Malwarefund und geht nicht zu löschen ?

adlerkoko · 08.07.2012, 16:53

Grüsse und wer kann helfen ?
Ich bin neu hier und man mag meine Unwissenheit (bin relativer Laie)verzeihen,aber ich weiss keinen Rat . Habe Malware installiert und dieses findet immer wieder folgendes -HKCU\Software\VB and VBA Program Settings\SrvID (Malware.Trace)-
alle andere Schutzprogramme Zonealarmantivirus/firewall und Microsoft Security finden nichts. Trotz öfteren Scan und folgenden Löschen erscheint es immer wieder,ich hoffe jemand helfen oder ich werde einfach neuinstallieren-reicht das ?.Danke im Voraus und wie gesagt ich bin neu hier.
Hier der Report

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.07.06.06

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 8.0.6001.19272
koko :: KOKO-PC [Administrator]

08.07.2012 16:57:00
mbam-log-2012-07-08 (16-57-00).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem |

Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 227919
Laufzeit: 32 Minute(n), 25 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 1
HKCU\Software\VB and VBA Program Settings\SrvID (Malware.Trace) -> Erfolgreich gelöscht

und in Quarantäne gestellt.

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

markusg · 09.07.2012, 16:30

hi
1. editor öffnen, format, und haken bei zeilenumbruch raus bitte.
2.
Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Starte bitte die
OTL.exe
.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Kopiere nun den Inhalt in die
Textbox.

Code:

ATTFilter

activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Kopiere
nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread

adlerkoko · 10.07.2012, 18:17

Danke erstmal für die Antwort ,mache mich ans Werk ,kann aber etwas dauern .

markusg · 11.07.2012, 00:41

verzichte bitte auf solche zwischenposts, da dann die neuen posts an den vorherigen angefügt werden müsste ich sonst immer nutzlos hier reingucken :-)

adlerkoko · 11.07.2012, 07:53

OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 10.07.2012 19:23:41 - Run 1
OTL by OldTimer - Version 3.2.53.1     Folder = C:\Users\koko\Desktop\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19272)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,87 Gb Total Physical Memory | 0,63 Gb Available Physical Memory | 33,61% Memory free
3,99 Gb Paging File | 2,34 Gb Available in Paging File | 58,74% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 88,44 Gb Total Space | 47,04 Gb Free Space | 53,19% Space Free | Partition Type: NTFS
Drive D: | 23,34 Gb Total Space | 16,21 Gb Free Space | 69,45% Space Free | Partition Type: FAT32
 
Computer Name: KOKO-PC | User Name: koko | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.07.10 19:19:05 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\koko\Desktop\Desktop\OTL.exe
PRC - [2012.07.09 15:38:09 | 000,935,008 | ---- | M] () -- C:\Programme\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe
PRC - [2012.07.09 15:37:51 | 001,107,552 | ---- | M] () -- C:\Programme\AVG Secure Search\vprot.exe
PRC - [2012.05.11 19:03:26 | 005,798,008 | ---- | M] (Clarus, Inc.) -- C:\Programme\Clarus\Samsung Drive Manager\Drive Manager.exe
PRC - [2012.05.11 19:00:14 | 000,019,456 | ---- | M] (Clarus, Inc.) -- C:\Programme\Clarus\Samsung Drive Manager\SZDrvSvc.exe
PRC - [2012.05.11 19:00:08 | 000,135,168 | ---- | M] (Clarus, Inc.) -- C:\Programme\Clarus\Samsung Drive Manager\ABRTMon.exe
PRC - [2012.05.03 14:10:02 | 002,446,872 | ---- | M] (Check Point Software Technologies LTD) -- C:\Programme\CheckPoint\ZoneAlarm\vsmon.exe
PRC - [2012.05.03 14:07:06 | 000,073,360 | ---- | M] (Check Point Software Technologies LTD) -- C:\Programme\CheckPoint\ZoneAlarm\zatray.exe
PRC - [2012.05.02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2012.05.02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.05.02 00:31:35 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.05.02 00:22:53 | 000,391,632 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avcenter.exe
PRC - [2012.04.30 21:05:22 | 000,497,280 | ---- | M] (Check Point Software Technologies) -- C:\Programme\CheckPoint\ZAForceField\ISWSVC.exe
PRC - [2012.04.30 21:04:28 | 000,738,944 | ---- | M] (Check Point Software Technologies) -- C:\Programme\CheckPoint\ZAForceField\ForceField.exe
PRC - [2012.04.24 02:11:55 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2012.04.04 15:56:38 | 000,981,680 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbam.exe
PRC - [2012.03.26 17:08:12 | 000,931,200 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Security Client\msseces.exe
PRC - [2012.03.26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) -- c:\Programme\Microsoft Security Client\MsMpEng.exe
PRC - [2012.01.03 17:31:34 | 001,391,272 | ---- | M] (Ask) -- C:\Programme\Ask.com\Updater\Updater.exe
PRC - [2011.12.13 10:34:54 | 000,671,552 | ---- | M] (TuneUp Software) -- C:\Programme\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe
PRC - [2011.12.13 10:32:32 | 001,527,104 | ---- | M] (TuneUp Software) -- C:\Programme\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe
PRC - [2010.03.18 12:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.02.26 19:36:46 | 000,030,040 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe
PRC - [2008.09.18 11:59:10 | 000,104,960 | ---- | M] (ArcSoft, Inc.) -- C:\Programme\Hama\Hama Webcam Suite\Magic-i Visual Effects 2\uCamMonitor.exe
PRC - [2008.01.19 09:33:39 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2008.01.19 09:33:39 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe
PRC - [2007.02.15 18:07:16 | 004,390,912 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.07.09 15:38:18 | 000,132,704 | ---- | M] () -- C:\Programme\Common Files\AVG Secure Search\SiteSafetyInstaller\11.2.0\SiteSafety.dll
MOD - [2012.07.09 15:37:51 | 001,107,552 | ---- | M] () -- C:\Programme\AVG Secure Search\vprot.exe
MOD - [2010.03.15 11:28:22 | 000,141,824 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll
MOD - [2010.03.09 04:55:56 | 000,010,752 | ---- | M] () -- C:\Programme\Unlocker\UnlockerCOM.dll
MOD - [2009.04.11 08:28:21 | 000,368,640 | ---- | M] () -- C:\Windows\System32\msjetoledb40.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2012.07.09 15:38:09 | 000,935,008 | ---- | M] () [Auto | Running] -- C:\Programme\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe -- (vToolbarUpdater11.2.0)
SRV - [2012.06.24 18:37:33 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.06.17 12:44:35 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.05.11 19:00:14 | 000,019,456 | ---- | M] (Clarus, Inc.) [Auto | Running] -- C:\Programme\Clarus\Samsung Drive Manager\SZDrvSvc.exe -- (SZDrvSvc)
SRV - [2012.05.03 14:10:02 | 002,446,872 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\Programme\CheckPoint\ZoneAlarm\vsmon.exe -- (vsmon)
SRV - [2012.05.02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.04.30 21:05:22 | 000,497,280 | ---- | M] (Check Point Software Technologies) [Auto | Running] -- C:\Programme\CheckPoint\ZAForceField\ISWSVC.exe -- (IswSvc)
SRV - [2012.03.26 17:03:40 | 000,214,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Programme\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2012.03.26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2011.12.13 10:32:32 | 001,527,104 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Programme\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc)
SRV - [2011.12.13 10:29:16 | 000,029,504 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\System32\uxtuneup.dll -- (UxTuneUp)
SRV - [2011.07.20 06:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2011.05.06 17:33:00 | 000,393,112 | ---- | M] (Spigot, Inc.) [Disabled | Stopped] -- C:\Programme\Application Updater\ApplicationUpdater.exe -- (Application Updater)
SRV - [2010.05.04 12:07:22 | 000,503,080 | ---- | M] (Nero AG) [Disabled | Stopped] -- C:\Programme\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2010.03.18 12:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2009.02.26 19:36:22 | 000,064,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)
SRV - [2008.09.18 11:59:10 | 000,104,960 | ---- | M] (ArcSoft, Inc.) [Auto | Running] -- C:\Programme\Hama\Hama Webcam Suite\Magic-i Visual Effects 2\uCamMonitor.exe -- (uCamMonitor)
SRV - [2008.01.19 09:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008.01.19 09:33:39 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2007.03.17 05:39:33 | 000,069,120 | ---- | M] (Google) [Disabled | Stopped] -- C:\Programme\Google\Google Desktop Search\GoogleDesktopManager.exe -- (GoogleDesktopManager)
SRV - [2006.11.17 21:45:26 | 000,118,784 | ---- | M] (Wistron Corp.) [Disabled | Stopped] -- C:\Programme\Launch Manager\WisLMSvc.exe -- (WisLMSvc)
SRV - [2006.10.26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
SRV - [2005.11.17 15:18:52 | 001,527,900 | ---- | M] (MAGIX®) [Disabled | Stopped] -- C:\Programme\ALDI Foto Service Nord\Common\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\vsdatant.win7.sys -- (vsdatant7)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\koko\AppData\Local\Temp\mvd23.sys -- (mvd23)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\koko\AppData\Local\Temp\mdf16.sys -- (mdf16)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2012.07.10 19:10:32 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2012.04.30 21:05:40 | 000,027,016 | ---- | M] (Check Point Software Technologies) [Kernel | Auto | Running] -- C:\Programme\CheckPoint\ZAForceField\ISWKL.sys -- (ISWKL)
DRV - [2012.04.27 10:20:04 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012.04.25 00:32:27 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2012.04.16 21:17:40 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2012.03.20 20:44:12 | 000,074,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2012.01.09 18:59:32 | 000,468,272 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\System32\drivers\klif.sys -- (KLIF)
DRV - [2012.01.09 18:59:30 | 000,133,208 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\kl1.sys -- (KL1)
DRV - [2012.01.09 18:59:30 | 000,011,352 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\System32\drivers\kl2.sys -- (kl2)
DRV - [2011.12.09 15:27:31 | 000,039,016 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tbhsd.sys -- (tbhsd)
DRV - [2011.07.08 12:00:06 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Programme\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv)
DRV - [2011.05.07 18:51:26 | 000,451,160 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\Windows\System32\drivers\vsdatant.sys -- (Vsdatant)
DRV - [2010.06.17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010.03.09 04:52:44 | 000,004,096 | ---- | M] () [Kernel | Unavailable | Unknown] -- C:\Programme\Unlocker\UnlockerDriver5.sys -- (UnlockerDriver5)
DRV - [2008.07.29 05:45:00 | 000,904,192 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athrusb.sys -- (athrusb)
DRV - [2008.04.24 15:06:40 | 000,017,920 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ArcSoftKsUFilter.sys -- (ArcSoftKsUFilter)
DRV - [2007.05.07 18:58:44 | 010,343,168 | ---- | M] (Sonix Co. Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\snp325.sys -- (SNP325) USB PC Camera (SNPSTD325)
DRV - [2007.01.13 11:40:00 | 004,452,288 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2006.11.15 18:16:24 | 000,032,256 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2006.11.15 13:42:46 | 000,043,520 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2006.11.15 11:35:20 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2006.11.10 16:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\afc.sys -- (Afc)
DRV - [2006.11.02 09:41:49 | 001,010,560 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\smserial.sys -- (smserial)
DRV - [2006.11.02 09:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006.11.02 09:30:56 | 000,429,056 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvm60x32.sys -- (NVENETFD)
DRV - [2006.09.15 09:44:18 | 000,011,520 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2003.04.28 12:27:06 | 000,009,867 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\HOTKEY.sys -- (Hotkey)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = Welcome to ALDI
IE - HKLM\..\URLSearchHook:  - No CLSID value found
IE - HKLM\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Programme\Winload\tbWin1.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found
IE - HKLM\..\URLSearchHook: {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - C:\Programme\ZoneAlarm-Sicherheit\prxtbZon0.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2613550
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = Welcome to ALDI
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = go.web.de/homehxxp://start.icq.com/ [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://isearch.avg.com/?cid={0BB596F6-BB22-49A3-8775-1C1EB737F73D}&mid=a2719c698bb347d08446d15f95653613-bf500a5b4c0256d48dae9c157a4c7bc1ee1518c9&lang=de&ds=od011&pr=sa&d=2012-05-04 08:15:19&v=10.2.0.3&sap=hp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook:  - No CLSID value found
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKCU\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Programme\Winload\tbWin1.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\4.4\pdfforgeToolbarIE.dll (Spigot, Inc.)
IE - HKCU\..\URLSearchHook: {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - C:\Programme\ZoneAlarm-Sicherheit\prxtbZon0.dll (Conduit Ltd.)
IE - HKCU\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKCU\..\SearchScopes\{11C92E48-4956-4105-8E94-88515993BA06}: "URL" = hxxp://suche.gmx.net/search/web/?su={searchTerms}&mc=searchplugin@suche@msie.suche@web&origin=searchplugin
IE - HKCU\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=HIP&o=102875&src=crm&q={searchTerms}&locale=&apn_ptnrs=6F&apn_dtid=YYYYYYYYDE&apn_uid=ad47cccf-8441-41e9-a4ca-f572fd14c9ed&apn_sauid=719C709C-8000-4188-BB1B-9BE61182E877
IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = hxxp://isearch.avg.com/search?cid={0BB596F6-BB22-49A3-8775-1C1EB737F73D}&mid=a2719c698bb347d08446d15f95653613-bf500a5b4c0256d48dae9c157a4c7bc1ee1518c9&lang=de&ds=od011&pr=sa&d=2012-05-04 08:15:19&v=10.2.0.3&sap=dsp&q={searchTerms}
IE - HKCU\..\SearchScopes\{A15FB888-6D18-487F-9C14-0A1A30FDC6F5}: "URL" = hxxp://search.1und1.de/search/web/?su={searchTerms}&mc=searchplugin@suche@msie.suche@web&origin=searchplugin
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2613550
IE - HKCU\..\SearchScopes\{B2E9C3FE-B89B-45E4-81CA-BD844E5D5774}: "URL" = hxxp://suche.web.de/search/web/?su={searchTerms}&mc=searchplugin@suche@msie.suche@web&origin=searchplugin
IE - HKCU\..\SearchScopes\{CA7F8405-62F4-4BAA-99C4-DB0586F5D9EC}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=302398&p={searchTerms}
IE - HKCU\..\SearchScopes\{D1AE0112-EDA5-4654-933A-F069AA9462F2}: "URL" = hxxp://go.web.de/suchbox/smartshopping/?searchText={searchTerms}&mc=searchplugin@suche@msie.suche@preisvergleich
IE - HKCU\..\SearchScopes\{F94EFDD1-BE7F-4B66-AFFD-5E7ACADACFE1}: "URL" = hxxp://go.web.de/suchbox/amazon/?keywords={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.defaultthis.engineName: "ZoneAlarm-Sicherheit Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2613550&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=302398"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.web.de/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.2.5.2
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:3.2.5.2
FF - prefs.js..extensions.enabledItems: smartwebprinting@hp.com:4.60
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:2.0.0.4
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: finder@meingutscheincode.de:1.0.2
FF - prefs.js..extensions.enabledItems: pdfforge@mybrowserbar.com:4.3
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.2.0.7165
FF - prefs.js..extensions.enabledItems: {FFB96CC1-7EB3-449D-B827-DB661701C6BB}:1.5.232.0
FF - prefs.js..extensions.enabledItems: {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b}:2.7.1.3
FF - prefs.js..keyword.URL: "hxxp://isearch.avg.com/search?cid=%7B7661ed75-3f71-4c3e-9998-a9e6b43a6702%7D&mid=a2719c698bb347d08446d15f95653613-bf500a5b4c0256d48dae9c157a4c7bc1ee1518c9&ds=od011&v=10.2.0.3&lang=de&pr=sa&d=2012-05-04%2008%3A15%3A19&sap=ku&q="
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_262.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\11.2.0\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_32: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.06.29 01:04:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\TrustChecker [2012.06.09 17:24:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\11.1.0.12\ [2012.07.09 15:39:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.06.17 12:44:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.05.04 08:12:14 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.06.29 01:04:40 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.06.17 12:44:38 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.05.04 08:12:14 | 000,000,000 | ---D | M]
 
[2010.05.27 17:40:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\koko\AppData\Roaming\mozilla\Extensions
[2012.07.04 16:33:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\koko\AppData\Roaming\mozilla\Firefox\Profiles\gpxzfdfv.default\extensions
[2012.06.09 16:10:11 | 000,000,000 | ---D | M] (zonealarm.com) -- C:\Users\koko\AppData\Roaming\mozilla\Firefox\Profiles\gpxzfdfv.default\extensions\ffxtlbr@zonealarm.com
[2012.02.03 16:46:25 | 000,000,000 | ---D | M] (Ask Toolbar) -- C:\Users\koko\AppData\Roaming\mozilla\Firefox\Profiles\gpxzfdfv.default\extensions\toolbar@ask.com
[2011.11.04 17:52:17 | 000,000,933 | ---- | M] () -- C:\Users\koko\AppData\Roaming\Mozilla\Firefox\Profiles\gpxzfdfv.default\searchplugins\11-suche.xml
[2012.01.03 17:27:44 | 000,002,333 | ---- | M] () -- C:\Users\koko\AppData\Roaming\Mozilla\Firefox\Profiles\gpxzfdfv.default\searchplugins\askcom.xml
[2010.08.27 23:04:54 | 000,000,943 | ---- | M] () -- C:\Users\koko\AppData\Roaming\Mozilla\Firefox\Profiles\gpxzfdfv.default\searchplugins\conduit.xml
[2011.11.04 17:52:18 | 000,002,419 | ---- | M] () -- C:\Users\koko\AppData\Roaming\Mozilla\Firefox\Profiles\gpxzfdfv.default\searchplugins\englische-ergebnisse.xml
[2011.11.04 17:52:17 | 000,010,525 | ---- | M] () -- C:\Users\koko\AppData\Roaming\Mozilla\Firefox\Profiles\gpxzfdfv.default\searchplugins\gmx-suche.xml
[2011.03.30 16:27:54 | 000,000,950 | ---- | M] () -- C:\Users\koko\AppData\Roaming\Mozilla\Firefox\Profiles\gpxzfdfv.default\searchplugins\icqplugin-1.xml
[2011.06.26 16:18:44 | 000,000,950 | ---- | M] () -- C:\Users\koko\AppData\Roaming\Mozilla\Firefox\Profiles\gpxzfdfv.default\searchplugins\icqplugin-10.xml
[2011.08.18 10:00:50 | 000,000,950 | ---- | M] () -- C:\Users\koko\AppData\Roaming\Mozilla\Firefox\Profiles\gpxzfdfv.default\searchplugins\icqplugin-11.xml
[2010.07.21 13:46:58 | 000,000,961 | ---- | M] () -- C:\Users\koko\AppData\Roaming\Mozilla\Firefox\Profiles\gpxzfdfv.default\searchplugins\icqplugin-2.xml
[2010.09.10 12:56:49 | 000,000,961 | ---- | M] () -- C:\Users\koko\AppData\Roaming\Mozilla\Firefox\Profiles\gpxzfdfv.default\searchplugins\icqplugin-3.xml
[2010.10.21 11:36:45 | 000,000,961 | ---- | M] () -- C:\Users\koko\AppData\Roaming\Mozilla\Firefox\Profiles\gpxzfdfv.default\searchplugins\icqplugin-4.xml
[2010.10.31 16:47:19 | 000,000,961 | ---- | M] () -- C:\Users\koko\AppData\Roaming\Mozilla\Firefox\Profiles\gpxzfdfv.default\searchplugins\icqplugin-5.xml
[2011.03.05 16:55:57 | 000,000,961 | ---- | M] () -- C:\Users\koko\AppData\Roaming\Mozilla\Firefox\Profiles\gpxzfdfv.default\searchplugins\icqplugin-6.xml
[2011.03.25 11:20:34 | 000,000,961 | ---- | M] () -- C:\Users\koko\AppData\Roaming\Mozilla\Firefox\Profiles\gpxzfdfv.default\searchplugins\icqplugin-7.xml
[2011.03.25 11:24:47 | 000,000,950 | ---- | M] () -- C:\Users\koko\AppData\Roaming\Mozilla\Firefox\Profiles\gpxzfdfv.default\searchplugins\icqplugin-8.xml
[2011.04.29 18:31:36 | 000,000,950 | ---- | M] () -- C:\Users\koko\AppData\Roaming\Mozilla\Firefox\Profiles\gpxzfdfv.default\searchplugins\icqplugin-9.xml
[2010.05.12 18:40:06 | 000,001,042 | ---- | M] () -- C:\Users\koko\AppData\Roaming\Mozilla\Firefox\Profiles\gpxzfdfv.default\searchplugins\icqplugin.xml
[2011.11.04 17:52:18 | 000,002,457 | ---- | M] () -- C:\Users\koko\AppData\Roaming\Mozilla\Firefox\Profiles\gpxzfdfv.default\searchplugins\lastminute.xml
[2011.10.01 19:40:26 | 000,005,508 | ---- | M] () -- C:\Users\koko\AppData\Roaming\Mozilla\Firefox\Profiles\gpxzfdfv.default\searchplugins\webde-suche.xml
[2012.06.07 18:30:16 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2011.12.21 17:27:14 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2010.02.19 19:10:16 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions\{95f24680-9e31-11da-a746-0800200c9a66}
[2010.02.19 19:10:17 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions\{a82d0125-000a-4a57-abbc-5d4b0dbaab54}
[2012.06.07 18:30:16 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\distribution\extensions
[2012.06.07 18:30:17 | 000,000,000 | ---D | M] (WEB.DE MailCheck) -- C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de
[2012.06.29 10:39:01 | 000,572,017 | ---- | M] () (No name found) -- C:\USERS\KOKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GPXZFDFV.DEFAULT\EXTENSIONS\TOOLBAR@WEB.DE.XPI
[2012.06.17 12:44:38 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.06.01 18:33:00 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.07.09 15:37:40 | 000,003,769 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
[2012.06.01 18:33:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.06.01 18:33:00 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.01 18:33:00 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.01 18:33:00 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.01 18:33:00 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\18.0.1025.168\pdf.dll
CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Program Files\Google\Chrome\Application\18.0.1025.168\gears.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\18.0.1025.168\gcswf32.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java(TM) Platform SE 6 U20 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Java Deployment Toolkit 6.0.200.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: npFFApi (Enabled) = C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Ask Toolbar = C:\Users\koko\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaapnjeoabhkpdiinmomghdncekhiib\7.14.1.20074_0\
CHR - Extension: Skype Click to Call = C:\Users\koko\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Zonealarm Helper Object) - {2A841F7A-A014-4DA5-B6D9-8B913DFB7A8C} - C:\Programme\Check Point Software Technologies LTD\zonealarm\1.5.23.8\bh\zonealarm.dll (Montera Technologeis LTD)
O2 - BHO: (Winload Toolbar) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Programme\Winload\tbWin1.dll (Conduit Ltd.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Programme\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Programme\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll ()
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\4.4\pdfforgeToolbarIE.dll (Spigot, Inc.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (ZoneAlarm-Sicherheit Toolbar) - {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - C:\Program Files\ZoneAlarm-Sicherheit\prxtbZon0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Winload Toolbar) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Programme\Winload\tbWin1.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Toolbar) - {438FAE3E-BDEF-44D3-AB8B-0C7C8350DF59} - C:\Programme\Check Point Software Technologies LTD\zonealarm\1.5.23.8\zonealarmTlbr.dll (Montera Technologeis LTD)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Programme\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\4.4\pdfforgeToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Programme\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKLM\..\Toolbar: (ZoneAlarm-Sicherheit Toolbar) - {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - C:\Program Files\ZoneAlarm-Sicherheit\prxtbZon0.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Winload Toolbar) - {40C3CC16-7269-4B32-9531-17F2950FB06F} - C:\Programme\Winload\tbWin1.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Programme\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm-Sicherheit Toolbar) - {FC2B76FC-2132-4D80-A9A3-1F5C6E49066B} - C:\Program Files\ZoneAlarm-Sicherheit\prxtbZon0.dll (Conduit Ltd.)
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [ISW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SearchSettings] C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()
O4 - HKLM..\Run: [Wbutton] C:\Program Files\Launch Manager\Wbutton.exe ()
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ZoneAlarm] C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe (Check Point Software Technologies LTD)
O4 - HKCU..\Run: [Samsung Drive Manager] C:\Program Files\Clarus\Samsung Drive Manager\Drive Manager.exe (Clarus, Inc.)
O4 - HKCU..\Run: [Tabkb] C:\Users\koko\AppData\Roaming\javafree\linktwain.exe ()
O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - eBay - eine der größten deutschen Shopping-Websites File not found
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - eBay - eine der größten deutschen Shopping-Websites File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{729252D1-3936-47DE-8AED-28228B1095C1}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Programme\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll ()
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: 
O24 - Desktop BackupWallPaper: 
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - Unable to obtain root file information for disk D:\
O33 - MountPoints2\{35eeb155-ed71-11de-a354-0016d381dfe0}\Shell - "" = AutoRun
O33 - MountPoints2\{35eeb155-ed71-11de-a354-0016d381dfe0}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\{cff46e87-89a1-11de-85f7-0016d381dfe0}\Shell - "" = AutoRun
O33 - MountPoints2\{cff46e87-89a1-11de-85f7-0016d381dfe0}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\{fc799a9b-82b6-11de-972e-0016d381dfe0}\Shell - "" = AutoRun
O33 - MountPoints2\{fc799a9b-82b6-11de-972e-0016d381dfe0}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
ActiveX: {0213C6AF-5562-4D09-884C-2ADCFC8C2F35} - Microsoft .NET Framework 1.1 Security Update (KB2656353)
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {1897C549-AE52-4571-8996-44854F5612B2} - Microsoft .NET Framework 1.1 Security Update (KB2656370)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - 
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - 
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Macromedia Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
NetSvcs: UxTuneUp - C:\Windows\System32\uxtuneup.dll (TuneUp Software)
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.07.10 19:18:31 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\koko\Desktop\Desktop\OTL.exe
[2012.07.10 19:10:32 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2012.07.09 19:09:30 | 000,000,000 | ---D | C] -- C:\Users\koko\AppData\Roaming\Avira
[2012.07.09 19:02:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2012.07.09 19:01:31 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2012.07.09 19:01:14 | 000,137,928 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2012.07.09 19:01:14 | 000,083,392 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2012.07.09 19:01:14 | 000,036,000 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avkmgr.sys
[2012.07.09 19:01:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2012.07.09 19:01:06 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2012.06.28 09:27:20 | 000,000,000 | ---D | C] -- C:\Program Files\Clarus
[2012.06.28 09:27:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung
[2012.06.25 16:49:33 | 000,000,000 | ---D | C] -- C:\Users\koko\AppData\Local\Macromedia
[2012.06.21 13:34:26 | 000,045,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll
[2012.06.21 13:34:25 | 002,422,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll
[2012.06.21 13:33:00 | 000,035,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups.dll
[2012.06.21 13:32:59 | 000,577,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll
[2012.06.21 13:32:59 | 000,088,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll
[2012.06.21 13:32:35 | 000,171,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll
[2012.06.21 13:32:35 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe
[2012.06.18 19:10:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2012.06.13 18:34:16 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012.06.13 18:34:16 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012.06.13 18:34:07 | 000,629,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2012.06.13 18:34:01 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012.06.13 18:34:00 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2012.06.13 18:33:59 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2012.06.13 18:33:58 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2012.06.13 18:33:57 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012.06.13 18:33:56 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2012.06.13 18:33:55 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012.06.13 18:33:54 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2012.06.13 18:33:54 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2012.06.13 18:33:53 | 000,174,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2012.06.13 18:33:53 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2012.06.13 18:33:53 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2012.06.13 18:33:53 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2012.06.13 18:33:52 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2012.06.13 18:33:51 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012.06.13 18:32:48 | 002,045,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012.06.12 20:09:10 | 000,000,000 | ---D | C] -- C:\Users\koko\AppData\Local\AVG Secure Search
[2009.10.20 20:32:57 | 001,169,736 | ---- | C] (Microsoft Corporation) -- C:\Users\koko\AppData\Roaming\L6H2CKMLTP.exe
[1 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.07.10 19:37:20 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.07.10 19:19:05 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\koko\Desktop\Desktop\OTL.exe
[2012.07.10 19:10:32 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2012.07.10 18:33:41 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.07.10 18:33:41 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.07.10 18:33:22 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.07.09 19:02:50 | 000,001,851 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012.07.09 16:26:33 | 000,644,614 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.07.09 16:26:33 | 000,609,584 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.07.09 16:26:33 | 000,132,934 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.07.09 16:26:33 | 000,109,860 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.07.09 15:54:26 | 000,003,550 | ---- | M] () -- C:\Users\koko\AppData\Roaming\qwg
[2012.07.06 16:17:27 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.07.03 18:48:24 | 000,012,978 | ---- | M] () -- C:\Users\koko\AppData\Roaming\nvModes.001
[2012.06.28 11:37:38 | 000,433,008 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.06.28 09:27:20 | 000,001,623 | ---- | M] () -- C:\Users\koko\Desktop\Desktop\Samsung Drive Manager.lnk
[2012.06.28 09:27:20 | 000,001,605 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Samsung Drive Manager Real-Time.lnk
[2012.06.24 18:37:30 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012.06.24 18:37:29 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012.06.16 16:57:50 | 054,525,952 | -H-- | M] () -- C:\Users\koko\AppData\Local\wscntfy.exe
[2012.06.16 16:57:50 | 054,525,952 | -H-- | M] () -- C:\Users\koko\AppData\Roaming\lsmass.exe
[2012.06.15 10:46:28 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.06.15 10:46:27 | 000,001,090 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[1 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.07.09 19:02:50 | 000,001,851 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012.07.04 16:31:38 | 000,003,550 | ---- | C] () -- C:\Users\koko\AppData\Roaming\qwg
[2012.06.28 09:27:20 | 000,001,623 | ---- | C] () -- C:\Users\koko\Desktop\Desktop\Samsung Drive Manager.lnk
[2012.06.28 09:27:20 | 000,001,605 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Samsung Drive Manager Real-Time.lnk
[2012.06.17 13:11:54 | 054,525,952 | -H-- | C] () -- C:\Users\koko\AppData\Roaming\lsmass.exe
[2012.06.17 13:11:50 | 054,525,952 | -H-- | C] () -- C:\Users\koko\AppData\Local\wscntfy.exe
[2012.05.03 09:36:13 | 000,032,256 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll
[2012.03.26 13:40:25 | 000,028,259 | ---- | C] () -- C:\Users\koko\AppData\Roaming\adv
[2012.02.23 19:09:30 | 000,000,805 | ---- | C] () -- C:\Users\koko\AppData\Roaming\kokov1.18.0 - Trial version.vbs
[2012.02.02 15:08:10 | 021,175,189 | ---- | C] () -- C:\Users\koko\AppData\Roaming\vlc-1.1.11-win32.exe
[2011.12.12 17:14:55 | 000,622,080 | -HS- | C] () -- C:\Users\koko\ehthumbs_vista.db
[2011.10.09 16:45:45 | 000,000,680 | ---- | C] () -- C:\Users\koko\AppData\Local\d3d9caps.dat
[2011.03.24 12:34:33 | 000,020,480 | ---- | C] () -- C:\Windows\FixCamera.exe
[2011.03.24 12:34:31 | 000,835,584 | ---- | C] () -- C:\Windows\vsnp325.exe
[2011.03.24 12:34:30 | 000,270,336 | ---- | C] () -- C:\Windows\tsnp325.exe
[2011.03.24 12:34:30 | 000,015,498 | ---- | C] () -- C:\Windows\snp325.ini
[2011.03.24 12:34:29 | 000,147,456 | ---- | C] ( ) -- C:\Windows\System32\rsnp325.dll
[2011.03.24 12:34:29 | 000,057,344 | ---- | C] ( ) -- C:\Windows\System32\vsnp325.dll
[2011.03.24 12:34:29 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\csnp325.dll
[2011.03.23 17:25:06 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.09.27 15:46:03 | 000,765,952 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2010.09.27 15:46:02 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2010.08.23 11:38:42 | 000,000,000 | ---- | C] () -- C:\Users\koko\AppData\Roaming\.NANotifyHere
[2009.07.12 13:54:10 | 000,000,000 | ---- | C] () -- C:\Users\koko\AppData\Roaming\wklnhst.dat
[2009.07.12 11:00:50 | 000,000,298 | ---- | C] () -- C:\Users\koko\koko.lnk
[2009.07.02 16:38:09 | 000,228,352 | ---- | C] () -- C:\Users\koko\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.06.30 23:13:40 | 000,000,092 | ---- | C] () -- C:\Users\koko\AppData\Local\fusioncache.dat
[2009.06.29 21:34:15 | 000,012,978 | ---- | C] () -- C:\Users\koko\AppData\Roaming\nvModes.001
[2009.06.29 21:34:14 | 000,012,978 | ---- | C] () -- C:\Users\koko\AppData\Roaming\nvModes.dat
[2005.04.08 04:16:43 | 000,326,704 | -H-- | C] () -- C:\Users\koko\AppData\Roaming\kokov1.18.0 - Trial versionlog.dat
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*. >
[2012.04.21 12:18:23 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN
[2012.03.25 15:41:11 | 000,000,000 | -HSD | M] -- C:\AI_RecycleBin
[2011.10.06 18:23:10 | 000,000,000 | -HSD | M] -- C:\Boot
[2006.11.02 15:02:03 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2009.06.29 21:17:32 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2011.11.30 13:38:44 | 000,000,000 | ---D | M] -- C:\MIR
[2009.07.24 16:28:46 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2009.07.15 18:01:57 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2012.07.09 19:01:06 | 000,000,000 | R--D | M] -- C:\Program Files
[2012.07.09 19:01:06 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2009.06.29 21:17:32 | 000,000,000 | -HSD | M] -- C:\Programme
[2007.03.17 05:52:05 | 000,000,000 | -HSD | M] -- C:\RECYCLER
[2012.07.10 19:35:49 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2010.03.01 21:29:08 | 000,000,000 | ---D | M] -- C:\Temp
[2011.12.12 17:04:16 | 000,000,000 | R--D | M] -- C:\Users
[2012.07.10 18:25:10 | 000,000,000 | ---D | M] -- C:\Windows
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
[2012.06.16 16:57:50 | 054,525,952 | -H-- | M] () -- C:\Users\koko\AppData\Local\wscntfy.exe
 
< %systemroot%\*. /mp /s >
 
< MD5 for: AGP440.SYS  >
[2008.01.19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008.01.19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008.01.19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008.01.19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\drivers\AGP440.sys
[2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008.01.19 09:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008.01.19 09:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006.11.02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2009.07.02 18:40:44 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys
[2009.07.02 18:40:44 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys
[2009.07.02 18:40:44 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
 
< MD5 for: EXPLORER.EXE  >
[2009.07.02 18:39:13 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2009.07.02 18:39:13 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2009.07.02 18:39:12 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2009.07.02 19:14:59 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=6D06CD98D954FE87FB2DB8108793B399 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_4fac29707cae347a\explorer.exe
[2009.07.02 19:14:59 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=BD06F0BF753BC704B653C3A50F89D362 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_501f261995dcf2cf\explorer.exe
[2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2009.07.02 18:39:13 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2008.04.29 17:42:08 | 000,090,624 | ---- | M] () MD5=FBB39A4487E11F64DCFFD36AEC2D2216 -- C:\Program Files\CheckPoint\ZAForceField\Heuristics\explorer.exe
[2006.11.02 11:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe
[2008.01.19 09:33:10 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe
 
< MD5 for: IASTORV.SYS  >
[2008.01.19 09:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008.01.19 09:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys
[2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2006.11.02 11:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll
[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008.01.19 09:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2007.01.05 22:59:42 | 000,035,920 | ---- | M] (NVIDIA Corporation) MD5=4A5FCAB82D9BF6AF8A023A66802FE9E9 -- C:\Windows\System32\drivers\nvstor.sys
[2007.01.05 22:59:42 | 000,035,920 | ---- | M] (NVIDIA Corporation) MD5=4A5FCAB82D9BF6AF8A023A66802FE9E9 -- C:\Windows\System32\DriverStore\FileRepository\nvstor.inf_bd7fd3de\nvstor.sys
[2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008.01.19 09:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008.01.19 09:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2008.01.19 09:36:19 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2006.11.02 11:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll
[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll
 
< MD5 for: USER32.DLL  >
[2009.07.02 18:07:30 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=63B4F59D7C89B1BF5277F1FFEFD491CD -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16438_none_cb39bc5b7047127e\user32.dll
[2009.07.02 18:07:30 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=9D9F061EDA75425FC67F0365E3467C86 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.20537_none_cbc258dc896598f1\user32.dll
[2008.01.19 09:36:46 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll
[2006.11.02 11:46:13 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=E698A5437B89A285ACA3FF022356810A -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16386_none_cb01aa4570716e5e\user32.dll
[2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll
[2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.01.19 09:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008.01.19 09:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2006.11.02 11:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2012.04.04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2006.11.02 11:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
[2008.01.19 09:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
[2008.07.01 15:17:12 | 000,090,624 | ---- | M] () MD5=FBB39A4487E11F64DCFFD36AEC2D2216 -- C:\Program Files\CheckPoint\ZAForceField\Heuristics\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2006.11.02 10:58:26 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=84620AECDCFD2A7A14E6263927D8C0ED -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6000.16386_none_4d4fded8cae2956d\ws2ifsl.sys
[2008.01.19 07:56:49 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2008.01.19 07:56:49 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
[1 C:\Windows\system32\drivers\*.tmp files -> C:\Windows\system32\drivers\*.tmp -> ]
 
< %systemroot%\System32\config\*.sav >
[2009.06.29 23:57:16 | 006,664,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2009.06.29 23:57:13 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2009.06.29 23:57:17 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2009.06.29 23:57:26 | 015,679,488 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2009.06.29 23:57:33 | 010,997,760 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
 
< %systemroot%\system32\*.dll /lockedfiles >
[2006.11.02 11:46:04 | 000,380,957 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\expsrv.dll
[2011.03.10 19:03:51 | 001,136,640 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\mfc42.dll
[2008.01.19 09:35:15 | 001,386,496 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\msvbvm60.dll
 
< %USERPROFILE%\*.* >
[2012.03.03 13:34:55 | 000,622,080 | -HS- | M] () -- C:\Users\koko\ehthumbs_vista.db
[2009.07.12 11:00:50 | 000,000,298 | ---- | M] () -- C:\Users\koko\koko.lnk
[2012.07.10 20:48:48 | 004,456,448 | -HS- | M] () -- C:\Users\koko\ntuser.dat
[2012.07.10 20:48:48 | 000,262,144 | -H-- | M] () -- C:\Users\koko\ntuser.dat.LOG1
[2009.06.29 23:09:00 | 000,000,000 | -H-- | M] () -- C:\Users\koko\ntuser.dat.LOG2
[2011.05.15 15:33:10 | 000,000,000 | -H-- | M] () -- C:\Users\koko\NTUSER.DAT_tureg_new.LOG1
[2011.05.15 15:33:10 | 000,000,000 | -H-- | M] () -- C:\Users\koko\NTUSER.DAT_tureg_new.LOG2
[2011.10.06 18:23:36 | 002,621,440 | -HS- | M] () -- C:\Users\koko\NTUSER.DAT_tureg_old
[2012.07.10 18:32:12 | 000,065,536 | -HS- | M] () -- C:\Users\koko\ntuser.dat{327dc644-7ef7-11e0-b64e-806e6f6e6963}.TM.blf
[2012.07.10 18:32:12 | 000,524,288 | -HS- | M] () -- C:\Users\koko\ntuser.dat{327dc644-7ef7-11e0-b64e-806e6f6e6963}.TMContainer00000000000000000001.regtrans-ms
[2011.05.15 19:39:00 | 000,524,288 | -HS- | M] () -- C:\Users\koko\ntuser.dat{327dc644-7ef7-11e0-b64e-806e6f6e6963}.TMContainer00000000000000000002.regtrans-ms
[2009.10.26 03:13:22 | 000,065,536 | -HS- | M] () -- C:\Users\koko\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2009.10.26 03:13:22 | 000,524,288 | -HS- | M] () -- C:\Users\koko\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2009.06.29 23:09:02 | 000,524,288 | -HS- | M] () -- C:\Users\koko\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms
[2011.05.15 15:33:16 | 000,065,536 | -HS- | M] () -- C:\Users\koko\NTUSER.DAT{4067d09b-c31b-11de-871c-0016d381dfe0}.TM.blf
[2011.05.15 15:33:16 | 000,524,288 | -HS- | M] () -- C:\Users\koko\NTUSER.DAT{4067d09b-c31b-11de-871c-0016d381dfe0}.TMContainer00000000000000000001.regtrans-ms
[2009.10.28 01:33:02 | 000,524,288 | -HS- | M] () -- C:\Users\koko\NTUSER.DAT{4067d09b-c31b-11de-871c-0016d381dfe0}.TMContainer00000000000000000002.regtrans-ms
[2011.10.09 18:35:29 | 000,065,536 | -HS- | M] () -- C:\Users\koko\ntuser.dat{9343c969-f036-11e0-9e22-806e6f6e6963}.TM.blf
[2011.10.09 18:35:29 | 000,524,288 | -HS- | M] () -- C:\Users\koko\ntuser.dat{9343c969-f036-11e0-9e22-806e6f6e6963}.TMContainer00000000000000000001.regtrans-ms
[2011.10.06 21:40:16 | 000,524,288 | -HS- | M] () -- C:\Users\koko\ntuser.dat{9343c969-f036-11e0-9e22-806e6f6e6963}.TMContainer00000000000000000002.regtrans-ms
[2009.06.30 23:11:51 | 000,000,020 | -HS- | M] () -- C:\Users\koko\ntuser.ini
 
< %USERPROFILE%\Local Settings\Temp\*.exe >
 
< %USERPROFILE%\Local Settings\Temp\*.dll >
 
< %USERPROFILE%\Application Data\*.exe >
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
 
<           >

< End of report >

--- --- ---

Ich hoffe es ist richtig soOTL EXTRAS Logfile:

Code:

ATTFilter

OTL Extras logfile created on: 10.07.2012 19:23:41 - Run 1
OTL by OldTimer - Version 3.2.53.1     Folder = C:\Users\koko\Desktop\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19272)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,87 Gb Total Physical Memory | 0,63 Gb Available Physical Memory | 33,61% Memory free
3,99 Gb Paging File | 2,34 Gb Available in Paging File | 58,74% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 88,44 Gb Total Space | 47,04 Gb Free Space | 53,19% Space Free | Partition Type: NTFS
Drive D: | 23,34 Gb Total Space | 16,21 Gb Free Space | 69,45% Space Free | Partition Type: FAT32
 
Computer Name: KOKO-PC | User Name: koko | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"AntiVirusDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{08C9A7C6-60DC-4E21-A843-4396AB76E2D5}" = lport=138 | protocol=17 | dir=in | app=system | 
"{15E093BC-CB13-45BA-8367-FA114ACF4E3E}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{1D73CAFB-2486-4E3C-8B22-B5F26125910B}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe | 
"{1E095FD7-EE99-4731-AB32-96354955EEF7}" = lport=3390 | protocol=6 | dir=in | app=system | 
"{22396B87-72B3-499F-B667-F8DCA86990ED}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{2E6F71E7-A460-47AB-82DD-937C43F56E8A}" = rport=445 | protocol=6 | dir=out | app=system | 
"{449A334E-EFDB-4414-A4E7-270DFEEC6280}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{50E4AA3E-511D-493D-A4D7-0DD4E773324B}" = rport=138 | protocol=17 | dir=out | app=system | 
"{525CA16D-538D-4416-AC3F-C9C5BCEC1136}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{5663512A-63C4-49AF-AD8B-890465A38838}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{5960ADF0-8FDD-4BE3-8718-B75DDC8212C5}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{630C8B80-CFC0-483F-850D-4D8BFBB51940}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe | 
"{6C202C3A-E867-47ED-99B2-6B9D10F59809}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe | 
"{7A2237FF-215A-40C6-AB76-3FD6135CA06C}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{88CD8517-D870-4092-80FC-CBE7577D7371}" = lport=137 | protocol=17 | dir=in | app=system | 
"{8E144217-BC41-41D7-8699-F5B134B526FD}" = lport=10244 | protocol=6 | dir=in | app=system | 
"{92B22287-A34A-40CE-901C-4AC2F7BBB503}" = lport=139 | protocol=6 | dir=in | app=system | 
"{9B69236D-FFC2-4626-B05F-9323208A483F}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{A6FDFF23-3088-495B-B31E-BE45A9EF9F2B}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{A7BC5FA3-C07D-4F7A-810C-FA3EE2715AB8}" = rport=137 | protocol=17 | dir=out | app=system | 
"{B8F489D6-FAF7-4081-8863-C77C44914C4E}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe | 
"{BBDF7697-C4F2-4980-9500-F7AE235A747E}" = rport=10244 | protocol=6 | dir=out | app=system | 
"{BDF7414B-D462-4ED0-9E66-C7AB821319DA}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe | 
"{C77AB697-7600-4895-9217-3232065FA895}" = lport=3390 | protocol=6 | dir=in | app=system | 
"{CBD45DD9-5068-4F69-9F4D-404F7209451D}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{CC120102-54A4-4F72-B15B-80832B56F195}" = lport=445 | protocol=6 | dir=in | app=system | 
"{D2901A47-85B6-41AE-9464-FC52DCA0E0FF}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{D7C0EFC9-FFD6-428C-B7C0-F2814388B6C7}" = rport=139 | protocol=6 | dir=out | app=system | 
"{D7C1B059-7F39-41B3-9E7B-EE98876F0B45}" = rport=10244 | protocol=6 | dir=out | app=system | 
"{E0DEA15D-5A77-4AE9-BFF7-ECFF86AD03DE}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{F149F0AC-83FA-4C1C-89D7-266A2D9FBA94}" = lport=10244 | protocol=6 | dir=in | app=system | 
"{F5D77BF5-00C8-4849-863A-6CFC8910C00C}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{FC0AEB51-1151-4E72-81E1-3D447D3603B8}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0772FED8-4FF9-44AA-A652-C54687ADF9F8}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | 
"{0B60022A-DBA3-4600-9286-BA9C32FBC85F}" = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe | 
"{149F328A-15BE-4C91-8227-604097EE228C}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe | 
"{149F9EA4-8159-463C-96EE-8E5049D19C00}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe | 
"{18CD464C-4B67-45C6-A093-17F19FCAB008}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{1DF398E3-7686-4C51-A249-D675BC87FCA7}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe | 
"{28CDC4B2-2F72-4812-97AF-0BAB6BA24054}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpoews01.exe | 
"{2C4CAD1F-B7EC-41C5-B949-C8FCDCCAE564}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{40349BEC-3D1D-4509-B54A-BAC4A144C8A4}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe | 
"{441DD61E-62B1-4701-AF6F-979F9BB8EC80}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | 
"{4D975038-8F3A-4F8E-A979-74E772D35E08}" = dir=in | app=c:\program files\common files\hp\digital imaging\bin\hpqphotocrm.exe | 
"{55DFF150-0012-4579-B9A3-719030462475}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgpc01.exe | 
"{56D85DC9-9E3D-4F81-BC8E-315699560FA1}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | 
"{5EE8BC53-6A7A-4F35-8C97-0E97DB868A88}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpse.exe | 
"{65176B7B-825D-4BA2-93F8-3F7E03B03616}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpofxs08.exe | 
"{7E9BEE50-0D98-436B-BAB9-4F429BE7A6E0}" = protocol=6 | dir=in | app=c:\windows\system32\zonelabs\vsmon.exe | 
"{7FFE2CCC-0024-4C0B-BA48-7B1427743CB8}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{87F88E80-E1ED-429B-B529-86E6AC3D683D}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{8A96E87A-4018-4737-AFB3-5804218A7D06}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe | 
"{8C3ACBD4-E528-417E-8C3E-DB62D9C6AA0D}" = protocol=17 | dir=in | app=c:\windows\system32\zonelabs\vsmon.exe | 
"{93AAF8BD-D31C-4190-8357-E500CE13A96F}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe | 
"{999944ED-785D-4664-A520-7D87409ACCE0}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgplgtupl.exe | 
"{A016169D-5BEE-421B-8E0E-FB07988ED984}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqsudi.exe | 
"{A502A3A8-564B-48F7-B8F5-94DDE0AE0BB3}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{AC65C952-C236-42ED-91CB-7B9E5956C661}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe | 
"{AEA95535-A543-4F85-9C82-0D3D75ACD894}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpsapp.exe | 
"{AEA98BB8-5F53-418E-80C3-AD74A91EF2C6}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposfx08.exe | 
"{BB0D2312-F31E-4803-9279-C28AFB5C5819}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgm.exe | 
"{C346B6A6-650D-4485-AFF3-76904B034A28}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | 
"{C83D9ED7-1D0F-4D49-AE0E-495798ACEF16}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe | 
"{D304B9BE-C129-45A4-9191-5F1F0A2D9AD4}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqfxt08.exe | 
"{D3F21E5F-1F40-4BEC-950D-0310ADE21B16}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe | 
"{D43D3D02-06B2-43CF-A00F-4D555B561976}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgh.exe | 
"{D9ACC3C3-82E5-4C59-A62A-1D0D578A24FE}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{E335E526-8BB2-4246-8618-5C491436CF84}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpofxm08.exe | 
"{E36B9CC0-60B2-49CF-BAEC-FDD2A4EDE5A1}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{E51C589A-7EB4-4CB2-86CD-477D98F0198A}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{E6DF44BE-455F-4DC6-9018-2C25E180629B}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe | 
"{E77A6012-C962-49AF-987D-3191EFA16035}" = dir=in | app=c:\program files\hp\digital imaging\smart web printing\smartwebprintexe.exe | 
"{EA62DC74-E932-4F37-B49D-0F88BB16929A}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{F0275DD9-890B-4F9E-A401-F1D5C9503F4B}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpzwiz01.exe | 
"{FAF1A26B-90DA-4EE7-B4A7-AF853F2F4411}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe | 
"TCP Query User{00E6C289-8524-44ED-9B49-8F5B1595987C}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"UDP Query User{46844920-4621-4A4F-A6C9-B696C203041B}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{08C8666B-C502-4AB3-B4CB-D74AC42D14FE}" = Nero BackItUp 10 Help (CHM)
"{0F7C2E47-089E-4d23-B9F7-39BE00100776}" = Toolbox
"{0F842B77-56EA-4AAF-8295-81A022350B5E}" = Microsoft Security Client
"{16987E99-C95C-4513-9239-7B44A0A71DB5}" = Nero SoundTrax 10 Help (CHM)
"{18669FF9-C8FE-407a-9F70-E674896B1DB4}" = GPBaseService
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F7FB68F-52F6-46A3-B42F-38CE46295AE5}" = Nero MediaHub 10
"{237CCB62-8454-43E3-B158-3ACD0134852E}" = High-Definition Video Playback 10
"{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}" = TuneUp Utilities 2011
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{2614F54E-A828-49FA-93BA-45A3F756BFAA}" = 32 Bit HP CIO Components Installer
"{26A24AE4-039D-4CA4-87B4-2F83216032FF}" = Java(TM) 6 Update 32
"{277C1559-4CF7-44FF-8D07-98AA9C13AABD}" = Nero Multimedia Suite 10
"{279D3818-7287-4ab4-A927-542EBEA9E365}" = ProductContext
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{329411A0-19F3-4740-874F-17400B126F27}" = Nero Vision 10 Help (CHM)
"{33286280-8617-11E1-8FF6-B8AC6F97B88E}" = Google Earth Plug-in
"{33643918-7957-4839-92C7-EA96CB621A98}" = Nero Express 10 Help (CHM)
"{34490F4E-48D0-492E-8249-B48BECF0537C}" = Nero DiscSpeed 10
"{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE
"{3700194C-C5DD-439A-BE06-A66960CA4C70}" = MSVCSetup
"{380CC749-8C28-4C74-BE01-45921D062302}" = BPDSoftware_Ini
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{41853D20-40CC-4266-978D-F128BB97CA96}" = 6400_Help
"{4999B2F1-3E74-409A-B8B5-E94448AA9EA6}" = Hama Black Force Pad
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4AEFE4FD-8EF1-4D61-B3CF-52016EAE6692}" = Hama Webcam Suite
"{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works
"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{555868C6-49FB-484F-BB43-8980651A1B00}" = Nero BurnRights 10 Help (CHM)
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5884CB45-C54B-4550-BAD5-3E060FD75D17}" = ZoneAlarm Firewall
"{5BB4D7C1-52F2-4BFD-9E40-0D419E2E3021}" = bpd_scan
"{5D4C60AA-84E6-4E1A-8A68-69970D387BE1}" = TuneUp Utilities Language Pack (de-DE)
"{5D934326-165A-413b-B056-26BE1EC082AF}" = J6400
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5F548A02-80BC-404D-BAE6-F05F9BF6B449}" = Nero DiscCopyGadget 10 Help (CHM)
"{63AA3EAB-23BB-48B2-9AD0-44F878075604}" = Nero 10 Menu TemplatePack Basic
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{66049135-9659-4AAD-9169-9CCA269EBB3E}" = Nero InfoTool 10 Help (CHM)
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{676981B7-A2D9-49D0-9F4C-03018F131DA9}" = DocProc
"{687FEF8A-8597-40b4-832C-297EA3F35817}" = BufferChm
"{68AB6930-5BFF-4FF6-923B-516A91984FE6}" = Nero BackItUp 10
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{70550193-1C22-445C-8FA4-564E155DB1A7}" = Nero Express 10
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7A295D8F-484B-4FFB-89AB-C1FD497591FE}" = Nero WaveEditor 10 Help (CHM)
"{7A5D731D-B4B3-490E-B339-75685712BAAB}" = Nero Burning ROM 10
"{80533B67-C407-485D-8B5D-63BB8ED9D878}" = Scan
"{85C8D391-0EAE-4492-8A0A-2EE8B0B6DA03}" = BPDSoftware
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{8A85DEAD-7C1F-4368-881C-72AC74CB2E91}" = UnloadSupport
"{8ECEC853-5C3D-4B10-B5C7-FF11FF724807}" = Nero Recode 10
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{92E25238-61A3-4ACD-A407-3C480EEF47A7}" = Nero RescueAgent 10 Help (CHM)
"{92EC1A84-7FFC-42DF-A8F6-79C21C4765A5}" = Nero DiscCopy Gadget 10
"{943CFD7D-5336-47AF-9418-E02473A5A517}" = Nero BurnRights 10
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A4297F3-2A51-4ED9-92CA-4BCB8380947E}" = Nero Vision 10
"{9B6B24BE-80E7-46C4-9FA5-B167D5E0F345}" = Nero BurningROM 10 Help (CHM)
"{9B8E1C10-3952-48D3-BC66-F223DDC3A556}" = Firefox 3.6 WEB.DE Edition
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9F1A6A24-4901-42F6-A355-5DD2B82E62AE}" = Samsung Drive Manager
"{A3E8FC19-2107-49DA-967F-23E1B5210D9C}" = ZoneAlarm Security
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{ABA00898-9467-4689-9F40-DE7F58C8429C}" = Fax
"{AC76BA86-7AD7-1031-7B44-A83000000003}" = Adobe Reader 8.3.1 - Deutsch
"{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}" = HP Update
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5
"{BCB52F35-4C56-49F2-A3D6-FDED54B01847}" = pdfforge Toolbar v4.4
"{C18A0418-442A-4186-AF98-D08F5054A2FC}" = Nero DiscSpeed 10 Help (CHM)
"{C3273C55-E1E4-41FF-8D69-0158090DB8D8}" = Nero CoverDesigner 10 Help (CHM)
"{C3580AC4-C827-4332-B935-9A282ED5BB97}" = Nero Dolby Files 10
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCB9B81A-167F-4832-B305-D2A0430840B3}" = WebReg
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240B8}" = WinZip 12.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0846526-66DD-4DC9-A02C-98F9A2806812}" = Launch Manager V1.3.9
"{D142FE39-3386-4d82-9AD3-36D4A92AC3C2}" = DocMgr
"{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005
"{D271DAE0-8D68-4C97-8356-A126D48A1D8C}" = Ulead Photo Explorer 8.0 SE Basic
"{D2E0F0CC-6BE0-490b-B08B-9267083E34C9}" = MarketResearch
"{DB7C1D4A-08BA-4C7E-A8AA-B7F9BB372DCF}" = Nero Recode 10 Help (CHM)
"{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01
"{E1180142-3B31-4DCC-9D27-7AC2D37662BF}" = LightScribe  1.4.124.1
"{E1EE5339-5D32-458F-BAAB-B19F6301BCE2}" = Nero SoundTrax 10
"{E337E787-CF61-4B7B-B84F-509202A54023}" = Nero RescueAgent 10
"{EDCDFAD5-DF80-4600-A493-E9DAD6810230}" = Nero WaveEditor 10
"{F012A635-8E2C-4AF2-BD46-C508D00289B2}" = ZoneAlarm Antivirus
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1FCC8AD-0F88-4D77-8530-0FBB088485F1}" = WEB.DE Update
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F412B4AF-388C-4FF5-9B2F-33DB1C536953}" = Nero InfoTool 10
"{F467862A-D9CA-47ED-8D81-B4B3C9399272}" = Nero MediaHub 10 Help (CHM)
"{F5CB822F-B365-43D1-BCC0-4FDA1A2017A7}" = Nero 10 Movie ThemePack Basic
"{F6117F9C-ADB5-4590-9BE4-12C7BEC28702}" = Nero StartSmart 10 Help (CHM)
"{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}" = Nero StartSmart 10
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F9466082-90E9-4BE4-92F0-CF0AF195B0CF}" = hama PC-Webcam RW-100
"{FCF00A6E-FB58-477A-ABE9-232907105521}" = Nero CoverDesigner 10
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9
"AVG Secure Search" = AVG Security Toolbar
"Avira AntiVir Desktop" = Avira Free Antivirus
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.4
"AVS4YOU Video Converter 6_is1" = AVS Video Converter 6
"CCleaner" = CCleaner (remove only)
"Das Vermächtnis der Insel 2" = Das Vermächtnis der Insel 2
"DivX Setup.divx.com" = DivX-Setup
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Firebird SQL Server D" = Firebird SQL Server - MAGIX Edition 2.0.0.1 (D)
"Google Chrome" = Google Chrome
"Google Desktop" = Google Desktop
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"LetsTrade" = LetsTrade Komponenten
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft Security Client" = Microsoft Security Essentials
"Mozilla Firefox 13.0.1 (x86 de)" = Mozilla Firefox 13.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIA Drivers" = NVIDIA Drivers
"SpeedCrunch_is1" = SpeedCrunch 0.10
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TuneUp Utilities 2011" = TuneUp Utilities 2011
"Uninstall_is1" = Uninstall 1.0.0.1
"Unlocker" = Unlocker 1.8.9
"UseNeXT_is1" = UseNeXT
"VLC media player" = VLC media player 2.0.1
"WEB.DE Update" = WEB.DE Update
"Winload Toolbar" = Winload Toolbar
"WinRAR archiver" = WinRAR
"Wise Registry Cleaner_is1" = Wise Registry Cleaner Free 5.02
"XMedia Recode" = XMedia Recode 3.0.9.6
"Xvid_is1" = Xvid 1.1.3 final uninstall
"ZoneAlarm Free Antivirus + Firewall" = ZoneAlarm Free Antivirus + Firewall
"ZoneAlarm Security Toolbar" = ZoneAlarm Security Toolbar 
"ZoneAlarm-Sicherheit Toolbar" = ZoneAlarm-Sicherheit Toolbar
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Ask Toolbar Updater
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 18.05.2011 12:21:33 | Computer Name = koko-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 18.05.2011 12:21:35 | Computer Name = koko-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 18.05.2011 12:21:35 | Computer Name = koko-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 19.05.2011 12:31:50 | Computer Name = koko-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 19.05.2011 12:31:50 | Computer Name = koko-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 19.05.2011 12:31:50 | Computer Name = koko-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 19.05.2011 12:31:52 | Computer Name = koko-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 19.05.2011 12:31:52 | Computer Name = koko-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 19.05.2011 12:33:54 | Computer Name = koko-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 19.05.2011 13:24:46 | Computer Name = koko-PC | Source = Application Hang | ID = 1002
Description = Programm AcroRd32.exe, Version 8.2.6.262 arbeitet nicht mehr mit Windows
 zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen
 für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem
 zu suchen.  Prozess-ID: b04  Anfangszeit: 01cc1649012504c6  Zeitpunkt der Beendigung:
 36
 
[ Media Center Events ]
Error - 11.12.2011 06:15:47 | Computer Name = koko-PC | Source = Mcx2Dvcs | ID = 405
Description = 
 
Error - 11.12.2011 06:16:54 | Computer Name = koko-PC | Source = Mcx2Prov | ID = 505
Description = 
 
Error - 11.12.2011 06:16:54 | Computer Name = koko-PC | Source = Mcx2Dvcs | ID = 405
Description = 
 
Error - 11.12.2011 06:25:05 | Computer Name = koko-PC | Source = Mcx2Prov | ID = 505
Description = 
 
Error - 11.12.2011 06:25:05 | Computer Name = koko-PC | Source = Mcx2Dvcs | ID = 405
Description = 
 
Error - 12.12.2011 11:05:05 | Computer Name = koko-PC | Source = McrMgr | ID = 107
Description = 
 
Error - 29.12.2011 14:40:43 | Computer Name = koko-PC | Source = McrMgr | ID = 107
Description = 
 
Error - 03.03.2012 07:05:26 | Computer Name = koko-PC | Source = Mcx2Svc | ID = 301
Description = 
 
Error - 03.03.2012 07:05:33 | Computer Name = koko-PC | Source = Mcx2Svc | ID = 301
Description = 
 
Error - 03.03.2012 07:06:42 | Computer Name = koko-PC | Source = McrMgr | ID = 107
Description = 
 
[ OSession Events ]
Error - 07.02.2011 04:21:25 | Computer Name = koko-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 13, Application Name: Microsoft Office OneNote, Application Version:
 12.0.6500.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 39
 seconds with 0 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 10.07.2012 12:27:42 | Computer Name = koko-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 10.07.2012 12:27:42 | Computer Name = koko-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 10.07.2012 12:27:42 | Computer Name = koko-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 10.07.2012 12:31:53 | Computer Name = koko-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 10.07.2012 12:35:00 | Computer Name = koko-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 10.07.2012 12:35:00 | Computer Name = koko-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 10.07.2012 12:35:11 | Computer Name = koko-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 10.07.2012 12:35:11 | Computer Name = koko-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 10.07.2012 12:35:11 | Computer Name = koko-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 10.07.2012 12:35:11 | Computer Name = koko-PC | Source = Service Control Manager | ID = 7000
Description = 
 
 
< End of report >

--- --- ---

Ich hoffe es ist richtig soOTL EXTRAS Logfile:

Code:

ATTFilter

OTL Extras logfile created on: 10.07.2012 19:23:41 - Run 1
OTL by OldTimer - Version 3.2.53.1     Folder = C:\Users\koko\Desktop\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19272)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,87 Gb Total Physical Memory | 0,63 Gb Available Physical Memory | 33,61% Memory free
3,99 Gb Paging File | 2,34 Gb Available in Paging File | 58,74% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 88,44 Gb Total Space | 47,04 Gb Free Space | 53,19% Space Free | Partition Type: NTFS
Drive D: | 23,34 Gb Total Space | 16,21 Gb Free Space | 69,45% Space Free | Partition Type: FAT32
 
Computer Name: KOKO-PC | User Name: koko | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"AntiVirusDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{08C9A7C6-60DC-4E21-A843-4396AB76E2D5}" = lport=138 | protocol=17 | dir=in | app=system | 
"{15E093BC-CB13-45BA-8367-FA114ACF4E3E}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{1D73CAFB-2486-4E3C-8B22-B5F26125910B}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe | 
"{1E095FD7-EE99-4731-AB32-96354955EEF7}" = lport=3390 | protocol=6 | dir=in | app=system | 
"{22396B87-72B3-499F-B667-F8DCA86990ED}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{2E6F71E7-A460-47AB-82DD-937C43F56E8A}" = rport=445 | protocol=6 | dir=out | app=system | 
"{449A334E-EFDB-4414-A4E7-270DFEEC6280}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{50E4AA3E-511D-493D-A4D7-0DD4E773324B}" = rport=138 | protocol=17 | dir=out | app=system | 
"{525CA16D-538D-4416-AC3F-C9C5BCEC1136}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{5663512A-63C4-49AF-AD8B-890465A38838}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{5960ADF0-8FDD-4BE3-8718-B75DDC8212C5}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{630C8B80-CFC0-483F-850D-4D8BFBB51940}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe | 
"{6C202C3A-E867-47ED-99B2-6B9D10F59809}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe | 
"{7A2237FF-215A-40C6-AB76-3FD6135CA06C}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{88CD8517-D870-4092-80FC-CBE7577D7371}" = lport=137 | protocol=17 | dir=in | app=system | 
"{8E144217-BC41-41D7-8699-F5B134B526FD}" = lport=10244 | protocol=6 | dir=in | app=system | 
"{92B22287-A34A-40CE-901C-4AC2F7BBB503}" = lport=139 | protocol=6 | dir=in | app=system | 
"{9B69236D-FFC2-4626-B05F-9323208A483F}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{A6FDFF23-3088-495B-B31E-BE45A9EF9F2B}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{A7BC5FA3-C07D-4F7A-810C-FA3EE2715AB8}" = rport=137 | protocol=17 | dir=out | app=system | 
"{B8F489D6-FAF7-4081-8863-C77C44914C4E}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe | 
"{BBDF7697-C4F2-4980-9500-F7AE235A747E}" = rport=10244 | protocol=6 | dir=out | app=system | 
"{BDF7414B-D462-4ED0-9E66-C7AB821319DA}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe | 
"{C77AB697-7600-4895-9217-3232065FA895}" = lport=3390 | protocol=6 | dir=in | app=system | 
"{CBD45DD9-5068-4F69-9F4D-404F7209451D}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{CC120102-54A4-4F72-B15B-80832B56F195}" = lport=445 | protocol=6 | dir=in | app=system | 
"{D2901A47-85B6-41AE-9464-FC52DCA0E0FF}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{D7C0EFC9-FFD6-428C-B7C0-F2814388B6C7}" = rport=139 | protocol=6 | dir=out | app=system | 
"{D7C1B059-7F39-41B3-9E7B-EE98876F0B45}" = rport=10244 | protocol=6 | dir=out | app=system | 
"{E0DEA15D-5A77-4AE9-BFF7-ECFF86AD03DE}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{F149F0AC-83FA-4C1C-89D7-266A2D9FBA94}" = lport=10244 | protocol=6 | dir=in | app=system | 
"{F5D77BF5-00C8-4849-863A-6CFC8910C00C}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{FC0AEB51-1151-4E72-81E1-3D447D3603B8}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0772FED8-4FF9-44AA-A652-C54687ADF9F8}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | 
"{0B60022A-DBA3-4600-9286-BA9C32FBC85F}" = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe | 
"{149F328A-15BE-4C91-8227-604097EE228C}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe | 
"{149F9EA4-8159-463C-96EE-8E5049D19C00}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe | 
"{18CD464C-4B67-45C6-A093-17F19FCAB008}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{1DF398E3-7686-4C51-A249-D675BC87FCA7}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe | 
"{28CDC4B2-2F72-4812-97AF-0BAB6BA24054}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpoews01.exe | 
"{2C4CAD1F-B7EC-41C5-B949-C8FCDCCAE564}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{40349BEC-3D1D-4509-B54A-BAC4A144C8A4}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe | 
"{441DD61E-62B1-4701-AF6F-979F9BB8EC80}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | 
"{4D975038-8F3A-4F8E-A979-74E772D35E08}" = dir=in | app=c:\program files\common files\hp\digital imaging\bin\hpqphotocrm.exe | 
"{55DFF150-0012-4579-B9A3-719030462475}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgpc01.exe | 
"{56D85DC9-9E3D-4F81-BC8E-315699560FA1}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | 
"{5EE8BC53-6A7A-4F35-8C97-0E97DB868A88}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpse.exe | 
"{65176B7B-825D-4BA2-93F8-3F7E03B03616}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpofxs08.exe | 
"{7E9BEE50-0D98-436B-BAB9-4F429BE7A6E0}" = protocol=6 | dir=in | app=c:\windows\system32\zonelabs\vsmon.exe | 
"{7FFE2CCC-0024-4C0B-BA48-7B1427743CB8}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{87F88E80-E1ED-429B-B529-86E6AC3D683D}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{8A96E87A-4018-4737-AFB3-5804218A7D06}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe | 
"{8C3ACBD4-E528-417E-8C3E-DB62D9C6AA0D}" = protocol=17 | dir=in | app=c:\windows\system32\zonelabs\vsmon.exe | 
"{93AAF8BD-D31C-4190-8357-E500CE13A96F}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe | 
"{999944ED-785D-4664-A520-7D87409ACCE0}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgplgtupl.exe | 
"{A016169D-5BEE-421B-8E0E-FB07988ED984}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqsudi.exe | 
"{A502A3A8-564B-48F7-B8F5-94DDE0AE0BB3}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{AC65C952-C236-42ED-91CB-7B9E5956C661}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe | 
"{AEA95535-A543-4F85-9C82-0D3D75ACD894}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpsapp.exe | 
"{AEA98BB8-5F53-418E-80C3-AD74A91EF2C6}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposfx08.exe | 
"{BB0D2312-F31E-4803-9279-C28AFB5C5819}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgm.exe | 
"{C346B6A6-650D-4485-AFF3-76904B034A28}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | 
"{C83D9ED7-1D0F-4D49-AE0E-495798ACEF16}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe | 
"{D304B9BE-C129-45A4-9191-5F1F0A2D9AD4}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqfxt08.exe | 
"{D3F21E5F-1F40-4BEC-950D-0310ADE21B16}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe | 
"{D43D3D02-06B2-43CF-A00F-4D555B561976}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgh.exe | 
"{D9ACC3C3-82E5-4C59-A62A-1D0D578A24FE}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{E335E526-8BB2-4246-8618-5C491436CF84}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpofxm08.exe | 
"{E36B9CC0-60B2-49CF-BAEC-FDD2A4EDE5A1}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{E51C589A-7EB4-4CB2-86CD-477D98F0198A}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{E6DF44BE-455F-4DC6-9018-2C25E180629B}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe | 
"{E77A6012-C962-49AF-987D-3191EFA16035}" = dir=in | app=c:\program files\hp\digital imaging\smart web printing\smartwebprintexe.exe | 
"{EA62DC74-E932-4F37-B49D-0F88BB16929A}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{F0275DD9-890B-4F9E-A401-F1D5C9503F4B}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpzwiz01.exe | 
"{FAF1A26B-90DA-4EE7-B4A7-AF853F2F4411}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe | 
"TCP Query User{00E6C289-8524-44ED-9B49-8F5B1595987C}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"UDP Query User{46844920-4621-4A4F-A6C9-B696C203041B}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{08C8666B-C502-4AB3-B4CB-D74AC42D14FE}" = Nero BackItUp 10 Help (CHM)
"{0F7C2E47-089E-4d23-B9F7-39BE00100776}" = Toolbox
"{0F842B77-56EA-4AAF-8295-81A022350B5E}" = Microsoft Security Client
"{16987E99-C95C-4513-9239-7B44A0A71DB5}" = Nero SoundTrax 10 Help (CHM)
"{18669FF9-C8FE-407a-9F70-E674896B1DB4}" = GPBaseService
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F7FB68F-52F6-46A3-B42F-38CE46295AE5}" = Nero MediaHub 10
"{237CCB62-8454-43E3-B158-3ACD0134852E}" = High-Definition Video Playback 10
"{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}" = TuneUp Utilities 2011
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{2614F54E-A828-49FA-93BA-45A3F756BFAA}" = 32 Bit HP CIO Components Installer
"{26A24AE4-039D-4CA4-87B4-2F83216032FF}" = Java(TM) 6 Update 32
"{277C1559-4CF7-44FF-8D07-98AA9C13AABD}" = Nero Multimedia Suite 10
"{279D3818-7287-4ab4-A927-542EBEA9E365}" = ProductContext
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{329411A0-19F3-4740-874F-17400B126F27}" = Nero Vision 10 Help (CHM)
"{33286280-8617-11E1-8FF6-B8AC6F97B88E}" = Google Earth Plug-in
"{33643918-7957-4839-92C7-EA96CB621A98}" = Nero Express 10 Help (CHM)
"{34490F4E-48D0-492E-8249-B48BECF0537C}" = Nero DiscSpeed 10
"{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE
"{3700194C-C5DD-439A-BE06-A66960CA4C70}" = MSVCSetup
"{380CC749-8C28-4C74-BE01-45921D062302}" = BPDSoftware_Ini
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{41853D20-40CC-4266-978D-F128BB97CA96}" = 6400_Help
"{4999B2F1-3E74-409A-B8B5-E94448AA9EA6}" = Hama Black Force Pad
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4AEFE4FD-8EF1-4D61-B3CF-52016EAE6692}" = Hama Webcam Suite
"{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works
"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{555868C6-49FB-484F-BB43-8980651A1B00}" = Nero BurnRights 10 Help (CHM)
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5884CB45-C54B-4550-BAD5-3E060FD75D17}" = ZoneAlarm Firewall
"{5BB4D7C1-52F2-4BFD-9E40-0D419E2E3021}" = bpd_scan
"{5D4C60AA-84E6-4E1A-8A68-69970D387BE1}" = TuneUp Utilities Language Pack (de-DE)
"{5D934326-165A-413b-B056-26BE1EC082AF}" = J6400
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5F548A02-80BC-404D-BAE6-F05F9BF6B449}" = Nero DiscCopyGadget 10 Help (CHM)
"{63AA3EAB-23BB-48B2-9AD0-44F878075604}" = Nero 10 Menu TemplatePack Basic
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{66049135-9659-4AAD-9169-9CCA269EBB3E}" = Nero InfoTool 10 Help (CHM)
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{676981B7-A2D9-49D0-9F4C-03018F131DA9}" = DocProc
"{687FEF8A-8597-40b4-832C-297EA3F35817}" = BufferChm
"{68AB6930-5BFF-4FF6-923B-516A91984FE6}" = Nero BackItUp 10
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{70550193-1C22-445C-8FA4-564E155DB1A7}" = Nero Express 10
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7A295D8F-484B-4FFB-89AB-C1FD497591FE}" = Nero WaveEditor 10 Help (CHM)
"{7A5D731D-B4B3-490E-B339-75685712BAAB}" = Nero Burning ROM 10
"{80533B67-C407-485D-8B5D-63BB8ED9D878}" = Scan
"{85C8D391-0EAE-4492-8A0A-2EE8B0B6DA03}" = BPDSoftware
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{8A85DEAD-7C1F-4368-881C-72AC74CB2E91}" = UnloadSupport
"{8ECEC853-5C3D-4B10-B5C7-FF11FF724807}" = Nero Recode 10
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{92E25238-61A3-4ACD-A407-3C480EEF47A7}" = Nero RescueAgent 10 Help (CHM)
"{92EC1A84-7FFC-42DF-A8F6-79C21C4765A5}" = Nero DiscCopy Gadget 10
"{943CFD7D-5336-47AF-9418-E02473A5A517}" = Nero BurnRights 10
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A4297F3-2A51-4ED9-92CA-4BCB8380947E}" = Nero Vision 10
"{9B6B24BE-80E7-46C4-9FA5-B167D5E0F345}" = Nero BurningROM 10 Help (CHM)
"{9B8E1C10-3952-48D3-BC66-F223DDC3A556}" = Firefox 3.6 WEB.DE Edition
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9F1A6A24-4901-42F6-A355-5DD2B82E62AE}" = Samsung Drive Manager
"{A3E8FC19-2107-49DA-967F-23E1B5210D9C}" = ZoneAlarm Security
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{ABA00898-9467-4689-9F40-DE7F58C8429C}" = Fax
"{AC76BA86-7AD7-1031-7B44-A83000000003}" = Adobe Reader 8.3.1 - Deutsch
"{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}" = HP Update
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5
"{BCB52F35-4C56-49F2-A3D6-FDED54B01847}" = pdfforge Toolbar v4.4
"{C18A0418-442A-4186-AF98-D08F5054A2FC}" = Nero DiscSpeed 10 Help (CHM)
"{C3273C55-E1E4-41FF-8D69-0158090DB8D8}" = Nero CoverDesigner 10 Help (CHM)
"{C3580AC4-C827-4332-B935-9A282ED5BB97}" = Nero Dolby Files 10
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCB9B81A-167F-4832-B305-D2A0430840B3}" = WebReg
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240B8}" = WinZip 12.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0846526-66DD-4DC9-A02C-98F9A2806812}" = Launch Manager V1.3.9
"{D142FE39-3386-4d82-9AD3-36D4A92AC3C2}" = DocMgr
"{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005
"{D271DAE0-8D68-4C97-8356-A126D48A1D8C}" = Ulead Photo Explorer 8.0 SE Basic
"{D2E0F0CC-6BE0-490b-B08B-9267083E34C9}" = MarketResearch
"{DB7C1D4A-08BA-4C7E-A8AA-B7F9BB372DCF}" = Nero Recode 10 Help (CHM)
"{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01
"{E1180142-3B31-4DCC-9D27-7AC2D37662BF}" = LightScribe  1.4.124.1
"{E1EE5339-5D32-458F-BAAB-B19F6301BCE2}" = Nero SoundTrax 10
"{E337E787-CF61-4B7B-B84F-509202A54023}" = Nero RescueAgent 10
"{EDCDFAD5-DF80-4600-A493-E9DAD6810230}" = Nero WaveEditor 10
"{F012A635-8E2C-4AF2-BD46-C508D00289B2}" = ZoneAlarm Antivirus
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1FCC8AD-0F88-4D77-8530-0FBB088485F1}" = WEB.DE Update
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F412B4AF-388C-4FF5-9B2F-33DB1C536953}" = Nero InfoTool 10
"{F467862A-D9CA-47ED-8D81-B4B3C9399272}" = Nero MediaHub 10 Help (CHM)
"{F5CB822F-B365-43D1-BCC0-4FDA1A2017A7}" = Nero 10 Movie ThemePack Basic
"{F6117F9C-ADB5-4590-9BE4-12C7BEC28702}" = Nero StartSmart 10 Help (CHM)
"{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}" = Nero StartSmart 10
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F9466082-90E9-4BE4-92F0-CF0AF195B0CF}" = hama PC-Webcam RW-100
"{FCF00A6E-FB58-477A-ABE9-232907105521}" = Nero CoverDesigner 10
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9
"AVG Secure Search" = AVG Security Toolbar
"Avira AntiVir Desktop" = Avira Free Antivirus
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.4
"AVS4YOU Video Converter 6_is1" = AVS Video Converter 6
"CCleaner" = CCleaner (remove only)
"Das Vermächtnis der Insel 2" = Das Vermächtnis der Insel 2
"DivX Setup.divx.com" = DivX-Setup
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Firebird SQL Server D" = Firebird SQL Server - MAGIX Edition 2.0.0.1 (D)
"Google Chrome" = Google Chrome
"Google Desktop" = Google Desktop
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"LetsTrade" = LetsTrade Komponenten
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft Security Client" = Microsoft Security Essentials
"Mozilla Firefox 13.0.1 (x86 de)" = Mozilla Firefox 13.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIA Drivers" = NVIDIA Drivers
"SpeedCrunch_is1" = SpeedCrunch 0.10
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TuneUp Utilities 2011" = TuneUp Utilities 2011
"Uninstall_is1" = Uninstall 1.0.0.1
"Unlocker" = Unlocker 1.8.9
"UseNeXT_is1" = UseNeXT
"VLC media player" = VLC media player 2.0.1
"WEB.DE Update" = WEB.DE Update
"Winload Toolbar" = Winload Toolbar
"WinRAR archiver" = WinRAR
"Wise Registry Cleaner_is1" = Wise Registry Cleaner Free 5.02
"XMedia Recode" = XMedia Recode 3.0.9.6
"Xvid_is1" = Xvid 1.1.3 final uninstall
"ZoneAlarm Free Antivirus + Firewall" = ZoneAlarm Free Antivirus + Firewall
"ZoneAlarm Security Toolbar" = ZoneAlarm Security Toolbar 
"ZoneAlarm-Sicherheit Toolbar" = ZoneAlarm-Sicherheit Toolbar
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Ask Toolbar Updater
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 18.05.2011 12:21:33 | Computer Name = koko-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 18.05.2011 12:21:35 | Computer Name = koko-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 18.05.2011 12:21:35 | Computer Name = koko-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 19.05.2011 12:31:50 | Computer Name = koko-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 19.05.2011 12:31:50 | Computer Name = koko-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 19.05.2011 12:31:50 | Computer Name = koko-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 19.05.2011 12:31:52 | Computer Name = koko-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 19.05.2011 12:31:52 | Computer Name = koko-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 19.05.2011 12:33:54 | Computer Name = koko-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 19.05.2011 13:24:46 | Computer Name = koko-PC | Source = Application Hang | ID = 1002
Description = Programm AcroRd32.exe, Version 8.2.6.262 arbeitet nicht mehr mit Windows
 zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen
 für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem
 zu suchen.  Prozess-ID: b04  Anfangszeit: 01cc1649012504c6  Zeitpunkt der Beendigung:
 36
 
[ Media Center Events ]
Error - 11.12.2011 06:15:47 | Computer Name = koko-PC | Source = Mcx2Dvcs | ID = 405
Description = 
 
Error - 11.12.2011 06:16:54 | Computer Name = koko-PC | Source = Mcx2Prov | ID = 505
Description = 
 
Error - 11.12.2011 06:16:54 | Computer Name = koko-PC | Source = Mcx2Dvcs | ID = 405
Description = 
 
Error - 11.12.2011 06:25:05 | Computer Name = koko-PC | Source = Mcx2Prov | ID = 505
Description = 
 
Error - 11.12.2011 06:25:05 | Computer Name = koko-PC | Source = Mcx2Dvcs | ID = 405
Description = 
 
Error - 12.12.2011 11:05:05 | Computer Name = koko-PC | Source = McrMgr | ID = 107
Description = 
 
Error - 29.12.2011 14:40:43 | Computer Name = koko-PC | Source = McrMgr | ID = 107
Description = 
 
Error - 03.03.2012 07:05:26 | Computer Name = koko-PC | Source = Mcx2Svc | ID = 301
Description = 
 
Error - 03.03.2012 07:05:33 | Computer Name = koko-PC | Source = Mcx2Svc | ID = 301
Description = 
 
Error - 03.03.2012 07:06:42 | Computer Name = koko-PC | Source = McrMgr | ID = 107
Description = 
 
[ OSession Events ]
Error - 07.02.2011 04:21:25 | Computer Name = koko-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 13, Application Name: Microsoft Office OneNote, Application Version:
 12.0.6500.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 39
 seconds with 0 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 10.07.2012 12:27:42 | Computer Name = koko-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 10.07.2012 12:27:42 | Computer Name = koko-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 10.07.2012 12:27:42 | Computer Name = koko-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 10.07.2012 12:31:53 | Computer Name = koko-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 10.07.2012 12:35:00 | Computer Name = koko-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 10.07.2012 12:35:00 | Computer Name = koko-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 10.07.2012 12:35:11 | Computer Name = koko-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 10.07.2012 12:35:11 | Computer Name = koko-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 10.07.2012 12:35:11 | Computer Name = koko-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 10.07.2012 12:35:11 | Computer Name = koko-PC | Source = Service Control Manager | ID = 7000
Description = 
 
 
< End of report >

--- --- ---

markusg · 11.07.2012, 17:54

hi

dieses script sowie evtl. folgende scripts sind nur für den jeweiligen user.
wenn ihr probleme habt, eröffnet eigene topics und wartet auf, für euch angepasste scripts.

• Starte bitte die OTL.exe
• Kopiere nun das Folgende in die Textbox.

Code:

ATTFilter

:OTL
O4 - HKCU..\Run: [Tabkb] C:\Users\koko\AppData\Roaming\javafree\linktwain.exe ()
 :Files
C:\Users\koko\AppData\Roaming\javafree
:Commands
[purity]
[EMPTYFLASH] 
[emptytemp]
[Reboot]

• Schliesse bitte nun alle Programme.
• Klicke nun bitte auf den Fix Button.
• OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
• Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren.
starte in den normalen modus.

falls du keine symbole hast, dann rechtsklick, ansicht, desktop symbole einblenden

Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang
in den Thread posten!

Drücke bitte die

+ E Taste.

Öffne dein Systemlaufwerk ( meistens C: )
Suche nun
folgenden Ordner: _OTL und öffne diesen.
Mache einen Rechtsklick auf den Ordner Movedfiles --> Senden an --> Zip-Komprimierter Ordner
Dies wird eine Movedfiles.zip Datei in _OTL erstellen
Lade diese bitte in unseren Uploadchannel
hoch. ( Durchsuchen --> C:\_OTL\Movedfiles.zip )

Teile mir mit ob der Upload problemlos geklappt hat. Danke im voraus

adlerkoko · 12.07.2012, 08:47

Beim 2.Versuch klappte es (war Fehler von mir,Txt-Datei nach speichern umbenannt) und kein Neustart notwendig bzw verlangt .Bis mein Gerät sauber ist- Erstmal nur Danke !!!

markusg · 12.07.2012, 18:46

hi
nicht die txt hochladen, sondern moved files

adlerkoko · 13.07.2012, 10:26

Herr verzeih meine Unwissedheit und Dilettantismus.

markusg · 13.07.2012, 10:33

ich werds verkraften :d
danke fürs hochladen

Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich
ziehen und eine Bereinigung der Infektion noch erschweren.

Downloade dir bitte Combofix von einem dieser Downloadspiegel

Link 1
Link 2

WICHTIG - Speichere Combofix auf deinem Desktop

Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

starte den Rechner einfach neu. Dies sollte das Problem beheben.

adlerkoko · 13.07.2012, 13:01

Combofix Logfile:

Code:

ATTFilter

ComboFix 12-07-13.01 - koko 13.07.2012  13:29:18.1.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.49.1031.18.1918.1081 [GMT 2:00]
ausgeführt von:: c:\users\koko\Desktop\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
AV: ZoneAlarm Antivirus *Disabled/Updated* {DE038A5B-9EDD-18A9-2361-FF7D98D43730}
FW: ZoneAlarm Firewall *Disabled* {E6380B7E-D4B2-19F1-083E-56486607704B}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: ZoneAlarm Anti-Spyware *Disabled/Updated* {65626BBF-B8E7-1727-19D1-C40FE3537D8D}
.
	/wow section - STAGE 4
Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird.
Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird.
Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird.
Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird.
Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird.
Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird.
Zugriff verweigert
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\kikin
c:\program files\kikin\default_settings.xml
c:\program files\kikin\file_list.txt
c:\program files\Mozilla Firefox\components\AskHPRFF.js
c:\programdata\NOTEPAD.EXE-x.txt
c:\programdata\RUNDLL32.EXE-x.txt
c:\users\koko\AppData\Roaming\Adobe\plugs
c:\users\koko\AppData\Roaming\Adobe\shed
c:\users\koko\AppData\Roaming\kikin
c:\users\koko\AppData\Roaming\kikin\ff_configuration.xml
c:\users\koko\AppData\Roaming\kikin\ff_kkes.xml
c:\users\koko\AppData\Roaming\kikin\ff_settings.xml
c:\users\koko\AppData\Roaming\kikin\ie_configuration.xml
c:\users\koko\AppData\Roaming\kikin\ie_kkes.xml
c:\users\koko\AppData\Roaming\kikin\ie_settings.xml
c:\users\koko\AppData\Roaming\Microsoft\Windows\Recent\   Positive Cuties    (2).URL
c:\users\koko\AppData\Roaming\Microsoft\Windows\Recent\   Positive Cuties   .URL
c:\users\koko\AppData\Roaming\vlc-1.1.11-win32.exe
c:\users\koko\Favorites\Operation Wintersonne.exe
D:\AUTORUN.INF
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-06-13 bis 2012-07-13  ))))))))))))))))))))))))))))))
.
.
2012-07-13 11:50 . 2012-07-13 11:50	--------	d-----w-	c:\users\Mcx1\AppData\Local\temp
2012-07-13 11:50 . 2012-07-13 11:50	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-07-13 08:48 . 2012-07-13 09:13	--------	d-----w-	C:\_OTL
2012-07-12 15:34 . 2012-05-31 03:41	6762896	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{233076FF-05A0-4F9C-A750-54B02F8205D2}\mpengine.dll
2012-07-12 07:48 . 2012-05-31 03:41	6762896	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-07-11 06:39 . 2012-07-11 06:39	--------	d-----w-	c:\program files\7-Zip
2012-07-09 17:09 . 2012-07-09 17:09	--------	d-----w-	c:\users\koko\AppData\Roaming\Avira
2012-07-09 17:01 . 2012-04-27 08:20	137928	----a-w-	c:\windows\system32\drivers\avipbb.sys
2012-07-09 17:01 . 2012-04-24 22:32	83392	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2012-07-09 17:01 . 2012-04-16 19:17	36000	----a-w-	c:\windows\system32\drivers\avkmgr.sys
2012-07-09 17:01 . 2012-07-09 17:01	--------	d-----w-	c:\programdata\Avira
2012-07-09 17:01 . 2012-07-09 17:01	--------	d-----w-	c:\program files\Avira
2012-07-04 13:59 . 2012-04-30 10:58	713784	------w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{FE2A48A6-1166-4DCF-B5C3-8E1A06996204}\gapaengine.dll
2012-06-28 07:27 . 2012-06-28 07:27	--------	d-----w-	c:\program files\Clarus
2012-06-25 14:49 . 2012-06-25 14:49	--------	d-----w-	c:\users\koko\AppData\Local\Macromedia
2012-06-21 11:34 . 2012-06-02 22:19	53784	----a-w-	c:\windows\system32\wuauclt.exe
2012-06-21 11:34 . 2012-06-02 22:19	45080	----a-w-	c:\windows\system32\wups2.dll
2012-06-21 11:34 . 2012-06-02 22:19	1933848	----a-w-	c:\windows\system32\wuaueng.dll
2012-06-21 11:34 . 2012-06-02 22:12	2422272	----a-w-	c:\windows\system32\wucltux.dll
2012-06-21 11:33 . 2012-06-02 22:19	35864	----a-w-	c:\windows\system32\wups.dll
2012-06-21 11:32 . 2012-06-02 22:19	577048	----a-w-	c:\windows\system32\wuapi.dll
2012-06-21 11:32 . 2012-06-02 22:12	88576	----a-w-	c:\windows\system32\wudriver.dll
2012-06-21 11:32 . 2012-06-02 13:19	171904	----a-w-	c:\windows\system32\wuwebv.dll
2012-06-21 11:32 . 2012-06-02 13:12	33792	----a-w-	c:\windows\system32\wuapp.exe
2012-06-14 13:22 . 2012-04-30 10:58	713784	------w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2012-06-13 16:36 . 2012-04-23 16:00	984064	----a-w-	c:\windows\system32\crypt32.dll
2012-06-13 16:36 . 2012-04-23 16:00	98304	----a-w-	c:\windows\system32\cryptnet.dll
2012-06-13 16:36 . 2012-04-23 16:00	133120	----a-w-	c:\windows\system32\cryptsvc.dll
2012-06-13 16:33 . 2012-05-15 05:01	385024	----a-w-	c:\windows\system32\html.iec
2012-06-13 16:32 . 2012-05-01 14:03	180736	----a-w-	c:\windows\system32\drivers\rdpwd.sys
2012-06-13 16:32 . 2012-05-15 19:51	2045440	----a-w-	c:\windows\system32\win32k.sys
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-12 06:38 . 2012-04-25 15:11	426184	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2012-07-12 06:38 . 2011-07-22 14:43	70344	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-03 06:34 . 2012-05-03 06:35	476960	----a-w-	c:\windows\system32\npdeployJava1.dll
2012-05-03 06:34 . 2010-08-02 13:49	472864	----a-w-	c:\windows\system32\deployJava1.dll
2012-06-17 10:44 . 2012-06-07 16:30	85472	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-01-03 1514152]
"{40c3cc16-7269-4b32-9531-17f2950fb06f}"= "c:\program files\Winload\tbWin1.dll" [2011-11-12 2735200]
"{fc2b76fc-2132-4d80-a9a3-1f5c6e49066b}"= "c:\program files\ZoneAlarm-Sicherheit\prxtbZon0.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_CLASSES_ROOT\clsid\{40c3cc16-7269-4b32-9531-17f2950fb06f}]
.
[HKEY_CLASSES_ROOT\clsid\{fc2b76fc-2132-4d80-a9a3-1f5c6e49066b}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{40c3cc16-7269-4b32-9531-17f2950fb06f}]
2011-11-12 16:46	2735200	----a-w-	c:\program files\Winload\tbWin1.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-07-09 13:37	2074208	----a-w-	c:\program files\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2012-01-03 15:31	1514152	----a-w-	c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{fc2b76fc-2132-4d80-a9a3-1f5c6e49066b}]
2011-05-09 09:49	176936	----a-w-	c:\program files\ZoneAlarm-Sicherheit\prxtbZon0.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{40c3cc16-7269-4b32-9531-17f2950fb06f}"= "c:\program files\Winload\tbWin1.dll" [2011-11-12 2735200]
"{fc2b76fc-2132-4d80-a9a3-1f5c6e49066b}"= "c:\program files\ZoneAlarm-Sicherheit\prxtbZon0.dll" [2011-05-09 176936]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-01-03 1514152]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll" [2012-07-09 2074208]
.
[HKEY_CLASSES_ROOT\clsid\{40c3cc16-7269-4b32-9531-17f2950fb06f}]
.
[HKEY_CLASSES_ROOT\clsid\{fc2b76fc-2132-4d80-a9a3-1f5c6e49066b}]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-01-03 1514152]
"{40C3CC16-7269-4B32-9531-17F2950FB06F}"= "c:\program files\Winload\tbWin1.dll" [2011-11-12 2735200]
"{FC2B76FC-2132-4D80-A9A3-1F5C6E49066B}"= "c:\program files\ZoneAlarm-Sicherheit\prxtbZon0.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CLASSES_ROOT\clsid\{40c3cc16-7269-4b32-9531-17f2950fb06f}]
.
[HKEY_CLASSES_ROOT\clsid\{fc2b76fc-2132-4d80-a9a3-1f5c6e49066b}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"Samsung Drive Manager"="c:\program files\Clarus\Samsung Drive Manager\Drive Manager.exe" [2012-05-11 5798008]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Wbutton"="c:\program files\Launch Manager\Wbutton.exe" [2006-11-09 86016]
"RtHDVCpl"="RtHDVCpl.exe" [2007-02-15 4390912]
"SearchSettings"="c:\program files\Common Files\Spigot\Search Settings\SearchSettings.exe" [2011-05-06 532320]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"ZoneAlarm"="c:\program files\CheckPoint\ZoneAlarm\zatray.exe" [2012-05-03 73360]
"ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2012-01-03 1391272]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200]
"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-07-09 1107552]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-05-01 348624]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Samsung Drive Manager Real-Time.lnk - c:\program files\Clarus\Samsung Drive Manager\ABRTMon.exe [2012-6-28 135168]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Sidebar"=c:\program files\Windows Sidebar\sidebar.exe /autoRun
"ehTray.exe"=c:\windows\ehome\ehTray.exe
"WMPNSCFG"=c:\program files\Windows Media Player\WMPNSCFG.exe
"Skype"="c:\program files\Skype\Phone\Skype.exe" /nosplash /minimized
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"HotkeyApp"="c:\program files\Launch Manager\HotkeyApp.exe"
"ISW"="c:\program files\CheckPoint\ZAForceField\ForceField.exe" /icon="hidden"
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe"
"SearchSettings"="c:\program files\Common Files\Spigot\Search Settings\SearchSettings.exe"
"LMgrOSD"="c:\program files\Launch Manager\OSD.exe"
"NvMediaCenter"=RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
"ArcSoft Connection Service"=c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
"NvCplDaemon"=RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
"NvSvc"=RUNDLL32.EXE c:\windows\system32\nvsvc.dll,nvsvcStart
"SynTPEnh"=c:\program files\Synaptics\SynTP\SynTPEnh.exe
"snp325"=c:\windows\vsnp325.exe
"FixCamera"=c:\windows\FixCamera.exe
"tsnp325"=c:\windows\tsnp325.exe
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - RECONN
*Deregistered* - BdFileSpy
*Deregistered* - Reconn
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12	REG_MULTI_SZ   	Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt	REG_MULTI_SZ   	hpqcxs08
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
UxTuneUp
.
Inhalt des "geplante Tasks" Ordners
.
2012-07-13 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-25 06:39]
.
2012-06-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-25 12:43]
.
2012-06-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-25 12:43]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://isearch.avg.com/?cid={0BB596F6-BB22-49A3-8775-1C1EB737F73D}&mid=a2719c698bb347d08446d15f95653613-bf500a5b4c0256d48dae9c157a4c7bc1ee1518c9&lang=de&ds=od011&pr=sa&d=2012-05-04 08:15&v=10.2.0.3&sap=hp
uSearchURL,(Default) = hxxp://go.web.de/suchbox/webdesuche?su=%s
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - eBay - eine der größten deutschen Shopping-Websites
TCP: DhcpNameServer = 192.168.2.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll
FF - ProfilePath - c:\users\koko\AppData\Roaming\Mozilla\Firefox\Profiles\gpxzfdfv.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2613550&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.web.de/
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B7661ed75-3f71-4c3e-9998-a9e6b43a6702%7D&mid=a2719c698bb347d08446d15f95653613-bf500a5b4c0256d48dae9c157a4c7bc1ee1518c9&ds=od011&v=10.2.0.3&lang=de&pr=sa&d=2012-05-04%2008%3A15%3A19&sap=ku&q=
FF - user.js: network.http.max-connections-per-server - 8
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
FF - user.js: extensions.zonealarm.autoRvrt - false
FF - user.js: extensions.zonealarm_i.newTab - false
FF - user.js: extensions.zonealarm.tlbrSrchUrl - hxxp://search.zonealarm.com/search?Source=ToolBar&oemCode=ZLN12770154435201-4901&toolbarId=base&affiliateId=1001&Lan={dfltLng}&utid=301f325e0000000000000060b3365f0a&q=
FF - user.js: extensions.zonealarm.id - 301f325e0000000000000060b3365f0a
FF - user.js: extensions.zonealarm.instlDay - 15500
FF - user.js: extensions.zonealarm.vrsn - 1.5.23.8
FF - user.js: extensions.zonealarm.vrsni - 1.5.23.8
FF - user.js: extensions.zonealarm_i.vrsnTs - 1.5.23.816:04
FF - user.js: extensions.zonealarm.prtnrId - checkpoint
FF - user.js: extensions.zonealarm.prdct - zonealarm
FF - user.js: extensions.zonealarm.aflt - 1001
FF - user.js: extensions.zonealarm_i.smplGrp - none
FF - user.js: extensions.zonealarm.tlbrId - base
FF - user.js: extensions.zonealarm.instlRef - ZLN12770154435201-4901
FF - user.js: extensions.zonealarm.dfltLng - de
FF - user.js: extensions.zonealarm.excTlbr - false
FF - user.js: extensions.zonealarm.admin - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
HKLM-Run-ISW - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-07-13 13:51
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
Scanne versteckte Dateien... 
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,35,90,cf,79,22,c1,15,49,94,67,77,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,35,90,cf,79,22,c1,15,49,94,67,77,\
.
[HKEY_USERS\S-1-5-21-3235265098-119894950-50472918-1001\System\CurrentControlSet\Control\MediaProperties\PrivateProperties\DirectInput\VID_0079&PID_0006\Calibration\0\Type\Axes]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{0ccbd326-abc5-4161-a816-f1620a3a4926}]
@DACL=(02 0000)
"Dhcpv6State"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{1b087408-4256-489e-bc04-d23a307af9ae}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:19000000
"Dhcpv6State"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{2bddf4b5-499b-495a-baed-3a53ab120dfa}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:0c001617
"Dhcpv6State"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{3efdc74c-298f-4208-853e-e5121e6cd53c}]
@DACL=(02 0000)
"Dhcpv6State"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{729252d1-3936-47de-8aed-28228b1095c1}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:0c0060b3
"Dhcpv6State"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{813f382f-a719-4450-a9bb-f99e26920879}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:0a0016d3
"Dhcpv6State"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{9c642153-bfe0-4511-a0b6-e778ddd5ea9e}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:07001422
"Dhcpv6State"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{a29f8802-5587-4000-a0d7-2f6074144a98}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:0d000000
"Dhcpv6State"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{b6d80470-1f51-42e5-b80a-d4a8402d7bbe}]
@DACL=(02 0000)
"Dhcpv6State"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{c7df0a3c-9bf5-46d2-bab5-2776f4464620}]
@DACL=(02 0000)
"Dhcpv6State"=dword:00000000
"Dhcpv6Iaid"=dword:0a0060b3
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{f50c0996-5b4a-4c6a-a322-6e991d4caa0e}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:06001422
"Dhcpv6State"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{f7af90c6-0a94-4731-83ed-35cbacb753e7}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:0c020054
"Dhcpv6State"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{fadbd350-e9b5-410a-94e2-c1d8f449e65b}]
@DACL=(02 0000)
"Dhcpv6State"=dword:00000000
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'lsass.exe'(768)
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
.
Zeit der Fertigstellung: 2012-07-13  13:57:17
ComboFix-quarantined-files.txt  2012-07-13 11:57
.
Vor Suchlauf: 8 Verzeichnis(se), 50.948.788.224 Bytes frei
Nach Suchlauf: 12 Verzeichnis(se), 50.887.499.776 Bytes frei
.
- - End Of File - - E30392DDCEF8EEFC8A3D3B2CB09AA928

--- --- ---

markusg · 14.07.2012, 17:53

malwarebytes:
Downloade Dir bitte Malwarebytes

Installiere
das Programm in den vorgegebenen Pfad.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Starte Malwarebytes, klicke auf Aktualisierung --> Suche
nach Aktualisierung
Wenn das Update beendet wurde, aktiviere vollständiger Scan durchführen und drücke auf Scannen.
Wenn der Scan beendet
ist, klicke auf Ergebnisse anzeigen.
Versichere Dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
Poste
das Logfile, welches sich in Notepad öffnet, hier in den Thread.
Nachträglich kannst du den Bericht unter "Log Dateien" finden.

adlerkoko · 17.07.2012, 11:47

Malwarebytes Anti-Malware 1.62.0.1300
Malwarebytes : Free anti-malware, anti-virus and spyware removal download

Datenbank Version: v2012.07.14.05

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 8.0.6001.19272
koko :: KOKO-PC [Administrator]

16.07.2012 13:25:43
mbam-log-2012-07-16 (13-25-43).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 418226
Laufzeit: 8 Stunde(n), 30 Minute(n), 42 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

adlerkoko · 18.07.2012, 13:51

Danke für die Hilfe und ich gehe davon aus der Rechner ist wieder sauber.

markusg · 18.07.2012, 14:44

lade den CCleaner standard:
CCleaner Download - CCleaner 3.20.1750
falls der CCleaner
bereits instaliert, überspringen.
instalieren, öffnen, extras, liste der instalierten programme, als txt speichern. öffnen.
hinter, jedes von dir benötigte programm, schreibe notwendig.
hinter, jedes, von dir nicht benötigte, unnötig.
hinter, dir unbekannte, unbekannt.
liste posten.

12.07.2012, 18:46	#8
markusg /// Malware-holic	Malwarefund und geht nicht zu löschen ? hi nicht die txt hochladen, sondern moved files __________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet

Malwarefund und geht nicht zu löschen ?

Log-Analyse und Auswertung: Malwarefund und geht nicht zu löschen ?