Ja du hast aber eine alte Version vom adwCleaner deswegen benutzt!
Bitte lösche alle adwcleaner-Dateien!

Bitte mal den aktuellen adwCleaner v2.007 runterladen, also die alte adwcleaner löschen und neu runterladen

adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren

Downloade Dir bitte AdwCleaner auf deinen Desktop.

Falls der adwCleaner schon mal in der runtergeladen wurde, bitte die alte adwcleaner.exe löschen und neu runterladen!!

Starte die adwcleaner.exe mit einem Doppelklick.
Klicke auf Suche.
Nach Ende des Suchlaufs öffnet sich eine Textdatei.
Poste mir den Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner[Rx].txt. (x=fortlaufende Nummer)

Morgen Cosinus,

hier das log mit dem neuen Programm...

Gruss
dz

Code:

# AdwCleaner v2.007 - Datei am 06/11/2012 um 22:36:57 erstellt

# Aktualisiert am 06/11/2012 von Xplode

# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)

# Benutzer : xxx

# Bootmodus : Normal

# Ausgeführt unter : C:\Users\xxx\Desktop\Virensuchprogramme zT alt\adwcleaner.exe

# Option [Löschen]
 
 

**** [Dienste] ****
 
 

***** [Dateien / Ordner] *****
 

Ordner Gelöscht : C:\Program Files (x86)\Ask.com
 

***** [Registrierungsdatenbank] *****
 

Schlüssel Gelöscht : HKCU\Software\Ask.com.tmp

Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{BFF6B2CA-366C-4A90-B685-D87776DEB0D2}

Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BFF6B2CA-366C-4A90-B685-D87776DEB0D2}

Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{BFF6B2CA-366C-4A90-B685-D87776DEB0D2}

Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BFF6B2CA-366C-4A90-B685-D87776DEB0D2}

Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BFF6B2CA-366C-4A90-B685-D87776DEB0D2}

Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{BFF6B2CA-366C-4A90-B685-D87776DEB0D2}]
 

***** [Internet Browser] *****
 

-\\ Internet Explorer v9.0.8112.16421
 

[OK] Die Registrierungsdatenbank ist sauber.
 

-\\ Mozilla Firefox v16.0.2 (de)
 

Profilname : default 

Datei : C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\rnt99qkn.default\prefs.js
 

[OK] Die Datei ist sauber.
 

Profilname : default 

Datei : C:\Users\yyy\AppData\Roaming\Mozilla\Firefox\Profiles\33wl3otb.default\prefs.js
 

[OK] Die Datei ist sauber.
 

Profilname : default 

Datei : C:\Users\Gast\AppData\Roaming\Mozilla\Firefox\Profiles\kpdwgzwt.default\prefs.js
 

[OK] Die Datei ist sauber.
 

*************************
 

AdwCleaner[R1].txt - [12047 octets] - [05/11/2012 18:47:55]

AdwCleaner[R2].txt - [12108 octets] - [05/11/2012 18:52:45]

AdwCleaner[S1].txt - [11328 octets] - [06/11/2012 19:44:13]

AdwCleaner[S2].txt - [2125 octets] - [06/11/2012 22:36:57]
 

########## EOF - C:\AdwCleaner[S2].txt - [2185 octets] ##########

Eine Kontrolle mit OTL bitte:

Doppelklick auf die OTL.exe
Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
Setze oben mittig den Haken bei Scanne alle Benutzer
Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
Unter Extra Registry, wähle bitte Use SafeList
Klicke nun auf Run Scan links oben
Wenn der Scan beendet wurde werden 2 Logfiles erstellt
Poste die Logfiles hier in CODE-Tags in den Thread.

Hallo Cosinus,

haben wir das nihct schon mal gemacht ?
Hier das neue posting
otl

Code:

OTL logfile created on: 07.11.2012 19:52:28 - Run 3

OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\derneuste\Desktop\Virensuchprogramme zT alt

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

3,50 Gb Total Physical Memory | 2,20 Gb Available Physical Memory | 62,82% Memory free

6,99 Gb Paging File | 5,46 Gb Available in Paging File | 78,09% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 467,66 Gb Total Space | 336,62 Gb Free Space | 71,98% Space Free | Partition Type: NTFS

Drive E: | 244,14 Gb Total Space | 175,88 Gb Free Space | 72,04% Space Free | Partition Type: NTFS

Drive J: | 204,71 Gb Total Space | 50,67 Gb Free Space | 24,75% Space Free | Partition Type: NTFS

Drive L: | 298,01 Gb Total Space | 150,59 Gb Free Space | 50,53% Space Free | Partition Type: FAT32

 

Computer Name: DERNEUSTE-PC | User Name: derneuste | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - C:\Users\derneuste\Desktop\Virensuchprogramme zT alt\OTL(1).exe (OldTimer Tools)

PRC - C:\Programme\AVAST Software\Avast\AvastUI.exe (AVAST Software)

PRC - C:\Programme\AVAST Software\Avast\AvastSvc.exe (AVAST Software)

PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)

PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)

PRC - E:\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)

PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)

PRC - E:\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)

PRC - E:\Avira\AntiVir Desktop\avwebgrd.exe (Avira Operations GmbH & Co. KG)

PRC - E:\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)

PRC - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)

 

 
 ========== Modules (No Company Name) ==========

 

MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()

MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()

MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()

MOD - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL ()

MOD - C:\PROGRA~2\MICROS~1\Office12\ADDINS\UMOUTL~1.DLL ()

MOD - C:\PROGRA~2\MICROS~1\Office12\OUTLCTL.DLL ()

MOD - C:\PROGRA~2\MICROS~1\Office12\ADDINS\COLLEA~1.DLL ()

 

 
 ========== Services (SafeList) ==========

 

SRV:64bit: - (AMD FUEL Service) -- c:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.)

SRV - (avast! Antivirus) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe (AVAST Software)

SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)

SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)

SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)

SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)

SRV - (AntiVirSchedulerService) -- E:\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)

SRV - (AntiVirWebService) -- E:\Avira\AntiVir Desktop\avwebgrd.exe (Avira Operations GmbH & Co. KG)

SRV - (AntiVirService) -- E:\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)

SRV - (NitroReaderDriverReadSpool2) -- C:\Programme\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe (Nitro PDF Software)

SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)

SRV - (wlcrasvc) -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)

SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)

SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV:64bit: - (aswSnx) -- C:\windows\SysNative\drivers\aswSnx.sys (AVAST Software)

DRV:64bit: - (aswSP) -- C:\windows\SysNative\drivers\aswSP.sys (AVAST Software)

DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (AVAST Software)

DRV:64bit: - (aswFsBlk) -- C:\windows\SysNative\drivers\aswFsBlk.sys (AVAST Software)

DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)

DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)

DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)

DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)

DRV:64bit: - (Fs_Rec) -- C:\windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)

DRV:64bit: - (inpoutx64) -- C:\Windows\SysNative\drivers\inpoutx64.sys (Highresolution Enterprises [www.highrez.co.uk])

DRV:64bit: - (RTHDMIAzAudService) -- C:\Windows\SysNative\drivers\RtHDMIVX.sys (Realtek Semiconductor Corp.)

DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )

DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH)

DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (Renesas Electronics Corporation)

DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (Renesas Electronics Corporation)

DRV:64bit: - (Netaapl) -- C:\Windows\SysNative\drivers\netaapl64.sys (Apple Inc.)

DRV:64bit: - (ahcix64s) -- C:\Windows\SysNative\drivers\ahcix64s.sys (Advanced Micro Devices, Inc)

DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation)

DRV:64bit: - (amd_sata) -- C:\Windows\SysNative\drivers\amd_sata.sys (Advanced Micro Devices)

DRV:64bit: - (amd_xata) -- C:\Windows\SysNative\drivers\amd_xata.sys (Advanced Micro Devices)

DRV:64bit: - (amdxhc) -- C:\Windows\SysNative\drivers\amdxhc.sys (Advanced Micro Devices, INC.)

DRV:64bit: - (amdhub30) -- C:\Windows\SysNative\drivers\amdhub30.sys (Advanced Micro Devices, INC.)

DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)

DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)

DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)

DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)

DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)

DRV:64bit: - (amdiox64) -- C:\Windows\SysNative\drivers\amdiox64.sys (Advanced Micro Devices)

DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)

DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)

DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)

DRV:64bit: - (61883) -- C:\Windows\SysNative\drivers\61883.sys (Microsoft Corporation)

DRV:64bit: - (Avc) -- C:\Windows\SysNative\drivers\avc.sys (Microsoft Corporation)

DRV:64bit: - (MSDV) -- C:\Windows\SysNative\drivers\msdv.sys (Microsoft Corporation)

DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)

DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)

DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)

DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)

DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 

IE:64bit: - HKLM\..\SearchScopes\{EFA2FEF8-C124-4225-9FCD-B5184E23CC78}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=MNMTDF&pc=MANM&src=IE-SearchBox

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://nmd.msn.com

IE - HKLM\..\SearchScopes,DefaultScope = 

IE - HKLM\..\SearchScopes\{2E03954E-89B9-46F7-AA70-B14847C6067C}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=MNMTDF&pc=MANM&src=IE-SearchBox

 

 

IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 

 

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 

 

IE - HKU\S-1-5-21-2060105697-235347385-2913916759-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com

IE - HKU\S-1-5-21-2060105697-235347385-2913916759-1001\..\SearchScopes,DefaultScope = 

IE - HKU\S-1-5-21-2060105697-235347385-2913916759-1001\..\SearchScopes\{40FCBC03-113D-4A4E-9A0D-771855886A78}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-3&o=APN10395&src=kw&q={searchTerms}&locale=&apn_ptnrs=^ABT&apn_dtid=^YYYYYY^YY^DE&apn_uid=44a357d9-393a-40f1-b0d6-cd7765c20ae9&apn_sauid=8B05E438-3C3B-4CAF-9782-6361CCDB8502

IE - HKU\S-1-5-21-2060105697-235347385-2913916759-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 
 ========== FireFox ==========

 

FF - prefs.js..browser.startup.homepage: "www.google.de"

FF - prefs.js..extensions.enabledAddons: wrc@avast.com:7.0.1474

FF - prefs.js..extensions.enabledAddons: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20120926

FF - user.js - File not found

 

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\itunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@nitropdf.com/NitroPDF: E:\PDF_Nitro\npnitromozilla.dll ( )

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012.11.02 21:54:57 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.10.26 21:56:42 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.10.26 21:56:39 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.10.26 21:56:42 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.10.26 21:56:39 | 000,000,000 | ---D | M]

 

[2012.09.18 19:39:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\derneuste\AppData\Roaming\mozilla\Extensions

[2012.11.06 19:44:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\derneuste\AppData\Roaming\mozilla\Firefox\Profiles\rnt99qkn.default\extensions

[2012.11.04 13:30:26 | 000,000,000 | ---D | M] (WOT) -- C:\Users\derneuste\AppData\Roaming\mozilla\Firefox\Profiles\rnt99qkn.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}

[2012.10.26 21:56:38 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions

[2012.11.02 21:54:57 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF

[2012.10.26 21:56:42 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll

[2012.09.06 03:07:37 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml

[2012.09.06 03:07:37 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

[2012.09.06 03:07:37 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml

[2012.09.06 03:07:37 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml

[2012.09.06 03:07:37 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml

[2012.09.06 03:07:37 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml

 

O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)

O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)

O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.

O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O4:64bit: - HKLM..\Run: [RtHDVBg_Dolby] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)

O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)

O4 - HKLM..\Run: []  File not found

O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)

O4 - HKLM..\Run: [avgnt] E:\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)

O4 - HKLM..\Run: [iSaverCtrl] C:\Program Files (x86)\iSaver\iSaverCtrl.exe --startup File not found

O4 - HKLM..\Run: [NUSB3MON] c:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)

O4 - HKLM..\Run: [StartCCC] c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-2060105697-235347385-2913916759-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found

O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - E:\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - E:\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - E:\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - E:\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - E:\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - E:\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - E:\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - E:\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000020 - E:\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - E:\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - E:\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)

O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - E:\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)

O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - E:\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)

O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - E:\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)

O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - E:\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)

O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - E:\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)

O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - E:\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)

O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - E:\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)

O13 - gopher Prefix: missing

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AFBD353B-2ECF-40CF-A0A7-08855C94329C}: NameServer = 192.168.2.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D30CE1CA-0DAE-4325-A5E1-A1AC77CE0A0E}: DhcpNameServer = 10.111.81.129 10.129.32.1

O18:64bit: - Protocol\Handler\livecall - No CLSID value found

O18:64bit: - Protocol\Handler\ms-help - No CLSID value found

O18:64bit: - Protocol\Handler\msnim - No CLSID value found

O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found

O18:64bit: - Protocol\Handler\wlpg - No CLSID value found

O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\IMESHA~1\Mediabar\Datamngr\x64\datamngr.dll) - C:\PROGRA~2\IMESHA~1\Mediabar\Datamngr\x64\datamngr.dll (iMesh, Inc)

O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\IMESHA~1\Mediabar\Datamngr\x64\IEBHO.dll) - C:\PROGRA~2\IMESHA~1\Mediabar\Datamngr\x64\IEBHO.dll (iMesh, Inc)

O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2012.11.06 20:08:09 | 000,000,000 | ---D | C] -- C:\temp

[2012.11.05 19:31:16 | 000,370,288 | ---- | C] (AVAST Software) -- C:\windows\SysNative\drivers\aswSP.sys

[2012.11.05 19:31:16 | 000,025,232 | ---- | C] (AVAST Software) -- C:\windows\SysNative\drivers\aswFsBlk.sys

[2012.11.05 19:31:15 | 000,984,144 | ---- | C] (AVAST Software) -- C:\windows\SysNative\drivers\aswSnx.sys

[2012.11.04 14:34:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira

[2012.11.04 14:16:37 | 000,000,000 | ---D | C] -- C:\ProgramData\SecTaskMan

[2012.11.04 14:16:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security Task Manager

[2012.11.04 14:16:34 | 000,000,000 | ---D | C] -- C:\Program Files\Security Task Manager

[2012.11.03 23:23:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Live Add-in

[2012.11.02 21:55:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus

[2012.11.02 21:55:15 | 000,285,328 | ---- | C] (AVAST Software) -- C:\windows\SysNative\aswBoot.exe

[2012.11.02 21:55:15 | 000,071,600 | ---- | C] (AVAST Software) -- C:\windows\SysNative\drivers\aswMonFlt.sys

[2012.11.02 21:54:29 | 000,041,224 | ---- | C] (AVAST Software) -- C:\windows\avastSS.scr

[2012.11.02 21:54:28 | 000,227,648 | ---- | C] (AVAST Software) -- C:\windows\SysWow64\aswBoot.exe

[2012.11.02 21:54:14 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software

[2012.11.02 21:54:14 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software

[2012.10.30 18:40:15 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine

[2012.10.30 18:32:09 | 000,000,000 | ---D | C] -- C:\Users\derneuste\Desktop\Virensuchprogramme zT alt

[2012.10.29 22:30:22 | 000,000,000 | ---D | C] -- C:\Users\derneuste\AppData\Roaming\JAM Software

[2012.10.29 22:30:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TreeSize Professional

[2012.10.29 22:30:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\JAM Software

[2012.10.29 19:16:29 | 000,000,000 | ---D | C] -- C:\Users\derneuste\AppData\Local\{80886A99-B8E8-423C-A76E-B5C67B5625BB}

[2012.10.29 19:14:23 | 000,000,000 | ---D | C] -- C:\Users\derneuste\Local Settings

[2012.10.29 19:14:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip

[2012.10.29 19:14:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\7-Zip

[2012.10.26 21:56:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox

[2012.10.26 06:45:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET

[2012.10.26 06:36:36 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN

[2012.10.25 20:51:21 | 000,518,144 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe

[2012.10.25 20:51:21 | 000,406,528 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe

[2012.10.25 20:51:21 | 000,060,416 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe

[2012.10.25 20:46:58 | 000,000,000 | ---D | C] -- C:\Qoobox

[2012.10.25 20:46:46 | 000,000,000 | ---D | C] -- C:\windows\erdnt

[2012.10.22 18:16:14 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys

[2012.10.21 18:43:27 | 000,000,000 | ---D | C] -- C:\windows\Minidump

[2012.10.21 18:11:32 | 000,245,760 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\OxpsConverter.exe

[2012.10.21 18:11:22 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ntoskrnl.exe

[2012.10.21 18:11:22 | 003,914,096 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntoskrnl.exe

[2012.10.21 18:11:19 | 003,968,880 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntkrnlpa.exe

[2012.10.21 18:11:00 | 001,162,240 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\kernel32.dll

[2012.10.21 18:11:00 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\KernelBase.dll

[2012.10.21 18:10:59 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\conhost.exe

[2012.10.21 18:10:59 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wow64.dll

[2012.10.21 18:10:59 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\winsrv.dll

[2012.10.21 18:10:58 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wow64win.dll

[2012.10.21 18:10:58 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\setup16.exe

[2012.10.21 18:10:58 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ntvdm64.dll

[2012.10.21 18:10:58 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntvdm64.dll

[2012.10.21 18:10:58 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wow64cpu.dll

[2012.10.21 18:10:58 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\instnm.exe

[2012.10.21 18:10:58 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll

[2012.10.21 18:10:58 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wow32.dll

[2012.10.21 18:10:58 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll

[2012.10.21 18:10:58 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll

[2012.10.21 18:10:58 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll

[2012.10.21 18:10:58 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll

[2012.10.21 18:10:58 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll

[2012.10.21 18:10:58 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll

[2012.10.21 18:10:58 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll

[2012.10.21 18:10:58 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll

[2012.10.21 18:10:58 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll

[2012.10.21 18:10:58 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-memory-l1-1-0.dll

[2012.10.21 18:10:58 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll

[2012.10.21 18:10:58 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll

[2012.10.21 18:10:58 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll

[2012.10.21 18:10:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll

[2012.10.21 18:10:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll

[2012.10.21 18:10:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll

[2012.10.21 18:10:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll

[2012.10.21 18:10:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-profile-l1-1-0.dll

[2012.10.21 18:10:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-io-l1-1-0.dll

[2012.10.21 18:10:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll

[2012.10.21 18:10:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll

[2012.10.21 18:10:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll

[2012.10.21 18:10:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll

[2012.10.21 18:10:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll

[2012.10.21 18:10:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll

[2012.10.21 18:10:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-debug-l1-1-0.dll

[2012.10.21 18:10:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll

[2012.10.21 18:10:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll

[2012.10.21 18:10:57 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll

[2012.10.21 18:10:57 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-security-base-l1-1-0.dll

[2012.10.21 18:10:57 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-file-l1-1-0.dll

[2012.10.21 18:10:57 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll

[2012.10.21 18:10:57 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll

[2012.10.21 18:10:57 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll

[2012.10.21 18:10:57 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-synch-l1-1-0.dll

[2012.10.21 18:10:57 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll

[2012.10.21 18:10:57 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll

[2012.10.21 18:10:57 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-localization-l1-1-0.dll

[2012.10.21 18:10:57 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll

[2012.10.21 18:10:57 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll

[2012.10.21 18:10:57 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll

[2012.10.21 18:10:57 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll

[2012.10.21 18:10:57 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-misc-l1-1-0.dll

[2012.10.21 18:10:57 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll

[2012.10.21 18:10:57 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-heap-l1-1-0.dll

[2012.10.21 18:10:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-util-l1-1-0.dll

[2012.10.21 18:10:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-util-l1-1-0.dll

[2012.10.21 18:10:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-string-l1-1-0.dll

[2012.10.21 18:10:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-io-l1-1-0.dll

[2012.10.21 18:10:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll

[2012.10.21 18:10:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-handle-l1-1-0.dll

[2012.10.21 18:10:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll

[2012.10.21 18:10:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll

[2012.10.21 18:10:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-console-l1-1-0.dll

[2012.10.21 18:10:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-console-l1-1-0.dll

[2012.10.21 18:10:57 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\user.exe

[2012.10.21 18:10:29 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wintrust.dll

[2012.10.21 18:04:10 | 001,464,320 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\crypt32.dll

[2012.10.21 18:04:08 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\cryptnet.dll

[2012.10.13 12:53:43 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight

[2012.10.13 12:53:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight

[2012.10.13 11:48:38 | 000,000,000 | ---D | C] -- C:\Users\derneuste\AppData\Roaming\Malwarebytes

[2012.10.13 11:48:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2012.10.13 11:48:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2012.10.13 11:48:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware

[2012.10.12 17:59:38 | 000,000,000 | ---D | C] -- C:\Kaspersky Rescue Disk 10.0

 
 ========== Files - Modified Within 30 Days ==========

 

[2012.11.07 19:49:39 | 000,016,976 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012.11.07 19:49:39 | 000,016,976 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012.11.07 19:42:12 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat

[2012.11.07 19:42:08 | 2816,389,120 | -HS- | M] () -- C:\hiberfil.sys

[2012.11.06 20:09:23 | 000,001,097 | ---- | M] () -- C:\Users\derneuste\Desktop\SopCast.lnk

[2012.11.05 19:48:34 | 000,000,471 | ---- | M] () -- C:\windows\BRWMARK.INI

[2012.11.05 19:31:17 | 000,001,965 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk

[2012.11.05 19:31:15 | 000,000,000 | ---- | M] () -- C:\windows\SysWow64\config.nt

[2012.11.01 18:36:01 | 000,000,512 | ---- | M] () -- C:\Users\derneuste\Desktop\MBR.dat

[2012.10.30 23:51:55 | 000,984,144 | ---- | M] (AVAST Software) -- C:\windows\SysNative\drivers\aswSnx.sys

[2012.10.30 23:51:55 | 000,370,288 | ---- | M] (AVAST Software) -- C:\windows\SysNative\drivers\aswSP.sys

[2012.10.30 23:51:55 | 000,071,600 | ---- | M] (AVAST Software) -- C:\windows\SysNative\drivers\aswMonFlt.sys

[2012.10.30 23:51:53 | 000,025,232 | ---- | M] (AVAST Software) -- C:\windows\SysNative\drivers\aswFsBlk.sys

[2012.10.30 23:51:07 | 000,041,224 | ---- | M] (AVAST Software) -- C:\windows\avastSS.scr

[2012.10.30 23:50:59 | 000,227,648 | ---- | M] (AVAST Software) -- C:\windows\SysWow64\aswBoot.exe

[2012.10.30 23:50:30 | 000,285,328 | ---- | M] (AVAST Software) -- C:\windows\SysNative\aswBoot.exe

[2012.10.21 18:43:18 | 233,669,028 | ---- | M] () -- C:\windows\MEMORY.DMP

[2012.10.11 20:29:33 | 000,696,760 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerApp.exe

 
 ========== Files Created - No Company Name ==========

 

[2012.11.02 21:55:18 | 000,001,965 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk

[2012.11.02 21:55:15 | 000,000,000 | ---- | C] () -- C:\windows\SysWow64\config.nt

[2012.11.01 17:55:41 | 000,000,512 | ---- | C] () -- C:\Users\derneuste\Desktop\MBR.dat

[2012.10.25 20:51:21 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe

[2012.10.25 20:51:21 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe

[2012.10.25 20:51:21 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe

[2012.10.25 20:51:21 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe

[2012.10.25 20:51:21 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe

[2012.10.21 18:43:18 | 233,669,028 | ---- | C] () -- C:\windows\MEMORY.DMP

[2012.10.21 18:01:27 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk

[2012.02.04 10:31:40 | 000,496,640 | ---- | C] () -- C:\windows\SysWow64\lame_enc.dll

[2012.02.04 10:31:40 | 000,131,176 | ---- | C] () -- C:\windows\SysWow64\mp3gain.exe

[2012.02.04 10:31:40 | 000,086,016 | ---- | C] () -- C:\windows\SysWow64\akrip32.dll

[2012.02.04 10:31:39 | 000,580,096 | ---- | C] () -- C:\windows\SysWow64\lame.exe

[2012.02.04 10:31:39 | 000,307,200 | ---- | C] () -- C:\windows\SysWow64\Mp3Ctrl.dll

[2012.02.04 10:31:38 | 000,003,180 | ---- | C] () -- C:\Users\derneuste\AppData\Local\ZortamMp3MediaStudio.iss

[2012.01.25 13:00:51 | 000,367,104 | ---- | C] () -- C:\windows\dmexmenu.dll

[2012.01.25 13:00:51 | 000,072,791 | ---- | C] () -- C:\windows\dmexlanguage.ini

[2012.01.12 08:02:30 | 000,000,471 | ---- | C] () -- C:\windows\BRWMARK.INI

[2012.01.12 08:02:30 | 000,000,034 | ---- | C] () -- C:\windows\SysWow64\bd4040cn.dat

[2012.01.12 08:02:30 | 000,000,026 | ---- | C] () -- C:\windows\BRPP2KA.INI

[2011.12.31 12:53:44 | 000,007,643 | ---- | C] () -- C:\Users\derneuste\AppData\Local\Resmon.ResmonCfg

[2011.12.19 13:21:19 | 000,000,000 | ---- | C] () -- C:\windows\ativpsrm.bin

[2011.12.14 07:53:04 | 000,204,960 | ---- | C] () -- C:\windows\SysWow64\ativvsvl.dat

[2011.12.14 07:53:04 | 000,157,152 | ---- | C] () -- C:\windows\SysWow64\ativvsva.dat

[2011.12.14 07:53:03 | 000,003,917 | ---- | C] () -- C:\windows\SysWow64\atipblag.dat

[2011.11.09 22:39:44 | 000,059,904 | ---- | C] () -- C:\windows\SysWow64\OpenVideo.dll

[2011.11.09 22:39:32 | 000,054,784 | ---- | C] () -- C:\windows\SysWow64\OVDecode.dll

 
 ========== ZeroAccess Check ==========

 

[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

 

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

 

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

 

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

 

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

 

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

 
 ========== Alternate Data Streams ==========

 

@Alternate Data Stream - 152 bytes -> C:\ProgramData\TEMP:8331D35A

@Alternate Data Stream - 100 bytes -> C:\ProgramData\TEMP:EBC2DB92
 

< End of report >

und extras

Code:

OTL Extras logfile created on: 07.11.2012 19:52:28 - Run 3

OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\derneuste\Desktop\Virensuchprogramme zT alt

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

3,50 Gb Total Physical Memory | 2,20 Gb Available Physical Memory | 62,82% Memory free

6,99 Gb Paging File | 5,46 Gb Available in Paging File | 78,09% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 467,66 Gb Total Space | 336,62 Gb Free Space | 71,98% Space Free | Partition Type: NTFS

Drive E: | 244,14 Gb Total Space | 175,88 Gb Free Space | 72,04% Space Free | Partition Type: NTFS

Drive J: | 204,71 Gb Total Space | 50,67 Gb Free Space | 24,75% Space Free | Partition Type: NTFS

Drive L: | 298,01 Gb Total Space | 150,59 Gb Free Space | 50,53% Space Free | Partition Type: FAT32

 

Computer Name: DERNEUSTE-PC | User Name: derneuste | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Extra Registry (SafeList) ==========

 

 
 ========== File Associations ==========

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)

 

[HKEY_USERS\S-1-5-21-2060105697-235347385-2913916759-1001\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

 
 ========== Shell Spawning ==========

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)

InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [MediaMonkey.1Play] -- "E:\MediaMonkey\MediaMonkey.exe" "%1"

Directory [MediaMonkey.2PlayNext] -- "E:\MediaMonkey\MediaMonkey.exe" /NEXT "%1"

Directory [MediaMonkey.3Enqueue] -- "E:\MediaMonkey\MediaMonkey.exe" /ADD "%1"

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [MediaMonkey.1Play] -- "E:\MediaMonkey\MediaMonkey.exe" "%1"

Directory [MediaMonkey.2PlayNext] -- "E:\MediaMonkey\MediaMonkey.exe" /NEXT "%1"

Directory [MediaMonkey.3Enqueue] -- "E:\MediaMonkey\MediaMonkey.exe" /ADD "%1"

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 
 ========== Security Center Settings ==========

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

"FirewallDisableNotify" = 0

"AntiVirusDisableNotify" = 0

"UpdatesDisableNotify" = 0

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

 
 ========== System Restore Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

 
 ========== Firewall Settings ==========

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

 
 ========== Authorized Applications List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

 

 
 ========== Vista Active Open Ports Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{20FBB5EB-99A0-42DB-B29B-95E7493D03C1}" = lport=2869 | protocol=6 | dir=in | app=system | 

"{3049C825-D488-4DA3-B3B4-E62169485D48}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 

"{3E5E5400-4E04-47FB-95D4-DF1A6E006C90}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 

"{3FF94C8B-00F0-46C9-911B-3E87AB25F5AE}" = rport=10243 | protocol=6 | dir=out | app=system | 

"{443C821F-B87B-4683-8158-0719BE06533A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 

"{541CBC2C-8E3D-4A8F-8B4F-E3E1A946F2E4}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 

"{616EF830-2F7F-45B2-A679-76DE25C640BE}" = lport=137 | protocol=17 | dir=in | app=system | 

"{641E1BD0-D187-40D8-95B8-092D9ACBDC7E}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 

"{72931074-907F-40D8-8A23-157338BC3F28}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 

"{72FF699C-8D56-4230-9B11-510A19251D2D}" = lport=138 | protocol=17 | dir=in | app=system | 

"{7F3614BF-5281-4C04-A7E2-DD16B9CD9850}" = lport=139 | protocol=6 | dir=in | app=system | 

"{9318B394-96C6-4024-BBD5-16CF086326FB}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 

"{9542F82F-9EA5-47AD-91CF-1E7EE4D9C617}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 

"{A3427852-3B59-478A-A1DF-B7E7D1101C73}" = rport=139 | protocol=6 | dir=out | app=system | 

"{A47E5180-433B-40D8-B75A-AD1B6504D072}" = rport=138 | protocol=17 | dir=out | app=system | 

"{C421D11C-1E92-4CBE-A8C4-ED8C05C05BFC}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 

"{CC796F37-CD1A-495C-A23F-B7CB548E84DE}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 

"{D5315284-EAA7-4D13-9D3F-582A0EF644E2}" = lport=445 | protocol=6 | dir=in | app=system | 

"{D825BDAE-DAAA-4C4E-8473-2AC56FE32FFD}" = rport=137 | protocol=17 | dir=out | app=system | 

"{D9787DF8-5048-4AF2-9D7E-F972D343BFBE}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 

"{E6707DF3-D2F5-4D3E-B9EE-C67DAEB68B3A}" = lport=10243 | protocol=6 | dir=in | app=system | 

"{EC614620-0EFF-4FA9-B710-800E536C7328}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe | 

"{ED53443E-B4D5-4D02-B872-6E58EFB04165}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 

"{F2C2D1A2-3F78-41CD-9106-6C81FC3236C7}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 

"{F5E788DC-F8D7-48D5-BD05-072D82B724D1}" = rport=445 | protocol=6 | dir=out | app=system | 

"{F7385103-B4F1-40E5-BB33-BDC5EE9C7FF2}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 

 
 ========== Vista Active Application Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{1D374B86-FC52-419F-8603-A722EE4085F7}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 

"{1F2378A4-4081-4E83-81A0-3B7D2B245129}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 

"{250142E6-F321-443E-8D5B-16842CF9ED2E}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 

"{2D87A4E1-7D02-4A93-BD88-A002DDE44F0F}" = protocol=17 | dir=in | app=c:\windows\syswow64\msiexec.exe | 

"{371AB414-A435-42CE-ADCA-44C8498F4AFD}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 

"{389694AA-D77B-439E-B449-291B7EA9F70D}" = protocol=6 | dir=out | app=system | 

"{54479F16-3E01-4524-8B74-32BF1DBF84A6}" = protocol=6 | dir=in | app=c:\program files (x86)\imesh applications\imesh\imesh.exe | 

"{5677E414-FBBD-4C44-B810-BF16E846F41D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 

"{5C8EE087-996C-4F98-8D0E-0F144FE8316C}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 

"{652BFB55-E392-48B0-9B70-2B71E9133F0C}" = protocol=17 | dir=in | app=c:\program files (x86)\sweetim\communicator\sweetpacksupdatemanager.exe | 

"{6AEFD876-EBBD-4955-B174-55DE88A6B62C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 

"{6C9D638C-23AF-472F-AF46-AF01F6F949AB}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 

"{6EBABDD9-D621-49A1-ABE6-DF17830C529F}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 

"{72F7AF9B-56C5-4F74-82EB-F9318DE10F9A}" = protocol=6 | dir=in | app=c:\program files (x86)\imesh applications\mediabar\datamngr\srtool~1\dtuser.exe | 

"{7481F9BD-F521-46D8-8996-3876B4A8068F}" = protocol=6 | dir=in | app=c:\program files (x86)\sweetim\communicator\sweetpacksupdatemanager.exe | 

"{7FD5A2D2-E5BC-42BA-9C9A-0D932661AAED}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 

"{8238485B-D43B-42E2-AE8D-6EE5790CB605}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | 

"{9A6FDA7E-27D7-45F8-8192-71FF87F099F6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 

"{9FBB6CE4-6D9A-46C0-9F44-E907F7ED79CF}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 

"{A17550BF-9949-43D5-94BF-8969B65E5EE4}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 

"{A9324A41-5C3E-4729-ABEA-BB1166D42831}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 

"{AC22DDDB-ABF5-4054-84A9-A3C30FDD7B20}" = protocol=6 | dir=in | app=c:\windows\syswow64\msiexec.exe | 

"{B9FB8E14-C17B-4C1F-B867-E40435A00313}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 

"{CB5EA568-2DF1-426C-91BE-A2791B106193}" = protocol=17 | dir=in | app=c:\program files (x86)\imesh applications\imesh\imesh.exe | 

"{D1089845-536B-4F00-B456-0F0551821569}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 

"{DB9EA595-9769-4435-A662-D7AD0B6D6329}" = protocol=6 | dir=in | app=c:\program files (x86)\imesh applications\imesh\imesh.exe | 

"{DD2A2C6C-C8C9-48D1-A1B0-57303F662869}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 

"{DD3E584B-BF79-4266-AC72-14AC62268CC7}" = dir=in | app=c:\itunes\itunes.exe | 

"{DEBE0657-84DB-46E9-AAE5-60C98D865A8F}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 

"{DECD30F1-09CE-4C4A-915F-BA18A46643D6}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 

"{E53FE676-3212-4EF7-ABFA-71C80F7BABC7}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 

"{E9E324A2-0936-44CB-958B-588C08C624BB}" = protocol=17 | dir=in | app=c:\program files (x86)\imesh applications\mediabar\datamngr\srtool~1\dtuser.exe | 

"{EE3ECBA6-B08C-4C12-92D8-41F42E4D445B}" = protocol=17 | dir=in | app=c:\program files (x86)\imesh applications\imesh\imesh.exe | 

"{FA7C3A6D-6ED3-4894-A276-AA5C7FCF7A6B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 

"TCP Query User{175A9775-18B5-499F-850A-DACD0D211EB5}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | 

"TCP Query User{1EF5D62F-49DD-4F04-A2DE-15E037520870}C:\program files (x86)\temp\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files (x86)\temp\sopcast\sopcast.exe | 

"TCP Query User{31217E38-C89C-48CA-856A-6D986AEE867C}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe | 

"TCP Query User{448A4D01-04BF-45DE-BC71-D6B18C784FA9}C:\program files (x86)\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe | 

"UDP Query User{4EF07B70-FBB6-4CB2-B8EC-BB747B39570F}C:\program files (x86)\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe | 

"UDP Query User{655AF68B-CC63-4542-84EA-76534E115BB2}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | 

"UDP Query User{70B8D477-D557-4A2D-8139-6291FE55BB74}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe | 

"UDP Query User{F04A1F94-E3A2-454C-8403-FF5C396F23AF}C:\program files (x86)\temp\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files (x86)\temp\sopcast\sopcast.exe | 

 
 ========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{0886900B-B2F3-452C-B580-60F1253F7F80}" = Native Instruments Controller Editor

"{0B8565BA-BAD5-4732-B122-5FD78EFC50A9}" = Native Instruments Service Center

"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack

"{11BA2B00-1495-47B8-BFA8-D08C605AB2CC}" = Windows Live Family Safety

"{1493B2AE-0261-47D2-B1AA-F4DAD0F6C48B}" = iTunes

"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector

"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant

"{4BC310C4-B898-46E2-B5FB-B85A30AA7142}" = iCloud

"{4D533F05-A3F6-F8A9-F1F6-FA6812089D36}" = AMD Drag and Drop Transcoding

"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime

"{62478EFF-4C2D-7C34-3CE4-23E1CF4A53DD}" = ccc-utility64

"{7446FE8D-C1F9-4D42-AAAE-5DBCE58605A6}" = Apple Mobile Device Support

"{76A9BB62-F6BC-83B7-B774-B4ED34009E62}" = AMD Fuel

"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007

"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007

"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting

"{A08E9F7F-D07D-4029-973D-D9DB7DF4A285}" = Nitro Reader 2

"{A8EC0CC0-AD8D-4244-B080-424EDF7A7634}" = Native Instruments Traktor 2

"{CE42CFF5-F477-D440-6CFB-6CBAE0008B91}" = AMD Catalyst Install Manager

"{CEA21F20-DBF4-464C-8B81-28B8508AFDDD}" = Windows Live Family Safety

"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources

"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources

"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter

"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319

"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client

"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service

"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile

"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit

"Free PDF to Word Converter_is1" = Free PDF to Word Converter 5.1.0.383

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion

"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer

"{0D4D67AB-C830-1787-5868-7EB8CDE396FD}" = Catalyst Control Center InstallProxy

"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime

"{12FCEE02-33A5-478A-A0B1-219E07BA0B47}" = MP3-Tag-Editor 3.10

"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger

"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update

"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions

"{2911F8A7-8513-7A0C-E02B-B4BF3260376D}" = CCC Help Hungarian

"{2ECA81CA-D932-4AD3-AD59-BF5CCF099C83}" = Catalyst Control Center - Branding

"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery

"{337944EB-8A7B-9A4F-5616-BE20776318B0}" = Catalyst Control Center Graphics Previews Common

"{376924D9-9D83-366E-8DF4-3785F7200572}" = CCC Help Greek

"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack

"{37D77500-8BAB-D917-A1E5-80DB5DBC90A4}" = CCC Help Polish

"{3DBF3B04-45ED-7839-A732-572F5132C87E}" = CCC Help French

"{3FCB5D68-F2EC-00BC-4F00-A921C894A670}" = Catalyst Control Center Localization All

"{4D161755-840F-40E8-B0F4-DAB6D1A15978}" = Heja BVB 

"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver

"{5449FB4F-1802-4D5B-A6D8-087DB1142147}" = Realtek HDMI Audio Driver for ATI

"{58184585-45B7-AC59-3367-CC89814C2657}" = AMD VISION Engine Control Center

"{5E1375CB-6792-4464-8715-CC3EC83D48FA}" = VirtualDJ Home FREE

"{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Apple Application Support

"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE

"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update

"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core

"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP

"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable

"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform

"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer

"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver

"{8B558624-36B9-7D51-AA9F-339E85E3C6CA}" = CCC Help Portuguese

"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime

"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT

"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007

"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007

"{90120000-0015-0407-0000-0000000FF1CE}_PROPLUS_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007

"{90120000-0016-0407-0000-0000000FF1CE}_PROPLUS_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007

"{90120000-0018-0407-0000-0000000FF1CE}_PROPLUS_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007

"{90120000-0019-0407-0000-0000000FF1CE}_PROPLUS_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007

"{90120000-001A-0407-0000-0000000FF1CE}_PROPLUS_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007

"{90120000-001B-0407-0000-0000000FF1CE}_PROPLUS_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007

"{90120000-001F-0407-0000-0000000FF1CE}_PROPLUS_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-040C-0000-0000000FF1CE}_PROPLUS_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007

"{90120000-001F-0410-0000-0000000FF1CE}_PROPLUS_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-002A-0000-1000-0000000FF1CE}_PROPLUS_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-002A-0407-1000-0000000FF1CE}_PROPLUS_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007

"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007

"{90120000-0044-0407-0000-0000000FF1CE}_PROPLUS_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007

"{90120000-006E-0407-0000-0000000FF1CE}_PROPLUS_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In

"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker

"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010

"{960C091F-A830-2964-D775-05ECD97484B5}" = CCC Help Spanish

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail

"{A4A9D179-DF6D-3876-F1C4-F4D2F5B77F23}" = CCC Help English

"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer

"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common

"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer

"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch

"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh

"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie

"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail

"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common

"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections

"{CA142FB8-084F-4B22-BCC7-890B0F42A0DF}" = Maximized Software iCoverArt

"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform

"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64

"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform

"{DB32230C-5CE1-8112-F793-A8124B25A60B}" = CCC Help Italian

"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh

"{DF9E978D-54DA-6E2B-E699-D161E31DA144}" = CCC Help German

"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10

"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker

"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5

"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials

"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

"7-Zip" = 7-Zip 9.20

"Album Art Downloader XUI" = Album Art Downloader XUI 0.43

"Album Cover Finder_is1" = Album Cover Finder v.7.1.3

"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9

"avast" = avast! Free Antivirus

"Avira AntiVir Desktop" = Avira Free Antivirus

"CDex" = CDex - Open Source Digital Audio CD Extractor

"DMEXMENU" = DMEX Menu Extention (Uninstall only)

"ESET Online Scanner" = ESET Online Scanner v3

"Exact Audio Copy" = Exact Audio Copy 1.0beta3

"imeshtoolbar2" = Search-Results Toolbar

"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000

"MediaMonkey_is1" = MediaMonkey 4.0

"Mozilla Firefox 16.0.2 (x86 de)" = Mozilla Firefox 16.0.2 (x86 de)

"MozillaMaintenanceService" = Mozilla Maintenance Service

"Native Instruments Controller Editor" = Native Instruments Controller Editor

"Native Instruments Service Center" = Native Instruments Service Center

"Native Instruments Traktor 2" = Native Instruments Traktor 2

"PROPLUS" = Microsoft Office Professional Plus 2007

"Security Task Manager" = Security Task Manager 1.8d

"SopCast" = SopCast 3.5.0

"TagScanner_is1" = TagScanner 5.1.607

"TreeSize Professional_is1" = TreeSize Professional V5.5.5

"Virtual DJ Home Edition - Atomix Productions" = Virtual DJ Home Edition - Atomix Productions

"WinLiveSuite" = Windows Live Essentials

"xp-AntiSpy" = xp-AntiSpy 3.98-1

"Zortam Mp3 Media Studio_is1" = Zortam Mp3 Media Studio 13.35

 
 ========== Last 20 Event Log Errors ==========

 

[ Application Events ]

Error - 29.10.2012 15:38:27 | Computer Name = derneuste-PC | Source = WinMgmt | ID = 10

Description = 

 

Error - 29.10.2012 15:42:08 | Computer Name = derneuste-PC | Source = Microsoft-Windows-LoadPerf | ID = 3002

Description = Der Textzeichenfolgenwert zur Beschreibung des Leistungsindikators

 in der Registrierung ist falsch formatiert. Die falsch formatierte Zeichenfolge

 ist "??A ". Das erste DWORD im Datenbereich enthält den Indexwert für die falsch

 formatierte Zeichenfolge, während das zweite und dritte DWORD im Datenbereich die

 letzten gültigen Indexwerte enthalten.

 

Error - 30.10.2012 13:31:50 | Computer Name = derneuste-PC | Source = WinMgmt | ID = 10

Description = 

 

Error - 30.10.2012 13:36:44 | Computer Name = derneuste-PC | Source = Microsoft-Windows-LoadPerf | ID = 3002

Description = Der Textzeichenfolgenwert zur Beschreibung des Leistungsindikators

 in der Registrierung ist falsch formatiert. Die falsch formatierte Zeichenfolge

 ist "??A ". Das erste DWORD im Datenbereich enthält den Indexwert für die falsch

 formatierte Zeichenfolge, während das zweite und dritte DWORD im Datenbereich die

 letzten gültigen Indexwerte enthalten.

 

Error - 30.10.2012 13:43:29 | Computer Name = derneuste-PC | Source = WinMgmt | ID = 10

Description = 

 

Error - 30.10.2012 13:46:10 | Computer Name = derneuste-PC | Source = Microsoft-Windows-LoadPerf | ID = 3002

Description = Der Textzeichenfolgenwert zur Beschreibung des Leistungsindikators

 in der Registrierung ist falsch formatiert. Die falsch formatierte Zeichenfolge

 ist "??A ". Das erste DWORD im Datenbereich enthält den Indexwert für die falsch

 formatierte Zeichenfolge, während das zweite und dritte DWORD im Datenbereich die

 letzten gültigen Indexwerte enthalten.

 

Error - 30.10.2012 14:13:16 | Computer Name = derneuste-PC | Source = SideBySide | ID = 16842832

Description = Fehler beim Generieren des Aktivierungskontexts für "c:\program files

 (x86)\ESET\eset online scanner\ESETSmartInstaller.exe". Fehler in  Manifest- oder

 Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche Komponentenversion

 steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.  In Konflikt

 stehende Komponenten:.  Komponente 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Komponente

 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

 

Error - 30.10.2012 14:15:23 | Computer Name = derneuste-PC | Source = SideBySide | ID = 16842832

Description = Fehler beim Generieren des Aktivierungskontexts für "c:\Users\derneuste\Desktop\esetsmartinstaller_enu.exe".

 Fehler in  Manifest- oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche

 Komponentenversion steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.

In

 Konflikt stehende Komponenten:.  Komponente 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Komponente

 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

 

Error - 31.10.2012 11:45:06 | Computer Name = derneuste-PC | Source = WinMgmt | ID = 10

Description = 

 

Error - 31.10.2012 11:47:41 | Computer Name = derneuste-PC | Source = Microsoft-Windows-LoadPerf | ID = 3002

Description = Der Textzeichenfolgenwert zur Beschreibung des Leistungsindikators

 in der Registrierung ist falsch formatiert. Die falsch formatierte Zeichenfolge

 ist "??A ". Das erste DWORD im Datenbereich enthält den Indexwert für die falsch

 formatierte Zeichenfolge, während das zweite und dritte DWORD im Datenbereich die

 letzten gültigen Indexwerte enthalten.

 

[ OSession Events ]

Error - 01.09.2012 10:38:49 | Computer Name = derneuste-PC | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:

 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 8265

 seconds with 0 seconds of active time.  This session ended with a crash.

 

[ System Events ]

Error - 25.10.2012 21:56:45 | Computer Name = derneuste-PC | Source = Service Control Manager | ID = 7001

Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der

 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068

 

Error - 30.10.2012 13:32:14 | Computer Name = derneuste-PC | Source = WMPNetworkSvc | ID = 866300

Description = 

 

Error - 03.11.2012 15:20:11 | Computer Name = derneuste-PC | Source = WMPNetworkSvc | ID = 866300

Description = 

 

Error - 04.11.2012 11:00:21 | Computer Name = derneuste-PC | Source = Service Control Manager | ID = 7011

Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung

 von Dienst eventlog erreicht.

 

Error - 04.11.2012 11:00:51 | Computer Name = derneuste-PC | Source = Service Control Manager | ID = 7011

Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung

 von Dienst Schedule erreicht.

 

Error - 04.11.2012 11:00:51 | Computer Name = derneuste-PC | Source = Service Control Manager | ID = 7011

Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung

 von Dienst eventlog erreicht.

 

Error - 04.11.2012 13:00:49 | Computer Name = derneuste-PC | Source = Ntfs | ID = 262281

Description = Auf dem Volume "O:" konnte der Transaktionsressourcen-Manager aufgrund

 eines nicht wiederholbaren Fehlers nicht gestartet werden. Der Fehlercode ist in

 den Daten enthalten.

 

Error - 04.11.2012 13:05:15 | Computer Name = derneuste-PC | Source = Ntfs | ID = 262281

Description = Auf dem Volume "K:" konnte der Transaktionsressourcen-Manager aufgrund

 eines nicht wiederholbaren Fehlers nicht gestartet werden. Der Fehlercode ist in

 den Daten enthalten.

 

Error - 04.11.2012 13:07:21 | Computer Name = derneuste-PC | Source = Ntfs | ID = 262281

Description = Auf dem Volume "K:" konnte der Transaktionsressourcen-Manager aufgrund

 eines nicht wiederholbaren Fehlers nicht gestartet werden. Der Fehlercode ist in

 den Daten enthalten.

 

Error - 04.11.2012 13:12:30 | Computer Name = derneuste-PC | Source = Ntfs | ID = 262281

Description = Auf dem Volume "O:" konnte der Transaktionsressourcen-Manager aufgrund

 eines nicht wiederholbaren Fehlers nicht gestartet werden. Der Fehlercode ist in

 den Daten enthalten.

 

 

< End of report >

Danke ...

Zitat:

haben wir das nihct schon mal gemacht ?

Was verstehst du an Kontrolle nicht? :wtf:

Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle einen Quickscan mit Malwarebytes - denk bitte vorher daran, Malwarebytes über den Updatebutton zu aktualisieren

Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt:

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Hallo Cosinus,

der eset hat doch einiges gefunden...extern zwar abe ...

Code:

ESETSmartInstaller@High as downloader log:

all ok

# version=7

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=f2b4fd59fecc6d4cb474400ce6aeebe7

# end=finished

# remove_checked=false

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2012-10-26 12:19:13

# local_time=2012-10-26 02:19:13 (+0100, Mitteleuropäische Sommerzeit)

# country="Germany"

# lang=1033

# osver=6.1.7601 NT Service Pack 1

# compatibility_mode=1792 16777215 100 0 0 0 0 0

# compatibility_mode=5893 16776573 100 94 0 102860425 0 0

# compatibility_mode=8192 67108863 100 0 236 236 0 0

# scanned=448401

# found=387

# cleaned=0

# scan_time=23399

C:\Program Files (x86)\iMesh Applications\Mediabar\Datamngr\datamngr.dll        a variant of Win32/Toolbar.SearchSuite application (unable to clean)        00000000000000000000000000000000        I

C:\Program Files (x86)\iMesh Applications\Mediabar\Datamngr\datamngrUI.exe        a variant of Win32/Toolbar.SearchSuite.A application (unable to clean)        00000000000000000000000000000000        I

C:\Program Files (x86)\iMesh Applications\Mediabar\Datamngr\DnsBHO.dll        a variant of Win32/Toolbar.SearchSuite application (unable to clean)        00000000000000000000000000000000        I

C:\Program Files (x86)\iMesh Applications\Mediabar\Datamngr\IEBHO.dll        a variant of Win32/Toolbar.SearchSuite application (unable to clean)        00000000000000000000000000000000        I

C:\Users\derneuste\Downloads\SoftonicDownloader_fuer_album-cover-finder.exe        Win32/SoftonicDownloader.C application (unable to clean)        00000000000000000000000000000000        I

C:\Users\derneuste\Downloads\SoftonicDownloader_fuer_tagscanner.exe        Win32/SoftonicDownloader.C application (unable to clean)        00000000000000000000000000000000        I

E:\Laptop 25122010\Favoriten\Rest\computer\Sonstiges1\Fun & Games\Betting.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

E:\Laptop 25122010\Favoriten\Rest\computer\Sonstiges1\Fun & Games\Casino Palace.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

E:\Laptop 25122010\Favoriten\Rest\computer\Sonstiges1\Fun & Games\Casino.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

E:\Laptop 25122010\Favoriten\Rest\computer\Sonstiges1\Fun & Games\Games.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

E:\Laptop 25122010\Favoriten\Rest\computer\Sonstiges1\Fun & Games\Horoscope.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

E:\Laptop 25122010\Favoriten\Rest\computer\Sonstiges1\Going Places\Air Tickets.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

E:\Laptop 25122010\Favoriten\Rest\computer\Sonstiges1\Going Places\Car Rentals.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

E:\Laptop 25122010\Favoriten\Rest\computer\Sonstiges1\Going Places\Hotel Deals.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

E:\Laptop 25122010\Favoriten\Rest\computer\Sonstiges1\Going Places\Luggage.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

E:\Laptop 25122010\Favoriten\Rest\computer\Sonstiges1\Going Places\Travel.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

E:\Laptop 25122010\Favoriten\Rest\computer\Sonstiges1\Living\Dating.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

E:\Laptop 25122010\Favoriten\Rest\computer\Sonstiges1\Living\Find a Degree.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

E:\Laptop 25122010\Favoriten\Rest\computer\Sonstiges1\Living\Find a job.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

E:\Laptop 25122010\Favoriten\Rest\computer\Sonstiges1\Living\Home.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

E:\Laptop 25122010\Favoriten\Rest\computer\Sonstiges1\Living\Insurance.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

E:\Laptop 25122010\Favoriten\Rest\computer\Sonstiges1\Shop\Auctions.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

E:\Laptop 25122010\Favoriten\Rest\computer\Sonstiges1\Shop\Books.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

E:\Laptop 25122010\Favoriten\Rest\computer\Sonstiges1\Shop\Computers.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

E:\Laptop 25122010\Favoriten\Rest\computer\Sonstiges1\Shop\Discount.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

E:\Laptop 25122010\Favoriten\Rest\computer\Sonstiges1\Shop\Flowers.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

E:\Laptop 25122010\Favoriten\Rest\computer\Sonstiges1\Shop\Golf.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

E:\Laptop 25122010\Favoriten\Rest\computer\Sonstiges1\Shop\Jewelry.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

E:\Laptop 25122010\Favoriten\Rest\computer\Sonstiges1\Shop\Movies.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

E:\Laptop 25122010\Favoriten\Rest\computer\Sonstiges1\Shop\Music.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

E:\Laptop 25122010\Favoriten\Rest\computer\Sonstiges1\Shop\Online Store.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

E:\Laptop 25122010\Favoriten\Rest\computer\Sonstiges1\Shop\Perfume.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

E:\Laptop 25122010\Favoriten\Rest\computer\Sonstiges1\Shop\Sleepwear.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

E:\Laptop 25122010\Favoriten\Rest\computer\Sonstiges1\Sonstiges\Fun & Games\Betting.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

E:\Laptop 25122010\Favoriten\Rest\computer\Sonstiges1\Sonstiges\Fun & Games\Casino Palace.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

E:\Laptop 25122010\Favoriten\Rest\computer\Sonstiges1\Sonstiges\Fun & Games\Casino.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

E:\Laptop 25122010\Favoriten\Rest\computer\Sonstiges1\Sonstiges\Fun & Games\Games.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

E:\Laptop 25122010\Favoriten\Rest\computer\Sonstiges1\Sonstiges\Fun & Games\Horoscope.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

E:\Laptop 25122010\Favoriten\Rest\computer\Sonstiges1\Sonstiges\Going Places\Air Tickets.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

E:\Laptop 25122010\Favoriten\Rest\computer\Sonstiges1\Sonstiges\Going Places\Car Rentals.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

E:\Laptop 25122010\Favoriten\Rest\computer\Sonstiges1\Sonstiges\Going Places\Hotel Deals.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

E:\Laptop 25122010\Favoriten\Rest\computer\Sonstiges1\Sonstiges\Going Places\Luggage.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

E:\Laptop 25122010\Favoriten\Rest\computer\Sonstiges1\Sonstiges\Going Places\Travel.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

E:\Laptop 25122010\Favoriten\Rest\computer\Sonstiges1\Sonstiges\Living\Dating.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

E:\Laptop 25122010\Favoriten\Rest\computer\Sonstiges1\Sonstiges\Living\Find a Degree.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

E:\Laptop 25122010\Favoriten\Rest\computer\Sonstiges1\Sonstiges\Living\Find a job.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

E:\Laptop 25122010\Favoriten\Rest\computer\Sonstiges1\Sonstiges\Living\Home.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

E:\Laptop 25122010\Favoriten\Rest\computer\Sonstiges1\Sonstiges\Living\Insurance.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

E:\Laptop 25122010\Favoriten\Rest\computer\Sonstiges1\Sonstiges\Shop\Auctions.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

E:\Laptop 25122010\Favoriten\Rest\computer\Sonstiges1\Sonstiges\Shop\Books.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

E:\Laptop 25122010\Favoriten\Rest\computer\Sonstiges1\Sonstiges\Shop\Computers.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

E:\Laptop 25122010\Favoriten\Rest\computer\Sonstiges1\Sonstiges\Shop\Discount.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

E:\Laptop 25122010\Favoriten\Rest\computer\Sonstiges1\Sonstiges\Shop\Flowers.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

E:\Laptop 25122010\Favoriten\Rest\computer\Sonstiges1\Sonstiges\Shop\Golf.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

E:\Laptop 25122010\Favoriten\Rest\computer\Sonstiges1\Sonstiges\Shop\Jewelry.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

E:\Laptop 25122010\Favoriten\Rest\computer\Sonstiges1\Sonstiges\Shop\Movies.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

E:\Laptop 25122010\Favoriten\Rest\computer\Sonstiges1\Sonstiges\Shop\Music.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

E:\Laptop 25122010\Favoriten\Rest\computer\Sonstiges1\Sonstiges\Shop\Online Store.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

E:\Laptop 25122010\Favoriten\Rest\computer\Sonstiges1\Sonstiges\Shop\Perfume.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

E:\Laptop 25122010\Favoriten\Rest\computer\Sonstiges1\Sonstiges\Shop\Sleepwear.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

E:\Laptop 25122010\Favoriten\Rest\computer\Sonstiges1\Sonstiges\Technology\Adware Remover.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

E:\Laptop 25122010\Favoriten\Rest\computer\Sonstiges1\Sonstiges\Technology\Anti-Virus.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

E:\Laptop 25122010\Favoriten\Rest\computer\Sonstiges1\Sonstiges\Technology\PC Cleaner.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

E:\Laptop 25122010\Favoriten\Rest\computer\Sonstiges1\Sonstiges\Technology\Tech & gadgets.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

E:\Laptop 25122010\Favoriten\Rest\computer\Sonstiges1\Technology\Adware Remover.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

E:\Laptop 25122010\Favoriten\Rest\computer\Sonstiges1\Technology\Anti-Virus.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

E:\Laptop 25122010\Favoriten\Rest\computer\Sonstiges1\Technology\PC Cleaner.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

E:\Laptop 25122010\Favoriten\Rest\computer\Sonstiges1\Technology\Tech & gadgets.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

E:\Laptop 25122010\Favoriten\Rest\Fun & Games\Betting.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

E:\Laptop 25122010\Favoriten\Rest\Fun & Games\Casino Palace.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

E:\Laptop 25122010\Favoriten\Rest\Fun & Games\Casino.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

E:\Laptop 25122010\Favoriten\Rest\Fun & Games\Games.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

E:\Laptop 25122010\Favoriten\Rest\Fun & Games\Horoscope.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

E:\Laptop 25122010\Favoriten\Rest\Going Places\Air Tickets.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

E:\Laptop 25122010\Favoriten\Rest\Going Places\Car Rentals.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

E:\Laptop 25122010\Favoriten\Rest\Going Places\Hotel Deals.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

E:\Laptop 25122010\Favoriten\Rest\Going Places\Luggage.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

E:\Laptop 25122010\Favoriten\Rest\Going Places\Travel.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

E:\Laptop 25122010\Favoriten\Rest\Living\Dating.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

E:\Laptop 25122010\Favoriten\Rest\Living\Find a Degree.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

E:\Laptop 25122010\Favoriten\Rest\Living\Find a job.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

E:\Laptop 25122010\Favoriten\Rest\Living\Home.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

E:\Laptop 25122010\Favoriten\Rest\Living\Insurance.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

E:\Laptop 25122010\Favoriten\Rest\Shop\Auctions.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

E:\Laptop 25122010\Favoriten\Rest\Shop\Books.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

E:\Laptop 25122010\Favoriten\Rest\Shop\Computers.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

E:\Laptop 25122010\Favoriten\Rest\Shop\Discount.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

E:\Laptop 25122010\Favoriten\Rest\Shop\Flowers.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

E:\Laptop 25122010\Favoriten\Rest\Shop\Golf.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

E:\Laptop 25122010\Favoriten\Rest\Shop\Jewelry.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

E:\Laptop 25122010\Favoriten\Rest\Shop\Movies.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

E:\Laptop 25122010\Favoriten\Rest\Shop\Music.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

E:\Laptop 25122010\Favoriten\Rest\Shop\Online Store.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

E:\Laptop 25122010\Favoriten\Rest\Shop\Perfume.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

E:\Laptop 25122010\Favoriten\Rest\Shop\Sleepwear.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

E:\Laptop 25122010\Favoriten\Rest\Sonstiges08\Fun & Games\Betting.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

E:\Laptop 25122010\Favoriten\Rest\Sonstiges08\Fun & Games\Casino Palace.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

E:\Laptop 25122010\Favoriten\Rest\Sonstiges08\Fun & Games\Casino.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

E:\Laptop 25122010\Favoriten\Rest\Sonstiges08\Fun & Games\Games.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

E:\Laptop 25122010\Favoriten\Rest\Sonstiges08\Fun & Games\Horoscope.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

E:\Laptop 25122010\Favoriten\Rest\Sonstiges08\Going Places\Air Tickets.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

E:\Laptop 25122010\Favoriten\Rest\Sonstiges08\Going Places\Car Rentals.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

E:\Laptop 25122010\Favoriten\Rest\Sonstiges08\Going Places\Hotel Deals.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

E:\Laptop 25122010\Favoriten\Rest\Sonstiges08\Going Places\Luggage.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

E:\Laptop 25122010\Favoriten\Rest\Sonstiges08\Going Places\Travel.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

E:\Laptop 25122010\Favoriten\Rest\Sonstiges08\Living\Dating.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

E:\Laptop 25122010\Favoriten\Rest\Sonstiges08\Living\Find a Degree.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

E:\Laptop 25122010\Favoriten\Rest\Sonstiges08\Living\Find a job.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

E:\Laptop 25122010\Favoriten\Rest\Sonstiges08\Living\Home.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

E:\Laptop 25122010\Favoriten\Rest\Sonstiges08\Living\Insurance.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

E:\Laptop 25122010\Favoriten\Rest\Sonstiges08\Shop\Auctions.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

E:\Laptop 25122010\Favoriten\Rest\Sonstiges08\Shop\Books.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

E:\Laptop 25122010\Favoriten\Rest\Sonstiges08\Shop\Computers.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

E:\Laptop 25122010\Favoriten\Rest\Sonstiges08\Shop\Discount.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

E:\Laptop 25122010\Favoriten\Rest\Sonstiges08\Shop\Flowers.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

E:\Laptop 25122010\Favoriten\Rest\Sonstiges08\Shop\Golf.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

E:\Laptop 25122010\Favoriten\Rest\Sonstiges08\Shop\Jewelry.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

E:\Laptop 25122010\Favoriten\Rest\Sonstiges08\Shop\Movies.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

E:\Laptop 25122010\Favoriten\Rest\Sonstiges08\Shop\Music.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

E:\Laptop 25122010\Favoriten\Rest\Sonstiges08\Shop\Online Store.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

E:\Laptop 25122010\Favoriten\Rest\Sonstiges08\Shop\Perfume.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

E:\Laptop 25122010\Favoriten\Rest\Sonstiges08\Shop\Sleepwear.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

E:\Laptop 25122010\Favoriten\Rest\Sonstiges08\Technology\Adware Remover.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

E:\Laptop 25122010\Favoriten\Rest\Sonstiges08\Technology\Anti-Virus.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

E:\Laptop 25122010\Favoriten\Rest\Sonstiges08\Technology\PC Cleaner.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

E:\Laptop 25122010\Favoriten\Rest\Sonstiges08\Technology\Tech & gadgets.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

E:\Laptop 25122010\Favoriten\Rest\Sonstiges1\Fun & Games\Betting.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

E:\Laptop 25122010\Favoriten\Rest\Sonstiges1\Fun & Games\Casino Palace.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

E:\Laptop 25122010\Favoriten\Rest\Sonstiges1\Fun & Games\Casino.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

E:\Laptop 25122010\Favoriten\Rest\Sonstiges1\Fun & Games\Games.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

E:\Laptop 25122010\Favoriten\Rest\Sonstiges1\Fun & Games\Horoscope.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

E:\Laptop 25122010\Favoriten\Rest\Sonstiges1\Going Places\Air Tickets.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

E:\Laptop 25122010\Favoriten\Rest\Sonstiges1\Going Places\Car Rentals.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

E:\Laptop 25122010\Favoriten\Rest\Sonstiges1\Going Places\Hotel Deals.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

E:\Laptop 25122010\Favoriten\Rest\Sonstiges1\Going Places\Luggage.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

E:\Laptop 25122010\Favoriten\Rest\Sonstiges1\Going Places\Travel.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

E:\Laptop 25122010\Favoriten\Rest\Sonstiges1\Living\Dating.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

E:\Laptop 25122010\Favoriten\Rest\Sonstiges1\Living\Find a Degree.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

E:\Laptop 25122010\Favoriten\Rest\Sonstiges1\Living\Find a job.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

E:\Laptop 25122010\Favoriten\Rest\Sonstiges1\Living\Home.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

E:\Laptop 25122010\Favoriten\Rest\Sonstiges1\Living\Insurance.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

E:\Laptop 25122010\Favoriten\Rest\Sonstiges1\Shop\Auctions.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

E:\Laptop 25122010\Favoriten\Rest\Sonstiges1\Shop\Books.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

E:\Laptop 25122010\Favoriten\Rest\Sonstiges1\Shop\Computers.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

E:\Laptop 25122010\Favoriten\Rest\Sonstiges1\Shop\Discount.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

E:\Laptop 25122010\Favoriten\Rest\Sonstiges1\Shop\Flowers.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

E:\Laptop 25122010\Favoriten\Rest\Sonstiges1\Shop\Golf.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

E:\Laptop 25122010\Favoriten\Rest\Sonstiges1\Shop\Jewelry.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

E:\Laptop 25122010\Favoriten\Rest\Sonstiges1\Shop\Movies.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

E:\Laptop 25122010\Favoriten\Rest\Sonstiges1\Shop\Music.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

E:\Laptop 25122010\Favoriten\Rest\Sonstiges1\Shop\Online Store.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

E:\Laptop 25122010\Favoriten\Rest\Sonstiges1\Shop\Perfume.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

E:\Laptop 25122010\Favoriten\Rest\Sonstiges1\Shop\Sleepwear.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

E:\Laptop 25122010\Favoriten\Rest\Sonstiges1\Sonstiges\Fun & Games\Betting.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

E:\Laptop 25122010\Favoriten\Rest\Sonstiges1\Sonstiges\Fun & Games\Casino Palace.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

E:\Laptop 25122010\Favoriten\Rest\Sonstiges1\Sonstiges\Fun & Games\Casino.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

E:\Laptop 25122010\Favoriten\Rest\Sonstiges1\Sonstiges\Fun & Games\Games.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

E:\Laptop 25122010\Favoriten\Rest\Sonstiges1\Sonstiges\Fun & Games\Horoscope.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

E:\Laptop 25122010\Favoriten\Rest\Sonstiges1\Sonstiges\Going Places\Air Tickets.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

E:\Laptop 25122010\Favoriten\Rest\Sonstiges1\Sonstiges\Going Places\Car Rentals.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

E:\Laptop 25122010\Favoriten\Rest\Sonstiges1\Sonstiges\Going Places\Hotel Deals.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

E:\Laptop 25122010\Favoriten\Rest\Sonstiges1\Sonstiges\Going Places\Luggage.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

E:\Laptop 25122010\Favoriten\Rest\Sonstiges1\Sonstiges\Going Places\Travel.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

E:\Laptop 25122010\Favoriten\Rest\Sonstiges1\Sonstiges\Living\Dating.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

E:\Laptop 25122010\Favoriten\Rest\Sonstiges1\Sonstiges\Living\Find a Degree.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

E:\Laptop 25122010\Favoriten\Rest\Sonstiges1\Sonstiges\Living\Find a job.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

E:\Laptop 25122010\Favoriten\Rest\Sonstiges1\Sonstiges\Living\Home.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

E:\Laptop 25122010\Favoriten\Rest\Sonstiges1\Sonstiges\Living\Insurance.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

E:\Laptop 25122010\Favoriten\Rest\Sonstiges1\Sonstiges\Shop\Auctions.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

E:\Laptop 25122010\Favoriten\Rest\Sonstiges1\Sonstiges\Shop\Books.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

E:\Laptop 25122010\Favoriten\Rest\Sonstiges1\Sonstiges\Shop\Computers.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

E:\Laptop 25122010\Favoriten\Rest\Sonstiges1\Sonstiges\Shop\Discount.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

E:\Laptop 25122010\Favoriten\Rest\Sonstiges1\Sonstiges\Shop\Flowers.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

E:\Laptop 25122010\Favoriten\Rest\Sonstiges1\Sonstiges\Shop\Golf.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

E:\Laptop 25122010\Favoriten\Rest\Sonstiges1\Sonstiges\Shop\Jewelry.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

E:\Laptop 25122010\Favoriten\Rest\Sonstiges1\Sonstiges\Shop\Movies.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

E:\Laptop 25122010\Favoriten\Rest\Sonstiges1\Sonstiges\Shop\Music.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

E:\Laptop 25122010\Favoriten\Rest\Sonstiges1\Sonstiges\Shop\Online Store.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

E:\Laptop 25122010\Favoriten\Rest\Sonstiges1\Sonstiges\Shop\Perfume.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

E:\Laptop 25122010\Favoriten\Rest\Sonstiges1\Sonstiges\Shop\Sleepwear.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

E:\Laptop 25122010\Favoriten\Rest\Sonstiges1\Sonstiges\Technology\Adware Remover.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

E:\Laptop 25122010\Favoriten\Rest\Sonstiges1\Sonstiges\Technology\Anti-Virus.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

E:\Laptop 25122010\Favoriten\Rest\Sonstiges1\Sonstiges\Technology\PC Cleaner.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

E:\Laptop 25122010\Favoriten\Rest\Sonstiges1\Sonstiges\Technology\Tech & gadgets.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

E:\Laptop 25122010\Favoriten\Rest\Sonstiges1\Technology\Adware Remover.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

E:\Laptop 25122010\Favoriten\Rest\Sonstiges1\Technology\Anti-Virus.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

E:\Laptop 25122010\Favoriten\Rest\Sonstiges1\Technology\PC Cleaner.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

E:\Laptop 25122010\Favoriten\Rest\Sonstiges1\Technology\Tech & gadgets.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

E:\Laptop 25122010\Favoriten\Rest\Technology\Adware Remover.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

E:\Laptop 25122010\Favoriten\Rest\Technology\Anti-Virus.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

E:\Laptop 25122010\Favoriten\Rest\Technology\PC Cleaner.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

E:\Laptop 25122010\Favoriten\Rest\Technology\Tech & gadgets.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

J:\DERNEUSTE-PC\Backup Set 2012-04-16 080434\Backup Files 2012-04-16 080434\Backup files 17.zip        Win32/SoftonicDownloader.C application (unable to clean)        00000000000000000000000000000000        I

J:\DERNEUSTE-PC\Backup Set 2012-10-09 072555\Backup Files 2012-10-09 072555\Backup files 16.zip        Win32/SoftonicDownloader.C application (unable to clean)        00000000000000000000000000000000        I

J:\DERNEUSTE-PC\Backup Set 2012-10-21 190012\Backup Files 2012-10-21 190012\Backup files 15.zip        Win32/SoftonicDownloader.C application (unable to clean)        00000000000000000000000000000000        I

M:\Musik\2010\Musik\Noch brennen\SoftonicDownloader_fuer_pdf-split-and-merge.exe        a variant of Win32/SoftonicDownloader.A application (unable to clean)        00000000000000000000000000000000        I

M:\Musik\2010\Musik\Noch brennen\SoftonicDownloader_fuer_pdf24-pdf-creator.exe        a variant of Win32/SoftonicDownloader.A application (unable to clean)        00000000000000000000000000000000        I

M:\bilder\Hochzeit\Software\SoftonicDownloader50481.exe        a variant of Win32/SoftonicDownloader.A application (unable to clean)        00000000000000000000000000000000        I

M:\VC511\Neuer Ordner\Haus\Favoriten\Technology\Adware Remover.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

M:\VC511\Neuer Ordner\Haus\Favoriten\Technology\Anti-Virus.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

M:\VC511\Neuer Ordner\Haus\Favoriten\Technology\PC Cleaner.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

M:\VC511\Neuer Ordner\Haus\Favoriten\Technology\Tech & gadgets.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

M:\VC511\Neuer Ordner\Haus\Favoriten\Shop\Auctions.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

M:\VC511\Neuer Ordner\Haus\Favoriten\Shop\Books.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

M:\VC511\Neuer Ordner\Haus\Favoriten\Shop\Computers.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

M:\VC511\Neuer Ordner\Haus\Favoriten\Shop\Discount.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

M:\VC511\Neuer Ordner\Haus\Favoriten\Shop\Flowers.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

M:\VC511\Neuer Ordner\Haus\Favoriten\Shop\Golf.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

M:\VC511\Neuer Ordner\Haus\Favoriten\Shop\Jewelry.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

M:\VC511\Neuer Ordner\Haus\Favoriten\Shop\Movies.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

M:\VC511\Neuer Ordner\Haus\Favoriten\Shop\Music.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

M:\VC511\Neuer Ordner\Haus\Favoriten\Shop\Online Store.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

M:\VC511\Neuer Ordner\Haus\Favoriten\Shop\Perfume.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

M:\VC511\Neuer Ordner\Haus\Favoriten\Shop\Sleepwear.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

M:\VC511\Neuer Ordner\Haus\Favoriten\Living\Dating.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

M:\VC511\Neuer Ordner\Haus\Favoriten\Living\Find a Degree.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

M:\VC511\Neuer Ordner\Haus\Favoriten\Living\Find a job.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

M:\VC511\Neuer Ordner\Haus\Favoriten\Living\Home.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

M:\VC511\Neuer Ordner\Haus\Favoriten\Living\Insurance.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

M:\VC511\Neuer Ordner\Haus\Favoriten\Going Places\Air Tickets.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

M:\VC511\Neuer Ordner\Haus\Favoriten\Going Places\Car Rentals.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

M:\VC511\Neuer Ordner\Haus\Favoriten\Going Places\Hotel Deals.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

M:\VC511\Neuer Ordner\Haus\Favoriten\Going Places\Luggage.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

M:\VC511\Neuer Ordner\Haus\Favoriten\Going Places\Travel.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

M:\VC511\Neuer Ordner\Haus\Favoriten\Fun & Games\Betting.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

M:\VC511\Neuer Ordner\Haus\Favoriten\Fun & Games\Casino Palace.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

M:\VC511\Neuer Ordner\Haus\Favoriten\Fun & Games\Casino.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

M:\VC511\Neuer Ordner\Haus\Favoriten\Fun & Games\Games.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

M:\VC511\Neuer Ordner\Haus\Favoriten\Fun & Games\Horoscope.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

M:\VC511\creditreform\Favoriten.zip        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

M:\Stick Corsair\Neuer Ordner\Haus\Favoriten\Technology\Adware Remover.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

M:\Stick Corsair\Neuer Ordner\Haus\Favoriten\Technology\Anti-Virus.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

M:\Stick Corsair\Neuer Ordner\Haus\Favoriten\Technology\PC Cleaner.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

M:\Stick Corsair\Neuer Ordner\Haus\Favoriten\Technology\Tech & gadgets.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

M:\Stick Corsair\Neuer Ordner\Haus\Favoriten\Shop\Auctions.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

M:\Stick Corsair\Neuer Ordner\Haus\Favoriten\Shop\Books.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

M:\Stick Corsair\Neuer Ordner\Haus\Favoriten\Shop\Computers.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

M:\Stick Corsair\Neuer Ordner\Haus\Favoriten\Shop\Discount.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

M:\Stick Corsair\Neuer Ordner\Haus\Favoriten\Shop\Flowers.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

M:\Stick Corsair\Neuer Ordner\Haus\Favoriten\Shop\Golf.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

M:\Stick Corsair\Neuer Ordner\Haus\Favoriten\Shop\Jewelry.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

M:\Stick Corsair\Neuer Ordner\Haus\Favoriten\Shop\Movies.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

M:\Stick Corsair\Neuer Ordner\Haus\Favoriten\Shop\Music.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

M:\Stick Corsair\Neuer Ordner\Haus\Favoriten\Shop\Online Store.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

M:\Stick Corsair\Neuer Ordner\Haus\Favoriten\Shop\Perfume.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

M:\Stick Corsair\Neuer Ordner\Haus\Favoriten\Shop\Sleepwear.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

M:\Stick Corsair\Neuer Ordner\Haus\Favoriten\Living\Dating.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

M:\Stick Corsair\Neuer Ordner\Haus\Favoriten\Living\Find a Degree.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

M:\Stick Corsair\Neuer Ordner\Haus\Favoriten\Living\Find a job.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

M:\Stick Corsair\Neuer Ordner\Haus\Favoriten\Living\Home.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

M:\Stick Corsair\Neuer Ordner\Haus\Favoriten\Living\Insurance.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

M:\Stick Corsair\Neuer Ordner\Haus\Favoriten\Going Places\Air Tickets.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

M:\Stick Corsair\Neuer Ordner\Haus\Favoriten\Going Places\Car Rentals.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

M:\Stick Corsair\Neuer Ordner\Haus\Favoriten\Going Places\Hotel Deals.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

M:\Stick Corsair\Neuer Ordner\Haus\Favoriten\Going Places\Luggage.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

M:\Stick Corsair\Neuer Ordner\Haus\Favoriten\Going Places\Travel.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

M:\Stick Corsair\Neuer Ordner\Haus\Favoriten\Fun & Games\Betting.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

M:\Stick Corsair\Neuer Ordner\Haus\Favoriten\Fun & Games\Casino Palace.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

M:\Stick Corsair\Neuer Ordner\Haus\Favoriten\Fun & Games\Casino.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

M:\Stick Corsair\Neuer Ordner\Haus\Favoriten\Fun & Games\Games.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

M:\Stick Corsair\Neuer Ordner\Haus\Favoriten\Fun & Games\Horoscope.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

M:\Stick\Haus Neu\Favoriten\Technology\Adware Remover.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

M:\Stick\Haus Neu\Favoriten\Technology\Anti-Virus.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

M:\Stick\Haus Neu\Favoriten\Technology\PC Cleaner.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

M:\Stick\Haus Neu\Favoriten\Technology\Tech & gadgets.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

M:\Stick\Haus Neu\Favoriten\Shop\Auctions.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

M:\Stick\Haus Neu\Favoriten\Shop\Books.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

M:\Stick\Haus Neu\Favoriten\Shop\Computers.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

M:\Stick\Haus Neu\Favoriten\Shop\Discount.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

M:\Stick\Haus Neu\Favoriten\Shop\Flowers.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

M:\Stick\Haus Neu\Favoriten\Shop\Golf.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

M:\Stick\Haus Neu\Favoriten\Shop\Jewelry.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

M:\Stick\Haus Neu\Favoriten\Shop\Movies.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

M:\Stick\Haus Neu\Favoriten\Shop\Music.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

M:\Stick\Haus Neu\Favoriten\Shop\Online Store.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

M:\Stick\Haus Neu\Favoriten\Shop\Perfume.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

M:\Stick\Haus Neu\Favoriten\Shop\Sleepwear.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

M:\Stick\Haus Neu\Favoriten\Living\Dating.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

M:\Stick\Haus Neu\Favoriten\Living\Find a Degree.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

M:\Stick\Haus Neu\Favoriten\Living\Find a job.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

M:\Stick\Haus Neu\Favoriten\Living\Home.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

M:\Stick\Haus Neu\Favoriten\Living\Insurance.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

M:\Stick\Haus Neu\Favoriten\Going Places\Air Tickets.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

M:\Stick\Haus Neu\Favoriten\Going Places\Car Rentals.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

M:\Stick\Haus Neu\Favoriten\Going Places\Hotel Deals.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

M:\Stick\Haus Neu\Favoriten\Going Places\Luggage.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

M:\Stick\Haus Neu\Favoriten\Going Places\Travel.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

M:\Stick\Haus Neu\Favoriten\Fun & Games\Betting.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

M:\Stick\Haus Neu\Favoriten\Fun & Games\Casino Palace.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

M:\Stick\Haus Neu\Favoriten\Fun & Games\Casino.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

M:\Stick\Haus Neu\Favoriten\Fun & Games\Games.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

M:\Stick\Haus Neu\Favoriten\Fun & Games\Horoscope.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

M:\Stick\Favoriten\Technology\Adware Remover.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

M:\Stick\Favoriten\Technology\Anti-Virus.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

M:\Stick\Favoriten\Technology\PC Cleaner.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

M:\Stick\Favoriten\Technology\Tech & gadgets.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

M:\Stick\Favoriten\Shop\Auctions.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

M:\Stick\Favoriten\Shop\Books.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

M:\Stick\Favoriten\Shop\Computers.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

M:\Stick\Favoriten\Shop\Discount.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

M:\Stick\Favoriten\Shop\Flowers.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

M:\Stick\Favoriten\Shop\Golf.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

M:\Stick\Favoriten\Shop\Jewelry.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

M:\Stick\Favoriten\Shop\Movies.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

M:\Stick\Favoriten\Shop\Music.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

M:\Stick\Favoriten\Shop\Online Store.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

M:\Stick\Favoriten\Shop\Perfume.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

M:\Stick\Favoriten\Shop\Sleepwear.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

M:\Stick\Favoriten\Living\Dating.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

M:\Stick\Favoriten\Living\Find a Degree.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

M:\Stick\Favoriten\Living\Find a job.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

M:\Stick\Favoriten\Living\Home.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

M:\Stick\Favoriten\Living\Insurance.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

M:\Stick\Favoriten\Going Places\Air Tickets.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

M:\Stick\Favoriten\Going Places\Car Rentals.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

M:\Stick\Favoriten\Going Places\Hotel Deals.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

M:\Stick\Favoriten\Going Places\Luggage.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

M:\Stick\Favoriten\Going Places\Travel.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

M:\Stick\Favoriten\Fun & Games\Betting.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

M:\Stick\Favoriten\Fun & Games\Casino Palace.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

M:\Stick\Favoriten\Fun & Games\Casino.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

M:\Stick\Favoriten\Fun & Games\Games.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

M:\Stick\Favoriten\Fun & Games\Horoscope.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

M:\Stick\stick_alt\Sonstiges\Favoriten\Technology\Adware Remover.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

M:\Stick\stick_alt\Sonstiges\Favoriten\Technology\Anti-Virus.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

M:\Stick\stick_alt\Sonstiges\Favoriten\Technology\PC Cleaner.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

M:\Stick\stick_alt\Sonstiges\Favoriten\Technology\Tech & gadgets.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

M:\Stick\stick_alt\Sonstiges\Favoriten\Shop\Auctions.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

M:\Stick\stick_alt\Sonstiges\Favoriten\Shop\Books.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

M:\Stick\stick_alt\Sonstiges\Favoriten\Shop\Computers.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

M:\Stick\stick_alt\Sonstiges\Favoriten\Shop\Discount.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

M:\Stick\stick_alt\Sonstiges\Favoriten\Shop\Flowers.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

M:\Stick\stick_alt\Sonstiges\Favoriten\Shop\Golf.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

M:\Stick\stick_alt\Sonstiges\Favoriten\Shop\Jewelry.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

M:\Stick\stick_alt\Sonstiges\Favoriten\Shop\Movies.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

M:\Stick\stick_alt\Sonstiges\Favoriten\Shop\Music.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

M:\Stick\stick_alt\Sonstiges\Favoriten\Shop\Online Store.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

M:\Stick\stick_alt\Sonstiges\Favoriten\Shop\Perfume.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

M:\Stick\stick_alt\Sonstiges\Favoriten\Shop\Sleepwear.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

M:\Stick\stick_alt\Sonstiges\Favoriten\Living\Dating.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

M:\Stick\stick_alt\Sonstiges\Favoriten\Living\Find a Degree.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

M:\Stick\stick_alt\Sonstiges\Favoriten\Living\Find a job.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

M:\Stick\stick_alt\Sonstiges\Favoriten\Living\Home.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

M:\Stick\stick_alt\Sonstiges\Favoriten\Living\Insurance.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

M:\Stick\stick_alt\Sonstiges\Favoriten\Going Places\Air Tickets.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

M:\Stick\stick_alt\Sonstiges\Favoriten\Going Places\Car Rentals.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

M:\Stick\stick_alt\Sonstiges\Favoriten\Going Places\Hotel Deals.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

M:\Stick\stick_alt\Sonstiges\Favoriten\Going Places\Luggage.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

M:\Stick\stick_alt\Sonstiges\Favoriten\Going Places\Travel.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

M:\Stick\stick_alt\Sonstiges\Favoriten\Fun & Games\Betting.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

M:\Stick\stick_alt\Sonstiges\Favoriten\Fun & Games\Casino Palace.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

M:\Stick\stick_alt\Sonstiges\Favoriten\Fun & Games\Casino.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

M:\Stick\stick_alt\Sonstiges\Favoriten\Fun & Games\Games.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

M:\Stick\stick_alt\Sonstiges\Favoriten\Fun & Games\Horoscope.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

M:\Stick\stick_alt\Fav neu\Favoriten\Technology\Adware Remover.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

M:\Stick\stick_alt\Fav neu\Favoriten\Technology\Anti-Virus.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

M:\Stick\stick_alt\Fav neu\Favoriten\Technology\PC Cleaner.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

M:\Stick\stick_alt\Fav neu\Favoriten\Technology\Tech & gadgets.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

M:\Stick\stick_alt\Fav neu\Favoriten\Shop\Auctions.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

M:\Stick\stick_alt\Fav neu\Favoriten\Shop\Books.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

M:\Stick\stick_alt\Fav neu\Favoriten\Shop\Computers.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

M:\Stick\stick_alt\Fav neu\Favoriten\Shop\Discount.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

M:\Stick\stick_alt\Fav neu\Favoriten\Shop\Flowers.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

M:\Stick\stick_alt\Fav neu\Favoriten\Shop\Golf.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

M:\Stick\stick_alt\Fav neu\Favoriten\Shop\Jewelry.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

M:\Stick\stick_alt\Fav neu\Favoriten\Shop\Movies.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

M:\Stick\stick_alt\Fav neu\Favoriten\Shop\Music.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

M:\Stick\stick_alt\Fav neu\Favoriten\Shop\Online Store.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

M:\Stick\stick_alt\Fav neu\Favoriten\Shop\Perfume.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

M:\Stick\stick_alt\Fav neu\Favoriten\Shop\Sleepwear.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

M:\Stick\stick_alt\Fav neu\Favoriten\Living\Dating.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

M:\Stick\stick_alt\Fav neu\Favoriten\Living\Find a Degree.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

M:\Stick\stick_alt\Fav neu\Favoriten\Living\Find a job.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

M:\Stick\stick_alt\Fav neu\Favoriten\Living\Home.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

M:\Stick\stick_alt\Fav neu\Favoriten\Living\Insurance.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

M:\Stick\stick_alt\Fav neu\Favoriten\Going Places\Air Tickets.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

M:\Stick\stick_alt\Fav neu\Favoriten\Going Places\Car Rentals.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

M:\Stick\stick_alt\Fav neu\Favoriten\Going Places\Hotel Deals.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

M:\Stick\stick_alt\Fav neu\Favoriten\Going Places\Luggage.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

M:\Stick\stick_alt\Fav neu\Favoriten\Going Places\Travel.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

M:\Stick\stick_alt\Fav neu\Favoriten\Fun & Games\Betting.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

M:\Stick\stick_alt\Fav neu\Favoriten\Fun & Games\Casino Palace.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

M:\Stick\stick_alt\Fav neu\Favoriten\Fun & Games\Casino.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

M:\Stick\stick_alt\Fav neu\Favoriten\Fun & Games\Games.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

M:\Stick\stick_alt\Fav neu\Favoriten\Fun & Games\Horoscope.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

M:\20110215 mit Hochzeit und Lequöre\bilder\Bilder\bilder\Software\SoftonicDownloader50481.exe        a variant of Win32/SoftonicDownloader.A application (unable to clean)        00000000000000000000000000000000        I

${Memory}        a variant of Win32/Toolbar.SearchSuite application        00000000000000000000000000000000        I

ESETSmartInstaller@High as downloader log:

all ok

# version=7

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=f2b4fd59fecc6d4cb474400ce6aeebe7

# end=finished

# remove_checked=false

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2012-11-09 06:29:34

# local_time=2012-11-09 07:29:34 (+0100, Mitteleuropäische Zeit)

# country="Germany"

# lang=1033

# osver=6.1.7601 NT Service Pack 1

# compatibility_mode=1792 16777215 100 0 0 0 0 0

# compatibility_mode=5893 16776573 100 94 46227 104029472 0 0

# compatibility_mode=8192 67108863 100 0 1169283 1169283 0 0

# scanned=395380

# found=388

# cleaned=0

# scan_time=42952

C:\Program Files (x86)\iMesh Applications\Mediabar\Datamngr\datamngr.dll        a variant of Win32/Toolbar.SearchSuite application (unable to clean)        00000000000000000000000000000000        I

C:\Program Files (x86)\iMesh Applications\Mediabar\Datamngr\datamngrUI.exe        a variant of Win32/Toolbar.SearchSuite.A application (unable to clean)        00000000000000000000000000000000        I

C:\Program Files (x86)\iMesh Applications\Mediabar\Datamngr\DnsBHO.dll        a variant of Win32/Toolbar.SearchSuite application (unable to clean)        00000000000000000000000000000000        I

C:\Program Files (x86)\iMesh Applications\Mediabar\Datamngr\IEBHO.dll        a variant of Win32/Toolbar.SearchSuite application (unable to clean)        00000000000000000000000000000000        I

C:\Users\derneuste\AppData\Local\Temp\biclient.exe        a variant of Win32/Somoto.A application (unable to clean)        00000000000000000000000000000000        I

C:\Users\derneuste\Downloads\SoftonicDownloader_fuer_album-cover-finder.exe        Win32/SoftonicDownloader.C application (unable to clean)        00000000000000000000000000000000        I

C:\Users\derneuste\Downloads\SoftonicDownloader_fuer_tagscanner.exe        Win32/SoftonicDownloader.C application (unable to clean)        00000000000000000000000000000000        I

C:\Users\derneuste\Local Settings\Application Data\7-Zip Uninstaller\biclient.exe        a variant of Win32/Somoto.A application (unable to clean)        00000000000000000000000000000000        I

E:\Laptop 25122010\Favoriten\Rest\computer\Sonstiges1\Fun & Games\Betting.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

E:\Laptop 25122010\Favoriten\Rest\computer\Sonstiges1\Fun & Games\Casino Palace.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

E:\Laptop 25122010\Favoriten\Rest\computer\Sonstiges1\Fun & Games\Casino.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

E:\Laptop 25122010\Favoriten\Rest\computer\Sonstiges1\Fun & Games\Games.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

E:\Laptop 25122010\Favoriten\Rest\computer\Sonstiges1\Fun & Games\Horoscope.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

E:\Laptop 25122010\Favoriten\Rest\computer\Sonstiges1\Going Places\Air Tickets.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

E:\Laptop 25122010\Favoriten\Rest\computer\Sonstiges1\Going Places\Car Rentals.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

E:\Laptop 25122010\Favoriten\Rest\computer\Sonstiges1\Going Places\Hotel Deals.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

E:\Laptop 25122010\Favoriten\Rest\computer\Sonstiges1\Going Places\Luggage.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

E:\Laptop 25122010\Favoriten\Rest\computer\Sonstiges1\Going Places\Travel.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

E:\Laptop 25122010\Favoriten\Rest\computer\Sonstiges1\Living\Dating.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

E:\Laptop 25122010\Favoriten\Rest\computer\Sonstiges1\Living\Find a Degree.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

E:\Laptop 25122010\Favoriten\Rest\computer\Sonstiges1\Living\Find a job.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

E:\Laptop 25122010\Favoriten\Rest\computer\Sonstiges1\Living\Home.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

E:\Laptop 25122010\Favoriten\Rest\computer\Sonstiges1\Living\Insurance.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

E:\Laptop 25122010\Favoriten\Rest\computer\Sonstiges1\Shop\Auctions.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

E:\Laptop 25122010\Favoriten\Rest\computer\Sonstiges1\Shop\Books.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

E:\Laptop 25122010\Favoriten\Rest\computer\Sonstiges1\Shop\Computers.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

E:\Laptop 25122010\Favoriten\Rest\computer\Sonstiges1\Shop\Discount.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

E:\Laptop 25122010\Favoriten\Rest\computer\Sonstiges1\Shop\Flowers.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

E:\Laptop 25122010\Favoriten\Rest\computer\Sonstiges1\Shop\Golf.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

E:\Laptop 25122010\Favoriten\Rest\computer\Sonstiges1\Shop\Jewelry.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

E:\Laptop 25122010\Favoriten\Rest\computer\Sonstiges1\Shop\Movies.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

E:\Laptop 25122010\Favoriten\Rest\computer\Sonstiges1\Shop\Music.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

E:\Laptop 25122010\Favoriten\Rest\computer\Sonstiges1\Shop\Online Store.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

E:\Laptop 25122010\Favoriten\Rest\computer\Sonstiges1\Shop\Perfume.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

E:\Laptop 25122010\Favoriten\Rest\computer\Sonstiges1\Shop\Sleepwear.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

E:\Laptop 25122010\Favoriten\Rest\computer\Sonstiges1\Sonstiges\Fun & Games\Betting.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

E:\Laptop 25122010\Favoriten\Rest\computer\Sonstiges1\Sonstiges\Fun & Games\Casino Palace.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

E:\Laptop 25122010\Favoriten\Rest\computer\Sonstiges1\Sonstiges\Fun & Games\Casino.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

E:\Laptop 25122010\Favoriten\Rest\computer\Sonstiges1\Sonstiges\Fun & Games\Games.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

E:\Laptop 25122010\Favoriten\Rest\computer\Sonstiges1\Sonstiges\Fun & Games\Horoscope.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

E:\Laptop 25122010\Favoriten\Rest\computer\Sonstiges1\Sonstiges\Going Places\Air Tickets.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

E:\Laptop 25122010\Favoriten\Rest\computer\Sonstiges1\Sonstiges\Going Places\Car Rentals.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

E:\Laptop 25122010\Favoriten\Rest\computer\Sonstiges1\Sonstiges\Going Places\Hotel Deals.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

E:\Laptop 25122010\Favoriten\Rest\computer\Sonstiges1\Sonstiges\Going Places\Luggage.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

E:\Laptop 25122010\Favoriten\Rest\computer\Sonstiges1\Sonstiges\Going Places\Travel.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

E:\Laptop 25122010\Favoriten\Rest\computer\Sonstiges1\Sonstiges\Living\Dating.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

E:\Laptop 25122010\Favoriten\Rest\computer\Sonstiges1\Sonstiges\Living\Find a Degree.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

E:\Laptop 25122010\Favoriten\Rest\computer\Sonstiges1\Sonstiges\Living\Find a job.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

E:\Laptop 25122010\Favoriten\Rest\computer\Sonstiges1\Sonstiges\Living\Home.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

E:\Laptop 25122010\Favoriten\Rest\computer\Sonstiges1\Sonstiges\Living\Insurance.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

E:\Laptop 25122010\Favoriten\Rest\computer\Sonstiges1\Sonstiges\Shop\Auctions.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

E:\Laptop 25122010\Favoriten\Rest\computer\Sonstiges1\Sonstiges\Shop\Books.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

E:\Laptop 25122010\Favoriten\Rest\computer\Sonstiges1\Sonstiges\Shop\Computers.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

E:\Laptop 25122010\Favoriten\Rest\computer\Sonstiges1\Sonstiges\Shop\Discount.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

E:\Laptop 25122010\Favoriten\Rest\computer\Sonstiges1\Sonstiges\Shop\Flowers.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

E:\Laptop 25122010\Favoriten\Rest\computer\Sonstiges1\Sonstiges\Shop\Golf.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

E:\Laptop 25122010\Favoriten\Rest\computer\Sonstiges1\Sonstiges\Shop\Jewelry.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

E:\Laptop 25122010\Favoriten\Rest\computer\Sonstiges1\Sonstiges\Shop\Movies.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

E:\Laptop 25122010\Favoriten\Rest\computer\Sonstiges1\Sonstiges\Shop\Music.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

E:\Laptop 25122010\Favoriten\Rest\computer\Sonstiges1\Sonstiges\Shop\Online Store.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

E:\Laptop 25122010\Favoriten\Rest\computer\Sonstiges1\Sonstiges\Shop\Perfume.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

E:\Laptop 25122010\Favoriten\Rest\computer\Sonstiges1\Sonstiges\Shop\Sleepwear.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

E:\Laptop 25122010\Favoriten\Rest\computer\Sonstiges1\Sonstiges\Technology\Adware Remover.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

E:\Laptop 25122010\Favoriten\Rest\computer\Sonstiges1\Sonstiges\Technology\Anti-Virus.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

E:\Laptop 25122010\Favoriten\Rest\computer\Sonstiges1\Sonstiges\Technology\PC Cleaner.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

E:\Laptop 25122010\Favoriten\Rest\computer\Sonstiges1\Sonstiges\Technology\Tech & gadgets.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

E:\Laptop 25122010\Favoriten\Rest\computer\Sonstiges1\Technology\Adware Remover.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

E:\Laptop 25122010\Favoriten\Rest\computer\Sonstiges1\Technology\Anti-Virus.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

E:\Laptop 25122010\Favoriten\Rest\computer\Sonstiges1\Technology\PC Cleaner.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

E:\Laptop 25122010\Favoriten\Rest\computer\Sonstiges1\Technology\Tech & gadgets.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

E:\Laptop 25122010\Favoriten\Rest\Fun & Games\Betting.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

E:\Laptop 25122010\Favoriten\Rest\Fun & Games\Casino Palace.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

E:\Laptop 25122010\Favoriten\Rest\Fun & Games\Casino.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

E:\Laptop 25122010\Favoriten\Rest\Fun & Games\Games.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

E:\Laptop 25122010\Favoriten\Rest\Fun & Games\Horoscope.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

E:\Laptop 25122010\Favoriten\Rest\Going Places\Air Tickets.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

E:\Laptop 25122010\Favoriten\Rest\Going Places\Car Rentals.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

E:\Laptop 25122010\Favoriten\Rest\Going Places\Hotel Deals.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

E:\Laptop 25122010\Favoriten\Rest\Going Places\Luggage.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

E:\Laptop 25122010\Favoriten\Rest\Going Places\Travel.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

E:\Laptop 25122010\Favoriten\Rest\Living\Dating.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

E:\Laptop 25122010\Favoriten\Rest\Living\Find a Degree.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

E:\Laptop 25122010\Favoriten\Rest\Living\Find a job.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

E:\Laptop 25122010\Favoriten\Rest\Living\Home.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

E:\Laptop 25122010\Favoriten\Rest\Living\Insurance.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

E:\Laptop 25122010\Favoriten\Rest\Shop\Auctions.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

E:\Laptop 25122010\Favoriten\Rest\Shop\Books.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

E:\Laptop 25122010\Favoriten\Rest\Shop\Computers.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

E:\Laptop 25122010\Favoriten\Rest\Shop\Discount.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

E:\Laptop 25122010\Favoriten\Rest\Shop\Flowers.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

E:\Laptop 25122010\Favoriten\Rest\Shop\Golf.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

E:\Laptop 25122010\Favoriten\Rest\Shop\Jewelry.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

E:\Laptop 25122010\Favoriten\Rest\Shop\Movies.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

E:\Laptop 25122010\Favoriten\Rest\Shop\Music.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

E:\Laptop 25122010\Favoriten\Rest\Shop\Online Store.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

E:\Laptop 25122010\Favoriten\Rest\Shop\Perfume.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

E:\Laptop 25122010\Favoriten\Rest\Shop\Sleepwear.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

E:\Laptop 25122010\Favoriten\Rest\Sonstiges08\Fun & Games\Betting.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

E:\Laptop 25122010\Favoriten\Rest\Sonstiges08\Fun & Games\Casino Palace.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

E:\Laptop 25122010\Favoriten\Rest\Sonstiges08\Fun & Games\Casino.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

E:\Laptop 25122010\Favoriten\Rest\Sonstiges08\Fun & Games\Games.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

E:\Laptop 25122010\Favoriten\Rest\Sonstiges08\Fun & Games\Horoscope.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

E:\Laptop 25122010\Favoriten\Rest\Sonstiges08\Going Places\Air Tickets.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

E:\Laptop 25122010\Favoriten\Rest\Sonstiges08\Going Places\Car Rentals.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

E:\Laptop 25122010\Favoriten\Rest\Sonstiges08\Going Places\Hotel Deals.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

E:\Laptop 25122010\Favoriten\Rest\Sonstiges08\Going Places\Luggage.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

E:\Laptop 25122010\Favoriten\Rest\Sonstiges08\Going Places\Travel.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

E:\Laptop 25122010\Favoriten\Rest\Sonstiges08\Living\Dating.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

E:\Laptop 25122010\Favoriten\Rest\Sonstiges08\Living\Find a Degree.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

E:\Laptop 25122010\Favoriten\Rest\Sonstiges08\Living\Find a job.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

E:\Laptop 25122010\Favoriten\Rest\Sonstiges08\Living\Home.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

E:\Laptop 25122010\Favoriten\Rest\Sonstiges08\Living\Insurance.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

E:\Laptop 25122010\Favoriten\Rest\Sonstiges08\Shop\Auctions.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

E:\Laptop 25122010\Favoriten\Rest\Sonstiges08\Shop\Books.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

E:\Laptop 25122010\Favoriten\Rest\Sonstiges08\Shop\Computers.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

E:\Laptop 25122010\Favoriten\Rest\Sonstiges08\Shop\Discount.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

E:\Laptop 25122010\Favoriten\Rest\Sonstiges08\Shop\Flowers.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

E:\Laptop 25122010\Favoriten\Rest\Sonstiges08\Shop\Golf.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

E:\Laptop 25122010\Favoriten\Rest\Sonstiges08\Shop\Jewelry.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

E:\Laptop 25122010\Favoriten\Rest\Sonstiges08\Shop\Movies.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

E:\Laptop 25122010\Favoriten\Rest\Sonstiges08\Shop\Music.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

E:\Laptop 25122010\Favoriten\Rest\Sonstiges08\Shop\Online Store.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

E:\Laptop 25122010\Favoriten\Rest\Sonstiges08\Shop\Perfume.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

E:\Laptop 25122010\Favoriten\Rest\Sonstiges08\Shop\Sleepwear.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

E:\Laptop 25122010\Favoriten\Rest\Sonstiges08\Technology\Adware Remover.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

E:\Laptop 25122010\Favoriten\Rest\Sonstiges08\Technology\Anti-Virus.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

E:\Laptop 25122010\Favoriten\Rest\Sonstiges08\Technology\PC Cleaner.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

E:\Laptop 25122010\Favoriten\Rest\Sonstiges08\Technology\Tech & gadgets.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

E:\Laptop 25122010\Favoriten\Rest\Sonstiges1\Fun & Games\Betting.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

E:\Laptop 25122010\Favoriten\Rest\Sonstiges1\Fun & Games\Casino Palace.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

E:\Laptop 25122010\Favoriten\Rest\Sonstiges1\Fun & Games\Casino.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

E:\Laptop 25122010\Favoriten\Rest\Sonstiges1\Fun & Games\Games.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

E:\Laptop 25122010\Favoriten\Rest\Sonstiges1\Fun & Games\Horoscope.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

E:\Laptop 25122010\Favoriten\Rest\Sonstiges1\Going Places\Air Tickets.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

E:\Laptop 25122010\Favoriten\Rest\Sonstiges1\Going Places\Car Rentals.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

E:\Laptop 25122010\Favoriten\Rest\Sonstiges1\Going Places\Hotel Deals.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

E:\Laptop 25122010\Favoriten\Rest\Sonstiges1\Going Places\Luggage.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

E:\Laptop 25122010\Favoriten\Rest\Sonstiges1\Going Places\Travel.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

E:\Laptop 25122010\Favoriten\Rest\Sonstiges1\Living\Dating.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

E:\Laptop 25122010\Favoriten\Rest\Sonstiges1\Living\Find a Degree.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

E:\Laptop 25122010\Favoriten\Rest\Sonstiges1\Living\Find a job.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

E:\Laptop 25122010\Favoriten\Rest\Sonstiges1\Living\Home.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

E:\Laptop 25122010\Favoriten\Rest\Sonstiges1\Living\Insurance.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

E:\Laptop 25122010\Favoriten\Rest\Sonstiges1\Shop\Auctions.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

E:\Laptop 25122010\Favoriten\Rest\Sonstiges1\Shop\Books.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

E:\Laptop 25122010\Favoriten\Rest\Sonstiges1\Shop\Computers.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

E:\Laptop 25122010\Favoriten\Rest\Sonstiges1\Shop\Discount.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

E:\Laptop 25122010\Favoriten\Rest\Sonstiges1\Shop\Flowers.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

E:\Laptop 25122010\Favoriten\Rest\Sonstiges1\Shop\Golf.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

E:\Laptop 25122010\Favoriten\Rest\Sonstiges1\Shop\Jewelry.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

E:\Laptop 25122010\Favoriten\Rest\Sonstiges1\Shop\Movies.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

E:\Laptop 25122010\Favoriten\Rest\Sonstiges1\Shop\Music.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

E:\Laptop 25122010\Favoriten\Rest\Sonstiges1\Shop\Online Store.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

E:\Laptop 25122010\Favoriten\Rest\Sonstiges1\Shop\Perfume.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

E:\Laptop 25122010\Favoriten\Rest\Sonstiges1\Shop\Sleepwear.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

E:\Laptop 25122010\Favoriten\Rest\Sonstiges1\Sonstiges\Fun & Games\Betting.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

E:\Laptop 25122010\Favoriten\Rest\Sonstiges1\Sonstiges\Fun & Games\Casino Palace.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

E:\Laptop 25122010\Favoriten\Rest\Sonstiges1\Sonstiges\Fun & Games\Casino.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

E:\Laptop 25122010\Favoriten\Rest\Sonstiges1\Sonstiges\Fun & Games\Games.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

E:\Laptop 25122010\Favoriten\Rest\Sonstiges1\Sonstiges\Fun & Games\Horoscope.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

E:\Laptop 25122010\Favoriten\Rest\Sonstiges1\Sonstiges\Going Places\Air Tickets.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

E:\Laptop 25122010\Favoriten\Rest\Sonstiges1\Sonstiges\Going Places\Car Rentals.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

E:\Laptop 25122010\Favoriten\Rest\Sonstiges1\Sonstiges\Going Places\Hotel Deals.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

E:\Laptop 25122010\Favoriten\Rest\Sonstiges1\Sonstiges\Going Places\Luggage.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

E:\Laptop 25122010\Favoriten\Rest\Sonstiges1\Sonstiges\Going Places\Travel.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

E:\Laptop 25122010\Favoriten\Rest\Sonstiges1\Sonstiges\Living\Dating.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

E:\Laptop 25122010\Favoriten\Rest\Sonstiges1\Sonstiges\Living\Find a Degree.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

E:\Laptop 25122010\Favoriten\Rest\Sonstiges1\Sonstiges\Living\Find a job.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

E:\Laptop 25122010\Favoriten\Rest\Sonstiges1\Sonstiges\Living\Home.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

E:\Laptop 25122010\Favoriten\Rest\Sonstiges1\Sonstiges\Living\Insurance.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

E:\Laptop 25122010\Favoriten\Rest\Sonstiges1\Sonstiges\Shop\Auctions.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

E:\Laptop 25122010\Favoriten\Rest\Sonstiges1\Sonstiges\Shop\Books.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

E:\Laptop 25122010\Favoriten\Rest\Sonstiges1\Sonstiges\Shop\Computers.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

E:\Laptop 25122010\Favoriten\Rest\Sonstiges1\Sonstiges\Shop\Discount.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

E:\Laptop 25122010\Favoriten\Rest\Sonstiges1\Sonstiges\Shop\Flowers.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

E:\Laptop 25122010\Favoriten\Rest\Sonstiges1\Sonstiges\Shop\Golf.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

E:\Laptop 25122010\Favoriten\Rest\Sonstiges1\Sonstiges\Shop\Jewelry.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

E:\Laptop 25122010\Favoriten\Rest\Sonstiges1\Sonstiges\Shop\Movies.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

E:\Laptop 25122010\Favoriten\Rest\Sonstiges1\Sonstiges\Shop\Music.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

E:\Laptop 25122010\Favoriten\Rest\Sonstiges1\Sonstiges\Shop\Online Store.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

E:\Laptop 25122010\Favoriten\Rest\Sonstiges1\Sonstiges\Shop\Perfume.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

E:\Laptop 25122010\Favoriten\Rest\Sonstiges1\Sonstiges\Shop\Sleepwear.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

E:\Laptop 25122010\Favoriten\Rest\Sonstiges1\Sonstiges\Technology\Adware Remover.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

E:\Laptop 25122010\Favoriten\Rest\Sonstiges1\Sonstiges\Technology\Anti-Virus.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

E:\Laptop 25122010\Favoriten\Rest\Sonstiges1\Sonstiges\Technology\PC Cleaner.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

E:\Laptop 25122010\Favoriten\Rest\Sonstiges1\Sonstiges\Technology\Tech & gadgets.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

E:\Laptop 25122010\Favoriten\Rest\Sonstiges1\Technology\Adware Remover.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

E:\Laptop 25122010\Favoriten\Rest\Sonstiges1\Technology\Anti-Virus.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

E:\Laptop 25122010\Favoriten\Rest\Sonstiges1\Technology\PC Cleaner.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

E:\Laptop 25122010\Favoriten\Rest\Sonstiges1\Technology\Tech & gadgets.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

E:\Laptop 25122010\Favoriten\Rest\Technology\Adware Remover.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

E:\Laptop 25122010\Favoriten\Rest\Technology\Anti-Virus.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

E:\Laptop 25122010\Favoriten\Rest\Technology\PC Cleaner.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

E:\Laptop 25122010\Favoriten\Rest\Technology\Tech & gadgets.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

J:\DERNEUSTE-PC\Backup Set 2012-10-21 190012\Backup Files 2012-10-21 190012\Backup files 15.zip        Win32/SoftonicDownloader.C application (unable to clean)        00000000000000000000000000000000        I

L:\DERNEUSTE-PC\Backup Set 2012-10-29 193113\Backup Files 2012-10-29 193113\Backup files 14.zip        a variant of Win32/Somoto.A application (unable to clean)        00000000000000000000000000000000        I

L:\DERNEUSTE-PC\Backup Set 2012-10-29 193113\Backup Files 2012-10-29 193113\Backup files 16.zip        Win32/SoftonicDownloader.C application (unable to clean)        00000000000000000000000000000000        I

M:\Musik\2010\Musik\Noch brennen\SoftonicDownloader_fuer_pdf-split-and-merge.exe        a variant of Win32/SoftonicDownloader.A application (unable to clean)        00000000000000000000000000000000        I

M:\Musik\2010\Musik\Noch brennen\SoftonicDownloader_fuer_pdf24-pdf-creator.exe        a variant of Win32/SoftonicDownloader.A application (unable to clean)        00000000000000000000000000000000        I

M:\bilder\Hochzeit\Software\SoftonicDownloader50481.exe        a variant of Win32/SoftonicDownloader.A application (unable to clean)        00000000000000000000000000000000        I

M:\VC511\Neuer Ordner\Haus\Favoriten\Technology\Adware Remover.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

M:\VC511\Neuer Ordner\Haus\Favoriten\Technology\Anti-Virus.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

M:\VC511\Neuer Ordner\Haus\Favoriten\Technology\PC Cleaner.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

M:\VC511\Neuer Ordner\Haus\Favoriten\Technology\Tech & gadgets.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

M:\VC511\Neuer Ordner\Haus\Favoriten\Shop\Auctions.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

M:\VC511\Neuer Ordner\Haus\Favoriten\Shop\Books.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

M:\VC511\Neuer Ordner\Haus\Favoriten\Shop\Computers.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

M:\VC511\Neuer Ordner\Haus\Favoriten\Shop\Discount.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

M:\VC511\Neuer Ordner\Haus\Favoriten\Shop\Flowers.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

M:\VC511\Neuer Ordner\Haus\Favoriten\Shop\Golf.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

M:\VC511\Neuer Ordner\Haus\Favoriten\Shop\Jewelry.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

M:\VC511\Neuer Ordner\Haus\Favoriten\Shop\Movies.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

M:\VC511\Neuer Ordner\Haus\Favoriten\Shop\Music.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

M:\VC511\Neuer Ordner\Haus\Favoriten\Shop\Online Store.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

M:\VC511\Neuer Ordner\Haus\Favoriten\Shop\Perfume.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

M:\VC511\Neuer Ordner\Haus\Favoriten\Shop\Sleepwear.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

M:\VC511\Neuer Ordner\Haus\Favoriten\Living\Dating.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

M:\VC511\Neuer Ordner\Haus\Favoriten\Living\Find a Degree.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

M:\VC511\Neuer Ordner\Haus\Favoriten\Living\Find a job.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

M:\VC511\Neuer Ordner\Haus\Favoriten\Living\Home.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

M:\VC511\Neuer Ordner\Haus\Favoriten\Living\Insurance.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

M:\VC511\Neuer Ordner\Haus\Favoriten\Going Places\Air Tickets.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

M:\VC511\Neuer Ordner\Haus\Favoriten\Going Places\Car Rentals.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

M:\VC511\Neuer Ordner\Haus\Favoriten\Going Places\Hotel Deals.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

M:\VC511\Neuer Ordner\Haus\Favoriten\Going Places\Luggage.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

M:\VC511\Neuer Ordner\Haus\Favoriten\Going Places\Travel.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

M:\VC511\Neuer Ordner\Haus\Favoriten\Fun & Games\Betting.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

M:\VC511\Neuer Ordner\Haus\Favoriten\Fun & Games\Casino Palace.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

M:\VC511\Neuer Ordner\Haus\Favoriten\Fun & Games\Casino.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

M:\VC511\Neuer Ordner\Haus\Favoriten\Fun & Games\Games.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

M:\VC511\Neuer Ordner\Haus\Favoriten\Fun & Games\Horoscope.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

M:\VC511\creditreform\Favoriten.zip        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

M:\Stick Corsair\Neuer Ordner\Haus\Favoriten\Technology\Adware Remover.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

M:\Stick Corsair\Neuer Ordner\Haus\Favoriten\Technology\Anti-Virus.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

M:\Stick Corsair\Neuer Ordner\Haus\Favoriten\Technology\PC Cleaner.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

M:\Stick Corsair\Neuer Ordner\Haus\Favoriten\Technology\Tech & gadgets.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

M:\Stick Corsair\Neuer Ordner\Haus\Favoriten\Shop\Auctions.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

M:\Stick Corsair\Neuer Ordner\Haus\Favoriten\Shop\Books.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

M:\Stick Corsair\Neuer Ordner\Haus\Favoriten\Shop\Computers.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

M:\Stick Corsair\Neuer Ordner\Haus\Favoriten\Shop\Discount.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

M:\Stick Corsair\Neuer Ordner\Haus\Favoriten\Shop\Flowers.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

M:\Stick Corsair\Neuer Ordner\Haus\Favoriten\Shop\Golf.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

M:\Stick Corsair\Neuer Ordner\Haus\Favoriten\Shop\Jewelry.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

M:\Stick Corsair\Neuer Ordner\Haus\Favoriten\Shop\Movies.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

M:\Stick Corsair\Neuer Ordner\Haus\Favoriten\Shop\Music.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

M:\Stick Corsair\Neuer Ordner\Haus\Favoriten\Shop\Online Store.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

M:\Stick Corsair\Neuer Ordner\Haus\Favoriten\Shop\Perfume.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

M:\Stick Corsair\Neuer Ordner\Haus\Favoriten\Shop\Sleepwear.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

M:\Stick Corsair\Neuer Ordner\Haus\Favoriten\Living\Dating.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

M:\Stick Corsair\Neuer Ordner\Haus\Favoriten\Living\Find a Degree.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

M:\Stick Corsair\Neuer Ordner\Haus\Favoriten\Living\Find a job.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

M:\Stick Corsair\Neuer Ordner\Haus\Favoriten\Living\Home.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

M:\Stick Corsair\Neuer Ordner\Haus\Favoriten\Living\Insurance.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

M:\Stick Corsair\Neuer Ordner\Haus\Favoriten\Going Places\Air Tickets.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

M:\Stick Corsair\Neuer Ordner\Haus\Favoriten\Going Places\Car Rentals.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

M:\Stick Corsair\Neuer Ordner\Haus\Favoriten\Going Places\Hotel Deals.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

M:\Stick Corsair\Neuer Ordner\Haus\Favoriten\Going Places\Luggage.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

M:\Stick Corsair\Neuer Ordner\Haus\Favoriten\Going Places\Travel.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

M:\Stick Corsair\Neuer Ordner\Haus\Favoriten\Fun & Games\Betting.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

M:\Stick Corsair\Neuer Ordner\Haus\Favoriten\Fun & Games\Casino Palace.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

M:\Stick Corsair\Neuer Ordner\Haus\Favoriten\Fun & Games\Casino.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

M:\Stick Corsair\Neuer Ordner\Haus\Favoriten\Fun & Games\Games.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

M:\Stick Corsair\Neuer Ordner\Haus\Favoriten\Fun & Games\Horoscope.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

M:\Stick\Haus Neu\Favoriten\Technology\Adware Remover.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

M:\Stick\Haus Neu\Favoriten\Technology\Anti-Virus.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

M:\Stick\Haus Neu\Favoriten\Technology\PC Cleaner.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

M:\Stick\Haus Neu\Favoriten\Technology\Tech & gadgets.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

M:\Stick\Haus Neu\Favoriten\Shop\Auctions.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

M:\Stick\Haus Neu\Favoriten\Shop\Books.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

M:\Stick\Haus Neu\Favoriten\Shop\Computers.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

M:\Stick\Haus Neu\Favoriten\Shop\Discount.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

M:\Stick\Haus Neu\Favoriten\Shop\Flowers.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

M:\Stick\Haus Neu\Favoriten\Shop\Golf.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

M:\Stick\Haus Neu\Favoriten\Shop\Jewelry.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

M:\Stick\Haus Neu\Favoriten\Shop\Movies.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

M:\Stick\Haus Neu\Favoriten\Shop\Music.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

M:\Stick\Haus Neu\Favoriten\Shop\Online Store.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

M:\Stick\Haus Neu\Favoriten\Shop\Perfume.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

M:\Stick\Haus Neu\Favoriten\Shop\Sleepwear.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

M:\Stick\Haus Neu\Favoriten\Living\Dating.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

M:\Stick\Haus Neu\Favoriten\Living\Find a Degree.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

M:\Stick\Haus Neu\Favoriten\Living\Find a job.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

M:\Stick\Haus Neu\Favoriten\Living\Home.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

M:\Stick\Haus Neu\Favoriten\Living\Insurance.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

M:\Stick\Haus Neu\Favoriten\Going Places\Air Tickets.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

M:\Stick\Haus Neu\Favoriten\Going Places\Car Rentals.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

M:\Stick\Haus Neu\Favoriten\Going Places\Hotel Deals.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

M:\Stick\Haus Neu\Favoriten\Going Places\Luggage.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

M:\Stick\Haus Neu\Favoriten\Going Places\Travel.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

M:\Stick\Haus Neu\Favoriten\Fun & Games\Betting.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

M:\Stick\Haus Neu\Favoriten\Fun & Games\Casino Palace.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

M:\Stick\Haus Neu\Favoriten\Fun & Games\Casino.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

M:\Stick\Haus Neu\Favoriten\Fun & Games\Games.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

M:\Stick\Haus Neu\Favoriten\Fun & Games\Horoscope.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

M:\Stick\Favoriten\Technology\Adware Remover.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

M:\Stick\Favoriten\Technology\Anti-Virus.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

M:\Stick\Favoriten\Technology\PC Cleaner.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

M:\Stick\Favoriten\Technology\Tech & gadgets.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

M:\Stick\Favoriten\Shop\Auctions.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

M:\Stick\Favoriten\Shop\Books.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

M:\Stick\Favoriten\Shop\Computers.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

M:\Stick\Favoriten\Shop\Discount.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

M:\Stick\Favoriten\Shop\Flowers.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

M:\Stick\Favoriten\Shop\Golf.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

M:\Stick\Favoriten\Shop\Jewelry.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

M:\Stick\Favoriten\Shop\Movies.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

M:\Stick\Favoriten\Shop\Music.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

M:\Stick\Favoriten\Shop\Online Store.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

M:\Stick\Favoriten\Shop\Perfume.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

M:\Stick\Favoriten\Shop\Sleepwear.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

M:\Stick\Favoriten\Living\Dating.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

M:\Stick\Favoriten\Living\Find a Degree.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

M:\Stick\Favoriten\Living\Find a job.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

M:\Stick\Favoriten\Living\Home.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

M:\Stick\Favoriten\Living\Insurance.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

M:\Stick\Favoriten\Going Places\Air Tickets.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

M:\Stick\Favoriten\Going Places\Car Rentals.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

M:\Stick\Favoriten\Going Places\Hotel Deals.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

M:\Stick\Favoriten\Going Places\Luggage.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

M:\Stick\Favoriten\Going Places\Travel.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

M:\Stick\Favoriten\Fun & Games\Betting.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

M:\Stick\Favoriten\Fun & Games\Casino Palace.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

M:\Stick\Favoriten\Fun & Games\Casino.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

M:\Stick\Favoriten\Fun & Games\Games.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

M:\Stick\Favoriten\Fun & Games\Horoscope.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

M:\Stick\stick_alt\Sonstiges\Favoriten\Technology\Adware Remover.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

M:\Stick\stick_alt\Sonstiges\Favoriten\Technology\Anti-Virus.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

M:\Stick\stick_alt\Sonstiges\Favoriten\Technology\PC Cleaner.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

M:\Stick\stick_alt\Sonstiges\Favoriten\Technology\Tech & gadgets.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

M:\Stick\stick_alt\Sonstiges\Favoriten\Shop\Auctions.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

M:\Stick\stick_alt\Sonstiges\Favoriten\Shop\Books.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

M:\Stick\stick_alt\Sonstiges\Favoriten\Shop\Computers.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

M:\Stick\stick_alt\Sonstiges\Favoriten\Shop\Discount.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

M:\Stick\stick_alt\Sonstiges\Favoriten\Shop\Flowers.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

M:\Stick\stick_alt\Sonstiges\Favoriten\Shop\Golf.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

M:\Stick\stick_alt\Sonstiges\Favoriten\Shop\Jewelry.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

M:\Stick\stick_alt\Sonstiges\Favoriten\Shop\Movies.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

M:\Stick\stick_alt\Sonstiges\Favoriten\Shop\Music.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

M:\Stick\stick_alt\Sonstiges\Favoriten\Shop\Online Store.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

M:\Stick\stick_alt\Sonstiges\Favoriten\Shop\Perfume.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

M:\Stick\stick_alt\Sonstiges\Favoriten\Shop\Sleepwear.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

M:\Stick\stick_alt\Sonstiges\Favoriten\Living\Dating.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

M:\Stick\stick_alt\Sonstiges\Favoriten\Living\Find a Degree.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

M:\Stick\stick_alt\Sonstiges\Favoriten\Living\Find a job.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

M:\Stick\stick_alt\Sonstiges\Favoriten\Living\Home.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

M:\Stick\stick_alt\Sonstiges\Favoriten\Living\Insurance.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

M:\Stick\stick_alt\Sonstiges\Favoriten\Going Places\Air Tickets.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

M:\Stick\stick_alt\Sonstiges\Favoriten\Going Places\Car Rentals.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

M:\Stick\stick_alt\Sonstiges\Favoriten\Going Places\Hotel Deals.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

M:\Stick\stick_alt\Sonstiges\Favoriten\Going Places\Luggage.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

M:\Stick\stick_alt\Sonstiges\Favoriten\Going Places\Travel.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

M:\Stick\stick_alt\Sonstiges\Favoriten\Fun & Games\Betting.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

M:\Stick\stick_alt\Sonstiges\Favoriten\Fun & Games\Casino Palace.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

M:\Stick\stick_alt\Sonstiges\Favoriten\Fun & Games\Casino.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

M:\Stick\stick_alt\Sonstiges\Favoriten\Fun & Games\Games.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

M:\Stick\stick_alt\Sonstiges\Favoriten\Fun & Games\Horoscope.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

M:\Stick\stick_alt\Fav neu\Favoriten\Technology\Adware Remover.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

M:\Stick\stick_alt\Fav neu\Favoriten\Technology\Anti-Virus.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

M:\Stick\stick_alt\Fav neu\Favoriten\Technology\PC Cleaner.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

M:\Stick\stick_alt\Fav neu\Favoriten\Technology\Tech & gadgets.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

M:\Stick\stick_alt\Fav neu\Favoriten\Shop\Auctions.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

M:\Stick\stick_alt\Fav neu\Favoriten\Shop\Books.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

M:\Stick\stick_alt\Fav neu\Favoriten\Shop\Computers.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

M:\Stick\stick_alt\Fav neu\Favoriten\Shop\Discount.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

M:\Stick\stick_alt\Fav neu\Favoriten\Shop\Flowers.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

M:\Stick\stick_alt\Fav neu\Favoriten\Shop\Golf.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

M:\Stick\stick_alt\Fav neu\Favoriten\Shop\Jewelry.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

M:\Stick\stick_alt\Fav neu\Favoriten\Shop\Movies.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

M:\Stick\stick_alt\Fav neu\Favoriten\Shop\Music.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

M:\Stick\stick_alt\Fav neu\Favoriten\Shop\Online Store.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

M:\Stick\stick_alt\Fav neu\Favoriten\Shop\Perfume.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

M:\Stick\stick_alt\Fav neu\Favoriten\Shop\Sleepwear.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

M:\Stick\stick_alt\Fav neu\Favoriten\Living\Dating.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

M:\Stick\stick_alt\Fav neu\Favoriten\Living\Find a Degree.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

M:\Stick\stick_alt\Fav neu\Favoriten\Living\Find a job.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

M:\Stick\stick_alt\Fav neu\Favoriten\Living\Home.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

M:\Stick\stick_alt\Fav neu\Favoriten\Living\Insurance.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

M:\Stick\stick_alt\Fav neu\Favoriten\Going Places\Air Tickets.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

M:\Stick\stick_alt\Fav neu\Favoriten\Going Places\Car Rentals.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

M:\Stick\stick_alt\Fav neu\Favoriten\Going Places\Hotel Deals.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

M:\Stick\stick_alt\Fav neu\Favoriten\Going Places\Luggage.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

M:\Stick\stick_alt\Fav neu\Favoriten\Going Places\Travel.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

M:\Stick\stick_alt\Fav neu\Favoriten\Fun & Games\Betting.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

M:\Stick\stick_alt\Fav neu\Favoriten\Fun & Games\Casino Palace.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

M:\Stick\stick_alt\Fav neu\Favoriten\Fun & Games\Casino.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

M:\Stick\stick_alt\Fav neu\Favoriten\Fun & Games\Games.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

M:\Stick\stick_alt\Fav neu\Favoriten\Fun & Games\Horoscope.lnk        LNK/URL.B trojan (unable to clean)        00000000000000000000000000000000        I

M:\20110215 mit Hochzeit \bilder\Bilder\bilder\Software\SoftonicDownloader50481.exe        a variant of Win32/SoftonicDownloader.A application (unable to clean)        00000000000000000000000000000000        I

Und Malwarebyte ....

Code:

Malwarebytes Anti-Malware 1.65.1.1000

www.malwarebytes.org
 

Datenbank Version: v2012.11.07.08
 

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

derneuste :: DERNEUSTE-PC [Administrator]
 

09.11.2012 17:57:34

mbam-log-2012-11-09 (17-57-34).txt
 

Art des Suchlaufs: Quick-Scan

Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM

Deaktivierte Suchlaufeinstellungen: P2P

Durchsuchte Objekte: 247208

Laufzeit: 2 Minute(n), 11 Sekunde(n)
 

Infizierte Speicherprozesse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Speichermodule: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungsschlüssel: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungswerte: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateiobjekte der Registrierung: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Verzeichnisse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateien: 0

(Keine bösartigen Objekte gefunden)
 

(Ende)

Eset hat 380 Schädlinge gefunden. Die lösche ich jetzt erst mal.
malwarebyte, vermutlich weil es nicht alle angeschlossenen LW gescannt hat, hat nichts gefunden...

Gruss
Dz

Hast du dir auch mal angeschaut was da für Funde bei waren
Sehr viel Müll war dabei, woher diese ganzen Verknüpfungen (.lnk Dateien) kommen kannst nur du wissen.

Ein paar Überreste und auch etwas von Softonic :pfui:

Finger weg von Softonic!!
Softonic ist eine Toolbar- und Adwareschleuder! Finger weg! Software lädt man sich mit oberster Priorität direkt vom Hersteller oder von Filepony aber nicht von solchen Toolbarklitschen wie Softonic!

Hallo Cosinus,

ich bin da schon eher vorsichtig. Chip.de und Pc-welt sind auch OK.
Habe keine einzige Tollbar.
Die installieren sich aber schon mal, wenn man unaufmerksam sich durch eine Installationsroutine klickt...
Dennoch danke für den Rat.

Wie geht es jetzt weiter ?
Seit den letzten 10 Boots gabs auch keine Probleme mehr...
Ist er geheilt ?

Schönen Samstag ggf auch WE
dz

Sieht sonst soweit alles ok aus

Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat.

Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller
Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird.

Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?

Hallo Cosinus,

danke erst mal für Deine Hilfe(n)....
Habe heute nacht noch mal malwarebyte drüber laufen lassen - keine Funde...
Das System schein sauber zu sein.

habe jetzt nur noch das Problem, dass der PC, seit den Attacken, einige meiner (neueren) Sticks und meine neue externe FP nicht erkennt, andere, die er schon von vorher kannte, funktionieren einwandfrei ...
Bin mal gespannt, ob die Kiste auch weiterhin läuft, wenn ich den Graphikkartentreiber wieder installiert habe. Den habe ich ja anfänglich ins Nirvana geschickt...

Aber da bin ich gerade dran Chipsatz und Motherboard etc. Unterlagen zu bekommen...

Weenn Du noch eine einfacherer Idee hast, die externen Speicher ans Laufen zu bringen, ich bin für alles offen.

Ansonsten werde ich Dich auf dem Laufenden halten ...

Vielen lieben dank, werde Dich/Euch weiterempfehlen...

Derzapfer

Zitat:

einige meiner (neueren) Sticks und meine neue externe FP nicht erkennt,

Ist mir ein wenig zu unkonkret. Wo erscheinen diese Datenträger denn nicht? Als Laufwerk? Werden sie in der Datenträgerverwatung angezeigt?

Wenn ich meine neue externe TB Festplatte über das y-Kabel an USB anschliesse, leuchtet die On/Off Diode der FP dauerhaft auf, der PC quittiert die ganze Sache aber nur mit einem (negativen) Ton. Diese FP taucht werder im Explorer noch in der Datenträgerverwaltung auf. Habe schon alle Kombinationen von USB-Buchsen und dem y-Steckern versucht. Immer das gleiche. Habe andere externen Festplatten an den USB-Schnittstellen angeschlossen, die haben funktioniert. Die Funktioneren allerdings sowieso an dem PC.
Habe die TB FP mit zur Arbeit genommen, und dort an diverse PCs gehängt, hat immer sofort funktioniert...
Werde heute mal die alle Treiber neu installieren und dann wieder berichten.
gruss
dz

Teste die Problemplatte mal an diesem PC, aber nicht unter Windows sondern mit einem Live-System wie zB Xubuntu oder Knoppix

Klappt alles wie es sollte...
In der Datenträgerverwaltung am VirenPC tauchen immer 4 Laufwerke auf, die sich zwar deaktivieren und deinstallieren lassen, aber sobald ich dann am USB Port rumfummele, sind alle 4 Laufwerke wieder da, obwohl nichts angeschlossen ist.
Ggf. hat hat das ursächlich was damit zu tun, dass ich keine neue FP anschliessen kann ...

Gruss
dz

Zitat:

Klappt alles wie es sollte...

Und Linux? Am Problem-PC?

Zitat:

In der Datenträgerverwaltung am VirenPC tauchen immer 4 Laufwerke auf, die sich zwar deaktivieren und deinstallieren lassen, aber sobald ich dann am USB Port rumfummele, sind alle 4 Laufwerke wieder da, obwohl nichts angeschlossen ist.

Das bitte soll man jetzt wie verstehen?
Was soll man in der Datenträgerverwaltung deaktivieren?
Reden wir aneinander irgendwie vorbei?

Sorry...
Externe Festplatte funktioniert überall, nur nihct an meinem PC.
An meinem PC wird die Platte, wie auch einige (nicht alle) Sticks, weder im Explorer noch in der Datenträgerverwaltung angezeigt.
In dieser datenträgerverwaltung sind noch vier "Laufwerksleichen" zu finden.
Leichen desshalb, weil keine entsprechende Hardware angeschlossen ist.
Diese habe ich versucht mit "rechter Maustaste" auf Laufwerk zu deinstallieren und zu deaktivieren und so aus der datenträgerverwaltung zu löschen.
hat auch funktioniert, bis ich wieder etwas an einen USB Port angeschlossen habe, dann waren alle 4 Laufwerkseinträge wieder in der DTV.

Ich hoffe ich konnte mich jetzt klarer ausdrücken ...

Druss dz

Bevor wir noch weiter dranvorbeireden und du evtl. das was die Datenträgerbezeichnung anzeigt falsch interpretierst, wäre es wohl günstiger du stellst einen Screenshot hier uns zur Verfügung :)

Guten morgen Cosinus

Wie hänge ich Graphiken an, die ich lokal gespeichert habe ?

Gruss dz

Das sind drei Datenträger. Datenträger0 ist eine interne Festplatte. Warum hat die vier Partitionen? Zwei Primäre, dann eine erweiterte und dann wieder eine primäre Partition?

Was ist Datenträger1 (Laufwerk L: ) und Datenträger2 (Laufwerk M: ) ?

Hallo Cosinus,

Du willst es aber genau wissen...
Die Interne FP ist eine Interne Festplatte, was soll ich Dir dazu sagen ?
Ich habe die mit Boardmitteln partitioniert (System, Programme, Daten), wir sprachen schon mal drüber. Die vierte kommt aus dem Nirvana, habe ich nichts mit zu tun.
Die anderen beiden L und M sind meine funktionierenden externen Festplatten.
So weit die Infos zu den funktionierenden Dingen.
Mich interessiert viel mehr, was mit den anderen vier Einträgen ist, die ich nihct weg bekomme, bzw. die immer wieder auftauchen....

Gruss
dz

Zitat:

Die Interne FP ist eine Interne Festplatte, was soll ich Dir dazu sagen ?

Es geht mir eher um das nicht nachzuvollziehende Partitionsschema

Zitat:

Ich habe die mit Boardmitteln partitioniert (System, Programme, Daten),

Programme auf eine eigene Partition zu installieren macht keinen Sinn
Bei der Installation wird immer auch was auf die Systempartition abgelegt
Programmrelevante Einstellungen vom User gesetzt sind selbstverständlich im Userprofil, dass eben auch in den meisten Fällen auf der Systempartition aber auf keinen Fall im Programmverzeichnis ist (es sei denn man hat das üblicherweise ältere Programm so eingestellt, dass es seine Konfig da ablegt, das sollte man aber in heutiger Zeit nicht mehr machen!)

Zitat:

Die vierte kommt aus dem Nirvana, habe ich nichts mit zu tun.

Was heißt aus dem Nirvana? Von allein kommt die da nicht hin

Zitat:

Warum vier Laufwerke? Hast du die anderen externen Platten zumindest nicht mal testweise vom System genommen wenn du die andere externe, die nicht erkannt werden will, anschließt?

Hallo Cosinus,

Zitat:

Warum vier Laufwerke

Genau das ist meine Frage, wieso vier ? Wo kommen die her? Warum sind die da? und Wieso erscheinen die immer wieder, wenn ich die gelöscht habe...???

Ich habe alles schon abgestöpselt und separat in jedweder kombination von Steckern und USB wieder angestöpselt, nicht zu letzt wegen der begrenzten Stromversorgungskapazität des USBusse. Hat alles nicht geklappt. Werde ich aber heute nachmittag noch mal machen ausprobieren und Dir ein Screenshot posten ...

Zitat:

Genau das ist meine Frage, wieso vier ? Wo kommen die her? Warum sind die da? und Wieso erscheinen die immer wieder, wenn ich die gelöscht habe...???

Vllt beschriebst du mal was du genau meinst mit vier Laufwerken
Ich seh da nämlich acht Laufwerke, davon sind drei Festplatten!

beachte doch bitte nicht das offensichtlich funktionierende, dass habe ich nur zur allgemeinen besseren Orientierung mit in den Screenshot gepackt, sondern eher das vermeintlich defekte (und damit meine ich nur die 4 löschresistenten Einträge):
Ich meine die 4 Datenträger im unteren Bereich:
Datenträger 3 (Wechselmedium)
Datenträger 4 (Wechselmedium (F:)
Datenträger 5 (Wechselmedium (G:)
Datenträger 6 (Wechselmedium)
wo jeweils "kein medium" drunter steht.

Gruss dz

Das hat nichts mit nichts funktionierend zu tun, da das offensichtlich die Datenträger von deinem Kartenleser sind!

Hallo Cosinus

das könnte fast hinhauen... :-)...
Dann haben die vier Laufwerke wohl nichts mit dem NICHT-Erkanntwerden der externen Festplatte zu tun...
Zurück zum eigentlichen Problem: Was kann ich machen, damit meine externe Festplatte erkannt wird ?

Gruss
dz

Zitat:

Zitat von derzapfer (Beitrag 955531)

Sorry...
Externe Festplatte funktioniert überall, nur nihct an meinem PC.

Um nochmal hierdrauf zuückzukommen - wird die Platte jetzt nie am PC erkannt, auch unter Linux nicht oder doch?
Das kam ein wenig unklar rüber

Habe kein Linux auf dem betroffenen PC.
Daher kann ich dazu nichts sagen.

Von einem auf Festplatte installiertem Linux war nie die Rede
Vor über eine Woche hab ich dir den Tipp schon mit dem Live-Linux gegeben