| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: claro-search entfernenWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
17.11.2012, 00:58
| #1 |
 |  claro-search entfernen Hi, wie ich gelesen habe, bin ich nicht der einzige mit dem Problem des claro-search. Allerdings führen die Ratschläge nicht zu den erhofften Ergebnissen oder ich komme nicht weiter. Darum bitte hilft mir, diesen claro-search loszuwerden - Danke Bisher habe ich es über die normal Deinsatallation per Systemsteuerung ausprobiert was nichts gebracht hat. Anschließend habe ich mir spyhunter runter geladen, der auch was gefunden hat, aber man kann nur in der Vollversion Fehler beheben. Dann kam der Spybot, auch der versagte beim Problem beheben kläglich. Dann habe ich den awsMBR runtergeladen, den scan durchgeführt und den log gesichert und nun komme ich nicht mehr weiter... Was muss ich nun machen? |
|
17.11.2012, 10:57
| #2 | |
| /// TB-Ausbilder  | claro-search entfernen Ich werde dir bei deinem Problem helfen. Eine Bereinigung ist mitunter mit viel Arbeit für Dich (und mich) verbunden. Bevor es los geht, habe ich etwas Lesestoff für dich. Schritt 1: Deinstalliere Spybot! Schritt 2: AdwCleaner: Werbeprogramme suchen und löschen Schritt 3: Customscan mit OTL Schritt 4: Scan mit SecurityCheck Downloade Dir bitte SecurityCheck
__________________ |
|
17.11.2012, 14:59
| #3 |
| | claro-search entfernen ich bin jetzt bei dem Scan mit OTL und gib gerade die Häkchen an.
__________________1. ich habe nichts wo inklusive 64bit scan steht (benutze auch 32bit Version) 2. ein Haken war bei "Use No-company-Name WhiteList", ich denke der muss weg oder? |
|
17.11.2012, 15:02
| #4 |
| /// TB-Ausbilder | claro-search entfernen beides ist okay
__________________  Digitale Freibeuter gegen Malware! Keine Hilfe per PM! |
|
17.11.2012, 15:57
| #5 |
| | claro-search entfernen hier ist die Logdatei vom ADWCleaner und der securitycheck # AdwCleaner v2.007 - Datei am 17/11/2012 um 14:38:05 erstellt # Aktualisiert am 06/11/2012 von Xplode # Betriebssystem : Windows 7 Home Premium Service Pack 1 (32 bits) # Benutzer : Torben F - CHEFFE # Bootmodus : Normal # Ausgeführt unter : C:\Users\Torben F\Desktop\adwcleaner.exe # Option [Löschen] **** [Dienste] **** Gestoppt & Gelöscht : Browser Manager ***** [Dateien / Ordner] ***** Gelöscht mit Neustart : C:\ProgramData\Browser Manager Ordner Gelöscht : C:\Program Files\ICQ6Toolbar Ordner Gelöscht : C:\ProgramData\ICQ\ICQToolbar Ordner Gelöscht : C:\Users\Torben F\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Browser Manager Ordner Gelöscht : C:\Users\Torben F\AppData\Roaming\pdfforge ***** [Registrierungsdatenbank] ***** Daten Gelöscht : HKLM\..\Windows [AppInit_DLLs] = c:\progra~2\browse~1\23796~1.11\{16cdf~1\browse~1.dll Schlüssel Gelöscht : HKCU\Software\DataMngr Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9} Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings Schlüssel Gelöscht : HKLM\Software\Babylon Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap Schlüssel Gelöscht : HKLM\Software\DataMngr Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\pgafcinpmmpklohkojmllohdhomoefph Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693} Schlüssel Gelöscht : HKLM\SOFTWARE\Software Schlüssel Gelöscht : HKU\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9} Schlüssel Gelöscht : HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9} Schlüssel Gelöscht : HKU\S-1-5-21-4193105443-658353482-3685622148-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9} Wert Gelöscht : HKCU\Software\Mozilla\Firefox\Extensions [{b64982b1-d112-42b5-b1e4-d3867c4533f8}] ***** [Internet Browser] ***** -\\ Internet Explorer v9.0.8112.16421 Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - ICQ Search] = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd --> hxxp://www.google.com Gelöscht : [HKCU\Software\Microsoft\Internet Explorer\Main - bProtector Start Page] -\\ Mozilla Firefox v3.6.3 (de) Profilname : default [Profil par défaut] Datei : C:\Users\Torben F\AppData\Roaming\Mozilla\Firefox\Profiles\lnx6vjq9.default\prefs.js C:\Users\Torben F\AppData\Roaming\Mozilla\Firefox\Profiles\lnx6vjq9.default\user.js ... Gelöscht ! [OK] Die Datei ist sauber. Profilname : SafeBrowser Datei : C:\ProgramData\Kaspersky Lab\SafeBrowser\S-1-5-21-4193105443-658353482-3685622148-1000\FireFox\prefs.js [OK] Die Datei ist sauber. -\\ Google Chrome v [Version kann nicht ermittelt werden] Datei : C:\Users\Torben F\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] Die Datei ist sauber. -\\ Opera v [Version kann nicht ermittelt werden] Datei : C:\Users\Torben F\AppData\Roaming\Opera\Opera\operaprefs.ini [OK] Die Datei ist sauber. ************************* AdwCleaner[S1].txt - [3420 octets] - [17/11/2012 14:38:05] ########## EOF - C:\AdwCleaner[S1].txt - [3480 octets] ########## und nun der scan Results of screen317's Security Check version 0.99.54 Windows 7 Service Pack 1 x86 (UAC is enabled) Internet Explorer 9 ``````````````Antivirus/Firewall Check:`````````````` Kaspersky Internet Security Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` CCleaner Java(TM) 6 Update 31 Java version out of Date! Adobe Flash Player 11.4.402.287 Adobe Reader X (10.1.4) Mozilla Firefox (3.6.3) Firefox out of Date! Mozilla Thunderbird (3.1.3) Thunderbird out of Date! ````````Process Check: objlist.exe by Laurent```````` Kaspersky Lab Kaspersky Internet Security 2013 avp.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: ````````````````````End of Log`````````````````````` Wie kopiere ich die txt-Dateien OTL.txt und Extra.txt in Code tags?? |
|
17.11.2012, 19:24
| #6 | ||
| /// TB-Ausbilder | claro-search entfernen SO gehts ... Ausserdem ... Warnung: Registry-Cleaner BItte CCleaner deinstallieren oder Tip beachten.
__________________ --> claro-search entfernen |
|
18.11.2012, 14:27
| #7 |
| | claro-search entfernen so nun hier meine logdaten von OTl.exe OTL Logfile: Code:
ATTFilter OTL logfile created on: 17.11.2012 15:33:27 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Torben F\Desktop Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,13 Gb Available Physical Memory | 56,37% Memory free 4,00 Gb Paging File | 2,79 Gb Available in Paging File | 69,73% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 195,31 Gb Total Space | 97,19 Gb Free Space | 49,76% Space Free | Partition Type: NTFS Drive D: | 117,19 Gb Total Space | 110,78 Gb Free Space | 94,53% Space Free | Partition Type: NTFS Drive E: | 97,65 Gb Total Space | 96,23 Gb Free Space | 98,54% Space Free | Partition Type: NTFS Drive F: | 55,61 Gb Total Space | 38,53 Gb Free Space | 69,29% Space Free | Partition Type: NTFS Computer Name: CHEFFE | User Name: Torben F | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: On | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Torben F\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe (Kaspersky Lab ZAO) PRC - C:\Programme\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) PRC - C:\Programme\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.) PRC - C:\Programme\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.) PRC - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.) PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - D:\TomTom HOME 2\TomTomHOMEService.exe (TomTom) PRC - C:\Programme\HP\HP Photosmart 5510 series\Bin\ScanToPCActivationApp.exe (Hewlett-Packard Co.) PRC - C:\Programme\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation) PRC - C:\Programme\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH) PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation) PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation) PRC - C:\Programme\REALTEK\11n USB Wireless LAN Utility\RtWLan.exe (Realtek Semiconductor Corp.) PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation) PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation) PRC - C:\Programme\REALTEK\11n USB Wireless LAN Utility\RtlService.exe (Realtek) PRC - C:\Programme\avmwlanstick\WLanNetService.exe (AVM Berlin) PRC - C:\Windows\System32\PSIService.exe () PRC - C:\Programme\Common Files\ACD Systems\DE\DevDetect.exe (ACD Systems, Ltd.) ========== Modules (No Company Name) ========== MOD - c:\ProgramData\Browser Manager\2.3.796.11\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.dll () MOD - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\dblite.dll () MOD - C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll () MOD - C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll () MOD - C:\Programme\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF () MOD - D:\WinRAR\RarExt.dll () ========== Services (SafeList) ========== SRV - (SpyHunter 4 Service) -- C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE File not found SRV - (AVP) -- C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe (Kaspersky Lab ZAO) SRV - (Akamai) -- c:\program files\common files\akamai/netsession_win_ce5ba24.dll () SRV - (Microsoft SharePoint Workspace Audit Service) -- D:\Ms Office 2007\Office14\GROOVE.EXE (Microsoft Corporation) SRV - (Skype C2C Service) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.) SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies) SRV - (TomTomHOMEService) -- D:\TomTom HOME 2\TomTomHOMEService.exe (TomTom) SRV - (nvUpdatusService) -- C:\Programme\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation) SRV - (TeamViewer6) -- C:\Programme\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH) SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) SRV - (osppsvc) -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation) SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation) SRV - (wlidsvc) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation) SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (RtlService) -- C:\Programme\REALTEK\11n USB Wireless LAN Utility\RtlService.exe (Realtek) SRV - (Realtek11nSU) -- C:\Programme\REALTEK\11n USB Wireless LAN Utility\RtlService.exe (Realtek) SRV - (AVM WLAN Connection Service) -- C:\Programme\avmwlanstick\WLanNetService.exe (AVM Berlin) SRV - (ProtexisLicensing) -- C:\Windows\System32\PSIService.exe () ========== Driver Services (SafeList) ========== DRV - (ZTEusbser6k) -- system32\DRIVERS\ZTEusbser6k.sys File not found DRV - (ZTEusbnmea) -- system32\DRIVERS\ZTEusbnmea.sys File not found DRV - (ZTEusbmdm6k) -- system32\DRIVERS\ZTEusbmdm6k.sys File not found DRV - (PciCon) -- G:\PciCon.sys File not found DRV - (massfilter) -- system32\drivers\massfilter.sys File not found DRV - (esgiguard) -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys File not found DRV - (KLIF) -- C:\Windows\System32\drivers\klif.sys (Kaspersky Lab) DRV - (kltdi) -- C:\Windows\System32\drivers\kltdi.sys (Kaspersky Lab) DRV - (klmouflt) -- C:\Windows\System32\drivers\klmouflt.sys (Kaspersky Lab) DRV - (klkbdflt) -- C:\Windows\System32\drivers\klkbdflt.sys (Kaspersky Lab) DRV - (kneps) -- C:\Windows\System32\drivers\kneps.sys (Kaspersky Lab) DRV - (KLIM6) -- C:\Windows\System32\drivers\klim6.sys (Kaspersky Lab ZAO) DRV - (EsgScanner) -- C:\Windows\System32\drivers\EsgScanner.sys () DRV - (kl1) -- C:\Windows\System32\drivers\kl1.sys (Kaspersky Lab ZAO) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (RTL8192su) -- C:\Windows\System32\drivers\RTL8192su.sys (Realtek Semiconductor Corporation ) DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation) DRV - (NTGDT) -- C:\Windows\System32\drivers\NTGDT.SYS () DRV - (ssndis) -- C:\Windows\System32\drivers\ssndis.sys (Realtek Semiconductor Corporation) DRV - (pfc) -- C:\Windows\System32\drivers\pfc.sys (Padus, Inc.) DRV - (WSDPrintDevice) -- C:\Windows\System32\drivers\WSDPrint.sys (Microsoft Corporation) DRV - (WSDScan) -- C:\Windows\System32\drivers\WSDScan.sys (Microsoft Corporation) DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation) DRV - (RTL8187B) -- C:\Windows\System32\drivers\RTL8187B.sys (Realtek Semiconductor Corporation ) DRV - (Atc002) -- C:\Windows\System32\drivers\l260x86.sys (Atheros Communications, Inc.) DRV - (MTsensor) -- C:\Windows\System32\drivers\ASACPI.sys () DRV - (fwlanusbn) -- C:\Windows\System32\drivers\fwlanusbn.sys (AVM GmbH) DRV - (avmeject) -- C:\Windows\System32\drivers\avmeject.sys (AVM Berlin) DRV - (SPC230NC) -- C:\Windows\System32\drivers\SPC230NC.SYS (PixArt Imaging Inc.) DRV - (AsIO) -- C:\Windows\System32\drivers\AsIO.sys () DRV - (PAEAFLT.sys) -- C:\Windows\System32\drivers\PAEAFLT.sys (PixArt Imaging Incorporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-4193105443-658353482-3685622148-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.t-online.de/ IE - HKU\S-1-5-21-4193105443-658353482-3685622148-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKU\S-1-5-21-4193105443-658353482-3685622148-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKU\S-1-5-21-4193105443-658353482-3685622148-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = A4 27 DB 8C 8E 05 CB 01 [binary data] IE - HKU\S-1-5-21-4193105443-658353482-3685622148-1000\..\URLSearchHook: - No CLSID value found IE - HKU\S-1-5-21-4193105443-658353482-3685622148-1000\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} IE - HKU\S-1-5-21-4193105443-658353482-3685622148-1000\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-4193105443-658353482-3685622148-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?FORM=IEFM1&q={searchTerms}&src={referrer:source?} IE - HKU\S-1-5-21-4193105443-658353482-3685622148-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKU\S-1-5-21-4193105443-658353482-3685622148-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-4193105443-658353482-3685622148-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = fritz.box;<local>;*.local IE - HKU\S-1-5-21-4193105443-658353482-3685622148-1005\..\SearchScopes,DefaultScope = ========== FireFox ========== FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.t-online.de/" FF - prefs.js..extensions.enabledAddons: anti_banner@kaspersky.com:13.0.1.4190 FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:11.0.1.400 FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6906 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3 FF - prefs.js..extensions.enabledItems: KavAntiBanner@Kaspersky.ru:11.0.1.400 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.1.94 FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.1.94 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: D:\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: D:\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: D:\MSOFFI~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: D:\MSOFFI~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011.11.24 17:46:32 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\url_advisor@kaspersky.com: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com [2012.09.10 17:18:23 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtual_keyboard@kaspersky.com: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com [2012.09.10 17:18:23 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\content_blocker@kaspersky.com: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com [2012.09.10 17:18:11 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\anti_banner@kaspersky.com: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com [2012.09.10 17:18:11 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\online_banking@kaspersky.com: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com [2012.09.10 17:18:14 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: D:\Mozilla Firfox\components [2012.11.13 17:38:08 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: D:\Mozilla Firfox\plugins [2012.11.13 17:38:47 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.3\extensions\\Components: D:\Thunderbird\components [2012.11.13 17:38:08 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.3\extensions\\Plugins: D:\Thunderbird\plugins [2012.11.13 17:38:47 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: D:\Mozilla Firfox\components [2012.11.13 17:38:08 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: D:\Mozilla Firfox\plugins [2012.11.13 17:38:47 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 14.0\extensions\\Components: D:\Thunderbird\components [2012.11.13 17:38:08 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 14.0\extensions\\Plugins: D:\Thunderbird\plugins [2012.11.13 17:38:47 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 15.0\extensions\\Components: D:\Thunderbird\components [2012.11.13 17:38:08 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 15.0\extensions\\Plugins: D:\Thunderbird\plugins [2012.11.13 17:38:47 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 15.0.1\extensions\\Components: D:\Thunderbird\components [2012.11.13 17:38:08 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 15.0.1\extensions\\Plugins: D:\Thunderbird\plugins [2012.11.13 17:38:47 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 16.0.1\extensions\\Components: D:\Thunderbird\components [2012.11.13 17:38:08 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 16.0.1\extensions\\Plugins: D:\Thunderbird\plugins [2012.11.13 17:38:47 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Components: D:\Thunderbird\components [2012.11.13 17:38:08 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Plugins: D:\Thunderbird\plugins [2012.11.13 17:38:47 | 000,000,000 | ---D | M] [2011.03.02 12:31:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Torben F\AppData\Roaming\mozilla\Extensions [2010.09.15 16:57:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Torben F\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2011.03.02 12:31:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Torben F\AppData\Roaming\mozilla\Extensions\home2@tomtom.com [2012.11.13 17:21:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Torben F\AppData\Roaming\mozilla\Firefox\Profiles\lnx6vjq9.default\extensions [2012.11.14 23:03:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Torben F\AppData\Roaming\mozilla\Firefox\Profiles\mData\Kaspersky Lab\SafeBrowser\S-1-5-21-4193105443-658353482-3685622148-1000\FireFox\extensions [2012.07.25 21:44:10 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\Torben F\AppData\Roaming\mozilla\firefox\profiles\lnx6vjq9.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012.09.10 17:18:11 | 000,000,000 | ---D | M] (Anti-Banner) -- C:\PROGRAM FILES\KASPERSKY LAB\KASPERSKY INTERNET SECURITY 2013\FFEXT\ANTI_BANNER@KASPERSKY.COM File not found (No name found) -- C:\PROGRAMDATA\BROWSER MANAGER\2.3.796.11\{16CDFF19-861D-48E3-A751-D99A27784753}\FIREFOXEXTENSION ========== Chrome ========== CHR - homepage: hxxp://www.google.com O1 HOSTS File: ([2009.06.10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\Ms Office 2007\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - D:\Ms Office 2007\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) O3 - HKU\S-1-5-21-4193105443-658353482-3685622148-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. O3 - HKU\S-1-5-21-4193105443-658353482-3685622148-1000\..\Toolbar\WebBrowser: (no name) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - No CLSID value found. O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe (Kaspersky Lab ZAO) O4 - HKLM..\Run: [Device Detector] C:\Program Files\Common Files\ACD Systems\DE\DevDetect.exe (ACD Systems, Ltd.) O4 - HKU\S-1-5-21-4193105443-658353482-3685622148-1000..\Run: [ApplePhotoStreams] C:\Programme\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.) O4 - HKU\S-1-5-21-4193105443-658353482-3685622148-1000..\Run: [ccleaner] D:\CCleaner\CCleaner.exe (Piriform Ltd) O4 - HKU\S-1-5-21-4193105443-658353482-3685622148-1000..\Run: [HP Photosmart 5510 series (NET)] C:\Program Files\HP\HP Photosmart 5510 series\Bin\ScanToPCActivationApp.exe (Hewlett-Packard Co.) O4 - HKU\S-1-5-21-4193105443-658353482-3685622148-1000..\Run: [iCloudServices] C:\Programme\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-4193105443-658353482-3685622148-1005..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8 - Extra context menu item: An OneNote s&enden - D:\Ms Office 2007\Office14\ONBttnIE.dll (Microsoft Corporation) O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\ie_banner_deny.htm () O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - D:\Ms Office 2007\Office14\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://D:\MSOFFI~1\Office12\EXCEL.EXE/3000 File not found O9 - Extra Button: Virtuelle Tastatur - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Ms Office 2007\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Ms Office 2007\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - D:\Ms Office 2007\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - D:\Ms Office 2007\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra Button: Links untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O15 - HKU\S-1-5-21-4193105443-658353482-3685622148-1000\..Trusted Ranges: Range1 ([*] in Local intranet) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4E9668AC-8794-4EA0-9F90-B62E2FDC57C1}: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AD16723B-BB95-4368-B10D-9E079BF01575}: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E499EF9A-D485-4EF8-BAEB-FE87531F4652}: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\bw+0 {19e3fb35-f515-4ae6-bc32-1ea74914c040} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bw+0s {19e3fb35-f515-4ae6-bc32-1ea74914c040} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bw-0 {19e3fb35-f515-4ae6-bc32-1ea74914c040} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bw00 {19e3fb35-f515-4ae6-bc32-1ea74914c040} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bw00s {19e3fb35-f515-4ae6-bc32-1ea74914c040} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bw-0s {19e3fb35-f515-4ae6-bc32-1ea74914c040} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bw10 {19e3fb35-f515-4ae6-bc32-1ea74914c040} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bw10s {19e3fb35-f515-4ae6-bc32-1ea74914c040} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bw20 {19e3fb35-f515-4ae6-bc32-1ea74914c040} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bw20s {19e3fb35-f515-4ae6-bc32-1ea74914c040} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bw30 {19e3fb35-f515-4ae6-bc32-1ea74914c040} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bw30s {19e3fb35-f515-4ae6-bc32-1ea74914c040} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bw40 {19e3fb35-f515-4ae6-bc32-1ea74914c040} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bw40s {19e3fb35-f515-4ae6-bc32-1ea74914c040} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bw50 {19e3fb35-f515-4ae6-bc32-1ea74914c040} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bw50s {19e3fb35-f515-4ae6-bc32-1ea74914c040} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bw60 {19e3fb35-f515-4ae6-bc32-1ea74914c040} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bw60s {19e3fb35-f515-4ae6-bc32-1ea74914c040} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bw70 {19e3fb35-f515-4ae6-bc32-1ea74914c040} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bw70s {19e3fb35-f515-4ae6-bc32-1ea74914c040} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bw80 {19e3fb35-f515-4ae6-bc32-1ea74914c040} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bw80s {19e3fb35-f515-4ae6-bc32-1ea74914c040} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bw90 {19e3fb35-f515-4ae6-bc32-1ea74914c040} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bw90s {19e3fb35-f515-4ae6-bc32-1ea74914c040} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwa0 {19e3fb35-f515-4ae6-bc32-1ea74914c040} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwa0s {19e3fb35-f515-4ae6-bc32-1ea74914c040} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwb0 {19e3fb35-f515-4ae6-bc32-1ea74914c040} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwb0s {19e3fb35-f515-4ae6-bc32-1ea74914c040} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwc0 {19e3fb35-f515-4ae6-bc32-1ea74914c040} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwc0s {19e3fb35-f515-4ae6-bc32-1ea74914c040} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwd0 {19e3fb35-f515-4ae6-bc32-1ea74914c040} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwd0s {19e3fb35-f515-4ae6-bc32-1ea74914c040} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwe0 {19e3fb35-f515-4ae6-bc32-1ea74914c040} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwe0s {19e3fb35-f515-4ae6-bc32-1ea74914c040} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwf0 {19e3fb35-f515-4ae6-bc32-1ea74914c040} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwf0s {19e3fb35-f515-4ae6-bc32-1ea74914c040} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - D:\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwg0 {19e3fb35-f515-4ae6-bc32-1ea74914c040} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwg0s {19e3fb35-f515-4ae6-bc32-1ea74914c040} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwh0 {19e3fb35-f515-4ae6-bc32-1ea74914c040} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwh0s {19e3fb35-f515-4ae6-bc32-1ea74914c040} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwi0 {19e3fb35-f515-4ae6-bc32-1ea74914c040} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwi0s {19e3fb35-f515-4ae6-bc32-1ea74914c040} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwj0 {19e3fb35-f515-4ae6-bc32-1ea74914c040} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwj0s {19e3fb35-f515-4ae6-bc32-1ea74914c040} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwk0 {19e3fb35-f515-4ae6-bc32-1ea74914c040} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwk0s {19e3fb35-f515-4ae6-bc32-1ea74914c040} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwl0 {19e3fb35-f515-4ae6-bc32-1ea74914c040} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwl0s {19e3fb35-f515-4ae6-bc32-1ea74914c040} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwm0 {19e3fb35-f515-4ae6-bc32-1ea74914c040} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwm0s {19e3fb35-f515-4ae6-bc32-1ea74914c040} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwn0 {19e3fb35-f515-4ae6-bc32-1ea74914c040} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwn0s {19e3fb35-f515-4ae6-bc32-1ea74914c040} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwo0 {19e3fb35-f515-4ae6-bc32-1ea74914c040} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwo0s {19e3fb35-f515-4ae6-bc32-1ea74914c040} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwp0 {19e3fb35-f515-4ae6-bc32-1ea74914c040} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwp0s {19e3fb35-f515-4ae6-bc32-1ea74914c040} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwq0 {19e3fb35-f515-4ae6-bc32-1ea74914c040} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwq0s {19e3fb35-f515-4ae6-bc32-1ea74914c040} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwr0 {19e3fb35-f515-4ae6-bc32-1ea74914c040} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwr0s {19e3fb35-f515-4ae6-bc32-1ea74914c040} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bws0 {19e3fb35-f515-4ae6-bc32-1ea74914c040} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bws0s {19e3fb35-f515-4ae6-bc32-1ea74914c040} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwt0 {19e3fb35-f515-4ae6-bc32-1ea74914c040} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwt0s {19e3fb35-f515-4ae6-bc32-1ea74914c040} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwu0 {19e3fb35-f515-4ae6-bc32-1ea74914c040} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwu0s {19e3fb35-f515-4ae6-bc32-1ea74914c040} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwv0 {19e3fb35-f515-4ae6-bc32-1ea74914c040} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwv0s {19e3fb35-f515-4ae6-bc32-1ea74914c040} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bww0 {19e3fb35-f515-4ae6-bc32-1ea74914c040} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bww0s {19e3fb35-f515-4ae6-bc32-1ea74914c040} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwx0 {19e3fb35-f515-4ae6-bc32-1ea74914c040} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwx0s {19e3fb35-f515-4ae6-bc32-1ea74914c040} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwy0 {19e3fb35-f515-4ae6-bc32-1ea74914c040} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwy0s {19e3fb35-f515-4ae6-bc32-1ea74914c040} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwz0 {19e3fb35-f515-4ae6-bc32-1ea74914c040} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwz0s {19e3fb35-f515-4ae6-bc32-1ea74914c040} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) O18 - Protocol\Handler\offline-8876480 {19E3FB35-F515-4AE6-BC32-1EA74914C040} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - D:\Ms Office 2007\Office14\GROOVEEX.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2010.09.18 12:45:07 | 2183,895,927 | ---- | M] () - D:\AutoCAD2011 -- [ NTFS ] O33 - MountPoints2\{f554385e-7222-11df-8e9c-001f1f753175}\Shell - "" = AutoRun O33 - MountPoints2\{f554385e-7222-11df-8e9c-001f1f753175}\Shell\AutoRun\command - "" = N:\pushinst.exe O34 - HKLM BootExecute: (autocheck autochk /p \??\L:) O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^TrayMin230.lnk - C:\Programme\Philips\Philips SPC230NC Webcam\TrayMin230.exe - () MsConfig - StartUpReg: Philips Intelligent Agent - hkey= - key= - D:\Intelligent Agent\Philips Intelligent Agent.exe (Philips Consumer Electronics) MsConfig - StartUpReg: Sidebar - hkey= - key= - C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation) Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation) Drivers32: VIDC.ACDV - C:\Windows\System32\ACDV.dll (ACD Systems) Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.) Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.) Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.) SafeBootMin: AppMgmt - Service SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: NTDS - File not found SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vmms - Service SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: AppMgmt - Service SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: NTDS - File not found SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vmms - Service SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012.11.17 14:54:25 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Torben F\Desktop\OTL.exe [2012.11.17 00:36:58 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2012.11.16 20:25:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy [2012.11.16 20:25:32 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy [2012.11.16 17:25:32 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group [2012.11.16 17:18:34 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard [2012.11.16 06:57:15 | 000,047,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\WdfLdr.sys [2012.11.16 06:57:15 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Wdfres.dll [2012.11.16 06:56:52 | 000,172,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFPlatform.dll [2012.11.16 06:56:51 | 000,613,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFx.dll [2012.11.16 06:56:51 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFCoinstaller.dll [2012.11.16 06:56:26 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2012.11.16 06:56:25 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2012.11.16 06:56:25 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2012.11.16 06:56:25 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2012.11.16 06:56:25 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2012.11.16 06:56:24 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2012.11.16 06:56:24 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2012.11.16 06:56:23 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2012.11.16 06:42:16 | 000,175,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netcorehc.dll [2012.11.16 06:42:16 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncsi.dll [2012.11.16 06:42:16 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netevent.dll [2012.11.16 06:42:09 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\synceng.dll [2012.11.16 06:41:57 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dhcpcore6.dll [2012.11.16 06:41:57 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dhcpcsvc6.dll [2012.11.16 06:41:54 | 002,345,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2012.11.13 17:38:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime [2012.11.13 17:38:33 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime [2012.11.12 22:00:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Browser Manager [2012.11.12 21:58:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator [2012.11.12 21:58:17 | 000,662,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSCOMCT2.OCX [2012.11.12 21:58:17 | 000,137,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSMAPI32.OCX [2012.11.12 21:58:17 | 000,086,528 | ---- | C] (pdfforge GbR) -- C:\Windows\System32\pdfcmon.dll [2012.11.12 21:58:15 | 000,158,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSCMCDE.DLL [2012.11.12 21:58:15 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSCC2DE.DLL [2012.11.12 21:58:15 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSMPIDE.DLL [2012.11.12 21:58:15 | 000,000,000 | ---D | C] -- C:\Program Files\PDFCreator [2012.11.12 21:53:52 | 000,000,000 | ---D | C] -- C:\Users\Torben F\AppData\Local\Programs [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.11.17 15:30:01 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.11.17 15:01:00 | 000,000,262 | ---- | M] () -- C:\Windows\tasks\HP Photo Creations Messager.job [2012.11.17 14:54:22 | 000,015,120 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.11.17 14:54:22 | 000,015,120 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.11.17 14:54:09 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Torben F\Desktop\OTL.exe [2012.11.17 14:50:23 | 000,001,950 | ---- | M] () -- C:\Users\Torben F\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Photosmart 5510 series (Netzwerk).lnk [2012.11.17 14:48:11 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.11.17 14:47:08 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl [2012.11.17 14:47:01 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.11.17 14:47:00 | 1610,014,720 | -HS- | M] () -- C:\hiberfil.sys [2012.11.17 14:36:32 | 000,541,569 | ---- | M] () -- C:\Users\Torben F\Desktop\adwcleaner.exe [2012.11.16 16:24:43 | 000,002,292 | ---- | M] () -- C:\Users\Torben F\Desktop\Sicherer Zahlungsverkehr.lnk [2012.11.16 16:22:32 | 000,409,560 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012.11.16 07:04:50 | 000,657,570 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.11.16 07:04:50 | 000,618,846 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.11.16 07:04:50 | 000,130,942 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.11.16 07:04:50 | 000,107,166 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.11.16 06:51:04 | 000,589,144 | ---- | M] (Kaspersky Lab) -- C:\Windows\System32\drivers\klif.sys [2012.11.16 06:51:04 | 000,043,608 | ---- | M] (Kaspersky Lab) -- C:\Windows\System32\drivers\kltdi.sys [2012.11.12 21:58:21 | 000,000,995 | ---- | M] () -- C:\Users\Public\Desktop\PDFCreator.lnk [2012.10.18 18:59:05 | 002,345,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.11.17 14:37:04 | 000,541,569 | ---- | C] () -- C:\Users\Torben F\Desktop\adwcleaner.exe [2012.11.16 06:57:17 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf [2012.11.16 06:56:51 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf [2012.11.12 21:58:21 | 000,000,995 | ---- | C] () -- C:\Users\Public\Desktop\PDFCreator.lnk [2012.07.17 16:56:53 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini [2012.06.22 12:01:30 | 000,019,984 | ---- | C] () -- C:\Windows\System32\drivers\EsgScanner.sys [2012.04.17 19:10:45 | 000,037,048 | ---- | C] () -- C:\Users\Torben F\AppData\Roaming\Kommagetrennte Werte (DOS).ADR [2012.01.16 19:00:22 | 000,000,001 | R--- | C] () -- C:\Users\Torben F\serverport [2011.12.09 14:24:00 | 000,069,632 | ---- | C] () -- C:\Windows\System32\xmltok.dll [2011.12.09 14:24:00 | 000,036,864 | ---- | C] () -- C:\Windows\System32\xmlparse.dll [2011.01.03 18:09:54 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Frameworks [2011.01.03 18:09:54 | 000,000,268 | RH-- | C] () -- C:\Users\Torben F\AppData\Roaming\Folder Actions Handlers [2011.01.03 18:09:54 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLev.DAT [2011.01.03 18:09:53 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Framework [2011.01.03 18:09:53 | 000,000,268 | RH-- | C] () -- C:\Users\Torben F\AppData\Roaming\Folder Actions [2011.01.03 18:09:53 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLes.DAT [2011.01.03 18:09:50 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Fonts [2011.01.03 18:09:50 | 000,000,268 | RH-- | C] () -- C:\Users\Torben F\AppData\Roaming\Flowers [2011.01.03 18:09:50 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLet.DAT [2011.01.03 15:33:56 | 000,000,842 | ---- | C] () -- C:\Windows\System32\SPC230NC.INI [2010.10.02 08:43:02 | 000,024,064 | ---- | C] () -- C:\Users\Torben F\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.06.08 17:23:56 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2010.04.30 15:43:50 | 000,001,024 | ---- | C] () -- C:\Users\Torben F\.rnd ========== ZeroAccess Check ========== [2009.07.14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2010.11.01 13:10:39 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin [2010.06.25 23:00:45 | 000,000,000 | ---D | M] -- C:\28b2e0517941069292 [2011.06.22 23:36:08 | 000,000,000 | -HSD | M] -- C:\Boot [2012.11.17 10:19:01 | 000,000,000 | -HSD | M] -- C:\Config.Msi [2009.07.14 05:53:55 | 000,000,000 | -HSD | M] -- C:\Documents and Settings [2010.04.27 21:53:09 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen [2011.05.31 09:37:20 | 000,000,000 | RH-D | M] -- C:\MSOCache [2009.07.14 03:37:05 | 000,000,000 | ---D | M] -- C:\PerfLogs [2012.11.17 14:38:07 | 000,000,000 | R--D | M] -- C:\Program Files [2012.11.16 20:25:32 | 000,000,000 | -H-D | M] -- C:\ProgramData [2010.04.27 21:53:09 | 000,000,000 | -HSD | M] -- C:\Programme [2010.04.27 21:53:09 | 000,000,000 | -HSD | M] -- C:\Recovery [2012.11.17 15:37:39 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2012.03.06 17:55:21 | 000,000,000 | R--D | M] -- C:\Users [2012.11.17 14:52:03 | 000,000,000 | ---D | M] -- C:\Windows < %SYSTEMDRIVE%\*.* > [2012.11.17 14:38:14 | 000,003,549 | ---- | M] () -- C:\AdwCleaner[S1].txt [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () -- C:\autoexec.bat [2010.11.20 13:40:07 | 000,383,786 | RHS- | M] () -- C:\bootmgr [2010.04.27 18:29:45 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK [2009.06.10 22:42:20 | 000,000,010 | ---- | M] () -- C:\config.sys [2012.11.17 14:47:00 | 1610,014,720 | -HS- | M] () -- C:\hiberfil.sys [2010.04.30 16:30:08 | 000,000,000 | RHS- | M] () -- C:\IO.SYS [2010.04.30 16:30:08 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS [2012.11.17 14:47:00 | 2146,689,024 | -HS- | M] () -- C:\pagefile.sys [2011.01.03 15:46:22 | 000,921,632 | ---- | M] () -- C:\SPC230NC.DAT [2012.04.02 19:52:39 | 000,000,160 | ---- | M] () -- C:\TO_InstallLog.txt < %PROGRAMFILES%\*.exe > Invalid Environment Variable: PROGRAMFILES(X86) < %systemroot%\*. /mp /s > < %windir%\installer\*. /10 > [2012.11.13 17:46:47 | 000,000,000 | ---D | M] -- C:\Windows\installer\{0E64B098-8018-4256-BA23-C316A43AD9B0} [2012.11.16 07:06:45 | 000,000,000 | ---D | M] -- C:\Windows\installer\{90140000-0011-0000-0000-0000000FF1CE} [2012.11.16 07:06:19 | 000,000,000 | ---D | M] -- C:\Windows\installer\{91140000-0011-0000-0000-0000000FF1CE} [2012.11.13 17:38:39 | 000,000,000 | ---D | M] -- C:\Windows\installer\{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A} [2012.11.13 17:47:22 | 000,000,000 | ---D | M] -- C:\Windows\installer\{F5266D28-E0B2-4130-BFC5-EE155AD514DC} < %appdata%\*. > [2010.06.14 16:39:50 | 000,000,000 | ---D | M] -- C:\Users\Torben F\AppData\Roaming\ACD Systems [2010.12.22 17:09:54 | 000,000,000 | ---D | M] -- C:\Users\Torben F\AppData\Roaming\Adobe [2010.04.30 16:46:39 | 000,000,000 | ---D | M] -- C:\Users\Torben F\AppData\Roaming\AdobeUM [2011.12.06 17:35:47 | 000,000,000 | ---D | M] -- C:\Users\Torben F\AppData\Roaming\Apple Computer [2011.01.03 15:44:16 | 000,000,000 | ---D | M] -- C:\Users\Torben F\AppData\Roaming\ArcSoft [2010.09.18 15:26:42 | 000,000,000 | ---D | M] -- C:\Users\Torben F\AppData\Roaming\ASCON Installer [2012.04.20 15:16:43 | 000,000,000 | ---D | M] -- C:\Users\Torben F\AppData\Roaming\Canon [2010.06.10 15:32:51 | 000,000,000 | ---D | M] -- C:\Users\Torben F\AppData\Roaming\Corel [2010.12.23 20:51:01 | 000,000,000 | ---D | M] -- C:\Users\Torben F\AppData\Roaming\DivX [2012.10.07 15:50:00 | 000,000,000 | ---D | M] -- C:\Users\Torben F\AppData\Roaming\dvdcss [2010.04.30 16:46:15 | 000,000,000 | ---D | M] -- C:\Users\Torben F\AppData\Roaming\FileOpen [2012.04.17 19:49:59 | 000,000,000 | ---D | M] -- C:\Users\Torben F\AppData\Roaming\GoContactSyncMOD [2012.08.19 14:36:03 | 000,000,000 | ---D | M] -- C:\Users\Torben F\AppData\Roaming\HpUpdate [2012.04.23 16:17:44 | 000,000,000 | ---D | M] -- C:\Users\Torben F\AppData\Roaming\ICQ [2010.04.27 21:53:21 | 000,000,000 | ---D | M] -- C:\Users\Torben F\AppData\Roaming\Identities [2011.01.04 11:27:41 | 000,000,000 | ---D | M] -- C:\Users\Torben F\AppData\Roaming\InstallShield [2010.07.07 19:05:32 | 000,000,000 | ---D | M] -- C:\Users\Torben F\AppData\Roaming\IrfanView [2010.04.30 15:35:22 | 000,000,000 | ---D | M] -- C:\Users\Torben F\AppData\Roaming\Logitech [2010.06.07 12:43:02 | 000,000,000 | ---D | M] -- C:\Users\Torben F\AppData\Roaming\Macromedia [2009.07.14 09:56:41 | 000,000,000 | ---D | M] -- C:\Users\Torben F\AppData\Roaming\Media Center Programs [2012.04.14 16:39:55 | 000,000,000 | --SD | M] -- C:\Users\Torben F\AppData\Roaming\Microsoft [2010.06.07 12:35:49 | 000,000,000 | ---D | M] -- C:\Users\Torben F\AppData\Roaming\Mozilla [2010.04.30 15:46:46 | 000,000,000 | ---D | M] -- C:\Users\Torben F\AppData\Roaming\Nero [2011.01.04 11:26:25 | 000,000,000 | ---D | M] -- C:\Users\Torben F\AppData\Roaming\Nikon [2012.09.20 12:55:22 | 000,000,000 | ---D | M] -- C:\Users\Torben F\AppData\Roaming\Opera [2012.11.03 14:18:26 | 000,000,000 | ---D | M] -- C:\Users\Torben F\AppData\Roaming\Skype [2011.07.02 15:28:03 | 000,000,000 | ---D | M] -- C:\Users\Torben F\AppData\Roaming\skypePM [2010.09.12 15:00:35 | 000,000,000 | ---D | M] -- C:\Users\Torben F\AppData\Roaming\SolidWorks [2010.06.07 13:47:19 | 000,000,000 | ---D | M] -- C:\Users\Torben F\AppData\Roaming\T-Online [2011.01.29 16:16:50 | 000,000,000 | ---D | M] -- C:\Users\Torben F\AppData\Roaming\TeamViewer [2010.09.15 16:57:24 | 000,000,000 | ---D | M] -- C:\Users\Torben F\AppData\Roaming\Thunderbird [2011.03.02 12:31:38 | 000,000,000 | ---D | M] -- C:\Users\Torben F\AppData\Roaming\TomTom [2012.11.05 19:59:25 | 000,000,000 | ---D | M] -- C:\Users\Torben F\AppData\Roaming\vlc [2010.08.29 07:55:39 | 000,000,000 | ---D | M] -- C:\Users\Torben F\AppData\Roaming\WinRAR < %appdata%\*.* > [2011.01.03 18:09:50 | 000,000,268 | RH-- | M] () -- C:\Users\Torben F\AppData\Roaming\Flowers [2011.01.03 18:09:53 | 000,000,268 | RH-- | M] () -- C:\Users\Torben F\AppData\Roaming\Folder Actions [2011.01.03 18:09:54 | 000,000,268 | RH-- | M] () -- C:\Users\Torben F\AppData\Roaming\Folder Actions Handlers [2012.04.17 19:18:07 | 000,037,048 | ---- | M] () -- C:\Users\Torben F\AppData\Roaming\Kommagetrennte Werte (DOS).ADR < %appdata%\*.exe /s > [2010.04.30 17:03:17 | 000,010,134 | R--- | M] () -- C:\Users\Torben F\AppData\Roaming\Microsoft\Installer\{12665B01-3F3A-4433-B179-9D8E352D7547}\ARPPRODUCTICON.exe [2010.04.30 17:03:38 | 000,029,990 | R--- | M] () -- C:\Users\Torben F\AppData\Roaming\Microsoft\Installer\{17E14D89-3A9F-4706-9F9B-C2DFC7ABE94B}\ARPPRODUCTICON.exe [2012.04.17 19:48:21 | 000,353,118 | R--- | M] () -- C:\Users\Torben F\AppData\Roaming\Microsoft\Installer\{67989938-3E0E-4DFD-B2D7-E31ED4FC726C}\_853F67D554F05449430E7E.exe [2012.04.17 19:48:21 | 000,010,134 | R--- | M] () -- C:\Users\Torben F\AppData\Roaming\Microsoft\Installer\{67989938-3E0E-4DFD-B2D7-E31ED4FC726C}\_92A99803BE5A61641E7175.exe [2012.04.17 19:48:21 | 000,353,118 | R--- | M] () -- C:\Users\Torben F\AppData\Roaming\Microsoft\Installer\{67989938-3E0E-4DFD-B2D7-E31ED4FC726C}\_B0EBDAF1314EB721C85967.exe [2011.01.04 10:59:51 | 000,057,344 | R--- | M] (InstallShield Software Corp.) -- C:\Users\Torben F\AppData\Roaming\Microsoft\Installer\{87441A59-5E64-4096-A170-14EFE67200C3}\ARPPRODUCTICON.exe < %localappdata%\*. > [2010.12.21 13:17:44 | 000,000,000 | ---D | M] -- C:\Users\Torben F\AppData\Local\Adobe [2010.04.30 15:45:28 | 000,000,000 | ---D | M] -- C:\Users\Torben F\AppData\Local\Ahead [2012.08.24 13:12:20 | 000,000,000 | ---D | M] -- C:\Users\Torben F\AppData\Local\Akamai [2010.04.27 21:53:15 | 000,000,000 | -HSD | M] -- C:\Users\Torben F\AppData\Local\Anwendungsdaten [2010.06.07 12:41:46 | 000,000,000 | ---D | M] -- C:\Users\Torben F\AppData\Local\AOL [2010.06.07 13:35:41 | 000,000,000 | ---D | M] -- C:\Users\Torben F\AppData\Local\Apple [2012.10.15 16:34:29 | 000,000,000 | ---D | M] -- C:\Users\Torben F\AppData\Local\Apple Computer [2012.11.17 14:10:46 | 000,000,000 | ---D | M] -- C:\Users\Torben F\AppData\Local\B56D0D18-D487-4056-85B5-813D646F5354.aplzod [2011.11.15 18:28:34 | 000,000,000 | ---D | M] -- C:\Users\Torben F\AppData\Local\Diagnostics [2012.05.20 20:51:44 | 000,000,000 | ---D | M] -- C:\Users\Torben F\AppData\Local\ElevatedDiagnostics [2012.11.14 23:04:31 | 000,000,000 | ---D | M] -- C:\Users\Torben F\AppData\Local\Google [2012.07.17 17:07:31 | 000,000,000 | ---D | M] -- C:\Users\Torben F\AppData\Local\HP [2012.06.20 16:22:30 | 000,000,000 | ---D | M] -- C:\Users\Torben F\AppData\Local\Macromedia [2010.06.07 17:12:37 | 000,000,000 | ---D | M] -- C:\Users\Torben F\AppData\Local\MediaMonkey [2012.04.19 19:06:33 | 000,000,000 | ---D | M] -- C:\Users\Torben F\AppData\Local\Microsoft [2010.11.26 16:49:30 | 000,000,000 | ---D | M] -- C:\Users\Torben F\AppData\Local\Microsoft Games [2012.04.13 17:04:49 | 000,000,000 | ---D | M] -- C:\Users\Torben F\AppData\Local\Microsoft Help [2010.06.07 12:35:40 | 000,000,000 | ---D | M] -- C:\Users\Torben F\AppData\Local\Mozilla [2011.01.04 11:26:25 | 000,000,000 | ---D | M] -- C:\Users\Torben F\AppData\Local\Nikon [2012.09.20 12:55:22 | 000,000,000 | ---D | M] -- C:\Users\Torben F\AppData\Local\Opera [2010.11.29 18:24:49 | 000,000,000 | ---D | M] -- C:\Users\Torben F\AppData\Local\Paint.NET [2012.11.12 21:53:52 | 000,000,000 | ---D | M] -- C:\Users\Torben F\AppData\Local\Programs [2012.11.17 15:39:04 | 000,000,000 | ---D | M] -- C:\Users\Torben F\AppData\Local\Temp [2010.04.27 21:53:15 | 000,000,000 | -HSD | M] -- C:\Users\Torben F\AppData\Local\Temporary Internet Files [2010.09.15 16:57:24 | 000,000,000 | ---D | M] -- C:\Users\Torben F\AppData\Local\Thunderbird [2011.03.02 12:31:38 | 000,000,000 | ---D | M] -- C:\Users\Torben F\AppData\Local\TomTom [2010.04.27 21:53:15 | 000,000,000 | -HSD | M] -- C:\Users\Torben F\AppData\Local\Verlauf [2010.06.02 17:18:03 | 000,000,000 | ---D | M] -- C:\Users\Torben F\AppData\Local\VirtualStore < %localappdata%\*.* > [2012.02.07 19:57:52 | 000,024,064 | ---- | M] () -- C:\Users\Torben F\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.11.16 16:24:13 | 000,109,280 | ---- | M] () -- C:\Users\Torben F\AppData\Local\GDIPFONTCACHEV1.DAT [2012.11.17 14:45:57 | 002,919,903 | -H-- | M] () -- C:\Users\Torben F\AppData\Local\IconCache.db < %localappdata%\*.exe /s > [2012.08.10 17:31:24 | 002,158,896 | ---- | M] (Akamai Technologies, Inc.) -- C:\Users\Torben F\AppData\Local\Akamai\admintool.exe [2012.08.10 17:53:54 | 004,411,192 | ---- | M] (Akamai Technologies, Inc.) -- C:\Users\Torben F\AppData\Local\Akamai\ControlPanel.exe [2012.08.24 13:11:22 | 010,965,688 | ---- | M] (Akamai Technologies, Inc.) -- C:\Users\Torben F\AppData\Local\Akamai\installer_no_upload_silent.exe [2012.08.10 17:59:52 | 004,440,896 | ---- | M] (Akamai Technologies, Inc.) -- C:\Users\Torben F\AppData\Local\Akamai\netsession_win.exe [2012.08.10 17:59:50 | 006,336,304 | ---- | M] (Akamai Technologies, Inc.) -- C:\Users\Torben F\AppData\Local\Akamai\rswinui.exe [2012.08.10 17:59:52 | 002,243,384 | ---- | M] (Akamai Technologies, Inc.) -- C:\Users\Torben F\AppData\Local\Akamai\uninstall.exe [2012.11.16 17:18:07 | 032,218,264 | ---- | M] () -- C:\Users\Torben F\AppData\Local\Temp\SHSetup.exe [42 C:\Users\Torben F\AppData\Local\Temp\*.tmp files -> C:\Users\Torben F\AppData\Local\Temp\*.tmp -> ] < %allusersprofile%\*. > [2012.09.13 17:34:30 | 000,000,000 | ---D | M] -- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1 [2010.04.28 21:14:40 | 000,000,000 | ---D | M] -- C:\ProgramData\ACD Systems [2012.09.04 17:38:13 | 000,000,000 | ---D | M] -- C:\ProgramData\Adobe [2010.04.27 21:53:09 | 000,000,000 | -HSD | M] -- C:\ProgramData\Anwendungsdaten [2011.06.17 16:53:03 | 000,000,000 | ---D | M] -- C:\ProgramData\Apple [2010.06.21 17:03:46 | 000,000,000 | ---D | M] -- C:\ProgramData\Apple Computer [2009.07.14 05:53:55 | 000,000,000 | -HSD | M] -- C:\ProgramData\Application Data [2012.11.12 22:00:27 | 000,000,000 | ---D | M] -- C:\ProgramData\Browser Manager [2010.04.30 15:13:23 | 000,000,000 | -H-D | M] -- C:\ProgramData\CanonBJ [2012.01.10 22:16:56 | 000,000,000 | -H-D | M] -- C:\ProgramData\CanonEPP [2012.01.10 22:16:56 | 000,000,000 | -H-D | M] -- C:\ProgramData\CanonIJEPPEX2 [2012.04.20 15:15:36 | 000,000,000 | -H-D | M] -- C:\ProgramData\CanonIJScan [2012.01.10 22:17:01 | 000,000,000 | -H-D | M] -- C:\ProgramData\CanonIJSolutionMenuEX [2012.07.01 17:32:25 | 000,000,000 | ---D | M] -- C:\ProgramData\CanonIJWSpt [2010.04.30 17:02:52 | 000,000,000 | ---D | M] -- C:\ProgramData\Corel [2009.07.14 05:53:55 | 000,000,000 | -HSD | M] -- C:\ProgramData\Desktop [2011.11.24 17:46:36 | 000,000,000 | ---D | M] -- C:\ProgramData\DivX [2009.07.14 05:53:55 | 000,000,000 | -HSD | M] -- C:\ProgramData\Documents [2010.04.27 21:53:09 | 000,000,000 | -HSD | M] -- C:\ProgramData\Dokumente [2011.01.03 18:09:54 | 000,000,000 | ---D | M] -- C:\ProgramData\EnterNHelp [2010.04.27 21:53:09 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favoriten [2009.07.14 05:53:55 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favorites [2012.11.14 23:04:31 | 000,000,000 | ---D | M] -- C:\ProgramData\Google [2012.07.17 16:57:48 | 000,000,000 | ---D | M] -- C:\ProgramData\HP [2012.07.17 17:02:17 | 000,000,000 | ---D | M] -- C:\ProgramData\HP Photo Creations [2010.11.20 16:03:52 | 000,000,000 | ---D | M] -- C:\ProgramData\hps [2011.01.03 18:09:50 | 000,000,000 | ---D | M] -- C:\ProgramData\Hybrid Morph [2012.11.17 14:38:07 | 000,000,000 | ---D | M] -- C:\ProgramData\ICQ [2011.01.03 18:09:53 | 000,000,000 | ---D | M] -- C:\ProgramData\Images [2011.01.03 18:09:54 | 000,000,000 | ---D | M] -- C:\ProgramData\Iterate Items [2012.11.17 14:50:45 | 000,000,000 | ---D | M] -- C:\ProgramData\Kaspersky Lab [2012.09.10 17:21:15 | 000,000,000 | ---D | M] -- C:\ProgramData\Kaspersky Lab Setup Files [2010.06.29 21:38:17 | 000,000,000 | ---D | M] -- C:\ProgramData\McAfee [2011.05.30 16:27:40 | 000,000,000 | --SD | M] -- C:\ProgramData\Microsoft [2012.11.16 07:06:50 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft Help [2010.04.30 17:02:51 | 000,000,000 | ---D | M] -- C:\ProgramData\My Music [2010.10.08 12:48:31 | 000,000,000 | ---D | M] -- C:\ProgramData\Nero [2011.01.04 12:05:56 | 000,000,000 | ---D | M] -- C:\ProgramData\Nikon [2012.03.06 17:55:21 | 000,000,000 | ---D | M] -- C:\ProgramData\NVIDIA [2012.03.06 17:51:01 | 000,000,000 | ---D | M] -- C:\ProgramData\NVIDIA Corporation [2011.01.04 11:32:50 | 000,000,000 | ---D | M] -- C:\ProgramData\Philips [2012.09.20 14:53:02 | 000,000,000 | ---D | M] -- C:\ProgramData\Skype [2011.07.01 13:17:54 | 000,000,000 | ---D | M] -- C:\ProgramData\Skype Extras [2012.11.17 14:19:18 | 000,000,000 | ---D | M] -- C:\ProgramData\Spybot - Search & Destroy [2009.07.14 05:53:55 | 000,000,000 | -HSD | M] -- C:\ProgramData\Start Menu [2010.04.27 21:53:09 | 000,000,000 | -HSD | M] -- C:\ProgramData\Startmenü [2010.08.12 20:19:42 | 000,000,000 | ---D | M] -- C:\ProgramData\Sun [2010.06.07 13:45:32 | 000,000,000 | ---D | M] -- C:\ProgramData\T-Online [2009.07.14 05:53:55 | 000,000,000 | -HSD | M] -- C:\ProgramData\Templates [2011.12.13 19:30:31 | 000,000,000 | ---D | M] -- C:\ProgramData\tmp [2011.03.02 12:32:29 | 000,000,000 | ---D | M] -- C:\ProgramData\TomTom [2011.01.03 18:09:54 | 000,000,000 | ---D | M] -- C:\ProgramData\Ultima_T15 [2010.04.27 21:53:09 | 000,000,000 | -HSD | M] -- C:\ProgramData\Vorlagen [2010.06.07 13:37:32 | 000,000,000 | ---D | M] -- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521} < %allusersprofile%\*.* > [2012.07.17 16:56:53 | 000,000,057 | ---- | M] () -- C:\ProgramData\Ament.ini [2010.06.08 17:23:56 | 000,000,056 | -H-- | M] () -- C:\ProgramData\ezsidmv.dat [2011.01.03 18:09:50 | 000,000,268 | RH-- | M] () -- C:\ProgramData\Fonts [2011.01.03 18:09:53 | 000,000,268 | RH-- | M] () -- C:\ProgramData\Framework [2011.01.03 18:09:54 | 000,000,268 | RH-- | M] () -- C:\ProgramData\Frameworks [2011.01.04 10:58:20 | 000,000,020 | -H-- | M] () -- C:\ProgramData\PKP_DLes.DAT [2011.01.04 11:26:27 | 000,000,020 | -H-- | M] () -- C:\ProgramData\PKP_DLet.DAT [2011.01.04 10:58:20 | 000,000,020 | -H-- | M] () -- C:\ProgramData\PKP_DLev.DAT < %allusersprofile%\*.exe /s > [2012.08.21 12:01:28 | 001,977,816 | ---- | M] (GEAR Software, Inc.) -- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1\GEARDIFx.exe [2012.08.21 12:01:22 | 000,115,672 | ---- | M] (GEAR Software, Inc.) -- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1\x86\DifXInst32.exe [2012.01.03 08:37:53 | 000,320,456 | ---- | M] (Adobe Systems Incorporated) -- C:\ProgramData\Adobe\ARM\Reader_10.1.1\18768\AcrobatUpdater.exe [2012.01.03 08:37:53 | 000,843,712 | ---- | M] (Adobe Systems Incorporated) -- C:\ProgramData\Adobe\ARM\Reader_10.1.1\18768\AdobeARM.exe [2012.01.03 08:37:53 | 000,320,456 | ---- | M] (Adobe Systems Incorporated) -- C:\ProgramData\Adobe\ARM\Reader_10.1.1\18768\AdobeARMHelper.exe [2012.01.03 08:37:53 | 000,320,456 | ---- | M] (Adobe Systems Incorporated) -- C:\ProgramData\Adobe\ARM\Reader_10.1.1\18768\ReaderUpdater.exe [2012.01.03 08:37:53 | 000,320,456 | ---- | M] (Adobe Systems Incorporated) -- C:\ProgramData\Adobe\ARM\Reader_10.1.1\21179\AcrobatUpdater.exe [2012.01.03 08:37:53 | 000,843,712 | ---- | M] (Adobe Systems Incorporated) -- C:\ProgramData\Adobe\ARM\Reader_10.1.1\21179\AdobeARM.exe [2012.01.03 08:37:53 | 000,320,456 | ---- | M] (Adobe Systems Incorporated) -- C:\ProgramData\Adobe\ARM\Reader_10.1.1\21179\AdobeARMHelper.exe [2012.01.03 08:37:53 | 000,320,456 | ---- | M] (Adobe Systems Incorporated) -- C:\ProgramData\Adobe\ARM\Reader_10.1.1\21179\ReaderUpdater.exe [2012.01.03 08:37:53 | 000,320,456 | ---- | M] (Adobe Systems Incorporated) -- C:\ProgramData\Adobe\ARM\Reader_10.1.1\29629\AcrobatUpdater.exe [2012.01.03 08:37:53 | 000,843,712 | ---- | M] (Adobe Systems Incorporated) -- C:\ProgramData\Adobe\ARM\Reader_10.1.1\29629\AdobeARM.exe [2012.01.03 08:37:53 | 000,320,456 | ---- | M] (Adobe Systems Incorporated) -- C:\ProgramData\Adobe\ARM\Reader_10.1.1\29629\AdobeARMHelper.exe [2012.01.03 08:37:53 | 000,320,456 | ---- | M] (Adobe Systems Incorporated) -- C:\ProgramData\Adobe\ARM\Reader_10.1.1\29629\ReaderUpdater.exe [2012.09.13 17:29:12 | 000,073,624 | ---- | M] (Apple Inc.) -- C:\ProgramData\Apple Computer\Installer Cache\iTunes 10.7.0.21\SetupAdmin.exe [2011.10.06 04:00:12 | 000,073,576 | ---- | M] (Apple Inc.) -- C:\ProgramData\Apple\Installer Cache\iCloud Control Panel 1.0.1.29\SetupAdmin.exe [2011.12.06 17:34:08 | 000,073,576 | ---- | M] (Apple Inc.) -- C:\ProgramData\Apple\Installer Cache\iCloud Control Panel 1.0.2.17\SetupAdmin.exe [2012.03.14 18:07:23 | 000,073,576 | ---- | M] (Apple Inc.) -- C:\ProgramData\Apple\Installer Cache\iCloud Control Panel 1.1.0.40\SetupAdmin.exe [2012.09.25 15:52:44 | 000,073,616 | ---- | M] (Apple Inc.) -- C:\ProgramData\Apple\Installer Cache\iCloud Control Panel 2.0.2.187\SetupAdmin.exe [2010.11.21 14:50:35 | 000,056,969 | ---- | M] (DivX, Inc.) -- C:\ProgramData\DivX\ASPEncoder\Uninstaller.exe [2011.11.24 17:46:21 | 000,057,591 | ---- | M] (DivX, Inc.) -- C:\ProgramData\DivX\ControlPanel\Uninstaller.exe [2011.04.05 16:42:00 | 000,054,128 | ---- | M] (DivX, Inc.) -- C:\ProgramData\DivX\Converter\Uninstaller.exe [2011.11.24 17:46:26 | 000,063,144 | ---- | M] (DivX, LLC) -- C:\ProgramData\DivX\DesktopService\Uninstaller.exe [2010.11.21 14:51:07 | 000,054,153 | ---- | M] (DivX, Inc.) -- C:\ProgramData\DivX\DFXPlugin\Uninstaller.exe [2010.06.07 17:18:13 | 000,529,220 | ---- | M] (DivX, Inc.) -- C:\ProgramData\DivX\DivX7\DivX Converter\DivXConverterUninstall.exe [2010.06.07 17:18:17 | 000,529,220 | ---- | M] (DivX, Inc.) -- C:\ProgramData\DivX\DivX7\DivX Player\DivXPlayerUninstall.exe [2010.06.07 17:18:18 | 000,529,220 | ---- | M] (DivX, Inc.) -- C:\ProgramData\DivX\DivX7\DivX Plus DirectShow Filters\DivXDSFiltersUninstall.exe [2010.11.21 14:51:11 | 000,056,458 | ---- | M] (DivX, Inc.) -- C:\ProgramData\DivX\DivXDecoderShortcut\Uninstaller.exe [2011.11.24 17:46:36 | 000,064,957 | ---- | M] (DivX, LLC) -- C:\ProgramData\DivX\DivXPlusShortcuts\Uninstaller.exe [2011.04.05 16:42:03 | 000,062,879 | ---- | M] (DivX, LLC) -- C:\ProgramData\DivX\DSAACDecoder\Uninstaller.exe [2011.11.24 17:46:23 | 000,057,275 | ---- | M] (DivX, Inc.) -- C:\ProgramData\DivX\DSASPDecoder\Uninstaller.exe [2010.11.21 14:51:17 | 000,054,166 | ---- | M] (DivX, Inc.) -- C:\ProgramData\DivX\DSAVCDecoder\Uninstaller.exe [2011.04.05 16:42:06 | 000,057,037 | ---- | M] (DivX, Inc.) -- C:\ProgramData\DivX\DSDesktopComponents\Uninstaller.exe [2011.04.05 16:42:12 | 000,065,801 | ---- | M] (DivX, LLC) -- C:\ProgramData\DivX\MFComponents\Uninstaller.exe [2011.04.05 16:41:49 | 000,054,101 | ---- | M] (DivX, Inc.) -- C:\ProgramData\DivX\MPEG2Plugin\Uninstaller.exe [2011.11.24 17:46:16 | 000,061,667 | ---- | M] (DivX, LLC) -- C:\ProgramData\DivX\MSVC80CRTRedist\Uninstaller.exe [2011.11.24 17:46:18 | 000,063,228 | ---- | M] (DivX, Inc.) -- C:\ProgramData\DivX\OVSHelper\Uninstaller.exe [2010.11.21 14:52:16 | 000,057,736 | ---- | M] (DivX, Inc.) -- C:\ProgramData\DivX\Player\Uninstaller.exe [2011.04.05 16:41:45 | 000,054,073 | ---- | M] (DivX, Inc.) -- C:\ProgramData\DivX\Qt4.5\Uninstaller.exe [2010.11.21 14:45:19 | 000,144,696 | ---- | M] () -- C:\ProgramData\DivX\RunAsUser\RUNASUSERPROCESS.exe [2011.11.24 17:41:07 | 000,926,560 | ---- | M] (DivX, LLC) -- C:\ProgramData\DivX\Setup\DivXSetup.exe [2011.04.05 16:41:57 | 000,054,644 | ---- | M] (DivX, Inc.) -- C:\ProgramData\DivX\TranscodeEngine\Uninstaller.exe [2010.11.21 14:51:33 | 000,084,038 | ---- | M] (DivX, Inc.) -- C:\ProgramData\DivX\TransferWizard\Uninstaller.exe [2011.11.24 17:46:28 | 000,061,792 | ---- | M] (DivX, LLC) -- C:\ProgramData\DivX\Update\Uninstaller.exe [2011.11.24 17:46:34 | 000,066,441 | ---- | M] (DivX, LLC) -- C:\ProgramData\DivX\WebPlayer\Uninstaller.exe [2011.07.13 22:03:24 | 000,527,024 | ---- | M] (Google Inc.) -- C:\ProgramData\Google\Google Toolbar\Update\GoogleToolbarInstaller_updater_signed.exe [2011.02.15 11:11:00 | 000,153,768 | ---- | M] () -- C:\ProgramData\HP Photo Creations\MessageCheck.exe [2011.02.15 11:11:00 | 000,301,224 | ---- | M] (Visan / RocketLife) -- C:\ProgramData\HP Photo Creations\PhotoProductCore.exe [2011.02.15 11:11:00 | 000,158,944 | ---- | M] () -- C:\ProgramData\HP Photo Creations\PhotoProductReg.exe [2011.12.13 18:47:24 | 001,562,920 | ---- | M] () -- C:\ProgramData\hps\1320\setup_dm_Fotowelt.exe [2010.05.07 15:27:22 | 000,068,256 | ---- | M] () -- C:\ProgramData\Kaspersky Lab Setup Files\Kaspersky Internet Security 2011 11.0.0.232\German\setup.exe [2012.08.17 20:43:06 | 000,218,880 | ---- | M] (Kaspersky Lab ZAO) -- C:\ProgramData\Kaspersky Lab\AVP13\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav13\13.0.1.4190\avp.exe [2012.10.29 22:23:21 | 000,917,984 | ---- | M] () -- C:\ProgramData\Microsoft\Windows Defender\LocalCopy\{68CBF6E9-9E3E-58B5-09E0-BEA04183832B}-firefox.exe [2012.11.10 11:14:04 | 001,199,576 | ---- | M] () -- C:\ProgramData\Microsoft\Windows Defender\LocalCopy\{A3147B27-E1A3-F22A-9B9E-1589EC389439}-SpotifyWebHelper.exe [2011.05.21 06:01:00 | 000,194,152 | ---- | M] (NVIDIA Corporation) -- C:\ProgramData\NVIDIA\Updatus\WLMerger.exe [1970.01.01 01:00:00 | 000,114,886 | ---- | M] () -- C:\ProgramData\NVIDIA\Updatus\Download\3FB908F6\drsupdate.10165912_RUNASUSER.exe [2012.08.13 12:33:30 | 003,064,000 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe < > < End of report > und die von EXTRA.exe OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 17.11.2012 15:33:27 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Torben F\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,00 Gb Total Physical Memory | 1,13 Gb Available Physical Memory | 56,37% Memory free
4,00 Gb Paging File | 2,79 Gb Available in Paging File | 69,73% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 195,31 Gb Total Space | 97,19 Gb Free Space | 49,76% Space Free | Partition Type: NTFS
Drive D: | 117,19 Gb Total Space | 110,78 Gb Free Space | 94,53% Space Free | Partition Type: NTFS
Drive E: | 97,65 Gb Total Space | 96,23 Gb Free Space | 98,54% Space Free | Partition Type: NTFS
Drive F: | 55,61 Gb Total Space | 38,53 Gb Free Space | 69,29% Space Free | Partition Type: NTFS
Computer Name: CHEFFE | User Name: Torben F | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: On | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-4193105443-658353482-3685622148-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- D:\Mozilla Firfox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- "%1" %*
htmlfile [edit] -- "D:\Ms Office 2007\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "D:\Ms Office 2007\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [ACDBrowse] -- "D:\ACDSee\ACDSee\6.0\ACDSee6.exe" "%1" (ACD Systems Ltd.)
Directory [AddToPlaylistVLC] -- "D:\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with &IrfanView] -- "D:\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [CEWE FOTOSCHAU] -- "D:\dm-Fotowelt\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [dm-Fotowelt] -- "D:\dm-Fotowelt\dm-Fotowelt.exe" "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "D:\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04AA9CBE-6E36-4C56-B395-992BF87DBBB7}" = lport=139 | protocol=6 | dir=in | app=system |
"{0BB115FC-F6FD-4DA8-A997-5D2F737B024F}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{1900A1F7-D749-420A-9B22-775AF054FAC3}" = lport=445 | protocol=6 | dir=in | app=system |
"{19E64EF5-F793-44A1-8EA2-722540F05075}" = rport=445 | protocol=6 | dir=out | app=system |
"{1EB68FCD-25F4-48F3-8077-C7F100ADBE19}" = lport=6004 | protocol=17 | dir=in | app=d:\ms office 2007\office14\outlook.exe |
"{30620299-016F-48CD-A4D0-26F1DD7F5C2B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{3831BCAD-B98C-43AE-A6BF-0E233AE637DC}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4443BDEA-B256-4614-843A-373598B70149}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{4534FDEC-CF31-4C82-88B1-4EF8E6486886}" = lport=10243 | protocol=6 | dir=in | app=system |
"{4557F0FE-35BE-4859-AC20-666A5374C8B9}" = rport=137 | protocol=17 | dir=out | app=system |
"{4AB43EB4-A8E1-416D-A88F-CF5F17DA0AD5}" = rport=137 | protocol=17 | dir=out | app=system |
"{6D86848C-6471-474B-A94A-3EEDA0BE8053}" = lport=53 | protocol=17 | dir=in | name=realtek ap udp prot |
"{7148DDA0-5F99-44CD-8F58-73EAE7D2F91F}" = lport=53 | protocol=17 | dir=in | name=realtek ap udp prot |
"{7612200D-C216-4AA2-9497-7E3F0B129BAE}" = rport=10243 | protocol=6 | dir=out | app=system |
"{774552A5-7AC7-44DD-BBE9-F757B5FB4D69}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{783F40F6-3F7D-4631-A4E5-AE87BA9648AC}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{7E2F4A3B-FA59-448C-93CB-2BA801C69F55}" = lport=138 | protocol=17 | dir=in | app=system |
"{85027573-4866-47C7-A2E5-C8E19197B7AA}" = lport=2869 | protocol=6 | dir=in | app=system |
"{90817A75-C8F1-4D8F-B8D5-5CA8E20E9EB2}" = lport=1542 | protocol=17 | dir=in | name=realtek wps udp prot |
"{958F39ED-55A5-4FAF-ABF4-363D6EB89BB7}" = lport=139 | protocol=6 | dir=in | app=system |
"{97B200C5-595B-415D-90E0-792A190A4E93}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A8610C75-D044-43A4-90DE-6CBB1EAB0389}" = lport=137 | protocol=17 | dir=in | app=system |
"{A8CFDFE3-E7E0-4CD6-A5AB-A19281C5BD4B}" = rport=139 | protocol=6 | dir=out | app=system |
"{AA933EF2-91F3-438C-8EF5-9FAFC220D9FB}" = lport=445 | protocol=6 | dir=in | app=system |
"{AF279C22-D796-47D7-BC56-6DF2589845CC}" = lport=2869 | protocol=6 | dir=in | app=system |
"{B567C9B8-CF08-4BB6-BC42-C2FBEB8526F5}" = rport=138 | protocol=17 | dir=out | app=system |
"{B9399614-8DD8-4FF7-8A3F-EA2E6640076D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{BA9AAD9C-8832-41B0-B60B-DB99DD7745B2}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C4E26082-D4DC-4234-887F-09D73051FD39}" = lport=1542 | protocol=6 | dir=in | name=realtek wps tcp prot |
"{C4FCBC00-B4F5-487F-B83A-344546AC3DDE}" = rport=445 | protocol=6 | dir=out | app=system |
"{C7FF7030-4EBE-40AC-AC75-1F1CB102D15A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{CA731ED0-58A6-489A-ACC0-6CBF7D650330}" = lport=1542 | protocol=17 | dir=in | name=realtek wps udp prot |
"{CEEF7976-E1B0-4044-BC63-BD40E2640DE0}" = lport=1542 | protocol=6 | dir=in | name=realtek wps tcp prot |
"{D55A75BB-649A-4144-8F99-F645A9826EF0}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D7B6C61B-6E26-47C6-9D12-DD55D81285DB}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{ED18C42C-E346-49EA-86F2-DCD74F0C720E}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{F2D26A8E-8015-424A-A7F3-D1FB6350B542}" = lport=137 | protocol=17 | dir=in | app=system |
"{F31083BA-90AB-49AA-BF83-906B5F8C805D}" = rport=139 | protocol=6 | dir=out | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0DA7C290-5606-4253-8CCC-D01066E94CC6}" = protocol=17 | dir=in | app=c:\users\torben f\appdata\local\akamai\netsession_win.exe |
"{1476D2EC-756D-4D8F-9B81-DFCE11F648AE}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{162D3F76-7442-41C8-9755-9567FEDA2C00}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{1D2D9F68-EDE0-4BF9-8D08-30C18503DE29}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{1E5686D7-6216-4496-9EF2-8E06A6285CA1}" = protocol=17 | dir=in | app=d:\ms office 2007\office14\onenote.exe |
"{2341B49A-1BF3-4C9E-B37E-1D611C54BB22}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{26DC1F36-6297-498E-821B-B60E73416203}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{27523560-8ABA-41E2-9DFC-548CD5945DC9}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{2DF10E8A-3E17-4D59-912C-5B61D6F8C6CF}" = protocol=6 | dir=out | app=system |
"{35B35087-5460-42C9-92C7-1B00B568B076}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{37C6F628-D9A1-40AD-B724-280345296C00}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{3B6A9104-E507-442F-B19C-D674BC230442}" = protocol=6 | dir=in | app=d:\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe |
"{3DF9CBA6-5FCD-4297-AC84-E34BFFC9459F}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{42A9E870-FCE3-4AFC-A211-F5856A09EEE3}" = dir=in | app=d:\itunes\itunes.exe |
"{464D10DD-13E4-49B3-A421-1B9EDDB90521}" = protocol=17 | dir=in | app=d:\ms office 2007\office14\groove.exe |
"{57829840-ACFD-4650-A925-3E1AAA41289B}" = protocol=6 | dir=in | app=c:\program files\realtek\11n usb wireless lan utility\rtwlan.exe |
"{5F480737-3464-4D46-89D1-969F46E172AC}" = dir=in | app=c:\program files\hp\hp photosmart 5510 series\bin\hpnetworkcommunicator.exe |
"{6F45E238-5E1C-4798-BABD-3772CACC214B}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{71053B8B-54D0-4655-B07D-C54C3FDD02CD}" = dir=in | app=c:\program files\hp\hp photosmart 5510 series\bin\devicesetup.exe |
"{71DE4EDC-6BA3-4F18-8412-90335019DD4B}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version6\teamviewer_service.exe |
"{73C8D222-244F-4C84-9144-A5B7536FE5DF}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{74C5269E-4974-4AA0-9E1C-A214CA8EA338}" = protocol=17 | dir=in | app=c:\program files\realtek\11n usb wireless lan utility\rtwlan.exe |
"{79402A79-B005-4860-BCC8-3F326ADF2B89}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{828D6AED-AD1E-4FF1-8BD2-4544552224ED}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{84D11599-2337-4098-9F36-E21D6C07A152}" = protocol=6 | dir=in | app=c:\program files\icq7.6\icq.exe |
"{995A3555-E819-4CF0-A250-654A9F49421D}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{A0C0C245-5A22-41E7-8AB1-F3A7F3EDF3BC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A1333D4B-B062-4411-B9C6-578284772884}" = protocol=17 | dir=in | app=c:\program files\realtek\11n usb wireless lan utility\rtwlan.exe |
"{A4A8D8B8-DEF7-42F9-973D-EBDCA54519F1}" = protocol=6 | dir=in | app=c:\users\torben f\appdata\local\akamai\netsession_win.exe |
"{A80B6DDE-8E8F-48AD-8CE3-9F69B2597123}" = protocol=6 | dir=in | app=d:\ms office 2007\office14\onenote.exe |
"{B49DA458-F713-4BB8-B651-65AE6E6002AC}" = protocol=6 | dir=in | app=c:\program files\icq7.6\icq.exe |
"{BD1AC190-D45E-43EB-8AFC-8D543C1349C1}" = protocol=17 | dir=in | app=d:\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe |
"{C32FCB86-569C-49C1-BEEF-357988114C5A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C52CDD9B-625F-400B-A77B-914C0FCA7E08}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{C8E4CC99-C635-4355-A397-63989E52BB2F}" = protocol=6 | dir=in | app=d:\ms office 2007\office14\groove.exe |
"{D5D9AE66-FB45-48A0-9011-F2D087CDE821}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{D6A5D0D2-4074-4533-88DB-1DC6B76CA34D}" = protocol=17 | dir=in | app=c:\program files\icq7.6\icq.exe |
"{DC9D6593-D241-46CA-82E9-0BC28A0A45EF}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{DE05EFA7-C236-4CA1-B130-9BE84937ABB5}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version6\teamviewer.exe |
"{E701A045-E0E4-42B3-9FD4-712A2CB16E77}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version6\teamviewer_service.exe |
"{EEC39CAA-C1A5-4285-AD13-BCF449025799}" = protocol=17 | dir=in | app=c:\program files\icq7.6\icq.exe |
"{F309223C-4C9D-41EA-BCA0-B71C199DC249}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version6\teamviewer.exe |
"{F492EED2-0CDD-472A-83E4-2C5CE136564B}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{FC9FD8AD-78B1-4475-B09E-74A2DB08C559}" = protocol=6 | dir=in | app=c:\program files\realtek\11n usb wireless lan utility\rtwlan.exe |
"{FDBE9C7C-C4AE-422E-AA94-4B1CB2231256}" = dir=in | app=c:\program files\skype\phone\skype.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{05F350C6-FA6A-40D0-A130-FB941B39152C}" = Philips SPC230NC Webcam
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID-Anmelde-Assistent
"{0F6F6876-6334-4977-B5DD-CFC12E193420}" = iTunes
"{12665B01-3F3A-4433-B179-9D8E352D7547}" = Try Corel Snapfire muvee autoProducer add on
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{17E14D89-3A9F-4706-9F9B-C2DFC7ABE94B}" = Corel Snapfire DVD Maker
"{1ADE1AA0-7F82-4BB1-B1BD-727DE438057B}" = Cool & Quiet
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
"{295C31E5-3F91-498E-9623-DA24D2FA2B6A}" = T-Online WLAN-Access Finder
"{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}" = Logitech SetPoint
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D30AB17-69E4-4F0F-9CF8-BED11CF8716F}" = CSI-Miami
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{415FA9AD-DA10-4ABE-97B6-5051D4795C90}" = HP FWUpdateEDO2
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{560985FB-4B76-4121-9189-7A2CDC7886D6}" = Kaspersky Internet Security 2013
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{6733975E-52C9-4624-805D-36A4F79F7BBB}" = MDESIGN Roloff/Matek Edition
"{67989938-3E0E-4DFD-B2D7-E31ED4FC726C}" = GO Contact Sync Mod
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6B4AD1A9-E73A-4184-9D6B-072F8A3C5EBA}" = VoiceOver Kit
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7644E42D-B096-457F-8B5B-901238FC81AE}" = ICQ7.6
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{79FA7C3A-23E9-415B-9D5F-465DBCA59247}" = ADAC RoutenPlaner 2006/2007
"{7ADE3A47-B425-45E9-8FF6-11BE2B775645}" = Corel Snapfire Plus
"{7B63B2922B174135AFC0E1377DD81EC2}" =
"{80CCA55B-FCA8-47E2-9BFE-A24CDEE51031}" = SecurDisc Viewer
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 4.1.2
"{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie
"{87441A59-5E64-4096-A170-14EFE67200C3}" = Picture Control Utility
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8CC68433-5837-4075-B81F-EA7E4F14CE60}" = iCloud
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}" = Logitech Desktop Messenger
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A8C75F6-E5CC-47F9-962A-73FE54A8AF41}" = HP Photosmart 5510 series - Grundlegende Software für das Gerät
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C049499-055C-4a0c-A916-1D8CA1FF45EB}" = REALTEK Wireless LAN Driver and Utility
"{A7496F46-78AE-4DB2-BCF5-95F210FA6F96}" = Windows Live Movie Maker
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.3.5
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{C167A588-87AA-47BF-A88E-5B0F9A14480D}" = InterVideo DVDCopy5
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CECB7782-F35F-45CE-97C0-74BBBDC51C22}" = Webcam Video Viewer
"{D1E7142C-6BC3-49EB-A71A-E5D7ADAC7599}" = Nikon File Uploader 2
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D4DDFAA1-EC37-4529-AD5B-A433ADE68662}" = Apple Mobile Device Support
"{DDD62492-32A7-412B-8AF1-2CF032AD42E3}" = ViewNX 2
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F006F696-7D71-4118-AC02-B714980F6288}" = ACDSee for Pentax 2.0
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F5266D28-E0B2-4130-BFC5-EE155AD514DC}" = Apple Application Support
"7-Zip" = 7-Zip 4.65
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Akamai" = Akamai NetSession Interface Service
"AVMWLANCLI" = AVM FRITZ!WLAN
"CCleaner" = CCleaner
"CDex" = CDex extraction audio
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup" = DivX-Setup
"dm-Fotowelt" = dm-Fotowelt
"Formelsammlung Roloff-Matek" = Formelsammlung Roloff-Matek
"HP Photo Creations" = HP Photo Creations
"INSITU - Stahl - ME - 2004" = INSITU - Stahl - ME - 2004
"INSITU Aluminium - ME - 2004" = INSITU Aluminium - ME - 2004
"InstallWIX_{560985FB-4B76-4121-9189-7A2CDC7886D6}" = Kaspersky Internet Security 2013
"IrfanView" = IrfanView (remove only)
"MediaMonkey_is1" = MediaMonkey 3.2
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"Mozilla Thunderbird (3.1.3)" = Mozilla Thunderbird (3.1.3)
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"Philips Intelligent Agent_is1" = Philips Intelligent Agent
"Sweet Home 3D_is1" = Sweet Home 3D version 2.6
"TeamViewer 6" = TeamViewer 6
"TomTom HOME" = TomTom HOME 2.8.3.2499
"VLC media player" = VLC media player 1.0.5
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"WinZip" = WinZip
"YTdetect" = Yahoo! Detect
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-4193105443-658353482-3685622148-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface
"Mozilla Firefox 16.0.2 (x86 de)" = Mozilla Firefox 16.0.2 (x86 de)
"Mozilla Thunderbird 16.0.2 (x86 de)" = Mozilla Thunderbird 16.0.2 (x86 de)
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 01.09.2011 04:22:44 | Computer Name = cheffe | Source = Customer Experience Improvement Program | ID = 1008
Description =
Error - 01.09.2011 13:00:08 | Computer Name = cheffe | Source = Windows Backup | ID = 4103
Description =
[ System Events ]
Error - 14.11.2012 12:29:57 | Computer Name = cheffe | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits
1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt:
Neustart des Diensts.
Error - 14.11.2012 12:30:27 | Computer Name = cheffe | Source = Service Control Manager | ID = 7032
Description = Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden
des Dienstes "Windows Search" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen,
ist fehlgeschlagen. Fehler: %%1056
Error - 14.11.2012 14:57:35 | Computer Name = cheffe | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Kaspersky Anti-Virus Service" wurde unerwartet beendet.
Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000
Millisekunden durchgeführt: Neustart des Diensts.
Error - 16.11.2012 18:52:40 | Computer Name = cheffe | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?16.?11.?2012 um 23:51:13 unerwartet heruntergefahren.
Error - 16.11.2012 19:37:16 | Computer Name = cheffe | Source = Service Control Manager | ID = 7000
Description = Der Dienst "SpyHunter 4 Service" wurde aufgrund folgenden Fehlers
nicht gestartet: %%2
Error - 17.11.2012 05:19:14 | Computer Name = cheffe | Source = Service Control Manager | ID = 7000
Description = Der Dienst "SpyHunter 4 Service" wurde aufgrund folgenden Fehlers
nicht gestartet: %%2
Error - 17.11.2012 09:05:21 | Computer Name = cheffe | Source = Service Control Manager | ID = 7000
Description = Der Dienst "SpyHunter 4 Service" wurde aufgrund folgenden Fehlers
nicht gestartet: %%2
Error - 17.11.2012 09:21:02 | Computer Name = cheffe | Source = Service Control Manager | ID = 7000
Description = Der Dienst "SpyHunter 4 Service" wurde aufgrund folgenden Fehlers
nicht gestartet: %%2
Error - 17.11.2012 09:38:04 | Computer Name = cheffe | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Browser Manager" wurde unerwartet beendet. Dies ist bereits
1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt:
Neustart des Diensts.
Error - 17.11.2012 09:47:02 | Computer Name = cheffe | Source = Service Control Manager | ID = 7000
Description = Der Dienst "SpyHunter 4 Service" wurde aufgrund folgenden Fehlers
nicht gestartet: %%2
< End of report >
Ccleaner habe ich deinstalliert, den TFC kann ich jetzt einfach installieren? Wie gehts nun weiter? |
|
18.11.2012, 14:30
| #8 |
| | claro-search entfernen so nun hier meine logdaten von OTL.exe OTL Logfile: Code:
ATTFilter OTL logfile created on: 17.11.2012 15:33:27 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Torben F\Desktop Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,13 Gb Available Physical Memory | 56,37% Memory free 4,00 Gb Paging File | 2,79 Gb Available in Paging File | 69,73% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 195,31 Gb Total Space | 97,19 Gb Free Space | 49,76% Space Free | Partition Type: NTFS Drive D: | 117,19 Gb Total Space | 110,78 Gb Free Space | 94,53% Space Free | Partition Type: NTFS Drive E: | 97,65 Gb Total Space | 96,23 Gb Free Space | 98,54% Space Free | Partition Type: NTFS Drive F: | 55,61 Gb Total Space | 38,53 Gb Free Space | 69,29% Space Free | Partition Type: NTFS Computer Name: CHEFFE | User Name: Torben F | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: On | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Torben F\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe (Kaspersky Lab ZAO) PRC - C:\Programme\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) PRC - C:\Programme\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.) PRC - C:\Programme\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.) PRC - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.) PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - D:\TomTom HOME 2\TomTomHOMEService.exe (TomTom) PRC - C:\Programme\HP\HP Photosmart 5510 series\Bin\ScanToPCActivationApp.exe (Hewlett-Packard Co.) PRC - C:\Programme\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation) PRC - C:\Programme\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH) PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation) PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation) PRC - C:\Programme\REALTEK\11n USB Wireless LAN Utility\RtWLan.exe (Realtek Semiconductor Corp.) PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation) PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation) PRC - C:\Programme\REALTEK\11n USB Wireless LAN Utility\RtlService.exe (Realtek) PRC - C:\Programme\avmwlanstick\WLanNetService.exe (AVM Berlin) PRC - C:\Windows\System32\PSIService.exe () PRC - C:\Programme\Common Files\ACD Systems\DE\DevDetect.exe (ACD Systems, Ltd.) ========== Modules (No Company Name) ========== MOD - c:\ProgramData\Browser Manager\2.3.796.11\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.dll () MOD - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\dblite.dll () MOD - C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll () MOD - C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll () MOD - C:\Programme\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF () MOD - D:\WinRAR\RarExt.dll () ========== Services (SafeList) ========== SRV - (SpyHunter 4 Service) -- C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE File not found SRV - (AVP) -- C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe (Kaspersky Lab ZAO) SRV - (Akamai) -- c:\program files\common files\akamai/netsession_win_ce5ba24.dll () SRV - (Microsoft SharePoint Workspace Audit Service) -- D:\Ms Office 2007\Office14\GROOVE.EXE (Microsoft Corporation) SRV - (Skype C2C Service) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.) SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies) SRV - (TomTomHOMEService) -- D:\TomTom HOME 2\TomTomHOMEService.exe (TomTom) SRV - (nvUpdatusService) -- C:\Programme\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation) SRV - (TeamViewer6) -- C:\Programme\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH) SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) SRV - (osppsvc) -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation) SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation) SRV - (wlidsvc) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation) SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (RtlService) -- C:\Programme\REALTEK\11n USB Wireless LAN Utility\RtlService.exe (Realtek) SRV - (Realtek11nSU) -- C:\Programme\REALTEK\11n USB Wireless LAN Utility\RtlService.exe (Realtek) SRV - (AVM WLAN Connection Service) -- C:\Programme\avmwlanstick\WLanNetService.exe (AVM Berlin) SRV - (ProtexisLicensing) -- C:\Windows\System32\PSIService.exe () ========== Driver Services (SafeList) ========== DRV - (ZTEusbser6k) -- system32\DRIVERS\ZTEusbser6k.sys File not found DRV - (ZTEusbnmea) -- system32\DRIVERS\ZTEusbnmea.sys File not found DRV - (ZTEusbmdm6k) -- system32\DRIVERS\ZTEusbmdm6k.sys File not found DRV - (PciCon) -- G:\PciCon.sys File not found DRV - (massfilter) -- system32\drivers\massfilter.sys File not found DRV - (esgiguard) -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys File not found DRV - (KLIF) -- C:\Windows\System32\drivers\klif.sys (Kaspersky Lab) DRV - (kltdi) -- C:\Windows\System32\drivers\kltdi.sys (Kaspersky Lab) DRV - (klmouflt) -- C:\Windows\System32\drivers\klmouflt.sys (Kaspersky Lab) DRV - (klkbdflt) -- C:\Windows\System32\drivers\klkbdflt.sys (Kaspersky Lab) DRV - (kneps) -- C:\Windows\System32\drivers\kneps.sys (Kaspersky Lab) DRV - (KLIM6) -- C:\Windows\System32\drivers\klim6.sys (Kaspersky Lab ZAO) DRV - (EsgScanner) -- C:\Windows\System32\drivers\EsgScanner.sys () DRV - (kl1) -- C:\Windows\System32\drivers\kl1.sys (Kaspersky Lab ZAO) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (RTL8192su) -- C:\Windows\System32\drivers\RTL8192su.sys (Realtek Semiconductor Corporation ) DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation) DRV - (NTGDT) -- C:\Windows\System32\drivers\NTGDT.SYS () DRV - (ssndis) -- C:\Windows\System32\drivers\ssndis.sys (Realtek Semiconductor Corporation) DRV - (pfc) -- C:\Windows\System32\drivers\pfc.sys (Padus, Inc.) DRV - (WSDPrintDevice) -- C:\Windows\System32\drivers\WSDPrint.sys (Microsoft Corporation) DRV - (WSDScan) -- C:\Windows\System32\drivers\WSDScan.sys (Microsoft Corporation) DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation) DRV - (RTL8187B) -- C:\Windows\System32\drivers\RTL8187B.sys (Realtek Semiconductor Corporation ) DRV - (Atc002) -- C:\Windows\System32\drivers\l260x86.sys (Atheros Communications, Inc.) DRV - (MTsensor) -- C:\Windows\System32\drivers\ASACPI.sys () DRV - (fwlanusbn) -- C:\Windows\System32\drivers\fwlanusbn.sys (AVM GmbH) DRV - (avmeject) -- C:\Windows\System32\drivers\avmeject.sys (AVM Berlin) DRV - (SPC230NC) -- C:\Windows\System32\drivers\SPC230NC.SYS (PixArt Imaging Inc.) DRV - (AsIO) -- C:\Windows\System32\drivers\AsIO.sys () DRV - (PAEAFLT.sys) -- C:\Windows\System32\drivers\PAEAFLT.sys (PixArt Imaging Incorporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-4193105443-658353482-3685622148-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.t-online.de/ IE - HKU\S-1-5-21-4193105443-658353482-3685622148-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKU\S-1-5-21-4193105443-658353482-3685622148-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKU\S-1-5-21-4193105443-658353482-3685622148-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = A4 27 DB 8C 8E 05 CB 01 [binary data] IE - HKU\S-1-5-21-4193105443-658353482-3685622148-1000\..\URLSearchHook: - No CLSID value found IE - HKU\S-1-5-21-4193105443-658353482-3685622148-1000\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} IE - HKU\S-1-5-21-4193105443-658353482-3685622148-1000\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-4193105443-658353482-3685622148-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?FORM=IEFM1&q={searchTerms}&src={referrer:source?} IE - HKU\S-1-5-21-4193105443-658353482-3685622148-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKU\S-1-5-21-4193105443-658353482-3685622148-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-4193105443-658353482-3685622148-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = fritz.box;<local>;*.local IE - HKU\S-1-5-21-4193105443-658353482-3685622148-1005\..\SearchScopes,DefaultScope = ========== FireFox ========== FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.t-online.de/" FF - prefs.js..extensions.enabledAddons: anti_banner@kaspersky.com:13.0.1.4190 FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:11.0.1.400 FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6906 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3 FF - prefs.js..extensions.enabledItems: KavAntiBanner@Kaspersky.ru:11.0.1.400 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.1.94 FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.1.94 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: D:\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: D:\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: D:\MSOFFI~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: D:\MSOFFI~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011.11.24 17:46:32 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\url_advisor@kaspersky.com: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com [2012.09.10 17:18:23 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtual_keyboard@kaspersky.com: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com [2012.09.10 17:18:23 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\content_blocker@kaspersky.com: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com [2012.09.10 17:18:11 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\anti_banner@kaspersky.com: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com [2012.09.10 17:18:11 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\online_banking@kaspersky.com: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com [2012.09.10 17:18:14 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: D:\Mozilla Firfox\components [2012.11.13 17:38:08 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: D:\Mozilla Firfox\plugins [2012.11.13 17:38:47 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.3\extensions\\Components: D:\Thunderbird\components [2012.11.13 17:38:08 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.3\extensions\\Plugins: D:\Thunderbird\plugins [2012.11.13 17:38:47 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: D:\Mozilla Firfox\components [2012.11.13 17:38:08 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: D:\Mozilla Firfox\plugins [2012.11.13 17:38:47 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 14.0\extensions\\Components: D:\Thunderbird\components [2012.11.13 17:38:08 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 14.0\extensions\\Plugins: D:\Thunderbird\plugins [2012.11.13 17:38:47 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 15.0\extensions\\Components: D:\Thunderbird\components [2012.11.13 17:38:08 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 15.0\extensions\\Plugins: D:\Thunderbird\plugins [2012.11.13 17:38:47 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 15.0.1\extensions\\Components: D:\Thunderbird\components [2012.11.13 17:38:08 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 15.0.1\extensions\\Plugins: D:\Thunderbird\plugins [2012.11.13 17:38:47 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 16.0.1\extensions\\Components: D:\Thunderbird\components [2012.11.13 17:38:08 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 16.0.1\extensions\\Plugins: D:\Thunderbird\plugins [2012.11.13 17:38:47 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Components: D:\Thunderbird\components [2012.11.13 17:38:08 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Plugins: D:\Thunderbird\plugins [2012.11.13 17:38:47 | 000,000,000 | ---D | M] [2011.03.02 12:31:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Torben F\AppData\Roaming\mozilla\Extensions [2010.09.15 16:57:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Torben F\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2011.03.02 12:31:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Torben F\AppData\Roaming\mozilla\Extensions\home2@tomtom.com [2012.11.13 17:21:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Torben F\AppData\Roaming\mozilla\Firefox\Profiles\lnx6vjq9.default\extensions [2012.11.14 23:03:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Torben F\AppData\Roaming\mozilla\Firefox\Profiles\mData\Kaspersky Lab\SafeBrowser\S-1-5-21-4193105443-658353482-3685622148-1000\FireFox\extensions [2012.07.25 21:44:10 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\Torben F\AppData\Roaming\mozilla\firefox\profiles\lnx6vjq9.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012.09.10 17:18:11 | 000,000,000 | ---D | M] (Anti-Banner) -- C:\PROGRAM FILES\KASPERSKY LAB\KASPERSKY INTERNET SECURITY 2013\FFEXT\ANTI_BANNER@KASPERSKY.COM File not found (No name found) -- C:\PROGRAMDATA\BROWSER MANAGER\2.3.796.11\{16CDFF19-861D-48E3-A751-D99A27784753}\FIREFOXEXTENSION ========== Chrome ========== CHR - homepage: hxxp://www.google.com O1 HOSTS File: ([2009.06.10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\Ms Office 2007\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - D:\Ms Office 2007\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) O3 - HKU\S-1-5-21-4193105443-658353482-3685622148-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. O3 - HKU\S-1-5-21-4193105443-658353482-3685622148-1000\..\Toolbar\WebBrowser: (no name) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - No CLSID value found. O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe (Kaspersky Lab ZAO) O4 - HKLM..\Run: [Device Detector] C:\Program Files\Common Files\ACD Systems\DE\DevDetect.exe (ACD Systems, Ltd.) O4 - HKU\S-1-5-21-4193105443-658353482-3685622148-1000..\Run: [ApplePhotoStreams] C:\Programme\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.) O4 - HKU\S-1-5-21-4193105443-658353482-3685622148-1000..\Run: [ccleaner] D:\CCleaner\CCleaner.exe (Piriform Ltd) O4 - HKU\S-1-5-21-4193105443-658353482-3685622148-1000..\Run: [HP Photosmart 5510 series (NET)] C:\Program Files\HP\HP Photosmart 5510 series\Bin\ScanToPCActivationApp.exe (Hewlett-Packard Co.) O4 - HKU\S-1-5-21-4193105443-658353482-3685622148-1000..\Run: [iCloudServices] C:\Programme\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-4193105443-658353482-3685622148-1005..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8 - Extra context menu item: An OneNote s&enden - D:\Ms Office 2007\Office14\ONBttnIE.dll (Microsoft Corporation) O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\ie_banner_deny.htm () O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - D:\Ms Office 2007\Office14\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://D:\MSOFFI~1\Office12\EXCEL.EXE/3000 File not found O9 - Extra Button: Virtuelle Tastatur - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Ms Office 2007\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Ms Office 2007\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - D:\Ms Office 2007\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - D:\Ms Office 2007\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra Button: Links untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O15 - HKU\S-1-5-21-4193105443-658353482-3685622148-1000\..Trusted Ranges: Range1 ([*] in Local intranet) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4E9668AC-8794-4EA0-9F90-B62E2FDC57C1}: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AD16723B-BB95-4368-B10D-9E079BF01575}: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E499EF9A-D485-4EF8-BAEB-FE87531F4652}: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\bw+0 {19e3fb35-f515-4ae6-bc32-1ea74914c040} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bw+0s {19e3fb35-f515-4ae6-bc32-1ea74914c040} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bw-0 {19e3fb35-f515-4ae6-bc32-1ea74914c040} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bw00 {19e3fb35-f515-4ae6-bc32-1ea74914c040} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bw00s {19e3fb35-f515-4ae6-bc32-1ea74914c040} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bw-0s {19e3fb35-f515-4ae6-bc32-1ea74914c040} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bw10 {19e3fb35-f515-4ae6-bc32-1ea74914c040} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bw10s {19e3fb35-f515-4ae6-bc32-1ea74914c040} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bw20 {19e3fb35-f515-4ae6-bc32-1ea74914c040} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bw20s {19e3fb35-f515-4ae6-bc32-1ea74914c040} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bw30 {19e3fb35-f515-4ae6-bc32-1ea74914c040} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bw30s {19e3fb35-f515-4ae6-bc32-1ea74914c040} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bw40 {19e3fb35-f515-4ae6-bc32-1ea74914c040} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bw40s {19e3fb35-f515-4ae6-bc32-1ea74914c040} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bw50 {19e3fb35-f515-4ae6-bc32-1ea74914c040} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bw50s {19e3fb35-f515-4ae6-bc32-1ea74914c040} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bw60 {19e3fb35-f515-4ae6-bc32-1ea74914c040} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bw60s {19e3fb35-f515-4ae6-bc32-1ea74914c040} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bw70 {19e3fb35-f515-4ae6-bc32-1ea74914c040} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bw70s {19e3fb35-f515-4ae6-bc32-1ea74914c040} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bw80 {19e3fb35-f515-4ae6-bc32-1ea74914c040} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bw80s {19e3fb35-f515-4ae6-bc32-1ea74914c040} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bw90 {19e3fb35-f515-4ae6-bc32-1ea74914c040} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bw90s {19e3fb35-f515-4ae6-bc32-1ea74914c040} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwa0 {19e3fb35-f515-4ae6-bc32-1ea74914c040} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwa0s {19e3fb35-f515-4ae6-bc32-1ea74914c040} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwb0 {19e3fb35-f515-4ae6-bc32-1ea74914c040} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwb0s {19e3fb35-f515-4ae6-bc32-1ea74914c040} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwc0 {19e3fb35-f515-4ae6-bc32-1ea74914c040} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwc0s {19e3fb35-f515-4ae6-bc32-1ea74914c040} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwd0 {19e3fb35-f515-4ae6-bc32-1ea74914c040} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwd0s {19e3fb35-f515-4ae6-bc32-1ea74914c040} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwe0 {19e3fb35-f515-4ae6-bc32-1ea74914c040} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwe0s {19e3fb35-f515-4ae6-bc32-1ea74914c040} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwf0 {19e3fb35-f515-4ae6-bc32-1ea74914c040} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwf0s {19e3fb35-f515-4ae6-bc32-1ea74914c040} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - D:\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwg0 {19e3fb35-f515-4ae6-bc32-1ea74914c040} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwg0s {19e3fb35-f515-4ae6-bc32-1ea74914c040} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwh0 {19e3fb35-f515-4ae6-bc32-1ea74914c040} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwh0s {19e3fb35-f515-4ae6-bc32-1ea74914c040} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwi0 {19e3fb35-f515-4ae6-bc32-1ea74914c040} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwi0s {19e3fb35-f515-4ae6-bc32-1ea74914c040} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwj0 {19e3fb35-f515-4ae6-bc32-1ea74914c040} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwj0s {19e3fb35-f515-4ae6-bc32-1ea74914c040} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwk0 {19e3fb35-f515-4ae6-bc32-1ea74914c040} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwk0s {19e3fb35-f515-4ae6-bc32-1ea74914c040} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwl0 {19e3fb35-f515-4ae6-bc32-1ea74914c040} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwl0s {19e3fb35-f515-4ae6-bc32-1ea74914c040} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwm0 {19e3fb35-f515-4ae6-bc32-1ea74914c040} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwm0s {19e3fb35-f515-4ae6-bc32-1ea74914c040} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwn0 {19e3fb35-f515-4ae6-bc32-1ea74914c040} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwn0s {19e3fb35-f515-4ae6-bc32-1ea74914c040} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwo0 {19e3fb35-f515-4ae6-bc32-1ea74914c040} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwo0s {19e3fb35-f515-4ae6-bc32-1ea74914c040} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwp0 {19e3fb35-f515-4ae6-bc32-1ea74914c040} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwp0s {19e3fb35-f515-4ae6-bc32-1ea74914c040} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwq0 {19e3fb35-f515-4ae6-bc32-1ea74914c040} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwq0s {19e3fb35-f515-4ae6-bc32-1ea74914c040} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwr0 {19e3fb35-f515-4ae6-bc32-1ea74914c040} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwr0s {19e3fb35-f515-4ae6-bc32-1ea74914c040} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bws0 {19e3fb35-f515-4ae6-bc32-1ea74914c040} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bws0s {19e3fb35-f515-4ae6-bc32-1ea74914c040} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwt0 {19e3fb35-f515-4ae6-bc32-1ea74914c040} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwt0s {19e3fb35-f515-4ae6-bc32-1ea74914c040} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwu0 {19e3fb35-f515-4ae6-bc32-1ea74914c040} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwu0s {19e3fb35-f515-4ae6-bc32-1ea74914c040} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwv0 {19e3fb35-f515-4ae6-bc32-1ea74914c040} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwv0s {19e3fb35-f515-4ae6-bc32-1ea74914c040} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bww0 {19e3fb35-f515-4ae6-bc32-1ea74914c040} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bww0s {19e3fb35-f515-4ae6-bc32-1ea74914c040} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwx0 {19e3fb35-f515-4ae6-bc32-1ea74914c040} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwx0s {19e3fb35-f515-4ae6-bc32-1ea74914c040} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwy0 {19e3fb35-f515-4ae6-bc32-1ea74914c040} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwy0s {19e3fb35-f515-4ae6-bc32-1ea74914c040} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwz0 {19e3fb35-f515-4ae6-bc32-1ea74914c040} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwz0s {19e3fb35-f515-4ae6-bc32-1ea74914c040} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) O18 - Protocol\Handler\offline-8876480 {19E3FB35-F515-4AE6-BC32-1EA74914C040} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - D:\Ms Office 2007\Office14\GROOVEEX.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2010.09.18 12:45:07 | 2183,895,927 | ---- | M] () - D:\AutoCAD2011 -- [ NTFS ] O33 - MountPoints2\{f554385e-7222-11df-8e9c-001f1f753175}\Shell - "" = AutoRun O33 - MountPoints2\{f554385e-7222-11df-8e9c-001f1f753175}\Shell\AutoRun\command - "" = N:\pushinst.exe O34 - HKLM BootExecute: (autocheck autochk /p \??\L:) O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^TrayMin230.lnk - C:\Programme\Philips\Philips SPC230NC Webcam\TrayMin230.exe - () MsConfig - StartUpReg: Philips Intelligent Agent - hkey= - key= - D:\Intelligent Agent\Philips Intelligent Agent.exe (Philips Consumer Electronics) MsConfig - StartUpReg: Sidebar - hkey= - key= - C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation) Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation) Drivers32: VIDC.ACDV - C:\Windows\System32\ACDV.dll (ACD Systems) Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.) Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.) Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.) SafeBootMin: AppMgmt - Service SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: NTDS - File not found SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vmms - Service SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: AppMgmt - Service SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: NTDS - File not found SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vmms - Service SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012.11.17 14:54:25 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Torben F\Desktop\OTL.exe [2012.11.17 00:36:58 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2012.11.16 20:25:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy [2012.11.16 20:25:32 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy [2012.11.16 17:25:32 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group [2012.11.16 17:18:34 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard [2012.11.16 06:57:15 | 000,047,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\WdfLdr.sys [2012.11.16 06:57:15 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Wdfres.dll [2012.11.16 06:56:52 | 000,172,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFPlatform.dll [2012.11.16 06:56:51 | 000,613,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFx.dll [2012.11.16 06:56:51 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFCoinstaller.dll [2012.11.16 06:56:26 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2012.11.16 06:56:25 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2012.11.16 06:56:25 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2012.11.16 06:56:25 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2012.11.16 06:56:25 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2012.11.16 06:56:24 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2012.11.16 06:56:24 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2012.11.16 06:56:23 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2012.11.16 06:42:16 | 000,175,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netcorehc.dll [2012.11.16 06:42:16 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncsi.dll [2012.11.16 06:42:16 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netevent.dll [2012.11.16 06:42:09 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\synceng.dll [2012.11.16 06:41:57 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dhcpcore6.dll [2012.11.16 06:41:57 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dhcpcsvc6.dll [2012.11.16 06:41:54 | 002,345,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2012.11.13 17:38:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime [2012.11.13 17:38:33 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime [2012.11.12 22:00:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Browser Manager [2012.11.12 21:58:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator [2012.11.12 21:58:17 | 000,662,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSCOMCT2.OCX [2012.11.12 21:58:17 | 000,137,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSMAPI32.OCX [2012.11.12 21:58:17 | 000,086,528 | ---- | C] (pdfforge GbR) -- C:\Windows\System32\pdfcmon.dll [2012.11.12 21:58:15 | 000,158,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSCMCDE.DLL [2012.11.12 21:58:15 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSCC2DE.DLL [2012.11.12 21:58:15 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSMPIDE.DLL [2012.11.12 21:58:15 | 000,000,000 | ---D | C] -- C:\Program Files\PDFCreator [2012.11.12 21:53:52 | 000,000,000 | ---D | C] -- C:\Users\Torben F\AppData\Local\Programs [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.11.17 15:30:01 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.11.17 15:01:00 | 000,000,262 | ---- | M] () -- C:\Windows\tasks\HP Photo Creations Messager.job [2012.11.17 14:54:22 | 000,015,120 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.11.17 14:54:22 | 000,015,120 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.11.17 14:54:09 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Torben F\Desktop\OTL.exe [2012.11.17 14:50:23 | 000,001,950 | ---- | M] () -- C:\Users\Torben F\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Photosmart 5510 series (Netzwerk).lnk [2012.11.17 14:48:11 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.11.17 14:47:08 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl [2012.11.17 14:47:01 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.11.17 14:47:00 | 1610,014,720 | -HS- | M] () -- C:\hiberfil.sys [2012.11.17 14:36:32 | 000,541,569 | ---- | M] () -- C:\Users\Torben F\Desktop\adwcleaner.exe [2012.11.16 16:24:43 | 000,002,292 | ---- | M] () -- C:\Users\Torben F\Desktop\Sicherer Zahlungsverkehr.lnk [2012.11.16 16:22:32 | 000,409,560 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012.11.16 07:04:50 | 000,657,570 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.11.16 07:04:50 | 000,618,846 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.11.16 07:04:50 | 000,130,942 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.11.16 07:04:50 | 000,107,166 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.11.16 06:51:04 | 000,589,144 | ---- | M] (Kaspersky Lab) -- C:\Windows\System32\drivers\klif.sys [2012.11.16 06:51:04 | 000,043,608 | ---- | M] (Kaspersky Lab) -- C:\Windows\System32\drivers\kltdi.sys [2012.11.12 21:58:21 | 000,000,995 | ---- | M] () -- C:\Users\Public\Desktop\PDFCreator.lnk [2012.10.18 18:59:05 | 002,345,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.11.17 14:37:04 | 000,541,569 | ---- | C] () -- C:\Users\Torben F\Desktop\adwcleaner.exe [2012.11.16 06:57:17 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf [2012.11.16 06:56:51 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf [2012.11.12 21:58:21 | 000,000,995 | ---- | C] () -- C:\Users\Public\Desktop\PDFCreator.lnk [2012.07.17 16:56:53 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini [2012.06.22 12:01:30 | 000,019,984 | ---- | C] () -- C:\Windows\System32\drivers\EsgScanner.sys [2012.04.17 19:10:45 | 000,037,048 | ---- | C] () -- C:\Users\Torben F\AppData\Roaming\Kommagetrennte Werte (DOS).ADR [2012.01.16 19:00:22 | 000,000,001 | R--- | C] () -- C:\Users\Torben F\serverport [2011.12.09 14:24:00 | 000,069,632 | ---- | C] () -- C:\Windows\System32\xmltok.dll [2011.12.09 14:24:00 | 000,036,864 | ---- | C] () -- C:\Windows\System32\xmlparse.dll [2011.01.03 18:09:54 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Frameworks [2011.01.03 18:09:54 | 000,000,268 | RH-- | C] () -- C:\Users\Torben F\AppData\Roaming\Folder Actions Handlers [2011.01.03 18:09:54 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLev.DAT [2011.01.03 18:09:53 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Framework [2011.01.03 18:09:53 | 000,000,268 | RH-- | C] () -- C:\Users\Torben F\AppData\Roaming\Folder Actions [2011.01.03 18:09:53 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLes.DAT [2011.01.03 18:09:50 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Fonts [2011.01.03 18:09:50 | 000,000,268 | RH-- | C] () -- C:\Users\Torben F\AppData\Roaming\Flowers [2011.01.03 18:09:50 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLet.DAT [2011.01.03 15:33:56 | 000,000,842 | ---- | C] () -- C:\Windows\System32\SPC230NC.INI [2010.10.02 08:43:02 | 000,024,064 | ---- | C] () -- C:\Users\Torben F\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.06.08 17:23:56 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2010.04.30 15:43:50 | 000,001,024 | ---- | C] () -- C:\Users\Torben F\.rnd ========== ZeroAccess Check ========== [2009.07.14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2010.11.01 13:10:39 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin [2010.06.25 23:00:45 | 000,000,000 | ---D | M] -- C:\28b2e0517941069292 [2011.06.22 23:36:08 | 000,000,000 | -HSD | M] -- C:\Boot [2012.11.17 10:19:01 | 000,000,000 | -HSD | M] -- C:\Config.Msi [2009.07.14 05:53:55 | 000,000,000 | -HSD | M] -- C:\Documents and Settings [2010.04.27 21:53:09 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen [2011.05.31 09:37:20 | 000,000,000 | RH-D | M] -- C:\MSOCache [2009.07.14 03:37:05 | 000,000,000 | ---D | M] -- C:\PerfLogs [2012.11.17 14:38:07 | 000,000,000 | R--D | M] -- C:\Program Files [2012.11.16 20:25:32 | 000,000,000 | -H-D | M] -- C:\ProgramData [2010.04.27 21:53:09 | 000,000,000 | -HSD | M] -- C:\Programme [2010.04.27 21:53:09 | 000,000,000 | -HSD | M] -- C:\Recovery [2012.11.17 15:37:39 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2012.03.06 17:55:21 | 000,000,000 | R--D | M] -- C:\Users [2012.11.17 14:52:03 | 000,000,000 | ---D | M] -- C:\Windows < %SYSTEMDRIVE%\*.* > [2012.11.17 14:38:14 | 000,003,549 | ---- | M] () -- C:\AdwCleaner[S1].txt [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () -- C:\autoexec.bat [2010.11.20 13:40:07 | 000,383,786 | RHS- | M] () -- C:\bootmgr [2010.04.27 18:29:45 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK [2009.06.10 22:42:20 | 000,000,010 | ---- | M] () -- C:\config.sys [2012.11.17 14:47:00 | 1610,014,720 | -HS- | M] () -- C:\hiberfil.sys [2010.04.30 16:30:08 | 000,000,000 | RHS- | M] () -- C:\IO.SYS [2010.04.30 16:30:08 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS [2012.11.17 14:47:00 | 2146,689,024 | -HS- | M] () -- C:\pagefile.sys [2011.01.03 15:46:22 | 000,921,632 | ---- | M] () -- C:\SPC230NC.DAT [2012.04.02 19:52:39 | 000,000,160 | ---- | M] () -- C:\TO_InstallLog.txt < %PROGRAMFILES%\*.exe > Invalid Environment Variable: PROGRAMFILES(X86) < %systemroot%\*. /mp /s > < %windir%\installer\*. /10 > [2012.11.13 17:46:47 | 000,000,000 | ---D | M] -- C:\Windows\installer\{0E64B098-8018-4256-BA23-C316A43AD9B0} [2012.11.16 07:06:45 | 000,000,000 | ---D | M] -- C:\Windows\installer\{90140000-0011-0000-0000-0000000FF1CE} [2012.11.16 07:06:19 | 000,000,000 | ---D | M] -- C:\Windows\installer\{91140000-0011-0000-0000-0000000FF1CE} [2012.11.13 17:38:39 | 000,000,000 | ---D | M] -- C:\Windows\installer\{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A} [2012.11.13 17:47:22 | 000,000,000 | ---D | M] -- C:\Windows\installer\{F5266D28-E0B2-4130-BFC5-EE155AD514DC} < %appdata%\*. > [2010.06.14 16:39:50 | 000,000,000 | ---D | M] -- C:\Users\Torben F\AppData\Roaming\ACD Systems [2010.12.22 17:09:54 | 000,000,000 | ---D | M] -- C:\Users\Torben F\AppData\Roaming\Adobe [2010.04.30 16:46:39 | 000,000,000 | ---D | M] -- C:\Users\Torben F\AppData\Roaming\AdobeUM [2011.12.06 17:35:47 | 000,000,000 | ---D | M] -- C:\Users\Torben F\AppData\Roaming\Apple Computer [2011.01.03 15:44:16 | 000,000,000 | ---D | M] -- C:\Users\Torben F\AppData\Roaming\ArcSoft [2010.09.18 15:26:42 | 000,000,000 | ---D | M] -- C:\Users\Torben F\AppData\Roaming\ASCON Installer [2012.04.20 15:16:43 | 000,000,000 | ---D | M] -- C:\Users\Torben F\AppData\Roaming\Canon [2010.06.10 15:32:51 | 000,000,000 | ---D | M] -- C:\Users\Torben F\AppData\Roaming\Corel [2010.12.23 20:51:01 | 000,000,000 | ---D | M] -- C:\Users\Torben F\AppData\Roaming\DivX [2012.10.07 15:50:00 | 000,000,000 | ---D | M] -- C:\Users\Torben F\AppData\Roaming\dvdcss [2010.04.30 16:46:15 | 000,000,000 | ---D | M] -- C:\Users\Torben F\AppData\Roaming\FileOpen [2012.04.17 19:49:59 | 000,000,000 | ---D | M] -- C:\Users\Torben F\AppData\Roaming\GoContactSyncMOD [2012.08.19 14:36:03 | 000,000,000 | ---D | M] -- C:\Users\Torben F\AppData\Roaming\HpUpdate [2012.04.23 16:17:44 | 000,000,000 | ---D | M] -- C:\Users\Torben F\AppData\Roaming\ICQ [2010.04.27 21:53:21 | 000,000,000 | ---D | M] -- C:\Users\Torben F\AppData\Roaming\Identities [2011.01.04 11:27:41 | 000,000,000 | ---D | M] -- C:\Users\Torben F\AppData\Roaming\InstallShield [2010.07.07 19:05:32 | 000,000,000 | ---D | M] -- C:\Users\Torben F\AppData\Roaming\IrfanView [2010.04.30 15:35:22 | 000,000,000 | ---D | M] -- C:\Users\Torben F\AppData\Roaming\Logitech [2010.06.07 12:43:02 | 000,000,000 | ---D | M] -- C:\Users\Torben F\AppData\Roaming\Macromedia [2009.07.14 09:56:41 | 000,000,000 | ---D | M] -- C:\Users\Torben F\AppData\Roaming\Media Center Programs [2012.04.14 16:39:55 | 000,000,000 | --SD | M] -- C:\Users\Torben F\AppData\Roaming\Microsoft [2010.06.07 12:35:49 | 000,000,000 | ---D | M] -- C:\Users\Torben F\AppData\Roaming\Mozilla [2010.04.30 15:46:46 | 000,000,000 | ---D | M] -- C:\Users\Torben F\AppData\Roaming\Nero [2011.01.04 11:26:25 | 000,000,000 | ---D | M] -- C:\Users\Torben F\AppData\Roaming\Nikon [2012.09.20 12:55:22 | 000,000,000 | ---D | M] -- C:\Users\Torben F\AppData\Roaming\Opera [2012.11.03 14:18:26 | 000,000,000 | ---D | M] -- C:\Users\Torben F\AppData\Roaming\Skype [2011.07.02 15:28:03 | 000,000,000 | ---D | M] -- C:\Users\Torben F\AppData\Roaming\skypePM [2010.09.12 15:00:35 | 000,000,000 | ---D | M] -- C:\Users\Torben F\AppData\Roaming\SolidWorks [2010.06.07 13:47:19 | 000,000,000 | ---D | M] -- C:\Users\Torben F\AppData\Roaming\T-Online [2011.01.29 16:16:50 | 000,000,000 | ---D | M] -- C:\Users\Torben F\AppData\Roaming\TeamViewer [2010.09.15 16:57:24 | 000,000,000 | ---D | M] -- C:\Users\Torben F\AppData\Roaming\Thunderbird [2011.03.02 12:31:38 | 000,000,000 | ---D | M] -- C:\Users\Torben F\AppData\Roaming\TomTom [2012.11.05 19:59:25 | 000,000,000 | ---D | M] -- C:\Users\Torben F\AppData\Roaming\vlc [2010.08.29 07:55:39 | 000,000,000 | ---D | M] -- C:\Users\Torben F\AppData\Roaming\WinRAR < %appdata%\*.* > [2011.01.03 18:09:50 | 000,000,268 | RH-- | M] () -- C:\Users\Torben F\AppData\Roaming\Flowers [2011.01.03 18:09:53 | 000,000,268 | RH-- | M] () -- C:\Users\Torben F\AppData\Roaming\Folder Actions [2011.01.03 18:09:54 | 000,000,268 | RH-- | M] () -- C:\Users\Torben F\AppData\Roaming\Folder Actions Handlers [2012.04.17 19:18:07 | 000,037,048 | ---- | M] () -- C:\Users\Torben F\AppData\Roaming\Kommagetrennte Werte (DOS).ADR < %appdata%\*.exe /s > [2010.04.30 17:03:17 | 000,010,134 | R--- | M] () -- C:\Users\Torben F\AppData\Roaming\Microsoft\Installer\{12665B01-3F3A-4433-B179-9D8E352D7547}\ARPPRODUCTICON.exe [2010.04.30 17:03:38 | 000,029,990 | R--- | M] () -- C:\Users\Torben F\AppData\Roaming\Microsoft\Installer\{17E14D89-3A9F-4706-9F9B-C2DFC7ABE94B}\ARPPRODUCTICON.exe [2012.04.17 19:48:21 | 000,353,118 | R--- | M] () -- C:\Users\Torben F\AppData\Roaming\Microsoft\Installer\{67989938-3E0E-4DFD-B2D7-E31ED4FC726C}\_853F67D554F05449430E7E.exe [2012.04.17 19:48:21 | 000,010,134 | R--- | M] () -- C:\Users\Torben F\AppData\Roaming\Microsoft\Installer\{67989938-3E0E-4DFD-B2D7-E31ED4FC726C}\_92A99803BE5A61641E7175.exe [2012.04.17 19:48:21 | 000,353,118 | R--- | M] () -- C:\Users\Torben F\AppData\Roaming\Microsoft\Installer\{67989938-3E0E-4DFD-B2D7-E31ED4FC726C}\_B0EBDAF1314EB721C85967.exe [2011.01.04 10:59:51 | 000,057,344 | R--- | M] (InstallShield Software Corp.) -- C:\Users\Torben F\AppData\Roaming\Microsoft\Installer\{87441A59-5E64-4096-A170-14EFE67200C3}\ARPPRODUCTICON.exe < %localappdata%\*. > [2010.12.21 13:17:44 | 000,000,000 | ---D | M] -- C:\Users\Torben F\AppData\Local\Adobe [2010.04.30 15:45:28 | 000,000,000 | ---D | M] -- C:\Users\Torben F\AppData\Local\Ahead [2012.08.24 13:12:20 | 000,000,000 | ---D | M] -- C:\Users\Torben F\AppData\Local\Akamai [2010.04.27 21:53:15 | 000,000,000 | -HSD | M] -- C:\Users\Torben F\AppData\Local\Anwendungsdaten [2010.06.07 12:41:46 | 000,000,000 | ---D | M] -- C:\Users\Torben F\AppData\Local\AOL [2010.06.07 13:35:41 | 000,000,000 | ---D | M] -- C:\Users\Torben F\AppData\Local\Apple [2012.10.15 16:34:29 | 000,000,000 | ---D | M] -- C:\Users\Torben F\AppData\Local\Apple Computer [2012.11.17 14:10:46 | 000,000,000 | ---D | M] -- C:\Users\Torben F\AppData\Local\B56D0D18-D487-4056-85B5-813D646F5354.aplzod [2011.11.15 18:28:34 | 000,000,000 | ---D | M] -- C:\Users\Torben F\AppData\Local\Diagnostics [2012.05.20 20:51:44 | 000,000,000 | ---D | M] -- C:\Users\Torben F\AppData\Local\ElevatedDiagnostics [2012.11.14 23:04:31 | 000,000,000 | ---D | M] -- C:\Users\Torben F\AppData\Local\Google [2012.07.17 17:07:31 | 000,000,000 | ---D | M] -- C:\Users\Torben F\AppData\Local\HP [2012.06.20 16:22:30 | 000,000,000 | ---D | M] -- C:\Users\Torben F\AppData\Local\Macromedia [2010.06.07 17:12:37 | 000,000,000 | ---D | M] -- C:\Users\Torben F\AppData\Local\MediaMonkey [2012.04.19 19:06:33 | 000,000,000 | ---D | M] -- C:\Users\Torben F\AppData\Local\Microsoft [2010.11.26 16:49:30 | 000,000,000 | ---D | M] -- C:\Users\Torben F\AppData\Local\Microsoft Games [2012.04.13 17:04:49 | 000,000,000 | ---D | M] -- C:\Users\Torben F\AppData\Local\Microsoft Help [2010.06.07 12:35:40 | 000,000,000 | ---D | M] -- C:\Users\Torben F\AppData\Local\Mozilla [2011.01.04 11:26:25 | 000,000,000 | ---D | M] -- C:\Users\Torben F\AppData\Local\Nikon [2012.09.20 12:55:22 | 000,000,000 | ---D | M] -- C:\Users\Torben F\AppData\Local\Opera [2010.11.29 18:24:49 | 000,000,000 | ---D | M] -- C:\Users\Torben F\AppData\Local\Paint.NET [2012.11.12 21:53:52 | 000,000,000 | ---D | M] -- C:\Users\Torben F\AppData\Local\Programs [2012.11.17 15:39:04 | 000,000,000 | ---D | M] -- C:\Users\Torben F\AppData\Local\Temp [2010.04.27 21:53:15 | 000,000,000 | -HSD | M] -- C:\Users\Torben F\AppData\Local\Temporary Internet Files [2010.09.15 16:57:24 | 000,000,000 | ---D | M] -- C:\Users\Torben F\AppData\Local\Thunderbird [2011.03.02 12:31:38 | 000,000,000 | ---D | M] -- C:\Users\Torben F\AppData\Local\TomTom [2010.04.27 21:53:15 | 000,000,000 | -HSD | M] -- C:\Users\Torben F\AppData\Local\Verlauf [2010.06.02 17:18:03 | 000,000,000 | ---D | M] -- C:\Users\Torben F\AppData\Local\VirtualStore < %localappdata%\*.* > [2012.02.07 19:57:52 | 000,024,064 | ---- | M] () -- C:\Users\Torben F\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.11.16 16:24:13 | 000,109,280 | ---- | M] () -- C:\Users\Torben F\AppData\Local\GDIPFONTCACHEV1.DAT [2012.11.17 14:45:57 | 002,919,903 | -H-- | M] () -- C:\Users\Torben F\AppData\Local\IconCache.db < %localappdata%\*.exe /s > [2012.08.10 17:31:24 | 002,158,896 | ---- | M] (Akamai Technologies, Inc.) -- C:\Users\Torben F\AppData\Local\Akamai\admintool.exe [2012.08.10 17:53:54 | 004,411,192 | ---- | M] (Akamai Technologies, Inc.) -- C:\Users\Torben F\AppData\Local\Akamai\ControlPanel.exe [2012.08.24 13:11:22 | 010,965,688 | ---- | M] (Akamai Technologies, Inc.) -- C:\Users\Torben F\AppData\Local\Akamai\installer_no_upload_silent.exe [2012.08.10 17:59:52 | 004,440,896 | ---- | M] (Akamai Technologies, Inc.) -- C:\Users\Torben F\AppData\Local\Akamai\netsession_win.exe [2012.08.10 17:59:50 | 006,336,304 | ---- | M] (Akamai Technologies, Inc.) -- C:\Users\Torben F\AppData\Local\Akamai\rswinui.exe [2012.08.10 17:59:52 | 002,243,384 | ---- | M] (Akamai Technologies, Inc.) -- C:\Users\Torben F\AppData\Local\Akamai\uninstall.exe [2012.11.16 17:18:07 | 032,218,264 | ---- | M] () -- C:\Users\Torben F\AppData\Local\Temp\SHSetup.exe [42 C:\Users\Torben F\AppData\Local\Temp\*.tmp files -> C:\Users\Torben F\AppData\Local\Temp\*.tmp -> ] < %allusersprofile%\*. > [2012.09.13 17:34:30 | 000,000,000 | ---D | M] -- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1 [2010.04.28 21:14:40 | 000,000,000 | ---D | M] -- C:\ProgramData\ACD Systems [2012.09.04 17:38:13 | 000,000,000 | ---D | M] -- C:\ProgramData\Adobe [2010.04.27 21:53:09 | 000,000,000 | -HSD | M] -- C:\ProgramData\Anwendungsdaten [2011.06.17 16:53:03 | 000,000,000 | ---D | M] -- C:\ProgramData\Apple [2010.06.21 17:03:46 | 000,000,000 | ---D | M] -- C:\ProgramData\Apple Computer [2009.07.14 05:53:55 | 000,000,000 | -HSD | M] -- C:\ProgramData\Application Data [2012.11.12 22:00:27 | 000,000,000 | ---D | M] -- C:\ProgramData\Browser Manager [2010.04.30 15:13:23 | 000,000,000 | -H-D | M] -- C:\ProgramData\CanonBJ [2012.01.10 22:16:56 | 000,000,000 | -H-D | M] -- C:\ProgramData\CanonEPP [2012.01.10 22:16:56 | 000,000,000 | -H-D | M] -- C:\ProgramData\CanonIJEPPEX2 [2012.04.20 15:15:36 | 000,000,000 | -H-D | M] -- C:\ProgramData\CanonIJScan [2012.01.10 22:17:01 | 000,000,000 | -H-D | M] -- C:\ProgramData\CanonIJSolutionMenuEX [2012.07.01 17:32:25 | 000,000,000 | ---D | M] -- C:\ProgramData\CanonIJWSpt [2010.04.30 17:02:52 | 000,000,000 | ---D | M] -- C:\ProgramData\Corel [2009.07.14 05:53:55 | 000,000,000 | -HSD | M] -- C:\ProgramData\Desktop [2011.11.24 17:46:36 | 000,000,000 | ---D | M] -- C:\ProgramData\DivX [2009.07.14 05:53:55 | 000,000,000 | -HSD | M] -- C:\ProgramData\Documents [2010.04.27 21:53:09 | 000,000,000 | -HSD | M] -- C:\ProgramData\Dokumente [2011.01.03 18:09:54 | 000,000,000 | ---D | M] -- C:\ProgramData\EnterNHelp [2010.04.27 21:53:09 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favoriten [2009.07.14 05:53:55 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favorites [2012.11.14 23:04:31 | 000,000,000 | ---D | M] -- C:\ProgramData\Google [2012.07.17 16:57:48 | 000,000,000 | ---D | M] -- C:\ProgramData\HP [2012.07.17 17:02:17 | 000,000,000 | ---D | M] -- C:\ProgramData\HP Photo Creations [2010.11.20 16:03:52 | 000,000,000 | ---D | M] -- C:\ProgramData\hps [2011.01.03 18:09:50 | 000,000,000 | ---D | M] -- C:\ProgramData\Hybrid Morph [2012.11.17 14:38:07 | 000,000,000 | ---D | M] -- C:\ProgramData\ICQ [2011.01.03 18:09:53 | 000,000,000 | ---D | M] -- C:\ProgramData\Images [2011.01.03 18:09:54 | 000,000,000 | ---D | M] -- C:\ProgramData\Iterate Items [2012.11.17 14:50:45 | 000,000,000 | ---D | M] -- C:\ProgramData\Kaspersky Lab [2012.09.10 17:21:15 | 000,000,000 | ---D | M] -- C:\ProgramData\Kaspersky Lab Setup Files [2010.06.29 21:38:17 | 000,000,000 | ---D | M] -- C:\ProgramData\McAfee [2011.05.30 16:27:40 | 000,000,000 | --SD | M] -- C:\ProgramData\Microsoft [2012.11.16 07:06:50 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft Help [2010.04.30 17:02:51 | 000,000,000 | ---D | M] -- C:\ProgramData\My Music [2010.10.08 12:48:31 | 000,000,000 | ---D | M] -- C:\ProgramData\Nero [2011.01.04 12:05:56 | 000,000,000 | ---D | M] -- C:\ProgramData\Nikon [2012.03.06 17:55:21 | 000,000,000 | ---D | M] -- C:\ProgramData\NVIDIA [2012.03.06 17:51:01 | 000,000,000 | ---D | M] -- C:\ProgramData\NVIDIA Corporation [2011.01.04 11:32:50 | 000,000,000 | ---D | M] -- C:\ProgramData\Philips [2012.09.20 14:53:02 | 000,000,000 | ---D | M] -- C:\ProgramData\Skype [2011.07.01 13:17:54 | 000,000,000 | ---D | M] -- C:\ProgramData\Skype Extras [2012.11.17 14:19:18 | 000,000,000 | ---D | M] -- C:\ProgramData\Spybot - Search & Destroy [2009.07.14 05:53:55 | 000,000,000 | -HSD | M] -- C:\ProgramData\Start Menu [2010.04.27 21:53:09 | 000,000,000 | -HSD | M] -- C:\ProgramData\Startmenü [2010.08.12 20:19:42 | 000,000,000 | ---D | M] -- C:\ProgramData\Sun [2010.06.07 13:45:32 | 000,000,000 | ---D | M] -- C:\ProgramData\T-Online [2009.07.14 05:53:55 | 000,000,000 | -HSD | M] -- C:\ProgramData\Templates [2011.12.13 19:30:31 | 000,000,000 | ---D | M] -- C:\ProgramData\tmp [2011.03.02 12:32:29 | 000,000,000 | ---D | M] -- C:\ProgramData\TomTom [2011.01.03 18:09:54 | 000,000,000 | ---D | M] -- C:\ProgramData\Ultima_T15 [2010.04.27 21:53:09 | 000,000,000 | -HSD | M] -- C:\ProgramData\Vorlagen [2010.06.07 13:37:32 | 000,000,000 | ---D | M] -- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521} < %allusersprofile%\*.* > [2012.07.17 16:56:53 | 000,000,057 | ---- | M] () -- C:\ProgramData\Ament.ini [2010.06.08 17:23:56 | 000,000,056 | -H-- | M] () -- C:\ProgramData\ezsidmv.dat [2011.01.03 18:09:50 | 000,000,268 | RH-- | M] () -- C:\ProgramData\Fonts [2011.01.03 18:09:53 | 000,000,268 | RH-- | M] () -- C:\ProgramData\Framework [2011.01.03 18:09:54 | 000,000,268 | RH-- | M] () -- C:\ProgramData\Frameworks [2011.01.04 10:58:20 | 000,000,020 | -H-- | M] () -- C:\ProgramData\PKP_DLes.DAT [2011.01.04 11:26:27 | 000,000,020 | -H-- | M] () -- C:\ProgramData\PKP_DLet.DAT [2011.01.04 10:58:20 | 000,000,020 | -H-- | M] () -- C:\ProgramData\PKP_DLev.DAT < %allusersprofile%\*.exe /s > [2012.08.21 12:01:28 | 001,977,816 | ---- | M] (GEAR Software, Inc.) -- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1\GEARDIFx.exe [2012.08.21 12:01:22 | 000,115,672 | ---- | M] (GEAR Software, Inc.) -- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1\x86\DifXInst32.exe [2012.01.03 08:37:53 | 000,320,456 | ---- | M] (Adobe Systems Incorporated) -- C:\ProgramData\Adobe\ARM\Reader_10.1.1\18768\AcrobatUpdater.exe [2012.01.03 08:37:53 | 000,843,712 | ---- | M] (Adobe Systems Incorporated) -- C:\ProgramData\Adobe\ARM\Reader_10.1.1\18768\AdobeARM.exe [2012.01.03 08:37:53 | 000,320,456 | ---- | M] (Adobe Systems Incorporated) -- C:\ProgramData\Adobe\ARM\Reader_10.1.1\18768\AdobeARMHelper.exe [2012.01.03 08:37:53 | 000,320,456 | ---- | M] (Adobe Systems Incorporated) -- C:\ProgramData\Adobe\ARM\Reader_10.1.1\18768\ReaderUpdater.exe [2012.01.03 08:37:53 | 000,320,456 | ---- | M] (Adobe Systems Incorporated) -- C:\ProgramData\Adobe\ARM\Reader_10.1.1\21179\AcrobatUpdater.exe [2012.01.03 08:37:53 | 000,843,712 | ---- | M] (Adobe Systems Incorporated) -- C:\ProgramData\Adobe\ARM\Reader_10.1.1\21179\AdobeARM.exe [2012.01.03 08:37:53 | 000,320,456 | ---- | M] (Adobe Systems Incorporated) -- C:\ProgramData\Adobe\ARM\Reader_10.1.1\21179\AdobeARMHelper.exe [2012.01.03 08:37:53 | 000,320,456 | ---- | M] (Adobe Systems Incorporated) -- C:\ProgramData\Adobe\ARM\Reader_10.1.1\21179\ReaderUpdater.exe [2012.01.03 08:37:53 | 000,320,456 | ---- | M] (Adobe Systems Incorporated) -- C:\ProgramData\Adobe\ARM\Reader_10.1.1\29629\AcrobatUpdater.exe [2012.01.03 08:37:53 | 000,843,712 | ---- | M] (Adobe Systems Incorporated) -- C:\ProgramData\Adobe\ARM\Reader_10.1.1\29629\AdobeARM.exe [2012.01.03 08:37:53 | 000,320,456 | ---- | M] (Adobe Systems Incorporated) -- C:\ProgramData\Adobe\ARM\Reader_10.1.1\29629\AdobeARMHelper.exe [2012.01.03 08:37:53 | 000,320,456 | ---- | M] (Adobe Systems Incorporated) -- C:\ProgramData\Adobe\ARM\Reader_10.1.1\29629\ReaderUpdater.exe [2012.09.13 17:29:12 | 000,073,624 | ---- | M] (Apple Inc.) -- C:\ProgramData\Apple Computer\Installer Cache\iTunes 10.7.0.21\SetupAdmin.exe [2011.10.06 04:00:12 | 000,073,576 | ---- | M] (Apple Inc.) -- C:\ProgramData\Apple\Installer Cache\iCloud Control Panel 1.0.1.29\SetupAdmin.exe [2011.12.06 17:34:08 | 000,073,576 | ---- | M] (Apple Inc.) -- C:\ProgramData\Apple\Installer Cache\iCloud Control Panel 1.0.2.17\SetupAdmin.exe [2012.03.14 18:07:23 | 000,073,576 | ---- | M] (Apple Inc.) -- C:\ProgramData\Apple\Installer Cache\iCloud Control Panel 1.1.0.40\SetupAdmin.exe [2012.09.25 15:52:44 | 000,073,616 | ---- | M] (Apple Inc.) -- C:\ProgramData\Apple\Installer Cache\iCloud Control Panel 2.0.2.187\SetupAdmin.exe [2010.11.21 14:50:35 | 000,056,969 | ---- | M] (DivX, Inc.) -- C:\ProgramData\DivX\ASPEncoder\Uninstaller.exe [2011.11.24 17:46:21 | 000,057,591 | ---- | M] (DivX, Inc.) -- C:\ProgramData\DivX\ControlPanel\Uninstaller.exe [2011.04.05 16:42:00 | 000,054,128 | ---- | M] (DivX, Inc.) -- C:\ProgramData\DivX\Converter\Uninstaller.exe [2011.11.24 17:46:26 | 000,063,144 | ---- | M] (DivX, LLC) -- C:\ProgramData\DivX\DesktopService\Uninstaller.exe [2010.11.21 14:51:07 | 000,054,153 | ---- | M] (DivX, Inc.) -- C:\ProgramData\DivX\DFXPlugin\Uninstaller.exe [2010.06.07 17:18:13 | 000,529,220 | ---- | M] (DivX, Inc.) -- C:\ProgramData\DivX\DivX7\DivX Converter\DivXConverterUninstall.exe [2010.06.07 17:18:17 | 000,529,220 | ---- | M] (DivX, Inc.) -- C:\ProgramData\DivX\DivX7\DivX Player\DivXPlayerUninstall.exe [2010.06.07 17:18:18 | 000,529,220 | ---- | M] (DivX, Inc.) -- C:\ProgramData\DivX\DivX7\DivX Plus DirectShow Filters\DivXDSFiltersUninstall.exe [2010.11.21 14:51:11 | 000,056,458 | ---- | M] (DivX, Inc.) -- C:\ProgramData\DivX\DivXDecoderShortcut\Uninstaller.exe [2011.11.24 17:46:36 | 000,064,957 | ---- | M] (DivX, LLC) -- C:\ProgramData\DivX\DivXPlusShortcuts\Uninstaller.exe [2011.04.05 16:42:03 | 000,062,879 | ---- | M] (DivX, LLC) -- C:\ProgramData\DivX\DSAACDecoder\Uninstaller.exe [2011.11.24 17:46:23 | 000,057,275 | ---- | M] (DivX, Inc.) -- C:\ProgramData\DivX\DSASPDecoder\Uninstaller.exe [2010.11.21 14:51:17 | 000,054,166 | ---- | M] (DivX, Inc.) -- C:\ProgramData\DivX\DSAVCDecoder\Uninstaller.exe [2011.04.05 16:42:06 | 000,057,037 | ---- | M] (DivX, Inc.) -- C:\ProgramData\DivX\DSDesktopComponents\Uninstaller.exe [2011.04.05 16:42:12 | 000,065,801 | ---- | M] (DivX, LLC) -- C:\ProgramData\DivX\MFComponents\Uninstaller.exe [2011.04.05 16:41:49 | 000,054,101 | ---- | M] (DivX, Inc.) -- C:\ProgramData\DivX\MPEG2Plugin\Uninstaller.exe [2011.11.24 17:46:16 | 000,061,667 | ---- | M] (DivX, LLC) -- C:\ProgramData\DivX\MSVC80CRTRedist\Uninstaller.exe [2011.11.24 17:46:18 | 000,063,228 | ---- | M] (DivX, Inc.) -- C:\ProgramData\DivX\OVSHelper\Uninstaller.exe [2010.11.21 14:52:16 | 000,057,736 | ---- | M] (DivX, Inc.) -- C:\ProgramData\DivX\Player\Uninstaller.exe [2011.04.05 16:41:45 | 000,054,073 | ---- | M] (DivX, Inc.) -- C:\ProgramData\DivX\Qt4.5\Uninstaller.exe [2010.11.21 14:45:19 | 000,144,696 | ---- | M] () -- C:\ProgramData\DivX\RunAsUser\RUNASUSERPROCESS.exe [2011.11.24 17:41:07 | 000,926,560 | ---- | M] (DivX, LLC) -- C:\ProgramData\DivX\Setup\DivXSetup.exe [2011.04.05 16:41:57 | 000,054,644 | ---- | M] (DivX, Inc.) -- C:\ProgramData\DivX\TranscodeEngine\Uninstaller.exe [2010.11.21 14:51:33 | 000,084,038 | ---- | M] (DivX, Inc.) -- C:\ProgramData\DivX\TransferWizard\Uninstaller.exe [2011.11.24 17:46:28 | 000,061,792 | ---- | M] (DivX, LLC) -- C:\ProgramData\DivX\Update\Uninstaller.exe [2011.11.24 17:46:34 | 000,066,441 | ---- | M] (DivX, LLC) -- C:\ProgramData\DivX\WebPlayer\Uninstaller.exe [2011.07.13 22:03:24 | 000,527,024 | ---- | M] (Google Inc.) -- C:\ProgramData\Google\Google Toolbar\Update\GoogleToolbarInstaller_updater_signed.exe [2011.02.15 11:11:00 | 000,153,768 | ---- | M] () -- C:\ProgramData\HP Photo Creations\MessageCheck.exe [2011.02.15 11:11:00 | 000,301,224 | ---- | M] (Visan / RocketLife) -- C:\ProgramData\HP Photo Creations\PhotoProductCore.exe [2011.02.15 11:11:00 | 000,158,944 | ---- | M] () -- C:\ProgramData\HP Photo Creations\PhotoProductReg.exe [2011.12.13 18:47:24 | 001,562,920 | ---- | M] () -- C:\ProgramData\hps\1320\setup_dm_Fotowelt.exe [2010.05.07 15:27:22 | 000,068,256 | ---- | M] () -- C:\ProgramData\Kaspersky Lab Setup Files\Kaspersky Internet Security 2011 11.0.0.232\German\setup.exe [2012.08.17 20:43:06 | 000,218,880 | ---- | M] (Kaspersky Lab ZAO) -- C:\ProgramData\Kaspersky Lab\AVP13\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav13\13.0.1.4190\avp.exe [2012.10.29 22:23:21 | 000,917,984 | ---- | M] () -- C:\ProgramData\Microsoft\Windows Defender\LocalCopy\{68CBF6E9-9E3E-58B5-09E0-BEA04183832B}-firefox.exe [2012.11.10 11:14:04 | 001,199,576 | ---- | M] () -- C:\ProgramData\Microsoft\Windows Defender\LocalCopy\{A3147B27-E1A3-F22A-9B9E-1589EC389439}-SpotifyWebHelper.exe [2011.05.21 06:01:00 | 000,194,152 | ---- | M] (NVIDIA Corporation) -- C:\ProgramData\NVIDIA\Updatus\WLMerger.exe [1970.01.01 01:00:00 | 000,114,886 | ---- | M] () -- C:\ProgramData\NVIDIA\Updatus\Download\3FB908F6\drsupdate.10165912_RUNASUSER.exe [2012.08.13 12:33:30 | 003,064,000 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe < > < End of report > [/CODE] und die von EXTRA.exe OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 17.11.2012 15:33:27 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Torben F\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,00 Gb Total Physical Memory | 1,13 Gb Available Physical Memory | 56,37% Memory free
4,00 Gb Paging File | 2,79 Gb Available in Paging File | 69,73% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 195,31 Gb Total Space | 97,19 Gb Free Space | 49,76% Space Free | Partition Type: NTFS
Drive D: | 117,19 Gb Total Space | 110,78 Gb Free Space | 94,53% Space Free | Partition Type: NTFS
Drive E: | 97,65 Gb Total Space | 96,23 Gb Free Space | 98,54% Space Free | Partition Type: NTFS
Drive F: | 55,61 Gb Total Space | 38,53 Gb Free Space | 69,29% Space Free | Partition Type: NTFS
Computer Name: CHEFFE | User Name: Torben F | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: On | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-4193105443-658353482-3685622148-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- D:\Mozilla Firfox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- "%1" %*
htmlfile [edit] -- "D:\Ms Office 2007\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "D:\Ms Office 2007\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [ACDBrowse] -- "D:\ACDSee\ACDSee\6.0\ACDSee6.exe" "%1" (ACD Systems Ltd.)
Directory [AddToPlaylistVLC] -- "D:\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with &IrfanView] -- "D:\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [CEWE FOTOSCHAU] -- "D:\dm-Fotowelt\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [dm-Fotowelt] -- "D:\dm-Fotowelt\dm-Fotowelt.exe" "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "D:\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04AA9CBE-6E36-4C56-B395-992BF87DBBB7}" = lport=139 | protocol=6 | dir=in | app=system |
"{0BB115FC-F6FD-4DA8-A997-5D2F737B024F}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{1900A1F7-D749-420A-9B22-775AF054FAC3}" = lport=445 | protocol=6 | dir=in | app=system |
"{19E64EF5-F793-44A1-8EA2-722540F05075}" = rport=445 | protocol=6 | dir=out | app=system |
"{1EB68FCD-25F4-48F3-8077-C7F100ADBE19}" = lport=6004 | protocol=17 | dir=in | app=d:\ms office 2007\office14\outlook.exe |
"{30620299-016F-48CD-A4D0-26F1DD7F5C2B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{3831BCAD-B98C-43AE-A6BF-0E233AE637DC}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4443BDEA-B256-4614-843A-373598B70149}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{4534FDEC-CF31-4C82-88B1-4EF8E6486886}" = lport=10243 | protocol=6 | dir=in | app=system |
"{4557F0FE-35BE-4859-AC20-666A5374C8B9}" = rport=137 | protocol=17 | dir=out | app=system |
"{4AB43EB4-A8E1-416D-A88F-CF5F17DA0AD5}" = rport=137 | protocol=17 | dir=out | app=system |
"{6D86848C-6471-474B-A94A-3EEDA0BE8053}" = lport=53 | protocol=17 | dir=in | name=realtek ap udp prot |
"{7148DDA0-5F99-44CD-8F58-73EAE7D2F91F}" = lport=53 | protocol=17 | dir=in | name=realtek ap udp prot |
"{7612200D-C216-4AA2-9497-7E3F0B129BAE}" = rport=10243 | protocol=6 | dir=out | app=system |
"{774552A5-7AC7-44DD-BBE9-F757B5FB4D69}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{783F40F6-3F7D-4631-A4E5-AE87BA9648AC}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{7E2F4A3B-FA59-448C-93CB-2BA801C69F55}" = lport=138 | protocol=17 | dir=in | app=system |
"{85027573-4866-47C7-A2E5-C8E19197B7AA}" = lport=2869 | protocol=6 | dir=in | app=system |
"{90817A75-C8F1-4D8F-B8D5-5CA8E20E9EB2}" = lport=1542 | protocol=17 | dir=in | name=realtek wps udp prot |
"{958F39ED-55A5-4FAF-ABF4-363D6EB89BB7}" = lport=139 | protocol=6 | dir=in | app=system |
"{97B200C5-595B-415D-90E0-792A190A4E93}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A8610C75-D044-43A4-90DE-6CBB1EAB0389}" = lport=137 | protocol=17 | dir=in | app=system |
"{A8CFDFE3-E7E0-4CD6-A5AB-A19281C5BD4B}" = rport=139 | protocol=6 | dir=out | app=system |
"{AA933EF2-91F3-438C-8EF5-9FAFC220D9FB}" = lport=445 | protocol=6 | dir=in | app=system |
"{AF279C22-D796-47D7-BC56-6DF2589845CC}" = lport=2869 | protocol=6 | dir=in | app=system |
"{B567C9B8-CF08-4BB6-BC42-C2FBEB8526F5}" = rport=138 | protocol=17 | dir=out | app=system |
"{B9399614-8DD8-4FF7-8A3F-EA2E6640076D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{BA9AAD9C-8832-41B0-B60B-DB99DD7745B2}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C4E26082-D4DC-4234-887F-09D73051FD39}" = lport=1542 | protocol=6 | dir=in | name=realtek wps tcp prot |
"{C4FCBC00-B4F5-487F-B83A-344546AC3DDE}" = rport=445 | protocol=6 | dir=out | app=system |
"{C7FF7030-4EBE-40AC-AC75-1F1CB102D15A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{CA731ED0-58A6-489A-ACC0-6CBF7D650330}" = lport=1542 | protocol=17 | dir=in | name=realtek wps udp prot |
"{CEEF7976-E1B0-4044-BC63-BD40E2640DE0}" = lport=1542 | protocol=6 | dir=in | name=realtek wps tcp prot |
"{D55A75BB-649A-4144-8F99-F645A9826EF0}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D7B6C61B-6E26-47C6-9D12-DD55D81285DB}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{ED18C42C-E346-49EA-86F2-DCD74F0C720E}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{F2D26A8E-8015-424A-A7F3-D1FB6350B542}" = lport=137 | protocol=17 | dir=in | app=system |
"{F31083BA-90AB-49AA-BF83-906B5F8C805D}" = rport=139 | protocol=6 | dir=out | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0DA7C290-5606-4253-8CCC-D01066E94CC6}" = protocol=17 | dir=in | app=c:\users\torben f\appdata\local\akamai\netsession_win.exe |
"{1476D2EC-756D-4D8F-9B81-DFCE11F648AE}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{162D3F76-7442-41C8-9755-9567FEDA2C00}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{1D2D9F68-EDE0-4BF9-8D08-30C18503DE29}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{1E5686D7-6216-4496-9EF2-8E06A6285CA1}" = protocol=17 | dir=in | app=d:\ms office 2007\office14\onenote.exe |
"{2341B49A-1BF3-4C9E-B37E-1D611C54BB22}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{26DC1F36-6297-498E-821B-B60E73416203}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{27523560-8ABA-41E2-9DFC-548CD5945DC9}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{2DF10E8A-3E17-4D59-912C-5B61D6F8C6CF}" = protocol=6 | dir=out | app=system |
"{35B35087-5460-42C9-92C7-1B00B568B076}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{37C6F628-D9A1-40AD-B724-280345296C00}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{3B6A9104-E507-442F-B19C-D674BC230442}" = protocol=6 | dir=in | app=d:\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe |
"{3DF9CBA6-5FCD-4297-AC84-E34BFFC9459F}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{42A9E870-FCE3-4AFC-A211-F5856A09EEE3}" = dir=in | app=d:\itunes\itunes.exe |
"{464D10DD-13E4-49B3-A421-1B9EDDB90521}" = protocol=17 | dir=in | app=d:\ms office 2007\office14\groove.exe |
"{57829840-ACFD-4650-A925-3E1AAA41289B}" = protocol=6 | dir=in | app=c:\program files\realtek\11n usb wireless lan utility\rtwlan.exe |
"{5F480737-3464-4D46-89D1-969F46E172AC}" = dir=in | app=c:\program files\hp\hp photosmart 5510 series\bin\hpnetworkcommunicator.exe |
"{6F45E238-5E1C-4798-BABD-3772CACC214B}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{71053B8B-54D0-4655-B07D-C54C3FDD02CD}" = dir=in | app=c:\program files\hp\hp photosmart 5510 series\bin\devicesetup.exe |
"{71DE4EDC-6BA3-4F18-8412-90335019DD4B}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version6\teamviewer_service.exe |
"{73C8D222-244F-4C84-9144-A5B7536FE5DF}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{74C5269E-4974-4AA0-9E1C-A214CA8EA338}" = protocol=17 | dir=in | app=c:\program files\realtek\11n usb wireless lan utility\rtwlan.exe |
"{79402A79-B005-4860-BCC8-3F326ADF2B89}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{828D6AED-AD1E-4FF1-8BD2-4544552224ED}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{84D11599-2337-4098-9F36-E21D6C07A152}" = protocol=6 | dir=in | app=c:\program files\icq7.6\icq.exe |
"{995A3555-E819-4CF0-A250-654A9F49421D}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{A0C0C245-5A22-41E7-8AB1-F3A7F3EDF3BC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A1333D4B-B062-4411-B9C6-578284772884}" = protocol=17 | dir=in | app=c:\program files\realtek\11n usb wireless lan utility\rtwlan.exe |
"{A4A8D8B8-DEF7-42F9-973D-EBDCA54519F1}" = protocol=6 | dir=in | app=c:\users\torben f\appdata\local\akamai\netsession_win.exe |
"{A80B6DDE-8E8F-48AD-8CE3-9F69B2597123}" = protocol=6 | dir=in | app=d:\ms office 2007\office14\onenote.exe |
"{B49DA458-F713-4BB8-B651-65AE6E6002AC}" = protocol=6 | dir=in | app=c:\program files\icq7.6\icq.exe |
"{BD1AC190-D45E-43EB-8AFC-8D543C1349C1}" = protocol=17 | dir=in | app=d:\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe |
"{C32FCB86-569C-49C1-BEEF-357988114C5A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C52CDD9B-625F-400B-A77B-914C0FCA7E08}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{C8E4CC99-C635-4355-A397-63989E52BB2F}" = protocol=6 | dir=in | app=d:\ms office 2007\office14\groove.exe |
"{D5D9AE66-FB45-48A0-9011-F2D087CDE821}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{D6A5D0D2-4074-4533-88DB-1DC6B76CA34D}" = protocol=17 | dir=in | app=c:\program files\icq7.6\icq.exe |
"{DC9D6593-D241-46CA-82E9-0BC28A0A45EF}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{DE05EFA7-C236-4CA1-B130-9BE84937ABB5}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version6\teamviewer.exe |
"{E701A045-E0E4-42B3-9FD4-712A2CB16E77}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version6\teamviewer_service.exe |
"{EEC39CAA-C1A5-4285-AD13-BCF449025799}" = protocol=17 | dir=in | app=c:\program files\icq7.6\icq.exe |
"{F309223C-4C9D-41EA-BCA0-B71C199DC249}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version6\teamviewer.exe |
"{F492EED2-0CDD-472A-83E4-2C5CE136564B}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{FC9FD8AD-78B1-4475-B09E-74A2DB08C559}" = protocol=6 | dir=in | app=c:\program files\realtek\11n usb wireless lan utility\rtwlan.exe |
"{FDBE9C7C-C4AE-422E-AA94-4B1CB2231256}" = dir=in | app=c:\program files\skype\phone\skype.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{05F350C6-FA6A-40D0-A130-FB941B39152C}" = Philips SPC230NC Webcam
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID-Anmelde-Assistent
"{0F6F6876-6334-4977-B5DD-CFC12E193420}" = iTunes
"{12665B01-3F3A-4433-B179-9D8E352D7547}" = Try Corel Snapfire muvee autoProducer add on
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{17E14D89-3A9F-4706-9F9B-C2DFC7ABE94B}" = Corel Snapfire DVD Maker
"{1ADE1AA0-7F82-4BB1-B1BD-727DE438057B}" = Cool & Quiet
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
"{295C31E5-3F91-498E-9623-DA24D2FA2B6A}" = T-Online WLAN-Access Finder
"{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}" = Logitech SetPoint
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D30AB17-69E4-4F0F-9CF8-BED11CF8716F}" = CSI-Miami
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{415FA9AD-DA10-4ABE-97B6-5051D4795C90}" = HP FWUpdateEDO2
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{560985FB-4B76-4121-9189-7A2CDC7886D6}" = Kaspersky Internet Security 2013
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{6733975E-52C9-4624-805D-36A4F79F7BBB}" = MDESIGN Roloff/Matek Edition
"{67989938-3E0E-4DFD-B2D7-E31ED4FC726C}" = GO Contact Sync Mod
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6B4AD1A9-E73A-4184-9D6B-072F8A3C5EBA}" = VoiceOver Kit
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7644E42D-B096-457F-8B5B-901238FC81AE}" = ICQ7.6
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{79FA7C3A-23E9-415B-9D5F-465DBCA59247}" = ADAC RoutenPlaner 2006/2007
"{7ADE3A47-B425-45E9-8FF6-11BE2B775645}" = Corel Snapfire Plus
"{7B63B2922B174135AFC0E1377DD81EC2}" =
"{80CCA55B-FCA8-47E2-9BFE-A24CDEE51031}" = SecurDisc Viewer
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 4.1.2
"{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie
"{87441A59-5E64-4096-A170-14EFE67200C3}" = Picture Control Utility
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8CC68433-5837-4075-B81F-EA7E4F14CE60}" = iCloud
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}" = Logitech Desktop Messenger
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A8C75F6-E5CC-47F9-962A-73FE54A8AF41}" = HP Photosmart 5510 series - Grundlegende Software für das Gerät
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C049499-055C-4a0c-A916-1D8CA1FF45EB}" = REALTEK Wireless LAN Driver and Utility
"{A7496F46-78AE-4DB2-BCF5-95F210FA6F96}" = Windows Live Movie Maker
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.3.5
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{C167A588-87AA-47BF-A88E-5B0F9A14480D}" = InterVideo DVDCopy5
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CECB7782-F35F-45CE-97C0-74BBBDC51C22}" = Webcam Video Viewer
"{D1E7142C-6BC3-49EB-A71A-E5D7ADAC7599}" = Nikon File Uploader 2
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D4DDFAA1-EC37-4529-AD5B-A433ADE68662}" = Apple Mobile Device Support
"{DDD62492-32A7-412B-8AF1-2CF032AD42E3}" = ViewNX 2
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F006F696-7D71-4118-AC02-B714980F6288}" = ACDSee for Pentax 2.0
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F5266D28-E0B2-4130-BFC5-EE155AD514DC}" = Apple Application Support
"7-Zip" = 7-Zip 4.65
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Akamai" = Akamai NetSession Interface Service
"AVMWLANCLI" = AVM FRITZ!WLAN
"CCleaner" = CCleaner
"CDex" = CDex extraction audio
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup" = DivX-Setup
"dm-Fotowelt" = dm-Fotowelt
"Formelsammlung Roloff-Matek" = Formelsammlung Roloff-Matek
"HP Photo Creations" = HP Photo Creations
"INSITU - Stahl - ME - 2004" = INSITU - Stahl - ME - 2004
"INSITU Aluminium - ME - 2004" = INSITU Aluminium - ME - 2004
"InstallWIX_{560985FB-4B76-4121-9189-7A2CDC7886D6}" = Kaspersky Internet Security 2013
"IrfanView" = IrfanView (remove only)
"MediaMonkey_is1" = MediaMonkey 3.2
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"Mozilla Thunderbird (3.1.3)" = Mozilla Thunderbird (3.1.3)
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"Philips Intelligent Agent_is1" = Philips Intelligent Agent
"Sweet Home 3D_is1" = Sweet Home 3D version 2.6
"TeamViewer 6" = TeamViewer 6
"TomTom HOME" = TomTom HOME 2.8.3.2499
"VLC media player" = VLC media player 1.0.5
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"WinZip" = WinZip
"YTdetect" = Yahoo! Detect
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-4193105443-658353482-3685622148-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface
"Mozilla Firefox 16.0.2 (x86 de)" = Mozilla Firefox 16.0.2 (x86 de)
"Mozilla Thunderbird 16.0.2 (x86 de)" = Mozilla Thunderbird 16.0.2 (x86 de)
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 01.09.2011 04:22:44 | Computer Name = cheffe | Source = Customer Experience Improvement Program | ID = 1008
Description =
Error - 01.09.2011 13:00:08 | Computer Name = cheffe | Source = Windows Backup | ID = 4103
Description =
[ System Events ]
Error - 14.11.2012 12:29:57 | Computer Name = cheffe | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits
1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt:
Neustart des Diensts.
Error - 14.11.2012 12:30:27 | Computer Name = cheffe | Source = Service Control Manager | ID = 7032
Description = Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden
des Dienstes "Windows Search" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen,
ist fehlgeschlagen. Fehler: %%1056
Error - 14.11.2012 14:57:35 | Computer Name = cheffe | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Kaspersky Anti-Virus Service" wurde unerwartet beendet.
Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000
Millisekunden durchgeführt: Neustart des Diensts.
Error - 16.11.2012 18:52:40 | Computer Name = cheffe | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?16.?11.?2012 um 23:51:13 unerwartet heruntergefahren.
Error - 16.11.2012 19:37:16 | Computer Name = cheffe | Source = Service Control Manager | ID = 7000
Description = Der Dienst "SpyHunter 4 Service" wurde aufgrund folgenden Fehlers
nicht gestartet: %%2
Error - 17.11.2012 05:19:14 | Computer Name = cheffe | Source = Service Control Manager | ID = 7000
Description = Der Dienst "SpyHunter 4 Service" wurde aufgrund folgenden Fehlers
nicht gestartet: %%2
Error - 17.11.2012 09:05:21 | Computer Name = cheffe | Source = Service Control Manager | ID = 7000
Description = Der Dienst "SpyHunter 4 Service" wurde aufgrund folgenden Fehlers
nicht gestartet: %%2
Error - 17.11.2012 09:21:02 | Computer Name = cheffe | Source = Service Control Manager | ID = 7000
Description = Der Dienst "SpyHunter 4 Service" wurde aufgrund folgenden Fehlers
nicht gestartet: %%2
Error - 17.11.2012 09:38:04 | Computer Name = cheffe | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Browser Manager" wurde unerwartet beendet. Dies ist bereits
1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt:
Neustart des Diensts.
Error - 17.11.2012 09:47:02 | Computer Name = cheffe | Source = Service Control Manager | ID = 7000
Description = Der Dienst "SpyHunter 4 Service" wurde aufgrund folgenden Fehlers
nicht gestartet: %%2
< End of report >
[/CODE] Ccleaner habe ich deinstalliert, den TFC kann ich jetzt einfach installieren? Wie gehts nun weiter? |
|
18.11.2012, 14:48
| #9 | |
| /// TB-Ausbilder | claro-search entfernen Gut!  Wir müssen jetzt noch ein paar Kontrollen machen. Schritt 1: Quick-Scan mit Malwarebytes Schritt 2: ESET Online Scanner Zitat:
Schritt 3: Java Update (Windows XP, Vista, 7) Dein Java ist nicht mehr aktuell. Ältere Versionen enthalten Sicherheitslücken, die von Malware missbraucht werden können.Schritt 4: Update: Firefox, Addons und Plugins Schritt 5: Thunderbirdupdate. Schritt 6: Scan mit SecurityCheck Downloade Dir bitte SecurityCheck
__________________ Digitale Freibeuter gegen Malware! Keine Hilfe per PM! |
|
18.11.2012, 15:01
| #10 |
| | claro-search entfernen den security Check habe ich zuvor schon runtergeladen und installiert, kann ich den dann benutzen? |
|
18.11.2012, 15:02
| #11 |
| /// TB-Ausbilder | claro-search entfernen ja sicher, ich will nochmal ein weiteres logfile
__________________ Digitale Freibeuter gegen Malware! Keine Hilfe per PM! |
|
18.11.2012, 21:43
| #12 |
| | claro-search entfernen hier nun noch einige logfiles zuerst die von Malwarebytes Anti-Malware Malwarebytes Anti-Malware (Test) 1.65.1.1000 Malwarebytes : Free Anti-Malware download Datenbank Version: v2012.11.18.02 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 9.0.8112.16421 Torben F :: CHEFFE [Administrator] Schutz: Aktiviert 18.11.2012 15:00:58 mbam-log-2012-11-18 (15-00-58).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 229978 Laufzeit: 5 Minute(n), 17 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 1 C:\Users\Torben F\Downloads\7ZipSetup.exe (PUP.BundleInstaller.BI) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) der ESET Onlinescan hat eine infizierte Datei gefunden, hier die Logfile F:\Torben\ICQ\289632247\418901703 Max Hummel\unlocker1.8.9.exe Win32/Adware.ADON application cleaned by deleting - quarantined und zu guter letzt, die checkup.txt Datei Results of screen317's Security Check version 0.99.54 Windows 7 Service Pack 1 x86 (UAC is enabled) Internet Explorer 9 ``````````````Antivirus/Firewall Check:`````````````` Kaspersky Internet Security Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware Version 1.65.1.1000 Java 7 Update 9 Adobe Flash Player 11.4.402.287 Adobe Reader X (10.1.4) Mozilla Firefox (3.6.3) Firefox out of Date! Mozilla Thunderbird (3.1.3) Thunderbird out of Date! ````````Process Check: objlist.exe by Laurent```````` Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbamgui.exe Malwarebytes' Anti-Malware mbamscheduler.exe Kaspersky Lab Kaspersky Internet Security 2013 avp.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: ````````````````````End of Log`````````````````````` |
|
18.11.2012, 22:04
| #13 |
| /// TB-Ausbilder | claro-search entfernen Für Firefox und Thunderbird hast du kein Update gemacht?
__________________ Digitale Freibeuter gegen Malware! Keine Hilfe per PM! |
|
18.11.2012, 22:10
| #14 |
| | claro-search entfernen doch, da sagte er jeweils, dass es aktuell ist... habe dann bei Systemsteuerung 2 Versionen von Firfox und Thunderbird gefunden. Die älter von Mozilla hatte ich dann deinstalliert, aber da hat er dann Browser komplett gelöscht |
|
18.11.2012, 22:34
| #15 |
| /// TB-Ausbilder | claro-search entfernen Weil hier in dem letzten Logfile was von Version 3 steht?
__________________ Digitale Freibeuter gegen Malware! Keine Hilfe per PM! |
|
| Themen zu claro-search entfernen |
| ausprobiert, durchgeführt, einzige, entferne, entfernen, ergebnisse, fehler, gefunde, geladen, hilft, log, loszuwerden, nicht mehr, nichts, problem, ratschläge, runter, runtergeladen, scan, schließe, spybot, spyhunter, systems, systemsteuerung, vollversion |
Textbox.
Button.
und dann 
Linear-Darstellung
