Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: 19 infizierte registrierungsschlüssel von malewarebytes nach tr/kazy.80623.1 gefunden

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Alt 18.07.2012, 13:59   #1
mmetzak77
 
19 infizierte registrierungsschlüssel von malewarebytes nach tr/kazy.80623.1 gefunden - Standard

19 infizierte registrierungsschlüssel von malewarebytes nach tr/kazy.80623.1 gefunden



Hallo liebe Trojaner Bordler,
nachdem ich den BKA Trojaner mit erster Hilfe der Polizei entfernt hatte versuchte ich im Internet soviel wie möglich über eventuelle Folgen zu erfahren.
Leider bin ich scheinbar viel zu spät auf diese Seite gekommen.
Den Bka Trojaner (der mit der Kamera) bin ich durch schlichten Benutzerwechsel losgeworden, fürchte aber, er hat mit das eine oder andere hinterlassen.
Den Bericht von Malewarebyte füge ich an.
Da ich mich mit diesem Thema noch nicht auseinandergesetzt habe bin ich blutiger Anfänger.
Bitte um Nachsicht wenn etwas fehlt.
Danke im Voraus

Malwarebytes Anti-Malware 1.62.0.1300
Malwarebytes : Free Anti-Malware download

Datenbank Version: v2012.07.18.06

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
xxxxx :: MRX [Administrator]

18.07.2012 14:23:34
mbam-log-2012-07-18 (14-23-34).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 212579
Laufzeit: 8 Minute(n), 46 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 19
HKCR\SmartShopper.HbAx (Adware.SmartShopper) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\SmartShopper.HbAx.1 (Adware.SmartShopper) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\SmartShopper.HbInfoBand (Adware.SmartShopper) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\SmartShopper.HbInfoBand.1 (Adware.SmartShopper) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\SmartShopper.IEButton (Adware.SmartShopper) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\SmartShopper.IEButton.1 (Adware.SmartShopper) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\SmartShopper.IEButtonA (Adware.SmartShopper) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\SmartShopper.IEButtonA.1 (Adware.SmartShopper) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\SmartShopper.IEButtonB (Adware.SmartShopper) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\SmartShopper.IEButtonB.1 (Adware.SmartShopper) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\SmartShopper.SmrtShprCtl (Adware.SmartShopper) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\SmartShopper.SmrtShprCtl.1 (Adware.SmartShopper) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\SmartShopper (Adware.SmartShopper) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\SmartShopper (Adware.SmartShopper) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{055FD26D-3A88-4e15-963D-DC8493744B1D} (Trojan.BHO) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\CLSID\{055FD26D-3A88-4e15-963D-DC8493744B1D} (Trojan.BHO) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\ToolBand.XTTBPos00.1 (Trojan.BHO) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\ToolBand.XTTBPos00 (Trojan.BHO) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{055FD26D-3A88-4E15-963D-DC8493744B1D} (Trojan.BHO) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

Alt 18.07.2012, 14:38   #2
markusg
/// Malware-holic
 
19 infizierte registrierungsschlüssel von malewarebytes nach tr/kazy.80623.1 gefunden - Standard

19 infizierte registrierungsschlüssel von malewarebytes nach tr/kazy.80623.1 gefunden



hi
wo wurde
tr/kazy gefunden, log posten bitte
__________________

__________________

Alt 18.07.2012, 15:36   #3
mmetzak77
 
19 infizierte registrierungsschlüssel von malewarebytes nach tr/kazy.80623.1 gefunden - Standard

19 infizierte registrierungsschlüssel von malewarebytes nach tr/kazy.80623.1 gefunden



Hallo markusg.,
danke für die schnelle Antwort - hoffe die Hilfe kommt nicht zu spät...
(Auf einige Dateien wird mir der Zugriff verweigert zB.auf C:/Programme)
Gruß Marion



Avira Free Antivirus
Erstellungsdatum der Reportdatei: Dienstag, 10. Juli 2012 16:21

Es wird nach 3858036 Virenstämmen gesucht.

Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.

Lizenznehmer : Avira AntiVir Personal - Free Antivirus
Seriennummer : 0000149996-ADJIE-0000001
Plattform : Windows Vista (TM) Home Premium
Windowsversion : (Service Pack 2) [6.0.6002]
Boot Modus : Normal gebootet
Benutzername : SYSTEM
Computername : MRX

Versionsinformationen:
BUILD.DAT : 12.0.0.1125 41829 Bytes 02.05.2012 16:34:00
AVSCAN.EXE : 12.3.0.15 466896 Bytes 10.07.2012 14:08:14
AVSCAN.DLL : 12.3.0.15 66256 Bytes 10.07.2012 14:08:14
LUKE.DLL : 12.3.0.15 68304 Bytes 10.07.2012 14:08:23
AVSCPLR.DLL : 12.3.0.14 97032 Bytes 10.07.2012 14:08:25
AVREG.DLL : 12.3.0.17 232200 Bytes 10.07.2012 14:08:25
VBASE000.VDF : 7.10.0.0 19875328 Bytes 06.11.2009 19:18:34
VBASE001.VDF : 7.11.0.0 13342208 Bytes 14.12.2010 10:07:39
VBASE002.VDF : 7.11.19.170 14374912 Bytes 20.12.2011 14:08:08
VBASE003.VDF : 7.11.21.238 4472832 Bytes 01.02.2012 14:08:08
VBASE004.VDF : 7.11.26.44 4329472 Bytes 28.03.2012 14:08:10
VBASE005.VDF : 7.11.34.116 4034048 Bytes 29.06.2012 14:08:10
VBASE006.VDF : 7.11.34.117 2048 Bytes 29.06.2012 14:08:10
VBASE007.VDF : 7.11.34.118 2048 Bytes 29.06.2012 14:08:10
VBASE008.VDF : 7.11.34.119 2048 Bytes 29.06.2012 14:08:10
VBASE009.VDF : 7.11.34.120 2048 Bytes 29.06.2012 14:08:10
VBASE010.VDF : 7.11.34.121 2048 Bytes 29.06.2012 14:08:10
VBASE011.VDF : 7.11.34.122 2048 Bytes 29.06.2012 14:08:10
VBASE012.VDF : 7.11.34.123 2048 Bytes 29.06.2012 14:08:10
VBASE013.VDF : 7.11.34.124 2048 Bytes 29.06.2012 14:08:10
VBASE014.VDF : 7.11.34.201 169472 Bytes 02.07.2012 14:08:10
VBASE015.VDF : 7.11.35.19 122368 Bytes 04.07.2012 14:08:11
VBASE016.VDF : 7.11.35.87 146944 Bytes 06.07.2012 14:08:11
VBASE017.VDF : 7.11.35.143 126464 Bytes 09.07.2012 14:08:11
VBASE018.VDF : 7.11.35.144 2048 Bytes 09.07.2012 14:08:11
VBASE019.VDF : 7.11.35.145 2048 Bytes 09.07.2012 14:08:11
VBASE020.VDF : 7.11.35.146 2048 Bytes 09.07.2012 14:08:11
VBASE021.VDF : 7.11.35.147 2048 Bytes 09.07.2012 14:08:11
VBASE022.VDF : 7.11.35.148 2048 Bytes 09.07.2012 14:08:11
VBASE023.VDF : 7.11.35.149 2048 Bytes 09.07.2012 14:08:11
VBASE024.VDF : 7.11.35.150 2048 Bytes 09.07.2012 14:08:11
VBASE025.VDF : 7.11.35.151 2048 Bytes 09.07.2012 14:08:11
VBASE026.VDF : 7.11.35.152 2048 Bytes 09.07.2012 14:08:11
VBASE027.VDF : 7.11.35.153 2048 Bytes 09.07.2012 14:08:11
VBASE028.VDF : 7.11.35.154 2048 Bytes 09.07.2012 14:08:11
VBASE029.VDF : 7.11.35.155 2048 Bytes 09.07.2012 14:08:11
VBASE030.VDF : 7.11.35.156 2048 Bytes 09.07.2012 14:08:11
VBASE031.VDF : 7.11.35.186 73728 Bytes 10.07.2012 14:08:11
Engineversion : 8.2.10.108
AEVDF.DLL : 8.1.2.10 102772 Bytes 10.07.2012 14:08:13
AESCRIPT.DLL : 8.1.4.32 455034 Bytes 10.07.2012 14:08:12
AESCN.DLL : 8.1.8.2 131444 Bytes 10.07.2012 14:08:12
AESBX.DLL : 8.2.5.12 606578 Bytes 10.07.2012 14:08:13
AERDL.DLL : 8.1.9.15 639348 Bytes 08.09.2011 22:16:06
AEPACK.DLL : 8.3.0.12 807286 Bytes 10.07.2012 14:08:12
AEOFFICE.DLL : 8.1.2.40 201082 Bytes 10.07.2012 14:08:12
AEHEUR.DLL : 8.1.4.64 5009782 Bytes 10.07.2012 14:08:12
AEHELP.DLL : 8.1.23.2 258422 Bytes 10.07.2012 14:08:11
AEGEN.DLL : 8.1.5.32 434548 Bytes 10.07.2012 14:08:11
AEEXP.DLL : 8.1.0.60 86388 Bytes 05.07.2012 14:40:17
AEEMU.DLL : 8.1.3.2 393587 Bytes 10.07.2012 14:08:11
AECORE.DLL : 8.1.27.2 201078 Bytes 10.07.2012 14:08:11
AEBB.DLL : 8.1.1.0 53618 Bytes 01.09.2011 22:46:01
AVWINLL.DLL : 12.3.0.15 27344 Bytes 10.07.2012 14:08:05
AVPREF.DLL : 12.3.0.15 51920 Bytes 10.07.2012 14:08:14
AVREP.DLL : 12.3.0.15 179208 Bytes 10.07.2012 14:08:25
AVARKT.DLL : 12.3.0.15 211408 Bytes 10.07.2012 14:08:13
AVEVTLOG.DLL : 12.3.0.15 169168 Bytes 10.07.2012 14:08:13
SQLITE3.DLL : 3.7.0.1 398288 Bytes 10.07.2012 14:08:24
AVSMTP.DLL : 12.3.0.15 63440 Bytes 10.07.2012 14:08:15
NETNT.DLL : 12.3.0.15 17104 Bytes 10.07.2012 14:08:23
RCIMAGE.DLL : 12.3.0.15 4447952 Bytes 10.07.2012 14:08:06
RCTEXT.DLL : 12.3.0.15 98512 Bytes 10.07.2012 14:08:06

Konfiguration für den aktuellen Suchlauf:
Job Name..............................: Vollständige Systemprüfung
Konfigurationsdatei...................: C:\Program Files\Avira\AntiVir Desktop\sysscan.avp
Protokollierung.......................: standard
Primäre Aktion........................: löschen
Sekundäre Aktion......................: ignorieren
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: ein
Bootsektoren..........................: C:, D:,
Durchsuche aktive Programme...........: ein
Laufende Programme erweitert..........: ein
Durchsuche Registrierung..............: ein
Suche nach Rootkits...................: ein
Integritätsprüfung von Systemdateien..: aus
Datei Suchmodus.......................: Alle Dateien
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: erweitert
Abweichende Gefahrenkategorien........: +APPL,+PFS,+SPR,

Beginn des Suchlaufs: Dienstag, 10. Juli 2012 16:21

Der Suchlauf über die Masterbootsektoren wird begonnen:
Masterbootsektor HD0
[INFO] Es wurde kein Virus gefunden!
Masterbootsektor HD1
[INFO] Es wurde kein Virus gefunden!

Der Suchlauf über die Bootsektoren wird begonnen:
Bootsektor 'C:\'
[INFO] Es wurde kein Virus gefunden!
Bootsektor 'D:\'
[INFO] Es wurde kein Virus gefunden!

Der Suchlauf nach versteckten Objekten wird begonnen.

Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'vssvc.exe' - '50' Modul(e) wurden durchsucht
Durchsuche Prozess 'avscan.exe' - '82' Modul(e) wurden durchsucht
Durchsuche Prozess 'avscan.exe' - '29' Modul(e) wurden durchsucht
Durchsuche Prozess 'avshadow.exe' - '36' Modul(e) wurden durchsucht
Durchsuche Prozess 'avguard.exe' - '66' Modul(e) wurden durchsucht
Durchsuche Prozess 'sched.exe' - '56' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '24' Modul(e) wurden durchsucht
Durchsuche Prozess 'GoogleUpdate.exe' - '50' Modul(e) wurden durchsucht
Durchsuche Prozess 'unsecapp.exe' - '30' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskeng.exe' - '50' Modul(e) wurden durchsucht
Durchsuche Prozess 'mobsync.exe' - '45' Modul(e) wurden durchsucht
Durchsuche Prozess 'RtkBtMnt.exe' - '29' Modul(e) wurden durchsucht
Durchsuche Prozess 'unsecapp.exe' - '31' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmiprvse.exe' - '56' Modul(e) wurden durchsucht
Durchsuche Prozess 'ERAGENT.EXE' - '32' Modul(e) wurden durchsucht
Durchsuche Prozess 'TuneUpUtilitiesApp32.exe' - '39' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmiprvse.exe' - '37' Modul(e) wurden durchsucht
Durchsuche Prozess 'EPOWER_DMC.EXE' - '65' Modul(e) wurden durchsucht
Durchsuche Prozess 'ePowerSvc.exe' - '53' Modul(e) wurden durchsucht
Durchsuche Prozess 'capuserv.exe' - '71' Modul(e) wurden durchsucht
Durchsuche Prozess 'soffice.bin' - '86' Modul(e) wurden durchsucht
Durchsuche Prozess 'eRecoveryService.exe' - '48' Modul(e) wurden durchsucht
Durchsuche Prozess 'xaudio.exe' - '17' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchIndexer.exe' - '66' Modul(e) wurden durchsucht
Durchsuche Prozess 'TuneUpUtilitiesService32.exe' - '60' Modul(e) wurden durchsucht
Durchsuche Prozess 'RichVideo.exe' - '23' Modul(e) wurden durchsucht
Durchsuche Prozess 'RegSrvc.exe' - '24' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '43' Modul(e) wurden durchsucht
Durchsuche Prozess 'MobilityService.exe' - '38' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '35' Modul(e) wurden durchsucht
Durchsuche Prozess 'PIFSvc.exe' - '35' Modul(e) wurden durchsucht
Durchsuche Prozess 'LSSrvc.exe' - '21' Modul(e) wurden durchsucht
Durchsuche Prozess 'EvtEng.exe' - '85' Modul(e) wurden durchsucht
Durchsuche Prozess 'eNet Service.exe' - '50' Modul(e) wurden durchsucht
Durchsuche Prozess 'soffice.exe' - '18' Modul(e) wurden durchsucht
Durchsuche Prozess 'eLockServ.exe' - '47' Modul(e) wurden durchsucht
Durchsuche Prozess 'eDSService.exe' - '32' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmpnscfg.exe' - '29' Modul(e) wurden durchsucht
Durchsuche Prozess 'datamngrUI.exe' - '68' Modul(e) wurden durchsucht
Durchsuche Prozess 'rundll32.exe' - '36' Modul(e) wurden durchsucht
Durchsuche Prozess 'ALUSchedulerSvc.exe' - '34' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '45' Modul(e) wurden durchsucht
Durchsuche Prozess 'GrooveMonitor.exe' - '40' Modul(e) wurden durchsucht
Durchsuche Prozess 'PIFSvc.exe' - '21' Modul(e) wurden durchsucht
Durchsuche Prozess 'SynTPEnh.exe' - '37' Modul(e) wurden durchsucht
Durchsuche Prozess 'RtHDVCpl.exe' - '49' Modul(e) wurden durchsucht
Durchsuche Prozess 'MSASCui.exe' - '42' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskeng.exe' - '82' Modul(e) wurden durchsucht
Durchsuche Prozess 'Explorer.EXE' - '159' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '52' Modul(e) wurden durchsucht
Durchsuche Prozess 'spoolsv.exe' - '91' Modul(e) wurden durchsucht
Durchsuche Prozess 'WLANExt.exe' - '87' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '95' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '63' Modul(e) wurden durchsucht
Durchsuche Prozess 'SLsvc.exe' - '23' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '40' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '140' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '106' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '68' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '49' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '42' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '43' Modul(e) wurden durchsucht
Durchsuche Prozess 'winlogon.exe' - '30' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsm.exe' - '25' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsass.exe' - '63' Modul(e) wurden durchsucht
Durchsuche Prozess 'services.exe' - '36' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '14' Modul(e) wurden durchsucht
Durchsuche Prozess 'wininit.exe' - '29' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '14' Modul(e) wurden durchsucht
Durchsuche Prozess 'smss.exe' - '2' Modul(e) wurden durchsucht

Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen:
Die Registry wurde durchsucht ( '2643' Dateien ).


Der Suchlauf über die ausgewählten Dateien wird begonnen:

Beginne mit der Suche in 'C:\' <ACER>
C:\Program Files\OpenOffice.org 3\Basis\presets\config\standard.sob
[WARNUNG] Die komprimierten Daten sind fehlerhaft
C:\Program Files\TuneUp Utilities 2012\data\VistaDefault.tbs
[WARNUNG] Der Archivheader ist defekt
C:\Program Files\TuneUp Utilities 2012\data\VistaDefault.tla
[WARNUNG] Der Archivheader ist defekt
C:\Program Files\TuneUp Utilities 2012\data\VistaDefault.tls
[WARNUNG] Der Archivheader ist defekt
C:\Users\xxxxx\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U1325FPH\calc[1].exe
[FUND] Ist das Trojanische Pferd TR/Kazy.80623.1
[HINWEIS] Eine Sicherungskopie wurde unter dem Namen 55a7c9b1.qua erstellt ( QUARANTÄNE )
[HINWEIS] Die Datei wurde gelöscht.
C:\Users\xxxxx\AppData\Local\Microsoft\Windows\Temporary Internet Files\Exent\DACC\709369b0-4c98-4e58-b8d8-61c24a9e6ea5
[WARNUNG] Aus diesem Archiv können keine weiteren Dateien ausgepackt werden. Das Archiv wird geschlossen.
C:\Users\xxxxx\AppData\Local\Temp\wpbt0.dll
[FUND] Ist das Trojanische Pferd TR/Kazy.80623.1
[HINWEIS] Eine Sicherungskopie wurde unter dem Namen 4d06fdd9.qua erstellt ( QUARANTÄNE )
[HINWEIS] Die Datei wurde gelöscht.
C:\Users\xxxxx\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27\4a88b2db-5390b68e
[0] Archivtyp: ZIP
--> sIda/sIdc.class
[FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Dldr.Lamar.CR
--> sIda/sIdb.class
[FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Dldr.Lamar.CS
--> sIda/sIdd.class
[FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Dldr.Lamar.CT
--> sIda/sIda.class
[FUND] Enthält Erkennungsmuster des Exploits EXP/2012-0507.CY
[HINWEIS] Eine Sicherungskopie wurde unter dem Namen 1f33b16b.qua erstellt ( QUARANTÄNE )
[HINWEIS] Die Datei wurde gelöscht.
C:\Users\xxxxx\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60\20729b3c-1cc491ae
[0] Archivtyp: ZIP
--> urua/uruc.class
[FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Dldr.Lamar.CS
--> urua/urua.class
[FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Dldr.Lamar.CQ
--> urua/urub.class
[FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Dldr.Lamar.CR
[HINWEIS] Eine Sicherungskopie wurde unter dem Namen 7903fe8e.qua erstellt ( QUARANTÄNE )
[HINWEIS] Die Datei wurde gelöscht.
C:\Users\xxxxx\AppData\Roaming\Mozilla\Firefox\Profiles\3tyu23py.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}\chrome\dvsmenuext.jar
[WARNUNG] Der Archivheader ist defekt
C:\Users\xxxxx\AppData\Roaming\OpenOffice.org\3\user\config\standard.sob
[WARNUNG] Die komprimierten Daten sind fehlerhaft
C:\Users\xxxxx\Heruntergeladene Anwendungen\avira_free_antivirus_de.exe
[WARNUNG] Die Datei ist kennwortgeschützt
Beginne mit der Suche in 'D:\' <DATA>


Ende des Suchlaufs: Dienstag, 10. Juli 2012 18:38
Benötigte Zeit: 2:17:02 Stunde(n)

Der Suchlauf wurde vollständig durchgeführt.

40306 Verzeichnisse wurden überprüft
858841 Dateien wurden geprüft
9 Viren bzw. unerwünschte Programme wurden gefunden
0 Dateien wurden als verdächtig eingestuft
4 Dateien wurden gelöscht
0 Viren bzw. unerwünschte Programme wurden repariert
4 Dateien wurden in die Quarantäne verschoben
0 Dateien wurden umbenannt
0 Dateien konnten nicht durchsucht werden
858832 Dateien ohne Befall
6759 Archive wurden durchsucht
8 Warnungen
4 Hinweise
746420 Objekte wurden beim Rootkitscan durchsucht
0 Versteckte Objekte wurden gefunden
__________________

Alt 18.07.2012, 15:46   #4
markusg
/// Malware-holic
 
19 infizierte registrierungsschlüssel von malewarebytes nach tr/kazy.80623.1 gefunden - Standard

19 infizierte registrierungsschlüssel von malewarebytes nach tr/kazy.80623.1 gefunden



hi
die warnungen sind normal, falls du dich auf das avira log beziehst.
man kann hier schön sehen, wie die infektion verlaufen ist.
die exploit funde nutzen bestimmte lücken aus, und zwar erfolgreich, da du das update von dritt anbieter software vernachlässigt hast.
die calk.exe ist der sogenannte dropper, der die gefundene dll ins system läd, die dann die ransomware startet.
wir sehen uns den pc an, und gucken dann, dass wir ihn absichern.
Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die
    OTL.exe
    .
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Kopiere nun den Inhalt in die
    Textbox.
Code:
ATTFilter
activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
         
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Kopiere
    nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 18.07.2012, 16:42   #5
mmetzak77
 
19 infizierte registrierungsschlüssel von malewarebytes nach tr/kazy.80623.1 gefunden - Standard

19 infizierte registrierungsschlüssel von malewarebytes nach tr/kazy.80623.1 gefunden



Habe kein OTL. Extra - was habe ich falsch gemacht?OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 18.07.2012 17:07:00 - Run 2
OTL by OldTimer - Version 3.2.54.0     Folder = D:\Documents\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,25 Gb Available Physical Memory | 62,67% Memory free
4,23 Gb Paging File | 2,89 Gb Available in Paging File | 68,43% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 70,77 Gb Total Space | 4,01 Gb Free Space | 5,67% Space Free | Partition Type: NTFS
Drive D: | 70,47 Gb Total Space | 48,95 Gb Free Space | 69,46% Space Free | Partition Type: NTFS
 
Computer Name: MRX | User Name: xxx | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.07.18 16:59:44 | 000,596,480 | ---- | M] (OldTimer Tools) -- D:\Documents\Downloads\OTL (3).exe
PRC - [2012.07.10 16:08:24 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2012.07.10 16:08:14 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2012.07.10 16:08:13 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.07.10 16:08:13 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.05.29 13:09:52 | 001,528,672 | ---- | M] (TuneUp Software) -- C:\Programme\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe
PRC - [2012.05.29 13:09:52 | 001,220,960 | ---- | M] (TuneUp Software) -- C:\Programme\TuneUp Utilities 2012\TuneUpUtilitiesApp32.exe
PRC - [2012.05.03 16:11:22 | 013,006,952 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Office\Office12\OUTLOOK.EXE
PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.02.26 19:36:46 | 000,030,040 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe
PRC - [2008.10.16 17:26:20 | 000,860,160 | ---- | M] (Intel(R) Corporation) -- C:\Programme\Intel\WiFi\bin\EvtEng.exe
PRC - [2008.10.16 16:54:34 | 000,466,944 | ---- | M] (Intel(R) Corporation) -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe
PRC - [2008.01.29 18:38:32 | 000,583,048 | ---- | M] (Symantec Corporation) -- C:\Programme\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
PRC - [2008.01.19 09:33:39 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe
PRC - [2007.09.26 11:53:56 | 000,554,352 | ---- | M] (Symantec Corporation) -- C:\Programme\Symantec\LiveUpdate\AluSchedulerSvc.exe
PRC - [2007.06.12 16:55:29 | 000,208,896 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Users\xxx\AppData\Local\Temp\RtkBtMnt.exe
PRC - [2007.01.10 17:20:34 | 000,462,848 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
PRC - [2007.01.02 19:58:58 | 000,457,512 | ---- | M] (HiTRSUT) -- C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
PRC - [2007.01.02 17:46:52 | 000,024,576 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
PRC - [2007.01.02 10:33:24 | 000,135,168 | ---- | M] (acer) -- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
PRC - [2006.12.28 21:07:22 | 000,126,976 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eNet\eNet Service.exe
PRC - [2006.12.28 18:24:14 | 000,049,152 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
PRC - [2006.12.22 15:43:18 | 000,024,576 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
PRC - [2006.12.14 15:34:16 | 000,393,216 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
PRC - [2006.12.01 07:37:00 | 004,186,112 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2006.11.24 13:57:54 | 000,107,008 | ---- | M] () -- C:\Acer\Mobility Center\MobilityService.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.07.16 07:49:55 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\f2691cfa7671cdc58179e56ba9227591\System.Windows.Forms.ni.dll
MOD - [2012.07.16 07:49:24 | 001,592,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\18f9789aa214c657113e676b3a9015aa\System.Drawing.ni.dll
MOD - [2012.07.16 07:49:10 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\846b9cf2756fdd15f704c9bab9c70b6f\System.Runtime.Remoting.ni.dll
MOD - [2012.07.16 07:48:54 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d2630342a066a7cb9056d9eb6157687a\System.Xml.ni.dll
MOD - [2012.07.16 07:41:43 | 007,953,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\28d633338fc8d29f8af31935ef7d001b\System.ni.dll
MOD - [2012.07.16 07:41:34 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\af9c9e9d7e0523cd444f8b551baa9cbf\mscorlib.ni.dll
MOD - [2012.07.14 18:38:26 | 000,133,632 | ---- | M] () -- C:\Users\xxx\AppData\Local\Google\Chrome\USERDA~1\Default\EXTENS~1\DHKPLH~1\1.7_0\BABYLO~1.DLL
MOD - [2012.06.27 18:38:52 | 000,531,968 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\BabylonToolbar\CR\BUSolution.dll
MOD - [2011.10.05 04:52:30 | 000,756,048 | ---- | M] () -- C:\Programme\Common Files\microsoft shared\OFFICE12\MSPTLS.DLL
MOD - [2011.06.22 12:46:12 | 000,434,016 | ---- | M] () -- C:\Programme\Microsoft Office\Office12\ADDINS\UmOutlookAddin.dll
MOD - [2009.03.30 06:42:11 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2009.02.26 14:46:56 | 000,064,344 | ---- | M] () -- C:\Programme\Microsoft Office\Office12\ADDINS\ColleagueImport.dll
MOD - [2007.01.02 19:52:28 | 000,028,672 | ---- | M] () -- C:\Windows\System32\BatchCrypto.dll
MOD - [2007.01.02 19:52:18 | 000,063,488 | ---- | M] () -- C:\Windows\System32\ShowErrMsg.dll
MOD - [2006.09.04 11:41:14 | 000,028,672 | ---- | M] () -- C:\Acer\Empowering Technology\ePower\SysHook.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon -- (LiveUpdate Notice Ex)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon -- (CLTNetCnService)
SRV - [2012.07.10 16:08:24 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.07.10 16:08:13 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.05.29 13:09:52 | 001,528,672 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Programme\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc)
SRV - [2011.07.20 06:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2010.02.21 01:05:18 | 000,373,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2009.04.11 08:28:17 | 000,052,224 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2009.02.26 19:36:22 | 000,064,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)
SRV - [2008.10.16 17:26:20 | 000,860,160 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV - [2008.10.16 16:54:34 | 000,466,944 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV - [2008.01.29 18:38:32 | 000,583,048 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -- (LiveUpdate Notice Service)
SRV - [2008.01.19 09:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008.01.19 09:34:43 | 000,035,328 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\lpdsvc.dll -- (LPDSVC)
SRV - [2008.01.19 09:33:39 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2007.10.25 15:27:54 | 000,266,240 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc)
SRV - [2007.09.26 11:53:56 | 002,999,664 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Programme\Symantec\LiveUpdate\LuComServer_3_2.EXE -- (LiveUpdate)
SRV - [2007.09.26 11:53:56 | 000,554,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Programme\Symantec\LiveUpdate\AluSchedulerSvc.exe -- (Automatisches LiveUpdate - Scheduler)
SRV - [2007.01.02 19:58:58 | 000,457,512 | ---- | M] (HiTRSUT) [Auto | Running] -- C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe -- (eDataSecurity Service)
SRV - [2007.01.02 17:46:52 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe -- (eSettingsService)
SRV - [2007.01.02 10:33:24 | 000,135,168 | ---- | M] (acer) [Auto | Running] -- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe -- (WMIService)
SRV - [2006.12.28 21:07:22 | 000,126,976 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eNet\eNet Service.exe -- (eNet Service)
SRV - [2006.12.28 18:24:14 | 000,049,152 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe -- (eRecoveryService)
SRV - [2006.12.22 15:43:18 | 000,024,576 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe -- (eLockService)
SRV - [2006.12.14 18:00:00 | 000,544,768 | ---- | M] (Magix AG) [On_Demand | Stopped] -- C:\Programme\Common Files\MAGIX Shared\UPnPService\UPnPService.exe -- (UPnPService)
SRV - [2006.11.24 13:57:54 | 000,107,008 | ---- | M] () [Auto | Running] -- C:\Acer\Mobility Center\MobilityService.exe -- (MobilityService)
SRV - [2006.10.26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
SRV - [2005.11.17 16:18:52 | 001,527,900 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Programme\MAGIX\Common\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\VBoxNetFlt.sys -- (VBoxNetFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\UIUSYS.SYS -- (UIUSys)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - File not found [Kernel | Auto | Stopped] -- System32\Drivers\AWISp60.sys -- (AWISp60)
DRV - [2012.07.10 16:08:24 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012.07.10 16:08:24 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2012.05.08 15:21:42 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Programme\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv)
DRV - [2011.10.11 16:00:01 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2011.06.24 15:46:36 | 000,101,680 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV - [2010.06.17 16:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.10.07 09:49:40 | 006,756,632 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvuvc.sys -- (LVUVC) Logitech QuickCam E3500(UVC)
DRV - [2008.11.17 07:40:22 | 003,668,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel(R)
DRV - [2008.03.17 11:05:30 | 000,101,632 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2006.12.20 07:50:00 | 004,448,160 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2006.12.07 18:12:02 | 000,076,584 | ---- | M] () [Kernel | Auto | Running] -- C:\Acer\Empowering Technology\eRecovery\int15.sys -- (int15)
DRV - [2006.11.30 15:58:42 | 000,090,800 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\se44unic.sys -- (se44unic) Sony Ericsson Device 068 USB Ethernet Emulation SEMC44 (WDM)
DRV - [2006.11.30 15:58:34 | 000,086,432 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\se44obex.sys -- (se44obex)
DRV - [2006.11.30 15:58:32 | 000,018,704 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\se44nd5.sys -- (se44nd5) Sony Ericsson Device 068 USB Ethernet Emulation SEMC44 (NDIS)
DRV - [2006.11.30 15:58:30 | 000,088,624 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\se44mgmt.sys -- (se44mgmt) Sony Ericsson Device 068 USB WMC Device Management Drivers (WDM)
DRV - [2006.11.30 15:58:26 | 000,097,088 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\se44mdm.sys -- (se44mdm)
DRV - [2006.11.30 15:58:24 | 000,009,360 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\se44mdfl.sys -- (se44mdfl)
DRV - [2006.11.30 15:58:18 | 000,061,536 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\se44bus.sys -- (se44bus) Sony Ericsson Device 068 driver (WDM)
DRV - [2006.11.02 15:27:36 | 000,020,112 | ---- | M] (Dritek System Inc.) [Kernel | System | Running] -- C:\Programme\Launch Manager\DPortIO.sys -- (DritekPortIO)
DRV - [2006.11.02 09:30:53 | 000,045,056 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2006.10.30 03:42:28 | 001,786,880 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel(R)
DRV - [2006.10.25 08:36:48 | 000,042,240 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ESD7SK.sys -- (ESDCR)
DRV - [2006.10.25 08:36:44 | 000,076,928 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ESM7SK.sys -- (ESMCR)
DRV - [2006.10.25 08:36:36 | 000,062,208 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\EMS7SK.sys -- (EMSCR)
DRV - [2006.10.18 16:44:30 | 000,031,232 | ---- | M] (SMSC) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\smscirda.sys -- (SMSCIRDA)
DRV - [2006.08.04 11:39:10 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = Kostenlose E-Mail - Free Mail - E-Cards - Arcor das Newsportal
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = Kostenlose E-Mail - Free Mail - E-Cards - Arcor das Newsportal
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = Kostenlose E-Mail - Free Mail - E-Cards - Arcor das Newsportal
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Kostenlose E-Mail - Free Mail - E-Cards - Arcor das Newsportal
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Kostenlose E-Mail - Free Mail - E-Cards - Arcor das Newsportal
IE - HKLM\..\URLSearchHook: {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - C:\Programme\DVDVideoSoftTB_DE\prxtbDVDV.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {26647ca4-a2a7-4eac-8a72-761aa9141de7} - C:\Programme\www.Freeware-download.com\tbwww..dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Programme\Winload\tbWin0.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Programme\Softonic_Deutsch\tbSof0.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {b106b661-3e1b-4015-af5c-195e909f35c6} - C:\Programme\NCH_DE\prxtbNCH_.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=334&systemid=406&sr=0&q={searchTerms}
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2417}: "URL" = hxxp://www.searchqu.com/web?src=ieb&appid=0&systemid=417&sr=0&q={searchTerms}
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2325506
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = C:\Users\xxx\Music\Mammas musikk
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = Upgrade to Google Chrome
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = Acer.com Worldwide - Select your local country or region [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Upgrade to Google Chrome
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SEARCH PAGE = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = Acer.com Worldwide - Select your local country or region [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Babylon Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = Upgrade to Google Chrome
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = Upgrade to Google Chrome
IE - HKCU\..\URLSearchHook: {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - C:\Programme\DVDVideoSoftTB_DE\prxtbDVDV.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {26647ca4-a2a7-4eac-8a72-761aa9141de7} - C:\Programme\www.Freeware-download.com\tbwww..dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Programme\Winload\tbWin0.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found
IE - HKCU\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - No CLSID value found
IE - HKCU\..\URLSearchHook: {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Programme\Softonic_Deutsch\tbSof0.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {b106b661-3e1b-4015-af5c-195e909f35c6} - C:\Programme\NCH_DE\prxtbNCH_.dll (Conduit Ltd.)
IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&affID=113480&tt=010712_6&babsrc=SP_ss&mntrId=a008b45b0000000000000016d4cb915c
IE - HKCU\..\SearchScopes\{31CF9EBE-5755-4a1d-AC25-2834D952D9B4}: "URL" = hxxp://search.pdfcreator-toolbar.org/search?p=Q&ts=ne&w={searchTerms}&csrc=search-field
IE - HKCU\..\SearchScopes\{41427F18-E891-4297-BD8C-4BB0E8EAF99F}: "URL" = hxxp://resultsmaster.com/SmartOffers/SmartOffers.aspx?HBHintSVC=resultsmaster&HBHintSearchTermFields=qu&qu={searchTerms}&opener=iesearchbox
IE - HKCU\..\SearchScopes\{4E317010-F0AE-4905-BAE1-02F3402FA6DE}: "URL" = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rlz=1I7GGLL_de&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKCU\..\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}: "URL" = hxxp://127.0.0.1:4664/search&s=uuH9Yv5TERdTI-aou6w9nDZZ-FA?q={searchTerms}
IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=334&systemid=406&sr=0&q={searchTerms}
IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2417}: "URL" = hxxp://www.searchqu.com/web?src=ieb&appid=0&systemid=417&sr=0&q={searchTerms}
IE - HKCU\..\SearchScopes\{BE9654C9-9D79-42ec-B55A-3CAEB12DBF58}: "URL" = hxxp://www.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKCU\..\SearchScopes\{E8E72B61-195D-4E48-808D-91814217DD05}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..browser.search.defaultthis.engineName: "DVDVideoSoftTB Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://search.babylon.com/?affID=113480&tt=010712_6&babsrc=HP_ss_cr&mntrId=a008b45b0000000000000016d4cb915c"
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.2.5.2
FF - prefs.js..extensions.enabledItems: dplauncher@digitalpublishing.de:1.1
FF - prefs.js..extensions.enabledItems: support@pdfcreator-toolbar.org:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {b106b661-3e1b-4015-af5c-195e909f35c6}:3.6.0.10
FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:3.8.1.0
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.7
FF - prefs.js..extensions.enabledItems: ffxtlbr@babylon.com:1.2.0
FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=2&q="
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@digitalpublishing.de/dpLaunch: C:\Program Files\digital publishing\LAUNCHER_12_999999\nplaunch.dll (digital publishing AG)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=13: C:\Program Files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll (Google)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@virtools.com/3DviaPlayer: C:\Program Files\Virtools\3D Life Player\npvirtools.dll (Dassault Systèmes)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\xxx\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\xxx\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\webbooster@iminent.com: C:\Program Files\Iminent\webbooster@iminent.com
 
[2012.07.14 16:03:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\xxx\AppData\Roaming\mozilla\Extensions
[2012.07.14 18:04:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\xxx\AppData\Roaming\mozilla\Firefox\Profiles\3tyu23py.default\extensions
[2010.05.18 22:26:58 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\xxx\AppData\Roaming\mozilla\Firefox\Profiles\3tyu23py.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012.07.09 17:27:33 | 000,000,000 | ---D | M] (Freeware Download - Free Software Downloads Community Toolbar) -- C:\Users\xxx\AppData\Roaming\mozilla\Firefox\Profiles\3tyu23py.default\extensions\{26647ca4-a2a7-4eac-8a72-761aa9141de7}
[2009.04.01 09:29:36 | 000,000,000 | ---D | M] ("Neopets Toolbar") -- C:\Users\xxx\AppData\Roaming\mozilla\Firefox\Profiles\3tyu23py.default\extensions\{2cb97724-d789-4f43-8888-a763cbb8df6f}
[2012.06.12 19:10:18 | 000,000,000 | ---D | M] (Winload Community Toolbar) -- C:\Users\xxx\AppData\Roaming\mozilla\Firefox\Profiles\3tyu23py.default\extensions\{40c3cc16-7269-4b32-9531-17f2950fb06f}
[2012.07.15 18:37:35 | 000,000,000 | ---D | M] (DVDVideoSoftTB Community Toolbar) -- C:\Users\xxx\AppData\Roaming\mozilla\Firefox\Profiles\3tyu23py.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2009.10.24 10:23:36 | 000,000,000 | ---D | M] (Softonic Deutsch Toolbar) -- C:\Users\xxx\AppData\Roaming\mozilla\Firefox\Profiles\3tyu23py.default\extensions\{8dbb6d8e-e4a6-4e3b-9753-af78b226441c}
[2012.04.15 13:50:07 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\xxx\AppData\Roaming\mozilla\Firefox\Profiles\3tyu23py.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.05.30 17:28:16 | 000,000,000 | ---D | M] (NCH DE Community Toolbar) -- C:\Users\xxx\AppData\Roaming\mozilla\Firefox\Profiles\3tyu23py.default\extensions\{b106b661-3e1b-4015-af5c-195e909f35c6}
[2012.06.16 08:59:46 | 000,000,000 | ---D | M] (IMinent Toolbar) -- C:\Users\xxx\AppData\Roaming\mozilla\Firefox\Profiles\3tyu23py.default\extensions\{C9B68337-E93A-44EA-94DC-CB300EC06444}
[2011.02.12 17:46:32 | 000,000,000 | ---D | M] (dp Launcher Plugin) -- C:\Users\xxx\AppData\Roaming\mozilla\Firefox\Profiles\3tyu23py.default\extensions\dplauncher@digitalpublishing.de
[2011.01.22 20:21:49 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\xxx\AppData\Roaming\mozilla\Firefox\Profiles\3tyu23py.default\extensions\engine@conduit.com
[2011.12.19 17:42:41 | 000,000,000 | ---D | M] (Babylon) -- C:\Users\xxx\AppData\Roaming\mozilla\Firefox\Profiles\3tyu23py.default\extensions\ffxtlbr@babylon.com
[2009.08.26 08:53:54 | 000,000,000 | ---D | M] (Neopets Toolbar Add-on) -- C:\Users\xxxAppData\Roaming\mozilla\Firefox\Profiles\3tyu23py.default\extensions\ntaddon@swordfire.net
[2012.07.04 17:03:48 | 000,000,000 | ---D | M] ("SearchGBY") -- C:\Users\xxx\AppData\Roaming\mozilla\Firefox\Profiles\3tyu23py.default\extensions\plugin@searchgby.com
[2012.06.16 13:24:39 | 000,000,000 | ---D | M] (loadtbs) -- C:\Users\xxx\AppData\Roaming\mozilla\Firefox\Profiles\3tyu23py.default\extensions\software@loadtubes.com
[2011.12.02 01:12:34 | 000,000,931 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\3tyu23py.default\searchplugins\conduit.xml
[2012.07.14 13:10:07 | 000,000,950 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\3tyu23py.default\searchplugins\icqplugin-1.xml
[2008.07.02 23:40:32 | 000,000,950 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\3tyu23py.default\searchplugins\icqplugin-10.xml
[2008.07.16 20:08:10 | 000,000,950 | ---- | M] () -- C:\Users\xxxAppData\Roaming\Mozilla\Firefox\Profiles\3tyu23py.default\searchplugins\icqplugin-11.xml
[2008.10.24 14:08:58 | 000,000,950 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\3tyu23py.default\searchplugins\icqplugin-12.xml
[2008.11.15 00:19:31 | 000,000,950 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\3tyu23py.default\searchplugins\icqplugin-13.xml
[2008.12.20 00:38:12 | 000,000,950 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\3tyu23py.default\searchplugins\icqplugin-14.xml
[2009.02.06 23:27:51 | 000,000,950 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\3tyu23py.default\searchplugins\icqplugin-15.xml
[2009.03.09 07:42:22 | 000,000,950 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\3tyu23py.default\searchplugins\icqplugin-16.xml
[2009.03.28 09:59:43 | 000,000,950 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\3tyu23py.default\searchplugins\icqplugin-17.xml
[2009.04.24 13:43:05 | 000,000,950 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\3tyu23py.default\searchplugins\icqplugin-18.xml
[2009.05.01 08:00:47 | 000,000,950 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\3tyu23py.default\searchplugins\icqplugin-19.xml
[2007.10.20 17:07:55 | 000,000,949 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\3tyu23py.default\searchplugins\icqplugin-2.xml
[2009.06.12 19:28:58 | 000,000,950 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\3tyu23py.default\searchplugins\icqplugin-20.xml
[2009.07.23 09:45:07 | 000,000,950 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\3tyu23py.default\searchplugins\icqplugin-21.xml
[2009.08.05 13:51:18 | 000,000,950 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\3tyu23py.default\searchplugins\icqplugin-22.xml
[2009.09.11 06:44:54 | 000,000,950 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\3tyu23py.default\searchplugins\icqplugin-23.xml
[2009.10.30 23:25:26 | 000,000,950 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\3tyu23py.default\searchplugins\icqplugin-24.xml
[2009.12.12 21:20:19 | 000,000,950 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\3tyu23py.default\searchplugins\icqplugin-25.xml
[2009.12.20 09:54:07 | 000,000,950 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\3tyu23py.default\searchplugins\icqplugin-26.xml
[2010.01.06 23:01:57 | 000,000,950 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\3tyu23py.default\searchplugins\icqplugin-27.xml
[2010.02.28 08:07:23 | 000,000,950 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\3tyu23py.default\searchplugins\icqplugin-28.xml
[2010.04.21 15:27:47 | 000,000,950 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\3tyu23py.default\searchplugins\icqplugin-29.xml
[2007.11.03 14:17:42 | 000,000,949 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\3tyu23py.default\searchplugins\icqplugin-3.xml
[2011.01.21 18:09:17 | 000,000,950 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\3tyu23py.default\searchplugins\icqplugin-30.xml
[2011.02.17 21:48:35 | 000,000,950 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\3tyu23py.default\searchplugins\icqplugin-31.xml
[2007.11.28 10:41:54 | 000,000,949 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\3tyu23py.default\searchplugins\icqplugin-4.xml
[2007.12.08 18:57:42 | 000,000,949 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\3tyu23py.default\searchplugins\icqplugin-5.xml
[2008.02.11 12:26:46 | 000,000,949 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\3tyu23py.default\searchplugins\icqplugin-6.xml
[2008.03.26 22:34:04 | 000,000,949 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\3tyu23py.default\searchplugins\icqplugin-7.xml
[2008.04.17 13:16:11 | 000,000,949 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\3tyu23py.default\searchplugins\icqplugin-8.xml
[2008.06.19 07:16:35 | 000,000,950 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\3tyu23py.default\searchplugins\icqplugin-9.xml
[2007.09.15 17:50:14 | 000,000,949 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\3tyu23py.default\searchplugins\icqplugin.xml
[2008.12.05 08:05:10 | 000,005,711 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\3tyu23py.default\searchplugins\search-the-web.xml
[2012.07.02 22:13:47 | 000,002,519 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\3tyu23py.default\searchplugins\Search_Results.xml
[2012.04.24 15:13:45 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012.06.16 13:24:35 | 000,378,880 | ---- | M] (InfiniAd GmbH) -- C:\Program Files\mozilla firefox\plugins\npmieze.dll
[2012.07.06 17:41:28 | 000,002,351 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2011.12.30 14:27:06 | 000,002,520 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\SearchResults.xml
[2012.07.02 22:13:47 | 000,002,519 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Search_Results.xml
 
========== Chrome  ==========
 
CHR - homepage: 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: 
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\xxx\AppData\Local\Google\Chrome\Application\20.0.1132.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\xxx\AppData\Local\Google\Chrome\Application\20.0.1132.57\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\xxx\AppData\Local\Google\Chrome\Application\20.0.1132.57\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Babylon ToolBar (Enabled) = C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.7_0\BabylonChromeToolBar.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Acrobat 7.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np32dsw.dll
CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdivx32.dll
CHR - plugin: LoadTubes Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npmieze.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Updater (Enabled) = C:\Program Files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: 3DVIA player (Enabled) = C:\Program Files\Virtools\3D Life Player\npvirtools.dll
CHR - plugin: dp Launcher Plugin (Enabled) = C:\Program Files\digital publishing\LAUNCHER_12_999999\nplaunch.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: DVDVideoSoftTB DE = C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhphemoobgnikcoofkgackkaimpfmenm\2.3.15.10_0\
CHR - Extension: YouTube = C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google-Suche = C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Babylon Toolbar = C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.7_0\
CHR - Extension: SearchGBY = C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmijdhkcgeclpfjmibnginbbkfcbpep\0.9.55_0\
CHR - Extension: Google Mail = C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (DVDVideoSoftTB DE Toolbar) - {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - C:\Programme\DVDVideoSoftTB_DE\prxtbDVDV.dll (Conduit Ltd.)
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Freeware Download - Free Software Downloads Toolbar) - {26647ca4-a2a7-4eac-8a72-761aa9141de7} - C:\Programme\www.Freeware-download.com\tbwww..dll (Conduit Ltd.)
O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Programme\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll (Babylon BHO)
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (Winload Toolbar) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Programme\Winload\tbWin0.dll (Conduit Ltd.)
O2 - BHO: (TBSB01620 Class) - {58124A0B-DC32-4180-9BFF-E0E21AE34026} - C:\Programme\IMinent Toolbar\tbcore3.dll ()
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Softonic Deutsch Toolbar) - {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Programme\Softonic_Deutsch\tbSof0.dll (Conduit Ltd.)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (NCH DE Toolbar) - {b106b661-3e1b-4015-af5c-195e909f35c6} - C:\Programme\NCH_DE\prxtbNCH_.dll (Conduit Ltd.)
O2 - BHO: (Windows Live Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (no name) - !{26647ca4-a2a7-4eac-8a72-761aa9141de7} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - !{977AE9CC-AF83-45E8-9E03-E2798216E2D5} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - !{98889811-442D-49dd-99D7-DC866BE87DBC} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - !{DFEFCDEE-CF1A-4FC8-88AD-129872198372} - No CLSID value found.
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB DE Toolbar) - {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - C:\Programme\DVDVideoSoftTB_DE\prxtbDVDV.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Winload Toolbar) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Programme\Winload\tbWin0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)
O3 - HKLM\..\Toolbar: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Softonic Deutsch Toolbar) - {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Programme\Softonic_Deutsch\tbSof0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - {99079a25-328f-4bd4-be04-00955acaa0a7} - No CLSID value found.
O3 - HKLM\..\Toolbar: (NCH DE Toolbar) - {b106b661-3e1b-4015-af5c-195e909f35c6} - C:\Programme\NCH_DE\prxtbNCH_.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)
O3 - HKCU\..\Toolbar\WebBrowser: (NCH DE Toolbar) - {B106B661-3E1B-4015-AF5C-195E909F35C6} - C:\Programme\NCH_DE\prxtbNCH_.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Symantec PIF AlertEng] C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote Inhaltsverzeichnis.onetoc2 ()
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O8 - Extra context menu item: &Windows Live Search - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O8 - Extra context menu item: Add to Windows &Live Favorites - hxxp://favorites.live.com/quickadd.aspx File not found
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\xxx\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe File not found
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {85C86CCC-2158-4123-9C7D-785190CED875} https://lernboerse.arbeitsagentur.de/exklusiv/ilias/data/balihob/lm_data/httppath/dpLaunchPlugin.cab (dp Launcher Plugin)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 10.5.0)
O16 - DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 1.7.0_05)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 1.7.0_05)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6DDEF664-F3C4-4C3F-9B36-77858D38808D}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {FF151822-B0BF-11D1-A80D-000000000000} - C:\Programme\Common Files\System\Ole DB\oledb32.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL) - C:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - AppInit_DLLs: (eNetHook.dll) - C:\Windows\System32\eNetHook.dll (acer)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: D:\Pictures\Pictures\lisa+awaz.jpg
O24 - Desktop BackupWallPaper: D:\Pictures\Pictures\lisa+awaz.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{0ab19f07-cf88-11db-a713-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{0ab19f07-cf88-11db-a713-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Autorun.exe
O33 - MountPoints2\{11fe8d57-b4b0-11e1-b136-0016d4cb915c}\Shell - "" = AutoRun
O33 - MountPoints2\{11fe8d57-b4b0-11e1-b136-0016d4cb915c}\Shell\AutoRun\command - "" = G:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{11fe8d6b-b4b0-11e1-b136-0016d4cb915c}\Shell - "" = AutoRun
O33 - MountPoints2\{11fe8d6b-b4b0-11e1-b136-0016d4cb915c}\Shell\AutoRun\command - "" = G:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{36f887db-b4a8-11e1-98c4-0016d4cb915c}\Shell - "" = AutoRun
O33 - MountPoints2\{36f887db-b4a8-11e1-98c4-0016d4cb915c}\Shell\AutoRun\command - "" = G:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{36f887f6-b4a8-11e1-98c4-0016d4cb915c}\Shell - "" = AutoRun
O33 - MountPoints2\{36f887f6-b4a8-11e1-98c4-0016d4cb915c}\Shell\AutoRun\command - "" = H:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{402206e5-4de5-11de-89ca-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{402206e5-4de5-11de-89ca-806e6f6e6963}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{4022078b-4de5-11de-89ca-0016d4cb915c}\Shell - "" = AutoRun
O33 - MountPoints2\{4022078b-4de5-11de-89ca-0016d4cb915c}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{40220797-4de5-11de-89ca-0016d4cb915c}\Shell - "" = AutoRun
O33 - MountPoints2\{40220797-4de5-11de-89ca-0016d4cb915c}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{40220799-4de5-11de-89ca-0016d4cb915c}\Shell - "" = AutoRun
O33 - MountPoints2\{40220799-4de5-11de-89ca-0016d4cb915c}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{5e092b33-586b-11df-a8bc-0016d4cb915c}\Shell - "" = AutoRun
O33 - MountPoints2\{5e092b33-586b-11df-a8bc-0016d4cb915c}\Shell\AutoRun\command - "" = G:\setup_vmc_lite.exe /checkApplicationPresence
O34 - HKLM BootExecute: (autocheck autochk /r \??\H:)
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.07.18 14:21:03 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\Malwarebytes
[2012.07.18 14:20:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.07.18 14:20:48 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.07.18 14:20:47 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.07.17 13:09:31 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012.07.16 17:49:21 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\NCH Software
[2012.07.16 17:49:21 | 000,000,000 | ---D | C] -- C:\ProgramData\NCH Software
[2012.07.15 18:37:28 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\CRE
[2012.07.15 18:37:18 | 000,000,000 | ---D | C] -- C:\Program Files\DVDVideoSoftTB_DE
[2012.07.15 18:37:05 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.07.15 18:36:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
[2012.07.15 18:36:55 | 000,405,144 | ---- | C] (Newtonsoft) -- C:\Windows\System32\Newtonsoft.Json.Net20.dll
[2012.07.15 18:36:45 | 000,000,000 | ---D | C] -- C:\Program Files\DVDVideoSoft
[2012.07.15 18:36:45 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DVDVideoSoft
[2012.07.15 18:32:26 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\Digiarty
[2012.07.15 18:31:47 | 000,000,000 | ---D | C] -- C:\Program Files\Digiarty
[2012.07.15 18:21:32 | 000,000,000 | ---D | C] -- D:\Documents\Abelssoft
[2012.07.15 18:15:20 | 000,000,000 | ---D | C] -- C:\Program Files\K-Lite Codec Pack
[2012.07.15 18:15:15 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\Abelssoft
[2012.07.14 18:39:23 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2012.07.14 18:37:50 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2012.07.14 18:35:23 | 000,739,856 | ---- | C] (Google Inc.) -- C:\Users\xxx\chrome_installer200113247.exe
[2012.07.14 14:10:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.07.14 12:25:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Sirrix AG
[2012.07.14 12:25:09 | 000,000,000 | ---D | C] -- C:\Program Files\Sirrix AG
[2012.07.14 11:57:20 | 000,000,000 | ---D | C] -- C:\Program Files\Oracle
[2012.07.14 10:21:15 | 000,000,000 | ---D | C] -- C:\Program Files\HitmanPro
[2012.07.14 10:20:28 | 007,718,272 | ---- | C] (SurfRight B.V.) -- C:\Users\xxx\HitmanPro36.exe
[2012.07.14 07:36:43 | 000,000,000 | ---D | C] -- C:\Users\xxx\gegen Trojaner
[2012.07.13 20:43:24 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\Qoiwc
[2012.07.13 20:43:24 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\Akafu
[2012.07.10 15:47:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2012.07.09 21:59:49 | 000,031,584 | ---- | C] (TuneUp Software) -- C:\Windows\System32\TURegOpt.exe
[2012.07.09 21:59:49 | 000,021,344 | ---- | C] (TuneUp Software) -- C:\Windows\System32\authuitu.dll
[2012.07.09 21:59:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2012
[2012.07.09 21:59:06 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\TuneUp Software
[2012.07.09 21:58:45 | 000,000,000 | ---D | C] -- C:\Program Files\TuneUp Utilities 2012
[2012.07.09 21:50:39 | 000,000,000 | -HSD | C] -- C:\ProgramData\{32364CEA-7855-4A3C-B674-53D8E9B97936}
[2012.07.09 21:50:39 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2012.07.09 21:48:48 | 037,771,696 | ---- | C] (TuneUp Software) -- C:\Users\xxx\TuneUpUtilities2012_de-DE.exe
[2012.07.06 17:41:47 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\BabylonToolbar
[2012.07.06 17:41:37 | 000,000,000 | ---D | C] -- C:\Program Files\BabylonToolbar
[2012.07.06 17:41:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon
[2012.07.03 21:03:00 | 000,000,000 | ---D | C] -- C:\Program Files\SearchGBY
[2012.07.03 21:02:33 | 000,000,000 | ---D | C] -- C:\Program Files\KB Piano 2
[2012.07.02 22:15:32 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\Ilivid Player
[2012.06.17 18:30:40 | 004,441,861 | ---- | C] ((c) 2006-2011, Tom Thielicke IT Solutions                   ) -- C:\Users\xxx\tipp10_win_v2-1-0.exe
[2012.04.04 15:55:01 | 006,951,776 | ---- | C] (digital publishing AG) -- C:\Users\xxx\dpLaunchSet.exe
[2007.08.21 08:07:16 | 000,010,752 | ---- | C] (Arcor Online GmbH) -- C:\Users\xxx\AppData\Local\cmdial32.dll
[6 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[4 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.07.18 17:02:09 | 000,002,735 | ---- | M] () -- C:\Users\xxx\Desktop\Microsoft Office Outlook 2007.lnk
[2012.07.18 16:47:00 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2661263122-194117992-2275258509-1000UA.job
[2012.07.18 15:21:23 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.07.18 15:21:23 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.07.18 14:22:23 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.07.18 13:53:33 | 000,013,072 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\nvModes.dat
[2012.07.18 13:53:33 | 000,013,072 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\nvModes.001
[2012.07.18 13:28:08 | 000,677,816 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.07.18 13:28:08 | 000,637,900 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.07.18 13:28:08 | 000,146,856 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.07.18 13:28:08 | 000,121,064 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.07.18 13:21:21 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.07.17 20:27:49 | 000,000,000 | ---- | M] () -- C:\Users\xxx\defogger_reenable
[2012.07.17 08:46:00 | 000,001,072 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2661263122-194117992-2275258509-1000Core.job
[2012.07.15 18:37:35 | 000,000,009 | ---- | M] () -- C:\END
[2012.07.15 18:36:57 | 000,001,195 | ---- | M] () -- C:\Users\xxx\Desktop\Free YouTube to MP3 Converter.lnk
[2012.07.15 15:50:44 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.07.15 15:50:44 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.07.14 18:37:50 | 000,002,065 | ---- | M] () -- C:\Users\xxx\Desktop\Google Chrome.lnk
[2012.07.14 10:37:38 | 000,002,522 | ---- | M] () -- C:\Windows\System32\.crusader
[2012.07.14 10:20:36 | 007,718,272 | ---- | M] (SurfRight B.V.) -- C:\Users\xxx\HitmanPro36.exe
[2012.07.13 17:22:09 | 000,002,633 | ---- | M] () -- C:\Users\xxx\Desktop\Microsoft Office Excel 2007.lnk
[2012.07.11 18:30:01 | 000,004,135 | ---- | M] () -- C:\WirelessDiagLog.csv
[2012.07.11 18:08:11 | 000,425,264 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.07.10 16:08:24 | 000,137,928 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2012.07.10 16:08:24 | 000,083,392 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2012.07.09 21:59:43 | 000,001,873 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp 1-Klick-Wartung.lnk
[2012.07.09 21:49:42 | 037,771,696 | ---- | M] (TuneUp Software) -- C:\Users\xxx\TuneUpUtilities2012_de-DE.exe
[2012.07.09 18:05:51 | 004,503,728 | ---- | M] () -- C:\ProgramData\go_0molg.pad
[2012.07.08 22:03:23 | 000,046,592 | ---- | M] () -- C:\Users\xxx\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.07.08 12:56:05 | 004,503,728 | ---- | M] () -- C:\ProgramData\0tbpw.pad
[2012.07.06 17:41:39 | 000,000,725 | ---- | M] () -- C:\user.js
[2012.07.05 18:10:57 | 070,101,919 | ---- | M] () -- C:\Users\xxx\Englisch für Anfänger.wma
[2012.07.05 18:09:06 | 216,268,903 | ---- | M] () -- C:\Users\xxx\Sprachkurs Englisch.wma
[2012.07.05 15:22:30 | 000,043,410 | ---- | M] () -- C:\Users\xxx\tickets2.pdf
[2012.07.05 15:22:15 | 000,043,453 | ---- | M] () -- C:\Users\xxx\tickets.pdf
[2012.07.03 21:02:46 | 000,030,520 | ---- | M] () -- C:\Windows\System32\midiwrap3405.deu
[2012.07.03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.06.29 17:01:54 | 000,544,356 | ---- | M] () -- C:\Users\xxx\Englisch lernen mit The Grooves_ Business World.pdf
[2012.06.29 17:00:12 | 061,108,057 | ---- | M] () -- C:\Users\xxx\Englisch lernen mit The Grooves_ Business World.wma
[2012.06.27 21:44:49 | 000,013,615 | ---- | M] () -- C:\Users\xxx\bildungspaket-mehrtaegige-ausfluege-klassenfahrten-anlage.pdf
[2012.06.26 17:28:07 | 000,218,587 | ---- | M] () -- C:\Users\xxx\AntragTeilhabe_03_2012.pdf
[2012.06.25 21:33:53 | 153,919,040 | ---- | M] () -- C:\Users\xxx\Abenteuer Gedächtnis(1).wma
[2012.06.22 16:32:30 | 000,405,144 | ---- | M] (Newtonsoft) -- C:\Windows\System32\Newtonsoft.Json.Net20.dll
[6 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[4 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.07.18 14:20:50 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.07.17 20:27:49 | 000,000,000 | ---- | C] () -- C:\Users\xxx\defogger_reenable
[2012.07.15 18:37:35 | 000,000,009 | ---- | C] () -- C:\END
[2012.07.15 18:36:57 | 000,001,195 | ---- | C] () -- C:\Users\xxx\Desktop\Free YouTube to MP3 Converter.lnk
[2012.07.14 18:37:50 | 000,002,065 | ---- | C] () -- C:\Users\xxx\Desktop\Google Chrome.lnk
[2012.07.14 18:36:36 | 000,001,124 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2661263122-194117992-2275258509-1000UA.job
[2012.07.14 18:36:34 | 000,001,072 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2661263122-194117992-2275258509-1000Core.job
[2012.07.14 10:37:38 | 000,002,522 | ---- | C] () -- C:\Windows\System32\.crusader
[2012.07.09 21:59:43 | 000,001,881 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2012.lnk
[2012.07.09 21:59:43 | 000,001,873 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp 1-Klick-Wartung.lnk
[2012.07.08 12:46:33 | 004,503,728 | ---- | C] () -- C:\ProgramData\go_0molg.pad
[2012.07.08 12:46:32 | 004,503,728 | ---- | C] () -- C:\ProgramData\0tbpw.pad
[2012.07.05 18:09:23 | 070,101,919 | ---- | C] () -- C:\Users\xxx\Englisch für Anfänger.wma
[2012.07.05 18:04:04 | 216,268,903 | ---- | C] () -- C:\Users\xxx\Sprachkurs Englisch.wma
[2012.07.05 15:22:29 | 000,043,410 | ---- | C] () -- C:\Users\xxx\tickets2.pdf
[2012.07.05 15:22:14 | 000,043,453 | ---- | C] () -- C:\Users\xxx\tickets.pdf
[2012.07.03 21:02:46 | 000,030,520 | ---- | C] () -- C:\Windows\System32\midiwrap3405.deu
[2012.06.29 17:01:53 | 000,544,356 | ---- | C] () -- C:\Users\xxx\Englisch lernen mit The Grooves_ Business World.pdf
[2012.06.29 16:58:56 | 061,108,057 | ---- | C] () -- C:\Users\xxx\Englisch lernen mit The Grooves_ Business World.wma
[2012.06.27 21:44:49 | 000,013,615 | ---- | C] () -- C:\Users\xxx\bildungspaket-mehrtaegige-ausfluege-klassenfahrten-anlage.pdf
[2012.06.26 17:28:05 | 000,218,587 | ---- | C] () -- C:\Users\xxx\AntragTeilhabe_03_2012.pdf
[2012.06.25 21:30:17 | 153,919,040 | ---- | C] () -- C:\Users\xxx\Abenteuer Gedächtnis(1).wma
[2012.06.17 17:00:42 | 000,005,871 | ---- | C] () -- C:\Users\xxx\AppData\Local\recently-used.xbel
[2012.06.16 15:41:37 | 000,068,608 | ---- | C] () -- C:\Users\xxx\Hat die Praktikantin.pub
[2012.05.29 19:26:50 | 008,219,648 | ---- | C] () -- C:\Users\xxx\Meine Broschüre.pub
[2012.05.19 16:47:59 | 000,000,082 | ---- | C] () -- C:\Windows\odbc_merge.INI
[2012.05.07 18:51:22 | 173,966,408 | ---- | C] () -- C:\Users\xxx\Rossmann-Fotosoftware-Setup.exe
[2012.04.23 21:06:28 | 000,086,016 | ---- | C] () -- C:\Windows\System32\custmon32i.dll
[2012.03.21 16:38:37 | 000,000,064 | ---- | C] () -- C:\Windows\GPlrLanc.dat
[2011.12.23 19:14:03 | 000,084,405 | ---- | C] () -- C:\Users\xxx\Leseprobe Klugscheißer für Fake.pdf
[2011.12.23 16:55:13 | 000,133,564 | ---- | C] () -- C:\Users\xxx\Leseprobe für Fake.pdf
[2011.07.07 08:55:26 | 001,812,597 | ---- | C] () -- C:\Users\xxx\Monitorkalibrierung.zip
[2011.06.30 14:06:46 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011.06.25 22:32:22 | 002,948,218 | ---- | C] () -- C:\Users\xxx\Leseprobe.pdf
[2011.06.03 14:20:31 | 000,184,192 | ---- | C] () -- C:\Users\xxx\BuT.pdf
[2011.06.02 10:49:31 | 034,104,383 | ---- | C] () -- C:\Users\xxx\Kopie von context (5).pdf
[2011.04.23 12:03:47 | 000,008,468 | ---- | C] () -- C:\Users\xxx\bildungspaket.pdf
[2011.02.26 21:53:39 | 000,004,096 | -H-- | C] () -- C:\Users\xxx\AppData\Local\keyfile3.drm
[2010.03.07 16:40:47 | 000,014,519 | ---- | C] () -- C:\ProgramData\LUUnInstall.LiveUpdate
[2008.03.11 07:41:26 | 000,000,680 | ---- | C] () -- C:\Users\xxx\AppData\Local\d3d9caps.dat
[2007.06.20 18:05:35 | 000,008,438 | ---- | C] () -- C:\Users\xxx\AppData\Roaming\mdb.bin
[2007.06.12 20:20:30 | 000,013,072 | ---- | C] () -- C:\Users\xxx\AppData\Roaming\nvModes.001
[2007.06.12 18:29:04 | 000,046,592 | ---- | C] () -- C:\Users\xxx\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007.06.12 18:18:50 | 000,013,072 | ---- | C] () -- C:\Users\xxx\AppData\Roaming\nvModes.dat
 
========== LOP Check ==========
 
[2012.07.13 20:43:24 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Akafu
[2009.10.24 10:02:04 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Artweaver
[2011.12.19 17:42:29 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Babylon
[2012.07.06 17:41:47 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\BabylonToolbar
[2010.03.23 21:08:24 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Canon
[2009.11.15 17:11:40 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\CasualForge
[2010.02.16 14:43:39 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\cerasus.media
[2012.07.15 18:32:26 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Digiarty
[2011.02.12 17:49:28 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\digital publishing
[2012.07.15 18:38:10 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\DVDVideoSoft
[2012.07.15 18:37:05 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.04.10 15:59:23 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\FreeScreenToVideo
[2012.04.21 16:28:26 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\GetRightToGo
[2012.06.14 19:01:34 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\gtk-2.0
[2007.09.15 14:59:56 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\ICQ
[2008.03.10 20:21:22 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\ICQ Toolbar
[2008.12.25 19:33:44 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Leadertech
[2012.05.04 20:06:30 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Lexware
[2012.06.16 13:24:40 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\loadtbs
[2007.12.24 20:16:16 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\MAGIX
[2010.11.14 18:43:27 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Merscom
[2011.08.25 11:17:13 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\NCH Swift Sound
[2009.04.01 09:29:44 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Neopets Toolbar
[2011.06.09 22:18:56 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\OpenOffice.org
[2008.03.02 15:07:55 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\PC-FAX TX
[2009.08.08 20:06:38 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Peace Craft
[2011.02.22 22:14:21 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\PeerNetworking
[2012.07.14 10:11:54 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Qoiwc
[2007.06.20 20:06:34 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\ScanSoft
[2008.12.31 17:36:54 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Spandex Force
[2012.06.01 20:53:44 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\TimePunch
[2012.07.09 21:59:06 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\TuneUp Software
[2012.06.12 18:10:00 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Vodafone
[2008.10.19 19:28:10 | 000,000,256 | ---- | M] () -- C:\Windows\Tasks\Auf Updates für Windows Live Toolbar prüfen.job
[2012.07.17 20:34:40 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 98 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 98 bytes -> C:\ProgramData\TEMP:551E1CB4
@Alternate Data Stream - 150 bytes -> C:\ProgramData\TEMP:F878F14A
@Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:5425B7F5
@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:940ECC98
@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:90E60569
@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:DCDE7C60
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:91CF76E3
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:580E04D8
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:0207454C
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:B652B720
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:6CEB2458
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:426796C0
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:FF818E2B
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:1CB8D545
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:9AB338B9
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:4D066AD2
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:01442FD8
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:D88D995C
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:9AB56A06
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:08F16DBB
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:550179F5
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:3B3A35EC
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:30C46519
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:E1982A23
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:4D7FCCD3
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:B54102AD
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:0D31DA45
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:3CF23EC3
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:8C458D50
@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:B419A171
@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:9B52F176
@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:8FBE0E9C
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:90E3641D
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:DDE7FCF4
@Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:B14B4A95
@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:588B60C7
@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:37CE0F2E
@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:34FC1C45
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:25005EFA
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:1C9565AC
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:1D6686D8
@Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:567AC0A6
@Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:F50F1555

< End of report >
         
--- --- ---


Alt 18.07.2012, 17:00   #6
mmetzak77
 
19 infizierte registrierungsschlüssel von malewarebytes nach tr/kazy.80623.1 gefunden - Standard

19 infizierte registrierungsschlüssel von malewarebytes nach tr/kazy.80623.1 gefunden



OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 18.07.2012 17:07:00 - Run 2
OTL by OldTimer - Version 3.2.54.0     Folder = D:\Documents\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,25 Gb Available Physical Memory | 62,67% Memory free
4,23 Gb Paging File | 2,89 Gb Available in Paging File | 68,43% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 70,77 Gb Total Space | 4,01 Gb Free Space | 5,67% Space Free | Partition Type: NTFS
Drive D: | 70,47 Gb Total Space | 48,95 Gb Free Space | 69,46% Space Free | Partition Type: NTFS
 
Computer Name: MRX | User Name: xxx | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.07.18 16:59:44 | 000,596,480 | ---- | M] (OldTimer Tools) -- D:\Documents\Downloads\OTL (3).exe
PRC - [2012.07.10 16:08:24 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2012.07.10 16:08:14 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2012.07.10 16:08:13 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.07.10 16:08:13 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.05.29 13:09:52 | 001,528,672 | ---- | M] (TuneUp Software) -- C:\Programme\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe
PRC - [2012.05.29 13:09:52 | 001,220,960 | ---- | M] (TuneUp Software) -- C:\Programme\TuneUp Utilities 2012\TuneUpUtilitiesApp32.exe
PRC - [2012.05.03 16:11:22 | 013,006,952 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Office\Office12\OUTLOOK.EXE
PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.02.26 19:36:46 | 000,030,040 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe
PRC - [2008.10.16 17:26:20 | 000,860,160 | ---- | M] (Intel(R) Corporation) -- C:\Programme\Intel\WiFi\bin\EvtEng.exe
PRC - [2008.10.16 16:54:34 | 000,466,944 | ---- | M] (Intel(R) Corporation) -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe
PRC - [2008.01.29 18:38:32 | 000,583,048 | ---- | M] (Symantec Corporation) -- C:\Programme\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
PRC - [2008.01.19 09:33:39 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe
PRC - [2007.09.26 11:53:56 | 000,554,352 | ---- | M] (Symantec Corporation) -- C:\Programme\Symantec\LiveUpdate\AluSchedulerSvc.exe
PRC - [2007.06.12 16:55:29 | 000,208,896 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Users\xxx\AppData\Local\Temp\RtkBtMnt.exe
PRC - [2007.01.10 17:20:34 | 000,462,848 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
PRC - [2007.01.02 19:58:58 | 000,457,512 | ---- | M] (HiTRSUT) -- C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
PRC - [2007.01.02 17:46:52 | 000,024,576 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
PRC - [2007.01.02 10:33:24 | 000,135,168 | ---- | M] (acer) -- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
PRC - [2006.12.28 21:07:22 | 000,126,976 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eNet\eNet Service.exe
PRC - [2006.12.28 18:24:14 | 000,049,152 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
PRC - [2006.12.22 15:43:18 | 000,024,576 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
PRC - [2006.12.14 15:34:16 | 000,393,216 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
PRC - [2006.12.01 07:37:00 | 004,186,112 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2006.11.24 13:57:54 | 000,107,008 | ---- | M] () -- C:\Acer\Mobility Center\MobilityService.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.07.16 07:49:55 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\f2691cfa7671cdc58179e56ba9227591\System.Windows.Forms.ni.dll
MOD - [2012.07.16 07:49:24 | 001,592,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\18f9789aa214c657113e676b3a9015aa\System.Drawing.ni.dll
MOD - [2012.07.16 07:49:10 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\846b9cf2756fdd15f704c9bab9c70b6f\System.Runtime.Remoting.ni.dll
MOD - [2012.07.16 07:48:54 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d2630342a066a7cb9056d9eb6157687a\System.Xml.ni.dll
MOD - [2012.07.16 07:41:43 | 007,953,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\28d633338fc8d29f8af31935ef7d001b\System.ni.dll
MOD - [2012.07.16 07:41:34 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\af9c9e9d7e0523cd444f8b551baa9cbf\mscorlib.ni.dll
MOD - [2012.07.14 18:38:26 | 000,133,632 | ---- | M] () -- C:\Users\xxx\AppData\Local\Google\Chrome\USERDA~1\Default\EXTENS~1\DHKPLH~1\1.7_0\BABYLO~1.DLL
MOD - [2012.06.27 18:38:52 | 000,531,968 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\BabylonToolbar\CR\BUSolution.dll
MOD - [2011.10.05 04:52:30 | 000,756,048 | ---- | M] () -- C:\Programme\Common Files\microsoft shared\OFFICE12\MSPTLS.DLL
MOD - [2011.06.22 12:46:12 | 000,434,016 | ---- | M] () -- C:\Programme\Microsoft Office\Office12\ADDINS\UmOutlookAddin.dll
MOD - [2009.03.30 06:42:11 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2009.02.26 14:46:56 | 000,064,344 | ---- | M] () -- C:\Programme\Microsoft Office\Office12\ADDINS\ColleagueImport.dll
MOD - [2007.01.02 19:52:28 | 000,028,672 | ---- | M] () -- C:\Windows\System32\BatchCrypto.dll
MOD - [2007.01.02 19:52:18 | 000,063,488 | ---- | M] () -- C:\Windows\System32\ShowErrMsg.dll
MOD - [2006.09.04 11:41:14 | 000,028,672 | ---- | M] () -- C:\Acer\Empowering Technology\ePower\SysHook.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon -- (LiveUpdate Notice Ex)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon -- (CLTNetCnService)
SRV - [2012.07.10 16:08:24 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.07.10 16:08:13 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.05.29 13:09:52 | 001,528,672 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Programme\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc)
SRV - [2011.07.20 06:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2010.02.21 01:05:18 | 000,373,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2009.04.11 08:28:17 | 000,052,224 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2009.02.26 19:36:22 | 000,064,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)
SRV - [2008.10.16 17:26:20 | 000,860,160 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV - [2008.10.16 16:54:34 | 000,466,944 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV - [2008.01.29 18:38:32 | 000,583,048 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -- (LiveUpdate Notice Service)
SRV - [2008.01.19 09:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008.01.19 09:34:43 | 000,035,328 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\lpdsvc.dll -- (LPDSVC)
SRV - [2008.01.19 09:33:39 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2007.10.25 15:27:54 | 000,266,240 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc)
SRV - [2007.09.26 11:53:56 | 002,999,664 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Programme\Symantec\LiveUpdate\LuComServer_3_2.EXE -- (LiveUpdate)
SRV - [2007.09.26 11:53:56 | 000,554,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Programme\Symantec\LiveUpdate\AluSchedulerSvc.exe -- (Automatisches LiveUpdate - Scheduler)
SRV - [2007.01.02 19:58:58 | 000,457,512 | ---- | M] (HiTRSUT) [Auto | Running] -- C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe -- (eDataSecurity Service)
SRV - [2007.01.02 17:46:52 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe -- (eSettingsService)
SRV - [2007.01.02 10:33:24 | 000,135,168 | ---- | M] (acer) [Auto | Running] -- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe -- (WMIService)
SRV - [2006.12.28 21:07:22 | 000,126,976 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eNet\eNet Service.exe -- (eNet Service)
SRV - [2006.12.28 18:24:14 | 000,049,152 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe -- (eRecoveryService)
SRV - [2006.12.22 15:43:18 | 000,024,576 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe -- (eLockService)
SRV - [2006.12.14 18:00:00 | 000,544,768 | ---- | M] (Magix AG) [On_Demand | Stopped] -- C:\Programme\Common Files\MAGIX Shared\UPnPService\UPnPService.exe -- (UPnPService)
SRV - [2006.11.24 13:57:54 | 000,107,008 | ---- | M] () [Auto | Running] -- C:\Acer\Mobility Center\MobilityService.exe -- (MobilityService)
SRV - [2006.10.26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
SRV - [2005.11.17 16:18:52 | 001,527,900 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Programme\MAGIX\Common\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\VBoxNetFlt.sys -- (VBoxNetFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\UIUSYS.SYS -- (UIUSys)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - File not found [Kernel | Auto | Stopped] -- System32\Drivers\AWISp60.sys -- (AWISp60)
DRV - [2012.07.10 16:08:24 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012.07.10 16:08:24 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2012.05.08 15:21:42 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Programme\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv)
DRV - [2011.10.11 16:00:01 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2011.06.24 15:46:36 | 000,101,680 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV - [2010.06.17 16:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.10.07 09:49:40 | 006,756,632 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvuvc.sys -- (LVUVC) Logitech QuickCam E3500(UVC)
DRV - [2008.11.17 07:40:22 | 003,668,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel(R)
DRV - [2008.03.17 11:05:30 | 000,101,632 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2006.12.20 07:50:00 | 004,448,160 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2006.12.07 18:12:02 | 000,076,584 | ---- | M] () [Kernel | Auto | Running] -- C:\Acer\Empowering Technology\eRecovery\int15.sys -- (int15)
DRV - [2006.11.30 15:58:42 | 000,090,800 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\se44unic.sys -- (se44unic) Sony Ericsson Device 068 USB Ethernet Emulation SEMC44 (WDM)
DRV - [2006.11.30 15:58:34 | 000,086,432 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\se44obex.sys -- (se44obex)
DRV - [2006.11.30 15:58:32 | 000,018,704 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\se44nd5.sys -- (se44nd5) Sony Ericsson Device 068 USB Ethernet Emulation SEMC44 (NDIS)
DRV - [2006.11.30 15:58:30 | 000,088,624 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\se44mgmt.sys -- (se44mgmt) Sony Ericsson Device 068 USB WMC Device Management Drivers (WDM)
DRV - [2006.11.30 15:58:26 | 000,097,088 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\se44mdm.sys -- (se44mdm)
DRV - [2006.11.30 15:58:24 | 000,009,360 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\se44mdfl.sys -- (se44mdfl)
DRV - [2006.11.30 15:58:18 | 000,061,536 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\se44bus.sys -- (se44bus) Sony Ericsson Device 068 driver (WDM)
DRV - [2006.11.02 15:27:36 | 000,020,112 | ---- | M] (Dritek System Inc.) [Kernel | System | Running] -- C:\Programme\Launch Manager\DPortIO.sys -- (DritekPortIO)
DRV - [2006.11.02 09:30:53 | 000,045,056 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2006.10.30 03:42:28 | 001,786,880 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel(R)
DRV - [2006.10.25 08:36:48 | 000,042,240 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ESD7SK.sys -- (ESDCR)
DRV - [2006.10.25 08:36:44 | 000,076,928 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ESM7SK.sys -- (ESMCR)
DRV - [2006.10.25 08:36:36 | 000,062,208 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\EMS7SK.sys -- (EMSCR)
DRV - [2006.10.18 16:44:30 | 000,031,232 | ---- | M] (SMSC) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\smscirda.sys -- (SMSCIRDA)
DRV - [2006.08.04 11:39:10 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.arcor.de
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.arcor.de
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = hxxp://www.arcor.de
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.arcor.de
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.arcor.de
IE - HKLM\..\URLSearchHook: {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - C:\Programme\DVDVideoSoftTB_DE\prxtbDVDV.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {26647ca4-a2a7-4eac-8a72-761aa9141de7} - C:\Programme\www.Freeware-download.com\tbwww..dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Programme\Winload\tbWin0.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Programme\Softonic_Deutsch\tbSof0.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {b106b661-3e1b-4015-af5c-195e909f35c6} - C:\Programme\NCH_DE\prxtbNCH_.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=334&systemid=406&sr=0&q={searchTerms}
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2417}: "URL" = hxxp://www.searchqu.com/web?src=ieb&appid=0&systemid=417&sr=0&q={searchTerms}
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2325506
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = C:\Users\xxx\Music\Mammas musikk
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SEARCH PAGE = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://global.acer.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.babylon.com/?affID=113480&tt=010712_6&babsrc=HP_ss&mntrId=a008b45b0000000000000016d4cb915c
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie
IE - HKCU\..\URLSearchHook: {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - C:\Programme\DVDVideoSoftTB_DE\prxtbDVDV.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {26647ca4-a2a7-4eac-8a72-761aa9141de7} - C:\Programme\www.Freeware-download.com\tbwww..dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Programme\Winload\tbWin0.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found
IE - HKCU\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - No CLSID value found
IE - HKCU\..\URLSearchHook: {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Programme\Softonic_Deutsch\tbSof0.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {b106b661-3e1b-4015-af5c-195e909f35c6} - C:\Programme\NCH_DE\prxtbNCH_.dll (Conduit Ltd.)
IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&affID=113480&tt=010712_6&babsrc=SP_ss&mntrId=a008b45b0000000000000016d4cb915c
IE - HKCU\..\SearchScopes\{31CF9EBE-5755-4a1d-AC25-2834D952D9B4}: "URL" = hxxp://search.pdfcreator-toolbar.org/search?p=Q&ts=ne&w={searchTerms}&csrc=search-field
IE - HKCU\..\SearchScopes\{41427F18-E891-4297-BD8C-4BB0E8EAF99F}: "URL" = hxxp://resultsmaster.com/SmartOffers/SmartOffers.aspx?HBHintSVC=resultsmaster&HBHintSearchTermFields=qu&qu={searchTerms}&opener=iesearchbox
IE - HKCU\..\SearchScopes\{4E317010-F0AE-4905-BAE1-02F3402FA6DE}: "URL" = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rlz=1I7GGLL_de&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKCU\..\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}: "URL" = hxxp://127.0.0.1:4664/search&s=uuH9Yv5TERdTI-aou6w9nDZZ-FA?q={searchTerms}
IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=334&systemid=406&sr=0&q={searchTerms}
IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2417}: "URL" = hxxp://www.searchqu.com/web?src=ieb&appid=0&systemid=417&sr=0&q={searchTerms}
IE - HKCU\..\SearchScopes\{BE9654C9-9D79-42ec-B55A-3CAEB12DBF58}: "URL" = hxxp://www.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKCU\..\SearchScopes\{E8E72B61-195D-4E48-808D-91814217DD05}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..browser.search.defaultthis.engineName: "DVDVideoSoftTB Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://search.babylon.com/?affID=113480&tt=010712_6&babsrc=HP_ss_cr&mntrId=a008b45b0000000000000016d4cb915c"
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.2.5.2
FF - prefs.js..extensions.enabledItems: dplauncher@digitalpublishing.de:1.1
FF - prefs.js..extensions.enabledItems: support@pdfcreator-toolbar.org:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {b106b661-3e1b-4015-af5c-195e909f35c6}:3.6.0.10
FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:3.8.1.0
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.7
FF - prefs.js..extensions.enabledItems: ffxtlbr@babylon.com:1.2.0
FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=2&q="
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@digitalpublishing.de/dpLaunch: C:\Program Files\digital publishing\LAUNCHER_12_999999\nplaunch.dll (digital publishing AG)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=13: C:\Program Files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll (Google)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@virtools.com/3DviaPlayer: C:\Program Files\Virtools\3D Life Player\npvirtools.dll (Dassault Systèmes)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\xxx\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\xxx\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\webbooster@iminent.com: C:\Program Files\Iminent\webbooster@iminent.com
 
[2012.07.14 16:03:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\xxx\AppData\Roaming\mozilla\Extensions
[2012.07.14 18:04:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\xxx\AppData\Roaming\mozilla\Firefox\Profiles\3tyu23py.default\extensions
[2010.05.18 22:26:58 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\xxx\AppData\Roaming\mozilla\Firefox\Profiles\3tyu23py.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012.07.09 17:27:33 | 000,000,000 | ---D | M] (www.Freeware-download.com Community Toolbar) -- C:\Users\xxx\AppData\Roaming\mozilla\Firefox\Profiles\3tyu23py.default\extensions\{26647ca4-a2a7-4eac-8a72-761aa9141de7}
[2009.04.01 09:29:36 | 000,000,000 | ---D | M] ("Neopets Toolbar") -- C:\Users\xxx\AppData\Roaming\mozilla\Firefox\Profiles\3tyu23py.default\extensions\{2cb97724-d789-4f43-8888-a763cbb8df6f}
[2012.06.12 19:10:18 | 000,000,000 | ---D | M] (Winload Community Toolbar) -- C:\Users\xxx\AppData\Roaming\mozilla\Firefox\Profiles\3tyu23py.default\extensions\{40c3cc16-7269-4b32-9531-17f2950fb06f}
[2012.07.15 18:37:35 | 000,000,000 | ---D | M] (DVDVideoSoftTB Community Toolbar) -- C:\Users\xxx\AppData\Roaming\mozilla\Firefox\Profiles\3tyu23py.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2009.10.24 10:23:36 | 000,000,000 | ---D | M] (Softonic Deutsch Toolbar) -- C:\Users\xxx\AppData\Roaming\mozilla\Firefox\Profiles\3tyu23py.default\extensions\{8dbb6d8e-e4a6-4e3b-9753-af78b226441c}
[2012.04.15 13:50:07 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\xxx\AppData\Roaming\mozilla\Firefox\Profiles\3tyu23py.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.05.30 17:28:16 | 000,000,000 | ---D | M] (NCH DE Community Toolbar) -- C:\Users\xxx\AppData\Roaming\mozilla\Firefox\Profiles\3tyu23py.default\extensions\{b106b661-3e1b-4015-af5c-195e909f35c6}
[2012.06.16 08:59:46 | 000,000,000 | ---D | M] (IMinent Toolbar) -- C:\Users\xxx\AppData\Roaming\mozilla\Firefox\Profiles\3tyu23py.default\extensions\{C9B68337-E93A-44EA-94DC-CB300EC06444}
[2011.02.12 17:46:32 | 000,000,000 | ---D | M] (dp Launcher Plugin) -- C:\Users\xxx\AppData\Roaming\mozilla\Firefox\Profiles\3tyu23py.default\extensions\dplauncher@digitalpublishing.de
[2011.01.22 20:21:49 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\xxx\AppData\Roaming\mozilla\Firefox\Profiles\3tyu23py.default\extensions\engine@conduit.com
[2011.12.19 17:42:41 | 000,000,000 | ---D | M] (Babylon) -- C:\Users\xxx\AppData\Roaming\mozilla\Firefox\Profiles\3tyu23py.default\extensions\ffxtlbr@babylon.com
[2009.08.26 08:53:54 | 000,000,000 | ---D | M] (Neopets Toolbar Add-on) -- C:\Users\xxxAppData\Roaming\mozilla\Firefox\Profiles\3tyu23py.default\extensions\ntaddon@swordfire.net
[2012.07.04 17:03:48 | 000,000,000 | ---D | M] ("SearchGBY") -- C:\Users\xxx\AppData\Roaming\mozilla\Firefox\Profiles\3tyu23py.default\extensions\plugin@searchgby.com
[2012.06.16 13:24:39 | 000,000,000 | ---D | M] (loadtbs) -- C:\Users\xxx\AppData\Roaming\mozilla\Firefox\Profiles\3tyu23py.default\extensions\software@loadtubes.com
[2011.12.02 01:12:34 | 000,000,931 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\3tyu23py.default\searchplugins\conduit.xml
[2012.07.14 13:10:07 | 000,000,950 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\3tyu23py.default\searchplugins\icqplugin-1.xml
[2008.07.02 23:40:32 | 000,000,950 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\3tyu23py.default\searchplugins\icqplugin-10.xml
[2008.07.16 20:08:10 | 000,000,950 | ---- | M] () -- C:\Users\xxxAppData\Roaming\Mozilla\Firefox\Profiles\3tyu23py.default\searchplugins\icqplugin-11.xml
[2008.10.24 14:08:58 | 000,000,950 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\3tyu23py.default\searchplugins\icqplugin-12.xml
[2008.11.15 00:19:31 | 000,000,950 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\3tyu23py.default\searchplugins\icqplugin-13.xml
[2008.12.20 00:38:12 | 000,000,950 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\3tyu23py.default\searchplugins\icqplugin-14.xml
[2009.02.06 23:27:51 | 000,000,950 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\3tyu23py.default\searchplugins\icqplugin-15.xml
[2009.03.09 07:42:22 | 000,000,950 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\3tyu23py.default\searchplugins\icqplugin-16.xml
[2009.03.28 09:59:43 | 000,000,950 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\3tyu23py.default\searchplugins\icqplugin-17.xml
[2009.04.24 13:43:05 | 000,000,950 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\3tyu23py.default\searchplugins\icqplugin-18.xml
[2009.05.01 08:00:47 | 000,000,950 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\3tyu23py.default\searchplugins\icqplugin-19.xml
[2007.10.20 17:07:55 | 000,000,949 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\3tyu23py.default\searchplugins\icqplugin-2.xml
[2009.06.12 19:28:58 | 000,000,950 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\3tyu23py.default\searchplugins\icqplugin-20.xml
[2009.07.23 09:45:07 | 000,000,950 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\3tyu23py.default\searchplugins\icqplugin-21.xml
[2009.08.05 13:51:18 | 000,000,950 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\3tyu23py.default\searchplugins\icqplugin-22.xml
[2009.09.11 06:44:54 | 000,000,950 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\3tyu23py.default\searchplugins\icqplugin-23.xml
[2009.10.30 23:25:26 | 000,000,950 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\3tyu23py.default\searchplugins\icqplugin-24.xml
[2009.12.12 21:20:19 | 000,000,950 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\3tyu23py.default\searchplugins\icqplugin-25.xml
[2009.12.20 09:54:07 | 000,000,950 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\3tyu23py.default\searchplugins\icqplugin-26.xml
[2010.01.06 23:01:57 | 000,000,950 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\3tyu23py.default\searchplugins\icqplugin-27.xml
[2010.02.28 08:07:23 | 000,000,950 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\3tyu23py.default\searchplugins\icqplugin-28.xml
[2010.04.21 15:27:47 | 000,000,950 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\3tyu23py.default\searchplugins\icqplugin-29.xml
[2007.11.03 14:17:42 | 000,000,949 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\3tyu23py.default\searchplugins\icqplugin-3.xml
[2011.01.21 18:09:17 | 000,000,950 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\3tyu23py.default\searchplugins\icqplugin-30.xml
[2011.02.17 21:48:35 | 000,000,950 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\3tyu23py.default\searchplugins\icqplugin-31.xml
[2007.11.28 10:41:54 | 000,000,949 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\3tyu23py.default\searchplugins\icqplugin-4.xml
[2007.12.08 18:57:42 | 000,000,949 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\3tyu23py.default\searchplugins\icqplugin-5.xml
[2008.02.11 12:26:46 | 000,000,949 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\3tyu23py.default\searchplugins\icqplugin-6.xml
[2008.03.26 22:34:04 | 000,000,949 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\3tyu23py.default\searchplugins\icqplugin-7.xml
[2008.04.17 13:16:11 | 000,000,949 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\3tyu23py.default\searchplugins\icqplugin-8.xml
[2008.06.19 07:16:35 | 000,000,950 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\3tyu23py.default\searchplugins\icqplugin-9.xml
[2007.09.15 17:50:14 | 000,000,949 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\3tyu23py.default\searchplugins\icqplugin.xml
[2008.12.05 08:05:10 | 000,005,711 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\3tyu23py.default\searchplugins\search-the-web.xml
[2012.07.02 22:13:47 | 000,002,519 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\3tyu23py.default\searchplugins\Search_Results.xml
[2012.04.24 15:13:45 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012.06.16 13:24:35 | 000,378,880 | ---- | M] (InfiniAd GmbH) -- C:\Program Files\mozilla firefox\plugins\npmieze.dll
[2012.07.06 17:41:28 | 000,002,351 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2011.12.30 14:27:06 | 000,002,520 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\SearchResults.xml
[2012.07.02 22:13:47 | 000,002,519 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Search_Results.xml
 
========== Chrome  ==========
 
CHR - homepage: 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: 
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\xxx\AppData\Local\Google\Chrome\Application\20.0.1132.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\xxx\AppData\Local\Google\Chrome\Application\20.0.1132.57\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\xxx\AppData\Local\Google\Chrome\Application\20.0.1132.57\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Babylon ToolBar (Enabled) = C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.7_0\BabylonChromeToolBar.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Acrobat 7.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np32dsw.dll
CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdivx32.dll
CHR - plugin: LoadTubes Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npmieze.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Updater (Enabled) = C:\Program Files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: 3DVIA player (Enabled) = C:\Program Files\Virtools\3D Life Player\npvirtools.dll
CHR - plugin: dp Launcher Plugin (Enabled) = C:\Program Files\digital publishing\LAUNCHER_12_999999\nplaunch.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: DVDVideoSoftTB DE = C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhphemoobgnikcoofkgackkaimpfmenm\2.3.15.10_0\
CHR - Extension: YouTube = C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google-Suche = C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Babylon Toolbar = C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.7_0\
CHR - Extension: SearchGBY = C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmijdhkcgeclpfjmibnginbbkfcbpep\0.9.55_0\
CHR - Extension: Google Mail = C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (DVDVideoSoftTB DE Toolbar) - {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - C:\Programme\DVDVideoSoftTB_DE\prxtbDVDV.dll (Conduit Ltd.)
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (www.Freeware-download.com Toolbar) - {26647ca4-a2a7-4eac-8a72-761aa9141de7} - C:\Programme\www.Freeware-download.com\tbwww..dll (Conduit Ltd.)
O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Programme\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll (Babylon BHO)
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (Winload Toolbar) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Programme\Winload\tbWin0.dll (Conduit Ltd.)
O2 - BHO: (TBSB01620 Class) - {58124A0B-DC32-4180-9BFF-E0E21AE34026} - C:\Programme\IMinent Toolbar\tbcore3.dll ()
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Softonic Deutsch Toolbar) - {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Programme\Softonic_Deutsch\tbSof0.dll (Conduit Ltd.)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (NCH DE Toolbar) - {b106b661-3e1b-4015-af5c-195e909f35c6} - C:\Programme\NCH_DE\prxtbNCH_.dll (Conduit Ltd.)
O2 - BHO: (Windows Live Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (no name) - !{26647ca4-a2a7-4eac-8a72-761aa9141de7} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - !{977AE9CC-AF83-45E8-9E03-E2798216E2D5} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - !{98889811-442D-49dd-99D7-DC866BE87DBC} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - !{DFEFCDEE-CF1A-4FC8-88AD-129872198372} - No CLSID value found.
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB DE Toolbar) - {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - C:\Programme\DVDVideoSoftTB_DE\prxtbDVDV.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Winload Toolbar) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Programme\Winload\tbWin0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)
O3 - HKLM\..\Toolbar: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Softonic Deutsch Toolbar) - {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Programme\Softonic_Deutsch\tbSof0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - {99079a25-328f-4bd4-be04-00955acaa0a7} - No CLSID value found.
O3 - HKLM\..\Toolbar: (NCH DE Toolbar) - {b106b661-3e1b-4015-af5c-195e909f35c6} - C:\Programme\NCH_DE\prxtbNCH_.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)
O3 - HKCU\..\Toolbar\WebBrowser: (NCH DE Toolbar) - {B106B661-3E1B-4015-AF5C-195E909F35C6} - C:\Programme\NCH_DE\prxtbNCH_.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Symantec PIF AlertEng] C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote Inhaltsverzeichnis.onetoc2 ()
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O8 - Extra context menu item: &Windows Live Search - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O8 - Extra context menu item: Add to Windows &Live Favorites - hxxp://favorites.live.com/quickadd.aspx File not found
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\xxx\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe File not found
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {85C86CCC-2158-4123-9C7D-785190CED875} https://lernboerse.arbeitsagentur.de/exklusiv/ilias/data/balihob/lm_data/httppath/dpLaunchPlugin.cab (dp Launcher Plugin)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 10.5.0)
O16 - DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 1.7.0_05)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 1.7.0_05)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6DDEF664-F3C4-4C3F-9B36-77858D38808D}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {FF151822-B0BF-11D1-A80D-000000000000} - C:\Programme\Common Files\System\Ole DB\oledb32.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL) - C:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - AppInit_DLLs: (eNetHook.dll) - C:\Windows\System32\eNetHook.dll (acer)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: D:\Pictures\Pictures\lisa+awaz.jpg
O24 - Desktop BackupWallPaper: D:\Pictures\Pictures\lisa+awaz.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{0ab19f07-cf88-11db-a713-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{0ab19f07-cf88-11db-a713-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Autorun.exe
O33 - MountPoints2\{11fe8d57-b4b0-11e1-b136-0016d4cb915c}\Shell - "" = AutoRun
O33 - MountPoints2\{11fe8d57-b4b0-11e1-b136-0016d4cb915c}\Shell\AutoRun\command - "" = G:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{11fe8d6b-b4b0-11e1-b136-0016d4cb915c}\Shell - "" = AutoRun
O33 - MountPoints2\{11fe8d6b-b4b0-11e1-b136-0016d4cb915c}\Shell\AutoRun\command - "" = G:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{36f887db-b4a8-11e1-98c4-0016d4cb915c}\Shell - "" = AutoRun
O33 - MountPoints2\{36f887db-b4a8-11e1-98c4-0016d4cb915c}\Shell\AutoRun\command - "" = G:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{36f887f6-b4a8-11e1-98c4-0016d4cb915c}\Shell - "" = AutoRun
O33 - MountPoints2\{36f887f6-b4a8-11e1-98c4-0016d4cb915c}\Shell\AutoRun\command - "" = H:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{402206e5-4de5-11de-89ca-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{402206e5-4de5-11de-89ca-806e6f6e6963}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{4022078b-4de5-11de-89ca-0016d4cb915c}\Shell - "" = AutoRun
O33 - MountPoints2\{4022078b-4de5-11de-89ca-0016d4cb915c}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{40220797-4de5-11de-89ca-0016d4cb915c}\Shell - "" = AutoRun
O33 - MountPoints2\{40220797-4de5-11de-89ca-0016d4cb915c}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{40220799-4de5-11de-89ca-0016d4cb915c}\Shell - "" = AutoRun
O33 - MountPoints2\{40220799-4de5-11de-89ca-0016d4cb915c}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{5e092b33-586b-11df-a8bc-0016d4cb915c}\Shell - "" = AutoRun
O33 - MountPoints2\{5e092b33-586b-11df-a8bc-0016d4cb915c}\Shell\AutoRun\command - "" = G:\setup_vmc_lite.exe /checkApplicationPresence
O34 - HKLM BootExecute: (autocheck autochk /r \??\H:)
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.07.18 14:21:03 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\Malwarebytes
[2012.07.18 14:20:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.07.18 14:20:48 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.07.18 14:20:47 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.07.17 13:09:31 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012.07.16 17:49:21 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\NCH Software
[2012.07.16 17:49:21 | 000,000,000 | ---D | C] -- C:\ProgramData\NCH Software
[2012.07.15 18:37:28 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\CRE
[2012.07.15 18:37:18 | 000,000,000 | ---D | C] -- C:\Program Files\DVDVideoSoftTB_DE
[2012.07.15 18:37:05 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.07.15 18:36:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
[2012.07.15 18:36:55 | 000,405,144 | ---- | C] (Newtonsoft) -- C:\Windows\System32\Newtonsoft.Json.Net20.dll
[2012.07.15 18:36:45 | 000,000,000 | ---D | C] -- C:\Program Files\DVDVideoSoft
[2012.07.15 18:36:45 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DVDVideoSoft
[2012.07.15 18:32:26 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\Digiarty
[2012.07.15 18:31:47 | 000,000,000 | ---D | C] -- C:\Program Files\Digiarty
[2012.07.15 18:21:32 | 000,000,000 | ---D | C] -- D:\Documents\Abelssoft
[2012.07.15 18:15:20 | 000,000,000 | ---D | C] -- C:\Program Files\K-Lite Codec Pack
[2012.07.15 18:15:15 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\Abelssoft
[2012.07.14 18:39:23 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2012.07.14 18:37:50 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2012.07.14 18:35:23 | 000,739,856 | ---- | C] (Google Inc.) -- C:\Users\xxx\chrome_installer200113247.exe
[2012.07.14 14:10:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.07.14 12:25:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Sirrix AG
[2012.07.14 12:25:09 | 000,000,000 | ---D | C] -- C:\Program Files\Sirrix AG
[2012.07.14 11:57:20 | 000,000,000 | ---D | C] -- C:\Program Files\Oracle
[2012.07.14 10:21:15 | 000,000,000 | ---D | C] -- C:\Program Files\HitmanPro
[2012.07.14 10:20:28 | 007,718,272 | ---- | C] (SurfRight B.V.) -- C:\Users\xxx\HitmanPro36.exe
[2012.07.14 07:36:43 | 000,000,000 | ---D | C] -- C:\Users\xxx\gegen Trojaner
[2012.07.13 20:43:24 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\Qoiwc
[2012.07.13 20:43:24 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\Akafu
[2012.07.10 15:47:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2012.07.09 21:59:49 | 000,031,584 | ---- | C] (TuneUp Software) -- C:\Windows\System32\TURegOpt.exe
[2012.07.09 21:59:49 | 000,021,344 | ---- | C] (TuneUp Software) -- C:\Windows\System32\authuitu.dll
[2012.07.09 21:59:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2012
[2012.07.09 21:59:06 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\TuneUp Software
[2012.07.09 21:58:45 | 000,000,000 | ---D | C] -- C:\Program Files\TuneUp Utilities 2012
[2012.07.09 21:50:39 | 000,000,000 | -HSD | C] -- C:\ProgramData\{32364CEA-7855-4A3C-B674-53D8E9B97936}
[2012.07.09 21:50:39 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2012.07.09 21:48:48 | 037,771,696 | ---- | C] (TuneUp Software) -- C:\Users\xxx\TuneUpUtilities2012_de-DE.exe
[2012.07.06 17:41:47 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\BabylonToolbar
[2012.07.06 17:41:37 | 000,000,000 | ---D | C] -- C:\Program Files\BabylonToolbar
[2012.07.06 17:41:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon
[2012.07.03 21:03:00 | 000,000,000 | ---D | C] -- C:\Program Files\SearchGBY
[2012.07.03 21:02:33 | 000,000,000 | ---D | C] -- C:\Program Files\KB Piano 2
[2012.07.02 22:15:32 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\Ilivid Player
[2012.06.17 18:30:40 | 004,441,861 | ---- | C] ((c) 2006-2011, Tom Thielicke IT Solutions                   ) -- C:\Users\xxx\tipp10_win_v2-1-0.exe
[2012.04.04 15:55:01 | 006,951,776 | ---- | C] (digital publishing AG) -- C:\Users\xxx\dpLaunchSet.exe
[2007.08.21 08:07:16 | 000,010,752 | ---- | C] (Arcor Online GmbH) -- C:\Users\xxx\AppData\Local\cmdial32.dll
[6 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[4 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.07.18 17:02:09 | 000,002,735 | ---- | M] () -- C:\Users\xxx\Desktop\Microsoft Office Outlook 2007.lnk
[2012.07.18 16:47:00 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2661263122-194117992-2275258509-1000UA.job
[2012.07.18 15:21:23 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.07.18 15:21:23 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.07.18 14:22:23 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.07.18 13:53:33 | 000,013,072 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\nvModes.dat
[2012.07.18 13:53:33 | 000,013,072 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\nvModes.001
[2012.07.18 13:28:08 | 000,677,816 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.07.18 13:28:08 | 000,637,900 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.07.18 13:28:08 | 000,146,856 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.07.18 13:28:08 | 000,121,064 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.07.18 13:21:21 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.07.17 20:27:49 | 000,000,000 | ---- | M] () -- C:\Users\xxx\defogger_reenable
[2012.07.17 08:46:00 | 000,001,072 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2661263122-194117992-2275258509-1000Core.job
[2012.07.15 18:37:35 | 000,000,009 | ---- | M] () -- C:\END
[2012.07.15 18:36:57 | 000,001,195 | ---- | M] () -- C:\Users\xxx\Desktop\Free YouTube to MP3 Converter.lnk
[2012.07.15 15:50:44 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.07.15 15:50:44 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.07.14 18:37:50 | 000,002,065 | ---- | M] () -- C:\Users\xxx\Desktop\Google Chrome.lnk
[2012.07.14 10:37:38 | 000,002,522 | ---- | M] () -- C:\Windows\System32\.crusader
[2012.07.14 10:20:36 | 007,718,272 | ---- | M] (SurfRight B.V.) -- C:\Users\xxx\HitmanPro36.exe
[2012.07.13 17:22:09 | 000,002,633 | ---- | M] () -- C:\Users\xxx\Desktop\Microsoft Office Excel 2007.lnk
[2012.07.11 18:30:01 | 000,004,135 | ---- | M] () -- C:\WirelessDiagLog.csv
[2012.07.11 18:08:11 | 000,425,264 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.07.10 16:08:24 | 000,137,928 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2012.07.10 16:08:24 | 000,083,392 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2012.07.09 21:59:43 | 000,001,873 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp 1-Klick-Wartung.lnk
[2012.07.09 21:49:42 | 037,771,696 | ---- | M] (TuneUp Software) -- C:\Users\xxx\TuneUpUtilities2012_de-DE.exe
[2012.07.09 18:05:51 | 004,503,728 | ---- | M] () -- C:\ProgramData\go_0molg.pad
[2012.07.08 22:03:23 | 000,046,592 | ---- | M] () -- C:\Users\xxx\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.07.08 12:56:05 | 004,503,728 | ---- | M] () -- C:\ProgramData\0tbpw.pad
[2012.07.06 17:41:39 | 000,000,725 | ---- | M] () -- C:\user.js
[2012.07.05 18:10:57 | 070,101,919 | ---- | M] () -- C:\Users\xxx\Englisch für Anfänger.wma
[2012.07.05 18:09:06 | 216,268,903 | ---- | M] () -- C:\Users\xxx\Sprachkurs Englisch.wma
[2012.07.05 15:22:30 | 000,043,410 | ---- | M] () -- C:\Users\xxx\tickets2.pdf
[2012.07.05 15:22:15 | 000,043,453 | ---- | M] () -- C:\Users\xxx\tickets.pdf
[2012.07.03 21:02:46 | 000,030,520 | ---- | M] () -- C:\Windows\System32\midiwrap3405.deu
[2012.07.03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.06.29 17:01:54 | 000,544,356 | ---- | M] () -- C:\Users\xxx\Englisch lernen mit The Grooves_ Business World.pdf
[2012.06.29 17:00:12 | 061,108,057 | ---- | M] () -- C:\Users\xxx\Englisch lernen mit The Grooves_ Business World.wma
[2012.06.27 21:44:49 | 000,013,615 | ---- | M] () -- C:\Users\xxx\bildungspaket-mehrtaegige-ausfluege-klassenfahrten-anlage.pdf
[2012.06.26 17:28:07 | 000,218,587 | ---- | M] () -- C:\Users\xxx\AntragTeilhabe_03_2012.pdf
[2012.06.25 21:33:53 | 153,919,040 | ---- | M] () -- C:\Users\xxx\Abenteuer Gedächtnis(1).wma
[2012.06.22 16:32:30 | 000,405,144 | ---- | M] (Newtonsoft) -- C:\Windows\System32\Newtonsoft.Json.Net20.dll
[6 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[4 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.07.18 14:20:50 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.07.17 20:27:49 | 000,000,000 | ---- | C] () -- C:\Users\xxx\defogger_reenable
[2012.07.15 18:37:35 | 000,000,009 | ---- | C] () -- C:\END
[2012.07.15 18:36:57 | 000,001,195 | ---- | C] () -- C:\Users\xxx\Desktop\Free YouTube to MP3 Converter.lnk
[2012.07.14 18:37:50 | 000,002,065 | ---- | C] () -- C:\Users\xxx\Desktop\Google Chrome.lnk
[2012.07.14 18:36:36 | 000,001,124 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2661263122-194117992-2275258509-1000UA.job
[2012.07.14 18:36:34 | 000,001,072 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2661263122-194117992-2275258509-1000Core.job
[2012.07.14 10:37:38 | 000,002,522 | ---- | C] () -- C:\Windows\System32\.crusader
[2012.07.09 21:59:43 | 000,001,881 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2012.lnk
[2012.07.09 21:59:43 | 000,001,873 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp 1-Klick-Wartung.lnk
[2012.07.08 12:46:33 | 004,503,728 | ---- | C] () -- C:\ProgramData\go_0molg.pad
[2012.07.08 12:46:32 | 004,503,728 | ---- | C] () -- C:\ProgramData\0tbpw.pad
[2012.07.05 18:09:23 | 070,101,919 | ---- | C] () -- C:\Users\xxx\Englisch für Anfänger.wma
[2012.07.05 18:04:04 | 216,268,903 | ---- | C] () -- C:\Users\xxx\Sprachkurs Englisch.wma
[2012.07.05 15:22:29 | 000,043,410 | ---- | C] () -- C:\Users\xxx\tickets2.pdf
[2012.07.05 15:22:14 | 000,043,453 | ---- | C] () -- C:\Users\xxx\tickets.pdf
[2012.07.03 21:02:46 | 000,030,520 | ---- | C] () -- C:\Windows\System32\midiwrap3405.deu
[2012.06.29 17:01:53 | 000,544,356 | ---- | C] () -- C:\Users\xxx\Englisch lernen mit The Grooves_ Business World.pdf
[2012.06.29 16:58:56 | 061,108,057 | ---- | C] () -- C:\Users\xxx\Englisch lernen mit The Grooves_ Business World.wma
[2012.06.27 21:44:49 | 000,013,615 | ---- | C] () -- C:\Users\xxx\bildungspaket-mehrtaegige-ausfluege-klassenfahrten-anlage.pdf
[2012.06.26 17:28:05 | 000,218,587 | ---- | C] () -- C:\Users\xxx\AntragTeilhabe_03_2012.pdf
[2012.06.25 21:30:17 | 153,919,040 | ---- | C] () -- C:\Users\xxx\Abenteuer Gedächtnis(1).wma
[2012.06.17 17:00:42 | 000,005,871 | ---- | C] () -- C:\Users\xxx\AppData\Local\recently-used.xbel
[2012.06.16 15:41:37 | 000,068,608 | ---- | C] () -- C:\Users\xxx\Hat die Praktikantin.pub
[2012.05.29 19:26:50 | 008,219,648 | ---- | C] () -- C:\Users\xxx\Meine Broschüre.pub
[2012.05.19 16:47:59 | 000,000,082 | ---- | C] () -- C:\Windows\odbc_merge.INI
[2012.05.07 18:51:22 | 173,966,408 | ---- | C] () -- C:\Users\xxx\Rossmann-Fotosoftware-Setup.exe
[2012.04.23 21:06:28 | 000,086,016 | ---- | C] () -- C:\Windows\System32\custmon32i.dll
[2012.03.21 16:38:37 | 000,000,064 | ---- | C] () -- C:\Windows\GPlrLanc.dat
[2011.12.23 19:14:03 | 000,084,405 | ---- | C] () -- C:\Users\xxx\Leseprobe Klugscheißer für Fake.pdf
[2011.12.23 16:55:13 | 000,133,564 | ---- | C] () -- C:\Users\xxx\Leseprobe für Fake.pdf
[2011.07.07 08:55:26 | 001,812,597 | ---- | C] () -- C:\Users\xxx\Monitorkalibrierung.zip
[2011.06.30 14:06:46 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011.06.25 22:32:22 | 002,948,218 | ---- | C] () -- C:\Users\xxx\Leseprobe.pdf
[2011.06.03 14:20:31 | 000,184,192 | ---- | C] () -- C:\Users\xxx\BuT.pdf
[2011.06.02 10:49:31 | 034,104,383 | ---- | C] () -- C:\Users\xxx\Kopie von context (5).pdf
[2011.04.23 12:03:47 | 000,008,468 | ---- | C] () -- C:\Users\xxx\bildungspaket.pdf
[2011.02.26 21:53:39 | 000,004,096 | -H-- | C] () -- C:\Users\xxx\AppData\Local\keyfile3.drm
[2010.03.07 16:40:47 | 000,014,519 | ---- | C] () -- C:\ProgramData\LUUnInstall.LiveUpdate
[2008.03.11 07:41:26 | 000,000,680 | ---- | C] () -- C:\Users\xxx\AppData\Local\d3d9caps.dat
[2007.06.20 18:05:35 | 000,008,438 | ---- | C] () -- C:\Users\xxx\AppData\Roaming\mdb.bin
[2007.06.12 20:20:30 | 000,013,072 | ---- | C] () -- C:\Users\xxx\AppData\Roaming\nvModes.001
[2007.06.12 18:29:04 | 000,046,592 | ---- | C] () -- C:\Users\xxx\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007.06.12 18:18:50 | 000,013,072 | ---- | C] () -- C:\Users\xxx\AppData\Roaming\nvModes.dat
 
========== LOP Check ==========
 
[2012.07.13 20:43:24 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Akafu
[2009.10.24 10:02:04 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Artweaver
[2011.12.19 17:42:29 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Babylon
[2012.07.06 17:41:47 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\BabylonToolbar
[2010.03.23 21:08:24 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Canon
[2009.11.15 17:11:40 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\CasualForge
[2010.02.16 14:43:39 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\cerasus.media
[2012.07.15 18:32:26 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Digiarty
[2011.02.12 17:49:28 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\digital publishing
[2012.07.15 18:38:10 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\DVDVideoSoft
[2012.07.15 18:37:05 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.04.10 15:59:23 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\FreeScreenToVideo
[2012.04.21 16:28:26 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\GetRightToGo
[2012.06.14 19:01:34 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\gtk-2.0
[2007.09.15 14:59:56 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\ICQ
[2008.03.10 20:21:22 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\ICQ Toolbar
[2008.12.25 19:33:44 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Leadertech
[2012.05.04 20:06:30 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Lexware
[2012.06.16 13:24:40 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\loadtbs
[2007.12.24 20:16:16 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\MAGIX
[2010.11.14 18:43:27 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Merscom
[2011.08.25 11:17:13 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\NCH Swift Sound
[2009.04.01 09:29:44 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Neopets Toolbar
[2011.06.09 22:18:56 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\OpenOffice.org
[2008.03.02 15:07:55 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\PC-FAX TX
[2009.08.08 20:06:38 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Peace Craft
[2011.02.22 22:14:21 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\PeerNetworking
[2012.07.14 10:11:54 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Qoiwc
[2007.06.20 20:06:34 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\ScanSoft
[2008.12.31 17:36:54 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Spandex Force
[2012.06.01 20:53:44 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\TimePunch
[2012.07.09 21:59:06 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\TuneUp Software
[2012.06.12 18:10:00 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Vodafone
[2008.10.19 19:28:10 | 000,000,256 | ---- | M] () -- C:\Windows\Tasks\Auf Updates für Windows Live Toolbar prüfen.job
[2012.07.17 20:34:40 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 98 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 98 bytes -> C:\ProgramData\TEMP:551E1CB4
@Alternate Data Stream - 150 bytes -> C:\ProgramData\TEMP:F878F14A
@Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:5425B7F5
@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:940ECC98
@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:90E60569
@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:DCDE7C60
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:91CF76E3
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:580E04D8
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:0207454C
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:B652B720
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:6CEB2458
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:426796C0
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:FF818E2B
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:1CB8D545
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:9AB338B9
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:4D066AD2
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:01442FD8
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:D88D995C
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:9AB56A06
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:08F16DBB
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:550179F5
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:3B3A35EC
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:30C46519
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:E1982A23
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:4D7FCCD3
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:B54102AD
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:0D31DA45
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:3CF23EC3
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:8C458D50
@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:B419A171
@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:9B52F176
@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:8FBE0E9C
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:90E3641D
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:DDE7FCF4
@Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:B14B4A95
@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:588B60C7
@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:37CE0F2E
@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:34FC1C45
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:25005EFA
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:1C9565AC
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:1D6686D8
@Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:567AC0A6
@Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:F50F1555

< End of report >
         
--- --- ---
OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 17.07.2012 19:12:34 - Run 1
OTL by OldTimer - Version 3.2.54.0     Folder = D:\Documents\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 0,99 Gb Available Physical Memory | 49,73% Memory free
4,23 Gb Paging File | 2,90 Gb Available in Paging File | 68,55% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 70,77 Gb Total Space | 4,40 Gb Free Space | 6,22% Space Free | Partition Type: NTFS
Drive D: | 70,47 Gb Total Space | 48,96 Gb Free Space | 69,48% Space Free | Partition Type: NTFS
 
Computer Name: xxx | User Name: xxx | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- Reg Error: Key error. File not found
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- Reg Error: Key error.
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [Digital Photo Professional] -- C:\Program Files\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 1
"InternetSettingsDisableNotify" = 1
"AutoUpdateDisableNotify" = 1
"FirewallDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-2661263122-194117992-2275258509-1000]
"EnableNotificationsRef" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{346867F9-3C20-4C98-AAF6-B02529E263B2}" = lport=138 | protocol=17 | dir=in | app=system | 
"{37A0EB63-4D86-4336-BE5D-A7BFDC298198}" = lport=139 | protocol=6 | dir=in | app=system | 
"{489D774C-7EB5-4FA6-8F66-2CD2942EBCEC}" = rport=137 | protocol=17 | dir=out | app=system | 
"{63F6B6F2-16D0-4749-B18F-DCA26913933E}" = rport=138 | protocol=17 | dir=out | app=system | 
"{71E48E32-6FA5-4F27-A447-F145C08A7857}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{89C7BE34-30F1-4390-9B56-ED10E45C1246}" = lport=445 | protocol=6 | dir=in | app=system | 
"{962F518E-2483-468B-816F-C30594A17437}" = rport=139 | protocol=6 | dir=out | app=system | 
"{C0A5897C-39FC-41FC-A672-BDD523F60B4D}" = rport=445 | protocol=6 | dir=out | app=system | 
"{E063FE22-0CDF-49BF-9B6E-EC86F48FD4AB}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{E182A16E-470D-4533-911C-E66759DB1A20}" = lport=137 | protocol=17 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00B96488-3DBE-48C6-A6B8-90BE7007060B}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{22BD631D-07B7-4449-AAD2-0B45E4F99711}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{52252B4E-4A05-4318-AD07-5D128B3A27A8}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{6D69BB0F-6E76-4B8A-9A55-D8097D254FEB}" = protocol=17 | dir=in | app=c:\program files\avira\antivir desktop\avcenter.exe | 
"{733A0380-1825-4BAF-A4BA-AC24ADD6A735}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{7CA02D95-F8B7-4D63-A5BC-7BB970EEFB79}" = protocol=6 | dir=in | app=c:\program files\avira\antivir desktop\avcenter.exe | 
"{8B9A559A-13E9-465F-A3B7-B96626D59100}" = protocol=17 | dir=out | app=c:\program files\windows media player\wmplayer.exe | 
"{9B0A00D7-84E9-4ED5-BBE7-A8425C8D9555}" = protocol=6 | dir=in | app=c:\program files\windows searchqu toolbar\datamngr\toolbar\dtuser.exe | 
"{A2E669A7-30E2-44C6-A030-D7CD08F49352}" = protocol=17 | dir=in | app=c:\program files\windows searchqu toolbar\datamngr\toolbar\dtuser.exe | 
"{B0A6DFCC-DA6B-47BF-8ECF-74B67C186D1C}" = dir=in | app=c:\program files\itunes\itunes.exe | 
"{BBA0D5BE-EC83-4E25-A88F-C581AC3EA841}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{E3DBE1E0-D3C4-48B7-8EC8-2965A31E6DD5}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{F1773B6B-AB71-4350-8A93-858F51D6B287}" = protocol=6 | dir=out | app=c:\program files\windows media player\wmplayer.exe | 
"{F4B3F2A2-C754-4066-94FA-A97562DB2B93}" = protocol=17 | dir=in | app=c:\program files\windows media player\wmplayer.exe | 
"TCP Query User{930CC031-DDEC-46FF-960F-87ADD530FAD1}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe | 
"UDP Query User{4D054CA8-C329-4F48-9F13-7F045EDB2D2B}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000407-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{00D0200F-3B4D-4A2F-869E-533ED835A943}" = Hervorhebe-Funktion (Windows Live Toolbar)
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0AC49543-9CE2-4434-AD42-5AA6E2967FA5}" = Windows Live Toolbar
"{11316260-6666-467B-AC34-183FCB5D4335}" = Acer Mobility Center Plug-In
"{116FF17B-1A30-4FC2-9B01-5BC5BD46B0B3}" = Acer eLock Management
"{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1AEC7728-1640-4E98-AABC-5EBE3FB57FE4}" = SMSC Fast Infrared Driver
"{1E04F83B-2AB9-4301-9EF7-E86307F79C72}" = Google Earth
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{218761F6-CBF6-4973-B910-A33E6563A1EA}" = Windows Live Toolbar-Erweiterung (Windows Live Toolbar)
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{262DA23B-4BAB-463F-B1DC-9B5287CAB5CA}}_is1" = Deinstallation der Arcor Online Software
"{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java(TM) 7 Update 5
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros for Acer Driver v7.2.0.127_Foxconn Installation Program
"{2DD6C198-FA9A-40B4-8DE5-CE5206E3EB34}" = Smart Menus (Windows Live Toolbar)
"{32364CEA-7855-4A3C-B674-53D8E9B97936}" = TuneUp Utilities 2012
"{353FE16B-30FE-469A-BF55-B978F4218003}" = iTunes
"{35C0A1E4-D02A-412C-841F-266DBB116ABB}" = Intel(R) PROSet/Wireless WiFi-Software
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{412033BC-44CF-48D9-B813-4B835101F4D3}" = Adobe Illustrator 10
"{4817189D-1785-4627-A33C-39FD90919300}" = Die Sims™ 2 Haustiere
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E868D3D-6EEB-4273-926C-2287236B5B79}" = 3DVIA player 5.0
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePower Management
"{59624372-3B85-47f4-9B04-4911E551DF1E}" = Lexware Info Service
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6
"{62B7C52C-CAB6-48B1-8245-52356C141C92}" = RENESIS® Player Browser Plugins
"{67ADE9AF-5CD9-4089-8825-55DE4B366799}" = NTI Backup NOW! 4.7
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6E7DD182-9FC6-4651-0095-2E666CC6AF35}" = Die Sims 2
"{7020FC34-6E04-4858-924D-354B28CB2402}_is1" = Qtpfsgui 1.9.3
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71C97545-E547-4A8B-B0C8-61FF853270AC}" = PaperPort
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}" = Windows Live Favorites für Windows Live Toolbar
"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver
"{7A7B0BF3-2F00-4F03-8A9B-6ABCC07B90C6}" = Windows Live installer
"{83AA2913-C123-4146-85BD-AD8F93971D39}" = BabylonObjectInstaller
"{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60}" = Windows Live Anmelde-Assistent
"{853A4763-6643-4604-8D64-28BDD8925F4C}" = Apple Application Support
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{88410D8F-8529-492B-B556-2394A29B811B}" = Broadcom Driver v4.102.15.63_Foxconn Installation Program
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{93567BBD-4369-47B2-A621-78E008F8EA33}" = Lexware Elster
"{94389919-B0AA-4882-9BE8-9F0B004ECA35}" = Acer Tour
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A1D08B90-AE1A-4885-AC29-731496FD397E}" = Windows Live Fotogalerie
"{A76AA284-E52D-47E6-9E4F-B85DBF8E35C3}" = IMinent Toolbar
"{A87B11AC-4344-4E5D-8B12-8F471A87DAD9}" = LightScribe  1.4.136.1
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB6097D9-D722-4987-BD9E-A076E2848EE2}" = Acer Empowering Technology
"{AC76BA86-7AD7-1031-7B44-A70000000000}" = Adobe Reader 7.0 - Deutsch
"{AEEAE013-92F1-4515-B278-139F1A692A35}" = Acer eDataSecurity Management
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{BF839132-BD43-4056-ACBF-4377F4A88E2A}" = Acer ePresentation Management
"{C06554A1-2C1E-4D20-B613-EE62C79927CC}" = Acer eNet Management
"{C19B3EB6-B54C-3204-A4DF-88432E0C79F7}" = Microsoft ReportViewer 2010 Redistributable
"{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C911A0C2-2236-3164-AA47-F2566C01AE5E}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support
"{CE026CFE-73FE-4FED-9D5F-2C8D4DB512B0}" = TuneUp Utilities Language Pack (de-DE)
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE65A9A0-9686-45C6-9098-3C9543A412F0}" = Acer eSettings Management
"{D871EE71-6EBD-4EEC-9418-69E8782E6BBB}" = Lexware financial office 2009
"{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}" = LiveUpdate Notice (Symantec Corporation)
"{DFEF49D9-FC95-4301-99B9-2FB91C6ABA06}" = Die Sims™ 2 Vier Jahreszeiten
"{E10DB5DA-E576-40EA-A7FC-1CB2A7B283A6}" = NVIDIA PhysX
"{EFBDC2B0-FAA8-4B78-8DE1-AEBE7958FA37}" = Acer Arcade Deluxe
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F248ADFA-64E0-4b03-8A83-059078BED6A0}" = Die Sims™ 2 Gute Reise
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F7529650-B9DB-481B-0089-A2AC3C2821C1}" = Die Sims 2: Nightlife
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe InDesign 2.0" = Adobe InDesign 2.0
"Adobe Photoshop 7.0" = Adobe Photoshop 7.0
"Adobe Shockwave Player" = Adobe Shockwave Player
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"Avira AntiVir Desktop" = Avira Free Antivirus
"BabylonToolbar" = Babylon toolbar on IE
"CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
"CameraWindowLauncher" = Canon Utilities CameraWindow
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFAOR2C06_118" = HDAUDIO Soft Data Fax Modem with SmartCP
"DPP" = Canon Utilities Digital Photo Professional 3.4
"DVDVideoSoftTB_DE Toolbar" = DVDVideoSoftTB DE Toolbar
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EOS USB WIA Driver" = EOS USB WIA Driver
"EOS Utility" = Canon Utilities EOS Utility
"Firebird SQL Server D" = Firebird SQL Server - MAGIX Edition
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.26.706
"GIF Animator" = Microsoft GIF Animator
"GIMP-2_is1" = GIMP 2.8.0
"Google Desktop" = Google Desktop
"Google Updater" = Google Updater
"GridVista" = Acer GridVista
"InstallShield_{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"KLiteCodecPack_is1" = K-Lite Codec Pack 6.0.4 (Basic)
"LiveUpdate" = LiveUpdate 3.2 (Symantec Corporation)
"LManager" = Launch Manager
"loadtbs-2.1" = loadtbs-2.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"MyCamera" = Canon Utilities MyCamera
"Neopets" = Neopets 
"NVIDIA Drivers" = NVIDIA Drivers
"OpenAL" = OpenAL
"Original Data Security Tools" = Canon Utilities Original Data Security Tools
"Passbild-Generator_is1" = Bewerbungsfoto-/Passbild-Generator v3.3a
"PhotoStitch" = Canon Utilities PhotoStitch
"Picture Style Editor" = Canon Utilities Picture Style Editor
"ProInst" = Intel PROSet Wireless
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX
"Searchqu 417 MediaBar" = Windows Searchqu Toolbar
"Shockwave" = Shockwave
"Softonic_Deutsch Toolbar" = Softonic_Deutsch Toolbar
"ST5UNST #1" = project dogwaffle
"ST5UNST #2" = project dogwaffle (c:\)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TIPP10_is1" = TIPP10 Version 2.1.0
"TuneUp Utilities 2012" = TuneUp Utilities 2012
"WavePad" = WavePad Audiobearbeitungs-Software
"WFTK" = Canon Utilities WFT-E1/E2/E3 Utility
"Windows Live Toolbar" = Windows Live Toolbar
"Winload Toolbar" = Winload Toolbar
"www.Freeware-download.com Toolbar" = www.Freeware-download.com Toolbar
"XTTB00001.XTTB00001Toolbar" = ICQ Toolbar
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 17.07.2012 11:31:20 | Computer Name = xxx | Source = EventSystem | ID = 4609
Description = 
 
Error - 17.07.2012 11:31:20 | Computer Name = xxx | Source = EventSystem | ID = 4609
Description = 
 
Error - 17.07.2012 11:31:20 | Computer Name = xxx | Source = EventSystem | ID = 4609
Description = 
 
Error - 17.07.2012 11:31:20 | Computer Name = xxx | Source = EventSystem | ID = 4609
Description = 
 
Error - 17.07.2012 11:31:20 | Computer Name = xxx | Source = EventSystem | ID = 4609
Description = 
 
Error - 17.07.2012 11:31:20 | Computer Name = xxx | Source = EventSystem | ID = 4609
Description = 
 
Error - 17.07.2012 11:46:03 | Computer Name = xxx | Source = VSS | ID = 40
Description = 
 
Error - 17.07.2012 11:46:03 | Computer Name = xxx | Source = VSS | ID = 12292
Description = 
 
Error - 17.07.2012 11:55:03 | Computer Name = xxx | Source = VSS | ID = 40
Description = 
 
Error - 17.07.2012 11:55:03 | Computer Name = xxx | Source = VSS | ID = 12292
Description = 
 
[ OSession Events ]
Error - 25.02.2011 18:49:31 | Computer Name = xxx | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6550.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 124
 seconds with 60 seconds of active time.  This session ended with a crash.
 
Error - 26.02.2011 06:38:57 | Computer Name = xxx | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6550.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 128
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 26.02.2011 17:25:03 | Computer Name = xxx | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6550.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 128
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 27.02.2011 04:11:03 | Computer Name = xxx | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6550.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 129
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 28.02.2011 17:58:33 | Computer Name = xxx | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6550.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 122
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 01.03.2011 03:24:51 | Computer Name = xxx | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6550.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 3723
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 01.03.2011 04:18:15 | Computer Name = xxx | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6550.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 3724
 seconds with 120 seconds of active time.  This session ended with a crash.
 
Error - 01.03.2011 07:38:01 | Computer Name = xxx | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6550.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 3724
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 05.03.2012 06:49:02 | Computer Name = xxx | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6562.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 1237
 seconds with 240 seconds of active time.  This session ended with a crash.
 
Error - 03.06.2012 15:22:46 | Computer Name = xxx | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 1
 seconds with 0 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 17.07.2012 06:29:57 | Computer Name = xxx | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 17.07.2012 06:29:57 | Computer Name = xxx | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 17.07.2012 06:34:41 | Computer Name = xxx | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 17.07.2012 07:16:55 | Computer Name = xxx | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 17.07.2012 07:16:55 | Computer Name = xxx | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 17.07.2012 07:20:43 | Computer Name = xxx | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 17.07.2012 07:22:19 | Computer Name = xxx | Source = Service Control Manager | ID = 7022
Description = 
 
Error - 17.07.2012 12:59:13 | Computer Name = xxx | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 17.07.2012 12:59:13 | Computer Name = xxx | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 17.07.2012 12:59:41 | Computer Name = xxx | Source = Service Control Manager | ID = 7001
Description = 
 
 
< End of report >
         
--- --- ---

Alt 19.07.2012, 20:37   #7
mmetzak77
 
19 infizierte registrierungsschlüssel von malewarebytes nach tr/kazy.80623.1 gefunden - Standard

19 infizierte registrierungsschlüssel von malewarebytes nach tr/kazy.80623.1 gefunden



Hallo Markusg.,
ich hoffe dass ich jetzt alles richtig gemacht habe und nichts fehlt.
Danke
Marion

defogger_disable by jpshortstuff (23.02.10.1)
Log created at 15:27 on 19/07/2012 (marion)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 19.07.2012 18:56:29 - Run 6
OTL by OldTimer - Version 3.2.54.0     Folder = C:\Users\xxx\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 0,72 Gb Available Physical Memory | 36,05% Memory free
4,23 Gb Paging File | 2,73 Gb Available in Paging File | 64,57% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 70,77 Gb Total Space | 3,49 Gb Free Space | 4,93% Space Free | Partition Type: NTFS
Drive D: | 70,47 Gb Total Space | 48,94 Gb Free Space | 69,45% Space Free | Partition Type: NTFS
 
Computer Name: MRX | User Name: xxx | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\xxx\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Programme\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe (TuneUp Software)
PRC - C:\Programme\TuneUp Utilities 2012\TuneUpUtilitiesApp32.exe (TuneUp Software)
PRC - C:\Programme\Microsoft Office\Office12\OUTLOOK.EXE (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conime.exe (Microsoft Corporation)
PRC - C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
PRC - C:\Programme\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
PRC - C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
PRC - C:\Programme\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
PRC - C:\Programme\Symantec\LiveUpdate\AluSchedulerSvc.exe (Symantec Corporation)
PRC - C:\Users\xxx\AppData\Local\Temp\RtkBtMnt.exe (Realtek Semiconductor Corp.)
PRC - C:\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Inc.)
PRC - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe (HiTRSUT)
PRC - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe ()
PRC - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe (acer)
PRC - C:\Acer\Empowering Technology\eNet\eNet Service.exe (Acer Inc.)
PRC - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe (Acer Inc.)
PRC - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe (Acer Inc.)
PRC - C:\Acer\Empowering Technology\eRecovery\eRAgent.exe (Acer Inc.)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Acer\Mobility Center\MobilityService.exe ()
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\f2691cfa7671cdc58179e56ba9227591\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\18f9789aa214c657113e676b3a9015aa\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\846b9cf2756fdd15f704c9bab9c70b6f\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\28d633338fc8d29f8af31935ef7d001b\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\af9c9e9d7e0523cd444f8b551baa9cbf\mscorlib.ni.dll ()
MOD - C:\Users\xxx\AppData\Local\Google\Chrome\User Data\SwiftShader\1.0.0.3\libglesv2.dll ()
MOD - C:\Users\xxx\AppData\Local\Google\Chrome\User Data\SwiftShader\1.0.0.3\libegl.dll ()
MOD - C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.7_0\BabylonChromeToolBar.dll ()
MOD - C:\Users\xxx\AppData\Local\Google\Chrome\Application\20.0.1132.57\ppGoogleNaClPluginChrome.dll ()
MOD - C:\Users\xxx\AppData\Local\Google\Chrome\Application\20.0.1132.57\pdf.dll ()
MOD - C:\Users\xxx\AppData\Local\Google\Chrome\Application\20.0.1132.57\avutil-51.dll ()
MOD - C:\Users\xxx\AppData\Local\Google\Chrome\Application\20.0.1132.57\avformat-54.dll ()
MOD - C:\Users\xxx\AppData\Local\Google\Chrome\Application\20.0.1132.57\avcodec-54.dll ()
MOD - C:\Users\xxx\AppData\Local\Google\Chrome\Application\20.0.1132.57\gcswf32.dll ()
MOD - C:\Users\xxx\AppData\Local\Google\Chrome\APPLIC~1\200113~1.57\gcswf32.dll ()
MOD - C:\Users\xxx\AppData\Roaming\BabylonToolbar\CR\BUSolution.dll ()
MOD - C:\Programme\Common Files\microsoft shared\OFFICE12\MSPTLS.DLL ()
MOD - C:\Programme\Microsoft Office\Office12\ADDINS\UmOutlookAddin.dll ()
MOD - C:\Programme\Microsoft Office\Office12\ADDINS\ColleagueImport.dll ()
MOD - C:\Windows\System32\BatchCrypto.dll ()
MOD - C:\Windows\System32\ShowErrMsg.dll ()
MOD - C:\Acer\Empowering Technology\ePower\SysHook.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (LiveUpdate Notice Ex) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon File not found
SRV - (CLTNetCnService) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon File not found
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (MBAMService) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (TuneUp.UtilitiesSvc) -- C:\Programme\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe (TuneUp Software)
SRV - (odserv) -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (WAS) -- C:\Windows\System32\inetsrv\iisw3adm.dll (Microsoft Corporation)
SRV - (AppHostSvc) -- C:\Windows\System32\inetsrv\apphostsvc.dll (Microsoft Corporation)
SRV - (Microsoft Office Groove Audit Service) -- C:\Programme\Microsoft Office\Office12\GrooveAuditService.exe (Microsoft Corporation)
SRV - (EvtEng) -- C:\Programme\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
SRV - (RegSrvc) -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
SRV - (LiveUpdate Notice Service) -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (LPDSVC) -- C:\Windows\System32\lpdsvc.dll (Microsoft Corporation)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (WLSetupSvc) -- C:\Programme\Windows Live\installer\WLSetupSvc.exe (Microsoft Corporation)
SRV - (LiveUpdate) -- C:\Programme\Symantec\LiveUpdate\LuComServer_3_2.EXE (Symantec Corporation)
SRV - (Automatisches LiveUpdate - Scheduler) -- C:\Programme\Symantec\LiveUpdate\AluSchedulerSvc.exe (Symantec Corporation)
SRV - (eDataSecurity Service) -- C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe (HiTRSUT)
SRV - (eSettingsService) -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe ()
SRV - (WMIService) -- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe (acer)
SRV - (eNet Service) -- C:\Acer\Empowering Technology\eNet\eNet Service.exe (Acer Inc.)
SRV - (eRecoveryService) -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe (Acer Inc.)
SRV - (eLockService) -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe (Acer Inc.)
SRV - (UPnPService) -- C:\Programme\Common Files\MAGIX Shared\UPnPService\UPnPService.exe (Magix AG)
SRV - (MobilityService) -- C:\Acer\Mobility Center\MobilityService.exe ()
SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (FirebirdServerMAGIXInstance) -- C:\Programme\MAGIX\Common\Database\bin\fbserver.exe (MAGIX®)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (VBoxNetFlt) -- system32\DRIVERS\VBoxNetFlt.sys File not found
DRV - (UIUSys) -- system32\DRIVERS\UIUSYS.SYS File not found
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (blbdrive) -- C:\Windows\system32\drivers\blbdrive.sys File not found
DRV - (AWISp60) -- System32\Drivers\AWISp60.sys File not found
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (TuneUpUtilitiesDrv) -- C:\Programme\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys (TuneUp Software)
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH)
DRV - (VBoxNetAdp) -- C:\Windows\System32\drivers\VBoxNetAdp.sys (Oracle Corporation)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (LVUVC) Logitech QuickCam E3500(UVC) -- C:\Windows\System32\drivers\lvuvc.sys (Logitech Inc.)
DRV - (NETw5v32) Intel(R) -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation)
DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (int15) -- C:\Acer\Empowering Technology\eRecovery\int15.sys ()
DRV - (se44unic) Sony Ericsson Device 068 USB Ethernet Emulation SEMC44 (WDM) -- C:\Windows\System32\drivers\se44unic.sys (MCCI)
DRV - (se44obex) -- C:\Windows\System32\drivers\se44obex.sys (MCCI)
DRV - (se44nd5) Sony Ericsson Device 068 USB Ethernet Emulation SEMC44 (NDIS) -- C:\Windows\System32\drivers\se44nd5.sys (MCCI)
DRV - (se44mgmt) Sony Ericsson Device 068 USB WMC Device Management Drivers (WDM) -- C:\Windows\System32\drivers\se44mgmt.sys (MCCI)
DRV - (se44mdm) -- C:\Windows\System32\drivers\se44mdm.sys (MCCI)
DRV - (se44mdfl) -- C:\Windows\System32\drivers\se44mdfl.sys (MCCI)
DRV - (se44bus) Sony Ericsson Device 068 driver (WDM) -- C:\Windows\System32\drivers\se44bus.sys (MCCI)
DRV - (DritekPortIO) -- C:\Programme\Launch Manager\DPortIO.sys (Dritek System Inc.)
DRV - (bcm4sbxp) -- C:\Windows\System32\drivers\bcm4sbxp.sys (Broadcom Corporation)
DRV - (NETw3v32) Intel(R) -- C:\Windows\System32\drivers\NETw3v32.sys (Intel® Corporation)
DRV - (ESDCR) -- C:\Windows\System32\drivers\ESD7SK.sys (ENE Technology Inc.)
DRV - (ESMCR) -- C:\Windows\System32\drivers\ESM7SK.sys (ENE Technology Inc.)
DRV - (EMSCR) -- C:\Windows\System32\drivers\EMS7SK.sys (ENE Technology Inc.)
DRV - (SMSCIRDA) -- C:\Windows\System32\drivers\smscirda.sys (SMSC)
DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = Kostenlose E-Mail - Free Mail - E-Cards - Arcor das Newsportal
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = Kostenlose E-Mail - Free Mail - E-Cards - Arcor das Newsportal
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = Kostenlose E-Mail - Free Mail - E-Cards - Arcor das Newsportal
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Kostenlose E-Mail - Free Mail - E-Cards - Arcor das Newsportal
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Kostenlose E-Mail - Free Mail - E-Cards - Arcor das Newsportal
IE - HKLM\..\URLSearchHook: {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - C:\Programme\DVDVideoSoftTB_DE\prxtbDVDV.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {26647ca4-a2a7-4eac-8a72-761aa9141de7} - C:\Programme\www.Freeware-download.com\tbwww..dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Programme\Winload\tbWin0.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Programme\Softonic_Deutsch\tbSof0.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {b106b661-3e1b-4015-af5c-195e909f35c6} - C:\Programme\NCH_DE\prxtbNCH_.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=334&systemid=406&sr=0&q={searchTerms}
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2417}: "URL" = hxxp://www.searchqu.com/web?src=ieb&appid=0&systemid=417&sr=0&q={searchTerms}
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2325506
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = C:\Users\xxx\Music\Mammas musikk
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = Upgrade to Google Chrome
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = Acer.com Worldwide - Select your local country or region [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Upgrade to Google Chrome
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SEARCH PAGE = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = Acer.com Worldwide - Select your local country or region [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Babylon Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = Upgrade to Google Chrome
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = Upgrade to Google Chrome
IE - HKCU\..\URLSearchHook: {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - C:\Programme\DVDVideoSoftTB_DE\prxtbDVDV.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {26647ca4-a2a7-4eac-8a72-761aa9141de7} - C:\Programme\www.Freeware-download.com\tbwww..dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Programme\Winload\tbWin0.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found
IE - HKCU\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - No CLSID value found
IE - HKCU\..\URLSearchHook: {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Programme\Softonic_Deutsch\tbSof0.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {b106b661-3e1b-4015-af5c-195e909f35c6} - C:\Programme\NCH_DE\prxtbNCH_.dll (Conduit Ltd.)
IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&affID=113480&tt=010712_6&babsrc=SP_ss&mntrId=a008b45b0000000000000016d4cb915c
IE - HKCU\..\SearchScopes\{31CF9EBE-5755-4a1d-AC25-2834D952D9B4}: "URL" = hxxp://search.pdfcreator-toolbar.org/search?p=Q&ts=ne&w={searchTerms}&csrc=search-field
IE - HKCU\..\SearchScopes\{41427F18-E891-4297-BD8C-4BB0E8EAF99F}: "URL" = hxxp://resultsmaster.com/SmartOffers/SmartOffers.aspx?HBHintSVC=resultsmaster&HBHintSearchTermFields=qu&qu={searchTerms}&opener=iesearchbox
IE - HKCU\..\SearchScopes\{4E317010-F0AE-4905-BAE1-02F3402FA6DE}: "URL" = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rlz=1I7GGLL_de&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKCU\..\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}: "URL" = hxxp://127.0.0.1:4664/search&s=uuH9Yv5TERdTI-aou6w9nDZZ-FA?q={searchTerms}
IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=334&systemid=406&sr=0&q={searchTerms}
IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2417}: "URL" = hxxp://www.searchqu.com/web?src=ieb&appid=0&systemid=417&sr=0&q={searchTerms}
IE - HKCU\..\SearchScopes\{BE9654C9-9D79-42ec-B55A-3CAEB12DBF58}: "URL" = hxxp://www.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKCU\..\SearchScopes\{E8E72B61-195D-4E48-808D-91814217DD05}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..browser.search.defaultthis.engineName: "DVDVideoSoftTB Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://search.babylon.com/?affID=113480&tt=010712_6&babsrc=HP_ss_cr&mntrId=a008b45b0000000000000016d4cb915c"
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.2.5.2
FF - prefs.js..extensions.enabledItems: dplauncher@digitalpublishing.de:1.1
FF - prefs.js..extensions.enabledItems: support@pdfcreator-toolbar.org:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {b106b661-3e1b-4015-af5c-195e909f35c6}:3.6.0.10
FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:3.8.1.0
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.7
FF - prefs.js..extensions.enabledItems: ffxtlbr@babylon.com:1.2.0
FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=2&q="
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@digitalpublishing.de/dpLaunch: C:\Program Files\digital publishing\LAUNCHER_12_999999\nplaunch.dll (digital publishing AG)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=13: C:\Program Files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll (Google)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@virtools.com/3DviaPlayer: C:\Program Files\Virtools\3D Life Player\npvirtools.dll (Dassault Systèmes)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\xxx\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\xxx\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\webbooster@iminent.com: C:\Program Files\Iminent\webbooster@iminent.com
 
[2012.07.14 16:03:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\xxx\AppData\Roaming\mozilla\Extensions
[2012.07.14 18:04:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\xxx\AppData\Roaming\mozilla\Firefox\Profiles\3tyu23py.default\extensions
[2010.05.18 22:26:58 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\xxx\AppData\Roaming\mozilla\Firefox\Profiles\3tyu23py.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012.07.09 17:27:33 | 000,000,000 | ---D | M] (Freeware Download - Free Software Downloads Community Toolbar) -- C:\Users\xxx\AppData\Roaming\mozilla\Firefox\Profiles\3tyu23py.default\extensions\{26647ca4-a2a7-4eac-8a72-761aa9141de7}
[2009.04.01 09:29:36 | 000,000,000 | ---D | M] ("Neopets Toolbar") -- C:\Users\xxx\AppData\Roaming\mozilla\Firefox\Profiles\3tyu23py.default\extensions\{2cb97724-d789-4f43-8888-a763cbb8df6f}
[2012.06.12 19:10:18 | 000,000,000 | ---D | M] (Winload Community Toolbar) -- C:\Users\xxx\AppData\Roaming\mozilla\Firefox\Profiles\3tyu23py.default\extensions\{40c3cc16-7269-4b32-9531-17f2950fb06f}
[2012.07.15 18:37:35 | 000,000,000 | ---D | M] (DVDVideoSoftTB Community Toolbar) -- C:\Users\xxx\AppData\Roaming\mozilla\Firefox\Profiles\3tyu23py.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2009.10.24 10:23:36 | 000,000,000 | ---D | M] (Softonic Deutsch Toolbar) -- C:\Users\xxx\AppData\Roaming\mozilla\Firefox\Profiles\3tyu23py.default\extensions\{8dbb6d8e-e4a6-4e3b-9753-af78b226441c}
[2012.04.15 13:50:07 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\xxx\AppData\Roaming\mozilla\Firefox\Profiles\3tyu23py.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.05.30 17:28:16 | 000,000,000 | ---D | M] (NCH DE Community Toolbar) -- C:\Users\xxx\AppData\Roaming\mozilla\Firefox\Profiles\3tyu23py.default\extensions\{b106b661-3e1b-4015-af5c-195e909f35c6}
[2012.06.16 08:59:46 | 000,000,000 | ---D | M] (IMinent Toolbar) -- C:\Users\xxx\AppData\Roaming\mozilla\Firefox\Profiles\3tyu23py.default\extensions\{C9B68337-E93A-44EA-94DC-CB300EC06444}
[2011.02.12 17:46:32 | 000,000,000 | ---D | M] (dp Launcher Plugin) -- C:\Users\xxx\AppData\Roaming\mozilla\Firefox\Profiles\3tyu23py.default\extensions\dplauncher@digitalpublishing.de
[2011.01.22 20:21:49 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\xxx\AppData\Roaming\mozilla\Firefox\Profiles\3tyu23py.default\extensions\engine@conduit.com
[2011.12.19 17:42:41 | 000,000,000 | ---D | M] (Babylon) -- C:\Users\xxx\AppData\Roaming\mozilla\Firefox\Profiles\3tyu23py.default\extensions\ffxtlbr@babylon.com
[2009.08.26 08:53:54 | 000,000,000 | ---D | M] (Neopets Toolbar Add-on) -- C:\Users\xxx\AppData\Roaming\mozilla\Firefox\Profiles\3tyu23py.default\extensions\ntaddon@swordfire.net
[2012.07.04 17:03:48 | 000,000,000 | ---D | M] ("SearchGBY") -- C:\Users\xxx\AppData\Roaming\mozilla\Firefox\Profiles\3tyu23py.default\extensions\plugin@searchgby.com
[2012.06.16 13:24:39 | 000,000,000 | ---D | M] (loadtbs) -- C:\Users\xxx\AppData\Roaming\mozilla\Firefox\Profiles\3tyu23py.default\extensions\software@loadtubes.com
[2011.12.02 01:12:34 | 000,000,931 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\3tyu23py.default\searchplugins\conduit.xml
[2012.07.14 13:10:07 | 000,000,950 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\3tyu23py.default\searchplugins\icqplugin-1.xml
[2008.07.02 23:40:32 | 000,000,950 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\3tyu23py.default\searchplugins\icqplugin-10.xml
[2008.07.16 20:08:10 | 000,000,950 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\3tyu23py.default\searchplugins\icqplugin-11.xml
[2008.10.24 14:08:58 | 000,000,950 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\3tyu23py.default\searchplugins\icqplugin-12.xml
[2008.11.15 00:19:31 | 000,000,950 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\3tyu23py.default\searchplugins\icqplugin-13.xml
[2008.12.20 00:38:12 | 000,000,950 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\3tyu23py.default\searchplugins\icqplugin-14.xml
[2009.02.06 23:27:51 | 000,000,950 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\3tyu23py.default\searchplugins\icqplugin-15.xml
[2009.03.09 07:42:22 | 000,000,950 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\3tyu23py.default\searchplugins\icqplugin-16.xml
[2009.03.28 09:59:43 | 000,000,950 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\3tyu23py.default\searchplugins\icqplugin-17.xml
[2009.04.24 13:43:05 | 000,000,950 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\3tyu23py.default\searchplugins\icqplugin-18.xml
[2009.05.01 08:00:47 | 000,000,950 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\3tyu23py.default\searchplugins\icqplugin-19.xml
[2007.10.20 17:07:55 | 000,000,949 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\3tyu23py.default\searchplugins\icqplugin-2.xml
[2009.06.12 19:28:58 | 000,000,950 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\3tyu23py.default\searchplugins\icqplugin-20.xml
[2009.07.23 09:45:07 | 000,000,950 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\3tyu23py.default\searchplugins\icqplugin-21.xml
[2009.08.05 13:51:18 | 000,000,950 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\3tyu23py.default\searchplugins\icqplugin-22.xml
[2009.09.11 06:44:54 | 000,000,950 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\3tyu23py.default\searchplugins\icqplugin-23.xml
[2009.10.30 23:25:26 | 000,000,950 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\3tyu23py.default\searchplugins\icqplugin-24.xml
[2009.12.12 21:20:19 | 000,000,950 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\3tyu23py.default\searchplugins\icqplugin-25.xml
[2009.12.20 09:54:07 | 000,000,950 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\3tyu23py.default\searchplugins\icqplugin-26.xml
[2010.01.06 23:01:57 | 000,000,950 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\3tyu23py.default\searchplugins\icqplugin-27.xml
[2010.02.28 08:07:23 | 000,000,950 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\3tyu23py.default\searchplugins\icqplugin-28.xml
[2010.04.21 15:27:47 | 000,000,950 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\3tyu23py.default\searchplugins\icqplugin-29.xml
[2007.11.03 14:17:42 | 000,000,949 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\3tyu23py.default\searchplugins\icqplugin-3.xml
[2011.01.21 18:09:17 | 000,000,950 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\3tyu23py.default\searchplugins\icqplugin-30.xml
[2011.02.17 21:48:35 | 000,000,950 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\3tyu23py.default\searchplugins\icqplugin-31.xml
[2007.11.28 10:41:54 | 000,000,949 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\3tyu23py.default\searchplugins\icqplugin-4.xml
[2007.12.08 18:57:42 | 000,000,949 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\3tyu23py.default\searchplugins\icqplugin-5.xml
[2008.02.11 12:26:46 | 000,000,949 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\3tyu23py.default\searchplugins\icqplugin-6.xml
[2008.03.26 22:34:04 | 000,000,949 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\3tyu23py.default\searchplugins\icqplugin-7.xml
[2008.04.17 13:16:11 | 000,000,949 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\3tyu23py.default\searchplugins\icqplugin-8.xml
[2008.06.19 07:16:35 | 000,000,950 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\3tyu23py.default\searchplugins\icqplugin-9.xml
[2007.09.15 17:50:14 | 000,000,949 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\3tyu23py.default\searchplugins\icqplugin.xml
[2008.12.05 08:05:10 | 000,005,711 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\3tyu23py.default\searchplugins\search-the-web.xml
[2012.07.02 22:13:47 | 000,002,519 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\3tyu23py.default\searchplugins\Search_Results.xml
[2012.04.24 15:13:45 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012.06.16 13:24:35 | 000,378,880 | ---- | M] (InfiniAd GmbH) -- C:\Program Files\mozilla firefox\plugins\npmieze.dll
[2012.07.06 17:41:28 | 000,002,351 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2011.12.30 14:27:06 | 000,002,520 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\SearchResults.xml
[2012.07.02 22:13:47 | 000,002,519 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Search_Results.xml
 
========== Chrome  ==========
 
CHR - homepage: 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: 
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\xxx\AppData\Local\Google\Chrome\Application\20.0.1132.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\xxx\AppData\Local\Google\Chrome\Application\20.0.1132.57\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\xxx\AppData\Local\Google\Chrome\Application\20.0.1132.57\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Babylon ToolBar (Enabled) = C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.7_0\BabylonChromeToolBar.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Acrobat 7.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np32dsw.dll
CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdivx32.dll
CHR - plugin: LoadTubes Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npmieze.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Updater (Enabled) = C:\Program Files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: 3DVIA player (Enabled) = C:\Program Files\Virtools\3D Life Player\npvirtools.dll
CHR - plugin: dp Launcher Plugin (Enabled) = C:\Program Files\digital publishing\LAUNCHER_12_999999\nplaunch.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: DVDVideoSoftTB DE = C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhphemoobgnikcoofkgackkaimpfmenm\2.3.15.10_0\
CHR - Extension: YouTube = C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google-Suche = C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Babylon Toolbar = C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.7_0\
CHR - Extension: SearchGBY = C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmijdhkcgeclpfjmibnginbbkfcbpep\0.9.55_0\
CHR - Extension: Google Mail = C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (DVDVideoSoftTB DE Toolbar) - {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - C:\Programme\DVDVideoSoftTB_DE\prxtbDVDV.dll (Conduit Ltd.)
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Freeware Download - Free Software Downloads Toolbar) - {26647ca4-a2a7-4eac-8a72-761aa9141de7} - C:\Programme\www.Freeware-download.com\tbwww..dll (Conduit Ltd.)
O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Programme\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll (Babylon BHO)
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (Winload Toolbar) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Programme\Winload\tbWin0.dll (Conduit Ltd.)
O2 - BHO: (TBSB01620 Class) - {58124A0B-DC32-4180-9BFF-E0E21AE34026} - C:\Programme\IMinent Toolbar\tbcore3.dll ()
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Softonic Deutsch Toolbar) - {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Programme\Softonic_Deutsch\tbSof0.dll (Conduit Ltd.)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (NCH DE Toolbar) - {b106b661-3e1b-4015-af5c-195e909f35c6} - C:\Programme\NCH_DE\prxtbNCH_.dll (Conduit Ltd.)
O2 - BHO: (Windows Live Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (no name) - !{26647ca4-a2a7-4eac-8a72-761aa9141de7} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - !{977AE9CC-AF83-45E8-9E03-E2798216E2D5} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - !{98889811-442D-49dd-99D7-DC866BE87DBC} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - !{DFEFCDEE-CF1A-4FC8-88AD-129872198372} - No CLSID value found.
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB DE Toolbar) - {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - C:\Programme\DVDVideoSoftTB_DE\prxtbDVDV.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Winload Toolbar) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Programme\Winload\tbWin0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)
O3 - HKLM\..\Toolbar: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Softonic Deutsch Toolbar) - {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Programme\Softonic_Deutsch\tbSof0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - {99079a25-328f-4bd4-be04-00955acaa0a7} - No CLSID value found.
O3 - HKLM\..\Toolbar: (NCH DE Toolbar) - {b106b661-3e1b-4015-af5c-195e909f35c6} - C:\Programme\NCH_DE\prxtbNCH_.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)
O3 - HKCU\..\Toolbar\WebBrowser: (NCH DE Toolbar) - {B106B661-3E1B-4015-AF5C-195E909F35C6} - C:\Programme\NCH_DE\prxtbNCH_.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Symantec PIF AlertEng] C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - Startup: C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote Inhaltsverzeichnis.onetoc2 ()
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O8 - Extra context menu item: &Windows Live Search - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O8 - Extra context menu item: Add to Windows &Live Favorites - hxxp://favorites.live.com/quickadd.aspx File not found
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\xxx\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe File not found
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {85C86CCC-2158-4123-9C7D-785190CED875} https://lernboerse.arbeitsagentur.de/exklusiv/ilias/data/balihob/lm_data/httppath/dpLaunchPlugin.cab (dp Launcher Plugin)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 10.5.0)
O16 - DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 1.7.0_05)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 1.7.0_05)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6DDEF664-F3C4-4C3F-9B36-77858D38808D}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {FF151822-B0BF-11D1-A80D-000000000000} - C:\Programme\Common Files\System\Ole DB\oledb32.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL) - C:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - AppInit_DLLs: (eNetHook.dll) - C:\Windows\System32\eNetHook.dll (acer)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: D:\Pictures\Pictures\lisa+awaz.jpg
O24 - Desktop BackupWallPaper: D:\Pictures\Pictures\lisa+awaz.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{0ab19f07-cf88-11db-a713-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{0ab19f07-cf88-11db-a713-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Autorun.exe
O33 - MountPoints2\{11fe8d57-b4b0-11e1-b136-0016d4cb915c}\Shell - "" = AutoRun
O33 - MountPoints2\{11fe8d57-b4b0-11e1-b136-0016d4cb915c}\Shell\AutoRun\command - "" = G:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{11fe8d6b-b4b0-11e1-b136-0016d4cb915c}\Shell - "" = AutoRun
O33 - MountPoints2\{11fe8d6b-b4b0-11e1-b136-0016d4cb915c}\Shell\AutoRun\command - "" = G:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{36f887db-b4a8-11e1-98c4-0016d4cb915c}\Shell - "" = AutoRun
O33 - MountPoints2\{36f887db-b4a8-11e1-98c4-0016d4cb915c}\Shell\AutoRun\command - "" = G:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{36f887f6-b4a8-11e1-98c4-0016d4cb915c}\Shell - "" = AutoRun
O33 - MountPoints2\{36f887f6-b4a8-11e1-98c4-0016d4cb915c}\Shell\AutoRun\command - "" = H:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{402206e5-4de5-11de-89ca-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{402206e5-4de5-11de-89ca-806e6f6e6963}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{4022078b-4de5-11de-89ca-0016d4cb915c}\Shell - "" = AutoRun
O33 - MountPoints2\{4022078b-4de5-11de-89ca-0016d4cb915c}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{40220797-4de5-11de-89ca-0016d4cb915c}\Shell - "" = AutoRun
O33 - MountPoints2\{40220797-4de5-11de-89ca-0016d4cb915c}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{40220799-4de5-11de-89ca-0016d4cb915c}\Shell - "" = AutoRun
O33 - MountPoints2\{40220799-4de5-11de-89ca-0016d4cb915c}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{5e092b33-586b-11df-a8bc-0016d4cb915c}\Shell - "" = AutoRun
O33 - MountPoints2\{5e092b33-586b-11df-a8bc-0016d4cb915c}\Shell\AutoRun\command - "" = G:\setup_vmc_lite.exe /checkApplicationPresence
O34 - HKLM BootExecute: (autocheck autochk /r \??\H:)
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {166B1BCA-3F9C-11CF-8075-444553540000} - Macromedia Shockwave Director 9.0
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 10.2
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Macromedia Shockwave Director 9.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Macromedia Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
MsConfig - StartUpReg: 捁牥吠畯⁲敒業摮牥 - hkey= - key= -  File not found
MsConfig - State: "startup" - 2
 
CREATERESTOREPOINT
System Restore Service not available.
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.07.18 14:21:03 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\Malwarebytes
[2012.07.18 14:20:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.07.18 14:20:48 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.07.18 14:20:47 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.07.17 17:24:43 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\xxx\Desktop\OTL.exe
[2012.07.17 13:09:31 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012.07.17 13:08:50 | 000,772,592 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll
[2012.07.17 13:08:50 | 000,227,824 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2012.07.17 13:08:24 | 000,174,064 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2012.07.17 13:08:24 | 000,174,064 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2012.07.16 17:49:21 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\NCH Software
[2012.07.16 17:49:21 | 000,000,000 | ---D | C] -- C:\ProgramData\NCH Software
[2012.07.15 18:37:28 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\CRE
[2012.07.15 18:37:18 | 000,000,000 | ---D | C] -- C:\Program Files\DVDVideoSoftTB_DE
[2012.07.15 18:37:05 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.07.15 18:36:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
[2012.07.15 18:36:55 | 000,405,144 | ---- | C] (Newtonsoft) -- C:\Windows\System32\Newtonsoft.Json.Net20.dll
[2012.07.15 18:36:45 | 000,000,000 | ---D | C] -- C:\Program Files\DVDVideoSoft
[2012.07.15 18:36:45 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DVDVideoSoft
[2012.07.15 18:32:26 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\Digiarty
[2012.07.15 18:31:47 | 000,000,000 | ---D | C] -- C:\Program Files\Digiarty
[2012.07.15 18:15:20 | 000,000,000 | ---D | C] -- C:\Program Files\K-Lite Codec Pack
[2012.07.15 18:15:15 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\Abelssoft
[2012.07.14 18:39:23 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2012.07.14 18:37:50 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2012.07.14 18:35:23 | 000,739,856 | ---- | C] (Google Inc.) -- C:\Users\xxx\chrome_installer200113247.exe
[2012.07.14 16:17:27 | 000,154,416 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\drivers\VBoxDrv.sys
[2012.07.14 16:17:01 | 000,033,072 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\drivers\VBoxUSBMon.sys
[2012.07.14 14:10:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.07.14 12:25:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Sirrix AG
[2012.07.14 12:25:09 | 000,000,000 | ---D | C] -- C:\Program Files\Sirrix AG
[2012.07.14 11:57:20 | 000,000,000 | ---D | C] -- C:\Program Files\Oracle
[2012.07.14 10:21:15 | 000,000,000 | ---D | C] -- C:\Program Files\HitmanPro
[2012.07.14 10:20:28 | 007,718,272 | ---- | C] (SurfRight B.V.) -- C:\Users\xxx\HitmanPro36.exe
[2012.07.14 07:36:43 | 000,000,000 | ---D | C] -- C:\Users\xxx\gegen Trojaner
[2012.07.13 20:43:24 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\Qoiwc
[2012.07.13 20:43:24 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\Akafu
[2012.07.11 17:58:53 | 002,047,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012.07.11 17:51:24 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012.07.11 17:51:22 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012.07.11 17:51:22 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012.07.11 17:51:21 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012.07.11 17:51:20 | 001,800,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012.07.11 17:51:20 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012.07.11 17:51:19 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012.07.11 17:47:16 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll
[2012.07.10 15:47:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2012.07.09 21:59:49 | 000,031,584 | ---- | C] (TuneUp Software) -- C:\Windows\System32\TURegOpt.exe
[2012.07.09 21:59:49 | 000,021,344 | ---- | C] (TuneUp Software) -- C:\Windows\System32\authuitu.dll
[2012.07.09 21:59:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2012
[2012.07.09 21:59:06 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\TuneUp Software
[2012.07.09 21:58:45 | 000,000,000 | ---D | C] -- C:\Program Files\TuneUp Utilities 2012
[2012.07.09 21:50:39 | 000,000,000 | -HSD | C] -- C:\ProgramData\{32364CEA-7855-4A3C-B674-53D8E9B97936}
[2012.07.09 21:50:39 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2012.07.09 21:48:48 | 037,771,696 | ---- | C] (TuneUp Software) -- C:\Users\xxx\TuneUpUtilities2012_de-DE.exe
[2012.07.06 17:41:47 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\BabylonToolbar
[2012.07.06 17:41:37 | 000,000,000 | ---D | C] -- C:\Program Files\BabylonToolbar
[2012.07.06 17:41:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon
[2012.07.03 21:03:00 | 000,000,000 | ---D | C] -- C:\Program Files\SearchGBY
[2012.07.03 21:02:33 | 000,000,000 | ---D | C] -- C:\Program Files\KB Piano 2
[2012.07.02 22:15:32 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\Ilivid Player
[2012.06.21 19:23:47 | 002,422,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll
[2012.06.21 19:23:47 | 000,045,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll
[2012.06.21 19:23:00 | 000,577,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll
[2012.06.21 19:23:00 | 000,088,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll
[2012.06.21 19:23:00 | 000,035,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups.dll
[2012.06.21 19:22:44 | 000,171,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll
[2012.06.21 19:22:44 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe
[2012.06.17 18:30:40 | 004,441,861 | ---- | C] ((c) 2006-2011, Tom Thielicke IT Solutions                   ) -- C:\Users\xxx\tipp10_win_v2-1-0.exe
[2012.04.04 15:55:01 | 006,951,776 | ---- | C] (digital publishing AG) -- C:\Users\xxx\dpLaunchSet.exe
[2007.08.21 08:07:16 | 000,010,752 | ---- | C] (Arcor Online GmbH) -- C:\Users\xxx\AppData\Local\cmdial32.dll
[6 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[4 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.07.19 18:55:52 | 000,002,735 | ---- | M] () -- C:\Users\xxx\Desktop\Microsoft Office Outlook 2007.lnk
[2012.07.19 18:50:09 | 000,013,072 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\nvModes.001
[2012.07.19 18:49:10 | 000,302,592 | ---- | M] () -- C:\Users\xxx\Desktop\d360pqyn.exe
[2012.07.19 18:47:01 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2661263122-194117992-2275258509-1000UA.job
[2012.07.19 18:37:15 | 000,002,052 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012.07.19 18:20:19 | 000,677,816 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.07.19 18:20:19 | 000,637,900 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.07.19 18:20:19 | 000,121,064 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.07.19 18:20:18 | 000,146,856 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.07.19 18:13:57 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.07.19 18:13:57 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.07.19 18:13:38 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.07.19 16:16:46 | 000,013,072 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\nvModes.dat
[2012.07.18 18:27:33 | 000,046,592 | ---- | M] () -- C:\Users\xxx\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.07.18 14:22:23 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.07.17 20:27:49 | 000,000,000 | ---- | M] () -- C:\Users\xxx\defogger_reenable
[2012.07.17 20:25:03 | 000,050,477 | ---- | M] () -- C:\Users\xxx\Desktop\Defogger.exe
[2012.07.17 17:24:44 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\xxx\Desktop\OTL.exe
[2012.07.17 13:07:55 | 000,227,824 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2012.07.17 13:07:55 | 000,174,064 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2012.07.17 13:07:55 | 000,174,064 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2012.07.17 13:07:53 | 000,772,592 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll
[2012.07.17 13:07:52 | 000,687,600 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll
[2012.07.17 08:46:00 | 000,001,072 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2661263122-194117992-2275258509-1000Core.job
[2012.07.15 18:37:35 | 000,000,009 | ---- | M] () -- C:\END
[2012.07.15 18:36:57 | 000,001,195 | ---- | M] () -- C:\Users\xxx\Desktop\Free YouTube to MP3 Converter.lnk
[2012.07.15 15:50:44 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.07.15 15:50:44 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.07.14 18:37:50 | 000,002,065 | ---- | M] () -- C:\Users\xxx\Desktop\Google Chrome.lnk
[2012.07.14 18:35:23 | 000,739,856 | ---- | M] (Google Inc.) -- C:\Users\xxx\chrome_installer200113247.exe
[2012.07.14 10:37:38 | 000,002,522 | ---- | M] () -- C:\Windows\System32\.crusader
[2012.07.14 10:20:36 | 007,718,272 | ---- | M] (SurfRight B.V.) -- C:\Users\xxx\HitmanPro36.exe
[2012.07.13 17:22:09 | 000,002,633 | ---- | M] () -- C:\Users\xxx\Desktop\Microsoft Office Excel 2007.lnk
[2012.07.11 18:30:01 | 000,004,135 | ---- | M] () -- C:\WirelessDiagLog.csv
[2012.07.11 18:08:11 | 000,425,264 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.07.10 16:08:24 | 000,137,928 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2012.07.10 16:08:24 | 000,083,392 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2012.07.09 21:59:43 | 000,001,873 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp 1-Klick-Wartung.lnk
[2012.07.09 21:49:42 | 037,771,696 | ---- | M] (TuneUp Software) -- C:\Users\xxx\TuneUpUtilities2012_de-DE.exe
[2012.07.09 18:05:51 | 004,503,728 | ---- | M] () -- C:\ProgramData\go_0molg.pad
[2012.07.08 12:56:05 | 004,503,728 | ---- | M] () -- C:\ProgramData\0tbpw.pad
[2012.07.06 17:41:39 | 000,000,725 | ---- | M] () -- C:\user.js
[2012.07.05 18:10:57 | 070,101,919 | ---- | M] () -- C:\Users\xxx\Englisch für Anfänger.wma
[2012.07.05 18:09:06 | 216,268,903 | ---- | M] () -- C:\Users\xxx\Sprachkurs Englisch.wma
[2012.07.05 15:22:30 | 000,043,410 | ---- | M] () -- C:\Users\xxx\tickets2.pdf
[2012.07.05 15:22:15 | 000,043,453 | ---- | M] () -- C:\Users\xxx\tickets.pdf
[2012.07.03 21:02:46 | 000,030,520 | ---- | M] () -- C:\Windows\System32\midiwrap3405.deu
[2012.07.03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.06.29 17:01:54 | 000,544,356 | ---- | M] () -- C:\Users\xxx\Englisch lernen mit The Grooves_ Business World.pdf
[2012.06.29 17:00:12 | 061,108,057 | ---- | M] () -- C:\Users\xxx\Englisch lernen mit The Grooves_ Business World.wma
[2012.06.27 21:44:49 | 000,013,615 | ---- | M] () -- C:\Users\xxx\bildungspaket-mehrtaegige-ausfluege-klassenfahrten-anlage.pdf
[2012.06.26 17:28:07 | 000,218,587 | ---- | M] () -- C:\Users\xxx\AntragTeilhabe_03_2012.pdf
[2012.06.25 21:33:53 | 153,919,040 | ---- | M] () -- C:\Users\xxx\Abenteuer Gedächtnis(1).wma
[2012.06.22 16:32:30 | 000,405,144 | ---- | M] (Newtonsoft) -- C:\Windows\System32\Newtonsoft.Json.Net20.dll
[6 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[4 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.07.19 18:49:08 | 000,302,592 | ---- | C] () -- C:\Users\xxx\Desktop\d360pqyn.exe
[2012.07.19 18:37:15 | 000,002,052 | ---- | C] () -- C:\Windows\epplauncher.mif
[2012.07.18 14:20:50 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.07.17 20:27:49 | 000,000,000 | ---- | C] () -- C:\Users\xxx\defogger_reenable
[2012.07.17 20:25:03 | 000,050,477 | ---- | C] () -- C:\Users\xxx\Desktop\Defogger.exe
[2012.07.15 18:37:35 | 000,000,009 | ---- | C] () -- C:\END
[2012.07.15 18:36:57 | 000,001,195 | ---- | C] () -- C:\Users\xxx\Desktop\Free YouTube to MP3 Converter.lnk
[2012.07.14 18:37:50 | 000,002,065 | ---- | C] () -- C:\Users\xxx\Desktop\Google Chrome.lnk
[2012.07.14 18:36:36 | 000,001,124 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2661263122-194117992-2275258509-1000UA.job
[2012.07.14 18:36:34 | 000,001,072 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2661263122-194117992-2275258509-1000Core.job
[2012.07.14 10:37:38 | 000,002,522 | ---- | C] () -- C:\Windows\System32\.crusader
[2012.07.09 21:59:43 | 000,001,881 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2012.lnk
[2012.07.09 21:59:43 | 000,001,873 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp 1-Klick-Wartung.lnk
[2012.07.08 12:46:33 | 004,503,728 | ---- | C] () -- C:\ProgramData\go_0molg.pad
[2012.07.08 12:46:32 | 004,503,728 | ---- | C] () -- C:\ProgramData\0tbpw.pad
[2012.07.05 18:09:23 | 070,101,919 | ---- | C] () -- C:\Users\xxx\Englisch für Anfänger.wma
[2012.07.05 18:04:04 | 216,268,903 | ---- | C] () -- C:\Users\xxx\Sprachkurs Englisch.wma
[2012.07.05 15:22:29 | 000,043,410 | ---- | C] () -- C:\Users\xxx\tickets2.pdf
[2012.07.05 15:22:14 | 000,043,453 | ---- | C] () -- C:\Users\xxx\tickets.pdf
[2012.07.03 21:02:46 | 000,030,520 | ---- | C] () -- C:\Windows\System32\midiwrap3405.deu
[2012.06.29 17:01:53 | 000,544,356 | ---- | C] () -- C:\Users\xxx\Englisch lernen mit The Grooves_ Business World.pdf
[2012.06.29 16:58:56 | 061,108,057 | ---- | C] () -- C:\Users\xxx\Englisch lernen mit The Grooves_ Business World.wma
[2012.06.27 21:44:49 | 000,013,615 | ---- | C] () -- C:\Users\xxx\bildungspaket-mehrtaegige-ausfluege-klassenfahrten-anlage.pdf
[2012.06.26 17:28:05 | 000,218,587 | ---- | C] () -- C:\Users\xxx\AntragTeilhabe_03_2012.pdf
[2012.06.25 21:30:17 | 153,919,040 | ---- | C] () -- C:\Users\xxx\Abenteuer Gedächtnis(1).wma
[2012.06.17 17:00:42 | 000,005,871 | ---- | C] () -- C:\Users\xxx\AppData\Local\recently-used.xbel
[2012.06.16 15:41:37 | 000,068,608 | ---- | C] () -- C:\Users\xxx\Hat die Praktikantin.pub
[2012.05.29 19:26:50 | 008,219,648 | ---- | C] () -- C:\Users\xxx\Meine Broschüre.pub
[2012.05.19 16:47:59 | 000,000,082 | ---- | C] () -- C:\Windows\odbc_merge.INI
[2012.05.07 18:51:22 | 173,966,408 | ---- | C] () -- C:\Users\xxx\Rossmann-Fotosoftware-Setup.exe
[2012.04.23 21:06:28 | 000,086,016 | ---- | C] () -- C:\Windows\System32\custmon32i.dll
[2012.03.21 16:38:37 | 000,000,064 | ---- | C] () -- C:\Windows\GPlrLanc.dat
[2011.12.23 19:14:03 | 000,084,405 | ---- | C] () -- C:\Users\xxx\Leseprobe Klugscheißer für Fake.pdf
[2011.12.23 16:55:13 | 000,133,564 | ---- | C] () -- C:\Users\xxx\Leseprobe für Fake.pdf
[2011.07.07 08:55:26 | 001,812,597 | ---- | C] () -- C:\Users\xxx\Monitorkalibrierung.zip
[2011.06.30 14:06:46 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011.06.25 22:32:22 | 002,948,218 | ---- | C] () -- C:\Users\xxx\Leseprobe.pdf
[2011.06.03 14:20:31 | 000,184,192 | ---- | C] () -- C:\Users\xxx\BuT.pdf
[2011.06.02 10:49:31 | 034,104,383 | ---- | C] () -- C:\Users\xxx\Kopie von context (5).pdf
[2011.04.23 12:03:47 | 000,008,468 | ---- | C] () -- C:\Users\xxx\bildungspaket.pdf
[2011.02.26 21:53:39 | 000,004,096 | -H-- | C] () -- C:\Users\xxx\AppData\Local\keyfile3.drm
[2010.03.07 16:40:47 | 000,014,519 | ---- | C] () -- C:\ProgramData\LUUnInstall.LiveUpdate
[2008.03.11 07:41:26 | 000,000,680 | ---- | C] () -- C:\Users\xxx\AppData\Local\d3d9caps.dat
[2007.06.20 18:05:35 | 000,008,438 | ---- | C] () -- C:\Users\xxx\AppData\Roaming\mdb.bin
[2007.06.12 20:20:30 | 000,013,072 | ---- | C] () -- C:\Users\xxx\AppData\Roaming\nvModes.001
[2007.06.12 18:29:04 | 000,046,592 | ---- | C] () -- C:\Users\xxx\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007.06.12 18:18:50 | 000,013,072 | ---- | C] () -- C:\Users\xxx\AppData\Roaming\nvModes.dat
 
========== LOP Check ==========
 
[2012.07.13 20:43:24 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Akafu
[2009.10.24 10:02:04 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Artweaver
[2011.12.19 17:42:29 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Babylon
[2012.07.06 17:41:47 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\BabylonToolbar
[2010.03.23 21:08:24 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Canon
[2009.11.15 17:11:40 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\CasualForge
[2010.02.16 14:43:39 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\cerasus.media
[2012.07.15 18:32:26 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Digiarty
[2011.02.12 17:49:28 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\digital publishing
[2012.07.15 18:38:10 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\DVDVideoSoft
[2012.07.15 18:37:05 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.04.10 15:59:23 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\FreeScreenToVideo
[2012.04.21 16:28:26 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\GetRightToGo
[2012.06.14 19:01:34 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\gtk-2.0
[2007.09.15 14:59:56 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\ICQ
[2008.03.10 20:21:22 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\ICQ Toolbar
[2008.12.25 19:33:44 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Leadertech
[2012.05.04 20:06:30 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Lexware
[2012.06.16 13:24:40 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\loadtbs
[2007.12.24 20:16:16 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\MAGIX
[2010.11.14 18:43:27 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Merscom
[2011.08.25 11:17:13 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\NCH Swift Sound
[2009.04.01 09:29:44 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Neopets Toolbar
[2011.06.09 22:18:56 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\OpenOffice.org
[2008.03.02 15:07:55 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\PC-FAX TX
[2009.08.08 20:06:38 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Peace Craft
[2011.02.22 22:14:21 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\PeerNetworking
[2012.07.14 10:11:54 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Qoiwc
[2007.06.20 20:06:34 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\ScanSoft
[2008.12.31 17:36:54 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Spandex Force
[2012.06.01 20:53:44 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\TimePunch
[2012.07.09 21:59:06 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\TuneUp Software
[2012.06.12 18:10:00 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Vodafone
[2008.10.19 19:28:10 | 000,000,256 | ---- | M] () -- C:\Windows\Tasks\Auf Updates für Windows Live Toolbar prüfen.job
[2012.07.19 16:48:57 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*. >
[2012.07.18 13:38:19 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN
[2007.06.12 16:56:11 | 000,000,000 | ---D | M] -- C:\Acer
[2007.01.19 20:02:16 | 000,000,000 | ---D | M] -- C:\Book
[2009.09.20 20:51:22 | 000,000,000 | -HSD | M] -- C:\Boot
[2006.11.02 15:02:03 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2007.06.12 16:49:58 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2007.01.19 20:02:16 | 000,000,000 | ---D | M] -- C:\DRV
[2012.04.27 18:46:10 | 000,000,000 | ---D | M] -- C:\F0
[2010.06.06 21:50:07 | 000,000,000 | ---D | M] -- C:\inetpub
[2012.04.28 12:40:03 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2012.07.12 22:01:49 | 000,000,000 | ---D | M] -- C:\Multimedia Files
[2012.05.02 19:55:51 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2012.07.18 14:20:47 | 000,000,000 | R--D | M] -- C:\Program Files
[2012.04.23 21:06:25 | 000,000,000 | ---D | M] -- C:\Program1
[2012.07.18 13:59:07 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2007.06.12 16:49:58 | 000,000,000 | -HSD | M] -- C:\Programme
[2012.07.09 21:58:26 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2007.06.14 22:04:44 | 000,000,000 | ---D | M] -- C:\temp
[2007.06.12 16:53:35 | 000,000,000 | R--D | M] -- C:\Users
[2012.07.19 18:37:15 | 000,000,000 | ---D | M] -- C:\Windows
[2009.11.15 21:27:48 | 000,000,000 | ---D | M] -- C:\~QTWTMP.TMP
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
< MD5 for: AGP440.SYS  >
[2008.01.19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008.01.19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008.01.19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008.01.19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\drivers\AGP440.sys
[2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008.01.19 09:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008.01.19 09:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006.11.02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2008.02.14 10:15:15 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys
[2008.02.14 10:15:15 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys
[2008.02.14 10:15:14 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
 
< MD5 for: ENETHOOK.DLL  >
[2006.12.28 21:07:22 | 000,090,112 | ---- | M] (acer) MD5=D1DDFF67D47BD6762A6B2282E5C354AD -- C:\Acer\Empowering Technology\eNet\eNetHook.dll
[2006.12.28 21:07:22 | 000,090,112 | ---- | M] (acer) MD5=D1DDFF67D47BD6762A6B2282E5C354AD -- C:\Windows\System32\eNetHook.dll
 
< MD5 for: EXPLORER.EXE  >
[2008.10.29 08:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008.10.29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008.10.30 05:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2007.11.15 08:15:11 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=6D06CD98D954FE87FB2DB8108793B399 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_4fac29707cae347a\explorer.exe
[2007.11.15 08:15:10 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=BD06F0BF753BC704B653C3A50F89D362 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_501f261995dcf2cf\explorer.exe
[2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008.10.28 04:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2006.11.02 11:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe
[2008.01.19 09:33:10 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe
 
< MD5 for: IASTORV.SYS  >
[2008.01.19 09:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008.01.19 09:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys
[2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2006.11.02 11:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll
[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008.01.19 09:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\drivers\nvstor.sys
[2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008.01.19 09:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008.01.19 09:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2008.01.19 09:36:19 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2006.11.02 11:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll
[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll
 
< MD5 for: USER32.DLL  >
[2007.06.13 12:37:24 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=63B4F59D7C89B1BF5277F1FFEFD491CD -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16438_none_cb39bc5b7047127e\user32.dll
[2007.06.13 12:37:25 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=9D9F061EDA75425FC67F0365E3467C86 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.20537_none_cbc258dc896598f1\user32.dll
[2008.01.19 09:36:46 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll
[2006.11.02 11:46:13 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=E698A5437B89A285ACA3FF022356810A -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16386_none_cb01aa4570716e5e\user32.dll
[2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll
[2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.01.19 09:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008.01.19 09:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2006.11.02 11:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2012.07.03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2006.11.02 11:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
[2008.01.19 09:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2006.11.02 10:58:26 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=84620AECDCFD2A7A14E6263927D8C0ED -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6000.16386_none_4d4fded8cae2956d\ws2ifsl.sys
[2008.01.19 07:56:49 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2008.01.19 07:56:49 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
[1 C:\Windows\system32\drivers\*.tmp files -> C:\Windows\system32\drivers\*.tmp -> ]
 
< %systemroot%\System32\config\*.sav >
[2006.11.02 12:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2006.11.02 12:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2006.11.02 12:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006.11.02 12:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006.11.02 12:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
 
< %systemroot%\system32\*.dll /lockedfiles >
[4 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]
 
< %USERPROFILE%\*.* >
[2012.06.25 21:33:53 | 153,919,040 | ---- | M] () -- C:\Users\xxx\Abenteuer Gedächtnis(1).wma
[2012.06.26 17:28:07 | 000,218,587 | ---- | M] () -- C:\Users\xxx\AntragTeilhabe_03_2012.pdf
[2012.06.27 21:44:49 | 000,013,615 | ---- | M] () -- C:\Users\xxx\bildungspaket-mehrtaegige-ausfluege-klassenfahrten-anlage.pdf
[2011.04.23 12:03:50 | 000,008,468 | ---- | M] () -- C:\Users\xxx\bildungspaket.pdf
[2011.06.03 14:20:33 | 000,184,192 | ---- | M] () -- C:\Users\xxx\BuT.pdf
[2012.07.14 18:35:23 | 000,739,856 | ---- | M] (Google Inc.) -- C:\Users\xxx\chrome_installer200113247.exe
[2012.07.17 20:27:49 | 000,000,000 | ---- | M] () -- C:\Users\xxx\defogger_reenable
[2012.04.04 15:55:17 | 006,951,776 | ---- | M] (digital publishing AG) -- C:\Users\xxx\dpLaunchSet.exe
[2012.07.05 18:10:57 | 070,101,919 | ---- | M] () -- C:\Users\xxx\Englisch für Anfänger.wma
[2012.06.29 17:01:54 | 000,544,356 | ---- | M] () -- C:\Users\xxx\Englisch lernen mit The Grooves_ Business World.pdf
[2012.06.29 17:00:12 | 061,108,057 | ---- | M] () -- C:\Users\xxx\Englisch lernen mit The Grooves_ Business World.wma
[2012.04.17 20:55:51 | 000,034,816 | ---- | M] () -- C:\Users\xxx\geschaeftsbrief-form-A-bezugszeichenzeile.doc
[2012.06.16 15:41:38 | 000,068,608 | ---- | M] () -- C:\Users\xxx\Hat die Praktikantin.pub
[2012.07.14 10:20:36 | 007,718,272 | ---- | M] (SurfRight B.V.) -- C:\Users\xxx\HitmanPro36.exe
[2011.06.02 10:50:21 | 034,104,383 | ---- | M] () -- C:\Users\xxx\Kopie von context (5).pdf
[2011.12.23 16:55:17 | 000,133,564 | ---- | M] () -- C:\Users\xxx\Leseprobe für Fake.pdf
[2011.12.23 19:14:06 | 000,084,405 | ---- | M] () -- C:\Users\xxx\Leseprobe Klugscheißer für Fake.pdf
[2011.06.26 10:25:21 | 002,948,218 | ---- | M] () -- C:\Users\xxx\Leseprobe.pdf
[2012.05.29 20:41:11 | 008,219,648 | ---- | M] () -- C:\Users\xxx\Meine Broschüre.pub
[2011.07.07 08:55:34 | 001,812,597 | ---- | M] () -- C:\Users\xxx\Monitorkalibrierung.zip
[2012.07.19 18:56:46 | 005,505,024 | -HS- | M] () -- C:\Users\xxx\ntuser.dat
[2012.07.19 18:56:46 | 000,262,144 | ---- | M] () -- C:\Users\xxx\ntuser.dat.LOG1
[2008.02.28 18:40:16 | 000,262,144 | -H-- | M] () -- C:\Users\xxx\ntuser.dat.LOG2
[2012.07.19 16:48:40 | 000,065,536 | -HS- | M] () -- C:\Users\xxx\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2012.06.08 22:38:17 | 000,524,288 | -HS- | M] () -- C:\Users\xxx\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2012.07.19 16:48:40 | 000,524,288 | -HS- | M] () -- C:\Users\xxx\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms
[2007.06.12 16:53:35 | 000,000,020 | -HS- | M] () -- C:\Users\xxx\ntuser.ini
[2012.05.07 18:55:58 | 173,966,408 | ---- | M] () -- C:\Users\xxx\Rossmann-Fotosoftware-Setup.exe
[2012.07.05 18:09:06 | 216,268,903 | ---- | M] () -- C:\Users\xxx\Sprachkurs Englisch.wma
[2012.07.05 15:22:15 | 000,043,453 | ---- | M] () -- C:\Users\xxx\tickets.pdf
[2012.07.05 15:22:30 | 000,043,410 | ---- | M] () -- C:\Users\xxx\tickets2.pdf
[2012.06.17 18:30:53 | 004,441,861 | ---- | M] ((c) 2006-2011, Tom Thielicke IT Solutions                   ) -- C:\Users\xxx\tipp10_win_v2-1-0.exe
[2012.07.09 21:49:42 | 037,771,696 | ---- | M] (TuneUp Software) -- C:\Users\xxx\TuneUpUtilities2012_de-DE.exe
 
< %USERPROFILE%\Local Settings\Temp\*.exe >
 
< %USERPROFILE%\Local Settings\Temp\*.dll >
 
< %USERPROFILE%\Application Data\*.exe >
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 98 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 98 bytes -> C:\ProgramData\TEMP:551E1CB4
@Alternate Data Stream - 150 bytes -> C:\ProgramData\TEMP:F878F14A
@Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:5425B7F5
@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:940ECC98
@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:90E60569
@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:DCDE7C60
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:91CF76E3
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:580E04D8
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:0207454C
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:B652B720
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:6CEB2458
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:426796C0
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:FF818E2B
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:1CB8D545
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:9AB338B9
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:4D066AD2
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:01442FD8
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:D88D995C
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:9AB56A06
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:08F16DBB
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:550179F5
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:3B3A35EC
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:30C46519
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:E1982A23
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:4D7FCCD3
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:B54102AD
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:0D31DA45
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:3CF23EC3
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:8C458D50
@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:B419A171
@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:9B52F176
@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:8FBE0E9C
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:90E3641D
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:DDE7FCF4
@Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:B14B4A95
@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:588B60C7
@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:37CE0F2E
@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:34FC1C45
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:25005EFA
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:1C9565AC
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:1D6686D8
@Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:567AC0A6
@Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:F50F1555

< End of report >
         
--- --- ---
OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 19.07.2012 18:56:29 - Run 6
OTL by OldTimer - Version 3.2.54.0     Folder = C:\Users\xxx\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 0,72 Gb Available Physical Memory | 36,05% Memory free
4,23 Gb Paging File | 2,73 Gb Available in Paging File | 64,57% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 70,77 Gb Total Space | 3,49 Gb Free Space | 4,93% Space Free | Partition Type: NTFS
Drive D: | 70,47 Gb Total Space | 48,94 Gb Free Space | 69,45% Space Free | Partition Type: NTFS
 
Computer Name: MRX | User Name: xxx | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- Reg Error: Key error. File not found
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- Reg Error: Key error.
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [Digital Photo Professional] -- C:\Program Files\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 1
"InternetSettingsDisableNotify" = 1
"AutoUpdateDisableNotify" = 1
"FirewallDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-2661263122-194117992-2275258509-1000]
"EnableNotificationsRef" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{346867F9-3C20-4C98-AAF6-B02529E263B2}" = lport=138 | protocol=17 | dir=in | app=system | 
"{37A0EB63-4D86-4336-BE5D-A7BFDC298198}" = lport=139 | protocol=6 | dir=in | app=system | 
"{489D774C-7EB5-4FA6-8F66-2CD2942EBCEC}" = rport=137 | protocol=17 | dir=out | app=system | 
"{63F6B6F2-16D0-4749-B18F-DCA26913933E}" = rport=138 | protocol=17 | dir=out | app=system | 
"{71E48E32-6FA5-4F27-A447-F145C08A7857}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{89C7BE34-30F1-4390-9B56-ED10E45C1246}" = lport=445 | protocol=6 | dir=in | app=system | 
"{962F518E-2483-468B-816F-C30594A17437}" = rport=139 | protocol=6 | dir=out | app=system | 
"{C0A5897C-39FC-41FC-A672-BDD523F60B4D}" = rport=445 | protocol=6 | dir=out | app=system | 
"{E063FE22-0CDF-49BF-9B6E-EC86F48FD4AB}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{E182A16E-470D-4533-911C-E66759DB1A20}" = lport=137 | protocol=17 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00B96488-3DBE-48C6-A6B8-90BE7007060B}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{22BD631D-07B7-4449-AAD2-0B45E4F99711}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{52252B4E-4A05-4318-AD07-5D128B3A27A8}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{6D69BB0F-6E76-4B8A-9A55-D8097D254FEB}" = protocol=17 | dir=in | app=c:\program files\avira\antivir desktop\avcenter.exe | 
"{733A0380-1825-4BAF-A4BA-AC24ADD6A735}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{7CA02D95-F8B7-4D63-A5BC-7BB970EEFB79}" = protocol=6 | dir=in | app=c:\program files\avira\antivir desktop\avcenter.exe | 
"{8B9A559A-13E9-465F-A3B7-B96626D59100}" = protocol=17 | dir=out | app=c:\program files\windows media player\wmplayer.exe | 
"{9B0A00D7-84E9-4ED5-BBE7-A8425C8D9555}" = protocol=6 | dir=in | app=c:\program files\windows searchqu toolbar\datamngr\toolbar\dtuser.exe | 
"{A2E669A7-30E2-44C6-A030-D7CD08F49352}" = protocol=17 | dir=in | app=c:\program files\windows searchqu toolbar\datamngr\toolbar\dtuser.exe | 
"{B0A6DFCC-DA6B-47BF-8ECF-74B67C186D1C}" = dir=in | app=c:\program files\itunes\itunes.exe | 
"{BBA0D5BE-EC83-4E25-A88F-C581AC3EA841}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{E3DBE1E0-D3C4-48B7-8EC8-2965A31E6DD5}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{F1773B6B-AB71-4350-8A93-858F51D6B287}" = protocol=6 | dir=out | app=c:\program files\windows media player\wmplayer.exe | 
"{F4B3F2A2-C754-4066-94FA-A97562DB2B93}" = protocol=17 | dir=in | app=c:\program files\windows media player\wmplayer.exe | 
"TCP Query User{930CC031-DDEC-46FF-960F-87ADD530FAD1}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe | 
"UDP Query User{4D054CA8-C329-4F48-9F13-7F045EDB2D2B}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000407-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{00D0200F-3B4D-4A2F-869E-533ED835A943}" = Hervorhebe-Funktion (Windows Live Toolbar)
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0AC49543-9CE2-4434-AD42-5AA6E2967FA5}" = Windows Live Toolbar
"{11316260-6666-467B-AC34-183FCB5D4335}" = Acer Mobility Center Plug-In
"{116FF17B-1A30-4FC2-9B01-5BC5BD46B0B3}" = Acer eLock Management
"{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1AEC7728-1640-4E98-AABC-5EBE3FB57FE4}" = SMSC Fast Infrared Driver
"{1E04F83B-2AB9-4301-9EF7-E86307F79C72}" = Google Earth
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{218761F6-CBF6-4973-B910-A33E6563A1EA}" = Windows Live Toolbar-Erweiterung (Windows Live Toolbar)
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{262DA23B-4BAB-463F-B1DC-9B5287CAB5CA}}_is1" = Deinstallation der Arcor Online Software
"{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java(TM) 7 Update 5
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros for Acer Driver v7.2.0.127_Foxconn Installation Program
"{2DD6C198-FA9A-40B4-8DE5-CE5206E3EB34}" = Smart Menus (Windows Live Toolbar)
"{32364CEA-7855-4A3C-B674-53D8E9B97936}" = TuneUp Utilities 2012
"{353FE16B-30FE-469A-BF55-B978F4218003}" = iTunes
"{35C0A1E4-D02A-412C-841F-266DBB116ABB}" = Intel(R) PROSet/Wireless WiFi-Software
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{412033BC-44CF-48D9-B813-4B835101F4D3}" = Adobe Illustrator 10
"{4817189D-1785-4627-A33C-39FD90919300}" = Die Sims™ 2 Haustiere
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E868D3D-6EEB-4273-926C-2287236B5B79}" = 3DVIA player 5.0
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePower Management
"{59624372-3B85-47f4-9B04-4911E551DF1E}" = Lexware Info Service
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6
"{62B7C52C-CAB6-48B1-8245-52356C141C92}" = RENESIS® Player Browser Plugins
"{67ADE9AF-5CD9-4089-8825-55DE4B366799}" = NTI Backup NOW! 4.7
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6E7DD182-9FC6-4651-0095-2E666CC6AF35}" = Die Sims 2
"{7020FC34-6E04-4858-924D-354B28CB2402}_is1" = Qtpfsgui 1.9.3
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71C97545-E547-4A8B-B0C8-61FF853270AC}" = PaperPort
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}" = Windows Live Favorites für Windows Live Toolbar
"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver
"{7A7B0BF3-2F00-4F03-8A9B-6ABCC07B90C6}" = Windows Live installer
"{83AA2913-C123-4146-85BD-AD8F93971D39}" = BabylonObjectInstaller
"{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60}" = Windows Live Anmelde-Assistent
"{853A4763-6643-4604-8D64-28BDD8925F4C}" = Apple Application Support
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{88410D8F-8529-492B-B556-2394A29B811B}" = Broadcom Driver v4.102.15.63_Foxconn Installation Program
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{93567BBD-4369-47B2-A621-78E008F8EA33}" = Lexware Elster
"{94389919-B0AA-4882-9BE8-9F0B004ECA35}" = Acer Tour
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A1D08B90-AE1A-4885-AC29-731496FD397E}" = Windows Live Fotogalerie
"{A76AA284-E52D-47E6-9E4F-B85DBF8E35C3}" = IMinent Toolbar
"{A87B11AC-4344-4E5D-8B12-8F471A87DAD9}" = LightScribe  1.4.136.1
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB6097D9-D722-4987-BD9E-A076E2848EE2}" = Acer Empowering Technology
"{AC76BA86-7AD7-1031-7B44-A70000000000}" = Adobe Reader 7.0 - Deutsch
"{AEEAE013-92F1-4515-B278-139F1A692A35}" = Acer eDataSecurity Management
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{BF839132-BD43-4056-ACBF-4377F4A88E2A}" = Acer ePresentation Management
"{C06554A1-2C1E-4D20-B613-EE62C79927CC}" = Acer eNet Management
"{C19B3EB6-B54C-3204-A4DF-88432E0C79F7}" = Microsoft ReportViewer 2010 Redistributable
"{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C911A0C2-2236-3164-AA47-F2566C01AE5E}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support
"{CE026CFE-73FE-4FED-9D5F-2C8D4DB512B0}" = TuneUp Utilities Language Pack (de-DE)
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE65A9A0-9686-45C6-9098-3C9543A412F0}" = Acer eSettings Management
"{D871EE71-6EBD-4EEC-9418-69E8782E6BBB}" = Lexware financial office 2009
"{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}" = LiveUpdate Notice (Symantec Corporation)
"{DFEF49D9-FC95-4301-99B9-2FB91C6ABA06}" = Die Sims™ 2 Vier Jahreszeiten
"{E10DB5DA-E576-40EA-A7FC-1CB2A7B283A6}" = NVIDIA PhysX
"{EFBDC2B0-FAA8-4B78-8DE1-AEBE7958FA37}" = Acer Arcade Deluxe
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F248ADFA-64E0-4b03-8A83-059078BED6A0}" = Die Sims™ 2 Gute Reise
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F7529650-B9DB-481B-0089-A2AC3C2821C1}" = Die Sims 2: Nightlife
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe InDesign 2.0" = Adobe InDesign 2.0
"Adobe Photoshop 7.0" = Adobe Photoshop 7.0
"Adobe Shockwave Player" = Adobe Shockwave Player
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"Avira AntiVir Desktop" = Avira Free Antivirus
"BabylonToolbar" = Babylon toolbar on IE
"CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
"CameraWindowLauncher" = Canon Utilities CameraWindow
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFAOR2C06_118" = HDAUDIO Soft Data Fax Modem with SmartCP
"DPP" = Canon Utilities Digital Photo Professional 3.4
"DVDVideoSoftTB_DE Toolbar" = DVDVideoSoftTB DE Toolbar
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EOS USB WIA Driver" = EOS USB WIA Driver
"EOS Utility" = Canon Utilities EOS Utility
"Firebird SQL Server D" = Firebird SQL Server - MAGIX Edition
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.26.706
"GIF Animator" = Microsoft GIF Animator
"GIMP-2_is1" = GIMP 2.8.0
"Google Desktop" = Google Desktop
"Google Updater" = Google Updater
"GridVista" = Acer GridVista
"InstallShield_{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"KLiteCodecPack_is1" = K-Lite Codec Pack 6.0.4 (Basic)
"LiveUpdate" = LiveUpdate 3.2 (Symantec Corporation)
"LManager" = Launch Manager
"loadtbs-2.1" = loadtbs-2.1
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"MyCamera" = Canon Utilities MyCamera
"Neopets" = Neopets 
"NVIDIA Drivers" = NVIDIA Drivers
"OpenAL" = OpenAL
"Original Data Security Tools" = Canon Utilities Original Data Security Tools
"Passbild-Generator_is1" = Bewerbungsfoto-/Passbild-Generator v3.3a
"PhotoStitch" = Canon Utilities PhotoStitch
"Picture Style Editor" = Canon Utilities Picture Style Editor
"ProInst" = Intel PROSet Wireless
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX
"Searchqu 417 MediaBar" = Windows Searchqu Toolbar
"Shockwave" = Shockwave
"Softonic_Deutsch Toolbar" = Softonic_Deutsch Toolbar
"ST5UNST #1" = project dogwaffle
"ST5UNST #2" = project dogwaffle (c:\)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TIPP10_is1" = TIPP10 Version 2.1.0
"TuneUp Utilities 2012" = TuneUp Utilities 2012
"WavePad" = WavePad Audiobearbeitungs-Software
"WFTK" = Canon Utilities WFT-E1/E2/E3 Utility
"Windows Live Toolbar" = Windows Live Toolbar
"Winload Toolbar" = Winload Toolbar
"www.Freeware-download.com Toolbar" = Freeware Download - Free Software Downloads Toolbar
"XTTB00001.XTTB00001Toolbar" = ICQ Toolbar
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 19.07.2012 10:26:27 | Computer Name = mrx | Source = VSS | ID = 12292
Description = 
 
Error - 19.07.2012 10:26:27 | Computer Name = mrx | Source = System Restore | ID = 8193
Description = 
 
Error - 19.07.2012 12:37:17 | Computer Name = mrx | Source = Microsoft Security Client Setup | ID = 100
Description = HRESULT:0x8004FF0A Description:Microsoft Security Essentials installation
 was canceled. You canceled the Security Essentials installation on your computer.
 Error code:0x8004FF0A.
 
Error - 19.07.2012 13:03:28 | Computer Name = mrx | Source = VSS | ID = 40
Description = 
 
Error - 19.07.2012 13:03:28 | Computer Name = mrx | Source = VSS | ID = 12292
Description = 
 
Error - 19.07.2012 13:03:28 | Computer Name = mrx | Source = VSS | ID = 40
Description = 
 
Error - 19.07.2012 13:03:28 | Computer Name = mrx | Source = VSS | ID = 12292
Description = 
 
Error - 19.07.2012 13:03:28 | Computer Name = mrx | Source = VSS | ID = 40
Description = 
 
Error - 19.07.2012 13:03:28 | Computer Name = mrx | Source = VSS | ID = 12292
Description = 
 
Error - 19.07.2012 13:03:28 | Computer Name = mrx | Source = System Restore | ID = 8193
Description = 
 
[ OSession Events ]
Error - 25.02.2011 18:49:31 | Computer Name = mrx | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6550.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 124
 seconds with 60 seconds of active time.  This session ended with a crash.
 
Error - 26.02.2011 06:38:57 | Computer Name = mrx | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6550.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 128
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 26.02.2011 17:25:03 | Computer Name = mrx | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6550.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 128
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 27.02.2011 04:11:03 | Computer Name = mrx | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6550.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 129
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 28.02.2011 17:58:33 | Computer Name = mrx | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6550.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 122
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 01.03.2011 03:24:51 | Computer Name = mrx | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6550.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 3723
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 01.03.2011 04:18:15 | Computer Name = mrx | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6550.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 3724
 seconds with 120 seconds of active time.  This session ended with a crash.
 
Error - 01.03.2011 07:38:01 | Computer Name = mrx | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6550.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 3724
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 05.03.2012 06:49:02 | Computer Name = mrx | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6562.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 1237
 seconds with 240 seconds of active time.  This session ended with a crash.
 
Error - 03.06.2012 15:22:46 | Computer Name = mrx | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 1
 seconds with 0 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 18.07.2012 23:56:36 | Computer Name = mrx | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 19.07.2012 08:22:35 | Computer Name = mrx | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 19.07.2012 08:22:35 | Computer Name = mrx | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 19.07.2012 08:23:01 | Computer Name = mrx | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 19.07.2012 10:16:16 | Computer Name = mrx | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 19.07.2012 10:16:16 | Computer Name = mrx | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 19.07.2012 10:16:33 | Computer Name = mrx | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 19.07.2012 12:13:54 | Computer Name = mrx | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 19.07.2012 12:13:54 | Computer Name = mrx | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 19.07.2012 12:14:11 | Computer Name = mrx | Source = Service Control Manager | ID = 7001
Description = 
 
GMER Logfile:
Code:
ATTFilter
GMER 1.0.15.15641 - GMER - Rootkit Detector and Remover
Rootkit scan 2012-07-19 21:21:23
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD1600BEVS-22RST0 rev.04.01G04
Running: d360pqyn.exe; Driver: C:\Users\xxx\AppData\Local\Temp\ugtdypow.sys


---- System - GMER 1.0.15 ----

SSDT            8B2996C6                                                                                               ZwCreateSection
SSDT            8B2996D0                                                                                               ZwRequestWaitReplyPort
SSDT            8B2996CB                                                                                               ZwSetContextThread
SSDT            8B2996D5                                                                                               ZwSetSecurityObject
SSDT            8B2996DA                                                                                               ZwSystemDebugControl
SSDT            8B299667                                                                                               ZwTerminateProcess

---- Kernel code sections - GMER 1.0.15 ----

.text           ntkrnlpa.exe!KeSetEvent + 215                                                                          82AE78D8 4 Bytes  [C6, 96, 29, 8B]
.text           ntkrnlpa.exe!KeSetEvent + 539                                                                          82AE7BFC 4 Bytes  [D0, 96, 29, 8B]
.text           ntkrnlpa.exe!KeSetEvent + 56D                                                                          82AE7C30 4 Bytes  [CB, 96, 29, 8B]
.text           ntkrnlpa.exe!KeSetEvent + 5D1                                                                          82AE7C94 4 Bytes  [D5, 96, 29, 8B]
.text           ntkrnlpa.exe!KeSetEvent + 619                                                                          82AE7CDC 4 Bytes  [DA, 96, 29, 8B]
.text           ...                                                                                                    
.text           C:\Windows\system32\DRIVERS\nvlddmkm.sys                                                               section is writeable [0x8C60A340, 0x2932D7, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text           C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE[2348] kernel32.dll!SetUnhandledExceptionFilter  7688A8C5 5 Bytes  JMP 654450B8 C:\Program Files\Common Files\Microsoft Shared\office12\mso.dll (2007 Microsoft Office component/Microsoft Corporation)
.text           C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE[2348] ole32.dll!OleLoadFromStream               777E1E80 5 Bytes  JMP 65F0EAC8 C:\Program Files\Common Files\Microsoft Shared\office12\mso.dll (2007 Microsoft Office component/Microsoft Corporation)
.text           C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE[4452] kernel32.dll!SetUnhandledExceptionFilter  7688A8C5 5 Bytes  JMP 654450B8 C:\Program Files\Common Files\Microsoft Shared\office12\mso.dll (2007 Microsoft Office component/Microsoft Corporation)
.text           C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE[4452] ole32.dll!OleLoadFromStream               777E1E80 5 Bytes  JMP 65F0EAC8 C:\Program Files\Common Files\Microsoft Shared\office12\mso.dll (2007 Microsoft Office component/Microsoft Corporation)

---- User IAT/EAT - GMER 1.0.15 ----

IAT             C:\Windows\Explorer.EXE[2828] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown]                  [74877817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[2828] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage]                   [748BB4E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[2828] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI]               [7487BB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[2828] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode]         [7486F695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[2828] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup]                   [748775E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[2828] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC]                [7486E7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[2828] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM]    [748A73F5] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[2828] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream]       [7487DA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[2828] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight]               [7486FFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[2828] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth]                [7486FF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[2828] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage]                 [748671CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[2828] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM]         [748FCAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[2828] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile]            [7489C8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[2828] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics]               [7486D968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[2828] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree]                         [74866853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[2828] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc]                        [7486687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[2828] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode]           [74872AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice  \Driver\kbdclass \Device\KeyboardClass0                                                                Wdf01000.sys (WDF Dynamic/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----
         
--- --- --- < End of report >
--- --- ---

Alt 19.07.2012, 20:41   #8
mmetzak77
 
19 infizierte registrierungsschlüssel von malewarebytes nach tr/kazy.80623.1 gefunden - Standard

19 infizierte registrierungsschlüssel von malewarebytes nach tr/kazy.80623.1 gefunden



Hallo Markusg.,
ich hoffe dass ich jetzt alles richtig gemacht habe und nichts fehlt.
Danke
Marion

defogger_disable by jpshortstuff (23.02.10.1)
Log created at 15:27 on 19/07/2012 (marion)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 19.07.2012 18:56:29 - Run 6
OTL by OldTimer - Version 3.2.54.0     Folder = C:\Users\xxx\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 0,72 Gb Available Physical Memory | 36,05% Memory free
4,23 Gb Paging File | 2,73 Gb Available in Paging File | 64,57% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 70,77 Gb Total Space | 3,49 Gb Free Space | 4,93% Space Free | Partition Type: NTFS
Drive D: | 70,47 Gb Total Space | 48,94 Gb Free Space | 69,45% Space Free | Partition Type: NTFS
 
Computer Name: MRX | User Name: xxx | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\xxx\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Programme\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe (TuneUp Software)
PRC - C:\Programme\TuneUp Utilities 2012\TuneUpUtilitiesApp32.exe (TuneUp Software)
PRC - C:\Programme\Microsoft Office\Office12\OUTLOOK.EXE (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conime.exe (Microsoft Corporation)
PRC - C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
PRC - C:\Programme\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
PRC - C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
PRC - C:\Programme\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
PRC - C:\Programme\Symantec\LiveUpdate\AluSchedulerSvc.exe (Symantec Corporation)
PRC - C:\Users\xxx\AppData\Local\Temp\RtkBtMnt.exe (Realtek Semiconductor Corp.)
PRC - C:\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Inc.)
PRC - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe (HiTRSUT)
PRC - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe ()
PRC - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe (acer)
PRC - C:\Acer\Empowering Technology\eNet\eNet Service.exe (Acer Inc.)
PRC - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe (Acer Inc.)
PRC - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe (Acer Inc.)
PRC - C:\Acer\Empowering Technology\eRecovery\eRAgent.exe (Acer Inc.)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Acer\Mobility Center\MobilityService.exe ()
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\f2691cfa7671cdc58179e56ba9227591\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\18f9789aa214c657113e676b3a9015aa\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\846b9cf2756fdd15f704c9bab9c70b6f\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\28d633338fc8d29f8af31935ef7d001b\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\af9c9e9d7e0523cd444f8b551baa9cbf\mscorlib.ni.dll ()
MOD - C:\Users\xxx\AppData\Local\Google\Chrome\User Data\SwiftShader\1.0.0.3\libglesv2.dll ()
MOD - C:\Users\xxx\AppData\Local\Google\Chrome\User Data\SwiftShader\1.0.0.3\libegl.dll ()
MOD - C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.7_0\BabylonChromeToolBar.dll ()
MOD - C:\Users\xxx\AppData\Local\Google\Chrome\Application\20.0.1132.57\ppGoogleNaClPluginChrome.dll ()
MOD - C:\Users\xxx\AppData\Local\Google\Chrome\Application\20.0.1132.57\pdf.dll ()
MOD - C:\Users\xxx\AppData\Local\Google\Chrome\Application\20.0.1132.57\avutil-51.dll ()
MOD - C:\Users\xxx\AppData\Local\Google\Chrome\Application\20.0.1132.57\avformat-54.dll ()
MOD - C:\Users\xxx\AppData\Local\Google\Chrome\Application\20.0.1132.57\avcodec-54.dll ()
MOD - C:\Users\xxx\AppData\Local\Google\Chrome\Application\20.0.1132.57\gcswf32.dll ()
MOD - C:\Users\xxx\AppData\Local\Google\Chrome\APPLIC~1\200113~1.57\gcswf32.dll ()
MOD - C:\Users\xxx\AppData\Roaming\BabylonToolbar\CR\BUSolution.dll ()
MOD - C:\Programme\Common Files\microsoft shared\OFFICE12\MSPTLS.DLL ()
MOD - C:\Programme\Microsoft Office\Office12\ADDINS\UmOutlookAddin.dll ()
MOD - C:\Programme\Microsoft Office\Office12\ADDINS\ColleagueImport.dll ()
MOD - C:\Windows\System32\BatchCrypto.dll ()
MOD - C:\Windows\System32\ShowErrMsg.dll ()
MOD - C:\Acer\Empowering Technology\ePower\SysHook.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (LiveUpdate Notice Ex) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon File not found
SRV - (CLTNetCnService) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon File not found
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (MBAMService) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (TuneUp.UtilitiesSvc) -- C:\Programme\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe (TuneUp Software)
SRV - (odserv) -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (WAS) -- C:\Windows\System32\inetsrv\iisw3adm.dll (Microsoft Corporation)
SRV - (AppHostSvc) -- C:\Windows\System32\inetsrv\apphostsvc.dll (Microsoft Corporation)
SRV - (Microsoft Office Groove Audit Service) -- C:\Programme\Microsoft Office\Office12\GrooveAuditService.exe (Microsoft Corporation)
SRV - (EvtEng) -- C:\Programme\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
SRV - (RegSrvc) -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
SRV - (LiveUpdate Notice Service) -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (LPDSVC) -- C:\Windows\System32\lpdsvc.dll (Microsoft Corporation)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (WLSetupSvc) -- C:\Programme\Windows Live\installer\WLSetupSvc.exe (Microsoft Corporation)
SRV - (LiveUpdate) -- C:\Programme\Symantec\LiveUpdate\LuComServer_3_2.EXE (Symantec Corporation)
SRV - (Automatisches LiveUpdate - Scheduler) -- C:\Programme\Symantec\LiveUpdate\AluSchedulerSvc.exe (Symantec Corporation)
SRV - (eDataSecurity Service) -- C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe (HiTRSUT)
SRV - (eSettingsService) -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe ()
SRV - (WMIService) -- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe (acer)
SRV - (eNet Service) -- C:\Acer\Empowering Technology\eNet\eNet Service.exe (Acer Inc.)
SRV - (eRecoveryService) -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe (Acer Inc.)
SRV - (eLockService) -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe (Acer Inc.)
SRV - (UPnPService) -- C:\Programme\Common Files\MAGIX Shared\UPnPService\UPnPService.exe (Magix AG)
SRV - (MobilityService) -- C:\Acer\Mobility Center\MobilityService.exe ()
SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (FirebirdServerMAGIXInstance) -- C:\Programme\MAGIX\Common\Database\bin\fbserver.exe (MAGIX®)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (VBoxNetFlt) -- system32\DRIVERS\VBoxNetFlt.sys File not found
DRV - (UIUSys) -- system32\DRIVERS\UIUSYS.SYS File not found
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (blbdrive) -- C:\Windows\system32\drivers\blbdrive.sys File not found
DRV - (AWISp60) -- System32\Drivers\AWISp60.sys File not found
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (TuneUpUtilitiesDrv) -- C:\Programme\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys (TuneUp Software)
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH)
DRV - (VBoxNetAdp) -- C:\Windows\System32\drivers\VBoxNetAdp.sys (Oracle Corporation)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (LVUVC) Logitech QuickCam E3500(UVC) -- C:\Windows\System32\drivers\lvuvc.sys (Logitech Inc.)
DRV - (NETw5v32) Intel(R) -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation)
DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (int15) -- C:\Acer\Empowering Technology\eRecovery\int15.sys ()
DRV - (se44unic) Sony Ericsson Device 068 USB Ethernet Emulation SEMC44 (WDM) -- C:\Windows\System32\drivers\se44unic.sys (MCCI)
DRV - (se44obex) -- C:\Windows\System32\drivers\se44obex.sys (MCCI)
DRV - (se44nd5) Sony Ericsson Device 068 USB Ethernet Emulation SEMC44 (NDIS) -- C:\Windows\System32\drivers\se44nd5.sys (MCCI)
DRV - (se44mgmt) Sony Ericsson Device 068 USB WMC Device Management Drivers (WDM) -- C:\Windows\System32\drivers\se44mgmt.sys (MCCI)
DRV - (se44mdm) -- C:\Windows\System32\drivers\se44mdm.sys (MCCI)
DRV - (se44mdfl) -- C:\Windows\System32\drivers\se44mdfl.sys (MCCI)
DRV - (se44bus) Sony Ericsson Device 068 driver (WDM) -- C:\Windows\System32\drivers\se44bus.sys (MCCI)
DRV - (DritekPortIO) -- C:\Programme\Launch Manager\DPortIO.sys (Dritek System Inc.)
DRV - (bcm4sbxp) -- C:\Windows\System32\drivers\bcm4sbxp.sys (Broadcom Corporation)
DRV - (NETw3v32) Intel(R) -- C:\Windows\System32\drivers\NETw3v32.sys (Intel® Corporation)
DRV - (ESDCR) -- C:\Windows\System32\drivers\ESD7SK.sys (ENE Technology Inc.)
DRV - (ESMCR) -- C:\Windows\System32\drivers\ESM7SK.sys (ENE Technology Inc.)
DRV - (EMSCR) -- C:\Windows\System32\drivers\EMS7SK.sys (ENE Technology Inc.)
DRV - (SMSCIRDA) -- C:\Windows\System32\drivers\smscirda.sys (SMSC)
DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = Kostenlose E-Mail - Free Mail - E-Cards - Arcor das Newsportal
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = Kostenlose E-Mail - Free Mail - E-Cards - Arcor das Newsportal
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = Kostenlose E-Mail - Free Mail - E-Cards - Arcor das Newsportal
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Kostenlose E-Mail - Free Mail - E-Cards - Arcor das Newsportal
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Kostenlose E-Mail - Free Mail - E-Cards - Arcor das Newsportal
IE - HKLM\..\URLSearchHook: {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - C:\Programme\DVDVideoSoftTB_DE\prxtbDVDV.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {26647ca4-a2a7-4eac-8a72-761aa9141de7} - C:\Programme\www.Freeware-download.com\tbwww..dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Programme\Winload\tbWin0.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Programme\Softonic_Deutsch\tbSof0.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {b106b661-3e1b-4015-af5c-195e909f35c6} - C:\Programme\NCH_DE\prxtbNCH_.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=334&systemid=406&sr=0&q={searchTerms}
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2417}: "URL" = hxxp://www.searchqu.com/web?src=ieb&appid=0&systemid=417&sr=0&q={searchTerms}
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2325506
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = C:\Users\xxx\Music\Mammas musikk
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = Upgrade to Google Chrome
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = Acer.com Worldwide - Select your local country or region [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Upgrade to Google Chrome
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SEARCH PAGE = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = Acer.com Worldwide - Select your local country or region [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Babylon Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = Upgrade to Google Chrome
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = Upgrade to Google Chrome
IE - HKCU\..\URLSearchHook: {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - C:\Programme\DVDVideoSoftTB_DE\prxtbDVDV.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {26647ca4-a2a7-4eac-8a72-761aa9141de7} - C:\Programme\www.Freeware-download.com\tbwww..dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Programme\Winload\tbWin0.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found
IE - HKCU\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - No CLSID value found
IE - HKCU\..\URLSearchHook: {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Programme\Softonic_Deutsch\tbSof0.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {b106b661-3e1b-4015-af5c-195e909f35c6} - C:\Programme\NCH_DE\prxtbNCH_.dll (Conduit Ltd.)
IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&affID=113480&tt=010712_6&babsrc=SP_ss&mntrId=a008b45b0000000000000016d4cb915c
IE - HKCU\..\SearchScopes\{31CF9EBE-5755-4a1d-AC25-2834D952D9B4}: "URL" = hxxp://search.pdfcreator-toolbar.org/search?p=Q&ts=ne&w={searchTerms}&csrc=search-field
IE - HKCU\..\SearchScopes\{41427F18-E891-4297-BD8C-4BB0E8EAF99F}: "URL" = hxxp://resultsmaster.com/SmartOffers/SmartOffers.aspx?HBHintSVC=resultsmaster&HBHintSearchTermFields=qu&qu={searchTerms}&opener=iesearchbox
IE - HKCU\..\SearchScopes\{4E317010-F0AE-4905-BAE1-02F3402FA6DE}: "URL" = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rlz=1I7GGLL_de&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKCU\..\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}: "URL" = hxxp://127.0.0.1:4664/search&s=uuH9Yv5TERdTI-aou6w9nDZZ-FA?q={searchTerms}
IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=334&systemid=406&sr=0&q={searchTerms}
IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2417}: "URL" = hxxp://www.searchqu.com/web?src=ieb&appid=0&systemid=417&sr=0&q={searchTerms}
IE - HKCU\..\SearchScopes\{BE9654C9-9D79-42ec-B55A-3CAEB12DBF58}: "URL" = hxxp://www.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKCU\..\SearchScopes\{E8E72B61-195D-4E48-808D-91814217DD05}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..browser.search.defaultthis.engineName: "DVDVideoSoftTB Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://search.babylon.com/?affID=113480&tt=010712_6&babsrc=HP_ss_cr&mntrId=a008b45b0000000000000016d4cb915c"
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.2.5.2
FF - prefs.js..extensions.enabledItems: dplauncher@digitalpublishing.de:1.1
FF - prefs.js..extensions.enabledItems: support@pdfcreator-toolbar.org:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {b106b661-3e1b-4015-af5c-195e909f35c6}:3.6.0.10
FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:3.8.1.0
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.7
FF - prefs.js..extensions.enabledItems: ffxtlbr@babylon.com:1.2.0
FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=2&q="
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@digitalpublishing.de/dpLaunch: C:\Program Files\digital publishing\LAUNCHER_12_999999\nplaunch.dll (digital publishing AG)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=13: C:\Program Files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll (Google)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@virtools.com/3DviaPlayer: C:\Program Files\Virtools\3D Life Player\npvirtools.dll (Dassault Systèmes)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\xxx\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\xxx\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\webbooster@iminent.com: C:\Program Files\Iminent\webbooster@iminent.com
 
[2012.07.14 16:03:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\xxx\AppData\Roaming\mozilla\Extensions
[2012.07.14 18:04:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\xxx\AppData\Roaming\mozilla\Firefox\Profiles\3tyu23py.default\extensions
[2010.05.18 22:26:58 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\xxx\AppData\Roaming\mozilla\Firefox\Profiles\3tyu23py.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012.07.09 17:27:33 | 000,000,000 | ---D | M] (Freeware Download - Free Software Downloads Community Toolbar) -- C:\Users\xxx\AppData\Roaming\mozilla\Firefox\Profiles\3tyu23py.default\extensions\{26647ca4-a2a7-4eac-8a72-761aa9141de7}
[2009.04.01 09:29:36 | 000,000,000 | ---D | M] ("Neopets Toolbar") -- C:\Users\xxx\AppData\Roaming\mozilla\Firefox\Profiles\3tyu23py.default\extensions\{2cb97724-d789-4f43-8888-a763cbb8df6f}
[2012.06.12 19:10:18 | 000,000,000 | ---D | M] (Winload Community Toolbar) -- C:\Users\xxx\AppData\Roaming\mozilla\Firefox\Profiles\3tyu23py.default\extensions\{40c3cc16-7269-4b32-9531-17f2950fb06f}
[2012.07.15 18:37:35 | 000,000,000 | ---D | M] (DVDVideoSoftTB Community Toolbar) -- C:\Users\xxx\AppData\Roaming\mozilla\Firefox\Profiles\3tyu23py.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2009.10.24 10:23:36 | 000,000,000 | ---D | M] (Softonic Deutsch Toolbar) -- C:\Users\xxx\AppData\Roaming\mozilla\Firefox\Profiles\3tyu23py.default\extensions\{8dbb6d8e-e4a6-4e3b-9753-af78b226441c}
[2012.04.15 13:50:07 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\xxx\AppData\Roaming\mozilla\Firefox\Profiles\3tyu23py.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.05.30 17:28:16 | 000,000,000 | ---D | M] (NCH DE Community Toolbar) -- C:\Users\xxx\AppData\Roaming\mozilla\Firefox\Profiles\3tyu23py.default\extensions\{b106b661-3e1b-4015-af5c-195e909f35c6}
[2012.06.16 08:59:46 | 000,000,000 | ---D | M] (IMinent Toolbar) -- C:\Users\xxx\AppData\Roaming\mozilla\Firefox\Profiles\3tyu23py.default\extensions\{C9B68337-E93A-44EA-94DC-CB300EC06444}
[2011.02.12 17:46:32 | 000,000,000 | ---D | M] (dp Launcher Plugin) -- C:\Users\xxx\AppData\Roaming\mozilla\Firefox\Profiles\3tyu23py.default\extensions\dplauncher@digitalpublishing.de
[2011.01.22 20:21:49 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\xxx\AppData\Roaming\mozilla\Firefox\Profiles\3tyu23py.default\extensions\engine@conduit.com
[2011.12.19 17:42:41 | 000,000,000 | ---D | M] (Babylon) -- C:\Users\xxx\AppData\Roaming\mozilla\Firefox\Profiles\3tyu23py.default\extensions\ffxtlbr@babylon.com
[2009.08.26 08:53:54 | 000,000,000 | ---D | M] (Neopets Toolbar Add-on) -- C:\Users\xxx\AppData\Roaming\mozilla\Firefox\Profiles\3tyu23py.default\extensions\ntaddon@swordfire.net
[2012.07.04 17:03:48 | 000,000,000 | ---D | M] ("SearchGBY") -- C:\Users\xxx\AppData\Roaming\mozilla\Firefox\Profiles\3tyu23py.default\extensions\plugin@searchgby.com
[2012.06.16 13:24:39 | 000,000,000 | ---D | M] (loadtbs) -- C:\Users\xxx\AppData\Roaming\mozilla\Firefox\Profiles\3tyu23py.default\extensions\software@loadtubes.com
[2011.12.02 01:12:34 | 000,000,931 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\3tyu23py.default\searchplugins\conduit.xml
[2012.07.14 13:10:07 | 000,000,950 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\3tyu23py.default\searchplugins\icqplugin-1.xml
[2008.07.02 23:40:32 | 000,000,950 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\3tyu23py.default\searchplugins\icqplugin-10.xml
[2008.07.16 20:08:10 | 000,000,950 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\3tyu23py.default\searchplugins\icqplugin-11.xml
[2008.10.24 14:08:58 | 000,000,950 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\3tyu23py.default\searchplugins\icqplugin-12.xml
[2008.11.15 00:19:31 | 000,000,950 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\3tyu23py.default\searchplugins\icqplugin-13.xml
[2008.12.20 00:38:12 | 000,000,950 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\3tyu23py.default\searchplugins\icqplugin-14.xml
[2009.02.06 23:27:51 | 000,000,950 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\3tyu23py.default\searchplugins\icqplugin-15.xml
[2009.03.09 07:42:22 | 000,000,950 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\3tyu23py.default\searchplugins\icqplugin-16.xml
[2009.03.28 09:59:43 | 000,000,950 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\3tyu23py.default\searchplugins\icqplugin-17.xml
[2009.04.24 13:43:05 | 000,000,950 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\3tyu23py.default\searchplugins\icqplugin-18.xml
[2009.05.01 08:00:47 | 000,000,950 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\3tyu23py.default\searchplugins\icqplugin-19.xml
[2007.10.20 17:07:55 | 000,000,949 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\3tyu23py.default\searchplugins\icqplugin-2.xml
[2009.06.12 19:28:58 | 000,000,950 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\3tyu23py.default\searchplugins\icqplugin-20.xml
[2009.07.23 09:45:07 | 000,000,950 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\3tyu23py.default\searchplugins\icqplugin-21.xml
[2009.08.05 13:51:18 | 000,000,950 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\3tyu23py.default\searchplugins\icqplugin-22.xml
[2009.09.11 06:44:54 | 000,000,950 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\3tyu23py.default\searchplugins\icqplugin-23.xml
[2009.10.30 23:25:26 | 000,000,950 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\3tyu23py.default\searchplugins\icqplugin-24.xml
[2009.12.12 21:20:19 | 000,000,950 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\3tyu23py.default\searchplugins\icqplugin-25.xml
[2009.12.20 09:54:07 | 000,000,950 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\3tyu23py.default\searchplugins\icqplugin-26.xml
[2010.01.06 23:01:57 | 000,000,950 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\3tyu23py.default\searchplugins\icqplugin-27.xml
[2010.02.28 08:07:23 | 000,000,950 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\3tyu23py.default\searchplugins\icqplugin-28.xml
[2010.04.21 15:27:47 | 000,000,950 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\3tyu23py.default\searchplugins\icqplugin-29.xml
[2007.11.03 14:17:42 | 000,000,949 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\3tyu23py.default\searchplugins\icqplugin-3.xml
[2011.01.21 18:09:17 | 000,000,950 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\3tyu23py.default\searchplugins\icqplugin-30.xml
[2011.02.17 21:48:35 | 000,000,950 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\3tyu23py.default\searchplugins\icqplugin-31.xml
[2007.11.28 10:41:54 | 000,000,949 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\3tyu23py.default\searchplugins\icqplugin-4.xml
[2007.12.08 18:57:42 | 000,000,949 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\3tyu23py.default\searchplugins\icqplugin-5.xml
[2008.02.11 12:26:46 | 000,000,949 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\3tyu23py.default\searchplugins\icqplugin-6.xml
[2008.03.26 22:34:04 | 000,000,949 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\3tyu23py.default\searchplugins\icqplugin-7.xml
[2008.04.17 13:16:11 | 000,000,949 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\3tyu23py.default\searchplugins\icqplugin-8.xml
[2008.06.19 07:16:35 | 000,000,950 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\3tyu23py.default\searchplugins\icqplugin-9.xml
[2007.09.15 17:50:14 | 000,000,949 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\3tyu23py.default\searchplugins\icqplugin.xml
[2008.12.05 08:05:10 | 000,005,711 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\3tyu23py.default\searchplugins\search-the-web.xml
[2012.07.02 22:13:47 | 000,002,519 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\3tyu23py.default\searchplugins\Search_Results.xml
[2012.04.24 15:13:45 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012.06.16 13:24:35 | 000,378,880 | ---- | M] (InfiniAd GmbH) -- C:\Program Files\mozilla firefox\plugins\npmieze.dll
[2012.07.06 17:41:28 | 000,002,351 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2011.12.30 14:27:06 | 000,002,520 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\SearchResults.xml
[2012.07.02 22:13:47 | 000,002,519 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Search_Results.xml
 
========== Chrome  ==========
 
CHR - homepage: 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: 
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\xxx\AppData\Local\Google\Chrome\Application\20.0.1132.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\xxx\AppData\Local\Google\Chrome\Application\20.0.1132.57\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\xxx\AppData\Local\Google\Chrome\Application\20.0.1132.57\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Babylon ToolBar (Enabled) = C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.7_0\BabylonChromeToolBar.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Acrobat 7.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np32dsw.dll
CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdivx32.dll
CHR - plugin: LoadTubes Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npmieze.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Updater (Enabled) = C:\Program Files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: 3DVIA player (Enabled) = C:\Program Files\Virtools\3D Life Player\npvirtools.dll
CHR - plugin: dp Launcher Plugin (Enabled) = C:\Program Files\digital publishing\LAUNCHER_12_999999\nplaunch.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: DVDVideoSoftTB DE = C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhphemoobgnikcoofkgackkaimpfmenm\2.3.15.10_0\
CHR - Extension: YouTube = C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google-Suche = C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Babylon Toolbar = C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.7_0\
CHR - Extension: SearchGBY = C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmijdhkcgeclpfjmibnginbbkfcbpep\0.9.55_0\
CHR - Extension: Google Mail = C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (DVDVideoSoftTB DE Toolbar) - {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - C:\Programme\DVDVideoSoftTB_DE\prxtbDVDV.dll (Conduit Ltd.)
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Freeware Download - Free Software Downloads Toolbar) - {26647ca4-a2a7-4eac-8a72-761aa9141de7} - C:\Programme\www.Freeware-download.com\tbwww..dll (Conduit Ltd.)
O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Programme\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll (Babylon BHO)
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (Winload Toolbar) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Programme\Winload\tbWin0.dll (Conduit Ltd.)
O2 - BHO: (TBSB01620 Class) - {58124A0B-DC32-4180-9BFF-E0E21AE34026} - C:\Programme\IMinent Toolbar\tbcore3.dll ()
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Softonic Deutsch Toolbar) - {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Programme\Softonic_Deutsch\tbSof0.dll (Conduit Ltd.)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (NCH DE Toolbar) - {b106b661-3e1b-4015-af5c-195e909f35c6} - C:\Programme\NCH_DE\prxtbNCH_.dll (Conduit Ltd.)
O2 - BHO: (Windows Live Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (no name) - !{26647ca4-a2a7-4eac-8a72-761aa9141de7} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - !{977AE9CC-AF83-45E8-9E03-E2798216E2D5} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - !{98889811-442D-49dd-99D7-DC866BE87DBC} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - !{DFEFCDEE-CF1A-4FC8-88AD-129872198372} - No CLSID value found.
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB DE Toolbar) - {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - C:\Programme\DVDVideoSoftTB_DE\prxtbDVDV.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Winload Toolbar) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Programme\Winload\tbWin0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)
O3 - HKLM\..\Toolbar: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Softonic Deutsch Toolbar) - {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Programme\Softonic_Deutsch\tbSof0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - {99079a25-328f-4bd4-be04-00955acaa0a7} - No CLSID value found.
O3 - HKLM\..\Toolbar: (NCH DE Toolbar) - {b106b661-3e1b-4015-af5c-195e909f35c6} - C:\Programme\NCH_DE\prxtbNCH_.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)
O3 - HKCU\..\Toolbar\WebBrowser: (NCH DE Toolbar) - {B106B661-3E1B-4015-AF5C-195E909F35C6} - C:\Programme\NCH_DE\prxtbNCH_.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Symantec PIF AlertEng] C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - Startup: C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote Inhaltsverzeichnis.onetoc2 ()
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O8 - Extra context menu item: &Windows Live Search - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O8 - Extra context menu item: Add to Windows &Live Favorites - hxxp://favorites.live.com/quickadd.aspx File not found
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\xxx\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe File not found
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {85C86CCC-2158-4123-9C7D-785190CED875} https://lernboerse.arbeitsagentur.de/exklusiv/ilias/data/balihob/lm_data/httppath/dpLaunchPlugin.cab (dp Launcher Plugin)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 10.5.0)
O16 - DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 1.7.0_05)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 1.7.0_05)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6DDEF664-F3C4-4C3F-9B36-77858D38808D}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {FF151822-B0BF-11D1-A80D-000000000000} - C:\Programme\Common Files\System\Ole DB\oledb32.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL) - C:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - AppInit_DLLs: (eNetHook.dll) - C:\Windows\System32\eNetHook.dll (acer)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: D:\Pictures\Pictures\lisa+awaz.jpg
O24 - Desktop BackupWallPaper: D:\Pictures\Pictures\lisa+awaz.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{0ab19f07-cf88-11db-a713-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{0ab19f07-cf88-11db-a713-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Autorun.exe
O33 - MountPoints2\{11fe8d57-b4b0-11e1-b136-0016d4cb915c}\Shell - "" = AutoRun
O33 - MountPoints2\{11fe8d57-b4b0-11e1-b136-0016d4cb915c}\Shell\AutoRun\command - "" = G:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{11fe8d6b-b4b0-11e1-b136-0016d4cb915c}\Shell - "" = AutoRun
O33 - MountPoints2\{11fe8d6b-b4b0-11e1-b136-0016d4cb915c}\Shell\AutoRun\command - "" = G:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{36f887db-b4a8-11e1-98c4-0016d4cb915c}\Shell - "" = AutoRun
O33 - MountPoints2\{36f887db-b4a8-11e1-98c4-0016d4cb915c}\Shell\AutoRun\command - "" = G:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{36f887f6-b4a8-11e1-98c4-0016d4cb915c}\Shell - "" = AutoRun
O33 - MountPoints2\{36f887f6-b4a8-11e1-98c4-0016d4cb915c}\Shell\AutoRun\command - "" = H:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{402206e5-4de5-11de-89ca-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{402206e5-4de5-11de-89ca-806e6f6e6963}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{4022078b-4de5-11de-89ca-0016d4cb915c}\Shell - "" = AutoRun
O33 - MountPoints2\{4022078b-4de5-11de-89ca-0016d4cb915c}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{40220797-4de5-11de-89ca-0016d4cb915c}\Shell - "" = AutoRun
O33 - MountPoints2\{40220797-4de5-11de-89ca-0016d4cb915c}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{40220799-4de5-11de-89ca-0016d4cb915c}\Shell - "" = AutoRun
O33 - MountPoints2\{40220799-4de5-11de-89ca-0016d4cb915c}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{5e092b33-586b-11df-a8bc-0016d4cb915c}\Shell - "" = AutoRun
O33 - MountPoints2\{5e092b33-586b-11df-a8bc-0016d4cb915c}\Shell\AutoRun\command - "" = G:\setup_vmc_lite.exe /checkApplicationPresence
O34 - HKLM BootExecute: (autocheck autochk /r \??\H:)
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {166B1BCA-3F9C-11CF-8075-444553540000} - Macromedia Shockwave Director 9.0
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 10.2
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Macromedia Shockwave Director 9.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Macromedia Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
MsConfig - StartUpReg: 捁牥吠畯⁲敒業摮牥 - hkey= - key= -  File not found
MsConfig - State: "startup" - 2
 
CREATERESTOREPOINT
System Restore Service not available.
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.07.18 14:21:03 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\Malwarebytes
[2012.07.18 14:20:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.07.18 14:20:48 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.07.18 14:20:47 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.07.17 17:24:43 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\xxx\Desktop\OTL.exe
[2012.07.17 13:09:31 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012.07.17 13:08:50 | 000,772,592 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll
[2012.07.17 13:08:50 | 000,227,824 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2012.07.17 13:08:24 | 000,174,064 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2012.07.17 13:08:24 | 000,174,064 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2012.07.16 17:49:21 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\NCH Software
[2012.07.16 17:49:21 | 000,000,000 | ---D | C] -- C:\ProgramData\NCH Software
[2012.07.15 18:37:28 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\CRE
[2012.07.15 18:37:18 | 000,000,000 | ---D | C] -- C:\Program Files\DVDVideoSoftTB_DE
[2012.07.15 18:37:05 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.07.15 18:36:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
[2012.07.15 18:36:55 | 000,405,144 | ---- | C] (Newtonsoft) -- C:\Windows\System32\Newtonsoft.Json.Net20.dll
[2012.07.15 18:36:45 | 000,000,000 | ---D | C] -- C:\Program Files\DVDVideoSoft
[2012.07.15 18:36:45 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DVDVideoSoft
[2012.07.15 18:32:26 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\Digiarty
[2012.07.15 18:31:47 | 000,000,000 | ---D | C] -- C:\Program Files\Digiarty
[2012.07.15 18:15:20 | 000,000,000 | ---D | C] -- C:\Program Files\K-Lite Codec Pack
[2012.07.15 18:15:15 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\Abelssoft
[2012.07.14 18:39:23 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2012.07.14 18:37:50 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2012.07.14 18:35:23 | 000,739,856 | ---- | C] (Google Inc.) -- C:\Users\xxx\chrome_installer200113247.exe
[2012.07.14 16:17:27 | 000,154,416 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\drivers\VBoxDrv.sys
[2012.07.14 16:17:01 | 000,033,072 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\drivers\VBoxUSBMon.sys
[2012.07.14 14:10:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.07.14 12:25:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Sirrix AG
[2012.07.14 12:25:09 | 000,000,000 | ---D | C] -- C:\Program Files\Sirrix AG
[2012.07.14 11:57:20 | 000,000,000 | ---D | C] -- C:\Program Files\Oracle
[2012.07.14 10:21:15 | 000,000,000 | ---D | C] -- C:\Program Files\HitmanPro
[2012.07.14 10:20:28 | 007,718,272 | ---- | C] (SurfRight B.V.) -- C:\Users\xxx\HitmanPro36.exe
[2012.07.14 07:36:43 | 000,000,000 | ---D | C] -- C:\Users\xxx\gegen Trojaner
[2012.07.13 20:43:24 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\Qoiwc
[2012.07.13 20:43:24 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\Akafu
[2012.07.11 17:58:53 | 002,047,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012.07.11 17:51:24 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012.07.11 17:51:22 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012.07.11 17:51:22 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012.07.11 17:51:21 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012.07.11 17:51:20 | 001,800,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012.07.11 17:51:20 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012.07.11 17:51:19 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012.07.11 17:47:16 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll
[2012.07.10 15:47:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2012.07.09 21:59:49 | 000,031,584 | ---- | C] (TuneUp Software) -- C:\Windows\System32\TURegOpt.exe
[2012.07.09 21:59:49 | 000,021,344 | ---- | C] (TuneUp Software) -- C:\Windows\System32\authuitu.dll
[2012.07.09 21:59:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2012
[2012.07.09 21:59:06 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\TuneUp Software
[2012.07.09 21:58:45 | 000,000,000 | ---D | C] -- C:\Program Files\TuneUp Utilities 2012
[2012.07.09 21:50:39 | 000,000,000 | -HSD | C] -- C:\ProgramData\{32364CEA-7855-4A3C-B674-53D8E9B97936}
[2012.07.09 21:50:39 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2012.07.09 21:48:48 | 037,771,696 | ---- | C] (TuneUp Software) -- C:\Users\xxx\TuneUpUtilities2012_de-DE.exe
[2012.07.06 17:41:47 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\BabylonToolbar
[2012.07.06 17:41:37 | 000,000,000 | ---D | C] -- C:\Program Files\BabylonToolbar
[2012.07.06 17:41:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon
[2012.07.03 21:03:00 | 000,000,000 | ---D | C] -- C:\Program Files\SearchGBY
[2012.07.03 21:02:33 | 000,000,000 | ---D | C] -- C:\Program Files\KB Piano 2
[2012.07.02 22:15:32 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\Ilivid Player
[2012.06.21 19:23:47 | 002,422,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll
[2012.06.21 19:23:47 | 000,045,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll
[2012.06.21 19:23:00 | 000,577,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll
[2012.06.21 19:23:00 | 000,088,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll
[2012.06.21 19:23:00 | 000,035,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups.dll
[2012.06.21 19:22:44 | 000,171,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll
[2012.06.21 19:22:44 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe
[2012.06.17 18:30:40 | 004,441,861 | ---- | C] ((c) 2006-2011, Tom Thielicke IT Solutions                   ) -- C:\Users\xxx\tipp10_win_v2-1-0.exe
[2012.04.04 15:55:01 | 006,951,776 | ---- | C] (digital publishing AG) -- C:\Users\xxx\dpLaunchSet.exe
[2007.08.21 08:07:16 | 000,010,752 | ---- | C] (Arcor Online GmbH) -- C:\Users\xxx\AppData\Local\cmdial32.dll
[6 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[4 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.07.19 18:55:52 | 000,002,735 | ---- | M] () -- C:\Users\xxx\Desktop\Microsoft Office Outlook 2007.lnk
[2012.07.19 18:50:09 | 000,013,072 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\nvModes.001
[2012.07.19 18:49:10 | 000,302,592 | ---- | M] () -- C:\Users\xxx\Desktop\d360pqyn.exe
[2012.07.19 18:47:01 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2661263122-194117992-2275258509-1000UA.job
[2012.07.19 18:37:15 | 000,002,052 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012.07.19 18:20:19 | 000,677,816 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.07.19 18:20:19 | 000,637,900 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.07.19 18:20:19 | 000,121,064 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.07.19 18:20:18 | 000,146,856 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.07.19 18:13:57 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.07.19 18:13:57 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.07.19 18:13:38 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.07.19 16:16:46 | 000,013,072 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\nvModes.dat
[2012.07.18 18:27:33 | 000,046,592 | ---- | M] () -- C:\Users\xxx\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.07.18 14:22:23 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.07.17 20:27:49 | 000,000,000 | ---- | M] () -- C:\Users\xxx\defogger_reenable
[2012.07.17 20:25:03 | 000,050,477 | ---- | M] () -- C:\Users\xxx\Desktop\Defogger.exe
[2012.07.17 17:24:44 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\xxx\Desktop\OTL.exe
[2012.07.17 13:07:55 | 000,227,824 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2012.07.17 13:07:55 | 000,174,064 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2012.07.17 13:07:55 | 000,174,064 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2012.07.17 13:07:53 | 000,772,592 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll
[2012.07.17 13:07:52 | 000,687,600 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll
[2012.07.17 08:46:00 | 000,001,072 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2661263122-194117992-2275258509-1000Core.job
[2012.07.15 18:37:35 | 000,000,009 | ---- | M] () -- C:\END
[2012.07.15 18:36:57 | 000,001,195 | ---- | M] () -- C:\Users\xxx\Desktop\Free YouTube to MP3 Converter.lnk
[2012.07.15 15:50:44 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.07.15 15:50:44 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.07.14 18:37:50 | 000,002,065 | ---- | M] () -- C:\Users\xxx\Desktop\Google Chrome.lnk
[2012.07.14 18:35:23 | 000,739,856 | ---- | M] (Google Inc.) -- C:\Users\xxx\chrome_installer200113247.exe
[2012.07.14 10:37:38 | 000,002,522 | ---- | M] () -- C:\Windows\System32\.crusader
[2012.07.14 10:20:36 | 007,718,272 | ---- | M] (SurfRight B.V.) -- C:\Users\xxx\HitmanPro36.exe
[2012.07.13 17:22:09 | 000,002,633 | ---- | M] () -- C:\Users\xxx\Desktop\Microsoft Office Excel 2007.lnk
[2012.07.11 18:30:01 | 000,004,135 | ---- | M] () -- C:\WirelessDiagLog.csv
[2012.07.11 18:08:11 | 000,425,264 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.07.10 16:08:24 | 000,137,928 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2012.07.10 16:08:24 | 000,083,392 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2012.07.09 21:59:43 | 000,001,873 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp 1-Klick-Wartung.lnk
[2012.07.09 21:49:42 | 037,771,696 | ---- | M] (TuneUp Software) -- C:\Users\xxx\TuneUpUtilities2012_de-DE.exe
[2012.07.09 18:05:51 | 004,503,728 | ---- | M] () -- C:\ProgramData\go_0molg.pad
[2012.07.08 12:56:05 | 004,503,728 | ---- | M] () -- C:\ProgramData\0tbpw.pad
[2012.07.06 17:41:39 | 000,000,725 | ---- | M] () -- C:\user.js
[2012.07.05 18:10:57 | 070,101,919 | ---- | M] () -- C:\Users\xxx\Englisch für Anfänger.wma
[2012.07.05 18:09:06 | 216,268,903 | ---- | M] () -- C:\Users\xxx\Sprachkurs Englisch.wma
[2012.07.05 15:22:30 | 000,043,410 | ---- | M] () -- C:\Users\xxx\tickets2.pdf
[2012.07.05 15:22:15 | 000,043,453 | ---- | M] () -- C:\Users\xxx\tickets.pdf
[2012.07.03 21:02:46 | 000,030,520 | ---- | M] () -- C:\Windows\System32\midiwrap3405.deu
[2012.07.03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.06.29 17:01:54 | 000,544,356 | ---- | M] () -- C:\Users\xxx\Englisch lernen mit The Grooves_ Business World.pdf
[2012.06.29 17:00:12 | 061,108,057 | ---- | M] () -- C:\Users\xxx\Englisch lernen mit The Grooves_ Business World.wma
[2012.06.27 21:44:49 | 000,013,615 | ---- | M] () -- C:\Users\xxx\bildungspaket-mehrtaegige-ausfluege-klassenfahrten-anlage.pdf
[2012.06.26 17:28:07 | 000,218,587 | ---- | M] () -- C:\Users\xxx\AntragTeilhabe_03_2012.pdf
[2012.06.25 21:33:53 | 153,919,040 | ---- | M] () -- C:\Users\xxx\Abenteuer Gedächtnis(1).wma
[2012.06.22 16:32:30 | 000,405,144 | ---- | M] (Newtonsoft) -- C:\Windows\System32\Newtonsoft.Json.Net20.dll
[6 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[4 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.07.19 18:49:08 | 000,302,592 | ---- | C] () -- C:\Users\xxx\Desktop\d360pqyn.exe
[2012.07.19 18:37:15 | 000,002,052 | ---- | C] () -- C:\Windows\epplauncher.mif
[2012.07.18 14:20:50 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.07.17 20:27:49 | 000,000,000 | ---- | C] () -- C:\Users\xxx\defogger_reenable
[2012.07.17 20:25:03 | 000,050,477 | ---- | C] () -- C:\Users\xxx\Desktop\Defogger.exe
[2012.07.15 18:37:35 | 000,000,009 | ---- | C] () -- C:\END
[2012.07.15 18:36:57 | 000,001,195 | ---- | C] () -- C:\Users\xxx\Desktop\Free YouTube to MP3 Converter.lnk
[2012.07.14 18:37:50 | 000,002,065 | ---- | C] () -- C:\Users\xxx\Desktop\Google Chrome.lnk
[2012.07.14 18:36:36 | 000,001,124 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2661263122-194117992-2275258509-1000UA.job
[2012.07.14 18:36:34 | 000,001,072 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2661263122-194117992-2275258509-1000Core.job
[2012.07.14 10:37:38 | 000,002,522 | ---- | C] () -- C:\Windows\System32\.crusader
[2012.07.09 21:59:43 | 000,001,881 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2012.lnk
[2012.07.09 21:59:43 | 000,001,873 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp 1-Klick-Wartung.lnk
[2012.07.08 12:46:33 | 004,503,728 | ---- | C] () -- C:\ProgramData\go_0molg.pad
[2012.07.08 12:46:32 | 004,503,728 | ---- | C] () -- C:\ProgramData\0tbpw.pad
[2012.07.05 18:09:23 | 070,101,919 | ---- | C] () -- C:\Users\xxx\Englisch für Anfänger.wma
[2012.07.05 18:04:04 | 216,268,903 | ---- | C] () -- C:\Users\xxx\Sprachkurs Englisch.wma
[2012.07.05 15:22:29 | 000,043,410 | ---- | C] () -- C:\Users\xxx\tickets2.pdf
[2012.07.05 15:22:14 | 000,043,453 | ---- | C] () -- C:\Users\xxx\tickets.pdf
[2012.07.03 21:02:46 | 000,030,520 | ---- | C] () -- C:\Windows\System32\midiwrap3405.deu
[2012.06.29 17:01:53 | 000,544,356 | ---- | C] () -- C:\Users\xxx\Englisch lernen mit The Grooves_ Business World.pdf
[2012.06.29 16:58:56 | 061,108,057 | ---- | C] () -- C:\Users\xxx\Englisch lernen mit The Grooves_ Business World.wma
[2012.06.27 21:44:49 | 000,013,615 | ---- | C] () -- C:\Users\xxx\bildungspaket-mehrtaegige-ausfluege-klassenfahrten-anlage.pdf
[2012.06.26 17:28:05 | 000,218,587 | ---- | C] () -- C:\Users\xxx\AntragTeilhabe_03_2012.pdf
[2012.06.25 21:30:17 | 153,919,040 | ---- | C] () -- C:\Users\xxx\Abenteuer Gedächtnis(1).wma
[2012.06.17 17:00:42 | 000,005,871 | ---- | C] () -- C:\Users\xxx\AppData\Local\recently-used.xbel
[2012.06.16 15:41:37 | 000,068,608 | ---- | C] () -- C:\Users\xxx\Hat die Praktikantin.pub
[2012.05.29 19:26:50 | 008,219,648 | ---- | C] () -- C:\Users\xxx\Meine Broschüre.pub
[2012.05.19 16:47:59 | 000,000,082 | ---- | C] () -- C:\Windows\odbc_merge.INI
[2012.05.07 18:51:22 | 173,966,408 | ---- | C] () -- C:\Users\xxx\Rossmann-Fotosoftware-Setup.exe
[2012.04.23 21:06:28 | 000,086,016 | ---- | C] () -- C:\Windows\System32\custmon32i.dll
[2012.03.21 16:38:37 | 000,000,064 | ---- | C] () -- C:\Windows\GPlrLanc.dat
[2011.12.23 19:14:03 | 000,084,405 | ---- | C] () -- C:\Users\xxx\Leseprobe Klugscheißer für Fake.pdf
[2011.12.23 16:55:13 | 000,133,564 | ---- | C] () -- C:\Users\xxx\Leseprobe für Fake.pdf
[2011.07.07 08:55:26 | 001,812,597 | ---- | C] () -- C:\Users\xxx\Monitorkalibrierung.zip
[2011.06.30 14:06:46 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011.06.25 22:32:22 | 002,948,218 | ---- | C] () -- C:\Users\xxx\Leseprobe.pdf
[2011.06.03 14:20:31 | 000,184,192 | ---- | C] () -- C:\Users\xxx\BuT.pdf
[2011.06.02 10:49:31 | 034,104,383 | ---- | C] () -- C:\Users\xxx\Kopie von context (5).pdf
[2011.04.23 12:03:47 | 000,008,468 | ---- | C] () -- C:\Users\xxx\bildungspaket.pdf
[2011.02.26 21:53:39 | 000,004,096 | -H-- | C] () -- C:\Users\xxx\AppData\Local\keyfile3.drm
[2010.03.07 16:40:47 | 000,014,519 | ---- | C] () -- C:\ProgramData\LUUnInstall.LiveUpdate
[2008.03.11 07:41:26 | 000,000,680 | ---- | C] () -- C:\Users\xxx\AppData\Local\d3d9caps.dat
[2007.06.20 18:05:35 | 000,008,438 | ---- | C] () -- C:\Users\xxx\AppData\Roaming\mdb.bin
[2007.06.12 20:20:30 | 000,013,072 | ---- | C] () -- C:\Users\xxx\AppData\Roaming\nvModes.001
[2007.06.12 18:29:04 | 000,046,592 | ---- | C] () -- C:\Users\xxx\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007.06.12 18:18:50 | 000,013,072 | ---- | C] () -- C:\Users\xxx\AppData\Roaming\nvModes.dat
 
========== LOP Check ==========
 
[2012.07.13 20:43:24 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Akafu
[2009.10.24 10:02:04 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Artweaver
[2011.12.19 17:42:29 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Babylon
[2012.07.06 17:41:47 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\BabylonToolbar
[2010.03.23 21:08:24 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Canon
[2009.11.15 17:11:40 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\CasualForge
[2010.02.16 14:43:39 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\cerasus.media
[2012.07.15 18:32:26 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Digiarty
[2011.02.12 17:49:28 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\digital publishing
[2012.07.15 18:38:10 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\DVDVideoSoft
[2012.07.15 18:37:05 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.04.10 15:59:23 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\FreeScreenToVideo
[2012.04.21 16:28:26 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\GetRightToGo
[2012.06.14 19:01:34 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\gtk-2.0
[2007.09.15 14:59:56 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\ICQ
[2008.03.10 20:21:22 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\ICQ Toolbar
[2008.12.25 19:33:44 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Leadertech
[2012.05.04 20:06:30 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Lexware
[2012.06.16 13:24:40 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\loadtbs
[2007.12.24 20:16:16 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\MAGIX
[2010.11.14 18:43:27 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Merscom
[2011.08.25 11:17:13 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\NCH Swift Sound
[2009.04.01 09:29:44 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Neopets Toolbar
[2011.06.09 22:18:56 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\OpenOffice.org
[2008.03.02 15:07:55 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\PC-FAX TX
[2009.08.08 20:06:38 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Peace Craft
[2011.02.22 22:14:21 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\PeerNetworking
[2012.07.14 10:11:54 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Qoiwc
[2007.06.20 20:06:34 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\ScanSoft
[2008.12.31 17:36:54 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Spandex Force
[2012.06.01 20:53:44 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\TimePunch
[2012.07.09 21:59:06 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\TuneUp Software
[2012.06.12 18:10:00 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Vodafone
[2008.10.19 19:28:10 | 000,000,256 | ---- | M] () -- C:\Windows\Tasks\Auf Updates für Windows Live Toolbar prüfen.job
[2012.07.19 16:48:57 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*. >
[2012.07.18 13:38:19 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN
[2007.06.12 16:56:11 | 000,000,000 | ---D | M] -- C:\Acer
[2007.01.19 20:02:16 | 000,000,000 | ---D | M] -- C:\Book
[2009.09.20 20:51:22 | 000,000,000 | -HSD | M] -- C:\Boot
[2006.11.02 15:02:03 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2007.06.12 16:49:58 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2007.01.19 20:02:16 | 000,000,000 | ---D | M] -- C:\DRV
[2012.04.27 18:46:10 | 000,000,000 | ---D | M] -- C:\F0
[2010.06.06 21:50:07 | 000,000,000 | ---D | M] -- C:\inetpub
[2012.04.28 12:40:03 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2012.07.12 22:01:49 | 000,000,000 | ---D | M] -- C:\Multimedia Files
[2012.05.02 19:55:51 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2012.07.18 14:20:47 | 000,000,000 | R--D | M] -- C:\Program Files
[2012.04.23 21:06:25 | 000,000,000 | ---D | M] -- C:\Program1
[2012.07.18 13:59:07 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2007.06.12 16:49:58 | 000,000,000 | -HSD | M] -- C:\Programme
[2012.07.09 21:58:26 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2007.06.14 22:04:44 | 000,000,000 | ---D | M] -- C:\temp
[2007.06.12 16:53:35 | 000,000,000 | R--D | M] -- C:\Users
[2012.07.19 18:37:15 | 000,000,000 | ---D | M] -- C:\Windows
[2009.11.15 21:27:48 | 000,000,000 | ---D | M] -- C:\~QTWTMP.TMP
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
< MD5 for: AGP440.SYS  >
[2008.01.19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008.01.19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008.01.19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008.01.19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\drivers\AGP440.sys
[2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008.01.19 09:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008.01.19 09:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006.11.02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2008.02.14 10:15:15 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys
[2008.02.14 10:15:15 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys
[2008.02.14 10:15:14 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
 
< MD5 for: ENETHOOK.DLL  >
[2006.12.28 21:07:22 | 000,090,112 | ---- | M] (acer) MD5=D1DDFF67D47BD6762A6B2282E5C354AD -- C:\Acer\Empowering Technology\eNet\eNetHook.dll
[2006.12.28 21:07:22 | 000,090,112 | ---- | M] (acer) MD5=D1DDFF67D47BD6762A6B2282E5C354AD -- C:\Windows\System32\eNetHook.dll
 
< MD5 for: EXPLORER.EXE  >
[2008.10.29 08:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008.10.29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008.10.30 05:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2007.11.15 08:15:11 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=6D06CD98D954FE87FB2DB8108793B399 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_4fac29707cae347a\explorer.exe
[2007.11.15 08:15:10 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=BD06F0BF753BC704B653C3A50F89D362 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_501f261995dcf2cf\explorer.exe
[2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008.10.28 04:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2006.11.02 11:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe
[2008.01.19 09:33:10 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe
 
< MD5 for: IASTORV.SYS  >
[2008.01.19 09:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008.01.19 09:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys
[2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2006.11.02 11:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll
[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008.01.19 09:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\drivers\nvstor.sys
[2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008.01.19 09:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008.01.19 09:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2008.01.19 09:36:19 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2006.11.02 11:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll
[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll
 
< MD5 for: USER32.DLL  >
[2007.06.13 12:37:24 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=63B4F59D7C89B1BF5277F1FFEFD491CD -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16438_none_cb39bc5b7047127e\user32.dll
[2007.06.13 12:37:25 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=9D9F061EDA75425FC67F0365E3467C86 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.20537_none_cbc258dc896598f1\user32.dll
[2008.01.19 09:36:46 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll
[2006.11.02 11:46:13 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=E698A5437B89A285ACA3FF022356810A -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16386_none_cb01aa4570716e5e\user32.dll
[2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll
[2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.01.19 09:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008.01.19 09:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2006.11.02 11:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2012.07.03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2006.11.02 11:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
[2008.01.19 09:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2006.11.02 10:58:26 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=84620AECDCFD2A7A14E6263927D8C0ED -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6000.16386_none_4d4fded8cae2956d\ws2ifsl.sys
[2008.01.19 07:56:49 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2008.01.19 07:56:49 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
[1 C:\Windows\system32\drivers\*.tmp files -> C:\Windows\system32\drivers\*.tmp -> ]
 
< %systemroot%\System32\config\*.sav >
[2006.11.02 12:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2006.11.02 12:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2006.11.02 12:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006.11.02 12:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006.11.02 12:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
 
< %systemroot%\system32\*.dll /lockedfiles >
[4 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]
 
< %USERPROFILE%\*.* >
[2012.06.25 21:33:53 | 153,919,040 | ---- | M] () -- C:\Users\xxx\Abenteuer Gedächtnis(1).wma
[2012.06.26 17:28:07 | 000,218,587 | ---- | M] () -- C:\Users\xxx\AntragTeilhabe_03_2012.pdf
[2012.06.27 21:44:49 | 000,013,615 | ---- | M] () -- C:\Users\xxx\bildungspaket-mehrtaegige-ausfluege-klassenfahrten-anlage.pdf
[2011.04.23 12:03:50 | 000,008,468 | ---- | M] () -- C:\Users\xxx\bildungspaket.pdf
[2011.06.03 14:20:33 | 000,184,192 | ---- | M] () -- C:\Users\xxx\BuT.pdf
[2012.07.14 18:35:23 | 000,739,856 | ---- | M] (Google Inc.) -- C:\Users\xxx\chrome_installer200113247.exe
[2012.07.17 20:27:49 | 000,000,000 | ---- | M] () -- C:\Users\xxx\defogger_reenable
[2012.04.04 15:55:17 | 006,951,776 | ---- | M] (digital publishing AG) -- C:\Users\xxx\dpLaunchSet.exe
[2012.07.05 18:10:57 | 070,101,919 | ---- | M] () -- C:\Users\xxx\Englisch für Anfänger.wma
[2012.06.29 17:01:54 | 000,544,356 | ---- | M] () -- C:\Users\xxx\Englisch lernen mit The Grooves_ Business World.pdf
[2012.06.29 17:00:12 | 061,108,057 | ---- | M] () -- C:\Users\xxx\Englisch lernen mit The Grooves_ Business World.wma
[2012.04.17 20:55:51 | 000,034,816 | ---- | M] () -- C:\Users\xxx\geschaeftsbrief-form-A-bezugszeichenzeile.doc
[2012.06.16 15:41:38 | 000,068,608 | ---- | M] () -- C:\Users\xxx\Hat die Praktikantin.pub
[2012.07.14 10:20:36 | 007,718,272 | ---- | M] (SurfRight B.V.) -- C:\Users\xxx\HitmanPro36.exe
[2011.06.02 10:50:21 | 034,104,383 | ---- | M] () -- C:\Users\xxx\Kopie von context (5).pdf
[2011.12.23 16:55:17 | 000,133,564 | ---- | M] () -- C:\Users\xxx\Leseprobe für Fake.pdf
[2011.12.23 19:14:06 | 000,084,405 | ---- | M] () -- C:\Users\xxx\Leseprobe Klugscheißer für Fake.pdf
[2011.06.26 10:25:21 | 002,948,218 | ---- | M] () -- C:\Users\xxx\Leseprobe.pdf
[2012.05.29 20:41:11 | 008,219,648 | ---- | M] () -- C:\Users\xxx\Meine Broschüre.pub
[2011.07.07 08:55:34 | 001,812,597 | ---- | M] () -- C:\Users\xxx\Monitorkalibrierung.zip
[2012.07.19 18:56:46 | 005,505,024 | -HS- | M] () -- C:\Users\xxx\ntuser.dat
[2012.07.19 18:56:46 | 000,262,144 | ---- | M] () -- C:\Users\xxx\ntuser.dat.LOG1
[2008.02.28 18:40:16 | 000,262,144 | -H-- | M] () -- C:\Users\xxx\ntuser.dat.LOG2
[2012.07.19 16:48:40 | 000,065,536 | -HS- | M] () -- C:\Users\xxx\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2012.06.08 22:38:17 | 000,524,288 | -HS- | M] () -- C:\Users\xxx\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2012.07.19 16:48:40 | 000,524,288 | -HS- | M] () -- C:\Users\xxx\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms
[2007.06.12 16:53:35 | 000,000,020 | -HS- | M] () -- C:\Users\xxx\ntuser.ini
[2012.05.07 18:55:58 | 173,966,408 | ---- | M] () -- C:\Users\xxx\Rossmann-Fotosoftware-Setup.exe
[2012.07.05 18:09:06 | 216,268,903 | ---- | M] () -- C:\Users\xxx\Sprachkurs Englisch.wma
[2012.07.05 15:22:15 | 000,043,453 | ---- | M] () -- C:\Users\xxx\tickets.pdf
[2012.07.05 15:22:30 | 000,043,410 | ---- | M] () -- C:\Users\xxx\tickets2.pdf
[2012.06.17 18:30:53 | 004,441,861 | ---- | M] ((c) 2006-2011, Tom Thielicke IT Solutions                   ) -- C:\Users\xxx\tipp10_win_v2-1-0.exe
[2012.07.09 21:49:42 | 037,771,696 | ---- | M] (TuneUp Software) -- C:\Users\xxx\TuneUpUtilities2012_de-DE.exe
 
< %USERPROFILE%\Local Settings\Temp\*.exe >
 
< %USERPROFILE%\Local Settings\Temp\*.dll >
 
< %USERPROFILE%\Application Data\*.exe >
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 98 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 98 bytes -> C:\ProgramData\TEMP:551E1CB4
@Alternate Data Stream - 150 bytes -> C:\ProgramData\TEMP:F878F14A
@Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:5425B7F5
@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:940ECC98
@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:90E60569
@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:DCDE7C60
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:91CF76E3
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:580E04D8
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:0207454C
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:B652B720
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:6CEB2458
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:426796C0
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:FF818E2B
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:1CB8D545
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:9AB338B9
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:4D066AD2
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:01442FD8
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:D88D995C
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:9AB56A06
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:08F16DBB
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:550179F5
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:3B3A35EC
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:30C46519
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:E1982A23
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:4D7FCCD3
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:B54102AD
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:0D31DA45
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:3CF23EC3
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:8C458D50
@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:B419A171
@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:9B52F176
@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:8FBE0E9C
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:90E3641D
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:DDE7FCF4
@Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:B14B4A95
@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:588B60C7
@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:37CE0F2E
@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:34FC1C45
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:25005EFA
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:1C9565AC
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:1D6686D8
@Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:567AC0A6
@Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:F50F1555

< End of report >
         
--- --- ---
OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 19.07.2012 18:56:29 - Run 6
OTL by OldTimer - Version 3.2.54.0     Folder = C:\Users\xxx\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 0,72 Gb Available Physical Memory | 36,05% Memory free
4,23 Gb Paging File | 2,73 Gb Available in Paging File | 64,57% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 70,77 Gb Total Space | 3,49 Gb Free Space | 4,93% Space Free | Partition Type: NTFS
Drive D: | 70,47 Gb Total Space | 48,94 Gb Free Space | 69,45% Space Free | Partition Type: NTFS
 
Computer Name: MRX | User Name: xxx | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- Reg Error: Key error. File not found
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- Reg Error: Key error.
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [Digital Photo Professional] -- C:\Program Files\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 1
"InternetSettingsDisableNotify" = 1
"AutoUpdateDisableNotify" = 1
"FirewallDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-2661263122-194117992-2275258509-1000]
"EnableNotificationsRef" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{346867F9-3C20-4C98-AAF6-B02529E263B2}" = lport=138 | protocol=17 | dir=in | app=system | 
"{37A0EB63-4D86-4336-BE5D-A7BFDC298198}" = lport=139 | protocol=6 | dir=in | app=system | 
"{489D774C-7EB5-4FA6-8F66-2CD2942EBCEC}" = rport=137 | protocol=17 | dir=out | app=system | 
"{63F6B6F2-16D0-4749-B18F-DCA26913933E}" = rport=138 | protocol=17 | dir=out | app=system | 
"{71E48E32-6FA5-4F27-A447-F145C08A7857}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{89C7BE34-30F1-4390-9B56-ED10E45C1246}" = lport=445 | protocol=6 | dir=in | app=system | 
"{962F518E-2483-468B-816F-C30594A17437}" = rport=139 | protocol=6 | dir=out | app=system | 
"{C0A5897C-39FC-41FC-A672-BDD523F60B4D}" = rport=445 | protocol=6 | dir=out | app=system | 
"{E063FE22-0CDF-49BF-9B6E-EC86F48FD4AB}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{E182A16E-470D-4533-911C-E66759DB1A20}" = lport=137 | protocol=17 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00B96488-3DBE-48C6-A6B8-90BE7007060B}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{22BD631D-07B7-4449-AAD2-0B45E4F99711}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{52252B4E-4A05-4318-AD07-5D128B3A27A8}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{6D69BB0F-6E76-4B8A-9A55-D8097D254FEB}" = protocol=17 | dir=in | app=c:\program files\avira\antivir desktop\avcenter.exe | 
"{733A0380-1825-4BAF-A4BA-AC24ADD6A735}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{7CA02D95-F8B7-4D63-A5BC-7BB970EEFB79}" = protocol=6 | dir=in | app=c:\program files\avira\antivir desktop\avcenter.exe | 
"{8B9A559A-13E9-465F-A3B7-B96626D59100}" = protocol=17 | dir=out | app=c:\program files\windows media player\wmplayer.exe | 
"{9B0A00D7-84E9-4ED5-BBE7-A8425C8D9555}" = protocol=6 | dir=in | app=c:\program files\windows searchqu toolbar\datamngr\toolbar\dtuser.exe | 
"{A2E669A7-30E2-44C6-A030-D7CD08F49352}" = protocol=17 | dir=in | app=c:\program files\windows searchqu toolbar\datamngr\toolbar\dtuser.exe | 
"{B0A6DFCC-DA6B-47BF-8ECF-74B67C186D1C}" = dir=in | app=c:\program files\itunes\itunes.exe | 
"{BBA0D5BE-EC83-4E25-A88F-C581AC3EA841}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{E3DBE1E0-D3C4-48B7-8EC8-2965A31E6DD5}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{F1773B6B-AB71-4350-8A93-858F51D6B287}" = protocol=6 | dir=out | app=c:\program files\windows media player\wmplayer.exe | 
"{F4B3F2A2-C754-4066-94FA-A97562DB2B93}" = protocol=17 | dir=in | app=c:\program files\windows media player\wmplayer.exe | 
"TCP Query User{930CC031-DDEC-46FF-960F-87ADD530FAD1}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe | 
"UDP Query User{4D054CA8-C329-4F48-9F13-7F045EDB2D2B}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000407-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{00D0200F-3B4D-4A2F-869E-533ED835A943}" = Hervorhebe-Funktion (Windows Live Toolbar)
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0AC49543-9CE2-4434-AD42-5AA6E2967FA5}" = Windows Live Toolbar
"{11316260-6666-467B-AC34-183FCB5D4335}" = Acer Mobility Center Plug-In
"{116FF17B-1A30-4FC2-9B01-5BC5BD46B0B3}" = Acer eLock Management
"{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1AEC7728-1640-4E98-AABC-5EBE3FB57FE4}" = SMSC Fast Infrared Driver
"{1E04F83B-2AB9-4301-9EF7-E86307F79C72}" = Google Earth
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{218761F6-CBF6-4973-B910-A33E6563A1EA}" = Windows Live Toolbar-Erweiterung (Windows Live Toolbar)
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{262DA23B-4BAB-463F-B1DC-9B5287CAB5CA}}_is1" = Deinstallation der Arcor Online Software
"{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java(TM) 7 Update 5
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros for Acer Driver v7.2.0.127_Foxconn Installation Program
"{2DD6C198-FA9A-40B4-8DE5-CE5206E3EB34}" = Smart Menus (Windows Live Toolbar)
"{32364CEA-7855-4A3C-B674-53D8E9B97936}" = TuneUp Utilities 2012
"{353FE16B-30FE-469A-BF55-B978F4218003}" = iTunes
"{35C0A1E4-D02A-412C-841F-266DBB116ABB}" = Intel(R) PROSet/Wireless WiFi-Software
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{412033BC-44CF-48D9-B813-4B835101F4D3}" = Adobe Illustrator 10
"{4817189D-1785-4627-A33C-39FD90919300}" = Die Sims™ 2 Haustiere
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E868D3D-6EEB-4273-926C-2287236B5B79}" = 3DVIA player 5.0
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePower Management
"{59624372-3B85-47f4-9B04-4911E551DF1E}" = Lexware Info Service
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6
"{62B7C52C-CAB6-48B1-8245-52356C141C92}" = RENESIS® Player Browser Plugins
"{67ADE9AF-5CD9-4089-8825-55DE4B366799}" = NTI Backup NOW! 4.7
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6E7DD182-9FC6-4651-0095-2E666CC6AF35}" = Die Sims 2
"{7020FC34-6E04-4858-924D-354B28CB2402}_is1" = Qtpfsgui 1.9.3
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71C97545-E547-4A8B-B0C8-61FF853270AC}" = PaperPort
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}" = Windows Live Favorites für Windows Live Toolbar
"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver
"{7A7B0BF3-2F00-4F03-8A9B-6ABCC07B90C6}" = Windows Live installer
"{83AA2913-C123-4146-85BD-AD8F93971D39}" = BabylonObjectInstaller
"{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60}" = Windows Live Anmelde-Assistent
"{853A4763-6643-4604-8D64-28BDD8925F4C}" = Apple Application Support
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{88410D8F-8529-492B-B556-2394A29B811B}" = Broadcom Driver v4.102.15.63_Foxconn Installation Program
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{93567BBD-4369-47B2-A621-78E008F8EA33}" = Lexware Elster
"{94389919-B0AA-4882-9BE8-9F0B004ECA35}" = Acer Tour
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A1D08B90-AE1A-4885-AC29-731496FD397E}" = Windows Live Fotogalerie
"{A76AA284-E52D-47E6-9E4F-B85DBF8E35C3}" = IMinent Toolbar
"{A87B11AC-4344-4E5D-8B12-8F471A87DAD9}" = LightScribe  1.4.136.1
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB6097D9-D722-4987-BD9E-A076E2848EE2}" = Acer Empowering Technology
"{AC76BA86-7AD7-1031-7B44-A70000000000}" = Adobe Reader 7.0 - Deutsch
"{AEEAE013-92F1-4515-B278-139F1A692A35}" = Acer eDataSecurity Management
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{BF839132-BD43-4056-ACBF-4377F4A88E2A}" = Acer ePresentation Management
"{C06554A1-2C1E-4D20-B613-EE62C79927CC}" = Acer eNet Management
"{C19B3EB6-B54C-3204-A4DF-88432E0C79F7}" = Microsoft ReportViewer 2010 Redistributable
"{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C911A0C2-2236-3164-AA47-F2566C01AE5E}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support
"{CE026CFE-73FE-4FED-9D5F-2C8D4DB512B0}" = TuneUp Utilities Language Pack (de-DE)
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE65A9A0-9686-45C6-9098-3C9543A412F0}" = Acer eSettings Management
"{D871EE71-6EBD-4EEC-9418-69E8782E6BBB}" = Lexware financial office 2009
"{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}" = LiveUpdate Notice (Symantec Corporation)
"{DFEF49D9-FC95-4301-99B9-2FB91C6ABA06}" = Die Sims™ 2 Vier Jahreszeiten
"{E10DB5DA-E576-40EA-A7FC-1CB2A7B283A6}" = NVIDIA PhysX
"{EFBDC2B0-FAA8-4B78-8DE1-AEBE7958FA37}" = Acer Arcade Deluxe
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F248ADFA-64E0-4b03-8A83-059078BED6A0}" = Die Sims™ 2 Gute Reise
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F7529650-B9DB-481B-0089-A2AC3C2821C1}" = Die Sims 2: Nightlife
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe InDesign 2.0" = Adobe InDesign 2.0
"Adobe Photoshop 7.0" = Adobe Photoshop 7.0
"Adobe Shockwave Player" = Adobe Shockwave Player
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"Avira AntiVir Desktop" = Avira Free Antivirus
"BabylonToolbar" = Babylon toolbar on IE
"CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
"CameraWindowLauncher" = Canon Utilities CameraWindow
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFAOR2C06_118" = HDAUDIO Soft Data Fax Modem with SmartCP
"DPP" = Canon Utilities Digital Photo Professional 3.4
"DVDVideoSoftTB_DE Toolbar" = DVDVideoSoftTB DE Toolbar
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EOS USB WIA Driver" = EOS USB WIA Driver
"EOS Utility" = Canon Utilities EOS Utility
"Firebird SQL Server D" = Firebird SQL Server - MAGIX Edition
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.26.706
"GIF Animator" = Microsoft GIF Animator
"GIMP-2_is1" = GIMP 2.8.0
"Google Desktop" = Google Desktop
"Google Updater" = Google Updater
"GridVista" = Acer GridVista
"InstallShield_{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"KLiteCodecPack_is1" = K-Lite Codec Pack 6.0.4 (Basic)
"LiveUpdate" = LiveUpdate 3.2 (Symantec Corporation)
"LManager" = Launch Manager
"loadtbs-2.1" = loadtbs-2.1
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"MyCamera" = Canon Utilities MyCamera
"Neopets" = Neopets 
"NVIDIA Drivers" = NVIDIA Drivers
"OpenAL" = OpenAL
"Original Data Security Tools" = Canon Utilities Original Data Security Tools
"Passbild-Generator_is1" = Bewerbungsfoto-/Passbild-Generator v3.3a
"PhotoStitch" = Canon Utilities PhotoStitch
"Picture Style Editor" = Canon Utilities Picture Style Editor
"ProInst" = Intel PROSet Wireless
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX
"Searchqu 417 MediaBar" = Windows Searchqu Toolbar
"Shockwave" = Shockwave
"Softonic_Deutsch Toolbar" = Softonic_Deutsch Toolbar
"ST5UNST #1" = project dogwaffle
"ST5UNST #2" = project dogwaffle (c:\)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TIPP10_is1" = TIPP10 Version 2.1.0
"TuneUp Utilities 2012" = TuneUp Utilities 2012
"WavePad" = WavePad Audiobearbeitungs-Software
"WFTK" = Canon Utilities WFT-E1/E2/E3 Utility
"Windows Live Toolbar" = Windows Live Toolbar
"Winload Toolbar" = Winload Toolbar
"www.Freeware-download.com Toolbar" = Freeware Download - Free Software Downloads Toolbar
"XTTB00001.XTTB00001Toolbar" = ICQ Toolbar
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 19.07.2012 10:26:27 | Computer Name = mrx | Source = VSS | ID = 12292
Description = 
 
Error - 19.07.2012 10:26:27 | Computer Name = mrx | Source = System Restore | ID = 8193
Description = 
 
Error - 19.07.2012 12:37:17 | Computer Name = mrx | Source = Microsoft Security Client Setup | ID = 100
Description = HRESULT:0x8004FF0A Description:Microsoft Security Essentials installation
 was canceled. You canceled the Security Essentials installation on your computer.
 Error code:0x8004FF0A.
 
Error - 19.07.2012 13:03:28 | Computer Name = mrx | Source = VSS | ID = 40
Description = 
 
Error - 19.07.2012 13:03:28 | Computer Name = mrx | Source = VSS | ID = 12292
Description = 
 
Error - 19.07.2012 13:03:28 | Computer Name = mrx | Source = VSS | ID = 40
Description = 
 
Error - 19.07.2012 13:03:28 | Computer Name = mrx | Source = VSS | ID = 12292
Description = 
 
Error - 19.07.2012 13:03:28 | Computer Name = mrx | Source = VSS | ID = 40
Description = 
 
Error - 19.07.2012 13:03:28 | Computer Name = mrx | Source = VSS | ID = 12292
Description = 
 
Error - 19.07.2012 13:03:28 | Computer Name = mrx | Source = System Restore | ID = 8193
Description = 
 
[ OSession Events ]
Error - 25.02.2011 18:49:31 | Computer Name = mrx | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6550.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 124
 seconds with 60 seconds of active time.  This session ended with a crash.
 
Error - 26.02.2011 06:38:57 | Computer Name = mrx | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6550.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 128
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 26.02.2011 17:25:03 | Computer Name = mrx | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6550.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 128
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 27.02.2011 04:11:03 | Computer Name = mrx | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6550.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 129
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 28.02.2011 17:58:33 | Computer Name = mrx | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6550.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 122
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 01.03.2011 03:24:51 | Computer Name = mrx | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6550.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 3723
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 01.03.2011 04:18:15 | Computer Name = mrx | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6550.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 3724
 seconds with 120 seconds of active time.  This session ended with a crash.
 
Error - 01.03.2011 07:38:01 | Computer Name = mrx | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6550.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 3724
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 05.03.2012 06:49:02 | Computer Name = mrx | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6562.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 1237
 seconds with 240 seconds of active time.  This session ended with a crash.
 
Error - 03.06.2012 15:22:46 | Computer Name = mrx | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 1
 seconds with 0 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 18.07.2012 23:56:36 | Computer Name = mrx | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 19.07.2012 08:22:35 | Computer Name = mrx | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 19.07.2012 08:22:35 | Computer Name = mrx | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 19.07.2012 08:23:01 | Computer Name = mrx | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 19.07.2012 10:16:16 | Computer Name = mrx | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 19.07.2012 10:16:16 | Computer Name = mrx | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 19.07.2012 10:16:33 | Computer Name = mrx | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 19.07.2012 12:13:54 | Computer Name = mrx | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 19.07.2012 12:13:54 | Computer Name = mrx | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 19.07.2012 12:14:11 | Computer Name = mrx | Source = Service Control Manager | ID = 7001
Description = 
 
GMER Logfile:
Code:
ATTFilter
GMER 1.0.15.15641 - GMER - Rootkit Detector and Remover
Rootkit scan 2012-07-19 21:21:23
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD1600BEVS-22RST0 rev.04.01G04
Running: d360pqyn.exe; Driver: C:\Users\xxx\AppData\Local\Temp\ugtdypow.sys


---- System - GMER 1.0.15 ----

SSDT            8B2996C6                                                                                               ZwCreateSection
SSDT            8B2996D0                                                                                               ZwRequestWaitReplyPort
SSDT            8B2996CB                                                                                               ZwSetContextThread
SSDT            8B2996D5                                                                                               ZwSetSecurityObject
SSDT            8B2996DA                                                                                               ZwSystemDebugControl
SSDT            8B299667                                                                                               ZwTerminateProcess

---- Kernel code sections - GMER 1.0.15 ----

.text           ntkrnlpa.exe!KeSetEvent + 215                                                                          82AE78D8 4 Bytes  [C6, 96, 29, 8B]
.text           ntkrnlpa.exe!KeSetEvent + 539                                                                          82AE7BFC 4 Bytes  [D0, 96, 29, 8B]
.text           ntkrnlpa.exe!KeSetEvent + 56D                                                                          82AE7C30 4 Bytes  [CB, 96, 29, 8B]
.text           ntkrnlpa.exe!KeSetEvent + 5D1                                                                          82AE7C94 4 Bytes  [D5, 96, 29, 8B]
.text           ntkrnlpa.exe!KeSetEvent + 619                                                                          82AE7CDC 4 Bytes  [DA, 96, 29, 8B]
.text           ...                                                                                                    
.text           C:\Windows\system32\DRIVERS\nvlddmkm.sys                                                               section is writeable [0x8C60A340, 0x2932D7, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text           C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE[2348] kernel32.dll!SetUnhandledExceptionFilter  7688A8C5 5 Bytes  JMP 654450B8 C:\Program Files\Common Files\Microsoft Shared\office12\mso.dll (2007 Microsoft Office component/Microsoft Corporation)
.text           C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE[2348] ole32.dll!OleLoadFromStream               777E1E80 5 Bytes  JMP 65F0EAC8 C:\Program Files\Common Files\Microsoft Shared\office12\mso.dll (2007 Microsoft Office component/Microsoft Corporation)
.text           C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE[4452] kernel32.dll!SetUnhandledExceptionFilter  7688A8C5 5 Bytes  JMP 654450B8 C:\Program Files\Common Files\Microsoft Shared\office12\mso.dll (2007 Microsoft Office component/Microsoft Corporation)
.text           C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE[4452] ole32.dll!OleLoadFromStream               777E1E80 5 Bytes  JMP 65F0EAC8 C:\Program Files\Common Files\Microsoft Shared\office12\mso.dll (2007 Microsoft Office component/Microsoft Corporation)

---- User IAT/EAT - GMER 1.0.15 ----

IAT             C:\Windows\Explorer.EXE[2828] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown]                  [74877817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[2828] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage]                   [748BB4E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[2828] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI]               [7487BB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[2828] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode]         [7486F695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[2828] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup]                   [748775E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[2828] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC]                [7486E7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[2828] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM]    [748A73F5] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[2828] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream]       [7487DA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[2828] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight]               [7486FFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[2828] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth]                [7486FF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[2828] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage]                 [748671CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[2828] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM]         [748FCAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[2828] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile]            [7489C8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[2828] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics]               [7486D968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[2828] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree]                         [74866853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[2828] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc]                        [7486687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[2828] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode]           [74872AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice  \Driver\kbdclass \Device\KeyboardClass0                                                                Wdf01000.sys (WDF Dynamic/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----
         
--- --- --- < End of report >
--- --- ---

Alt 20.07.2012, 17:18   #9
markusg
/// Malware-holic
 
19 infizierte registrierungsschlüssel von malewarebytes nach tr/kazy.80623.1 gefunden - Standard

19 infizierte registrierungsschlüssel von malewarebytes nach tr/kazy.80623.1 gefunden



hi
Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich
ziehen und eine Bereinigung der Infektion noch erschweren.
Downloade dir bitte Combofix von einem dieser Downloadspiegel

Link 1
Link 2


WICHTIG - Speichere Combofix auf deinem Desktop
  • Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.


Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 20.07.2012, 18:41   #10
mmetzak77
 
19 infizierte registrierungsschlüssel von malewarebytes nach tr/kazy.80623.1 gefunden - Standard

19 infizierte registrierungsschlüssel von malewarebytes nach tr/kazy.80623.1 gefunden



Hallo markusg.,
war das der letzte Schritt und wenn ja wie kann ich mein System optimal schützen?
Erst mal wieder danke - ohne Menschen wie euch wäre ich verloren gewesen.
Ich muss allerdings zugeben dass mich das ganze enorm fasziniert...
Gruß MarionCombofix Logfile:
Code:
ATTFilter
ComboFix 12-07-20.02 - xxx 20.07.2012  19:05:33.1.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.49.1031.18.2045.1108 [GMT 2:00]
ausgeführt von:: c:\users\xxx\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\IMinent Toolbar\tbHElper.dll
c:\program files\Windows Searchqu Toolbar
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\as_guid.dat
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\bandoocode.js
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\data\search\engines.xml
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\data\search\search.xsl
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\about.xml
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\bandoocode.js
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\dtxpanel.xul
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\dtxpaneltransparent.xul
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\dtxpanelwin.xul
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\dtxprefwin.xul
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\dtxtransparentwin.xul
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\dtxwin.xul
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\emailnotifierproviders.xml
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\external.js
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\imeshcode.js
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\neterror.xhtml
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\vmncode.js
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\wmpstreamer.html
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\modules\datastore.jsm
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\modules\nsDragAndDrop.js
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\neterror.xhtml
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\partner.coupons.xml
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\preferences.xml
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\radiobeta.js
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\template.xml
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\toolbar.htm
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\toolbar.xul
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\vmncode.js
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\vmnrsswin.xml
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.PPCBully\tb_icon.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.PPCBully\widget.js
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.PPCBully\widget.xml
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.PPCBully\widget_version
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\babylon_logo.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\bandoo.css
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\bluelite.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\bluesky.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\btn-search-over.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\btn-search.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\btn-settings-over.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\btn-settings.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\btn-widgets-over.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\btn-widgets.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\btn_settings.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\ca.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\dictionary.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\divider.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\downloadcom.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\dtxlogo.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\ebay.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\email.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\email_on.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\facebook.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\games.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred0.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred0_5.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred1.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred1_5.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred2.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred2_5.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred3.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred3_5.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred4.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred4_5.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred5.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphredna.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\grey.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\ico-shield.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\icon_radio_png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\icon_seperator_png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\icon_twitter.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\icon_youtube.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\images.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\imesh.css
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\add.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\aol.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\arrow-dn.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\arrow-right-disabled.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\arrow-right.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\arrow-up.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btn-divider.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btn-end.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btn-mdl.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btn-mdl_ff.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btn-start.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btnover-divider.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btnover-end.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btnover-mdl.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btnover-mdl_ff.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btnover-start.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\blank.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\btn-widgets-over.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\btn-widgets.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\btn_slider.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\btnback-down-vista.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\btnback-vista.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\btnleft-down-vista.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\btnleft-vista.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\btnright-down-vista.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\btnright-vista.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\button-splitter-down-vista.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\button-splitter-vista.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\checkmark.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\chevron.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\collapse.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\comcast.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\dtx.css
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\edit-back-hot.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\edit-back.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\expand.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\found.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\gmail.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\highlight.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\highlight_blue.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\highlight_cyan.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\highlight_lime.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\highlight_magenta.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\highlight_yellow.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\hotmail.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\ico-check.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\imap.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\lastsearch-thumb-back.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\loadingMid.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\lock.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\logo-separator.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\mailcom.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\menu_bg-basic.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\menu_separator_bar.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\menu_separator_white.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\menuitem-splitter.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\menuitemback-down-vista.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\menuitemback-vista.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\menuitemleft-down-vista.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\menuitemleft-vista.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\menuitemright-down-vista.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\menuitemright-vista.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\modify.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\move.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\movetarget.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\css\panels.css
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\css\popupAbout.css
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\css\popupGames.css
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\css\popupRSS.css
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\css\popupWidgets.css
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\css\dialog.css
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\bg.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\btn-search.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\btn-wide-close-over.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\btn-wide-close.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\default.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\tab-off-l.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\tab-off-r.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\tab-on-l.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\tab-on-r.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\transparent.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\ttlbar-left.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\ttlbar-mdl.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\ttlbar-right.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\win-btm-left.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\win-btm-mdl.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\win-btm-right-resize.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\win-btm-right.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\win-left.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\win-right.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\main.html
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\scripts\defscript.js
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\footer.htm
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\gamecategory.xsl
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\gameData.js
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\gameList.xsl
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\games.xsl
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\gametype.xsl
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\arrow-dn.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\arrow-sml-drop.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\arrow-sml.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\arrow-up.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\arrowr-bluew5.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\bg-aboutbox.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\bg-btnover.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\bg-pnl520x390.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-addtoolbar-left-over.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-addtoolbar-left.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-addtoolbar-right.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-back.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-close-grey.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-close-greyover.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-drag.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-mdl-over.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-mdl.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-moredetails.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-next-over.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-next.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-play-left-over.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-play-left.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-previous-over.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-previous.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-right-over.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-search-pnlbtm-over.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-search-pnlbtm.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-try-left-over.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-try-left.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\bullet-orange.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\gamethumb-on.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\gamethumb2-over.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\ico-calendar.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\ico-dollar.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\ico-download.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\ico-joystick24.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\ico-news24.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\ico-play.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\ico-tags.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\icon-Add.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\icon-download.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\icon-Info.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\icon-play.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\icon-shop.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\menul-bgon.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\menul-bgover.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\panel-botm-noscroll.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scroll-bg-206.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scroll-bg.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scroll-topwin.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollb-disable.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollb-down.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollb-over.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollb.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollt-disable.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollt-down.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollt-over.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollt.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\searchbox-pnlbtm.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\star_x_grey.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\star_x_orange.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\TRUSTe_about.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\view-detailed-on.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\view-detailed-over.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\view-thumb-on.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\view-thumb-over.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\widgets-square-16px.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\widgets-square-24px.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\widgets.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\initHTML.html
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\popupGames.html
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\popupHTML.html
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\popupRSS.html
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\popupWidgets.html
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\scroll.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\pop.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\css\manager.css
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\css\slider.css
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\bg-pnl.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\btn-close-grey.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\btn-close-greyover.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\collapsed_button.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\expanded_button.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\ico-playstation-down.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\ico-playstation-over.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\ico-playstation.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\ico-radio.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\music-note.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-btn-pause-on.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-btn-pause.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-btn-play-on.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-btn-play.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-eq-bg.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-eq-buffer.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-eq-busy.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-eq-off.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-eq-on.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-eq-warning.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-options-design-on.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-options-design.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-options-on.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-options.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-volume-0.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-volume-1.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-volume-2.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-volume-3.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-volume-mute.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\scrollbar-handle.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\scrollbar-track.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\slider.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\slideron.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\track.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\managerpanel.html
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\volumeslider.html
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radiobeta-buffering.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radiobeta-connecting.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radiobeta-playing.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radiobeta-stopped.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radiobeta.ico
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\reload.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\remove.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\rename.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\resize-box.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\rss.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\rsschannelback.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\RSSLogo.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\rsstabdivider.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\scroll-left.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\scroll-right.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\search-go.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\search.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\text-ellipsis.xml
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\throbber.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\toolbarsplitter.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\transparent_1px.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_02.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_03.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_04.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_06.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_07.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_08.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_09.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_10.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_11.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_12.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_13.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_14.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_15.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_16.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_18.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_19.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_20.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_21.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\btn-close-grey.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\btn-close-greyover.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\close-hot.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\close-normal.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\loadingMid.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\proxy.html
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\template.html
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\template.xml
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\templateFF.html
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\throbber.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\icons\cond999.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\icons\icons.xml
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\icons\na-s.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\icons\na-t.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\icons\na.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\add.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\arrowr-bluew5.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl520x350.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl520x350blue-whitebg.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl520x350blue.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\box-check.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\box-uncheck.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btn-close-grey.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btn-close-greyover.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btn-delete.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btn-search-pnlbtm-over.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btn-search-pnlbtm.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-next-off.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-next.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-previous-off.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-previous.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\ico-check.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\ico-hotandhumid-s.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\ico-hotandhumid.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\options-weather.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\over-blue.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\over-orange.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\powered-by-weatherbug.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\powered-by-weatherbug2.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\radio-checked.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\radio-unchecked.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\searchbox-pnlbtm.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\weather-contour.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\popupWeather.css
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\popupWeather.html
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\yahoo.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lichen.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\logo-about.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\logo-over.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\logo-separator.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\logo.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\mail.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\maps.bmp
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\menuseparatorback.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\modify-save.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\modify.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\modifyhot.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\music.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\news.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\options\options-main.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\options\options-search.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\options\options-weather.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\options\options-weather.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\options\options-widgets.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\orange.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\pixsy.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\protect-id.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\radiobeta-buffering.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\radiobeta-connecting.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\radiobeta-playing.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\radiobeta-stopped.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\radiobeta.ico
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\relatedlinks.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss-collapse.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss-delete.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss-expand.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss-feed.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss-folder-remove.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss-folder-rename.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss-folder.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss-found.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss-reload.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss-subscribe.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rssback.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rsstopback.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\search-over.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\search.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\search_button_over_png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\search_button_png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\searchbar\searchbar-background-left.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\searchbar\searchbar-background-middle.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\searchbar\searchbar-background-right.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\settings.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\shopping.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\siteinfo.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\skin-bluelite.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\skin-bluesky.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\skin-grey.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\skin-lichen.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\skin-orange.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\skin-yellow.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\skin.xml
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\technorati.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\throbber.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\toolbarsplitter.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\translate.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\video.bmp
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\vmn.css
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\vmn.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\weather.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\web.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\widgets-square-16px.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\wikipedia.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\yahoosearch.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\yellow.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\youtube.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\zoom.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\components\windowmediator.js
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\dtUser.exe
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\manifest.xml
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\searchquband.dll
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\uninstall.exe
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\uninstallTB.exe
c:\programdata\Roaming
c:\users\xxx\chrome_installer200113247.exe
c:\users\xxx\Documents\~WRL2797.tmp
c:\users\xxx\HitmanPro36.exe
c:\users\xxx\Rossmann-Fotosoftware-Setup.exe
c:\users\xxx\tipp10_win_v2-1-0.exe
c:\users\xxx\TuneUpUtilities2012_de-DE.exe
c:\windows\~GLC0000.TMP
c:\windows\~GLC0001.TMP
c:\windows\~GLC0002.TMP
c:\windows\~GLH0000.TMP
c:\windows\~GLH0001.TMP
c:\windows\~GLH0002.TMP
c:\windows\IsUn0407.exe
c:\windows\System32\Desktop_.ini
c:\windows\system32\drivers\~GLH0014.TMP
c:\windows\system32\spool\prtprocs\w32x86\ppbiPr.dll
c:\windows\system32\tmp81EB.tmp
c:\windows\system32\tmp8298.tmp
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-06-20 bis 2012-07-20  ))))))))))))))))))))))))))))))
.
.
2012-07-20 17:23 . 2012-07-20 17:24	--------	d-----w-	c:\users\xxx\AppData\Local\temp
2012-07-20 17:23 . 2012-07-20 17:23	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-07-20 11:42 . 2012-06-28 23:44	6891424	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9D5B8B65-635D-46AF-A620-50B3F875E52B}\mpengine.dll
2012-07-20 04:45 . 2012-07-20 04:45	713784	------w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0EE3BC89-85DB-4D12-90E4-1265939C3740}\gapaengine.dll
2012-07-20 04:45 . 2012-06-28 23:44	6891424	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-07-20 04:31 . 2012-07-20 04:32	--------	d-----w-	c:\program files\Microsoft Security Client
2012-07-20 04:30 . 2010-04-05 20:00	221568	----a-w-	c:\windows\system32\drivers\netio.sys
2012-07-18 12:21 . 2012-07-18 12:21	--------	d-----w-	c:\users\xxx\AppData\Roaming\Malwarebytes
2012-07-17 11:09 . 2012-07-17 11:09	--------	d-----w-	c:\program files\Common Files\Java
2012-07-17 11:08 . 2012-07-17 11:07	772592	----a-w-	c:\windows\system32\npDeployJava1.dll
2012-07-16 15:49 . 2012-07-16 15:49	--------	d-----w-	c:\users\xxx\AppData\Roaming\NCH Software
2012-07-16 15:49 . 2012-07-16 15:49	--------	d-----w-	c:\programdata\NCH Software
2012-07-15 16:37 . 2012-07-15 16:37	--------	d-----w-	c:\users\xxx\AppData\Local\CRE
2012-07-15 16:37 . 2012-07-15 16:37	--------	d-----w-	c:\users\xxx\AppData\Roaming\DVDVideoSoftIEHelpers
2012-07-15 16:36 . 2012-06-22 14:32	405144	----a-w-	c:\windows\system32\Newtonsoft.Json.Net20.dll
2012-07-15 16:36 . 2012-07-15 16:36	--------	d-----w-	c:\program files\Common Files\DVDVideoSoft
2012-07-15 16:36 . 2012-07-15 16:36	--------	d-----w-	c:\program files\DVDVideoSoft
2012-07-15 16:32 . 2012-07-15 16:32	--------	d-----w-	c:\users\xxx\AppData\Roaming\Digiarty
2012-07-15 16:31 . 2012-07-15 16:31	--------	d-----w-	c:\program files\Digiarty
2012-07-15 16:15 . 2012-07-15 16:15	--------	d-----w-	c:\program files\K-Lite Codec Pack
2012-07-15 16:15 . 2012-07-15 16:15	--------	d-----w-	c:\users\xxx\AppData\Local\Abelssoft
2012-07-14 16:39 . 2012-07-14 16:55	--------	d-----w-	c:\programdata\HitmanPro
2012-07-14 14:17 . 2011-06-24 13:46	154416	----a-w-	c:\windows\system32\drivers\VBoxDrv.sys
2012-07-14 14:17 . 2011-06-24 13:46	33072	----a-w-	c:\windows\system32\drivers\VBoxUSBMon.sys
2012-07-14 12:10 . 2012-07-14 12:10	--------	d-----w-	c:\programdata\Malwarebytes
2012-07-14 10:25 . 2012-07-14 13:30	--------	d-----w-	c:\programdata\Sirrix AG
2012-07-14 10:25 . 2012-07-14 12:56	--------	d-----w-	c:\program files\Sirrix AG
2012-07-14 09:57 . 2012-07-14 09:57	--------	d-----w-	c:\program files\Oracle
2012-07-14 08:21 . 2012-07-14 08:21	--------	d-----w-	c:\program files\HitmanPro
2012-07-14 05:36 . 2012-07-14 11:20	--------	d-----w-	c:\users\xxx\gegen Trojaner
2012-07-13 18:43 . 2012-07-14 08:11	--------	d-----w-	c:\users\xxx\AppData\Roaming\Qoiwc
2012-07-13 18:43 . 2012-07-13 18:43	--------	d-----w-	c:\users\xxx\AppData\Roaming\Akafu
2012-07-13 09:32 . 2012-05-31 03:41	6762896	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{267B2F88-B6FF-40EC-B621-C0C2044845E8}\mpengine.dll
2012-07-11 15:58 . 2012-06-13 13:40	2047488	----a-w-	c:\windows\system32\win32k.sys
2012-07-11 15:47 . 2012-06-05 16:47	1401856	----a-w-	c:\windows\system32\msxml6.dll
2012-07-11 15:47 . 2012-06-05 16:47	1248768	----a-w-	c:\windows\system32\msxml3.dll
2012-07-11 15:47 . 2012-06-05 16:47	708608	----a-w-	c:\program files\Common Files\System\ado\msado15.dll
2012-07-11 15:47 . 2012-06-04 15:26	440704	----a-w-	c:\windows\system32\drivers\ksecdd.sys
2012-07-11 15:47 . 2012-06-02 00:04	278528	----a-w-	c:\windows\system32\schannel.dll
2012-07-11 15:47 . 2012-06-02 00:03	204288	----a-w-	c:\windows\system32\ncrypt.dll
2012-07-09 19:59 . 2012-05-29 11:09	31584	----a-w-	c:\windows\system32\TURegOpt.exe
2012-07-09 19:59 . 2012-05-29 11:09	21344	----a-w-	c:\windows\system32\authuitu.dll
2012-07-09 19:59 . 2012-07-09 19:59	--------	d-----w-	c:\users\xxx\AppData\Roaming\TuneUp Software
2012-07-09 19:58 . 2012-07-09 19:59	--------	d-----w-	c:\program files\TuneUp Utilities 2012
2012-07-09 19:50 . 2012-07-09 19:50	--------	d-sh--w-	c:\programdata\{32364CEA-7855-4A3C-B674-53D8E9B97936}
2012-07-09 19:50 . 2012-07-09 19:50	--------	d--h--w-	c:\programdata\Common Files
2012-07-06 15:41 . 2012-07-06 15:41	--------	d-----w-	c:\users\xxx\AppData\Roaming\BabylonToolbar
2012-07-06 15:41 . 2012-07-06 15:41	--------	d-----w-	c:\program files\BabylonToolbar
2012-07-06 15:41 . 2012-07-06 15:41	--------	d-----w-	c:\programdata\Babylon
2012-07-03 19:03 . 2012-07-03 19:03	--------	d-----w-	c:\program files\SearchGBY
2012-07-03 19:02 . 2012-07-03 19:02	30520	----a-w-	c:\windows\system32\midiwrap3405.deu
2012-07-03 19:02 . 2012-07-03 19:05	--------	d-----w-	c:\program files\KB Piano 2
2012-07-02 20:15 . 2012-07-02 20:15	--------	d-----w-	c:\users\xxx\AppData\Local\Ilivid Player
2012-06-21 17:23 . 2012-06-02 22:19	53784	----a-w-	c:\windows\system32\wuauclt.exe
2012-06-21 17:23 . 2012-06-02 22:19	45080	----a-w-	c:\windows\system32\wups2.dll
2012-06-21 17:23 . 2012-06-02 22:19	1933848	----a-w-	c:\windows\system32\wuaueng.dll
2012-06-21 17:23 . 2012-06-02 22:12	2422272	----a-w-	c:\windows\system32\wucltux.dll
2012-06-21 17:23 . 2012-06-02 22:19	35864	----a-w-	c:\windows\system32\wups.dll
2012-06-21 17:23 . 2012-06-02 22:19	577048	----a-w-	c:\windows\system32\wuapi.dll
2012-06-21 17:23 . 2012-06-02 22:12	88576	----a-w-	c:\windows\system32\wudriver.dll
2012-06-21 17:22 . 2012-06-02 13:19	171904	----a-w-	c:\windows\system32\wuwebv.dll
2012-06-21 17:22 . 2012-06-02 13:12	33792	----a-w-	c:\windows\system32\wuapp.exe
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-17 11:07 . 2011-04-18 20:34	687600	----a-w-	c:\windows\system32\deployJava1.dll
2012-07-10 14:08 . 2011-12-16 10:48	83392	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2012-07-10 14:08 . 2011-12-16 10:48	137928	----a-w-	c:\windows\system32\drivers\avipbb.sys
2012-05-01 14:03 . 2012-06-14 13:12	180736	----a-w-	c:\windows\system32\drivers\rdpwd.sys
2012-04-23 16:00 . 2012-06-14 13:12	984064	----a-w-	c:\windows\system32\crypt32.dll
2012-04-23 16:00 . 2012-06-14 13:12	98304	----a-w-	c:\windows\system32\cryptnet.dll
2012-04-23 16:00 . 2012-06-14 13:12	133120	----a-w-	c:\windows\system32\cryptsvc.dll
2010-07-07 16:22 . 2008-02-11 07:30	119808	----a-w-	c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{8dbb6d8e-e4a6-4e3b-9753-af78b226441c}"= "c:\program files\Softonic_Deutsch\tbSof0.dll" [2010-10-18 3908192]
"{40c3cc16-7269-4b32-9531-17f2950fb06f}"= "c:\program files\Winload\tbWin0.dll" [2010-10-18 3908192]
"{b106b661-3e1b-4015-af5c-195e909f35c6}"= "c:\program files\NCH_DE\prxtbNCH_.dll" [2011-01-17 175912]
"{26647ca4-a2a7-4eac-8a72-761aa9141de7}"= "c:\program files\www.Freeware-download.com\tbwww..dll" [2010-10-18 3908192]
"{0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff}"= "c:\program files\DVDVideoSoftTB_DE\prxtbDVDV.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{8dbb6d8e-e4a6-4e3b-9753-af78b226441c}]
.
[HKEY_CLASSES_ROOT\clsid\{40c3cc16-7269-4b32-9531-17f2950fb06f}]
.
[HKEY_CLASSES_ROOT\clsid\{b106b661-3e1b-4015-af5c-195e909f35c6}]
.
[HKEY_CLASSES_ROOT\clsid\{26647ca4-a2a7-4eac-8a72-761aa9141de7}]
.
[HKEY_CLASSES_ROOT\clsid\{0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff}]
2011-05-09 08:49	176936	----a-w-	c:\program files\DVDVideoSoftTB_DE\prxtbDVDV.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{26647ca4-a2a7-4eac-8a72-761aa9141de7}]
2010-10-18 10:26	3908192	----a-w-	c:\program files\www.Freeware-download.com\tbwww..dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-10-18 10:26	3908192	----a-w-	c:\program files\ConduitEngine\ConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{40c3cc16-7269-4b32-9531-17f2950fb06f}]
2010-10-18 10:26	3908192	----a-w-	c:\program files\Winload\tbWin0.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{58124A0B-DC32-4180-9BFF-E0E21AE34026}]
2010-07-02 07:54	2607872	----a-w-	c:\program files\IMinent Toolbar\tbcore3.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8dbb6d8e-e4a6-4e3b-9753-af78b226441c}]
2010-10-18 10:26	3908192	----a-w-	c:\program files\Softonic_Deutsch\tbSof0.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b106b661-3e1b-4015-af5c-195e909f35c6}]
2011-01-17 14:54	175912	----a-w-	c:\program files\NCH_DE\prxtbNCH_.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{8dbb6d8e-e4a6-4e3b-9753-af78b226441c}"= "c:\program files\Softonic_Deutsch\tbSof0.dll" [2010-10-18 3908192]
"{40c3cc16-7269-4b32-9531-17f2950fb06f}"= "c:\program files\Winload\tbWin0.dll" [2010-10-18 3908192]
"{b106b661-3e1b-4015-af5c-195e909f35c6}"= "c:\program files\NCH_DE\prxtbNCH_.dll" [2011-01-17 175912]
"{0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff}"= "c:\program files\DVDVideoSoftTB_DE\prxtbDVDV.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{8dbb6d8e-e4a6-4e3b-9753-af78b226441c}]
.
[HKEY_CLASSES_ROOT\clsid\{40c3cc16-7269-4b32-9531-17f2950fb06f}]
.
[HKEY_CLASSES_ROOT\clsid\{b106b661-3e1b-4015-af5c-195e909f35c6}]
.
[HKEY_CLASSES_ROOT\clsid\{0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{B106B661-3E1B-4015-AF5C-195E909F35C6}"= "c:\program files\NCH_DE\prxtbNCH_.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{b106b661-3e1b-4015-af5c-195e909f35c6}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-12 68856]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2006-12-01 4186112]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-10-23 815104]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2006-12-20 90191]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-12-20 7766016]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-07-10 348624]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200]
.
c:\users\xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote Inhaltsverzeichnis.onetoc2 [2008-4-24 3656]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2007-1-19 528384]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~3\GoogleDesktopNetwork3.dll c:\windows\System32\eNetHook.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute	REG_MULTI_SZ   	autocheck autochk /r \??\H:\0autocheck autochk *
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro36Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro36CrusaderBoot]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\?????????]
??????????????e [?]
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"WMPNSCFG"=c:\program files\Windows Media Player\WMPNSCFG.exe
"ehTray.exe"=c:\windows\ehome\ehTray.exe
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" -start
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"PaperPort PTD"=c:\program files\ScanSoft\PaperPort\pptd40nt.exe
"IndexSearch"=c:\program files\ScanSoft\PaperPort\IndexSearch.exe
"NvMediaCenter"=RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe"
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
"eDataSecurity Loader"=c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe
"Acer Tour Reminder"=c:\acer\AcerTour\Reminder.exe
"LManager"=c:\progra~1\LAUNCH~1\LManager.exe
"WarReg_PopUp"=c:\acer\WR_PopUp\WarReg_PopUp.exe
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"LexwareInfoService"=c:\program files\Common Files\Lexware\Update Manager\LxUpdateManager.exe /autostart
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2661263122-194117992-2275258509-1000]
"EnableNotificationsRef"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LPDService	REG_MULTI_SZ   	LPDSVC
rsmsvcs	REG_MULTI_SZ   	ntmssvc
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache
.
Inhalt des "geplante Tasks" Ordners
.
2008-10-19 c:\windows\Tasks\Auf Updates für Windows Live Toolbar prüfen.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 09:20]
.
2012-07-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-12 10:32]
.
2012-07-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-12 10:32]
.
2012-07-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2661263122-194117992-2275258509-1000Core.job
- c:\users\xxx\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-14 16:36]
.
2012-07-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2661263122-194117992-2275258509-1000UA.job
- c:\users\xxx\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-14 16:36]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://search.babylon.com/?affID=113480&tt=010712_6&babsrc=HP_ss&mntrId=a008b45b0000000000000016d4cb915c
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://www.arcor.de
mWindow Title = Arcor AG & Co. KG
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: Add to Windows &Live Favorites - hxxp://favorites.live.com/quickadd.aspx
IE: Free YouTube to MP3 Converter - c:\users\xxx\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
DPF: {85C86CCC-2158-4123-9C7D-785190CED875} - hxxps://lernboerse.arbeitsagentur.de/exklusiv/ilias/data/balihob/lm_data/httppath/dpLaunchPlugin.cab
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
URLSearchHooks-{872b5b88-9db5-4310-bdd0-ac189557e5f5} - (no file)
Toolbar-10 - (no file)
Toolbar-!{26647ca4-a2a7-4eac-8a72-761aa9141de7} - (no file)
Toolbar-!{977AE9CC-AF83-45E8-9E03-E2798216E2D5} - (no file)
Toolbar-!{DFEFCDEE-CF1A-4FC8-88AD-129872198372} - (no file)
WebBrowser-{872B5B88-9DB5-4310-BDD0-AC189557E5F5} - (no file)
HKU-Default-Run-msnmsgr - c:\program files\Windows Live\Messenger\msnmsgr.exe
AddRemove-Adobe InDesign 2.0 - c:\windows\ISUN0407.EXE
AddRemove-Adobe Photoshop 7.0 - c:\windows\ISUN0407.EXE
AddRemove-Searchqu 417 MediaBar - c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\uninstallTB.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2012-07-20 19:24
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
Scanne versteckte Dateien... 
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{6ddef664-f3c4-4c3f-9b36-77858d38808d}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:0f0016d4
"Dhcpv6State"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{75a8b7a7-9e48-488e-88c2-8fdfea9da0b5}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:12020054
"Dhcpv6State"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{9c642153-bfe0-4511-a0b6-e778ddd5ea9e}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:07001422
"Dhcpv6State"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{a68e9dec-c597-412f-9254-f7f9bafc28f8}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:09001302
"Dhcpv6State"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{af6bbb94-99d9-42ca-ba0b-28909748dce8}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:0c0016d4
"Dhcpv6State"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{f50c0996-5b4a-4c6a-a322-6e991d4caa0e}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:06001422
"Dhcpv6State"=dword:00000000
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'winlogon.exe'(852)
c:\windows\system32\eNetHook.dll
.
- - - - - - - > 'lsass.exe'(680)
c:\windows\system32\eNetHook.dll
.
Zeit der Fertigstellung: 2012-07-20  19:29:14
ComboFix-quarantined-files.txt  2012-07-20 17:28
.
Vor Suchlauf: 3.174.076.416 Bytes frei
Nach Suchlauf: 3.855.273.984 Bytes frei
.
- - End Of File - - 72E69D8DEA6BBA8F773E7650269D6FDC
         
--- --- ---

Alt 27.07.2012, 19:55   #11
markusg
/// Malware-holic
 
19 infizierte registrierungsschlüssel von malewarebytes nach tr/kazy.80623.1 gefunden - Standard

19 infizierte registrierungsschlüssel von malewarebytes nach tr/kazy.80623.1 gefunden



sorry für die wartezeit.
wie läuft das system?
lade den CCleaner standard:
CCleaner Download - CCleaner 3.21.1767
falls der CCleaner
bereits instaliert, überspringen.
instalieren, öffnen, extras, liste der instalierten programme, als txt speichern. öffnen.
hinter, jedes von dir benötigte programm, schreibe notwendig.
hinter, jedes, von dir nicht benötigte, unnötig.
hinter, dir unbekannte, unbekannt.
liste posten.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 31.07.2012, 16:50   #12
mmetzak77
 
19 infizierte registrierungsschlüssel von malewarebytes nach tr/kazy.80623.1 gefunden - Standard

19 infizierte registrierungsschlüssel von malewarebytes nach tr/kazy.80623.1 gefunden



Hallo markusg.
diesmal muss ich mich entschuldigen - komme einfach zu nichts mehr.
System läuft gut und wenn der Cleaner nur zum "aufräumen" ist, können wir uns den sparen.
Mir ist bloß wichtig Trojaner und Viren frei zu sein. Offen gestanden weiß ich auch gar nicht so recht was ich nicht brauche.
Auf jeden Fall vielen Dank für die schnelle und gründliche Hilfe
Gruß Marion

Alt 02.08.2012, 17:20   #13
markusg
/// Malware-holic
 
19 infizierte registrierungsschlüssel von malewarebytes nach tr/kazy.80623.1 gefunden - Standard

19 infizierte registrierungsschlüssel von malewarebytes nach tr/kazy.80623.1 gefunden



es ist wichtig das auszuführen
um lücken aufzuspüren um eine neuinfektion zu verhindern.
du musst doch wissen welche programme du kennst, nicht kennst oder nicht benötigst...?
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 02.08.2012, 19:06   #14
mmetzak77
 
19 infizierte registrierungsschlüssel von malewarebytes nach tr/kazy.80623.1 gefunden - Standard

19 infizierte registrierungsschlüssel von malewarebytes nach tr/kazy.80623.1 gefunden



Hallo markusg,
bei Acer und Microsoft bin ich nicht sicher was ich wirklich brauche - unbekannt sind mir nur zwei Dinge.
Nicht gekennzeichnetes ist schon immer drauf und selten genutzt.
Die Apple Anwendungen sind von meiner Tochter - ich weiß daher nicht so genau...
Ich hoffe ihr habt nicht all zu viele "Experten" wie mich...
Noch mal vielen lieben Dank - das Board ist echt genial.
Lieben Gruß
Marion

Acer Arcade Deluxe 1.0.3605a notwendig?
Acer eDataSecurity Management HiTRUST Inc. 19.01.2007 28,4MB 2.5.3028 notwendig?
Acer eLock Management Acer Inc. 18.01.2007 8,96MB 2.5.3006 notwendig?
Acer Empowering Technology Acer Inc. 19.01.2007 2.5.3003 notwendig?
Acer eNet Management Acer Inc. 19.01.2007 2.6.3002 notwendig?
Acer ePower Management Acer Inc. 19.01.2007 2.5.3007 notwendig?
Acer ePresentation Management Acer Inc. 19.01.2007 2.5.3003 notwendig?
Acer eSettings Management Acer Inc. 19.01.2007 2.5.3003 notwendig?
Acer GridVista 12.06.2007 1,28MB 2.61.102 notwendig?
Acer Mobility Center Plug-In Acer Inc. 18.01.2007 5,55MB 1.0.3003 notwendig?
Acer ScreenSaver Acer Inc. 12.06.2007 1.00.0000 notwendig?
Acer Tour Acer Inc. 19.01.2007 1.1.3006 unnötig
Adobe Flash Player 10 ActiveX Adobe Systems Incorporated 19.01.2011 440MB 10.1.102.64 notwendig
Adobe Flash Player 10 Plugin Adobe Systems Incorporated 17.08.2011 440MB 10.3.183.5 notwendig
Adobe Illustrator 10 Adobe Systems, Inc. 28.04.2010 105MB 10 notwendig
Adobe Reader 7.0 - Deutsch Adobe Systems Incorporated 25.12.2008 72,5MB 007.000.000 notwendig
Adobe Shockwave Player Adobe Systems, Inc. 11.10.2007 10.2.0.23 notwendig
Adobe SVG Viewer 3.0 Adobe Systems, Inc. 28.04.2010 4,30MB 3.0 notwendig
Apple Application Support Apple Inc. 23.04.2011 50,9MB 1.5.1 notwendig
Apple Mobile Device Support Apple Inc. 23.04.2011 21,7MB 3.4.0.25 notwendig?
Apple Software Update Apple Inc. 03.03.2011 2,25MB 2.1.2.120 notwendig?
Atheros for Acer Driver v7.2.0.127_Foxconn Installation Program Atheros 10.03.2007 4,00KB 7.1 notwendig?
Avira Free Antivirus Avira 10.07.2012 180MB 12.0.0.1125 notwendig
Axel Juncker Wortschatztrainer 21.07.2012 unnötig
Babylon toolbar on IE 06.07.2012 1,78MB notwendig
BabylonObjectInstaller Babylon Ltd 06.07.2012 2,10MB 2.0.0.3 unnötig?
Bewerbungsfoto-/Passbild-Generator v3.3a 06.01.2011 1,09MB notwendig
Bonjour Apple Inc. 23.04.2011 1,10MB 2.0.5.0 unnötig?
Broadcom Driver v4.102.15.63_Foxconn Installation Program Broadcom 11.03.2007 5.0 notwendig
CANON iMAGE GATEWAY Task for ZoomBrowser EX Canon Inc. 19.03.2010 46,2MB 1.5.0.3 notwendig
Canon Internet Library for ZoomBrowser EX Canon Inc. 19.03.2010 46,2MB 1.6.1.6
Canon RAW Image Task for ZoomBrowser EX Canon Inc. 19.03.2010 19,1MB 3.3.0.5
Canon Utilities CameraWindow Canon Inc. 19.03.2010 2,27MB 7.1.0.2
Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX Canon Inc. 19.03.2010 18,4MB 6.4.2.16
Canon Utilities Digital Photo Professional 3.4 Canon Inc. 19.03.2010 60,2MB 3.4.0.0
Canon Utilities EOS Utility Canon Inc. 19.03.2010 42,1MB 2.4.0.1
Canon Utilities MyCamera Canon Inc. 19.03.2010 15,5MB 6.4.0.5
Canon Utilities Original Data Security Tools Canon Inc. 19.03.2010 6,88MB 1.4.0.1
Canon Utilities PhotoStitch Canon Inc. 19.03.2010 6,14MB 3.1.21.45
Canon Utilities Picture Style Editor Canon Inc. 19.03.2010 61,7MB 1.3.0.0
Canon Utilities RemoteCapture Task for ZoomBrowser EX Canon Inc. 19.03.2010 16,2MB 1.7.1.9
Canon Utilities WFT-E1/E2/E3 Utility Canon Inc. 19.03.2010 2,27MB 3.2.1.1
Canon Utilities ZoomBrowser EX Canon Inc. 19.03.2010 46,2MB 6.1.1.21
Canon ZoomBrowser EX Memory Card Utility Canon Inc. 19.03.2010 19,7MB 1.1.0.8
CCleaner Piriform 24.07.2012 4,82MB 3.21
Deinstallation der Arcor Online Software Arcor AG & Co. KG 21.08.2007 6,10MB 5.0.0.6
Die Sims 2
Die Sims 2: Nightlife
Die Sims™ 2 Gute Reise Electronic Arts
Die Sims™ 2 Haustiere
Die Sims™ 2 Vier Jahreszeiten
DivX Web Player DivX,Inc. 1.4.0
DVDVideoSoftTB DE Toolbar DVDVideoSoftTB DE 15.07.2012 4,81MB 6.8.9.0
EOS USB WIA Driver Canon Inc. 19.03.2010 1,28MB 6.0.1.5
Firebird SQL Server - MAGIX Edition MAGIX AG 23.12.2007 6,73MB 2.0.0.20
Free YouTube to MP3 Converter version 3.11.26.706 DVDVideoSoft Ltd. 15.07.2012 15,2MB 3.11.26.706
GIMP 2.8.0 The GIMP Team 17.06.2012 224MB 2.8.0
Google Chrome Google Inc. 28.07.2012 189MB 20.0.1132.57
Google Desktop Google 07.07.2010 20,6MB 5.9.1005.12335
Google Earth Google 11.02.2008 66,5MB 4.2.205.5730
Google Toolbar for Internet Explorer Google Inc. 19.03.2012 9,69MB 7.3.2710.138
Google Updater Google Inc. 12.05.2009 3,59MB 2.4.1536.6592
HDAUDIO Soft Data Fax Modem with SmartCP 18.01.2007 1,01MB
ICQ6 ICQ 15.09.2007 6.00.0000
IMinent Toolbar IMinent 16.06.2012 3,37MB 3.26.0 unbekannt
Intel(R) PROSet/Wireless WiFi-Software Intel(R) Corporation 17.06.2012 78,4MB 12.02.0000
Italienisch - In 30 Tagen zum Erfolg 21.07.2012 unnötig
iTunes Apple Inc. 23.04.2011 143MB 10.2.2.12
Java(TM) 7 Update 5 Oracle 17.07.2012 99,3MB 7.0.50
K-Lite Codec Pack 6.0.4 (Basic) 15.07.2012 14,6MB 6.0.4
Launch Manager 12.06.2007 2,06MB
Lexware Elster Lexware GmbH & Co.KG 04.05.2012 38,9MB 7.73.00.0228
Lexware financial office 2009 Lexware GmbH & Co. KG 04.05.2012 528MB 13.00.00.0034
Lexware Info Service Lexware GmbH & Co. KG 04.05.2012 10,4MB 2.61.00.0033
LiveUpdate 3.2 (Symantec Corporation) Symantec Corporation 16.12.2010 19,4MB 3.2.0.68 unnötig?
LiveUpdate Notice (Symantec Corporation) Symantec Corporation 21.01.2010 7,58MB 1.4.5 unnötig?
loadtbs-2.1 16.06.2012 15,3MB unbekannt
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU Microsoft Corporation 11.08.2009 36,9MB
Microsoft .NET Framework 3.5 SP1 Microsoft Corporation 09.08.2009 36,9MB
Microsoft .NET Framework 4 Client Profile Microsoft Corporation 27.06.2010 120MB 4.0.30319
Microsoft .NET Framework 4 Client Profile DEU Language Pack Microsoft Corporation 27.06.2010 24,5MB 4.0.30319
Microsoft .NET Framework 4 Extended Microsoft Corporation 15.07.2012 38,0MB 4.0.30319
Microsoft .NET Framework 4 Extended DEU Language Pack Microsoft Corporation 15.07.2012 7,50MB 4.0.30319
Microsoft GIF Animator 30.05.2010 1,48MB
Microsoft Office 2000 Premium Microsoft Corporation 14.06.2007 116MB 9.00.2528
Microsoft Office Enterprise 2007 Microsoft Corporation 20.03.2012 691MB 12.0.6612.1000
Microsoft Office File Validation Add-In Microsoft Corporation 16.09.2011 7,95MB 14.0.5130.5003
Microsoft Office Live Add-in 1.5 Microsoft Corporation 17.06.2012 506KB 2.0.4024.1
Microsoft ReportViewer 2010 Redistributable Microsoft Corporation 01.06.2012 12,4MB 10.0.30319
Microsoft Security Essentials Microsoft Corporation 20.07.2012 19,2MB 4.0.1526.0
Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Corporation 19.10.2008 1,74MB 3.1.0000
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Corporation 30.07.2009 251KB 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 26.04.2012 2,68MB 8.0.56336
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Corporation 30.07.2009 199KB 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Corporation 19.04.2011 592KB 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 Microsoft Corporation 07.07.2011 233KB 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 03.05.2009 590KB 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 06.11.2010 589KB 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 16.06.2011 594KB 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Corporation 18.10.2011 16,5MB 10.0.40219
MSXML 4.0 SP2 (KB927978) Microsoft Corporation 13.06.2007 1,23MB 4.20.9841.0
MSXML 4.0 SP2 (KB936181) Microsoft Corporation 16.08.2007 1,26MB 4.20.9848.0
MSXML 4.0 SP2 (KB941833) Microsoft Corporation 11.10.2007 1,26MB 4.20.9849.0
MSXML 4.0 SP2 (KB954430) Microsoft Corporation 13.11.2008 1,27MB 4.20.9870.0
MSXML 4.0 SP2 (KB973688) Microsoft Corporation 26.11.2009 1,33MB 4.20.9876.0
Neopets Neopets, Inc. notwendig
NTI Backup NOW! 4.7 NewTech Infosystems 19.01.2007 4
NTI CD & DVD-Maker NewTech Infosystems 18.01.2007 40,1MB 7
NVIDIA Drivers 10.03.2007
NVIDIA PhysX NVIDIA Corporation 08.04.2010 83,7MB 9.09.1112
OpenAL 08.04.2010 764KB
PaperPort ScanSoft, Inc. 15.06.2007 52,0MB 9.02.0827
PDFCreator Frank Heindörfer, Philip Chinery 03.11.2008 30,8MB 0.9.6
PowerProducer unnötig
project dogwaffle 03.12.2008
project dogwaffle (c:\) 03.12.2008 unnötig
Qtpfsgui 1.9.3 Qtpfsgui Dev Team 06.06.2010
QuickTime Apple Inc. 03.03.2011 73,7MB 7.69.80.9
Realtek High Definition Audio Driver Realtek Semiconductor Corp. 19.01.2007 6.0.1.5334
RENESIS® Player Browser Plugins examotion® GmbH 26.04.2012 1,83MB 1.1.1 unbekannt
Shockwave 28.06.2009
SMSC Fast Infrared Driver SMSC 18.01.2007 132KB 1.00.0000
Softonic_Deutsch Toolbar 24.10.2009 9,23MB
Synaptics Pointing Device Driver Synaptics 18.01.2007 12,7MB 9.0.3.0
TIPP10 Version 2.1.0 (c) 2006-2011, Tom Thielicke IT Solutions 17.06.2012 11,5MB
WavePad Audiobearbeitungs-Software NCH Software 25.08.2011 5,03MB unnötig
Windows Live Anmelde-Assistent Microsoft Corporation 06.03.2009 1,93MB 5.000.818.6
Windows Live Favorites für Windows Live Toolbar Microsoft Corporation 19.10.2008 1,80MB 03.01.0146
Windows Live Fotogalerie Microsoft Corporation 24.10.2008 20,6MB 12.0.1329.0201
Windows Live installer Microsoft Corporation 06.04.2008 1,70MB 12.0.1471.1025
Windows Live Toolbar Microsoft Corporation 19.10.2008 6,43MB 03.01.0146
Winload Toolbar 25.07.2012 12,8MB 6.8.5.1
Freeware Download - Free Software Downloads Toolbar Freeware Download - Free Software Downloads 21.04.2012 3,96MB 6.2.2.4 unnötig

Alt 02.08.2012, 19:23   #15
markusg
/// Malware-holic
 
19 infizierte registrierungsschlüssel von malewarebytes nach tr/kazy.80623.1 gefunden - Standard

19 infizierte registrierungsschlüssel von malewarebytes nach tr/kazy.80623.1 gefunden



deinstaliere:
Adobe Flash Player alle
Adobe - Adobe Flash Player installieren
neueste version laden
adobe reader:
Adobe - Adobe Reader herunterladen - Alle Versionen
haken bei mcafee security scan raus nehmen

bitte auch mal den adobe reader wie folgt konfigurieren:
adobe reader öffnen, bearbeiten, voreinstellungen.
allgemein:
nur zertifizierte zusatz module verwenden, anhaken.
internet:
hier sollte alles deaktiviert werden, es ist sehr unsicher pdfs automatisch zu öffnen, zu downloaden etc.
es ist immer besser diese direkt abzuspeichern da man nur so die kontrolle hat was auf dem pc vor geht.
bei javascript den haken bei java script verwenden raus nehmen
bei updater, automatisch instalieren wählen.
übernehmen /ok



deinstaliere:
Axel
Babylon : weg mit toolbars, sie sind ein risiko und können nutzerdaten dafür verwenden um zb geziehlt werbung zu machen
BabylonObjectInstaller
DVDVideoSoftTB : hier gilt das selbe!
Google Toolbar
IMinent
PowerProducer
Softonic_Deutsch Toolbar
Windows Live Toolbar
Winload
Freeware Download - Free Software Downloads Toolbar
öffne ccleaner, analysieren starten
öffne otl, cleanup, pc startet neu testen wie er läuft.
und, noch mal, keine toolbars!
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Antwort

Themen zu 19 infizierte registrierungsschlüssel von malewarebytes nach tr/kazy.80623.1 gefunden
administrator, adware.smartshopper, anti-malware, autostart, bericht, browser, dateien, explorer, folge, folgen bka troyaner, free, gelöscht, helper, heuristiks/extra, heuristiks/shuriken, infizierte, internet, microsoft, quarantäne, seite, service, service pack 2, software, speicher, trojan.bho, trojaner, version, vista




Ähnliche Themen: 19 infizierte registrierungsschlüssel von malewarebytes nach tr/kazy.80623.1 gefunden


  1. bat=exe nicht gefunden! Cmd Fenster das nach Registrierungsschlüssel fragt!
    Plagegeister aller Art und deren Bekämpfung - 30.08.2014 (3)
  2. Infizierte Registrierungsschlüssel mit PUP&PUM 50% Auslastung svchost.exe
    Log-Analyse und Auswertung - 30.01.2014 (15)
  3. Malwarebytes findet Infizierte Dateien/Registrierungsschlüssel/Registrierungswerte/Verzeichnisse!
    Log-Analyse und Auswertung - 28.01.2014 (13)
  4. Infizierte Registrierungsschlüssel sowie suspicious.cloud.9.
    Plagegeister aller Art und deren Bekämpfung - 24.12.2013 (9)
  5. Infizierte Registrierungsschlüssel
    Log-Analyse und Auswertung - 20.11.2013 (11)
  6. Malwarebytes ständig infizierte Registrierungsschlüssel?
    Alles rund um Windows - 18.11.2013 (3)
  7. mehre infizierte objekte gefunden mit malewarebytes
    Plagegeister aller Art und deren Bekämpfung - 16.10.2013 (3)
  8. Windows 7, malewarebytes fund: 11 u. 28 infizierte Objekte nach einem freeware download
    Plagegeister aller Art und deren Bekämpfung - 11.08.2013 (14)
  9. Infizierte Registrierungsschlüssel und searchnu lsst sich nicht löschen
    Plagegeister aller Art und deren Bekämpfung - 02.11.2012 (2)
  10. 7 Infizierte Registrierungsschlüssel (Trojan.BHO) nach Malwarebytes Anti-Malware Scan
    Plagegeister aller Art und deren Bekämpfung - 23.10.2012 (43)
  11. Infizierte Registrierungsschlüssel: PUP.VShareRedir
    Log-Analyse und Auswertung - 22.10.2012 (39)
  12. Infizierte Registrierungsschlüssel
    Log-Analyse und Auswertung - 19.04.2012 (22)
  13. Infizierte Registrierungsschlüssel: 2
    Plagegeister aller Art und deren Bekämpfung - 16.03.2012 (1)
  14. Malwarebytes findet Spyware.Passwords / 2 infizierte Registrierungsschlüssel
    Log-Analyse und Auswertung - 06.03.2012 (15)
  15. Infizierte Registrierungsschlüssel gefunden ?!?
    Plagegeister aller Art und deren Bekämpfung - 03.12.2010 (25)
  16. Infizierte Registrierungsschlüssel und -werte
    Log-Analyse und Auswertung - 04.11.2009 (6)
  17. 91 Infizierte Registrierungsschlüssel, Trojaner etc. gefunden
    Plagegeister aller Art und deren Bekämpfung - 30.05.2009 (9)

Zum Thema 19 infizierte registrierungsschlüssel von malewarebytes nach tr/kazy.80623.1 gefunden - Hallo liebe Trojaner Bordler, nachdem ich den BKA Trojaner mit erster Hilfe der Polizei entfernt hatte versuchte ich im Internet soviel wie möglich über eventuelle Folgen zu erfahren. Leider bin - 19 infizierte registrierungsschlüssel von malewarebytes nach tr/kazy.80623.1 gefunden...
Archiv
Du betrachtest: 19 infizierte registrierungsschlüssel von malewarebytes nach tr/kazy.80623.1 gefunden auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.