ihavenet-Virus eingefangen

Gentlewoman · 29.11.2012, 20:45

Hallo,
ich habe mir den ihavenet-Virus eingefangen; könnt ihr mir bitte beim Entfernen helfen? Vielen lieben Dank!!

P.S.: Ich lasse grade das Malwarebytes-Programm durchlaufen, das Ergebnis muss ich hier dann posten, oder? (Sorry, bin neu hier....)

cosinus · 30.11.2012, 15:12

Hallo und

Zitat:

das Ergebnis muss ich hier dann posten, oder?

Nein, am besten streng geheim halten, damit ja niemand sieht, welche Schädlinge auf deinem Rechner sein könnten

SCNR

Natürlich bitte alle Logs posten

Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

ATTFilter

 hier steht das Log

Gentlewoman · 01.12.2012, 10:13

Code:

ATTFilter

 Malwarebytes Anti-Malware  (Test) 1.65.1.1000
www.malwarebytes.org

Datenbank Version: v2012.11.29.10

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 8.0.6001.19328
Melle :: MELLES-PC [Administrator]

Schutz: Aktiviert

30.11.2012 20:52:16
mbam-log-2012-11-30 (20-52-16).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 279301
Laufzeit: 3 Stunde(n), 9 Minute(n), 47 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

cosinus · 03.12.2012, 09:54

Hast du noch weitere Logs von Malwarebytes oder anderen Virenscannern? Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520

Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs posten!

Gentlewoman · 03.12.2012, 09:59

Hm,wie meinst du das,keine neuen scans machen?denn vorherige hab ich keine,da mir kaspersky leider nichts angezeigt hat,ich habe den virus sozusagen selbst entdeckt...

cosinus · 03.12.2012, 13:33

Bevor wir uns an die weitere Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.

Lies dir meine Anleitungen, die ich im Laufe dieses Strangs hier posten werde, aufmerksam durch. Frag umgehend nach, wenn dir irgendetwas unklar sein sollte, bevor du anfängst meine Anleitungen umzusetzen.
Solltest du bei einem Schritt Probleme haben, stoppe dort und beschreib mir das Problem so gut du kannst. Manchmal erfordert ein Schritt den vorhergehenden.
Bitte nur Scans durchführen zu denen du von einem Helfer aufgefordert wurdest! Installiere / Deinstalliere keine Software ohne Aufforderung!
Poste die Logfiles direkt in deinen Thread (bitte in CODE-Tags) und nicht als Anhang, ausser du wurdest dazu aufgefordert. Logs in Anhängen erschweren mir das Auswerten!
Beachte bitte auch => Löschen von Logfiles und andere Anfragen

Note:
Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread.
Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards.

Mach bitte einen CustomScan mit OTL
Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop. Falls schon vorhanden, bitte die ältere vorhandene Datei durch die neu heruntergeladene Datei ersetzen, damit du auch wirklich mit einer aktuellen Version von OTL arbeitest.

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Setze oben mittig den Haken bei Scanne alle Benutzer
Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet

Code:

ATTFilter

msconfig
netsvcs
safebootminimal
safebootnetwork
activex
drivers32
%SYSTEMDRIVE%\*.
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMROOT%\system32\drivers\*.sys /lockedfiles
%SYSTEMROOT%\System32\config\*.sav
%SYSTEMROOT%\*. /mp /s
%SYSTEMROOT%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf .
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

Gentlewoman · 04.12.2012, 17:18

okay, ich hoffe, ich hab das jetzt richtig gemacht...

Code:

ATTFilter

OTL logfile created on: 04.12.2012 16:15:33 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Melle\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19328)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,10 Gb Available Physical Memory | 36,83% Memory free
6,20 Gb Paging File | 3,95 Gb Available in Paging File | 63,75% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 43,95 Gb Total Space | 0,93 Gb Free Space | 2,11% Space Free | Partition Type: NTFS
Drive D: | 246,33 Gb Total Space | 25,11 Gb Free Space | 10,19% Space Free | Partition Type: NTFS
Drive E: | 6,25 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: MELLES-PC | User Name: Melle | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.12.04 16:01:21 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Melle\Downloads\OTL.exe
PRC - [2012.11.28 16:41:36 | 001,123,720 | ---- | M] (Spigot, Inc.) -- C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe
PRC - [2012.11.28 16:34:18 | 000,793,600 | ---- | M] (Spigot, Inc.) -- C:\Program Files\Application Updater\ApplicationUpdater.exe
PRC - [2012.11.18 19:55:05 | 001,807,800 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe
PRC - [2012.11.08 19:18:50 | 000,997,320 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
PRC - [2012.11.08 19:18:46 | 000,711,112 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe
PRC - [2012.10.28 16:01:49 | 000,917,984 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012.09.29 19:54:26 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- D:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.09.29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- D:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.09.29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- D:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012.06.06 20:33:42 | 001,564,872 | ---- | M] (Ask) -- C:\Program Files\Ask.com\Updater\Updater.exe
PRC - [2011.12.13 09:34:54 | 000,671,552 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe
PRC - [2011.12.13 09:32:32 | 001,527,104 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe
PRC - [2011.11.13 19:56:20 | 000,126,976 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe
PRC - [2011.04.13 14:39:50 | 000,387,696 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 11\avp.exe
PRC - [2010.11.10 11:23:03 | 001,619,968 | ---- | M] (Deutsche Telekom AG) -- C:\Program Files\Netzmanager\netzmanager.exe
PRC - [2010.11.04 15:41:46 | 000,009,728 | ---- | M] (Deutsche Telekom AG) -- C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe
PRC - [2010.05.04 12:07:22 | 000,503,080 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Update\NASvc.exe
PRC - [2010.03.04 22:38:00 | 000,071,096 | ---- | M] () -- D:\Programme\CDBurnerXP\NMSAccessU.exe
PRC - [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.02.26 18:36:46 | 000,030,040 | ---- | M] (Microsoft Corporation) -- D:\Programme\Microsoft Office\Office12\GrooveMonitor.exe
PRC - [2009.01.26 14:31:16 | 002,144,088 | RHS- | M] (Safer Networking Limited) -- D:\Programme\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009.01.26 14:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- D:\Programme\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008.08.27 02:02:32 | 000,708,608 | ---- | M] (Mirco-Star International  CO., LTD.) -- C:\Program Files\System Control Manager\MGSysCtrl.exe
PRC - [2008.08.27 00:52:14 | 000,159,744 | ---- | M] () -- C:\Program Files\System Control Manager\MSIService.exe
PRC - [2008.08.21 02:35:20 | 006,265,376 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2008.05.22 21:54:42 | 000,120,168 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
PRC - [2008.01.21 03:23:32 | 000,319,544 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Windows Defender\MpCmdRun.exe
PRC - [2007.06.05 12:20:32 | 000,177,704 | ---- | M] () -- C:\Windows\System32\PSIService.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.11.18 19:55:03 | 014,586,808 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32_11_5_502_110.dll
MOD - [2012.11.15 18:09:13 | 000,998,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\d08cb6b1c4052e6f5a4e2452870d67d7\System.Management.ni.dll
MOD - [2012.11.15 18:08:36 | 001,070,080 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\6be544795f68114304a2efdd502a52f0\System.IdentityModel.ni.dll
MOD - [2012.11.15 18:08:31 | 002,346,496 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\68c89abe0ec8381863d6bb18539504f9\System.Runtime.Serialization.ni.dll
MOD - [2012.11.15 18:08:23 | 000,256,000 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\949339bed597380b8fb6dd2dc97d8006\SMDiagnostics.ni.dll
MOD - [2012.11.15 18:08:17 | 017,404,416 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\421f75fe97f5df57f17688ea52fcee3d\System.ServiceModel.ni.dll
MOD - [2012.11.15 18:06:59 | 011,820,032 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\ac05afefb5b28893d44ec451da0e6d4e\System.Web.ni.dll
MOD - [2012.11.15 18:06:30 | 000,627,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\850a371af19c00078a8cfbee763fb449\System.Transactions.ni.dll
MOD - [2012.11.15 18:06:28 | 000,627,712 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\1f0ff07c7fa3ef235a9e2b3b6a49db04\System.EnterpriseServices.ni.dll
MOD - [2012.11.15 18:05:59 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\7f15d0cb7e4f87f86e425d5ffe7e8280\System.Configuration.ni.dll
MOD - [2012.11.14 23:00:39 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\741164a3e36f879b9f9e3ff176465127\System.Xml.ni.dll
MOD - [2012.11.14 22:58:47 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\22e554f2c4da53c07e4815a24e2d50e2\System.Windows.Forms.ni.dll
MOD - [2012.11.14 22:58:09 | 001,592,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\2c6cd37f29fc76d6c2ed6bbed202d82c\System.Drawing.ni.dll
MOD - [2012.11.14 22:56:57 | 006,621,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\ee724aeea5f1b9d8a01fa6047fd2ef99\System.Data.ni.dll
MOD - [2012.11.14 22:55:31 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\39cc0e726e5b80a46337fa969cde2b66\PresentationFramework.Aero.ni.dll
MOD - [2012.11.14 22:55:16 | 014,329,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\fb15c044e4e7d611a5cbe5a1aa6db455\PresentationFramework.ni.dll
MOD - [2012.11.14 22:53:45 | 012,219,392 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\09ab834223f9c860f08de8d58688b1a3\PresentationCore.ni.dll
MOD - [2012.11.14 22:51:22 | 003,325,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\0e3cff5f58a9a75de7fcac112c8bbca0\WindowsBase.ni.dll
MOD - [2012.11.14 22:50:58 | 007,976,960 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\b2052acbbbba4f98585196872195e009\System.ni.dll
MOD - [2012.11.14 22:49:48 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7ad9c44df3b85848590e63f13fc59804\mscorlib.ni.dll
MOD - [2012.11.08 19:18:52 | 000,134,600 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\13.2.0\SiteSafety.dll
MOD - [2012.11.08 19:18:51 | 000,566,728 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\DNTInstaller\13.2.0\avgdttbx.dll
MOD - [2012.11.08 19:18:50 | 000,997,320 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
MOD - [2012.10.28 16:01:47 | 002,295,264 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011.11.13 19:56:21 | 000,103,424 | ---- | M] () -- C:\Program Files\Google\Quick Search Box\bin\1.2.1151.245\rlz.dll
MOD - [2010.03.11 21:21:05 | 008,007,680 | ---- | M] () -- C:\Windows\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.mshtml.dll
MOD - [2010.03.11 21:21:03 | 000,126,976 | ---- | M] () -- C:\Windows\assembly\GAC\Interop.SHDocVw\1.1.0.0__4b827ebe229d539f\Interop.SHDocVw.dll
MOD - [2010.03.11 21:20:58 | 000,281,088 | ---- | M] () -- C:\Windows\assembly\GAC_32\Asz.Citavi.IEPicker\1.0.0.0__f59eabe05cc67589\Asz.Citavi.IEPicker.dll
MOD - [2009.12.09 07:54:50 | 000,495,616 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.ServiceModel.resources\3.0.0.0_de_b77a5c561934e089\System.ServiceModel.resources.dll
MOD - [2009.03.30 05:42:19 | 000,261,632 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
MOD - [2009.03.30 05:42:17 | 002,933,760 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2009.03.30 05:42:12 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll
MOD - [2009.03.30 05:42:12 | 000,167,936 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Xml.resources\2.0.0.0_de_b77a5c561934e089\System.Xml.resources.dll
MOD - [2009.03.30 05:42:11 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2009.02.18 19:39:53 | 000,098,304 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Serialization.resources\3.0.0.0_de_b77a5c561934e089\System.Runtime.Serialization.resources.dll
MOD - [2008.08.25 19:47:16 | 000,192,512 | ---- | M] () -- C:\Program Files\System Control Manager\MSIWmiAcpi.dll
MOD - [2008.07.18 21:39:04 | 000,053,248 | ---- | M] () -- C:\Program Files\System Control Manager\MGKBHook.dll
 
 
========== Services (SafeList) ==========
 
SRV - File not found [Auto | Running] -- D:\Programme\Spybot -- (SBSDWSCService)
SRV - [2012.11.28 16:34:18 | 000,793,600 | ---- | M] (Spigot, Inc.) [Auto | Running] -- C:\Program Files\Application Updater\ApplicationUpdater.exe -- (Application Updater)
SRV - [2012.11.18 19:55:06 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.11.08 19:18:46 | 000,711,112 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe -- (vToolbarUpdater13.2.0)
SRV - [2012.10.28 16:01:49 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.09.29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- D:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.09.29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- D:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012.07.13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011.12.13 09:32:32 | 001,527,104 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc)
SRV - [2011.12.13 09:29:16 | 000,029,504 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\System32\uxtuneup.dll -- (UxTuneUp)
SRV - [2011.04.13 14:39:50 | 000,387,696 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 11\avp.exe -- (AVP)
SRV - [2010.11.04 15:41:46 | 000,009,728 | ---- | M] (Deutsche Telekom AG) [Auto | Running] -- C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe -- (Netzmanager Service)
SRV - [2010.05.04 12:07:22 | 000,503,080 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2010.03.04 22:38:00 | 000,071,096 | ---- | M] () [Auto | Running] -- D:\Programme\CDBurnerXP\NMSAccessU.exe -- (NMSAccess)
SRV - [2010.01.26 11:41:08 | 000,652,800 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2009.08.24 22:16:36 | 000,406,016 | ---- | M] (mst software GmbH, Germany) [On_Demand | Stopped] -- D:\Programme\Ashampoo\Ashampoo WinOptimizer 6\DfSdkS.exe -- (DfSdkS)
SRV - [2009.02.26 18:36:22 | 000,064,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- D:\Programme\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)
SRV - [2008.08.27 00:52:14 | 000,159,744 | ---- | M] () [Auto | Running] -- C:\Program Files\System Control Manager\MSIService.exe -- (Micro Star SCM)
SRV - [2008.05.22 21:54:42 | 000,120,168 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)
SRV - [2008.01.21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007.06.05 12:20:32 | 000,177,704 | ---- | M] () [Auto | Start_Pending] -- C:\Windows\System32\PSIService.exe -- (ProtexisLicensing)
SRV - [2007.05.31 08:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007.05.31 08:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\tosrfusb.sys -- (Tosrfusb)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\tosrfsnd.sys -- (TosRfSnd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\tosrfnds.sys -- (tosrfnds)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\Tosrfhid.sys -- (Tosrfhid)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\tosrfcom.sys -- (Tosrfcom)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\tosrfbnp.sys -- (tosrfbnp)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\tosrfbd.sys -- (tosrfbd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\tosporte.sys -- (tosporte)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\SymIM.sys -- (SymIMMP)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbmdm.sys -- (hwdatacard)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Melle\AppData\Local\Temp\cpuz132\cpuz132_x32.sys -- (cpuz132)
DRV - [2012.11.08 19:18:53 | 000,026,984 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtpx86.sys -- (avgtp)
DRV - [2012.09.29 19:54:26 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012.08.20 10:48:46 | 000,039,016 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tbhsd.sys -- (tbhsd)
DRV - [2012.08.20 10:48:22 | 000,031,848 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rrnetcap.sys -- (RRNetCapMP)
DRV - [2012.08.20 10:48:22 | 000,031,848 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rrnetcap.sys -- (RRNetCap)
DRV - [2011.12.12 15:11:50 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv)
DRV - [2011.11.05 21:37:00 | 000,013,824 | ---- | M] (Scott) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\USBDrv.sys -- (usbUDisc)
DRV - [2011.05.15 19:15:52 | 000,281,760 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt)
DRV - [2011.05.15 19:15:51 | 000,025,888 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2011.05.10 17:32:07 | 000,488,536 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\System32\drivers\klif.sys -- (KLIF)
DRV - [2010.09.16 16:02:33 | 000,035,040 | ---- | M] (Deutsche Telekom AG AG, Marmiko IT-Solutions GmbH) [Kernel | On_Demand | Stopped] -- C:\Program Files\Netzmanager\NMInfraIS2\Driver\TelekomNM3.sys -- (TelekomNM3)
DRV - [2010.06.23 09:21:32 | 000,259,176 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2010.06.09 16:43:52 | 000,011,352 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\System32\drivers\kl2.sys -- (kl2)
DRV - [2010.06.09 16:43:50 | 000,132,184 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\kl1.sys -- (KL1)
DRV - [2010.04.22 18:07:34 | 000,022,104 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\System32\drivers\klim6.sys -- (KLIM6)
DRV - [2010.01.21 13:53:16 | 000,018,048 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2009.12.30 10:30:56 | 000,007,936 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2009.12.30 10:30:48 | 000,022,016 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2009.12.30 10:30:48 | 000,007,936 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2009.12.30 10:25:12 | 000,137,344 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdnsu.sys -- (nmwcdnsu)
DRV - [2009.12.30 10:25:12 | 000,008,320 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdnsuc.sys -- (nmwcdnsuc)
DRV - [2009.11.12 13:48:56 | 000,007,168 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2009.11.02 19:27:16 | 000,019,984 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\klmouflt.sys -- (klmouflt)
DRV - [2009.05.11 09:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.01.13 09:45:00 | 000,954,368 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2008.08.26 08:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008.08.23 02:28:32 | 000,333,824 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RTL8187Se.sys -- (RTL8187Se)
DRV - [2008.08.07 10:01:44 | 000,097,536 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\jmcr.sys -- (JMCR)
DRV - [2008.07.19 20:53:00 | 007,545,824 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008.06.11 11:23:12 | 001,097,856 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\smserial.sys -- (smserial)
DRV - [2008.06.10 00:45:08 | 001,748,352 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC)
DRV - [2008.06.07 18:13:10 | 000,145,440 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\nvstor32.sys -- (nvstor32)
DRV - [2008.04.28 18:54:58 | 000,054,784 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\enecir.sys -- (enecir)
DRV - [2008.04.01 14:42:36 | 000,014,848 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2008.02.29 23:13:38 | 001,202,560 | ---- | M] (Agere Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2007.03.19 15:00:14 | 000,031,616 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RLVrtAuCbl.sys -- (ReallusionVirtualAudio)
DRV - [2004.04.01 15:30:46 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\pfc.sys -- (pfc)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.msi.com.tw
IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\tbsoft.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5}
IE - HKLM\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=e96e3333-331c-4630-8fad-5dbfaf50552d&affid=111585&searchtype=ds&babsrc=lnkry&q={searchTerms}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2431245
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-3104658056-2666497172-1268995590-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.msi.com.tw
IE - HKU\S-1-5-21-3104658056-2666497172-1268995590-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=e96e3333-331c-4630-8fad-5dbfaf50552d&affid=111585&searchtype=ds&babsrc=lnkry&q={searchTerms}
IE - HKU\S-1-5-21-3104658056-2666497172-1268995590-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=e96e3333-331c-4630-8fad-5dbfaf50552d&affid=111585&searchtype=ds&babsrc=lnkry&q={searchTerms}
IE - HKU\S-1-5-21-3104658056-2666497172-1268995590-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=e96e3333-331c-4630-8fad-5dbfaf50552d&affid=111585&searchtype=hp&babsrc=lnkry_nt
IE - HKU\S-1-5-21-3104658056-2666497172-1268995590-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3104658056-2666497172-1268995590-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=e96e3333-331c-4630-8fad-5dbfaf50552d&affid=111585&searchtype=ds&babsrc=lnkry&q={searchTerms}
IE - HKU\S-1-5-21-3104658056-2666497172-1268995590-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=e96e3333-331c-4630-8fad-5dbfaf50552d&affid=111585&searchtype=ds&babsrc=lnkry&q={searchTerms}
IE - HKU\S-1-5-21-3104658056-2666497172-1268995590-1000\..\URLSearchHook: {E634228A-03CF-4BC8-B0AB-668257F1FD8C} - C:\Program Files\FreeRIP Toolbar\IE\6.6\freeripToolbarIE.dll (Spigot, Inc.)
IE - HKU\S-1-5-21-3104658056-2666497172-1268995590-1000\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-3104658056-2666497172-1268995590-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADBF_deDE324
IE - HKU\S-1-5-21-3104658056-2666497172-1268995590-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=386496&ilc=12"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://web.de/"
FF - prefs.js..extensions.enabledAddons: freerip@mybrowserbar.com:6.5
FF - prefs.js..extensions.enabledAddons: wtxpcom@mybrowserbar.com:6.5
FF - prefs.js..keyword.URL: "hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=e96e3333-331c-4630-8fad-5dbfaf50552d&affid=111585&searchtype=ds&babsrc=lnkry&q="
FF - prefs.js..network.proxy.type: 0
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_110.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\13.2.0\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: D:\Programme\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0: C:\Program Files\Sony\Media Go\npmediago.dll (Sony Media Software and Services Inc)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.3: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.4: d:\Programme\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\ [2010.05.18 15:24:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2011.05.03 20:55:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2011.05.03 20:55:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.10.28 16:01:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.10.28 16:01:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2010.05.18 15:24:43 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.10.28 16:01:50 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.10.28 16:01:32 | 000,000,000 | ---D | M]
 
[2011.11.26 23:42:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Melle\AppData\Roaming\mozilla\Extensions
[2012.12.04 15:22:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Melle\AppData\Roaming\mozilla\Firefox\Profiles\q8o8ke3n.default\extensions
[2012.01.02 14:38:02 | 000,000,000 | ---D | M] (AVG Security Toolbar) -- C:\Users\Melle\AppData\Roaming\mozilla\Firefox\Profiles\q8o8ke3n.default\extensions\avg@toolbar
[2012.10.28 16:01:27 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012.10.28 16:01:27 | 000,000,000 | ---D | M] (Anti-Banner) -- C:\Program Files\Mozilla Firefox\extensions\KavAntiBanner@Kaspersky.ru
[2012.10.28 16:01:27 | 000,000,000 | ---D | M] (Modul zur Link-Untersuchung) -- C:\Program Files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru
[2012.12.04 15:22:41 | 000,000,000 | ---D | M] (Widgi Toolbar Platform) -- C:\PROGRAM FILES\COMMON FILES\SPIGOT\WTXPCOM
[2012.12.04 15:22:41 | 000,000,000 | ---D | M] (FreeRIP Toolbar) -- C:\PROGRAM FILES\FREERIP TOOLBAR\FF
[2012.10.28 16:01:50 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.04.29 15:56:55 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.11.08 19:19:03 | 000,003,574 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
[2012.08.31 16:47:17 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.04.29 15:56:55 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.04.29 15:56:55 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.04.29 15:56:55 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.04.29 15:56:55 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (no name) - {2EECD738-5844-4a99-B4B6-146BF802613B} - No CLSID value found.
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 11\ievkbd.dll (Kaspersky Lab ZAO)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll ()
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7529.1424\swg.dll (Google Inc.)
O2 - BHO: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\tbsoft.dll (Conduit Ltd.)
O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll File not found
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 11\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (FreeRIP Toolbar) - {E634228A-03CF-4BC8-B0AB-668257F1FD8C} - C:\Program Files\FreeRIP Toolbar\IE\6.6\freeripToolbarIE.dll (Spigot, Inc.)
O2 - BHO: (SMTTB2009 Class) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\HyperCam Toolbar\tbcore3.dll ()
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (HyperCam Toolbar) - {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Program Files\HyperCam Toolbar\tbcore3.dll ()
O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (@C:\Program Files\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll File not found
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (no name) - {98889811-442D-49dd-99D7-DC866BE87DBC} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
O3 - HKLM\..\Toolbar: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\tbsoft.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (FreeRIP Toolbar) - {E634228A-03CF-4BC8-B0AB-668257F1FD8C} - C:\Program Files\FreeRIP Toolbar\IE\6.6\freeripToolbarIE.dll (Spigot, Inc.)
O3 - HKU\S-1-5-21-3104658056-2666497172-1268995590-1000\..\Toolbar\WebBrowser: (HyperCam Toolbar) - {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Program Files\HyperCam Toolbar\tbcore3.dll ()
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 11\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [Google Quick Search Box] C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe (Google Inc.)
O4 - HKLM..\Run: [GrooveMonitor] D:\Programme\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
O4 - HKLM..\Run: [HF_G_Jul] C:\Program Files\AVG Secure Search\HF_G_Jul.exe ()
O4 - HKLM..\Run: [MGSysCtrl] C:\Program Files\System Control Manager\MGSysCtrl.exe (Mirco-Star International  CO., LTD.)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [ROC_roc_dec12] C:\Program Files\AVG Secure Search\ROC_roc_dec12.exe ()
O4 - HKLM..\Run: [ROC_ROC_JULY_P1] C:\Program Files\AVG Secure Search\ROC_ROC_JULY_P1.exe ()
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SearchSettings] C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-3104658056-2666497172-1268995590-1000..\Run: []  File not found
O4 - HKU\S-1-5-21-3104658056-2666497172-1268995590-1000..\Run: [Hhyduisyq] C:\Users\Melle\AppData\Roaming\NeroCheckj.dll ()
O4 - HKU\S-1-5-21-3104658056-2666497172-1268995590-1000..\Run: [SpybotSD TeaTimer] D:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - HKU\S-1-5-21-3104658056-2666497172-1268995590-1000..\RunOnce: [  ISSetupPrerequisistes] "C:\Users\Melle\AppData\Local\Temp\NERO20100709115641857\setup.exe" File not found
O4 - Startup: C:\Users\Melle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Netzmanager.lnk = C:\Program Files\Netzmanager\netzmanager.exe (Deutsche Telekom AG)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28
O7 - HKU\S-1-5-21-3104658056-2666497172-1268995590-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3104658056-2666497172-1268995590-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0
O8 - Extra context menu item: &Citavi Picker... - C:\Program Files\Internet Explorer\PLUGINS\Citavi Picker\ShowContextMenu.html ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Melle\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 11\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 11\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O13 - gopher Prefix: missing
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{41C0CF08-1846-4871-BC02-D26DE06901F4}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\13.2.0\ViProtocol.dll ()
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll) - C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 11\mzvkbd3.dll (Kaspersky Lab ZAO)
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll) - C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 11\kloehk.dll (Kaspersky Lab ZAO)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\klogon: DllName - (C:\Windows\system32\klogon.dll) - C:\Windows\System32\klogon.dll (Kaspersky Lab ZAO)
O24 - Desktop WallPaper: C:\Users\Melle\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Melle\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - D:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{1fc862b9-d75a-11de-b9a5-002185dcfcd1}\Shell - "" = AutoRun
O33 - MountPoints2\{1fc862b9-d75a-11de-b9a5-002185dcfcd1}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{1fc862bb-d75a-11de-b9a5-002185dcfcd1}\Shell - "" = AutoRun
O33 - MountPoints2\{1fc862bb-d75a-11de-b9a5-002185dcfcd1}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{ce7ce4e3-d5c3-11de-b6e5-002185dcfcd1}\Shell - "" = AutoRun
O33 - MountPoints2\{ce7ce4e3-d5c3-11de-b6e5-002185dcfcd1}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{ce7ce507-d5c3-11de-b6e5-002185dcfcd1}\Shell - "" = AutoRun
O33 - MountPoints2\{ce7ce507-d5c3-11de-b6e5-002185dcfcd1}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{da557017-5d84-11de-86af-002185dcfcd1}\Shell - "" = AutoRun
O33 - MountPoints2\{da557017-5d84-11de-86af-002185dcfcd1}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: Corel File Shell Monitor - hkey= - key= - C:\Program Files\Corel\Corel MediaOne\CorelIOMonitor.exe ()
MsConfig - StartUpReg: Corel Photo Downloader - hkey= - key= -  File not found
MsConfig - StartUpReg: DivXUpdate - hkey= - key= - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
MsConfig - StartUpReg: Google Quick Search Box - hkey= - key= - C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe (Google Inc.)
MsConfig - StartUpReg: ITSecMng - hkey= - key= -  File not found
MsConfig - StartUpReg: NeroFilterCheck - hkey= - key= -  File not found
MsConfig - StartUpReg: NokiaMServer - hkey= - key= - C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe (Nokia)
MsConfig - StartUpReg: NSLauncher - hkey= - key= - C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe ()
MsConfig - StartUpReg: NvMediaCenter - hkey= - key= -  File not found
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - D:\Programme\QuickTime\QTTask.exe (Apple Inc.)
MsConfig - StartUpReg: RouterControl - hkey= - key= - D:\Programme\RouterControl\RouterControl.exe (Mirko Böer)
MsConfig - StartUpReg: swg - hkey= - key= - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
MsConfig - State: "startup" - 2
 
NetSvcs: UxTuneUp - C:\Windows\System32\uxtuneup.dll (TuneUp Software)
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfPf - Driver
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - 
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - 
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {A8D647C8-65AC-409F-B7B2-3C0FEE1A32F2} - C:\Program Files\PixiePack Codec Pack\InstallerHelper.exe
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {D401A1A5-B1EC-11AE-4E91-0D1298A0C297} - Microsoft Windows Media Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32: msacm.ac3filter - C:\Windows\System32\ac3filter.acm ()
Drivers32: msacm.avis - C:\Windows\System32\ff_acm.acm ()
Drivers32: msacm.dvacm - C:\Program Files\Common Files\Ulead Systems\vio\DVACM.acm (Ulead Systems, Inc.)
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.)
Drivers32: VIDC.FFDS - C:\Windows\System32\ff_vfw.dll ()
Drivers32: vidc.VP60 - C:\Windows\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.VP61 - C:\Windows\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.XVID - C:\Windows\System32\xvidvfw.dll ()
Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.12.04 15:22:20 | 000,000,000 | ---D | C] -- C:\Program Files\Application Updater
[2012.12.04 15:22:19 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Spigot
[2012.12.04 15:22:19 | 000,000,000 | ---D | C] -- C:\Program Files\FreeRIP Toolbar
[2012.12.04 15:21:49 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012.11.29 20:49:11 | 000,000,000 | ---D | C] -- C:\Users\Melle\AppData\Roaming\Malwarebytes
[2012.11.29 20:48:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.11.29 20:48:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.11.29 20:48:14 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.11.29 20:10:48 | 000,000,000 | ---D | C] -- C:\Users\Melle\AppData\Roaming\DriverCure
[2012.11.29 20:10:47 | 000,000,000 | ---D | C] -- C:\Users\Melle\AppData\Roaming\SpeedyPC Software
[2012.11.29 20:09:39 | 000,000,000 | ---D | C] -- C:\ProgramData\SpeedyPC Software
[2012.11.27 09:11:58 | 000,000,000 | ---D | C] -- C:\Users\Melle\AppData\Roaming\Zarb
[2012.11.27 09:11:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zarb 4
[2012.11.27 09:11:20 | 000,605,184 | ---- | C] (Concept Software, Inc.) -- C:\Windows\System32\KEYLIB32.dll
 
========== Files - Modified Within 30 Days ==========
 
[2012.12.04 16:42:02 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.12.04 16:11:05 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.12.04 15:18:39 | 000,162,515 | ---- | M] () -- C:\ProgramData\nvModes.001
[2012.12.04 15:18:32 | 000,003,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.12.04 15:18:32 | 000,003,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.12.04 15:18:18 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.12.04 15:17:54 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.12.02 14:20:21 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012.11.28 23:39:20 | 000,671,462 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.11.28 23:39:20 | 000,632,152 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.11.28 23:39:20 | 000,144,598 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.11.28 23:39:20 | 000,118,778 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.11.27 20:01:50 | 000,432,488 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.11.27 09:12:53 | 000,131,072 | RHS- | M] () -- C:\Users\Melle\AppData\Roaming\NeroCheckj.dll
[2012.11.27 09:11:35 | 000,003,120 | ---- | M] () -- C:\Windows\System32\TYDTJYMD.ocx
[2012.11.23 10:16:54 | 000,129,024 | ---- | M] () -- C:\Users\Melle\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.11.22 18:20:30 | 000,001,534 | ---- | M] () -- C:\ProgramData\ss.ini
[2012.11.20 18:49:06 | 000,162,515 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2012.11.20 17:22:16 | 000,000,671 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2012.11.18 14:03:12 | 000,002,457 | ---- | M] () -- C:\Users\Melle\Downloads\Desktop\Word.lnk
[2012.11.08 19:18:53 | 000,026,984 | ---- | M] (AVG Technologies) -- C:\Windows\System32\drivers\avgtpx86.sys
 
========== Files Created - No Company Name ==========
 
[2012.11.27 09:12:53 | 000,131,072 | RHS- | C] () -- C:\Users\Melle\AppData\Roaming\NeroCheckj.dll
[2012.11.27 09:11:35 | 000,003,120 | ---- | C] () -- C:\Windows\System32\TYDTJYMD.ocx
[2012.05.06 20:41:25 | 000,000,008 | RHS- | C] () -- C:\ProgramData\sysqcl1129067056.dat
[2012.02.27 19:57:33 | 000,000,033 | ---- | C] () -- C:\ProgramData\{081230F8-EA50-42A9-983C-D22ABC2EED3B}.ini
[2011.09.27 12:31:12 | 000,000,000 | ---- | C] () -- C:\Users\Melle\NortonAV.exe
[2011.06.25 18:01:48 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll
[2011.05.15 19:15:52 | 000,281,760 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2011.05.15 19:15:51 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2011.05.10 17:36:25 | 000,116,189 | ---- | C] () -- C:\Windows\System32\drivers\klin.dat
[2011.05.10 17:36:25 | 000,098,168 | ---- | C] () -- C:\Windows\System32\drivers\klick.dat
[2010.08.17 12:21:42 | 000,000,000 | ---- | C] () -- C:\Users\Melle\AppData\Roaming\chrtmp
[2010.05.10 15:12:38 | 000,000,680 | ---- | C] () -- C:\Users\Melle\AppData\Local\d3d9caps.dat
[2010.04.22 21:01:44 | 000,001,534 | ---- | C] () -- C:\ProgramData\ss.ini
[2009.10.22 17:08:19 | 000,024,206 | ---- | C] () -- C:\Users\Melle\AppData\Roaming\UserTile.png
[2009.09.08 14:17:30 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009.04.19 20:26:19 | 000,129,024 | ---- | C] () -- C:\Users\Melle\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.04.19 20:24:45 | 000,000,094 | ---- | C] () -- C:\ProgramData\CameraRecorder.ini
[2009.04.19 19:36:31 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2008.10.07 12:32:45 | 000,162,515 | ---- | C] () -- C:\ProgramData\nvModes.001
[2008.10.07 12:23:04 | 000,162,515 | ---- | C] () -- C:\ProgramData\nvModes.dat
 
========== ZeroAccess Check ==========
 
[2006.11.02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 07:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2010.04.04 14:39:32 | 000,000,000 | ---D | M] -- C:\Users\Melle\AppData\Roaming\Academic Software Zurich
[2009.05.03 20:39:56 | 000,000,000 | ---D | M] -- C:\Users\Melle\AppData\Roaming\Atari
[2011.09.27 12:34:16 | 000,000,000 | ---D | M] -- C:\Users\Melle\AppData\Roaming\Babylon
[2012.01.06 20:15:28 | 000,000,000 | ---D | M] -- C:\Users\Melle\AppData\Roaming\BeachPartyCraze
[2012.01.02 00:11:56 | 000,000,000 | ---D | M] -- C:\Users\Melle\AppData\Roaming\Black Sea Studios
[2011.08.23 14:35:04 | 000,000,000 | ---D | M] -- C:\Users\Melle\AppData\Roaming\calibre
[2010.08.30 16:39:14 | 000,000,000 | ---D | M] -- C:\Users\Melle\AppData\Roaming\Canneverbe Limited
[2012.05.06 20:41:25 | 000,000,000 | ---D | M] -- C:\Users\Melle\AppData\Roaming\CocotronLibrary
[2012.11.29 20:10:48 | 000,000,000 | ---D | M] -- C:\Users\Melle\AppData\Roaming\DriverCure
[2012.08.23 00:34:07 | 000,000,000 | ---D | M] -- C:\Users\Melle\AppData\Roaming\Dropbox
[2012.09.28 17:19:37 | 000,000,000 | ---D | M] -- C:\Users\Melle\AppData\Roaming\DVDVideoSoft
[2011.10.30 18:25:48 | 000,000,000 | ---D | M] -- C:\Users\Melle\AppData\Roaming\DVDVideoSoftIEHelpers
[2010.08.31 14:18:46 | 000,000,000 | ---D | M] -- C:\Users\Melle\AppData\Roaming\EPSON
[2010.09.08 18:29:34 | 000,000,000 | ---D | M] -- C:\Users\Melle\AppData\Roaming\ICQ
[2010.05.29 20:17:38 | 000,000,000 | ---D | M] -- C:\Users\Melle\AppData\Roaming\Intenium
[2009.05.03 20:38:24 | 000,000,000 | ---D | M] -- C:\Users\Melle\AppData\Roaming\Leadertech
[2009.05.29 14:05:17 | 000,000,000 | ---D | M] -- C:\Users\Melle\AppData\Roaming\Lionhead Studios
[2011.06.25 18:11:06 | 000,000,000 | ---D | M] -- C:\Users\Melle\AppData\Roaming\MAGIX
[2011.09.27 12:34:29 | 000,000,000 | ---D | M] -- C:\Users\Melle\AppData\Roaming\Media Get LLC
[2010.09.16 23:10:21 | 000,000,000 | ---D | M] -- C:\Users\Melle\AppData\Roaming\Merscom
[2010.05.18 16:07:42 | 000,000,000 | ---D | M] -- C:\Users\Melle\AppData\Roaming\Nokia
[2010.05.18 16:23:22 | 000,000,000 | ---D | M] -- C:\Users\Melle\AppData\Roaming\NSeries
[2012.09.28 17:18:59 | 000,000,000 | ---D | M] -- C:\Users\Melle\AppData\Roaming\OpenCandy
[2010.09.18 12:10:11 | 000,000,000 | ---D | M] -- C:\Users\Melle\AppData\Roaming\PC Suite
[2009.10.22 17:08:19 | 000,000,000 | ---D | M] -- C:\Users\Melle\AppData\Roaming\PeerNetworking
[2012.01.06 19:15:55 | 000,000,000 | ---D | M] -- C:\Users\Melle\AppData\Roaming\PlayFirst
[2009.10.11 00:50:00 | 000,000,000 | ---D | M] -- C:\Users\Melle\AppData\Roaming\RouterControl
[2011.02.26 21:25:35 | 000,000,000 | ---D | M] -- C:\Users\Melle\AppData\Roaming\Schnellstart-DVD
[2010.11.02 21:34:12 | 000,000,000 | ---D | M] -- C:\Users\Melle\AppData\Roaming\Software Informer
[2010.06.22 19:20:41 | 000,000,000 | ---D | M] -- C:\Users\Melle\AppData\Roaming\Sony
[2010.06.22 18:49:09 | 000,000,000 | ---D | M] -- C:\Users\Melle\AppData\Roaming\Sony Setup
[2012.11.29 20:10:47 | 000,000,000 | ---D | M] -- C:\Users\Melle\AppData\Roaming\SpeedyPC Software
[2012.02.13 13:05:27 | 000,000,000 | ---D | M] -- C:\Users\Melle\AppData\Roaming\TuneUp Software
[2011.05.15 20:14:29 | 000,000,000 | ---D | M] -- C:\Users\Melle\AppData\Roaming\Ubisoft
[2009.04.19 18:33:34 | 000,000,000 | ---D | M] -- C:\Users\Melle\AppData\Roaming\Ulead Systems
[2010.08.03 22:10:04 | 000,000,000 | ---D | M] -- C:\Users\Melle\AppData\Roaming\ValuSoft
[2010.10.18 13:46:04 | 000,000,000 | ---D | M] -- C:\Users\Melle\AppData\Roaming\VistaCodecs
[2012.11.27 09:11:58 | 000,000,000 | ---D | M] -- C:\Users\Melle\AppData\Roaming\Zarb
[2010.07.12 20:52:42 | 000,000,000 | ---D | M] -- C:\Users\Melle\AppData\Roaming\Zylom
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*. >
[2012.02.13 12:43:12 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2009.09.25 10:36:50 | 000,000,000 | -HSD | M] -- C:\Boot
[2012.12.04 15:22:41 | 000,000,000 | -HSD | M] -- C:\Config.Msi
[2006.11.02 14:02:03 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2010.11.02 21:36:23 | 000,000,000 | ---D | M] -- C:\Downloads
[2011.09.26 14:56:50 | 000,000,000 | -HSD | M] -- C:\found.000
[2008.10.07 22:30:37 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2008.01.21 03:32:31 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2012.12.04 15:22:20 | 000,000,000 | ---D | M] -- C:\Program Files
[2012.11.29 20:48:24 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2012.12.04 16:33:09 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2010.01.05 15:51:22 | 000,000,000 | ---D | M] -- C:\temp
[2012.06.21 21:18:41 | 000,000,000 | R--D | M] -- C:\Users
[2012.11.01 13:49:56 | 000,000,000 | ---D | M] -- C:\Windows
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2010.04.04 14:39:32 | 000,000,000 | ---D | M] -- C:\Users\Melle\AppData\Roaming\Academic Software Zurich
[2011.11.27 00:08:19 | 000,000,000 | ---D | M] -- C:\Users\Melle\AppData\Roaming\Adobe
[2009.05.03 20:39:56 | 000,000,000 | ---D | M] -- C:\Users\Melle\AppData\Roaming\Atari
[2012.10.03 21:22:53 | 000,000,000 | ---D | M] -- C:\Users\Melle\AppData\Roaming\AVS4YOU
[2011.09.27 12:34:16 | 000,000,000 | ---D | M] -- C:\Users\Melle\AppData\Roaming\Babylon
[2012.01.06 20:15:28 | 000,000,000 | ---D | M] -- C:\Users\Melle\AppData\Roaming\BeachPartyCraze
[2012.01.02 00:11:56 | 000,000,000 | ---D | M] -- C:\Users\Melle\AppData\Roaming\Black Sea Studios
[2011.08.23 14:35:04 | 000,000,000 | ---D | M] -- C:\Users\Melle\AppData\Roaming\calibre
[2010.08.30 16:39:14 | 000,000,000 | ---D | M] -- C:\Users\Melle\AppData\Roaming\Canneverbe Limited
[2012.05.06 20:41:25 | 000,000,000 | ---D | M] -- C:\Users\Melle\AppData\Roaming\CocotronLibrary
[2009.04.19 20:26:08 | 000,000,000 | ---D | M] -- C:\Users\Melle\AppData\Roaming\Corel
[2010.08.09 17:08:33 | 000,000,000 | ---D | M] -- C:\Users\Melle\AppData\Roaming\DivX
[2010.09.18 20:08:09 | 000,000,000 | ---D | M] -- C:\Users\Melle\AppData\Roaming\Download Manager
[2012.11.29 20:10:48 | 000,000,000 | ---D | M] -- C:\Users\Melle\AppData\Roaming\DriverCure
[2012.08.23 00:34:07 | 000,000,000 | ---D | M] -- C:\Users\Melle\AppData\Roaming\Dropbox
[2012.11.20 18:03:24 | 000,000,000 | ---D | M] -- C:\Users\Melle\AppData\Roaming\dvdcss
[2012.09.28 17:19:37 | 000,000,000 | ---D | M] -- C:\Users\Melle\AppData\Roaming\DVDVideoSoft
[2011.10.30 18:25:48 | 000,000,000 | ---D | M] -- C:\Users\Melle\AppData\Roaming\DVDVideoSoftIEHelpers
[2010.08.31 14:18:46 | 000,000,000 | ---D | M] -- C:\Users\Melle\AppData\Roaming\EPSON
[2009.04.21 19:28:22 | 000,000,000 | ---D | M] -- C:\Users\Melle\AppData\Roaming\Google
[2011.05.24 19:51:02 | 000,000,000 | ---D | M] -- C:\Users\Melle\AppData\Roaming\HpUpdate
[2010.09.08 18:29:34 | 000,000,000 | ---D | M] -- C:\Users\Melle\AppData\Roaming\ICQ
[2010.07.12 20:52:42 | 000,000,000 | ---D | M] -- C:\Users\Melle\AppData\Roaming\Identities
[2009.04.19 18:08:30 | 000,000,000 | ---D | M] -- C:\Users\Melle\AppData\Roaming\InstallShield
[2010.05.29 20:17:38 | 000,000,000 | ---D | M] -- C:\Users\Melle\AppData\Roaming\Intenium
[2009.05.03 20:38:24 | 000,000,000 | ---D | M] -- C:\Users\Melle\AppData\Roaming\Leadertech
[2009.05.29 14:05:17 | 000,000,000 | ---D | M] -- C:\Users\Melle\AppData\Roaming\Lionhead Studios
[2010.05.29 20:28:06 | 000,000,000 | ---D | M] -- C:\Users\Melle\AppData\Roaming\Macromedia
[2011.06.25 18:11:06 | 000,000,000 | ---D | M] -- C:\Users\Melle\AppData\Roaming\MAGIX
[2012.11.29 20:49:11 | 000,000,000 | ---D | M] -- C:\Users\Melle\AppData\Roaming\Malwarebytes
[2006.11.02 13:37:34 | 000,000,000 | ---D | M] -- C:\Users\Melle\AppData\Roaming\Media Center Programs
[2011.09.27 12:34:29 | 000,000,000 | ---D | M] -- C:\Users\Melle\AppData\Roaming\Media Get LLC
[2010.09.16 23:10:21 | 000,000,000 | ---D | M] -- C:\Users\Melle\AppData\Roaming\Merscom
[2012.11.27 21:24:53 | 000,000,000 | --SD | M] -- C:\Users\Melle\AppData\Roaming\Microsoft
[2009.04.26 13:53:34 | 000,000,000 | ---D | M] -- C:\Users\Melle\AppData\Roaming\Move Networks
[2011.11.26 23:42:14 | 000,000,000 | ---D | M] -- C:\Users\Melle\AppData\Roaming\Mozilla
[2011.04.13 19:55:31 | 000,000,000 | ---D | M] -- C:\Users\Melle\AppData\Roaming\Nero
[2010.05.18 16:07:42 | 000,000,000 | ---D | M] -- C:\Users\Melle\AppData\Roaming\Nokia
[2010.05.18 16:23:22 | 000,000,000 | ---D | M] -- C:\Users\Melle\AppData\Roaming\NSeries
[2012.09.28 17:18:59 | 000,000,000 | ---D | M] -- C:\Users\Melle\AppData\Roaming\OpenCandy
[2010.09.18 12:10:11 | 000,000,000 | ---D | M] -- C:\Users\Melle\AppData\Roaming\PC Suite
[2009.10.22 17:08:19 | 000,000,000 | ---D | M] -- C:\Users\Melle\AppData\Roaming\PeerNetworking
[2012.01.06 19:15:55 | 000,000,000 | ---D | M] -- C:\Users\Melle\AppData\Roaming\PlayFirst
[2009.04.19 20:28:06 | 000,000,000 | ---D | M] -- C:\Users\Melle\AppData\Roaming\Reallusion
[2009.10.11 00:50:00 | 000,000,000 | ---D | M] -- C:\Users\Melle\AppData\Roaming\RouterControl
[2011.02.26 21:25:35 | 000,000,000 | ---D | M] -- C:\Users\Melle\AppData\Roaming\Schnellstart-DVD
[2012.08.21 21:26:42 | 000,000,000 | ---D | M] -- C:\Users\Melle\AppData\Roaming\Skype
[2010.06.11 21:35:08 | 000,000,000 | ---D | M] -- C:\Users\Melle\AppData\Roaming\skypePM
[2010.11.02 21:34:12 | 000,000,000 | ---D | M] -- C:\Users\Melle\AppData\Roaming\Software Informer
[2010.06.22 19:20:41 | 000,000,000 | ---D | M] -- C:\Users\Melle\AppData\Roaming\Sony
[2010.06.22 18:49:09 | 000,000,000 | ---D | M] -- C:\Users\Melle\AppData\Roaming\Sony Setup
[2012.11.29 20:10:47 | 000,000,000 | ---D | M] -- C:\Users\Melle\AppData\Roaming\SpeedyPC Software
[2009.04.19 18:17:21 | 000,000,000 | ---D | M] -- C:\Users\Melle\AppData\Roaming\Symantec
[2012.02.13 13:05:27 | 000,000,000 | ---D | M] -- C:\Users\Melle\AppData\Roaming\TuneUp Software
[2011.05.15 20:14:29 | 000,000,000 | ---D | M] -- C:\Users\Melle\AppData\Roaming\Ubisoft
[2009.04.19 18:33:34 | 000,000,000 | ---D | M] -- C:\Users\Melle\AppData\Roaming\Ulead Systems
[2010.08.03 22:10:04 | 000,000,000 | ---D | M] -- C:\Users\Melle\AppData\Roaming\ValuSoft
[2010.10.18 13:46:04 | 000,000,000 | ---D | M] -- C:\Users\Melle\AppData\Roaming\VistaCodecs
[2012.11.22 18:51:25 | 000,000,000 | ---D | M] -- C:\Users\Melle\AppData\Roaming\vlc
[2012.05.17 23:02:50 | 000,000,000 | ---D | M] -- C:\Users\Melle\AppData\Roaming\WinRAR
[2012.11.27 09:11:58 | 000,000,000 | ---D | M] -- C:\Users\Melle\AppData\Roaming\Zarb
[2010.07.12 20:52:42 | 000,000,000 | ---D | M] -- C:\Users\Melle\AppData\Roaming\Zylom
 
< %APPDATA%\*.exe /s >
[2011.11.27 00:07:23 | 000,053,632 | ---- | M] (Adobe Systems Inc.) -- C:\Users\Melle\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
[2010.06.22 19:19:42 | 000,010,134 | R--- | M] () -- C:\Users\Melle\AppData\Roaming\Microsoft\Installer\{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}\ARPPRODUCTICON.exe
[2011.05.24 19:55:38 | 000,010,134 | R--- | M] () -- C:\Users\Melle\AppData\Roaming\Microsoft\Installer\{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}\ARPPRODUCTICON.exe
[2011.02.26 21:31:28 | 000,010,134 | R--- | M] () -- C:\Users\Melle\AppData\Roaming\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe
[2009.02.12 19:37:34 | 000,097,144 | ---- | M] () -- C:\Users\Melle\AppData\Roaming\Move Networks\ie_bin\MovePlayerUpgrade.exe
[2009.04.26 13:53:34 | 000,034,062 | ---- | M] () -- C:\Users\Melle\AppData\Roaming\Move Networks\ie_bin\Uninst.exe
[2012.09.06 19:57:32 | 008,812,888 | ---- | M] () -- C:\Users\Melle\AppData\Roaming\OpenCandy\B6630F44737C45F0B9FC703702B24B7C\Installer.exe
[2010.11.18 12:00:00 | 000,425,336 | R--- | M] (Deutsche Telekom AG) -- C:\Users\Melle\AppData\Roaming\Schnellstart-DVD\Starter\DT_Softwarestarter.exe
[2010.06.22 19:14:14 | 033,850,672 | ---- | M] (Apple Inc.) -- C:\Users\Melle\AppData\Roaming\Sony Setup\9234765D-29DF-48d0-93FB-284B7B6009B9\QuickTimeInstaller.exe
 
< %SYSTEMROOT%\system32\drivers\*.sys /lockedfiles >
[2008.01.21 03:23:21 | 000,422,968 | ---- | M] (Adaptec, Inc.) Unable to obtain MD5 -- C:\Windows\system32\drivers\adp94xx.sys
[2008.01.21 03:23:25 | 000,300,600 | ---- | M] (Adaptec, Inc.) Unable to obtain MD5 -- C:\Windows\system32\drivers\adpahci.sys
[2008.01.21 03:23:26 | 000,101,432 | ---- | M] (Adaptec, Inc.) Unable to obtain MD5 -- C:\Windows\system32\drivers\adpu160m.sys
[2008.01.21 03:23:27 | 000,149,560 | ---- | M] (Adaptec, Inc.) Unable to obtain MD5 -- C:\Windows\system32\drivers\adpu320.sys
[2008.02.29 23:13:38 | 001,202,560 | ---- | M] (Agere Systems) Unable to obtain MD5 -- C:\Windows\system32\drivers\AGRSM.sys
[2008.01.21 03:23:00 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) Unable to obtain MD5 -- C:\Windows\system32\drivers\aliide.sys
[2008.01.21 03:23:23 | 000,079,416 | ---- | M] (Adaptec, Inc.) Unable to obtain MD5 -- C:\Windows\system32\drivers\arc.sys
[2008.01.21 03:23:24 | 000,079,928 | ---- | M] (Adaptec, Inc.) Unable to obtain MD5 -- C:\Windows\system32\drivers\arcsas.sys
[2009.01.13 09:45:00 | 000,954,368 | ---- | M] (Atheros Communications, Inc.) Unable to obtain MD5 -- C:\Windows\system32\drivers\athr.sys
[2011.05.15 19:15:52 | 000,281,760 | ---- | M] () Unable to obtain MD5 -- C:\Windows\system32\drivers\atksgt.sys
[2012.11.08 19:18:53 | 000,026,984 | ---- | M] (AVG Technologies) Unable to obtain MD5 -- C:\Windows\system32\drivers\avgtpx86.sys
[2006.11.02 09:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) Unable to obtain MD5 -- C:\Windows\system32\drivers\BrFiltLo.sys
[2006.11.02 09:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) Unable to obtain MD5 -- C:\Windows\system32\drivers\BrFiltUp.sys
[2006.11.02 09:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) Unable to obtain MD5 -- C:\Windows\system32\drivers\BrSerId.sys
[2006.11.02 09:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) Unable to obtain MD5 -- C:\Windows\system32\drivers\BrSerWdm.sys
[2006.11.02 09:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) Unable to obtain MD5 -- C:\Windows\system32\drivers\BrUsbMdm.sys
[2006.11.02 09:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) Unable to obtain MD5 -- C:\Windows\system32\drivers\BrUsbSer.sys
[2010.01.21 13:53:16 | 000,018,048 | ---- | M] (Nokia) Unable to obtain MD5 -- C:\Windows\system32\drivers\ccdcmb.sys
[2009.12.30 10:30:48 | 000,022,016 | ---- | M] (Nokia) Unable to obtain MD5 -- C:\Windows\system32\drivers\ccdcmbo.sys
[2008.01.21 03:23:00 | 000,019,000 | ---- | M] (CMD Technology, Inc.) Unable to obtain MD5 -- C:\Windows\system32\drivers\cmdide.sys
[2006.11.02 10:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) Unable to obtain MD5 -- C:\Windows\system32\drivers\djsvs.sys
[2008.01.21 03:23:24 | 000,118,784 | ---- | M] (Intel Corporation) Unable to obtain MD5 -- C:\Windows\system32\drivers\E1G60I32.sys
[2008.01.21 03:23:22 | 000,342,584 | ---- | M] (Emulex) Unable to obtain MD5 -- C:\Windows\system32\drivers\elxstor.sys
[2008.04.28 18:54:58 | 000,054,784 | ---- | M] (ENE TECHNOLOGY INC.) Unable to obtain MD5 -- C:\Windows\system32\drivers\enecir.sys
[2008.01.21 03:23:26 | 000,040,504 | ---- | M] (Hewlett-Packard Company) Unable to obtain MD5 -- C:\Windows\system32\drivers\HpCISSs.sys
[2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) Unable to obtain MD5 -- C:\Windows\system32\drivers\iaStorV.sys
[2006.11.02 10:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) Unable to obtain MD5 -- C:\Windows\system32\drivers\iirsp.sys
[2006.11.02 10:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) Unable to obtain MD5 -- C:\Windows\system32\drivers\iteatapi.sys
[2006.11.02 10:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) Unable to obtain MD5 -- C:\Windows\system32\drivers\iteraid.sys
[2008.08.07 10:01:44 | 000,097,536 | ---- | M] (JMicron Technology Corporation) Unable to obtain MD5 -- C:\Windows\system32\drivers\jmcr.sys
[2010.06.09 16:43:50 | 000,132,184 | ---- | M] (Kaspersky Lab ZAO) Unable to obtain MD5 -- C:\Windows\system32\drivers\kl1.sys
[2010.06.09 16:43:52 | 000,011,352 | ---- | M] (Kaspersky Lab ZAO) Unable to obtain MD5 -- C:\Windows\system32\drivers\kl2.sys
[2011.05.10 17:32:07 | 000,488,536 | ---- | M] (Kaspersky Lab) Unable to obtain MD5 -- C:\Windows\system32\drivers\klif.sys
[2010.04.22 18:07:34 | 000,022,104 | ---- | M] (Kaspersky Lab ZAO) Unable to obtain MD5 -- C:\Windows\system32\drivers\klim6.sys
[2009.11.02 19:27:16 | 000,019,984 | ---- | M] (Kaspersky Lab) Unable to obtain MD5 -- C:\Windows\system32\drivers\klmouflt.sys
 
< %SYSTEMROOT%\System32\config\*.sav >
[2008.01.21 04:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008.01.21 04:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008.01.21 04:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006.11.02 11:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006.11.02 11:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
 
< %SYSTEMROOT%\*. /mp /s >
 
< %SYSTEMROOT%\system32\*.dll /lockedfiles >
[2006.11.02 10:46:04 | 000,380,957 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\expsrv.dll
[2011.04.13 14:38:36 | 000,229,776 | ---- | M] (Kaspersky Lab ZAO) Unable to obtain MD5 -- C:\Windows\system32\klogon.dll
[2008.01.21 03:24:11 | 001,386,496 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\msvbvm60.dll
 
<           >
[2006.11.02 14:01:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2006.11.02 14:01:49 | 000,032,558 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010.02.21 20:03:22 | 000,001,094 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
[2010.02.21 20:03:22 | 000,001,098 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
[2012.07.23 18:35:38 | 000,000,884 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 98 bytes -> C:\ProgramData\TEMP:ED2998F5
@Alternate Data Stream - 304 bytes -> D:\Dokumente\Kontoauszüge_Studiengebühren 20100002.jpg:Updt_SummaryInformation
@Alternate Data Stream - 304 bytes -> D:\Dokumente\Kontoauszüge_Studiengebühren 20100001.jpg:Updt_SummaryInformation
@Alternate Data Stream - 304 bytes -> D:\Dokumente\Kassenzettel_Klodeckel 3D.jpg:Updt_SummaryInformation
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:4A966CC2
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:91486201
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:58EBEBDC

< End of report >

Gentlewoman · 04.12.2012, 17:19

okay, ich hoffe, ich hab das jetzt richtig gemacht...

Code:

ATTFilter

OTL logfile created on: 04.12.2012 16:15:33 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Melle\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19328)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,10 Gb Available Physical Memory | 36,83% Memory free
6,20 Gb Paging File | 3,95 Gb Available in Paging File | 63,75% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 43,95 Gb Total Space | 0,93 Gb Free Space | 2,11% Space Free | Partition Type: NTFS
Drive D: | 246,33 Gb Total Space | 25,11 Gb Free Space | 10,19% Space Free | Partition Type: NTFS
Drive E: | 6,25 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: MELLES-PC | User Name: Melle | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.12.04 16:01:21 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Melle\Downloads\OTL.exe
PRC - [2012.11.28 16:41:36 | 001,123,720 | ---- | M] (Spigot, Inc.) -- C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe
PRC - [2012.11.28 16:34:18 | 000,793,600 | ---- | M] (Spigot, Inc.) -- C:\Program Files\Application Updater\ApplicationUpdater.exe
PRC - [2012.11.18 19:55:05 | 001,807,800 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe
PRC - [2012.11.08 19:18:50 | 000,997,320 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
PRC - [2012.11.08 19:18:46 | 000,711,112 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe
PRC - [2012.10.28 16:01:49 | 000,917,984 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012.09.29 19:54:26 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- D:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.09.29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- D:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.09.29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- D:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012.06.06 20:33:42 | 001,564,872 | ---- | M] (Ask) -- C:\Program Files\Ask.com\Updater\Updater.exe
PRC - [2011.12.13 09:34:54 | 000,671,552 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe
PRC - [2011.12.13 09:32:32 | 001,527,104 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe
PRC - [2011.11.13 19:56:20 | 000,126,976 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe
PRC - [2011.04.13 14:39:50 | 000,387,696 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 11\avp.exe
PRC - [2010.11.10 11:23:03 | 001,619,968 | ---- | M] (Deutsche Telekom AG) -- C:\Program Files\Netzmanager\netzmanager.exe
PRC - [2010.11.04 15:41:46 | 000,009,728 | ---- | M] (Deutsche Telekom AG) -- C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe
PRC - [2010.05.04 12:07:22 | 000,503,080 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Update\NASvc.exe
PRC - [2010.03.04 22:38:00 | 000,071,096 | ---- | M] () -- D:\Programme\CDBurnerXP\NMSAccessU.exe
PRC - [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.02.26 18:36:46 | 000,030,040 | ---- | M] (Microsoft Corporation) -- D:\Programme\Microsoft Office\Office12\GrooveMonitor.exe
PRC - [2009.01.26 14:31:16 | 002,144,088 | RHS- | M] (Safer Networking Limited) -- D:\Programme\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009.01.26 14:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- D:\Programme\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008.08.27 02:02:32 | 000,708,608 | ---- | M] (Mirco-Star International  CO., LTD.) -- C:\Program Files\System Control Manager\MGSysCtrl.exe
PRC - [2008.08.27 00:52:14 | 000,159,744 | ---- | M] () -- C:\Program Files\System Control Manager\MSIService.exe
PRC - [2008.08.21 02:35:20 | 006,265,376 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2008.05.22 21:54:42 | 000,120,168 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
PRC - [2008.01.21 03:23:32 | 000,319,544 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Windows Defender\MpCmdRun.exe
PRC - [2007.06.05 12:20:32 | 000,177,704 | ---- | M] () -- C:\Windows\System32\PSIService.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.11.18 19:55:03 | 014,586,808 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32_11_5_502_110.dll
MOD - [2012.11.15 18:09:13 | 000,998,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\d08cb6b1c4052e6f5a4e2452870d67d7\System.Management.ni.dll
MOD - [2012.11.15 18:08:36 | 001,070,080 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\6be544795f68114304a2efdd502a52f0\System.IdentityModel.ni.dll
MOD - [2012.11.15 18:08:31 | 002,346,496 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\68c89abe0ec8381863d6bb18539504f9\System.Runtime.Serialization.ni.dll
MOD - [2012.11.15 18:08:23 | 000,256,000 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\949339bed597380b8fb6dd2dc97d8006\SMDiagnostics.ni.dll
MOD - [2012.11.15 18:08:17 | 017,404,416 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\421f75fe97f5df57f17688ea52fcee3d\System.ServiceModel.ni.dll
MOD - [2012.11.15 18:06:59 | 011,820,032 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\ac05afefb5b28893d44ec451da0e6d4e\System.Web.ni.dll
MOD - [2012.11.15 18:06:30 | 000,627,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\850a371af19c00078a8cfbee763fb449\System.Transactions.ni.dll
MOD - [2012.11.15 18:06:28 | 000,627,712 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\1f0ff07c7fa3ef235a9e2b3b6a49db04\System.EnterpriseServices.ni.dll
MOD - [2012.11.15 18:05:59 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\7f15d0cb7e4f87f86e425d5ffe7e8280\System.Configuration.ni.dll
MOD - [2012.11.14 23:00:39 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\741164a3e36f879b9f9e3ff176465127\System.Xml.ni.dll
MOD - [2012.11.14 22:58:47 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\22e554f2c4da53c07e4815a24e2d50e2\System.Windows.Forms.ni.dll
MOD - [2012.11.14 22:58:09 | 001,592,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\2c6cd37f29fc76d6c2ed6bbed202d82c\System.Drawing.ni.dll
MOD - [2012.11.14 22:56:57 | 006,621,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\ee724aeea5f1b9d8a01fa6047fd2ef99\System.Data.ni.dll
MOD - [2012.11.14 22:55:31 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\39cc0e726e5b80a46337fa969cde2b66\PresentationFramework.Aero.ni.dll
MOD - [2012.11.14 22:55:16 | 014,329,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\fb15c044e4e7d611a5cbe5a1aa6db455\PresentationFramework.ni.dll
MOD - [2012.11.14 22:53:45 | 012,219,392 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\09ab834223f9c860f08de8d58688b1a3\PresentationCore.ni.dll
MOD - [2012.11.14 22:51:22 | 003,325,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\0e3cff5f58a9a75de7fcac112c8bbca0\WindowsBase.ni.dll
MOD - [2012.11.14 22:50:58 | 007,976,960 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\b2052acbbbba4f98585196872195e009\System.ni.dll
MOD - [2012.11.14 22:49:48 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7ad9c44df3b85848590e63f13fc59804\mscorlib.ni.dll
MOD - [2012.11.08 19:18:52 | 000,134,600 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\13.2.0\SiteSafety.dll
MOD - [2012.11.08 19:18:51 | 000,566,728 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\DNTInstaller\13.2.0\avgdttbx.dll
MOD - [2012.11.08 19:18:50 | 000,997,320 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
MOD - [2012.10.28 16:01:47 | 002,295,264 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011.11.13 19:56:21 | 000,103,424 | ---- | M] () -- C:\Program Files\Google\Quick Search Box\bin\1.2.1151.245\rlz.dll
MOD - [2010.03.11 21:21:05 | 008,007,680 | ---- | M] () -- C:\Windows\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.mshtml.dll
MOD - [2010.03.11 21:21:03 | 000,126,976 | ---- | M] () -- C:\Windows\assembly\GAC\Interop.SHDocVw\1.1.0.0__4b827ebe229d539f\Interop.SHDocVw.dll
MOD - [2010.03.11 21:20:58 | 000,281,088 | ---- | M] () -- C:\Windows\assembly\GAC_32\Asz.Citavi.IEPicker\1.0.0.0__f59eabe05cc67589\Asz.Citavi.IEPicker.dll
MOD - [2009.12.09 07:54:50 | 000,495,616 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.ServiceModel.resources\3.0.0.0_de_b77a5c561934e089\System.ServiceModel.resources.dll
MOD - [2009.03.30 05:42:19 | 000,261,632 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
MOD - [2009.03.30 05:42:17 | 002,933,760 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2009.03.30 05:42:12 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll
MOD - [2009.03.30 05:42:12 | 000,167,936 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Xml.resources\2.0.0.0_de_b77a5c561934e089\System.Xml.resources.dll
MOD - [2009.03.30 05:42:11 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2009.02.18 19:39:53 | 000,098,304 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Serialization.resources\3.0.0.0_de_b77a5c561934e089\System.Runtime.Serialization.resources.dll
MOD - [2008.08.25 19:47:16 | 000,192,512 | ---- | M] () -- C:\Program Files\System Control Manager\MSIWmiAcpi.dll
MOD - [2008.07.18 21:39:04 | 000,053,248 | ---- | M] () -- C:\Program Files\System Control Manager\MGKBHook.dll
 
 
========== Services (SafeList) ==========
 
SRV - File not found [Auto | Running] -- D:\Programme\Spybot -- (SBSDWSCService)
SRV - [2012.11.28 16:34:18 | 000,793,600 | ---- | M] (Spigot, Inc.) [Auto | Running] -- C:\Program Files\Application Updater\ApplicationUpdater.exe -- (Application Updater)
SRV - [2012.11.18 19:55:06 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.11.08 19:18:46 | 000,711,112 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe -- (vToolbarUpdater13.2.0)
SRV - [2012.10.28 16:01:49 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.09.29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- D:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.09.29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- D:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012.07.13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011.12.13 09:32:32 | 001,527,104 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc)
SRV - [2011.12.13 09:29:16 | 000,029,504 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\System32\uxtuneup.dll -- (UxTuneUp)
SRV - [2011.04.13 14:39:50 | 000,387,696 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 11\avp.exe -- (AVP)
SRV - [2010.11.04 15:41:46 | 000,009,728 | ---- | M] (Deutsche Telekom AG) [Auto | Running] -- C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe -- (Netzmanager Service)
SRV - [2010.05.04 12:07:22 | 000,503,080 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2010.03.04 22:38:00 | 000,071,096 | ---- | M] () [Auto | Running] -- D:\Programme\CDBurnerXP\NMSAccessU.exe -- (NMSAccess)
SRV - [2010.01.26 11:41:08 | 000,652,800 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2009.08.24 22:16:36 | 000,406,016 | ---- | M] (mst software GmbH, Germany) [On_Demand | Stopped] -- D:\Programme\Ashampoo\Ashampoo WinOptimizer 6\DfSdkS.exe -- (DfSdkS)
SRV - [2009.02.26 18:36:22 | 000,064,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- D:\Programme\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)
SRV - [2008.08.27 00:52:14 | 000,159,744 | ---- | M] () [Auto | Running] -- C:\Program Files\System Control Manager\MSIService.exe -- (Micro Star SCM)
SRV - [2008.05.22 21:54:42 | 000,120,168 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)
SRV - [2008.01.21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007.06.05 12:20:32 | 000,177,704 | ---- | M] () [Auto | Start_Pending] -- C:\Windows\System32\PSIService.exe -- (ProtexisLicensing)
SRV - [2007.05.31 08:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007.05.31 08:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\tosrfusb.sys -- (Tosrfusb)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\tosrfsnd.sys -- (TosRfSnd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\tosrfnds.sys -- (tosrfnds)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\Tosrfhid.sys -- (Tosrfhid)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\tosrfcom.sys -- (Tosrfcom)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\tosrfbnp.sys -- (tosrfbnp)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\tosrfbd.sys -- (tosrfbd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\tosporte.sys -- (tosporte)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\SymIM.sys -- (SymIMMP)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbmdm.sys -- (hwdatacard)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Melle\AppData\Local\Temp\cpuz132\cpuz132_x32.sys -- (cpuz132)
DRV - [2012.11.08 19:18:53 | 000,026,984 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtpx86.sys -- (avgtp)
DRV - [2012.09.29 19:54:26 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012.08.20 10:48:46 | 000,039,016 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tbhsd.sys -- (tbhsd)
DRV - [2012.08.20 10:48:22 | 000,031,848 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rrnetcap.sys -- (RRNetCapMP)
DRV - [2012.08.20 10:48:22 | 000,031,848 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rrnetcap.sys -- (RRNetCap)
DRV - [2011.12.12 15:11:50 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv)
DRV - [2011.11.05 21:37:00 | 000,013,824 | ---- | M] (Scott) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\USBDrv.sys -- (usbUDisc)
DRV - [2011.05.15 19:15:52 | 000,281,760 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt)
DRV - [2011.05.15 19:15:51 | 000,025,888 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2011.05.10 17:32:07 | 000,488,536 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\System32\drivers\klif.sys -- (KLIF)
DRV - [2010.09.16 16:02:33 | 000,035,040 | ---- | M] (Deutsche Telekom AG AG, Marmiko IT-Solutions GmbH) [Kernel | On_Demand | Stopped] -- C:\Program Files\Netzmanager\NMInfraIS2\Driver\TelekomNM3.sys -- (TelekomNM3)
DRV - [2010.06.23 09:21:32 | 000,259,176 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2010.06.09 16:43:52 | 000,011,352 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\System32\drivers\kl2.sys -- (kl2)
DRV - [2010.06.09 16:43:50 | 000,132,184 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\kl1.sys -- (KL1)
DRV - [2010.04.22 18:07:34 | 000,022,104 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\System32\drivers\klim6.sys -- (KLIM6)
DRV - [2010.01.21 13:53:16 | 000,018,048 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2009.12.30 10:30:56 | 000,007,936 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2009.12.30 10:30:48 | 000,022,016 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2009.12.30 10:30:48 | 000,007,936 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2009.12.30 10:25:12 | 000,137,344 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdnsu.sys -- (nmwcdnsu)
DRV - [2009.12.30 10:25:12 | 000,008,320 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdnsuc.sys -- (nmwcdnsuc)
DRV - [2009.11.12 13:48:56 | 000,007,168 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2009.11.02 19:27:16 | 000,019,984 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\klmouflt.sys -- (klmouflt)
DRV - [2009.05.11 09:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.01.13 09:45:00 | 000,954,368 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2008.08.26 08:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008.08.23 02:28:32 | 000,333,824 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RTL8187Se.sys -- (RTL8187Se)
DRV - [2008.08.07 10:01:44 | 000,097,536 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\jmcr.sys -- (JMCR)
DRV - [2008.07.19 20:53:00 | 007,545,824 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008.06.11 11:23:12 | 001,097,856 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\smserial.sys -- (smserial)
DRV - [2008.06.10 00:45:08 | 001,748,352 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC)
DRV - [2008.06.07 18:13:10 | 000,145,440 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\nvstor32.sys -- (nvstor32)
DRV - [2008.04.28 18:54:58 | 000,054,784 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\enecir.sys -- (enecir)
DRV - [2008.04.01 14:42:36 | 000,014,848 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2008.02.29 23:13:38 | 001,202,560 | ---- | M] (Agere Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2007.03.19 15:00:14 | 000,031,616 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RLVrtAuCbl.sys -- (ReallusionVirtualAudio)
DRV - [2004.04.01 15:30:46 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\pfc.sys -- (pfc)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.msi.com.tw
IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\tbsoft.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5}
IE - HKLM\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=e96e3333-331c-4630-8fad-5dbfaf50552d&affid=111585&searchtype=ds&babsrc=lnkry&q={searchTerms}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2431245
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-3104658056-2666497172-1268995590-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.msi.com.tw
IE - HKU\S-1-5-21-3104658056-2666497172-1268995590-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=e96e3333-331c-4630-8fad-5dbfaf50552d&affid=111585&searchtype=ds&babsrc=lnkry&q={searchTerms}
IE - HKU\S-1-5-21-3104658056-2666497172-1268995590-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=e96e3333-331c-4630-8fad-5dbfaf50552d&affid=111585&searchtype=ds&babsrc=lnkry&q={searchTerms}
IE - HKU\S-1-5-21-3104658056-2666497172-1268995590-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=e96e3333-331c-4630-8fad-5dbfaf50552d&affid=111585&searchtype=hp&babsrc=lnkry_nt
IE - HKU\S-1-5-21-3104658056-2666497172-1268995590-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3104658056-2666497172-1268995590-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=e96e3333-331c-4630-8fad-5dbfaf50552d&affid=111585&searchtype=ds&babsrc=lnkry&q={searchTerms}
IE - HKU\S-1-5-21-3104658056-2666497172-1268995590-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=e96e3333-331c-4630-8fad-5dbfaf50552d&affid=111585&searchtype=ds&babsrc=lnkry&q={searchTerms}
IE - HKU\S-1-5-21-3104658056-2666497172-1268995590-1000\..\URLSearchHook: {E634228A-03CF-4BC8-B0AB-668257F1FD8C} - C:\Program Files\FreeRIP Toolbar\IE\6.6\freeripToolbarIE.dll (Spigot, Inc.)
IE - HKU\S-1-5-21-3104658056-2666497172-1268995590-1000\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-3104658056-2666497172-1268995590-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADBF_deDE324
IE - HKU\S-1-5-21-3104658056-2666497172-1268995590-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=386496&ilc=12"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://web.de/"
FF - prefs.js..extensions.enabledAddons: freerip@mybrowserbar.com:6.5
FF - prefs.js..extensions.enabledAddons: wtxpcom@mybrowserbar.com:6.5
FF - prefs.js..keyword.URL: "hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=e96e3333-331c-4630-8fad-5dbfaf50552d&affid=111585&searchtype=ds&babsrc=lnkry&q="
FF - prefs.js..network.proxy.type: 0
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_110.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\13.2.0\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: D:\Programme\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0: C:\Program Files\Sony\Media Go\npmediago.dll (Sony Media Software and Services Inc)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.3: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.4: d:\Programme\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\ [2010.05.18 15:24:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2011.05.03 20:55:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2011.05.03 20:55:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.10.28 16:01:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.10.28 16:01:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2010.05.18 15:24:43 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.10.28 16:01:50 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.10.28 16:01:32 | 000,000,000 | ---D | M]
 
[2011.11.26 23:42:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Melle\AppData\Roaming\mozilla\Extensions
[2012.12.04 15:22:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Melle\AppData\Roaming\mozilla\Firefox\Profiles\q8o8ke3n.default\extensions
[2012.01.02 14:38:02 | 000,000,000 | ---D | M] (AVG Security Toolbar) -- C:\Users\Melle\AppData\Roaming\mozilla\Firefox\Profiles\q8o8ke3n.default\extensions\avg@toolbar
[2012.10.28 16:01:27 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012.10.28 16:01:27 | 000,000,000 | ---D | M] (Anti-Banner) -- C:\Program Files\Mozilla Firefox\extensions\KavAntiBanner@Kaspersky.ru
[2012.10.28 16:01:27 | 000,000,000 | ---D | M] (Modul zur Link-Untersuchung) -- C:\Program Files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru
[2012.12.04 15:22:41 | 000,000,000 | ---D | M] (Widgi Toolbar Platform) -- C:\PROGRAM FILES\COMMON FILES\SPIGOT\WTXPCOM
[2012.12.04 15:22:41 | 000,000,000 | ---D | M] (FreeRIP Toolbar) -- C:\PROGRAM FILES\FREERIP TOOLBAR\FF
[2012.10.28 16:01:50 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.04.29 15:56:55 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.11.08 19:19:03 | 000,003,574 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
[2012.08.31 16:47:17 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.04.29 15:56:55 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.04.29 15:56:55 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.04.29 15:56:55 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.04.29 15:56:55 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (no name) - {2EECD738-5844-4a99-B4B6-146BF802613B} - No CLSID value found.
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 11\ievkbd.dll (Kaspersky Lab ZAO)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll ()
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7529.1424\swg.dll (Google Inc.)
O2 - BHO: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\tbsoft.dll (Conduit Ltd.)
O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll File not found
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 11\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (FreeRIP Toolbar) - {E634228A-03CF-4BC8-B0AB-668257F1FD8C} - C:\Program Files\FreeRIP Toolbar\IE\6.6\freeripToolbarIE.dll (Spigot, Inc.)
O2 - BHO: (SMTTB2009 Class) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\HyperCam Toolbar\tbcore3.dll ()
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (HyperCam Toolbar) - {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Program Files\HyperCam Toolbar\tbcore3.dll ()
O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (@C:\Program Files\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll File not found
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (no name) - {98889811-442D-49dd-99D7-DC866BE87DBC} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
O3 - HKLM\..\Toolbar: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\tbsoft.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (FreeRIP Toolbar) - {E634228A-03CF-4BC8-B0AB-668257F1FD8C} - C:\Program Files\FreeRIP Toolbar\IE\6.6\freeripToolbarIE.dll (Spigot, Inc.)
O3 - HKU\S-1-5-21-3104658056-2666497172-1268995590-1000\..\Toolbar\WebBrowser: (HyperCam Toolbar) - {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Program Files\HyperCam Toolbar\tbcore3.dll ()
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 11\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [Google Quick Search Box] C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe (Google Inc.)
O4 - HKLM..\Run: [GrooveMonitor] D:\Programme\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
O4 - HKLM..\Run: [HF_G_Jul] C:\Program Files\AVG Secure Search\HF_G_Jul.exe ()
O4 - HKLM..\Run: [MGSysCtrl] C:\Program Files\System Control Manager\MGSysCtrl.exe (Mirco-Star International  CO., LTD.)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [ROC_roc_dec12] C:\Program Files\AVG Secure Search\ROC_roc_dec12.exe ()
O4 - HKLM..\Run: [ROC_ROC_JULY_P1] C:\Program Files\AVG Secure Search\ROC_ROC_JULY_P1.exe ()
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SearchSettings] C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-3104658056-2666497172-1268995590-1000..\Run: []  File not found
O4 - HKU\S-1-5-21-3104658056-2666497172-1268995590-1000..\Run: [Hhyduisyq] C:\Users\Melle\AppData\Roaming\NeroCheckj.dll ()
O4 - HKU\S-1-5-21-3104658056-2666497172-1268995590-1000..\Run: [SpybotSD TeaTimer] D:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - HKU\S-1-5-21-3104658056-2666497172-1268995590-1000..\RunOnce: [  ISSetupPrerequisistes] "C:\Users\Melle\AppData\Local\Temp\NERO20100709115641857\setup.exe" File not found
O4 - Startup: C:\Users\Melle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Netzmanager.lnk = C:\Program Files\Netzmanager\netzmanager.exe (Deutsche Telekom AG)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28
O7 - HKU\S-1-5-21-3104658056-2666497172-1268995590-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3104658056-2666497172-1268995590-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0
O8 - Extra context menu item: &Citavi Picker... - C:\Program Files\Internet Explorer\PLUGINS\Citavi Picker\ShowContextMenu.html ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Melle\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 11\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 11\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O13 - gopher Prefix: missing
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{41C0CF08-1846-4871-BC02-D26DE06901F4}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\13.2.0\ViProtocol.dll ()
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll) - C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 11\mzvkbd3.dll (Kaspersky Lab ZAO)
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll) - C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 11\kloehk.dll (Kaspersky Lab ZAO)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\klogon: DllName - (C:\Windows\system32\klogon.dll) - C:\Windows\System32\klogon.dll (Kaspersky Lab ZAO)
O24 - Desktop WallPaper: C:\Users\Melle\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Melle\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - D:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{1fc862b9-d75a-11de-b9a5-002185dcfcd1}\Shell - "" = AutoRun
O33 - MountPoints2\{1fc862b9-d75a-11de-b9a5-002185dcfcd1}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{1fc862bb-d75a-11de-b9a5-002185dcfcd1}\Shell - "" = AutoRun
O33 - MountPoints2\{1fc862bb-d75a-11de-b9a5-002185dcfcd1}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{ce7ce4e3-d5c3-11de-b6e5-002185dcfcd1}\Shell - "" = AutoRun
O33 - MountPoints2\{ce7ce4e3-d5c3-11de-b6e5-002185dcfcd1}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{ce7ce507-d5c3-11de-b6e5-002185dcfcd1}\Shell - "" = AutoRun
O33 - MountPoints2\{ce7ce507-d5c3-11de-b6e5-002185dcfcd1}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{da557017-5d84-11de-86af-002185dcfcd1}\Shell - "" = AutoRun
O33 - MountPoints2\{da557017-5d84-11de-86af-002185dcfcd1}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: Corel File Shell Monitor - hkey= - key= - C:\Program Files\Corel\Corel MediaOne\CorelIOMonitor.exe ()
MsConfig - StartUpReg: Corel Photo Downloader - hkey= - key= -  File not found
MsConfig - StartUpReg: DivXUpdate - hkey= - key= - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
MsConfig - StartUpReg: Google Quick Search Box - hkey= - key= - C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe (Google Inc.)
MsConfig - StartUpReg: ITSecMng - hkey= - key= -  File not found
MsConfig - StartUpReg: NeroFilterCheck - hkey= - key= -  File not found
MsConfig - StartUpReg: NokiaMServer - hkey= - key= - C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe (Nokia)
MsConfig - StartUpReg: NSLauncher - hkey= - key= - C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe ()
MsConfig - StartUpReg: NvMediaCenter - hkey= - key= -  File not found
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - D:\Programme\QuickTime\QTTask.exe (Apple Inc.)
MsConfig - StartUpReg: RouterControl - hkey= - key= - D:\Programme\RouterControl\RouterControl.exe (Mirko Böer)
MsConfig - StartUpReg: swg - hkey= - key= - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
MsConfig - State: "startup" - 2
 
NetSvcs: UxTuneUp - C:\Windows\System32\uxtuneup.dll (TuneUp Software)
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfPf - Driver
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - 
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - 
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {A8D647C8-65AC-409F-B7B2-3C0FEE1A32F2} - C:\Program Files\PixiePack Codec Pack\InstallerHelper.exe
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {D401A1A5-B1EC-11AE-4E91-0D1298A0C297} - Microsoft Windows Media Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32: msacm.ac3filter - C:\Windows\System32\ac3filter.acm ()
Drivers32: msacm.avis - C:\Windows\System32\ff_acm.acm ()
Drivers32: msacm.dvacm - C:\Program Files\Common Files\Ulead Systems\vio\DVACM.acm (Ulead Systems, Inc.)
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.)
Drivers32: VIDC.FFDS - C:\Windows\System32\ff_vfw.dll ()
Drivers32: vidc.VP60 - C:\Windows\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.VP61 - C:\Windows\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.XVID - C:\Windows\System32\xvidvfw.dll ()
Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.12.04 15:22:20 | 000,000,000 | ---D | C] -- C:\Program Files\Application Updater
[2012.12.04 15:22:19 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Spigot
[2012.12.04 15:22:19 | 000,000,000 | ---D | C] -- C:\Program Files\FreeRIP Toolbar
[2012.12.04 15:21:49 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012.11.29 20:49:11 | 000,000,000 | ---D | C] -- C:\Users\Melle\AppData\Roaming\Malwarebytes
[2012.11.29 20:48:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.11.29 20:48:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.11.29 20:48:14 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.11.29 20:10:48 | 000,000,000 | ---D | C] -- C:\Users\Melle\AppData\Roaming\DriverCure
[2012.11.29 20:10:47 | 000,000,000 | ---D | C] -- C:\Users\Melle\AppData\Roaming\SpeedyPC Software
[2012.11.29 20:09:39 | 000,000,000 | ---D | C] -- C:\ProgramData\SpeedyPC Software
[2012.11.27 09:11:58 | 000,000,000 | ---D | C] -- C:\Users\Melle\AppData\Roaming\Zarb
[2012.11.27 09:11:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zarb 4
[2012.11.27 09:11:20 | 000,605,184 | ---- | C] (Concept Software, Inc.) -- C:\Windows\System32\KEYLIB32.dll
 
========== Files - Modified Within 30 Days ==========
 
[2012.12.04 16:42:02 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.12.04 16:11:05 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.12.04 15:18:39 | 000,162,515 | ---- | M] () -- C:\ProgramData\nvModes.001
[2012.12.04 15:18:32 | 000,003,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.12.04 15:18:32 | 000,003,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.12.04 15:18:18 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.12.04 15:17:54 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.12.02 14:20:21 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012.11.28 23:39:20 | 000,671,462 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.11.28 23:39:20 | 000,632,152 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.11.28 23:39:20 | 000,144,598 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.11.28 23:39:20 | 000,118,778 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.11.27 20:01:50 | 000,432,488 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.11.27 09:12:53 | 000,131,072 | RHS- | M] () -- C:\Users\Melle\AppData\Roaming\NeroCheckj.dll
[2012.11.27 09:11:35 | 000,003,120 | ---- | M] () -- C:\Windows\System32\TYDTJYMD.ocx
[2012.11.23 10:16:54 | 000,129,024 | ---- | M] () -- C:\Users\Melle\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.11.22 18:20:30 | 000,001,534 | ---- | M] () -- C:\ProgramData\ss.ini
[2012.11.20 18:49:06 | 000,162,515 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2012.11.20 17:22:16 | 000,000,671 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2012.11.18 14:03:12 | 000,002,457 | ---- | M] () -- C:\Users\Melle\Downloads\Desktop\Word.lnk
[2012.11.08 19:18:53 | 000,026,984 | ---- | M] (AVG Technologies) -- C:\Windows\System32\drivers\avgtpx86.sys
 
========== Files Created - No Company Name ==========
 
[2012.11.27 09:12:53 | 000,131,072 | RHS- | C] () -- C:\Users\Melle\AppData\Roaming\NeroCheckj.dll
[2012.11.27 09:11:35 | 000,003,120 | ---- | C] () -- C:\Windows\System32\TYDTJYMD.ocx
[2012.05.06 20:41:25 | 000,000,008 | RHS- | C] () -- C:\ProgramData\sysqcl1129067056.dat
[2012.02.27 19:57:33 | 000,000,033 | ---- | C] () -- C:\ProgramData\{081230F8-EA50-42A9-983C-D22ABC2EED3B}.ini
[2011.09.27 12:31:12 | 000,000,000 | ---- | C] () -- C:\Users\Melle\NortonAV.exe
[2011.06.25 18:01:48 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll
[2011.05.15 19:15:52 | 000,281,760 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2011.05.15 19:15:51 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2011.05.10 17:36:25 | 000,116,189 | ---- | C] () -- C:\Windows\System32\drivers\klin.dat
[2011.05.10 17:36:25 | 000,098,168 | ---- | C] () -- C:\Windows\System32\drivers\klick.dat
[2010.08.17 12:21:42 | 000,000,000 | ---- | C] () -- C:\Users\Melle\AppData\Roaming\chrtmp
[2010.05.10 15:12:38 | 000,000,680 | ---- | C] () -- C:\Users\Melle\AppData\Local\d3d9caps.dat
[2010.04.22 21:01:44 | 000,001,534 | ---- | C] () -- C:\ProgramData\ss.ini
[2009.10.22 17:08:19 | 000,024,206 | ---- | C] () -- C:\Users\Melle\AppData\Roaming\UserTile.png
[2009.09.08 14:17:30 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009.04.19 20:26:19 | 000,129,024 | ---- | C] () -- C:\Users\Melle\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.04.19 20:24:45 | 000,000,094 | ---- | C] () -- C:\ProgramData\CameraRecorder.ini
[2009.04.19 19:36:31 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2008.10.07 12:32:45 | 000,162,515 | ---- | C] () -- C:\ProgramData\nvModes.001
[2008.10.07 12:23:04 | 000,162,515 | ---- | C] () -- C:\ProgramData\nvModes.dat
 
========== ZeroAccess Check ==========
 
[2006.11.02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 07:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2010.04.04 14:39:32 | 000,000,000 | ---D | M] -- C:\Users\Melle\AppData\Roaming\Academic Software Zurich
[2009.05.03 20:39:56 | 000,000,000 | ---D | M] -- C:\Users\Melle\AppData\Roaming\Atari
[2011.09.27 12:34:16 | 000,000,000 | ---D | M] -- C:\Users\Melle\AppData\Roaming\Babylon
[2012.01.06 20:15:28 | 000,000,000 | ---D | M] -- C:\Users\Melle\AppData\Roaming\BeachPartyCraze
[2012.01.02 00:11:56 | 000,000,000 | ---D | M] -- C:\Users\Melle\AppData\Roaming\Black Sea Studios
[2011.08.23 14:35:04 | 000,000,000 | ---D | M] -- C:\Users\Melle\AppData\Roaming\calibre
[2010.08.30 16:39:14 | 000,000,000 | ---D | M] -- C:\Users\Melle\AppData\Roaming\Canneverbe Limited
[2012.05.06 20:41:25 | 000,000,000 | ---D | M] -- C:\Users\Melle\AppData\Roaming\CocotronLibrary
[2012.11.29 20:10:48 | 000,000,000 | ---D | M] -- C:\Users\Melle\AppData\Roaming\DriverCure
[2012.08.23 00:34:07 | 000,000,000 | ---D | M] -- C:\Users\Melle\AppData\Roaming\Dropbox
[2012.09.28 17:19:37 | 000,000,000 | ---D | M] -- C:\Users\Melle\AppData\Roaming\DVDVideoSoft
[2011.10.30 18:25:48 | 000,000,000 | ---D | M] -- C:\Users\Melle\AppData\Roaming\DVDVideoSoftIEHelpers
[2010.08.31 14:18:46 | 000,000,000 | ---D | M] -- C:\Users\Melle\AppData\Roaming\EPSON
[2010.09.08 18:29:34 | 000,000,000 | ---D | M] -- C:\Users\Melle\AppData\Roaming\ICQ
[2010.05.29 20:17:38 | 000,000,000 | ---D | M] -- C:\Users\Melle\AppData\Roaming\Intenium
[2009.05.03 20:38:24 | 000,000,000 | ---D | M] -- C:\Users\Melle\AppData\Roaming\Leadertech
[2009.05.29 14:05:17 | 000,000,000 | ---D | M] -- C:\Users\Melle\AppData\Roaming\Lionhead Studios
[2011.06.25 18:11:06 | 000,000,000 | ---D | M] -- C:\Users\Melle\AppData\Roaming\MAGIX
[2011.09.27 12:34:29 | 000,000,000 | ---D | M] -- C:\Users\Melle\AppData\Roaming\Media Get LLC
[2010.09.16 23:10:21 | 000,000,000 | ---D | M] -- C:\Users\Melle\AppData\Roaming\Merscom
[2010.05.18 16:07:42 | 000,000,000 | ---D | M] -- C:\Users\Melle\AppData\Roaming\Nokia
[2010.05.18 16:23:22 | 000,000,000 | ---D | M] -- C:\Users\Melle\AppData\Roaming\NSeries
[2012.09.28 17:18:59 | 000,000,000 | ---D | M] -- C:\Users\Melle\AppData\Roaming\OpenCandy
[2010.09.18 12:10:11 | 000,000,000 | ---D | M] -- C:\Users\Melle\AppData\Roaming\PC Suite
[2009.10.22 17:08:19 | 000,000,000 | ---D | M] -- C:\Users\Melle\AppData\Roaming\PeerNetworking
[2012.01.06 19:15:55 | 000,000,000 | ---D | M] -- C:\Users\Melle\AppData\Roaming\PlayFirst
[2009.10.11 00:50:00 | 000,000,000 | ---D | M] -- C:\Users\Melle\AppData\Roaming\RouterControl
[2011.02.26 21:25:35 | 000,000,000 | ---D | M] -- C:\Users\Melle\AppData\Roaming\Schnellstart-DVD
[2010.11.02 21:34:12 | 000,000,000 | ---D | M] -- C:\Users\Melle\AppData\Roaming\Software Informer
[2010.06.22 19:20:41 | 000,000,000 | ---D | M] -- C:\Users\Melle\AppData\Roaming\Sony
[2010.06.22 18:49:09 | 000,000,000 | ---D | M] -- C:\Users\Melle\AppData\Roaming\Sony Setup
[2012.11.29 20:10:47 | 000,000,000 | ---D | M] -- C:\Users\Melle\AppData\Roaming\SpeedyPC Software
[2012.02.13 13:05:27 | 000,000,000 | ---D | M] -- C:\Users\Melle\AppData\Roaming\TuneUp Software
[2011.05.15 20:14:29 | 000,000,000 | ---D | M] -- C:\Users\Melle\AppData\Roaming\Ubisoft
[2009.04.19 18:33:34 | 000,000,000 | ---D | M] -- C:\Users\Melle\AppData\Roaming\Ulead Systems
[2010.08.03 22:10:04 | 000,000,000 | ---D | M] -- C:\Users\Melle\AppData\Roaming\ValuSoft
[2010.10.18 13:46:04 | 000,000,000 | ---D | M] -- C:\Users\Melle\AppData\Roaming\VistaCodecs
[2012.11.27 09:11:58 | 000,000,000 | ---D | M] -- C:\Users\Melle\AppData\Roaming\Zarb
[2010.07.12 20:52:42 | 000,000,000 | ---D | M] -- C:\Users\Melle\AppData\Roaming\Zylom
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*. >
[2012.02.13 12:43:12 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2009.09.25 10:36:50 | 000,000,000 | -HSD | M] -- C:\Boot
[2012.12.04 15:22:41 | 000,000,000 | -HSD | M] -- C:\Config.Msi
[2006.11.02 14:02:03 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2010.11.02 21:36:23 | 000,000,000 | ---D | M] -- C:\Downloads
[2011.09.26 14:56:50 | 000,000,000 | -HSD | M] -- C:\found.000
[2008.10.07 22:30:37 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2008.01.21 03:32:31 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2012.12.04 15:22:20 | 000,000,000 | ---D | M] -- C:\Program Files
[2012.11.29 20:48:24 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2012.12.04 16:33:09 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2010.01.05 15:51:22 | 000,000,000 | ---D | M] -- C:\temp
[2012.06.21 21:18:41 | 000,000,000 | R--D | M] -- C:\Users
[2012.11.01 13:49:56 | 000,000,000 | ---D | M] -- C:\Windows
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2010.04.04 14:39:32 | 000,000,000 | ---D | M] -- C:\Users\Melle\AppData\Roaming\Academic Software Zurich
[2011.11.27 00:08:19 | 000,000,000 | ---D | M] -- C:\Users\Melle\AppData\Roaming\Adobe
[2009.05.03 20:39:56 | 000,000,000 | ---D | M] -- C:\Users\Melle\AppData\Roaming\Atari
[2012.10.03 21:22:53 | 000,000,000 | ---D | M] -- C:\Users\Melle\AppData\Roaming\AVS4YOU
[2011.09.27 12:34:16 | 000,000,000 | ---D | M] -- C:\Users\Melle\AppData\Roaming\Babylon
[2012.01.06 20:15:28 | 000,000,000 | ---D | M] -- C:\Users\Melle\AppData\Roaming\BeachPartyCraze
[2012.01.02 00:11:56 | 000,000,000 | ---D | M] -- C:\Users\Melle\AppData\Roaming\Black Sea Studios
[2011.08.23 14:35:04 | 000,000,000 | ---D | M] -- C:\Users\Melle\AppData\Roaming\calibre
[2010.08.30 16:39:14 | 000,000,000 | ---D | M] -- C:\Users\Melle\AppData\Roaming\Canneverbe Limited
[2012.05.06 20:41:25 | 000,000,000 | ---D | M] -- C:\Users\Melle\AppData\Roaming\CocotronLibrary
[2009.04.19 20:26:08 | 000,000,000 | ---D | M] -- C:\Users\Melle\AppData\Roaming\Corel
[2010.08.09 17:08:33 | 000,000,000 | ---D | M] -- C:\Users\Melle\AppData\Roaming\DivX
[2010.09.18 20:08:09 | 000,000,000 | ---D | M] -- C:\Users\Melle\AppData\Roaming\Download Manager
[2012.11.29 20:10:48 | 000,000,000 | ---D | M] -- C:\Users\Melle\AppData\Roaming\DriverCure
[2012.08.23 00:34:07 | 000,000,000 | ---D | M] -- C:\Users\Melle\AppData\Roaming\Dropbox
[2012.11.20 18:03:24 | 000,000,000 | ---D | M] -- C:\Users\Melle\AppData\Roaming\dvdcss
[2012.09.28 17:19:37 | 000,000,000 | ---D | M] -- C:\Users\Melle\AppData\Roaming\DVDVideoSoft
[2011.10.30 18:25:48 | 000,000,000 | ---D | M] -- C:\Users\Melle\AppData\Roaming\DVDVideoSoftIEHelpers
[2010.08.31 14:18:46 | 000,000,000 | ---D | M] -- C:\Users\Melle\AppData\Roaming\EPSON
[2009.04.21 19:28:22 | 000,000,000 | ---D | M] -- C:\Users\Melle\AppData\Roaming\Google
[2011.05.24 19:51:02 | 000,000,000 | ---D | M] -- C:\Users\Melle\AppData\Roaming\HpUpdate
[2010.09.08 18:29:34 | 000,000,000 | ---D | M] -- C:\Users\Melle\AppData\Roaming\ICQ
[2010.07.12 20:52:42 | 000,000,000 | ---D | M] -- C:\Users\Melle\AppData\Roaming\Identities
[2009.04.19 18:08:30 | 000,000,000 | ---D | M] -- C:\Users\Melle\AppData\Roaming\InstallShield
[2010.05.29 20:17:38 | 000,000,000 | ---D | M] -- C:\Users\Melle\AppData\Roaming\Intenium
[2009.05.03 20:38:24 | 000,000,000 | ---D | M] -- C:\Users\Melle\AppData\Roaming\Leadertech
[2009.05.29 14:05:17 | 000,000,000 | ---D | M] -- C:\Users\Melle\AppData\Roaming\Lionhead Studios
[2010.05.29 20:28:06 | 000,000,000 | ---D | M] -- C:\Users\Melle\AppData\Roaming\Macromedia
[2011.06.25 18:11:06 | 000,000,000 | ---D | M] -- C:\Users\Melle\AppData\Roaming\MAGIX
[2012.11.29 20:49:11 | 000,000,000 | ---D | M] -- C:\Users\Melle\AppData\Roaming\Malwarebytes
[2006.11.02 13:37:34 | 000,000,000 | ---D | M] -- C:\Users\Melle\AppData\Roaming\Media Center Programs
[2011.09.27 12:34:29 | 000,000,000 | ---D | M] -- C:\Users\Melle\AppData\Roaming\Media Get LLC
[2010.09.16 23:10:21 | 000,000,000 | ---D | M] -- C:\Users\Melle\AppData\Roaming\Merscom
[2012.11.27 21:24:53 | 000,000,000 | --SD | M] -- C:\Users\Melle\AppData\Roaming\Microsoft
[2009.04.26 13:53:34 | 000,000,000 | ---D | M] -- C:\Users\Melle\AppData\Roaming\Move Networks
[2011.11.26 23:42:14 | 000,000,000 | ---D | M] -- C:\Users\Melle\AppData\Roaming\Mozilla
[2011.04.13 19:55:31 | 000,000,000 | ---D | M] -- C:\Users\Melle\AppData\Roaming\Nero
[2010.05.18 16:07:42 | 000,000,000 | ---D | M] -- C:\Users\Melle\AppData\Roaming\Nokia
[2010.05.18 16:23:22 | 000,000,000 | ---D | M] -- C:\Users\Melle\AppData\Roaming\NSeries
[2012.09.28 17:18:59 | 000,000,000 | ---D | M] -- C:\Users\Melle\AppData\Roaming\OpenCandy
[2010.09.18 12:10:11 | 000,000,000 | ---D | M] -- C:\Users\Melle\AppData\Roaming\PC Suite
[2009.10.22 17:08:19 | 000,000,000 | ---D | M] -- C:\Users\Melle\AppData\Roaming\PeerNetworking
[2012.01.06 19:15:55 | 000,000,000 | ---D | M] -- C:\Users\Melle\AppData\Roaming\PlayFirst
[2009.04.19 20:28:06 | 000,000,000 | ---D | M] -- C:\Users\Melle\AppData\Roaming\Reallusion
[2009.10.11 00:50:00 | 000,000,000 | ---D | M] -- C:\Users\Melle\AppData\Roaming\RouterControl
[2011.02.26 21:25:35 | 000,000,000 | ---D | M] -- C:\Users\Melle\AppData\Roaming\Schnellstart-DVD
[2012.08.21 21:26:42 | 000,000,000 | ---D | M] -- C:\Users\Melle\AppData\Roaming\Skype
[2010.06.11 21:35:08 | 000,000,000 | ---D | M] -- C:\Users\Melle\AppData\Roaming\skypePM
[2010.11.02 21:34:12 | 000,000,000 | ---D | M] -- C:\Users\Melle\AppData\Roaming\Software Informer
[2010.06.22 19:20:41 | 000,000,000 | ---D | M] -- C:\Users\Melle\AppData\Roaming\Sony
[2010.06.22 18:49:09 | 000,000,000 | ---D | M] -- C:\Users\Melle\AppData\Roaming\Sony Setup
[2012.11.29 20:10:47 | 000,000,000 | ---D | M] -- C:\Users\Melle\AppData\Roaming\SpeedyPC Software
[2009.04.19 18:17:21 | 000,000,000 | ---D | M] -- C:\Users\Melle\AppData\Roaming\Symantec
[2012.02.13 13:05:27 | 000,000,000 | ---D | M] -- C:\Users\Melle\AppData\Roaming\TuneUp Software
[2011.05.15 20:14:29 | 000,000,000 | ---D | M] -- C:\Users\Melle\AppData\Roaming\Ubisoft
[2009.04.19 18:33:34 | 000,000,000 | ---D | M] -- C:\Users\Melle\AppData\Roaming\Ulead Systems
[2010.08.03 22:10:04 | 000,000,000 | ---D | M] -- C:\Users\Melle\AppData\Roaming\ValuSoft
[2010.10.18 13:46:04 | 000,000,000 | ---D | M] -- C:\Users\Melle\AppData\Roaming\VistaCodecs
[2012.11.22 18:51:25 | 000,000,000 | ---D | M] -- C:\Users\Melle\AppData\Roaming\vlc
[2012.05.17 23:02:50 | 000,000,000 | ---D | M] -- C:\Users\Melle\AppData\Roaming\WinRAR
[2012.11.27 09:11:58 | 000,000,000 | ---D | M] -- C:\Users\Melle\AppData\Roaming\Zarb
[2010.07.12 20:52:42 | 000,000,000 | ---D | M] -- C:\Users\Melle\AppData\Roaming\Zylom
 
< %APPDATA%\*.exe /s >
[2011.11.27 00:07:23 | 000,053,632 | ---- | M] (Adobe Systems Inc.) -- C:\Users\Melle\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
[2010.06.22 19:19:42 | 000,010,134 | R--- | M] () -- C:\Users\Melle\AppData\Roaming\Microsoft\Installer\{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}\ARPPRODUCTICON.exe
[2011.05.24 19:55:38 | 000,010,134 | R--- | M] () -- C:\Users\Melle\AppData\Roaming\Microsoft\Installer\{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}\ARPPRODUCTICON.exe
[2011.02.26 21:31:28 | 000,010,134 | R--- | M] () -- C:\Users\Melle\AppData\Roaming\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe
[2009.02.12 19:37:34 | 000,097,144 | ---- | M] () -- C:\Users\Melle\AppData\Roaming\Move Networks\ie_bin\MovePlayerUpgrade.exe
[2009.04.26 13:53:34 | 000,034,062 | ---- | M] () -- C:\Users\Melle\AppData\Roaming\Move Networks\ie_bin\Uninst.exe
[2012.09.06 19:57:32 | 008,812,888 | ---- | M] () -- C:\Users\Melle\AppData\Roaming\OpenCandy\B6630F44737C45F0B9FC703702B24B7C\Installer.exe
[2010.11.18 12:00:00 | 000,425,336 | R--- | M] (Deutsche Telekom AG) -- C:\Users\Melle\AppData\Roaming\Schnellstart-DVD\Starter\DT_Softwarestarter.exe
[2010.06.22 19:14:14 | 033,850,672 | ---- | M] (Apple Inc.) -- C:\Users\Melle\AppData\Roaming\Sony Setup\9234765D-29DF-48d0-93FB-284B7B6009B9\QuickTimeInstaller.exe
 
< %SYSTEMROOT%\system32\drivers\*.sys /lockedfiles >
[2008.01.21 03:23:21 | 000,422,968 | ---- | M] (Adaptec, Inc.) Unable to obtain MD5 -- C:\Windows\system32\drivers\adp94xx.sys
[2008.01.21 03:23:25 | 000,300,600 | ---- | M] (Adaptec, Inc.) Unable to obtain MD5 -- C:\Windows\system32\drivers\adpahci.sys
[2008.01.21 03:23:26 | 000,101,432 | ---- | M] (Adaptec, Inc.) Unable to obtain MD5 -- C:\Windows\system32\drivers\adpu160m.sys
[2008.01.21 03:23:27 | 000,149,560 | ---- | M] (Adaptec, Inc.) Unable to obtain MD5 -- C:\Windows\system32\drivers\adpu320.sys
[2008.02.29 23:13:38 | 001,202,560 | ---- | M] (Agere Systems) Unable to obtain MD5 -- C:\Windows\system32\drivers\AGRSM.sys
[2008.01.21 03:23:00 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) Unable to obtain MD5 -- C:\Windows\system32\drivers\aliide.sys
[2008.01.21 03:23:23 | 000,079,416 | ---- | M] (Adaptec, Inc.) Unable to obtain MD5 -- C:\Windows\system32\drivers\arc.sys
[2008.01.21 03:23:24 | 000,079,928 | ---- | M] (Adaptec, Inc.) Unable to obtain MD5 -- C:\Windows\system32\drivers\arcsas.sys
[2009.01.13 09:45:00 | 000,954,368 | ---- | M] (Atheros Communications, Inc.) Unable to obtain MD5 -- C:\Windows\system32\drivers\athr.sys
[2011.05.15 19:15:52 | 000,281,760 | ---- | M] () Unable to obtain MD5 -- C:\Windows\system32\drivers\atksgt.sys
[2012.11.08 19:18:53 | 000,026,984 | ---- | M] (AVG Technologies) Unable to obtain MD5 -- C:\Windows\system32\drivers\avgtpx86.sys
[2006.11.02 09:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) Unable to obtain MD5 -- C:\Windows\system32\drivers\BrFiltLo.sys
[2006.11.02 09:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) Unable to obtain MD5 -- C:\Windows\system32\drivers\BrFiltUp.sys
[2006.11.02 09:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) Unable to obtain MD5 -- C:\Windows\system32\drivers\BrSerId.sys
[2006.11.02 09:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) Unable to obtain MD5 -- C:\Windows\system32\drivers\BrSerWdm.sys
[2006.11.02 09:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) Unable to obtain MD5 -- C:\Windows\system32\drivers\BrUsbMdm.sys
[2006.11.02 09:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) Unable to obtain MD5 -- C:\Windows\system32\drivers\BrUsbSer.sys
[2010.01.21 13:53:16 | 000,018,048 | ---- | M] (Nokia) Unable to obtain MD5 -- C:\Windows\system32\drivers\ccdcmb.sys
[2009.12.30 10:30:48 | 000,022,016 | ---- | M] (Nokia) Unable to obtain MD5 -- C:\Windows\system32\drivers\ccdcmbo.sys
[2008.01.21 03:23:00 | 000,019,000 | ---- | M] (CMD Technology, Inc.) Unable to obtain MD5 -- C:\Windows\system32\drivers\cmdide.sys
[2006.11.02 10:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) Unable to obtain MD5 -- C:\Windows\system32\drivers\djsvs.sys
[2008.01.21 03:23:24 | 000,118,784 | ---- | M] (Intel Corporation) Unable to obtain MD5 -- C:\Windows\system32\drivers\E1G60I32.sys
[2008.01.21 03:23:22 | 000,342,584 | ---- | M] (Emulex) Unable to obtain MD5 -- C:\Windows\system32\drivers\elxstor.sys
[2008.04.28 18:54:58 | 000,054,784 | ---- | M] (ENE TECHNOLOGY INC.) Unable to obtain MD5 -- C:\Windows\system32\drivers\enecir.sys
[2008.01.21 03:23:26 | 000,040,504 | ---- | M] (Hewlett-Packard Company) Unable to obtain MD5 -- C:\Windows\system32\drivers\HpCISSs.sys
[2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) Unable to obtain MD5 -- C:\Windows\system32\drivers\iaStorV.sys
[2006.11.02 10:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) Unable to obtain MD5 -- C:\Windows\system32\drivers\iirsp.sys
[2006.11.02 10:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) Unable to obtain MD5 -- C:\Windows\system32\drivers\iteatapi.sys
[2006.11.02 10:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) Unable to obtain MD5 -- C:\Windows\system32\drivers\iteraid.sys
[2008.08.07 10:01:44 | 000,097,536 | ---- | M] (JMicron Technology Corporation) Unable to obtain MD5 -- C:\Windows\system32\drivers\jmcr.sys
[2010.06.09 16:43:50 | 000,132,184 | ---- | M] (Kaspersky Lab ZAO) Unable to obtain MD5 -- C:\Windows\system32\drivers\kl1.sys
[2010.06.09 16:43:52 | 000,011,352 | ---- | M] (Kaspersky Lab ZAO) Unable to obtain MD5 -- C:\Windows\system32\drivers\kl2.sys
[2011.05.10 17:32:07 | 000,488,536 | ---- | M] (Kaspersky Lab) Unable to obtain MD5 -- C:\Windows\system32\drivers\klif.sys
[2010.04.22 18:07:34 | 000,022,104 | ---- | M] (Kaspersky Lab ZAO) Unable to obtain MD5 -- C:\Windows\system32\drivers\klim6.sys
[2009.11.02 19:27:16 | 000,019,984 | ---- | M] (Kaspersky Lab) Unable to obtain MD5 -- C:\Windows\system32\drivers\klmouflt.sys
 
< %SYSTEMROOT%\System32\config\*.sav >
[2008.01.21 04:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008.01.21 04:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008.01.21 04:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006.11.02 11:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006.11.02 11:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
 
< %SYSTEMROOT%\*. /mp /s >
 
< %SYSTEMROOT%\system32\*.dll /lockedfiles >
[2006.11.02 10:46:04 | 000,380,957 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\expsrv.dll
[2011.04.13 14:38:36 | 000,229,776 | ---- | M] (Kaspersky Lab ZAO) Unable to obtain MD5 -- C:\Windows\system32\klogon.dll
[2008.01.21 03:24:11 | 001,386,496 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\msvbvm60.dll
 
<           >
[2006.11.02 14:01:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2006.11.02 14:01:49 | 000,032,558 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010.02.21 20:03:22 | 000,001,094 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
[2010.02.21 20:03:22 | 000,001,098 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
[2012.07.23 18:35:38 | 000,000,884 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 98 bytes -> C:\ProgramData\TEMP:ED2998F5
@Alternate Data Stream - 304 bytes -> D:\Dokumente\Kontoauszüge_Studiengebühren 20100002.jpg:Updt_SummaryInformation
@Alternate Data Stream - 304 bytes -> D:\Dokumente\Kontoauszüge_Studiengebühren 20100001.jpg:Updt_SummaryInformation
@Alternate Data Stream - 304 bytes -> D:\Dokumente\Kassenzettel_Klodeckel 3D.jpg:Updt_SummaryInformation
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:4A966CC2
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:91486201
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:58EBEBDC

< End of report >

Gentlewoman · 04.12.2012, 17:25

so, hier nochmal das richtige (sorry, hab das eine doppelt gepostet)
Extras.txt:
OTL EXTRAS Logfile:

Code:

ATTFilter

OTL Extras logfile created on: 04.12.2012 16:15:33 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Melle\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19328)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,10 Gb Available Physical Memory | 36,83% Memory free
6,20 Gb Paging File | 3,95 Gb Available in Paging File | 63,75% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 43,95 Gb Total Space | 0,93 Gb Free Space | 2,11% Space Free | Partition Type: NTFS
Drive D: | 246,33 Gb Total Space | 25,11 Gb Free Space | 10,19% Space Free | Partition Type: NTFS
Drive E: | 6,25 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: MELLES-PC | User Name: Melle | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-3104658056-2666497172-1268995590-1000\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- Reg Error: Key error. File not found
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "d:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [CEWE FOTOSCHAU] -- "D:\Programme\CeWe Color\Mein CEWE FOTOBUCH\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Mein CEWE FOTOBUCH] -- "D:\Programme\CeWe Color\Mein CEWE FOTOBUCH\Mein CEWE FOTOBUCH.exe" "%1" ()
Directory [PlayWithVLC] -- "d:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0F1A7099-7A64-49B3-A39B-B0F6C07A0FB0}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework\v4.0.30319\smsvchost.exe | 
"{2EF91C99-2826-4F19-9B98-3EAF9BFE95BA}" = lport=14714 | protocol=6 | dir=in | name=audials localhttpserver 14714 | 
"{547EEA29-F564-4F63-8622-4EF52EF2CD9E}" = lport=31931 | protocol=6 | dir=in | name=audials localhttpserver 31931 | 
"{A061A49C-4578-45BA-BAA8-A70E60C75BA4}" = lport=12972 | protocol=6 | dir=in | name=audials localhttpserver 12972 | 
"{C1DFF3F5-94C1-41C8-93BB-C3C8A7A4E2B4}" = lport=6004 | protocol=17 | dir=in | app=d:\programme\microsoft office\office12\outlook.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{08FA3DFA-2B74-48AB-A0C8-7DD2D177BB50}" = protocol=6 | dir=in | app=c:\program files\hp\hp officejet pro 8500 a910\bin\hpnetworkcommunicator.exe | 
"{0934A5E8-A06C-413F-B4B2-624BDF3ADDE9}" = protocol=6 | dir=in | app=e:\dvd-start.exe | 
"{0A6B9554-2377-4370-8FE6-56B6C4C81A16}" = protocol=6 | dir=in | app=d:\programme\microsoft office\office12\onenote.exe | 
"{10FD0C01-096F-4C9E-A0B4-525EB84554C0}" = dir=in | app=c:\program files\rapidsolution\audials 9\audials.exe | 
"{1F57545A-8462-4EAB-AED4-5A7ABF20780A}" = protocol=17 | dir=in | app=c:\program files\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | 
"{2CA5D92E-F145-47CC-B699-1EAD2B5FB890}" = protocol=17 | dir=in | app=c:\users\melle\appdata\roaming\dropbox\bin\dropbox.exe | 
"{46701A69-1D85-4485-A3E4-FEB772BF96A3}" = protocol=6 | dir=in | app=c:\program files\hp\hp officejet pro 8500 a910\bin\devicesetup.exe | 
"{61B9C616-4DCA-449A-B979-788380DD8B45}" = protocol=17 | dir=in | app=c:\program files\hp\hp officejet pro 8500 a910\bin\hpnetworkcommunicator.exe | 
"{6CBAA67C-1B78-4A4B-A44A-40A7212FD454}" = protocol=17 | dir=in | app=d:\programme\ubisoft\assassin's creed ii\uplaybrowser.exe | 
"{770B01B3-ED19-4FCE-80DA-CD848B5D9E06}" = protocol=17 | dir=in | app=e:\dvd-start.exe | 
"{77C78A2D-69E1-4560-80A3-7300F031AD66}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{7CE80684-E588-4407-B7FC-FAFCDFEE4068}" = protocol=17 | dir=in | app=d:\programme\microsoft office\office12\groove.exe | 
"{7D36C9AA-64B1-4F8E-9066-1D890E32A0FF}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{8A23835E-0E59-456A-8911-052991D7792E}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{97851472-892D-4461-9380-A7AA8FF0436A}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{9E874722-3E46-498E-BFD9-988E88D60891}" = protocol=6 | dir=in | app=c:\program files\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | 
"{A4E473F2-9BB6-46F6-BCB8-EA4E3E372E7D}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{A61A6702-52A1-4381-9092-2F2B73437FD1}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{A870AC5F-62C1-4FBB-851B-8045BA72F56B}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{AA0BB6D3-CECD-4976-941D-05052B52BABE}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{AD2772BE-B2B8-4227-B5FB-01DA9EAF419C}" = protocol=6 | dir=in | app=d:\programme\ubisoft\assassin's creed ii\uplaybrowser.exe | 
"{AE6CD01A-E6A5-4722-809C-215EDA5282E5}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{B70A56E5-0F6E-48ED-92E6-5A0CC5309BB1}" = protocol=6 | dir=in | app=c:\users\melle\appdata\roaming\dropbox\bin\dropbox.exe | 
"{BB5FC76F-FFB6-4BEE-90C6-969450510130}" = protocol=6 | dir=in | app=e:\dvd-start.exe | 
"{C3B301D4-5E1F-4B85-AA12-8B15D7A7182F}" = protocol=6 | dir=in | app=d:\programme\microsoft office\office12\groove.exe | 
"{C615700A-1E02-4C0D-8A92-D606B09DB7F1}" = protocol=17 | dir=in | app=d:\programme\microsoft office\office12\onenote.exe | 
"{D33D8B78-9C2A-40FE-8767-DC8B7F638D5D}" = protocol=6 | dir=in | app=d:\programme\ubisoft\assassin's creed ii\assassinscreediigame.exe | 
"{DBC09D99-B231-4B5B-8A0A-5EB9D836B0E9}" = protocol=17 | dir=in | app=e:\dvd-start.exe | 
"{E76E0CC7-43E4-4B8F-A3DC-ECBB270BD373}" = protocol=17 | dir=in | app=d:\programme\ubisoft\assassin's creed ii\assassinscreedii.exe | 
"{EF6A95A2-95E3-4BD1-A41D-2BD9387A221C}" = protocol=6 | dir=in | app=d:\programme\ubisoft\assassin's creed ii\assassinscreedii.exe | 
"{FD435D5F-40E6-4658-8193-EA9E2FEEFF31}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{FD74DBF9-4E17-467E-BCB9-8BC06B613FE7}" = protocol=17 | dir=in | app=c:\program files\hp\hp officejet pro 8500 a910\bin\devicesetup.exe | 
"{FEDF157C-76BB-4B01-B190-F925E1406006}" = protocol=17 | dir=in | app=d:\programme\ubisoft\assassin's creed ii\assassinscreediigame.exe | 
"TCP Query User{33DE59B6-C0AC-481C-981D-F6E83610678C}D:\programme\rapidsolution\audials 8\audials.exe" = protocol=6 | dir=in | app=d:\programme\rapidsolution\audials 8\audials.exe | 
"TCP Query User{64EC7CD2-88BC-4077-8C82-C8E0F40ED404}D:\programme\icq6.5\icq.exe" = protocol=6 | dir=in | app=d:\programme\icq6.5\icq.exe | 
"TCP Query User{AC3BDC99-0EAA-4B7D-82C4-A9F5C2C060F9}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"UDP Query User{0FAD238A-1747-43E6-AEF0-9379B6DBD10A}D:\programme\icq6.5\icq.exe" = protocol=17 | dir=in | app=d:\programme\icq6.5\icq.exe | 
"UDP Query User{80AE5BC8-4465-42E0-B585-39FD4E429795}D:\programme\rapidsolution\audials 8\audials.exe" = protocol=17 | dir=in | app=d:\programme\rapidsolution\audials 8\audials.exe | 
"UDP Query User{9ABBDE60-EA3D-4825-AFF3-7505360B2A5A}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{01521746-02A6-4A72-00BD-A285DF6B80C6}" = Die Sims 2: Wilde Campus-Jahre
"{04830D0F-F980-4EC0-89F1-594F2FD2A1B5}" = ElsterFormular 2008/2009
"{0513EE35-E0FB-4166-B663-BD1AE3A803DE}" = Anno 1404
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0556F885-2415-4666-B53E-33727E46AEA1}" = The Movies(TM)
"{07690F1C-04B1-4060-9691-6748ED1826B9}" = MSI Software Install
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0DD140D3-9563-481E-AA75-BA457CBDAEF2}" = PC Inspector File Recovery
"{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}" = PlayStation(R)Store
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
"{19719627-CB6A-4826-A1F3-D99EDAF397B7}" = Bilbo: The Four Corners of the World
"{1CAC7A41-583B-4483-9FA5-3E5465AFF8C2}" = Microsoft Default Manager
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}" = TuneUp Utilities 2011
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{24EE4523-711A-4BD1-95EA-F73A8A6950D3}" = Audials TV
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Client Installation Program
"{284CF4B8-4055-4D2E-BC04-5ADD7AA10E3D}" = The Movies(TM) 1.1 Patch
"{2892E1B7-E24D-4CCB-B8A7-B63D4B66F89F}" = BurnRecovery
"{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}" = EPSON Scan Assistant
"{2E2BBF0D-EF39-42EA-9D96-F33AEE22904B}" = The Movies(TM) Demo
"{314F6D08-A8B7-11D8-8446-0050BA1D384D}" = EPSON Image Clip Palette
"{3186AEAE-E104-424D-9152-1BF6A4404758}" = Nokia Software Updater
"{356BC59E-BAB0-4840-9A12-75AA63B4834C}" = Chocolatier
"{35FA05B1-FFFF-4687-9272-AA606808F67A}" = Audials
"{37A9BF0C-775D-4431-9E53-946F35C3E041}" = Nokia Software Launcher
"{396F7C0E-61DF-4342-A31D-EF373BC07BCD}" = Tourist Trap
"{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = USB 2.0 Camera
"{3BDDA587-7CDE-430C-90A4-E2C4E48D3AE9}" = Camera Recorder
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D9CF3CA-3AB0-4A82-9853-D7C43FD1D775}" = ANNO 1404
"{3F262ADC-5AD2-48E5-A586-44315E04A9E2}" = Microsoft Picture It!-Bibliothek 10
"{415B2719-AD3A-4944-B404-C472DB6085B3}" = Cisco EAP-FAST Module
"{42756145-9997-4D28-809B-8756BFD00106}" = Microsoft Picture It! Foto Premium 10
"{4295E2C6-6E0F-4774-BA36-D6B347348222}" = Farm Frenzy: Pizza Party
"{43B74FAB-FB58-447D-8D3A-5F638AF36FD1}" = Netzmanager
"{4640FDE1-B83A-4376-84ED-86F86BEE2D41}" = Driver Detective
"{46C4A7F9-84E2-49EA-AFCB-6030CF8CDC95}" = FreeRIP Toolbar v6.6
"{4817189D-1785-4627-A33C-39FD90919300}" = Die Sims™ 2 Haustiere
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E1CD3D5-D4EE-4246-AE24-F0FD5A60390D}" = OviMPlatform
"{4E437A34-C582-4A36-9A70-08B6A7CEA205}" = Nanny 911
"{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works
"{4EF42AFA-60CB-4745-84FF-C744FF7FAAC4}" = calibre
"{4FFD1AB4-54F0-4069-88D9-3A55B38F874B}" = Nokia Ovi Suite Software Updater
"{501451DE-5808-4599-B544-8BD0915B6B24}_is1" = FreeRIP v3.66
"{520CD4F0-9DAC-4C5C-8CA1-D0210CFF6062}" = Media Go
"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5D4C60AA-84E6-4E1A-8A68-69970D387BE1}" = TuneUp Utilities Language Pack (de-DE)
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5F582173-82AB-4C9E-923C-4340ECE617F4}" = Dress Shop Hop
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{60DED9C2-22BF-47A3-B6C8-6B141BA31DFD}" = Ovi Desktop Sync Engine
"{623B8278-8CAD-45C1-B844-58B687C07805}" = Bing Bar Platform
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module
"{66F1F013-008F-4875-B283-5A814B820347}" = Kaspersky Security Suite CBE 11
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6BDD9CE6-D0A6-478A-BAD3-BA6945E89EB0}" = Die Sims 2: Family Fun - Accessoires
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{6E7DD182-9FC6-4651-0095-2E666CC6AF35}" = Die Sims 2
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7397EDED-F38A-4654-B669-BF61065803D0}" = PC Connectivity Solution
"{73ABAA0E-70F0-4048-AD43-A5F5A13A198D}" = Audials
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7911C404-9AFA-4BB2-B9B7-E47423D87528}" = Knights Of Honor
"{7A108EBC-C9DF-4E14-93A8-42CF316F1ECF}" = Marketsplash Schnellzugriffe
"{7B3577F5-1D82-4C9B-008B-69D026FD8BCA}" = Die Sims 2: Open For Business
"{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}" = Text-To-Speech-Runtime
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module
"{83BEEFB4-8C28-4F4F-8A9D-E0D1ADCE335B}" = Die*Sims*Mittelalter
"{83DD8CC8-522E-4B75-836F-8775FDA4B5AB}" = Hotel Gigant 2
"{842BEE12-CCCB-43F4-ABAF-CBA6DFE2583D}" = Nero BurnLite 10
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Nero Toolbar
"{86EF9FC4-F209-4520-B7E1-C7FF0EEBDFFF}" = Adobe Audition 1.5
"{871B2A9D-0F12-44B3-88C1-E0CB10A232E4}" = HP Officejet Pro 8500 A910 Hilfe
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DEF24B2-8CB2-4A04-8103-C8C459E360C2}" = Beach Party Craze
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0408-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Greek) 2007
"{90120000-0016-0408-0000-0000000FF1CE}_HOMESTUDENTR_{F86B508B-F1A2-4841-B906-CDDA3A548A2A}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-040C-0000-0000000FF1CE}" = Microsoft Office Excel MUI (French) 2007
"{90120000-0016-040C-0000-0000000FF1CE}_HOMESTUDENTR_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0410-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Italian) 2007
"{90120000-0016-0410-0000-0000000FF1CE}_HOMESTUDENTR_{7F40286D-09A7-4DC0-A2A4-AA18D026D369}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0413-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Dutch) 2007
"{90120000-0016-0413-0000-0000000FF1CE}_HOMESTUDENTR_{26257879-B20D-4D30-A429-B387A4890929}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0415-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Polish) 2007
"{90120000-0016-0415-0000-0000000FF1CE}_HOMESTUDENTR_{01CC3B2D-70DB-49DC-839A-A923D2A39EA4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0C0A-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Spanish) 2007
"{90120000-0016-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{D79E9128-A250-4155-BE90-2BE81DE0406A}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0408-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Greek) 2007
"{90120000-0018-0408-0000-0000000FF1CE}_HOMESTUDENTR_{F86B508B-F1A2-4841-B906-CDDA3A548A2A}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-040C-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (French) 2007
"{90120000-0018-040C-0000-0000000FF1CE}_HOMESTUDENTR_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0410-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Italian) 2007
"{90120000-0018-0410-0000-0000000FF1CE}_HOMESTUDENTR_{7F40286D-09A7-4DC0-A2A4-AA18D026D369}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0413-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Dutch) 2007
"{90120000-0018-0413-0000-0000000FF1CE}_HOMESTUDENTR_{26257879-B20D-4D30-A429-B387A4890929}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0415-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Polish) 2007
"{90120000-0018-0415-0000-0000000FF1CE}_HOMESTUDENTR_{01CC3B2D-70DB-49DC-839A-A923D2A39EA4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0C0A-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Spanish) 2007
"{90120000-0018-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{D79E9128-A250-4155-BE90-2BE81DE0406A}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0408-0000-0000000FF1CE}" = Microsoft Office Word MUI (Greek) 2007
"{90120000-001B-0408-0000-0000000FF1CE}_HOMESTUDENTR_{F86B508B-F1A2-4841-B906-CDDA3A548A2A}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-040C-0000-0000000FF1CE}" = Microsoft Office Word MUI (French) 2007
"{90120000-001B-040C-0000-0000000FF1CE}_HOMESTUDENTR_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0410-0000-0000000FF1CE}" = Microsoft Office Word MUI (Italian) 2007
"{90120000-001B-0410-0000-0000000FF1CE}_HOMESTUDENTR_{7F40286D-09A7-4DC0-A2A4-AA18D026D369}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0413-0000-0000000FF1CE}" = Microsoft Office Word MUI (Dutch) 2007
"{90120000-001B-0413-0000-0000000FF1CE}_HOMESTUDENTR_{26257879-B20D-4D30-A429-B387A4890929}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0415-0000-0000000FF1CE}" = Microsoft Office Word MUI (Polish) 2007
"{90120000-001B-0415-0000-0000000FF1CE}_HOMESTUDENTR_{01CC3B2D-70DB-49DC-839A-A923D2A39EA4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0C0A-0000-0000000FF1CE}" = Microsoft Office Word MUI (Spanish) 2007
"{90120000-001B-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{D79E9128-A250-4155-BE90-2BE81DE0406A}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0401-0000-0000000FF1CE}" = Microsoft Office Proof (Arabic) 2007
"{90120000-001F-0401-0000-0000000FF1CE}_HOMESTUDENTR_{3E8EA473-ECCE-405F-A9CA-59446AEADD3A}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0403-0000-0000000FF1CE}" = Microsoft Office Proof (Catalan) 2007
"{90120000-001F-0403-0000-0000000FF1CE}_HOMESTUDENTR_{BEADB115-DB47-4BD0-A9EC-AE585AFAB2D8}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0408-0000-0000000FF1CE}" = Microsoft Office Proof (Greek) 2007
"{90120000-001F-0408-0000-0000000FF1CE}_HOMESTUDENTR_{DB0C1C5A-7998-4B95-8BD5-ACACD18B0B53}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0413-0000-0000000FF1CE}" = Microsoft Office Proof (Dutch) 2007
"{90120000-001F-0413-0000-0000000FF1CE}_HOMESTUDENTR_{2C95E7EE-FEA7-4B3A-A6E5-DF90A88B816A}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0415-0000-0000000FF1CE}" = Microsoft Office Proof (Polish) 2007
"{90120000-001F-0415-0000-0000000FF1CE}_HOMESTUDENTR_{9CC96D78-9E1D-46E0-AF4D-3EB440CD4619}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0416-0000-0000000FF1CE}" = Microsoft Office Proof (Portuguese (Brazil)) 2007
"{90120000-001F-0416-0000-0000000FF1CE}_HOMESTUDENTR_{8A524694-0CA4-476A-9301-B1E9D70FC952}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-042D-0000-0000000FF1CE}" = Microsoft Office Proof (Basque) 2007
"{90120000-001F-042D-0000-0000000FF1CE}_HOMESTUDENTR_{017A6981-5E03-4A97-830A-35FE0927BB7F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0456-0000-0000000FF1CE}" = Microsoft Office Proof (Galician) 2007
"{90120000-001F-0456-0000-0000000FF1CE}_HOMESTUDENTR_{A3A03B41-14EA-4E50-97D8-FCF429AE0CCB}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-002C-0408-0000-0000000FF1CE}" = Microsoft Office Proofing (Greek) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-002C-040C-0000-0000000FF1CE}" = Microsoft Office Proofing (French) 2007
"{90120000-002C-0410-0000-0000000FF1CE}" = Microsoft Office Proofing (Italian) 2007
"{90120000-002C-0413-0000-0000000FF1CE}" = Microsoft Office Proofing (Dutch) 2007
"{90120000-002C-0415-0000-0000000FF1CE}" = Microsoft Office Proofing (Polish) 2007
"{90120000-002C-0C0A-0000-0000000FF1CE}" = Microsoft Office Proofing (Spanish) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0408-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Greek) 2007
"{90120000-006E-0408-0000-0000000FF1CE}_HOMESTUDENTR_{58D10C7E-20DE-47F0-BAFA-37A870A625F9}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-040C-0000-0000000FF1CE}" = Microsoft Office Shared MUI (French) 2007
"{90120000-006E-040C-0000-0000000FF1CE}_HOMESTUDENTR_{8283FD64-6A3B-4104-9E12-7CA25EF29A1A}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0410-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Italian) 2007
"{90120000-006E-0410-0000-0000000FF1CE}_HOMESTUDENTR_{C0C7E58F-D0A1-4102-855B-0B7AA2E8F1C1}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0413-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Dutch) 2007
"{90120000-006E-0413-0000-0000000FF1CE}_HOMESTUDENTR_{1D12BC91-360E-424C-97C4-813651313660}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0415-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Polish) 2007
"{90120000-006E-0415-0000-0000000FF1CE}_HOMESTUDENTR_{0C8AB602-A234-45AB-B355-4C863C1D2FA8}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0C0A-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Spanish) 2007
"{90120000-006E-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{430AE3E6-E982-4958-90FC-1C062BC74E22}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0408-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Greek) 2007
"{90120000-00A1-0408-0000-0000000FF1CE}_HOMESTUDENTR_{F86B508B-F1A2-4841-B906-CDDA3A548A2A}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-040C-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (French) 2007
"{90120000-00A1-040C-0000-0000000FF1CE}_HOMESTUDENTR_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0410-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Italian) 2007
"{90120000-00A1-0410-0000-0000000FF1CE}_HOMESTUDENTR_{7F40286D-09A7-4DC0-A2A4-AA18D026D369}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0413-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Dutch) 2007
"{90120000-00A1-0413-0000-0000000FF1CE}_HOMESTUDENTR_{26257879-B20D-4D30-A429-B387A4890929}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0415-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Polish) 2007
"{90120000-00A1-0415-0000-0000000FF1CE}_HOMESTUDENTR_{01CC3B2D-70DB-49DC-839A-A923D2A39EA4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0C0A-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Spanish) 2007
"{90120000-00A1-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{D79E9128-A250-4155-BE90-2BE81DE0406A}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{904CCF62-818D-4675-BC76-D37EB399F917}" = Windows Mobile-Gerätecenter
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{928B06E4-DDAA-476A-926A-641620326327}" = Microsoft Search Enhancement Pack
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9799BD05-5F89-484C-008E-F50592F53440}" = Harry Potter und der Feuerkelch™
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9F7FC79B-3059-4264-9450-39EB368E3225}" = Microsoft Digital Image Library 9 - Blocker
"{A062A15F-9CAC-4B88-98DF-87628A0BD721}" = Corel MediaOne
"{A07B2C21-863B-47AB-AE7E-20BB00BD7D33}" = ANNO 1404 - Venedig
"{A38C6459-06E0-4290-B423-9399FB27CD95}" = Studie zur Verbesserung von HP Officejet Pro 8500 A910 Produkten
"{A3BE3F1E-2472-4211-8735-E8239BE49D9F}" = Ulead Burn.Now 4.5
"{A8405D99-9D76-4456-8752-87DA930CC3A3}" = Comic Life 2
"{A8BB05BC-2C4A-4178-A819-64B8F5392960}" = Radiotracker
"{A8D647C8-65AC-409F-B7B2-3C0FEE1A32F2}" = PixiePack Codec Pack
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A99968BE-C155-474C-0089-33239DEE1CE2}" = NFS Underground
"{AB627AF2-9C7E-4DBD-816B-3B2646B81E89}" = Nero BurnLite 10
"{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.2 - Deutsch
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}" = HP Update
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6659DD8-00A7-4A24-BBFB-C1F6982E5D66}" = PlayStation(R)Network Downloader
"{B69F28DF-CBB1-41B7-008A-210E4D0518FC}" = Harry Potter und der Orden des Phönix™
"{B90450DF-E781-46FD-B1F1-0C86DA40E443}" = PIF DESIGNER
"{B9C9DB4C-6D77-4AE9-AD1C-C708C23239A0}" = Nokia Connectivity Cable Driver
"{BFB175B5-6F03-4608-8737-82B6C393E209}" = Diner Dash 2
"{C06A7DAC-1708-417C-B694-28C84DFE2DF9}" = The Movies(TM) Stunts & Spezialeffekte
"{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{CA6BCA2F-EDEB-408F-850B-31404BE16A61}" = I.R.I.S. OCR
"{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection
"{CCF22908-ECD2-4068-84F1-BA02DA1EC72D}" = GoGear Spark Device Manager
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240BD}" = WinZip 14.5
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{D1504C77-1B19-4AF0-8DEC-946666123B55}" = CrazyTalk Cam Suite
"{DBA2F7D7-C2BC-47C4-A3CE-360009ECC0B4}" = Righteous Kill:  Revenge of the Poet Killer
"{DBB0F0D8-D1A1-4F15-A031-C2B7BCCF63D0}" = GoGear Spark Device Manager
"{DEE1E2E5-B553-4F88-9DE7-23CBEA5D739C}" = Nokia Ovi Suite
"{DF181652-D4F9-7D64-AED8-57D31E8D0410}" = Media Go Video Playback Engine 1.32.115.05250
"{DF20957C-4943-44B7-B4E8-6F5DB48EBFD8}" = Empire Builder: Ancient Egypt
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = AusLogics Disk Defrag
"{DFEF49D9-FC95-4301-99B9-2FB91C6ABA06}" = Die Sims™ 2 Vier Jahreszeiten
"{E2E25F53-EB64-4BC1-8A9E-B970BBEF8C1C}" = HP Officejet Pro 8500 A910 - Grundlegende Software für das Gerät
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E7044E25-3038-4A76-9064-344AC038043E}" = Windows Mobile-Gerätecenter: Treiberupdate
"{E86BC406-944E-41F6-ADE6-2C136734C96B}" = EPSON File Manager
"{E94603CA-2996-4154-8EE2-A5FCD4BFB500}" = Nokia Lifeblog 2.5
"{EB8B2484-7DEC-4DDE-8A6E-9351DAD18028}" = Super Granny 3
"{ED9C5D25-55DF-48D8-9328-2AC0D75DE5D8}" = System Control Manager
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1932E56-8A95-40E0-A15B-E06B45969845}" = Nokia NSeries System Utilities
"{F2A64101-DAB6-40AE-B4B3-18820F469421}" = Pirate Island
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F4EE8763-EAA8-4BC1-8594-8501F5F00414}" = Nokia NSeries One Touch Access
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F7529650-B9DB-481B-0089-A2AC3C2821C1}" = Die Sims 2: Nightlife
"{F779EC8D-6703-4C4A-817C-37B07898E647}" = Nokia NSeries Content Copier
"{F9FD80CE-0448-4D4F-8BCD-77FC514C3F99}" = Vista Codec Package
"{FB9D78DB-2233-49E1-8ADC-5FA2E4D9B8C2}" = Cooking Academy
"{FD1B1980-8CAB-4474-89F8-1245AF657AD1}" = Harry Potter und der Halbblut-Prinz™
"{FD349381-D79C-4E5C-8980-015DFFB962D5}" = Nokia NSeries Application Installer
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"504244733D18C8F63FF584AEB290E3904E791693" = Windows-Treiberpaket - Nokia pccsmcfd  (08/22/2008 7.0.0.0)
"7-Zip" = 7-Zip 4.65
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"Ashampoo WinOptimizer 6_is1" = Ashampoo WinOptimizer 6.60
"Audacity_is1" = Audacity 1.2.6
"AVG Secure Search" = AVG Security Toolbar
"AVS Audio Converter_is1" = AVS Audio Converter 7
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.4
"BFG-Diner Dash" = Diner Dash
"Bier Tycoon" = Bier Tycoon
"Bubble Odyssey" = Bubble Odyssey
"Citavi" = Citavi 2.5
"Citavi Picker für Word" = Citavi Picker 2008.09.29 für Word
"conduitEngine" = Conduit Engine
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup.divx.com" = DivX-Setup
"DVDVideoSoftTB Toolbar" = DVDVideoSoftTB Toolbar
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EPSON Printer and Utilities" = EPSON-Drucker-Software
"EPSON Scanner" = EPSON Scan
"ESDX4800_4200 Benutzerhandbuch" = ESDX4800_4200 Benutzerhandbuch
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.32.918
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HyperCam 2" = HyperCam 2
"HyperCam Toolbar" = HyperCam Toolbar
"InstallShield_{0556F885-2415-4666-B53E-33727E46AEA1}" = The Movies(TM) Stunts & Spezialeffekte
"InstallShield_{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"InstallShield_{2E2BBF0D-EF39-42EA-9D96-F33AEE22904B}" = The Movies(TM) Demo
"InstallShield_{A3BE3F1E-2472-4211-8735-E8239BE49D9F}" = Ulead Burn.Now 4.5 SE
"InstallWIX_{66F1F013-008F-4875-B283-5A814B820347}" = Kaspersky Security Suite CBE 11
"IsoBuster_is1" = IsoBuster 2.5
"MAGIX Music Maker 16 Premium Download-Version D" = MAGIX Music Maker 16 Premium Download-Version
"MAGIX Screenshare D" = MAGIX Screenshare
"MAGIX Speed burnR D" = MAGIX Speed burnR
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000
"Mein CEWE FOTOBUCH" = Mein CEWE FOTOBUCH
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Mozilla Firefox 16.0.2 (x86 de)" = Mozilla Firefox 16.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Netzmanager" = Netzmanager
"Nokia Ovi Suite" = Nokia Ovi Suite
"NVIDIA Drivers" = NVIDIA Drivers
"PictureItPrem_v10" = Microsoft Picture It! Foto Premium 10
"Pulleralarm - Christmas Edition" = Pulleralarm - Christmas Edition
"Quick Search Box" = Google-Schnellsuchfeld
"RollerCoaster Tycoon 3_is1" = RollerCoaster Tycoon 3
"RouterControl" = RouterControl 2.0
"Saw" = Saw Game
"SMSERIAL" = Motorola SM56 Data Fax Modem
"softonic-de3 Toolbar" = softonic-de3 Toolbar
"Software Informer_is1" = Software Informer 1.0 BETA
"The Lost Inca Prophecy" = The Lost Inca Prophecy
"TuneUp Utilities 2011" = TuneUp Utilities 2011
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 2.0.4
"WinRAR archiver" = WinRAR 4.11 (32-Bit)
"Zarb" = Zarb 4.1
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-3104658056-2666497172-1268995590-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Nero Toolbar Updater
"Amazon Kindle" = Amazon Kindle
"Diner Dash 2 Deluxe" = Diner Dash 2 Deluxe
"MediaGet" = MediaGet
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer
"Paradise Beach Deluxe" = Paradise Beach Deluxe
"Puzzle Quest" = Puzzle Quest
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 27.11.2012 03:52:25 | Computer Name = Melles-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 27.11.2012 15:02:25 | Computer Name = Melles-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 27.11.2012 15:56:02 | Computer Name = Melles-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 28.11.2012 12:33:23 | Computer Name = Melles-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 29.11.2012 10:11:42 | Computer Name = Melles-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 29.11.2012 14:50:11 | Computer Name = Melles-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 30.11.2012 05:39:17 | Computer Name = Melles-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 30.11.2012 15:45:02 | Computer Name = Melles-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 01.12.2012 07:08:17 | Computer Name = Melles-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 02.12.2012 04:20:55 | Computer Name = Melles-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 02.12.2012 08:51:10 | Computer Name = Melles-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 04.12.2012 10:18:56 | Computer Name = Melles-PC | Source = WinMgmt | ID = 10
Description = 
 
[ Media Center Events ]
Error - 19.04.2009 15:46:04 | Computer Name = Melles-PC | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.SqmFlushSession failed;
 Win32 GetLastError returned 0D  Prozess: DefaultDomain Objektname: Media Center Guide

 
Error - 08.09.2011 14:08:31 | Computer Name = Melles-PC | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerRecord failed; Win32
 GetLastError returned 10000105  Prozess: DefaultDomain Objektname: Media Center Guide

 
[ OSession Events ]
Error - 21.07.2010 14:22:55 | Computer Name = Melles-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6535.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 516
 seconds with 300 seconds of active time.  This session ended with a crash.
 
Error - 15.12.2011 17:52:03 | Computer Name = Melles-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6562.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 145
 seconds with 120 seconds of active time.  This session ended with a crash.
 
Error - 12.11.2012 15:22:49 | Computer Name = Melles-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6662.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 5
 seconds with 0 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 27.11.2012 03:55:13 | Computer Name = Melles-PC | Source = Service Control Manager | ID = 7009
Description = 
 
Error - 27.11.2012 03:55:13 | Computer Name = Melles-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 27.11.2012 15:55:15 | Computer Name = Melles-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 27.11.2012 um 20:53:19 unerwartet heruntergefahren.
 
Error - 27.11.2012 15:56:02 | Computer Name = Melles-PC | Source = Service Control Manager | ID = 7009
Description = 
 
Error - 30.11.2012 05:35:20 | Computer Name = Melles-PC | Source = Service Control Manager | ID = 7011
Description = 
 
Error - 30.11.2012 05:35:29 | Computer Name = Melles-PC | Source = Service Control Manager | ID = 7043
Description = 
 
Error - 02.12.2012 04:22:48 | Computer Name = Melles-PC | Source = Service Control Manager | ID = 7009
Description = 
 
Error - 02.12.2012 04:22:48 | Computer Name = Melles-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 04.12.2012 10:18:56 | Computer Name = Melles-PC | Source = Service Control Manager | ID = 7009
Description = 
 
Error - 04.12.2012 10:18:56 | Computer Name = Melles-PC | Source = Service Control Manager | ID = 7000
Description = 
 
[ TuneUp Events ]
Error - 08.01.2012 12:56:34 | Computer Name = Melles-PC | Source = TuneUp.UtilitiesSvc | ID = 300
Description = 
 
Error - 08.01.2012 12:56:34 | Computer Name = Melles-PC | Source = TuneUp.UtilitiesSvc | ID = 300
Description = 
 
Error - 08.01.2012 12:56:34 | Computer Name = Melles-PC | Source = TuneUp.UtilitiesSvc | ID = 300
Description = 
 
Error - 29.11.2012 16:53:37 | Computer Name = Melles-PC | Source = TuneUp.UtilitiesSvc | ID = 300
Description = 
 
Error - 29.11.2012 16:53:37 | Computer Name = Melles-PC | Source = TuneUp.UtilitiesSvc | ID = 300
Description = 
 
 
< End of report >

--- --- ---

cosinus · 04.12.2012, 19:19

Bitte nun Logs mit GMER (<<< klick für Anleitung) und aswMBR (Anleitung etwas weiter unten) erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim zweiten Mal nicht will, lass es einfach weg und führ nur aswMBR aus.

aswMBR-Download => aswMBR.exe - speichere die Datei auf deinem Desktop.

Starte die aswMBR.exe Vista und Win7 User mit Rechtsklick "als Admininstartor starten"
Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen) Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
Klicke auf Scan.
Warte bitte bis Scan finished successfully im DOS Fenster steht.
Drücke auf Save Log und speichere diese auf dem Desktop.

Poste mir die aswMBR.txt in deiner nächsten Antwort. Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit.

Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes:
Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.

Gentlewoman · 04.12.2012, 21:03

Ist das normal, dass bei diesem aswMBR so viele Warnungen von meinem Virenprogramm angezeigt werden? Z.B., dass das Programm versucht, heimlich einen Treiber zu empfehlen?

Code:

ATTFilter

aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2012-12-04 21:06:15
-----------------------------
21:06:15.699    OS Version: Windows 6.0.6002 Service Pack 2
21:06:15.699    Number of processors: 2 586 0x301
21:06:15.707    ComputerName: MELLES-PC  UserName: Melle
21:06:16.932    Initialize success
21:07:54.075    The log file has been saved successfully to "C:\Users\Melle\Downloads\Desktop\aswMBR.txt"

Zitat:

Zitat von Gentlewoman

Ist das normal, dass bei diesem aswMBR so viele Warnungen von meinem Virenprogramm angezeigt werden? Z.B., dass das Programm versucht, heimlich einen Treiber zu empfehlen?

[/code]

äh, zu installieren.

cosinus · 04.12.2012, 21:48

Eine derartige Frage lässt sich auf keinen Fall durch ein unvollständiges aswMBR-Log beantworten...

Gentlewoman · 04.12.2012, 22:13

Code:

ATTFilter

aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2012-12-04 21:06:15
-----------------------------
21:06:15.699    OS Version: Windows 6.0.6002 Service Pack 2
21:06:15.699    Number of processors: 2 586 0x301
21:06:15.707    ComputerName: MELLES-PC  UserName: Melle
21:06:16.932    Initialize success
21:07:54.075    The log file has been saved successfully to "C:\Users\Melle\Downloads\Desktop\aswMBR.txt"


aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2012-12-04 21:06:15
-----------------------------
21:06:15.699    OS Version: Windows 6.0.6002 Service Pack 2
21:06:15.699    Number of processors: 2 586 0x301
21:06:15.707    ComputerName: MELLES-PC  UserName: Melle
21:06:16.932    Initialize success
21:09:49.382    AVAST engine defs: 12120400
21:10:58.354    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000006e
21:10:58.360    Disk 0 Vendor: WDC_WD32 11.0 Size: 305245MB BusType: 3
21:10:58.389    Disk 0 MBR read successfully
21:10:58.396    Disk 0 MBR scan
21:10:58.410    Disk 0 unknown MBR code
21:10:58.425    Disk 0 Partition 1 00     27 Hidden NTFS WinRE NTFS         8000 MB offset 2048
21:10:58.484    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS        45000 MB offset 16386048
21:10:58.510    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS       252243 MB offset 108546048
21:10:58.530    Disk 0 scanning sectors +625139712
21:10:58.617    Disk 0 scanning C:\Windows\system32\drivers
21:11:18.660    Service scanning
21:11:37.931    Service KL1 C:\Windows\system32\DRIVERS\kl1.sys **LOCKED** 5
21:11:37.995    Service kl2 C:\Windows\system32\DRIVERS\kl2.sys **LOCKED** 5
21:11:38.251    Service KLIM6 C:\Windows\system32\DRIVERS\klim6.sys **LOCKED** 5
21:11:38.329    Service klmouflt C:\Windows\system32\DRIVERS\klmouflt.sys **LOCKED** 5
21:12:07.655    Modules scanning
21:12:27.394    Disk 0 trace - called modules:
21:12:27.448    ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll storport.sys nvstor32.sys 
21:12:27.466    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8cb2e0c8]
21:12:27.480    3 CLASSPNP.SYS[913a68b3] -> nt!IofCallDriver -> [0x8bf46700]
21:12:27.500    5 acpi.sys[88a0c6bc] -> nt!IofCallDriver -> \Device\0000006e[0x8bf27030]
21:12:28.415    AVAST engine scan C:\Windows
21:12:35.399    AVAST engine scan C:\Windows\system32
21:22:18.773    AVAST engine scan C:\Windows\system32\drivers
21:22:49.380    AVAST engine scan C:\Users\Melle
21:50:08.069    File: C:\Users\Melle\AppData\Roaming\NeroCheckj.dll  **INFECTED** Win32:Malware-gen
21:50:45.110    AVAST engine scan C:\ProgramData
22:03:50.892    Scan finished successfully
22:12:34.311    Disk 0 MBR has been saved successfully to "C:\Users\Melle\Downloads\Desktop\MBR.dat"
22:12:34.333    The log file has been saved successfully to "C:\Users\Melle\Downloads\Desktop\aswMBR.txt"

cosinus · 04.12.2012, 23:04

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop.

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

Gentlewoman · 07.12.2012, 19:27

Combofix Logfile:

Code:

ATTFilter

ComboFix 12-12-04.01 - Melle 06.12.2012  22:55:23.1.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.49.1031.18.3070.1576 [GMT 1:00]
ausgeführt von:: c:\users\Melle\Downloads\Desktop\ComboFix.exe
AV: Kaspersky Security Suite CBE 11 *Disabled/Updated* {2EAA32A5-1EE1-1B22-95DA-337730C6E984}
FW: Kaspersky Security Suite CBE 11 *Disabled* {1691B380-548E-1A7A-BE85-9A42CE15AEFF}
SP: Kaspersky Security Suite CBE 11 *Disabled/Updated* {95CBD341-38DB-14AC-AF6A-08054B41A339}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\HyperCam Toolbar\tbHElper.dll
c:\users\Melle\4.0
c:\users\Melle\AppData\Roaming\chrtmp
c:\users\Melle\AppData\Roaming\NeroCheckj.dll
c:\windows\IsUn0407.exe
c:\windows\unin0407.exe
D:\install.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-11-06 bis 2012-12-06  ))))))))))))))))))))))))))))))
.
.
2012-12-06 22:24 . 2012-12-06 22:24	--------	dc----w-	c:\users\Jörg\AppData\Local\temp
2012-12-06 22:24 . 2012-12-06 22:24	--------	dc----w-	c:\users\Gast\AppData\Local\temp
2012-12-06 22:24 . 2012-12-06 22:24	--------	dc----w-	c:\users\Default\AppData\Local\temp
2012-12-06 21:50 . 2012-12-06 21:50	60872	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{FB948D5F-CB15-4830-B489-C7EB52979DF5}\offreg.dll
2012-12-04 14:31 . 2012-11-08 18:00	6812136	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{FB948D5F-CB15-4830-B489-C7EB52979DF5}\mpengine.dll
2012-12-04 14:22 . 2012-12-04 14:22	--------	dc----w-	c:\program files\Application Updater
2012-12-04 14:22 . 2012-12-04 14:22	--------	dc----w-	c:\program files\FreeRIP Toolbar
2012-12-04 14:22 . 2012-12-04 14:22	--------	dc----w-	c:\program files\Common Files\Spigot
2012-11-29 19:49 . 2012-11-29 19:49	--------	dc----w-	c:\users\Melle\AppData\Roaming\Malwarebytes
2012-11-29 19:48 . 2012-11-29 19:48	--------	dc----w-	c:\programdata\Malwarebytes
2012-11-29 19:48 . 2012-09-29 18:54	22856	-c--a-w-	c:\windows\system32\drivers\mbam.sys
2012-11-29 19:10 . 2012-11-29 19:10	--------	dc----w-	c:\users\Melle\AppData\Roaming\DriverCure
2012-11-29 19:10 . 2012-11-29 19:10	--------	dc----w-	c:\users\Melle\AppData\Roaming\SpeedyPC Software
2012-11-29 19:09 . 2012-11-29 19:33	--------	dc----w-	c:\programdata\SpeedyPC Software
2012-11-27 08:11 . 2012-11-27 08:11	--------	dc----w-	c:\users\Melle\AppData\Roaming\Zarb
2012-11-27 08:11 . 2010-07-13 09:24	605184	-c----w-	c:\windows\system32\KEYLIB32.dll
2012-11-13 19:35 . 2012-09-25 16:19	75776	-c--a-w-	c:\windows\system32\synceng.dll
2012-11-13 19:34 . 2012-10-12 14:29	2047488	-c--a-w-	c:\windows\system32\win32k.sys
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-18 18:55 . 2012-07-23 17:35	697272	-c--a-w-	c:\windows\system32\FlashPlayerApp.exe
2012-11-18 18:55 . 2011-08-09 09:31	73656	-c--a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2012-11-08 18:18 . 2012-08-29 15:05	26984	-c--a-w-	c:\windows\system32\drivers\avgtpx86.sys
2012-10-01 19:44 . 2010-11-07 13:45	43520	-c--a-w-	c:\windows\system32\CmdLineExt03.dll
2012-09-16 11:43 . 2012-09-16 11:44	93672	-c--a-w-	c:\windows\system32\WindowsAccessBridge.dll
2012-09-16 11:43 . 2012-08-27 12:03	821736	-c--a-w-	c:\windows\system32\npdeployJava1.dll
2012-09-16 11:43 . 2010-05-18 19:29	746984	-c--a-w-	c:\windows\system32\deployJava1.dll
2012-09-13 13:28 . 2012-10-10 08:56	2048	-c--a-w-	c:\windows\system32\tzres.dll
2012-10-28 15:01 . 2012-10-28 15:01	261600	-c--a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-11-13 19:58	3913000	-c--a-w-	c:\program files\ConduitEngine\ConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
2010-04-15 10:33	2515552	-c--a-w-	c:\program files\DVDVideoSoftTB\tbDVDV.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-11-08 18:18	1796552	-c--a-w-	c:\program files\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}]
2010-11-13 19:58	3913000	-c--a-w-	c:\program files\softonic-de3\tbsoft.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2012-06-06 19:33	1519304	-c--a-w-	c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\program files\DVDVideoSoftTB\tbDVDV.dll" [2010-04-15 2515552]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-06-06 1519304]
"{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}"= "c:\program files\softonic-de3\tbsoft.dll" [2010-11-13 3913000]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngine.dll" [2010-11-13 3913000]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll" [2012-11-08 1796552]
.
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CLASSES_ROOT\clsid\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="d:\programme\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2008-08-21 6265376]
"MGSysCtrl"="c:\program files\System Control Manager\MGSysCtrl.exe" [2008-08-27 708608]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-07-19 13543968]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"Skytel"="Skytel.exe" [2008-08-21 1833504]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Security Suite CBE 11\avp.exe" [2011-04-13 387696]
"Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2011-11-13 126976]
"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-11-08 997320]
"ROC_roc_dec12"="c:\program files\AVG Secure Search\ROC_roc_dec12.exe" [2012-01-24 928096]
"GrooveMonitor"="d:\programme\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"HF_G_Jul"="c:\program files\AVG Secure Search\HF_G_Jul.exe" [2012-07-18 36960]
"ROC_ROC_JULY_P1"="c:\program files\AVG Secure Search\ROC_ROC_JULY_P1.exe" [2012-08-29 1022048]
"ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2012-06-06 1564872]
"SearchSettings"="c:\program files\Common Files\Spigot\Search Settings\SearchSettings.exe" [2012-11-28 1123720]
.
c:\users\Melle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Netzmanager.lnk - c:\program files\Netzmanager\netzmanager.exe [2010-11-10 1619968]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\KASPER~1\KASPER~1\mzvkbd3.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMServer]
c:\program files\Common Files\Nokia\MPlatform\NokiaMServer [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-07-11 19:00	919008	-c--a-r-	c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2012-07-31 11:20	38872	-c--a-w-	c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel File Shell Monitor]
2007-12-01 15:38	38400	----a-r-	c:\program files\Corel\Corel MediaOne\CorelIOMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2011-03-21 18:56	1230704	-c--a-w-	c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Quick Search Box]
2011-11-13 18:56	126976	-c--a-w-	c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ITSecMng]
2007-09-28 14:03	75136	----a-w-	c:\program files\Toshiba\Bluetooth Toshiba Stack\ItSecMng.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 08:50	155648	-c--a-w-	c:\windows\System32\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NSLauncher]
2007-05-09 06:57	3084288	-c--a-w-	c:\program files\Nokia\Nokia Software Launcher\NSLauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2008-07-19 19:53	92704	----a-w-	c:\windows\System32\nvmctray.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 16:38	421888	----a-w-	d:\programme\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RouterControl]
2009-05-19 11:49	3449344	----a-w-	d:\progra~1\ROUTER~1\RouterControl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-04-21 18:28	39408	----a-w-	c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ehTray.exe"=c:\windows\ehome\ehTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"HP Software Update"=c:\program files\Hp\HP Software Update\HPWuSchd2.exe
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"GrooveMonitor"="d:\programme\Microsoft Office\Office12\GrooveMonitor.exe"
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs	REG_MULTI_SZ   	BthServ
WindowsMobile	REG_MULTI_SZ   	wcescomm rapimgr
LocalServiceRestricted	REG_MULTI_SZ   	WcesComm RapiMgr
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
UxTuneUp
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A8D647C8-65AC-409F-B7B2-3C0FEE1A32F2}]
2010-02-16 17:02	114688	-c--a-w-	c:\program files\PixiePack Codec Pack\InstallerHelper.exe
.
Inhalt des "geplante Tasks" Ordners
.
2012-12-06 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-23 18:55]
.
2012-12-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-21 19:02]
.
2012-12-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-21 19:02]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=e96e3333-331c-4630-8fad-5dbfaf50552d&affid=111585&searchtype=hp&babsrc=lnkry_nt
uSearchAssistant = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=e96e3333-331c-4630-8fad-5dbfaf50552d&affid=111585&searchtype=ds&babsrc=lnkry&q={searchTerms}
IE: &Citavi Picker... - file://c:\program files\Internet Explorer\PLUGINS\Citavi Picker\ShowContextMenu.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Free YouTube to MP3 Converter - c:\users\Melle\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
TCP: DhcpNameServer = 192.168.2.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\13.2.0\ViProtocol.dll
FF - ProfilePath - c:\users\Melle\AppData\Roaming\Mozilla\Firefox\Profiles\q8o8ke3n.default\
FF - prefs.js: browser.startup.homepage - hxxp://web.de/
FF - prefs.js: keyword.URL - hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=e96e3333-331c-4630-8fad-5dbfaf50552d&affid=111585&searchtype=ds&babsrc=lnkry&q=
FF - prefs.js: network.proxy.type - 0
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKCU-Run-Hhyduisyq - c:\users\Melle\AppData\Roaming\NeroCheckj.dll
MSConfigStartUp-Corel Photo Downloader - c:\program files\Corel\Corel MediaOne\Corel PhotoDownloader.exe
AddRemove-Pulleralarm - Christmas Edition - c:\windows\IsUn0407.exe
AddRemove-MediaGet - c:\users\Melle\AppData\Local\MediaGet2\mediaget-uninstaller.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-12-06 23:25
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
Scanne versteckte Dateien... 
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung: 2012-12-06  23:36:21
ComboFix-quarantined-files.txt  2012-12-06 22:36
.
Vor Suchlauf: 1.399.283.712 Bytes frei
Nach Suchlauf: 481.415.168 Bytes frei
.
- - End Of File - - 7F6DC5EA6A46BDEAE09A2E16D2119419

--- --- ---

03.12.2012, 09:54	#4
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	ihavenet-Virus eingefangen Hast du noch weitere Logs von Malwarebytes oder anderen Virenscannern? Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520 Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs posten! __________________ Logfiles bitte immer in CODE-Tags posten

04.12.2012, 21:48	#12
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	ihavenet-Virus eingefangen Eine derartige Frage lässt sich auf keinen Fall durch ein unvollständiges aswMBR-Log beantworten... __________________ Logfiles bitte immer in CODE-Tags posten

ihavenet-Virus eingefangen

Plagegeister aller Art und deren Bekämpfung: ihavenet-Virus eingefangen