Umleitung aller Suchergebnisse (bing, google) im IE und FF

mike9 · 24.12.2012, 14:49

Seit einiger Zeit habe ich auch diese Umleitungen der Suchergebnisse, in beiden Browsern (Firefox und Internet Explorer) und bei unterschiedlichen Suchmaschinen (bing, google)
Ich bin mir nicht sicher, ob ich den Anleitungen wie für jrcpower vom 21.12. folgen soll. Deshalb mache ich lieber ein eigenes Thema auf.

cosinus · 24.12.2012, 17:13

Hallo und

Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.

Lies dir meine Anleitungen, die ich im Laufe dieses Strangs hier posten werde, aufmerksam durch. Frag umgehend nach, wenn dir irgendetwas unklar sein sollte, bevor du anfängst meine Anleitungen umzusetzen.
Solltest du bei einem Schritt Probleme haben, stoppe dort und beschreib mir das Problem so gut du kannst. Manchmal erfordert ein Schritt den vorhergehenden.
Bitte nur Scans durchführen zu denen du von einem Helfer aufgefordert wurdest! Installiere / Deinstalliere keine Software ohne Aufforderung!
Poste die Logfiles direkt in deinen Thread (bitte in CODE-Tags) und nicht als Anhang, ausser du wurdest dazu aufgefordert. Logs in Anhängen erschweren mir das Auswerten!
Beachte bitte auch => Löschen von Logfiles und andere Anfragen

Note:
Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread.
Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards.

Mach bitte einen CustomScan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop. Falls schon vorhanden, bitte die ältere vorhandene Datei durch die neu heruntergeladene Datei ersetzen, damit du auch wirklich mit einer aktuellen Version von OTL arbeitest.

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Setze oben mittig den Haken bei Scanne alle Benutzer
Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet

Code:

ATTFilter

msconfig
netsvcs
safebootminimal
safebootnetwork
activex
drivers32
%SYSTEMDRIVE%\*.
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMROOT%\system32\drivers\*.sys /lockedfiles
%SYSTEMROOT%\System32\config\*.sav
%SYSTEMROOT%\*. /mp /s
%SYSTEMROOT%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf .
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

Zitat:

Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.

Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].

Setze den Curser zwischen die CODE-Tags und drücke STRG+V.

Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.

mike9 · 25.12.2012, 09:10

Code:

ATTFilter

OTL logfile created on: 24.12.2012 22:55:25 - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = D:\daten\Downloads
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,86 Gb Total Physical Memory | 2,34 Gb Available Physical Memory | 60,68% Memory free
7,72 Gb Paging File | 4,73 Gb Available in Paging File | 61,30% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 100,00 Gb Total Space | 8,07 Gb Free Space | 8,07% Space Free | Partition Type: NTFS
Drive D: | 196,08 Gb Total Space | 127,99 Gb Free Space | 65,27% Space Free | Partition Type: NTFS
Drive E: | 465,76 Gb Total Space | 351,37 Gb Free Space | 75,44% Space Free | Partition Type: NTFS
Drive P: | 11,99 Gb Total Space | 5,39 Gb Free Space | 45,00% Space Free | Partition Type: FAT32
 
Computer Name: E780ML | User Name: ml | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - File not found -- 
PRC - [2012.12.24 13:44:56 | 000,602,112 | ---- | M] (OldTimer Tools) -- D:\daten\Downloads\OTL.exe
PRC - [2012.12.03 07:56:06 | 000,350,120 | ---- | M] (Norman ASA) -- C:\Program Files\Norman\Npm\Bin\zlh.exe
PRC - [2012.11.29 14:50:25 | 003,463,080 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
PRC - [2012.11.13 14:08:08 | 003,825,176 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
PRC - [2012.11.13 14:07:20 | 001,369,624 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
PRC - [2012.11.13 14:07:16 | 001,103,392 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
PRC - [2012.09.23 20:43:34 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.07.27 21:51:38 | 000,823,224 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
PRC - [2012.06.28 12:08:14 | 000,287,312 | ---- | M] (Norman ASA) -- C:\Program Files\Norman\Nvc\Bin\nvcoas.exe
PRC - [2012.05.21 12:41:03 | 000,529,880 | ---- | M] (Norman ASA) -- C:\Program Files\Norman\npm\bin\niu.exe
PRC - [2012.05.14 15:11:20 | 000,356,904 | ---- | M] (Norman ASA) -- C:\Program Files\Norman\npf\bin\npfsvc32.exe
PRC - [2012.05.10 09:17:05 | 000,793,520 | ---- | M] () -- C:\Program Files\Norman\Nvc\bin\nhs.exe
PRC - [2012.03.23 12:18:48 | 000,342,984 | ---- | M] () -- C:\Program Files (x86)\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Service.exe
PRC - [2012.02.13 16:01:55 | 000,431,320 | ---- | M] (Norman ASA) -- C:\Program Files\Norman\Npm\Bin\Zanda.exe
PRC - [2012.02.03 10:13:36 | 000,116,056 | ---- | M] () -- C:\Program Files\Norman\Npm\Bin\Njeeves.exe
PRC - [2011.12.15 09:10:28 | 003,284,992 | ---- | M] (iAnywhere Solutions, Inc.) -- C:\ADVANTAGE\Server\ads.exe
PRC - [2011.11.14 10:27:02 | 000,231,216 | ---- | M] (Norman ASA) -- C:\Program Files\Norman\Ngs\Bin\Nnf.exe
PRC - [2011.10.24 10:59:21 | 000,076,232 | ---- | M] (Norman ASA) -- C:\Program Files\Norman\Npm\Bin\elogsvc.exe
PRC - [2011.10.19 12:07:18 | 000,100,936 | ---- | M] (Norman ASA) -- C:\Program Files\Norman\npm\bin\nvoy.exe
PRC - [2011.10.04 11:02:53 | 000,343,448 | ---- | M] (Norman ASA) -- C:\Program Files\Norman\npf\bin\npfuser.exe
PRC - [2011.09.13 21:00:00 | 001,783,808 | ---- | M] (Andreas Kraiss) -- C:\Program Files (x86)\MyContacts\MyContacts.exe
PRC - [2011.08.12 08:49:08 | 002,077,072 | ---- | M] (WIBU-SYSTEMS AG) -- C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe
PRC - [2011.04.11 13:34:34 | 000,074,592 | ---- | M] (Norman ASA) -- C:\Program Files\Norman\Nvc\Bin\cclaw.exe
PRC - [2011.03.02 16:20:58 | 000,224,256 | ---- | M] () -- C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe
PRC - [2009.11.01 17:04:18 | 002,314,240 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2009.11.01 17:04:14 | 000,262,144 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2007.07.24 10:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
PRC - [2007.02.12 23:43:00 | 000,065,536 | ---- | M] (O2Micro International) -- C:\Windows\SysWOW64\o2flash.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.11.13 14:06:32 | 000,158,624 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
MOD - [2012.11.13 14:06:30 | 000,108,960 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
MOD - [2012.11.13 14:06:28 | 000,554,400 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\VirtualTreesDXE150.bpl
MOD - [2012.11.13 14:06:28 | 000,528,288 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\JSDialogPack150.bpl
MOD - [2012.11.13 14:06:28 | 000,416,160 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
MOD - [2012.07.27 21:51:54 | 000,019,968 | ---- | M] () -- C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Locale\de_DE\acrotray.deu
MOD - [2011.09.02 12:37:13 | 000,235,888 | ---- | M] () -- C:\Program Files\Norman\Npm\Bin\noemrc.dll
MOD - [2011.04.11 08:23:56 | 000,169,376 | ---- | M] () -- C:\Program Files\Norman\Nvc\Bin\ndlg.dll
MOD - [2011.02.14 09:35:39 | 001,069,048 | ---- | M] () -- C:\Program Files\Norman\Npm\Bin\libxml2.dll
MOD - [2010.12.09 10:48:03 | 002,979,144 | ---- | M] () -- C:\Program Files\Norman\Npm\Bin\qt-mt338.dll
MOD - [2010.10.18 11:05:24 | 010,896,384 | ---- | M] () -- C:\Program Files\Norman\Npm\Bin\NQtCore4.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2012.06.28 12:08:14 | 000,287,312 | ---- | M] (Norman ASA) [On_Demand | Running] -- C:\Program Files\Norman\Nvc\Bin\nvcoas.exe -- (nvcoas)
SRV:64bit: - [2012.06.26 10:08:46 | 000,426,344 | ---- | M] (Norman ASA) [On_Demand | Running] -- C:\Program Files\Norman\Nse\Bin\NSESVC.EXE -- (nsesvc)
SRV:64bit: - [2012.05.14 15:11:20 | 000,356,904 | ---- | M] (Norman ASA) [Auto | Running] -- C:\Program Files\Norman\npf\bin\npfsvc32.exe -- (NPFSvc32)
SRV:64bit: - [2012.05.10 09:17:05 | 000,793,520 | ---- | M] () [Auto | Running] -- C:\Program Files\Norman\Nvc\bin\nhs.exe -- (NHS)
SRV:64bit: - [2012.02.13 16:01:55 | 000,431,320 | ---- | M] (Norman ASA) [Auto | Running] -- C:\Program Files\Norman\Npm\Bin\Zanda.exe -- (Norman ZANDA)
SRV:64bit: - [2012.02.03 10:13:36 | 000,116,056 | ---- | M] () [On_Demand | Running] -- C:\Program Files\Norman\Npm\Bin\Njeeves.exe -- (Norman NJeeves)
SRV:64bit: - [2011.11.14 10:27:02 | 000,231,216 | ---- | M] (Norman ASA) [Auto | Running] -- C:\Program Files\Norman\Ngs\Bin\Nnf.exe -- (NNFSVC)
SRV:64bit: - [2011.10.24 10:59:21 | 000,076,232 | ---- | M] (Norman ASA) [Auto | Running] -- C:\Program Files\Norman\Npm\Bin\elogsvc.exe -- (eLoggerSvc6)
SRV:64bit: - [2011.10.19 12:07:18 | 000,100,936 | ---- | M] (Norman ASA) [Auto | Running] -- C:\Program Files\Norman\npm\bin\nvoy.exe -- (NVOY)
SRV:64bit: - [2011.04.11 10:38:36 | 000,148,240 | ---- | M] (Norman ASA) [On_Demand | Running] -- C:\Program Files\Norman\Npm\Bin\scheduler.exe -- (Scheduler)
SRV:64bit: - [2009.12.04 11:34:00 | 000,016,896 | ---- | M] (LSI Corporation) [Auto | Running] -- C:\Program Files\LSI SoftModem\agr64svc.exe -- (AgereModemAudio)
SRV:64bit: - [2009.12.01 08:43:01 | 000,216,576 | ---- | M] (Samsung Software Center, Moscow) [Disabled | Stopped] -- C:\Windows\SysNative\spool\drivers\x64\3\NetFaxServer64.exe -- (Samsung Network Fax Server)
SRV:64bit: - [2009.09.09 15:53:00 | 001,044,992 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysNative\lmabcoms.exe -- (lmab_device)
SRV:64bit: - [2009.07.31 23:11:04 | 002,688,248 | ---- | M] (AuthenTec, Inc.) [Disabled | Stopped] -- C:\Program Files\Fingerprint Sensor\ATService.exe -- (ATService)
SRV:64bit: - [2009.07.30 11:43:00 | 000,063,336 | ---- | M] (FUJITSU LIMITED) [Auto | Running] -- C:\Program Files\Fujitsu\PSUtility\PSUService.exe -- (PowerSavingUtilityService)
SRV:64bit: - [2009.07.21 17:31:20 | 000,062,312 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Fujitsu\WirelessSelector\WSUService.exe -- (WirelessSelectorService)
SRV:64bit: - [2009.07.14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV:64bit: - [2009.07.14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012.12.12 16:54:17 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.12.05 20:00:11 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.11.29 14:50:25 | 003,463,080 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe -- (TeamViewer8)
SRV - [2012.09.23 20:43:34 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.07.06 12:19:50 | 000,856,728 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe -- (VMUSBArbService)
SRV - [2012.03.23 12:18:48 | 000,342,984 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Service.exe -- (ALDITALKVerbindungsassistent_Service)
SRV - [2011.12.15 09:10:28 | 003,284,992 | ---- | M] (iAnywhere Solutions, Inc.) [Auto | Running] -- C:\ADVANTAGE\Server\ads.exe -- (Advantage)
SRV - [2011.08.12 08:49:08 | 002,077,072 | ---- | M] (WIBU-SYSTEMS AG) [Auto | Running] -- C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe -- (CodeMeter.exe)
SRV - [2011.03.02 16:20:58 | 000,224,256 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe -- (DirMngr)
SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.02.19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009.12.01 08:43:01 | 000,216,576 | ---- | M] (Samsung Software Center, Moscow) [Disabled | Stopped] -- C:\Windows\system32\spool\drivers\x64\3\NetFaxServer64.exe -- (Samsung Network Fax Server)
SRV - [2009.11.01 17:04:18 | 002,314,240 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2009.11.01 17:04:14 | 000,262,144 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2009.10.01 14:23:44 | 000,329,976 | ---- | M] (QUALCOMM, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\QUALCOMM\QDLService2k\QDLService2kSierra.exe -- (QDLService2kSierra)
SRV - [2009.09.09 15:53:00 | 000,593,920 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysWOW64\lmabcoms.exe -- (lmab_device)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.02.19 14:46:26 | 000,341,264 | ---- | M] (Fujitsu Technology Solutions) [Disabled | Stopped] -- C:\Program Files (x86)\Fujitsu\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe -- (TestHandler)
SRV - [2007.07.24 10:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2007.05.31 16:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007.05.31 16:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2007.02.12 23:43:00 | 000,065,536 | ---- | M] (O2Micro International) [Auto | Running] -- C:\Windows\SysWOW64\o2flash.exe -- (O2Flash)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.08.23 15:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012.08.23 15:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012.08.16 10:26:03 | 000,057,952 | ---- | M] (Norman ASA) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvcv64mf.sys -- (NvcMFlt)
DRV:64bit: - [2012.07.24 12:17:13 | 000,231,376 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\truecrypt.sys -- (truecrypt)
DRV:64bit: - [2012.07.06 12:19:50 | 000,047,768 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\hcmon.sys -- (hcmon)
DRV:64bit: - [2012.03.23 12:18:49 | 000,121,600 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard)
DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.12.02 10:32:54 | 000,108,864 | ---- | M] (Norman ASA) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ale_nf64.sys -- (ALE_NF)
DRV:64bit: - [2011.11.11 15:55:43 | 000,063,032 | ---- | M] (Norman ASA) [Kernel | Auto | Running] -- C:\Program Files\Norman\Ngs\Bin\nregsec64.sys -- (nregsec)
DRV:64bit: - [2011.07.12 12:37:08 | 000,022,368 | ---- | M] (Norman ASA) [Kernel | System | Running] -- c:\program files\norman\ngs\bin\ngs64.sys -- (NGS)
DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.01.08 21:13:18 | 000,014,696 | ---- | M] (FUJITSU LIMITED) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\FJGSDisk.sys -- (FJGSDisk)
DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 10:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2009.12.04 11:34:00 | 001,208,320 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2009.11.20 15:09:48 | 000,537,112 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009.11.12 09:44:30 | 000,084,584 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2009.11.01 17:05:52 | 006,952,960 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETw5s64.sys -- (NETw5s64)
DRV:64bit: - [2009.11.01 17:05:02 | 000,283,824 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1k62x64.sys -- (e1kexpress)
DRV:64bit: - [2009.11.01 17:04:12 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2009.10.26 12:39:44 | 000,151,936 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2009.10.09 20:16:28 | 000,293,936 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009.10.01 11:47:10 | 000,235,008 | ---- | M] (QUALCOMM Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\qcusbnetsra2k.sys -- (qcusbnetsra2k)
DRV:64bit: - [2009.10.01 11:47:10 | 000,121,216 | ---- | M] (QUALCOMM Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\qcusbsersra2k.sys -- (qcusbsersra2k)
DRV:64bit: - [2009.10.01 11:47:10 | 000,006,400 | ---- | M] (QUALCOMM Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\qcfiltersra2k.sys -- (qcfiltersra2k)
DRV:64bit: - [2009.09.04 16:44:46 | 003,531,776 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\snp2uvc.sys -- (SNP2UVC)
DRV:64bit: - [2009.08.01 00:10:26 | 000,734,720 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ATSwpWDF.sys -- (ATSwpWDF)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 00:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:64bit: - [2009.07.09 03:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009.07.03 16:51:34 | 000,056,096 | ---- | M] (O2Micro) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\o2sdx64.sys -- (O2SDRDR)
DRV:64bit: - [2009.06.10 21:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.29 03:07:38 | 000,011,576 | ---- | M] (Samsung Electronics) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\SSPORT.sys -- (SSPORT)
DRV:64bit: - [2009.05.15 18:29:00 | 000,107,808 | ---- | M] (O2Micro) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ozscrx64.sys -- (O2SCBUS)
DRV:64bit: - [2009.05.13 21:13:28 | 000,058,400 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\o2mdx64.sys -- (O2MDRDR)
DRV:64bit: - [2006.11.01 17:59:24 | 000,007,296 | ---- | M] (FUJITSU LIMITED) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\fuj02e3.sys -- (FUJ02E3)
DRV:64bit: - [2006.11.01 17:20:28 | 000,007,808 | ---- | M] (FUJITSU LIMITED) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\fuj02b1.sys -- (FUJ02B1)
DRV - [2012.03.23 12:18:49 | 000,121,600 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2011.12.22 10:02:47 | 000,000,000 | ---- | M] () [Kernel | System | Running] -- C:\Windows\NULL -- (Null)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009.05.27 09:22:00 | 000,011,576 | ---- | M] (Samsung Electronics) [Kernel | Auto | Running] -- C:\Windows\SysWOW64\drivers\SSPORT.SYS -- (SSPORT)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {F085A615-BD2F-4DBA-8085-FF1603C6F379}
IE:64bit: - HKLM\..\SearchScopes\{F085A615-BD2F-4DBA-8085-FF1603C6F379}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7FTSF
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {223EB42F-4A78-4FCC-BD72-788F2B07E0F3}
IE - HKLM\..\SearchScopes\{223EB42F-4A78-4FCC-BD72-788F2B07E0F3}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7FTSF
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-1557658833-1006014574-3888474-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = 
IE - HKU\S-1-5-21-1557658833-1006014574-3888474-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = 
IE - HKU\S-1-5-21-1557658833-1006014574-3888474-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\S-1-5-21-1557658833-1006014574-3888474-1000\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - No CLSID value found
IE - HKU\S-1-5-21-1557658833-1006014574-3888474-1000\..\SearchScopes,DefaultScope = {223EB42F-4A78-4FCC-BD72-788F2B07E0F3}
IE - HKU\S-1-5-21-1557658833-1006014574-3888474-1000\..\SearchScopes\{223EB42F-4A78-4FCC-BD72-788F2B07E0F3}: "URL" = hxxp://www.google.com/search?q={searchTerms}&amp;sourceid=ie7&amp;rls=com.microsoft:{language}:{referrer:source}&amp;ie={inputEncoding?}&oe={outputEncoding?}
IE - HKU\S-1-5-21-1557658833-1006014574-3888474-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1557658833-1006014574-3888474-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-21-1557658833-1006014574-3888474-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 192.168.1.1:3128
 
========== FireFox ==========
 
FF - prefs.js..CT2319825.browser.search.defaultthis.engineName: false
FF - prefs.js..browser.search.selectedEngine: "Bing"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - prefs.js..extensions.enabledAddons: web2pdfextension%40web2pdf.adobedotcom:1.2
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1
FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&SearchSource=2&q="
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_135.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF:64bit: - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@vmware.com/vmrc,version=2.5.0.00000: C:\Program Files (x86)\Common Files\VMware\VMware VMRC Plug-in\Firefox\np-vmware-vmrc.dll (VMware, Inc.)
FF - HKLM\Software\MozillaPlugins\@vmware.com/vmrc,version=5.1.0.00000: C:\Program Files (x86)\Common Files\VMware\VMware Remote Console Plug-in 5.1\Firefox\np-vmware-vmrc.dll (VMware, Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}: C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2011.11.04 10:32:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2012.12.09 16:31:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.12.05 20:00:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.12.05 20:00:07 | 000,000,000 | ---D | M]
 
[2011.04.05 14:11:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ml\AppData\Roaming\mozilla\Extensions
[2011.04.05 14:11:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ml\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012.12.21 08:24:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ml\AppData\Roaming\mozilla\Firefox\Profiles\7s1p7f6j.default\extensions
[2012.12.21 08:24:47 | 000,000,000 | ---D | M] (Flash and Video Download) -- C:\Users\ml\AppData\Roaming\mozilla\Firefox\Profiles\7s1p7f6j.default\extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a}
[2012.08.09 14:15:09 | 000,011,801 | ---- | M] () (No name found) -- C:\Users\ml\AppData\Roaming\mozilla\firefox\profiles\7s1p7f6j.default\extensions\{85E85FF9-E50C-42DE-8A3D-61485FD6C8DB}.xpi
[2012.12.05 20:00:06 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.12.09 16:31:01 | 000,000,000 | ---D | M] (Adobe Acrobat - Create PDF) -- C:\PROGRAM FILES (X86)\ADOBE\ACROBAT 10.0\ACROBAT\BROWSER\WCFIREFOXEXTN
[2012.12.05 20:00:11 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2009.05.30 00:20:07 | 000,535,840 | ---- | M] (iLinc Communications, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\NPCltInstall.dll
[2012.07.14 18:38:33 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.10.01 13:35:55 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.07.14 18:38:33 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.07.14 18:38:33 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.07.14 18:38:33 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.07.14 18:38:33 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2012.12.19 08:53:09 | 000,000,019 | R--- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1	localhost
O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (SDHelper) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-1557658833-1006014574-3888474-1000\..\Toolbar\WebBrowser: (no name) - {40C3CC16-7269-4B32-9531-17F2950FB06F} - No CLSID value found.
O3 - HKU\S-1-5-21-1557658833-1006014574-3888474-1000\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Norman ZANDA] C:\Program Files\Norman\Npm\Bin\ZLH.EXE (Norman ASA)
O4 - HKLM..\Run: [SDTray] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1557658833-1006014574-3888474-1000..\Run: [] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.ee File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LaunchCenter.lnk = C:\Program Files (x86)\Fujitsu\LaunchCenter\LaunchCenter.exe (Fujitsu Technology Solutions)
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LaunchCenter.lnk = C:\Program Files (x86)\Fujitsu\LaunchCenter\LaunchCenter.exe (Fujitsu Technology Solutions)
O4 - Startup: C:\Users\mike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LaunchCenter.lnk = C:\Program Files (x86)\Fujitsu\LaunchCenter\LaunchCenter.exe (Fujitsu Technology Solutions)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-1557658833-1006014574-3888474-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~1\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8:64bit: - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html File not found
O8:64bit: - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~1\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~1\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html File not found
O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~1\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O9:64bit: - Extra Button: Add to VideoGet - {88CFA58B-A63F-4A94-9C54-0C7A58E3333E} - C:\PROGRA~2\VideoGet\Plugins\VIDEOG~2.DLL ()
O9:64bit: - Extra 'Tools' menuitem : Add to &VideoGet - {88CFA58B-A63F-4A94-9C54-0C7A58E3333E} - C:\PROGRA~2\VideoGet\Plugins\VIDEOG~2.DLL ()
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Add to VideoGet - {88CFA58B-A63F-4A94-9C54-0C7A58E3333E} - C:\PROGRA~2\VideoGet\Plugins\VIDEOG~1.DLL ()
O9 - Extra 'Tools' menuitem : Add to &VideoGet - {88CFA58B-A63F-4A94-9C54-0C7A58E3333E} - C:\PROGRA~2\VideoGet\Plugins\VIDEOG~1.DLL ()
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-1557658833-1006014574-3888474-1000\..Trusted Domains: leiss.de ([www2] http in Vertrauenswürdige Sites)
O16 - DPF: {03A89EFD-E023-A200-A22D-45F77558EB4C} hxxp://www.ich-wills-wissen.info/download/AXCltInstall.dll (ILINCInstall102 Class)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.6.2.cab (DLM Control)
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} hxxp://192.168.1.70/activex/AxisCamControl.cab (CamImage Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://akamaicdn.webex.com/client/WBXclient-T28L10NSP3-571/event/ieatgpc1.cab (GpcContainer Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ncl.local
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7B974C61-53A5-48FA-A79B-D4E5B62C3E8D}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7F130FC9-828F-4AFE-8F05-6C859410C4D5}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{1dfefb5c-1c27-11e2-9e4a-8c736e7843c8}\Shell - "" = AutoRun
O33 - MountPoints2\{1dfefb5c-1c27-11e2-9e4a-8c736e7843c8}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O33 - MountPoints2\{3623a0d4-74fa-11e1-aafe-8c736e7843c8}\Shell - "" = AutoRun
O33 - MountPoints2\{3623a0d4-74fa-11e1-aafe-8c736e7843c8}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{6414296a-75b3-11e1-8f80-8c736e7843c8}\Shell - "" = AutoRun
O33 - MountPoints2\{6414296a-75b3-11e1-8f80-8c736e7843c8}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{b829dc02-7658-11e1-af4a-8c736e7843c8}\Shell - "" = AutoRun
O33 - MountPoints2\{b829dc02-7658-11e1-af4a-8c736e7843c8}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Launcher.lnk - C:\PROGRA~2\ALDITA~1\ALDITA~2.EXE - ()
MsConfig:64bit - StartUpFolder: C:^Users^ml^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^LaunchCenter.lnk - C:\PROGRA~2\Fujitsu\LAUNCH~1\LAUNCH~1.EXE - (Fujitsu Technology Solutions)
MsConfig:64bit - StartUpFolder: C:^Users^ml^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk -  - File not found
MsConfig:64bit - StartUpReg: Acrobat Assistant 8.0 - hkey= - key= - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
MsConfig:64bit - StartUpReg: Adobe Acrobat Speed Launcher - hkey= - key= - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: AdobeAAMUpdater-1.0 - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: AdobeCS5.5ServiceManager - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: ATSwpNav - hkey= - key= - C:\Program Files\Fingerprint Sensor\ATSwpNav.exe (AuthenTec, Inc.)
MsConfig:64bit - StartUpReg: BCSSync - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: CanonMyPrinter - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: CanonSolutionMenuEx - hkey= - key= - C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.)
MsConfig:64bit - StartUpReg: FDM7 - hkey= - key= - C:\Program Files\Fujitsu\FDM7\FdmDaemon.exe (FUJITSU LIMITED)
MsConfig:64bit - StartUpReg: FjWirSel - hkey= - key= - C:\Program Files\Fujitsu\WirelessSelector\FJWSLauncher.exe (FUJITSU LIMITED)
MsConfig:64bit - StartUpReg: IJNetworkScanUtility - hkey= - key= - C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe (CANON INC.)
MsConfig:64bit - StartUpReg: IndicatorUtility - hkey= - key= - C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe (FUJITSU LIMITED)
MsConfig:64bit - StartUpReg: LoadBtnHnd - hkey= - key= - C:\Program Files\Fujitsu\Application Panel\BtnHnd.exe (FUJITSU LIMITED)
MsConfig:64bit - StartUpReg: LoadFUJ02E3 - hkey= - key= - C:\Program Files (x86)\Fujitsu\FUJ02E3\FUJ02E3.exe (FUJITSU LIMITED)
MsConfig:64bit - StartUpReg: LoadFujitsuQuickTouch - hkey= - key= - C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe (FUJITSU LIMITED)
MsConfig:64bit - StartUpReg: NOELauncher64 - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: Norman ZANDA - hkey= - key= - C:\Program Files\Norman\Npm\Bin\ZLH.EXE (Norman ASA)
MsConfig:64bit - StartUpReg: NvCplDaemon - hkey= - key= - C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
MsConfig:64bit - StartUpReg: PSUTility - hkey= - key= - C:\Program Files\Fujitsu\PSUtility\TrayManager.exe (FUJITSU LIMITED)
MsConfig:64bit - StartUpReg: RtHDVCpl - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: Samsung PanelMgr - hkey= - key= - C:\Windows\Samsung\PanelMgr\ssmmgr.exe ()
MsConfig:64bit - StartUpReg: snp2uvc - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: SSUtility - hkey= - key= - C:\Program Files\Fujitsu\SSUtility\FJSSDMN.exe (FUJITSU LIMITED)
MsConfig:64bit - StartUpReg: STO Backup Service - hkey= - key= - C:\Program Files (x86)\SmarThru Office\BackUpSvr.exe (Samsung Electronics Co., Ltd.)
MsConfig:64bit - StartUpReg: STO Launcher Service - hkey= - key= - C:\Program Files (x86)\SmarThru Office\x64\LegacyLauncher.exe (Samsung Electronics Co., Ltd.)
MsConfig:64bit - StartUpReg: SwitchBoard - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: SynTPEnh - hkey= - key= - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics Incorporated)
MsConfig:64bit - StartUpReg: UCam_Menu - hkey= - key= - C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
MsConfig:64bit - StartUpReg: YouCam Mirror Tray icon - hkey= - key= - C:\Program Files (x86)\CyberLink\YouCam\YouCamTray.exe (CyberLink Corp.)
MsConfig:64bit - State: "services" - Reg Error: Key error.
MsConfig:64bit - State: "startup" - Reg Error: Key error.
 
NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
 
SafeBootMin:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32:64bit: vidc.tscc - C:\Windows\SysWOW64\tsccvid64.dll (TechSmith Corporation)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: vidc.tscc - C:\Windows\SysWOW64\tsccvid.dll (TechSmith Corporation)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.12.20 20:47:19 | 000,000,000 | ---D | C] -- C:\Users\ml\AppData\Roaming\U3
[2012.12.20 19:02:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
[2012.12.20 11:47:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VMware
[2012.12.15 12:59:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Sophos
[2012.12.15 12:59:30 | 000,000,000 | ---D | C] -- C:\Users\ml\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sophos
[2012.12.15 12:59:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sophos
[2012.12.10 18:45:24 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1986-12.com.adobe
[2012.12.10 15:17:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SharePoint
[2012.12.10 15:17:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
[2012.12.10 15:15:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Synchronization Services
[2012.12.10 15:15:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Sync Framework
[2012.12.10 15:12:56 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonBJ
[2012.12.10 15:12:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio 8
[2012.12.10 15:01:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2012.12.10 13:12:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2012.12.10 09:09:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Application Data
[2012.12.09 11:55:49 | 000,000,000 | ---D | C] -- C:\ProgramData\firebird
[2012.12.09 06:56:58 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
[2012.12.09 06:56:58 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SmarThru Office
[2012.12.09 06:56:57 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance
[2012.12.09 06:56:56 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
[2012.12.09 06:56:50 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2012.12.09 06:56:49 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
[2012.12.08 21:10:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Samsung
[2012.12.05 20:00:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012.12.04 15:57:55 | 000,000,000 | ---D | C] -- C:\Users\ml\AppData\Roaming\UltraVNC
[2012.11.30 10:17:22 | 000,000,000 | ---D | C] -- C:\Users\ml\Desktop\GooredFix Backups
[2012.11.30 09:56:10 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012.11.29 13:15:52 | 000,017,272 | ---- | C] (Safer Networking Limited) -- C:\Windows\SysNative\sdnclean64.exe
[2012.11.29 13:15:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy 2
[2012.11.25 16:39:40 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\CrashDump
[2 C:\Windows\Fonts\*.tmp files -> C:\Windows\Fonts\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.12.24 22:54:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.12.24 22:47:26 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.12.24 22:47:24 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.12.24 17:12:59 | 000,002,308 | -H-- | M] () -- C:\Users\ml\Documents\Default.rdp
[2012.12.24 13:58:01 | 001,621,308 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.12.24 13:58:01 | 000,700,418 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.12.24 13:58:01 | 000,655,090 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.12.24 13:58:01 | 000,149,182 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.12.24 13:58:01 | 000,121,962 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.12.24 13:42:44 | 000,000,000 | ---- | M] () -- C:\Users\ml\defogger_reenable
[2012.12.24 13:41:26 | 000,503,649 | ---- | M] () -- C:\Users\ml\Documents\Für alle Hilfesuchenden! Was muss ich vor der Eröffnung eines Themas beachten_ - Trojaner-Board.pdf
[2012.12.24 12:22:40 | 000,001,523 | ---- | M] () -- C:\Windows\wininit.ini
[2012.12.24 10:42:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.12.22 13:21:10 | 000,000,690 | ---- | M] () -- C:\Windows\ODBC.INI
[2012.12.21 19:51:01 | 000,006,656 | ---- | M] () -- C:\Users\ml\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.12.20 11:47:09 | 000,002,446 | ---- | M] () -- C:\Users\Public\Desktop\VMware vSphere Client.lnk
[2012.12.20 08:33:12 | 000,021,472 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.12.20 08:33:12 | 000,021,472 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.12.19 08:53:09 | 000,000,019 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2012.12.19 08:47:51 | 000,444,006 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts.defekt
[2012.12.17 18:46:26 | 000,000,292 | ---- | M] () -- C:\Windows\tasks\Eeqokjtbbt.job
[2012.12.17 18:46:26 | 000,000,022 | ---- | M] () -- C:\Windows\S.dirmngr
[2012.12.17 18:46:07 | 005,109,872 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.12.17 18:45:44 | 3110,674,432 | -HS- | M] () -- C:\hiberfil.sys
[2012.12.15 12:59:30 | 000,003,191 | ---- | M] () -- C:\Users\ml\Desktop\Sophos Virus Removal Tool.lnk
[2012.12.12 08:39:38 | 000,444,006 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20121219-084751.backup
[2012.12.09 16:31:02 | 000,002,032 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Acrobat X Pro.lnk
[2012.12.08 21:09:45 | 000,086,026 | ---- | M] () -- C:\ads_err.adt
[2012.12.08 21:09:45 | 000,004,608 | ---- | M] () -- C:\ads_err.adi
[2012.12.07 12:40:48 | 000,001,908 | ---- | M] () -- C:\Windows\diagwrn.xml
[2012.12.07 12:40:48 | 000,001,908 | ---- | M] () -- C:\Windows\diagerr.xml
[2012.11.30 10:28:05 | 000,001,095 | ---- | M] () -- C:\Users\ml\Desktop\MySQL - Verknüpfung.lnk
[2012.11.30 10:09:29 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20121212-083938.backup
[2012.11.29 17:04:37 | 000,013,186 | ---- | M] () -- C:\Users\ml\Documents\spreed - ITKwebcollege.ADMIN _ Configuring VMware vSphere5 (Teil 12) (751140799).pdf
[2012.11.29 13:15:57 | 000,002,175 | ---- | M] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
[2012.11.29 10:38:56 | 000,002,025 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2012.11.28 08:12:51 | 000,000,054 | ---- | M] () -- C:\Windows\rr.bat
[2012.11.28 07:56:29 | 000,000,031 | ---- | M] () -- C:\Windows\ip.bat
[2012.11.25 15:47:56 | 000,131,072 | RHS- | M] () -- C:\Windows\SysWow64\qwavex.dll
 
========== Files Created - No Company Name ==========
 
[2012.12.24 13:42:44 | 000,000,000 | ---- | C] () -- C:\Users\ml\defogger_reenable
[2012.12.24 13:41:24 | 000,503,649 | ---- | C] () -- C:\Users\ml\Documents\Für alle Hilfesuchenden! Was muss ich vor der Eröffnung eines Themas beachten_ - Trojaner-Board.pdf
[2012.12.18 16:21:34 | 000,001,108 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 8.lnk
[2012.12.17 18:46:26 | 000,000,022 | ---- | C] () -- C:\Windows\S.dirmngr
[2012.12.15 12:59:30 | 000,003,191 | ---- | C] () -- C:\Users\ml\Desktop\Sophos Virus Removal Tool.lnk
[2012.12.08 14:08:33 | 000,001,523 | ---- | C] () -- C:\Windows\wininit.ini
[2012.12.07 12:40:36 | 000,001,908 | ---- | C] () -- C:\Windows\diagwrn.xml
[2012.12.07 12:40:36 | 000,001,908 | ---- | C] () -- C:\Windows\diagerr.xml
[2012.11.30 10:28:05 | 000,001,095 | ---- | C] () -- C:\Users\ml\Desktop\MySQL - Verknüpfung.lnk
[2012.11.29 17:04:26 | 000,013,186 | ---- | C] () -- C:\Users\ml\Documents\spreed - ITKwebcollege.ADMIN _ Configuring VMware vSphere5 (Teil 12) (751140799).pdf
[2012.11.29 13:15:57 | 000,002,175 | ---- | C] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
[2012.11.29 10:38:56 | 000,002,025 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2012.11.28 08:12:51 | 000,000,054 | ---- | C] () -- C:\Windows\rr.bat
[2012.11.28 07:56:10 | 000,000,031 | ---- | C] () -- C:\Windows\ip.bat
[2012.11.25 15:47:56 | 000,131,072 | RHS- | C] () -- C:\Windows\SysWow64\qwavex.dll
[2012.11.25 15:47:56 | 000,000,292 | ---- | C] () -- C:\Windows\tasks\Eeqokjtbbt.job
[2012.11.12 10:54:44 | 013,908,608 | ---- | C] () -- C:\Windows\SysWow64\icudt40l.dat
[2012.11.12 10:36:53 | 000,002,528 | ---- | C] () -- C:\Users\ml\AppData\Roaming\$_hpcst$.hpc
[2012.09.25 09:31:20 | 000,472,576 | ---- | C] () -- C:\Windows\SysWow64\ApolloCrypt.dll
[2012.09.10 08:14:56 | 000,015,642 | ---- | C] () -- C:\Users\ml\AppData\Local\CADability.GlobalSettings.bin
[2012.09.03 17:09:04 | 000,000,298 | ---- | C] () -- C:\Windows\SSCT.INI
[2012.08.28 08:21:30 | 000,004,096 | -H-- | C] () -- C:\Users\ml\AppData\Local\keyfile3.drm
[2012.08.06 12:03:49 | 000,000,690 | ---- | C] () -- C:\Windows\ODBC.INI
[2012.08.06 12:02:21 | 000,000,772 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2012.08.06 11:05:07 | 000,060,864 | ---- | C] () -- C:\Users\ml\g2mdlhlpx.exe
[2012.07.17 16:34:20 | 000,022,016 | ---- | C] () -- C:\Windows\SysWow64\Docobj.dll
[2012.07.12 10:29:34 | 000,006,656 | ---- | C] () -- C:\Users\ml\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.07.12 08:38:09 | 000,271,360 | ---- | C] () -- C:\Users\ml\AppData\Roaming\gpg4oTemp.pst
[2012.06.26 15:02:38 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2012.06.26 15:02:38 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2012.06.26 15:02:38 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2012.06.26 15:02:38 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2012.03.22 12:48:45 | 000,007,605 | ---- | C] () -- C:\Users\ml\AppData\Local\Resmon.ResmonCfg
[2012.02.27 14:28:14 | 000,059,392 | ---- | C] () -- C:\Windows\Bssudf.dll
[2011.12.22 10:00:43 | 000,000,136 | ---- | C] () -- C:\Windows\Readiris.ini
[2011.12.22 10:00:41 | 000,023,040 | ---- | C] () -- C:\Windows\SysWow64\irisco32.dll
[2011.12.22 09:59:52 | 000,950,585 | ---- | C] () -- C:\Windows\SysWow64\libiconv-2.dll
[2011.12.22 09:57:02 | 000,482,408 | ---- | C] () -- C:\Windows\ssndii.exe
[2011.12.22 09:56:54 | 000,113,768 | ---- | C] () -- C:\Windows\Wiainst.exe
[2011.08.29 13:01:16 | 001,599,202 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.04.21 14:08:13 | 001,040,384 | ---- | C] ( ) -- C:\Windows\SysWow64\lmabserv.dll
[2011.04.21 14:08:13 | 000,802,816 | ---- | C] ( ) -- C:\Windows\SysWow64\lmabcomc.dll
[2011.04.21 14:08:13 | 000,593,920 | ---- | C] ( ) -- C:\Windows\SysWow64\lmabcoms.exe
[2011.04.21 14:08:13 | 000,372,736 | ---- | C] ( ) -- C:\Windows\SysWow64\lmabcomm.dll
[2011.04.21 14:08:13 | 000,356,352 | ---- | C] ( ) -- C:\Windows\SysWow64\lmabhcp.dll
[2011.02.09 16:10:26 | 000,073,618 | ---- | C] () -- C:\Users\ml\mail.pdf
[2011.01.08 12:44:27 | 000,245,760 | ---- | C] ( ) -- C:\Windows\SysWow64\rsnp2uvc.dll
[2011.01.08 12:44:27 | 000,024,576 | ---- | C] () -- C:\Windows\snuvcdsm.exe
[2011.01.08 12:44:26 | 000,015,497 | ---- | C] () -- C:\Windows\snp2uvc.ini
[2011.01.08 12:43:29 | 000,000,208 | ---- | C] () -- C:\Windows\hbcikrnl.ini
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012.03.25 08:27:35 | 000,000,000 | ---D | M] -- C:\Users\ml\AppData\Roaming\ALDITALKVerbindungsassistent
[2011.11.25 14:10:49 | 000,000,000 | ---D | M] -- C:\Users\ml\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011.11.28 17:39:14 | 000,000,000 | ---D | M] -- C:\Users\ml\AppData\Roaming\com.adobe.DC3Module.AdobeADC
[2012.11.12 12:53:53 | 000,000,000 | ---D | M] -- C:\Users\ml\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2011.11.04 11:21:36 | 000,000,000 | ---D | M] -- C:\Users\ml\AppData\Roaming\com.adobe.WidgetBrowser.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1
[2012.08.19 16:48:16 | 000,000,000 | ---D | M] -- C:\Users\ml\AppData\Roaming\Dropbox
[2012.07.12 08:38:04 | 000,000,000 | ---D | M] -- C:\Users\ml\AppData\Roaming\Giegerich & Partner GmbH
[2012.08.28 07:55:50 | 000,000,000 | ---D | M] -- C:\Users\ml\AppData\Roaming\gnupg
[2012.09.10 08:11:49 | 000,000,000 | ---D | M] -- C:\Users\ml\AppData\Roaming\IGC
[2012.03.13 08:53:13 | 000,000,000 | ---D | M] -- C:\Users\ml\AppData\Roaming\IrfanView
[2012.07.14 14:17:51 | 000,000,000 | ---D | M] -- C:\Users\ml\AppData\Roaming\MyContacts
[2012.12.21 08:44:57 | 000,000,000 | ---D | M] -- C:\Users\ml\AppData\Roaming\MySQL
[2012.08.09 13:05:20 | 000,000,000 | ---D | M] -- C:\Users\ml\AppData\Roaming\Nuclear Coffee
[2011.09.19 15:54:14 | 000,000,000 | ---D | M] -- C:\Users\ml\AppData\Roaming\Octoflex
[2012.03.22 13:32:10 | 000,000,000 | ---D | M] -- C:\Users\ml\AppData\Roaming\OneClickInternet
[2012.08.16 08:25:58 | 000,000,000 | ---D | M] -- C:\Users\ml\AppData\Roaming\OpenCandy
[2012.10.23 15:31:10 | 000,000,000 | ---D | M] -- C:\Users\ml\AppData\Roaming\pdfforge
[2012.09.01 10:39:51 | 000,000,000 | ---D | M] -- C:\Users\ml\AppData\Roaming\Samsung
[2012.07.13 12:55:27 | 000,000,000 | ---D | M] -- C:\Users\ml\AppData\Roaming\Scooter Software
[2012.11.06 04:34:27 | 000,000,000 | ---D | M] -- C:\Users\ml\AppData\Roaming\SGS
[2012.12.24 14:51:10 | 000,000,000 | ---D | M] -- C:\Users\ml\AppData\Roaming\TeamViewer
[2011.04.05 14:11:44 | 000,000,000 | ---D | M] -- C:\Users\ml\AppData\Roaming\Thunderbird
[2012.05.03 08:32:58 | 000,000,000 | ---D | M] -- C:\Users\ml\AppData\Roaming\TKHW50
[2012.07.24 12:19:53 | 000,000,000 | ---D | M] -- C:\Users\ml\AppData\Roaming\TrueCrypt
[2012.08.16 08:26:49 | 000,000,000 | ---D | M] -- C:\Users\ml\AppData\Roaming\TuneUp Software
[2012.03.25 11:32:18 | 000,000,000 | ---D | M] -- C:\Users\ml\AppData\Roaming\Verbindungsassistent
[2012.09.05 09:16:20 | 000,000,000 | ---D | M] -- C:\Users\ml\AppData\Roaming\webex
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*. >
[2012.11.30 11:50:18 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2012.09.25 09:33:58 | 000,000,000 | ---D | M] -- C:\ADVANTAGE
[2010.04.26 13:53:35 | 000,000,000 | -HSD | M] -- C:\Boot
[2012.12.20 19:02:36 | 000,000,000 | -HSD | M] -- C:\Config.Msi
[2009.07.14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2010.11.03 10:20:23 | 000,000,000 | ---D | M] -- C:\Drivers
[2011.01.08 12:46:19 | 000,000,000 | ---D | M] -- C:\Fujitsu
[2011.01.08 12:49:41 | 000,000,000 | ---D | M] -- C:\Intel
[2011.04.21 14:06:17 | 000,000,000 | ---D | M] -- C:\Lexmark
[2012.03.27 07:19:03 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2011.08.29 12:17:20 | 000,000,000 | ---D | M] -- C:\MySQL
[2012.02.15 10:18:29 | 000,000,000 | ---D | M] -- C:\Octoflex
[2012.08.17 10:16:12 | 000,000,000 | R--D | M] -- C:\Program Files
[2012.12.15 12:59:29 | 000,000,000 | R--D | M] -- C:\Program Files (x86)
[2012.12.15 12:59:40 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2010.04.26 12:59:50 | 000,000,000 | -HSD | M] -- C:\Recovery
[2012.12.24 23:00:25 | 000,000,000 | ---D | M] -- C:\System Volume Information
[2012.09.09 17:54:09 | 000,000,000 | ---D | M] -- C:\Temp
[2012.11.30 11:50:11 | 000,000,000 | R--D | M] -- C:\Users
[2012.12.20 19:01:38 | 000,000,000 | ---D | M] -- C:\Windows
[2012.08.20 14:15:25 | 000,000,000 | ---D | M] -- C:\XCOM AG
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2012.09.20 15:38:39 | 000,000,000 | ---D | M] -- C:\Users\ml\AppData\Roaming\Adobe
[2012.03.25 08:27:35 | 000,000,000 | ---D | M] -- C:\Users\ml\AppData\Roaming\ALDITALKVerbindungsassistent
[2011.11.25 14:10:49 | 000,000,000 | ---D | M] -- C:\Users\ml\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011.11.28 17:39:14 | 000,000,000 | ---D | M] -- C:\Users\ml\AppData\Roaming\com.adobe.DC3Module.AdobeADC
[2012.11.12 12:53:53 | 000,000,000 | ---D | M] -- C:\Users\ml\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2011.11.04 11:21:36 | 000,000,000 | ---D | M] -- C:\Users\ml\AppData\Roaming\com.adobe.WidgetBrowser.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1
[2011.10.03 13:20:49 | 000,000,000 | ---D | M] -- C:\Users\ml\AppData\Roaming\Corel
[2012.12.10 14:53:00 | 000,000,000 | ---D | M] -- C:\Users\ml\AppData\Roaming\Download Manager
[2012.08.19 16:48:16 | 000,000,000 | ---D | M] -- C:\Users\ml\AppData\Roaming\Dropbox
[2012.09.13 07:38:59 | 000,000,000 | ---D | M] -- C:\Users\ml\AppData\Roaming\dvdcss
[2012.07.12 08:38:04 | 000,000,000 | ---D | M] -- C:\Users\ml\AppData\Roaming\Giegerich & Partner GmbH
[2012.08.28 07:55:50 | 000,000,000 | ---D | M] -- C:\Users\ml\AppData\Roaming\gnupg
[2011.01.08 12:51:45 | 000,000,000 | ---D | M] -- C:\Users\ml\AppData\Roaming\Identities
[2012.09.10 08:11:49 | 000,000,000 | ---D | M] -- C:\Users\ml\AppData\Roaming\IGC
[2011.12.22 09:57:03 | 000,000,000 | ---D | M] -- C:\Users\ml\AppData\Roaming\InstallShield
[2012.03.13 08:53:13 | 000,000,000 | ---D | M] -- C:\Users\ml\AppData\Roaming\IrfanView
[2011.02.09 15:12:31 | 000,000,000 | ---D | M] -- C:\Users\ml\AppData\Roaming\Macromedia
[2009.07.14 08:45:37 | 000,000,000 | ---D | M] -- C:\Users\ml\AppData\Roaming\Media Center Programs
[2012.11.29 11:17:38 | 000,000,000 | --SD | M] -- C:\Users\ml\AppData\Roaming\Microsoft
[2011.01.08 15:07:44 | 000,000,000 | ---D | M] -- C:\Users\ml\AppData\Roaming\Mozilla
[2012.07.14 14:17:51 | 000,000,000 | ---D | M] -- C:\Users\ml\AppData\Roaming\MyContacts
[2012.12.21 08:44:57 | 000,000,000 | ---D | M] -- C:\Users\ml\AppData\Roaming\MySQL
[2012.08.09 13:05:20 | 000,000,000 | ---D | M] -- C:\Users\ml\AppData\Roaming\Nuclear Coffee
[2011.09.19 15:54:14 | 000,000,000 | ---D | M] -- C:\Users\ml\AppData\Roaming\Octoflex
[2012.03.22 13:32:10 | 000,000,000 | ---D | M] -- C:\Users\ml\AppData\Roaming\OneClickInternet
[2012.08.16 08:25:58 | 000,000,000 | ---D | M] -- C:\Users\ml\AppData\Roaming\OpenCandy
[2012.10.23 15:31:10 | 000,000,000 | ---D | M] -- C:\Users\ml\AppData\Roaming\pdfforge
[2012.09.01 10:39:51 | 000,000,000 | ---D | M] -- C:\Users\ml\AppData\Roaming\Samsung
[2012.07.13 12:55:27 | 000,000,000 | ---D | M] -- C:\Users\ml\AppData\Roaming\Scooter Software
[2012.11.06 04:34:27 | 000,000,000 | ---D | M] -- C:\Users\ml\AppData\Roaming\SGS
[2012.10.01 05:29:11 | 000,000,000 | ---D | M] -- C:\Users\ml\AppData\Roaming\Skype
[2012.12.24 14:51:10 | 000,000,000 | ---D | M] -- C:\Users\ml\AppData\Roaming\TeamViewer
[2011.04.05 14:11:44 | 000,000,000 | ---D | M] -- C:\Users\ml\AppData\Roaming\Thunderbird
[2012.05.03 08:32:58 | 000,000,000 | ---D | M] -- C:\Users\ml\AppData\Roaming\TKHW50
[2012.07.24 12:19:53 | 000,000,000 | ---D | M] -- C:\Users\ml\AppData\Roaming\TrueCrypt
[2012.08.16 08:26:49 | 000,000,000 | ---D | M] -- C:\Users\ml\AppData\Roaming\TuneUp Software
[2012.12.20 20:58:28 | 000,000,000 | ---D | M] -- C:\Users\ml\AppData\Roaming\U3
[2012.12.04 15:57:55 | 000,000,000 | ---D | M] -- C:\Users\ml\AppData\Roaming\UltraVNC
[2012.03.25 11:32:18 | 000,000,000 | ---D | M] -- C:\Users\ml\AppData\Roaming\Verbindungsassistent
[2012.09.13 07:39:33 | 000,000,000 | ---D | M] -- C:\Users\ml\AppData\Roaming\vlc
[2012.12.20 11:51:20 | 000,000,000 | ---D | M] -- C:\Users\ml\AppData\Roaming\VMware
[2012.09.05 09:16:20 | 000,000,000 | ---D | M] -- C:\Users\ml\AppData\Roaming\webex
 
< %APPDATA%\*.exe /s >
[2012.03.23 12:19:00 | 000,135,168 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\Users\ml\AppData\Roaming\ALDITALKVerbindungsassistent\BackUp\Del_CD_ROM.exe
[2012.03.23 12:19:00 | 000,262,144 | ---- | M] () -- C:\Users\ml\AppData\Roaming\ALDITALKVerbindungsassistent\BackUp\devsetup32.exe
[2012.03.23 12:19:00 | 000,354,304 | ---- | M] () -- C:\Users\ml\AppData\Roaming\ALDITALKVerbindungsassistent\BackUp\devsetup64.exe
[2012.03.23 12:19:00 | 000,323,584 | ---- | M] () -- C:\Users\ml\AppData\Roaming\ALDITALKVerbindungsassistent\BackUp\HuaweiUninstaller.exe
[2012.03.23 12:19:01 | 000,043,976 | ---- | M] () -- C:\Users\ml\AppData\Roaming\ALDITALKVerbindungsassistent\BackUp\InstallWTGService.exe
[2012.03.23 12:19:01 | 000,410,568 | ---- | M] () -- C:\Users\ml\AppData\Roaming\ALDITALKVerbindungsassistent\BackUp\OSU.exe
[2012.03.23 12:19:02 | 001,149,896 | ---- | M] () -- C:\Users\ml\AppData\Roaming\ALDITALKVerbindungsassistent\BackUp\Setup.exe
[2012.03.23 12:19:02 | 001,121,224 | ---- | M] () -- C:\Users\ml\AppData\Roaming\ALDITALKVerbindungsassistent\BackUp\Uninstaller.exe
[2012.03.23 12:19:02 | 007,261,128 | ---- | M] (WebToGo Mobile Internet GmbH) -- C:\Users\ml\AppData\Roaming\ALDITALKVerbindungsassistent\BackUp\Verbindungsassistent.exe
[2012.03.23 12:19:02 | 000,502,728 | ---- | M] (WebToGo Mobiles Internet GmbH) -- C:\Users\ml\AppData\Roaming\ALDITALKVerbindungsassistent\BackUp\Verbindungsassistent_SMSMMS.exe
[2012.03.23 12:19:03 | 000,296,400 | ---- | M] () -- C:\Users\ml\AppData\Roaming\ALDITALKVerbindungsassistent\BackUp\WTGService.exe
[2012.03.23 12:19:03 | 000,244,680 | ---- | M] () -- C:\Users\ml\AppData\Roaming\ALDITALKVerbindungsassistent\BackUp\WTGVistaUtil.exe
[2012.07.25 03:08:10 | 026,909,544 | ---- | M] (Dropbox, Inc.) -- C:\Users\ml\AppData\Roaming\Dropbox\bin\Dropbox.exe
[2012.07.25 03:08:14 | 000,874,424 | ---- | M] (Dropbox, Inc.) -- C:\Users\ml\AppData\Roaming\Dropbox\bin\DropboxUpdateHelper.exe
[2012.07.25 03:08:20 | 000,181,784 | ---- | M] (Dropbox, Inc.) -- C:\Users\ml\AppData\Roaming\Dropbox\bin\Uninstall.exe
[2011.11.04 10:12:44 | 000,010,134 | R--- | M] () -- C:\Users\ml\AppData\Roaming\Microsoft\Installer\{024521CF-C07E-4F8E-8481-0D75695E03AF}\ARPPRODUCTICON.exe
[2012.12.15 12:59:30 | 000,073,728 | R--- | M] (Macrovision Corporation) -- C:\Users\ml\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\ARPPRODUCTICON.exe
[2012.12.15 12:59:30 | 000,073,728 | R--- | M] (Macrovision Corporation) -- C:\Users\ml\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe1_810EDD9E2F0A4E2BACF86673C38D9F48.exe
[2012.12.15 12:59:30 | 000,073,728 | R--- | M] (Macrovision Corporation) -- C:\Users\ml\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe_810EDD9E2F0A4E2BACF86673C38D9F48.exe
[2012.06.25 23:13:38 | 027,565,504 | ---- | M] (TuneUp Software) -- C:\Users\ml\AppData\Roaming\OpenCandy\F8704DEF97454B78AE87F313597445D9\TuneUpUtilities2012_de-DE.exe
[2012.10.27 21:52:59 | 000,060,888 | ---- | M] (Samsung) -- C:\Users\ml\AppData\Roaming\Samsung\Kies\FirmwareUpdateTemp\AGENT\AdminDelegator.exe
[2012.10.27 21:52:59 | 000,088,024 | ---- | M] (Samsung) -- C:\Users\ml\AppData\Roaming\Samsung\Kies\FirmwareUpdateTemp\AGENT\AgentInstaller.exe
[2012.10.27 21:52:59 | 000,077,264 | ---- | M] (Samsung) -- C:\Users\ml\AppData\Roaming\Samsung\Kies\FirmwareUpdateTemp\AGENT\AgentUpdate.exe
[2012.10.27 21:52:59 | 000,843,208 | ---- | M] (Samsung) -- C:\Users\ml\AppData\Roaming\Samsung\Kies\FirmwareUpdateTemp\AGENT\KiesPDLR.exe
[2012.10.11 01:33:52 | 000,966,072 | ---- | M] (Samsung) -- C:\Users\ml\AppData\Roaming\Samsung\Kies\UpdateTemp\Backup\Kies.exe
[2012.10.11 01:33:52 | 000,297,912 | ---- | M] () -- C:\Users\ml\AppData\Roaming\Samsung\Kies\UpdateTemp\Backup\KiesAgent.exe
[2012.10.09 01:17:54 | 000,580,096 | ---- | M] (Samsung Electronics) -- C:\Users\ml\AppData\Roaming\Samsung\Kies\UpdateTemp\Backup\KiesAirMessage.exe
[2012.10.11 01:33:56 | 000,277,432 | ---- | M] () -- C:\Users\ml\AppData\Roaming\Samsung\Kies\UpdateTemp\Backup\KiesDriverInstaller.exe
[2012.10.11 01:33:54 | 000,309,688 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Users\ml\AppData\Roaming\Samsung\Kies\UpdateTemp\Backup\KiesTrayAgent.exe
[2012.09.27 07:19:08 | 000,171,008 | ---- | M] (Mobileleader Co., Ltd.) -- C:\Users\ml\AppData\Roaming\Samsung\Kies\UpdateTemp\Backup\External\DeviceModules\ConnectionManager.exe
[2012.09.27 07:21:52 | 000,325,120 | ---- | M] (Mobileleader Co., Ltd.) -- C:\Users\ml\AppData\Roaming\Samsung\Kies\UpdateTemp\Backup\External\DeviceModules\DeviceDataService.exe
[2012.10.10 06:06:28 | 000,689,152 | ---- | M] (Mobileleader Co., Ltd.) -- C:\Users\ml\AppData\Roaming\Samsung\Kies\UpdateTemp\Backup\External\DeviceModules\DeviceManager.exe
[2012.10.11 01:33:56 | 000,067,512 | ---- | M] (Samsung) -- C:\Users\ml\AppData\Roaming\Samsung\Kies\UpdateTemp\Backup\External\DeviceModules\Kies_Tutorial.exe
[2012.10.11 01:34:04 | 000,063,416 | ---- | M] () -- C:\Users\ml\AppData\Roaming\Samsung\Kies\UpdateTemp\Backup\External\DeviceModules\RegisterCOM.exe
[2012.10.27 21:52:59 | 000,060,888 | ---- | M] (Samsung) -- C:\Users\ml\AppData\Roaming\Samsung\Kies\UpdateTemp\Backup\External\FirmwareUpdate\AdminDelegator.exe
[2012.10.27 21:52:59 | 000,088,024 | ---- | M] (Samsung) -- C:\Users\ml\AppData\Roaming\Samsung\Kies\UpdateTemp\Backup\External\FirmwareUpdate\AgentInstaller.exe
[2012.10.27 21:52:59 | 000,077,264 | ---- | M] (Samsung) -- C:\Users\ml\AppData\Roaming\Samsung\Kies\UpdateTemp\Backup\External\FirmwareUpdate\AgentUpdate.exe
[2012.10.27 21:52:59 | 000,843,208 | ---- | M] (Samsung) -- C:\Users\ml\AppData\Roaming\Samsung\Kies\UpdateTemp\Backup\External\FirmwareUpdate\KiesPDLR.exe
[2012.10.11 01:34:00 | 003,767,312 | ---- | M] (Freeware) -- C:\Users\ml\AppData\Roaming\Samsung\Kies\UpdateTemp\Backup\External\MediaModules\MyFreeCodecPack.exe
[2012.10.11 01:34:02 | 000,596,920 | ---- | M] (ml) -- C:\Users\ml\AppData\Roaming\Samsung\Kies\UpdateTemp\Backup\Updater\Kies.Update.exe
[2012.09.26 12:57:10 | 014,754,760 | ---- | M] (SAMSUNG Electronics Co., Ltd.) -- C:\Users\ml\AppData\Roaming\Samsung\Kies\UpdateTemp\Backup\USB Driver\SAMSUNG_USB_Driver_for_Mobile_Phones.exe
[2012.11.12 03:45:14 | 000,968,120 | ---- | M] (Samsung) -- C:\Users\ml\AppData\Roaming\Samsung\Kies\UpdateTemp\Sub\Kies.exe
[2012.11.12 03:45:16 | 000,298,424 | ---- | M] () -- C:\Users\ml\AppData\Roaming\Samsung\Kies\UpdateTemp\Sub\KiesAgent.exe
[2012.11.01 05:16:42 | 000,577,536 | ---- | M] (Samsung Electronics) -- C:\Users\ml\AppData\Roaming\Samsung\Kies\UpdateTemp\Sub\KiesAirMessage.exe
[2012.11.12 03:45:20 | 000,277,432 | ---- | M] () -- C:\Users\ml\AppData\Roaming\Samsung\Kies\UpdateTemp\Sub\KiesDriverInstaller.exe
[2012.11.12 03:45:18 | 000,309,688 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Users\ml\AppData\Roaming\Samsung\Kies\UpdateTemp\Sub\KiesTrayAgent.exe
[2012.11.12 03:35:48 | 000,171,008 | ---- | M] (Mobileleader Co., Ltd.) -- C:\Users\ml\AppData\Roaming\Samsung\Kies\UpdateTemp\Sub\External\DeviceModules\ConnectionManager.exe
[2012.11.12 03:38:30 | 000,332,800 | ---- | M] (Mobileleader Co., Ltd.) -- C:\Users\ml\AppData\Roaming\Samsung\Kies\UpdateTemp\Sub\External\DeviceModules\DeviceDataService.exe
[2012.11.12 03:36:34 | 000,686,592 | ---- | M] (Mobileleader Co., Ltd.) -- C:\Users\ml\AppData\Roaming\Samsung\Kies\UpdateTemp\Sub\External\DeviceModules\DeviceManager.exe
[2012.11.12 03:45:20 | 000,067,512 | ---- | M] (Samsung) -- C:\Users\ml\AppData\Roaming\Samsung\Kies\UpdateTemp\Sub\External\DeviceModules\Kies_Tutorial.exe
[2012.11.12 03:45:26 | 000,063,416 | ---- | M] () -- C:\Users\ml\AppData\Roaming\Samsung\Kies\UpdateTemp\Sub\External\DeviceModules\RegisterCOM.exe
[2012.11.09 13:12:50 | 000,077,272 | ---- | M] (Samsung) -- C:\Users\ml\AppData\Roaming\Samsung\Kies\UpdateTemp\Sub\External\FirmwareUpdate\AdminDelegator.exe
[2012.11.09 13:12:50 | 000,088,024 | ---- | M] (Samsung) -- C:\Users\ml\AppData\Roaming\Samsung\Kies\UpdateTemp\Sub\External\FirmwareUpdate\AgentInstaller.exe
[2012.11.09 13:12:50 | 000,077,264 | ---- | M] (Samsung) -- C:\Users\ml\AppData\Roaming\Samsung\Kies\UpdateTemp\Sub\External\FirmwareUpdate\AgentUpdate.exe
[2012.11.12 03:45:22 | 001,104,824 | ---- | M] (Samsung) -- C:\Users\ml\AppData\Roaming\Samsung\Kies\UpdateTemp\Sub\External\FirmwareUpdate\KiesPDLR.exe
[2012.11.12 03:45:24 | 003,767,464 | ---- | M] (Freeware) -- C:\Users\ml\AppData\Roaming\Samsung\Kies\UpdateTemp\Sub\External\MediaModules\MyFreeCodecPack.exe
[2012.11.12 03:45:26 | 000,601,528 | ---- | M] (ml) -- C:\Users\ml\AppData\Roaming\Samsung\Kies\UpdateTemp\Sub\Updater\Kies.Update.exe
[2012.10.29 04:09:22 | 014,754,704 | ---- | M] (SAMSUNG Electronics Co., Ltd.) -- C:\Users\ml\AppData\Roaming\Samsung\Kies\UpdateTemp\Sub\USB Driver\SAMSUNG_USB_Driver_for_Mobile_Phones.exe
[2012.10.11 01:34:02 | 000,596,920 | ---- | M] (ml) -- C:\Users\ml\AppData\Roaming\Samsung\Kies\UpdateTemp\Temp\Kies.Update.exe
[2012.11.12 03:45:26 | 000,601,528 | ---- | M] (ml) -- C:\Users\ml\AppData\Roaming\Samsung\Kies\UpdateTemp\Updater\Kies.Update.exe
[2007.10.23 09:27:20 | 000,110,592 | ---- | M] () -- C:\Users\ml\AppData\Roaming\U3\temp\cleanup.exe
[2008.05.02 10:41:48 | 003,493,888 | -H-- | M] (SanDisk Corporation) -- C:\Users\ml\AppData\Roaming\U3\temp\Launchpad Removal.exe
 
< %SYSTEMROOT%\system32\drivers\*.sys /lockedfiles >
 
< %SYSTEMROOT%\System32\config\*.sav >
 
< %SYSTEMROOT%\*. /mp /s >
 
< %SYSTEMROOT%\system32\*.dll /lockedfiles >
[2012.11.25 15:47:56 | 000,131,072 | RHS- | M] () Unable to obtain MD5 -- C:\Windows\system32\qwavex.dll

< End of report >

cosinus · 26.12.2012, 21:33

Zitat:

64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ncl.local

Firmenrechner werden hier eigentlich nicht bereinigt

Siehe => http://www.trojaner-board.de/108422-...-anfragen.html

Zitat:

3. Grundsätzlich bereinigen wir keine gewerblich genutzten Rechner. Dafür ist die IT Abteilung eurer Firma zuständig.

Bei Kleinunternehmen, welche keinen IT Support haben, machen wir da eine Ausnahme und helfen gerne ( kleine Spende hilft auch uns ).
Voraussetzung: Ihr teilt uns dies in eurer ersten Antwort mit.
Bedenkt jedoch, dass Logfiles viele heikle Informationen enthalten können ( Kundendaten, Bankdaten, etc ) sowie das Malware die Möglichkeit besitzt, diese auszuspähen und zu missbrauchen. Hier legen wir euch ein Formatieren und Neuaufsetzen nahe.

mike9 · 26.12.2012, 21:58

alles klar!

Umleitung aller Suchergebnisse (bing, google) im IE und FF

Plagegeister aller Art und deren Bekämpfung: Umleitung aller Suchergebnisse (bing, google) im IE und FF