Automatischer Start von Kaspersky 2012 geht nicht

floatyflow · 12.01.2013, 13:56

Hallo zusammen,

danke für die angebotenen Hilfsmöglichkeiten hier!

1.
Nach Anleitung aus dem Kasperky-Forum habe ich vor zwei Tagen einen Patch installiert. Das Ziel: Nutzung des Kaspersky-Passwort-Managers zusammen mit Firefox 17. Für den Installation musste laut Kaspersky-Anweisung zwischenzeitlich der Selbstschutz von Kaspersky deaktiviert werden.

Software: Kaspersky Pure 2.0 (Version 12.0.1.288 (a.b.c.d.))
Patch: "Upgrade Password Manager to version 6.0.1.55"
Installierte Datei: hxxp://media.kaspersky.com/utilities/ConsumerUtilities/pure2.0_60155_signed.exe
Anleitung aus Kasperky-Forum: hxxp://support.kaspersky.com/8447

2.
So konnte ich einen Tag lang mit Firefox 17 die Vorzüge des Passwort-Managers nutzen. Der Preis: Kaspersky startet nun nicht mehr automatisch beim Systemstart

3.
Der gestrige vollständige Scan mit Malwarebytes förderte 21 Infizierungen zu Tage, die jetzt in Quarantäne sind. Logfile siehe unten. Bemerkenswert ist, dass Kaspersky beim nächsten Neustart einmalig wieder automatisch gestartet ist! Seitdem wieder wie zuvor: kein automatischer Start des Programms. Der Quick-Scan von heute zeigt keine weiteren Infizierungen. Hier das Log-File des vollständigen Scans von gestern:

<code>
Malwarebytes Anti-Malware (Test) 1.70.0.1100
www.malwarebytes.org

Datenbank Version: v2013.01.11.14

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 8.0.7601.17514
floatyflow :: FLOW [Administrator]

Schutz: Aktiviert

11.01.2013 22:07:07
mbam-log-2013-01-11 (22-07-07).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|H:\|I:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 447227
Laufzeit: 2 Stunde(n), 23 Minute(n), 14 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 15
HKCR\CLSID\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\TypeLib\{BB7256DD-EBA9-480B-8441-A00388C2BEC3} (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\Interface\{3D782BB2-F2A5-11D3-BF4C-000000000000} (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\MyNewsBarLauncher.IE5BarLauncherBHO.1 (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\MyNewsBarLauncher.IE5BarLauncherBHO (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\CLSID\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\MyNewsBarLauncher.IE5BarLauncher.1 (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\MyNewsBarLauncher.IE5BarLauncher (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Registrierungswerte: 4
HKCU\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser|{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Daten: ;áÃzÊ;XA³0öm»Áµ -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Daten: VShareTB -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Daten: -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Daten: -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 2
C:\Program Files\vShare.tv plugin\BarLcher.dll (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Windows\Installer\MSI5DCC.tmp (HackTool.Hiderun) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

</code>

4.
Hab zwar keine Fehlermeldung erhalten, habe aber den Re-enable Button sicherheitshalber auch noch nicht geklickt. Darum hier das Defogger-Logfile. Alles ok? Kann ich re-enablen?

<code>
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 12:40 on 12/01/2013 (floatyflow)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...

-=E.O.F=-
</code>

5.
Hier das Logfile "OTL.Txt" von OTL:

<code>
OTL logfile created on: 12.01.2013 12:47:42 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\floatyflow\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

3,24 Gb Total Physical Memory | 1,72 Gb Available Physical Memory | 53,09% Memory free
6,48 Gb Paging File | 4,55 Gb Available in Paging File | 70,29% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 55,88 Gb Total Space | 8,70 Gb Free Space | 15,57% Space Free | Partition Type: NTFS
Drive E: | 58,59 Gb Total Space | 7,81 Gb Free Space | 13,33% Space Free | Partition Type: NTFS
Drive F: | 409,88 Gb Total Space | 363,64 Gb Free Space | 88,72% Space Free | Partition Type: NTFS
Drive H: | 407,16 Gb Total Space | 3,76 Gb Free Space | 0,92% Space Free | Partition Type: NTFS
Drive I: | 1,89 Gb Total Space | 1,25 Gb Free Space | 65,89% Space Free | Partition Type: FAT

Computer Name: FLOW | User Name: floatyflow | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013.01.12 12:44:23 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\floatyflow\Desktop\OTL.exe
PRC - [2013.01.08 07:39:24 | 000,167,256 | ---- | M] (Fieldston Software) -- C:\Programme\Fieldston Software\gSyncit\gsyncit.exe
PRC - [2012.12.30 12:27:12 | 000,322,032 | ---- | M] (AVM Berlin) -- C:\Users\floatyflow\AppData\Local\Apps\2.0\TERQC7A3.DM0\4B6564EL.QPQ\frit..tion_8488884cfbcefd60_0002.0003_f406d43803d5433d\fritzbox-usb-fernanschluss.exe
PRC - [2012.12.29 00:02:24 | 028,539,392 | ---- | M] (Dropbox, Inc.) -- C:\Users\floatyflow\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2012.12.14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.12.14 16:49:28 | 000,512,360 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.12.14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012.11.23 03:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2012.11.09 12:34:10 | 003,137,024 | ---- | M] () -- C:\Programme\FAX.de\ComCenter\ComCenterEasy.exe
PRC - [2012.11.02 15:37:08 | 001,668,720 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Mouse and Keyboard Center\ipoint.exe
PRC - [2012.11.02 15:37:08 | 001,093,232 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Mouse and Keyboard Center\itype.exe
PRC - [2012.10.11 17:07:34 | 006,059,968 | ---- | M] (Kaspersky Lab) -- C:\Programme\Kaspersky Lab\Kaspersky PURE 2.0\Kaspersky Password Manager\Module Retargetable Folder\stpass.exe
PRC - [2012.07.27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.07.17 14:49:00 | 001,713,904 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
PRC - [2012.07.17 14:49:00 | 000,194,304 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
PRC - [2012.06.22 17:17:20 | 000,284,480 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2012.06.22 17:17:14 | 000,013,632 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2011.12.24 11:24:36 | 000,202,296 | ---- | M] (Kaspersky Lab ZAO) -- C:\Programme\Kaspersky Lab\Kaspersky PURE 2.0\avp.exe
PRC - [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010.12.10 17:30:50 | 000,086,880 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe
PRC - [2010.12.10 17:29:30 | 029,293,408 | ---- | M] (Microsoft Corporation) -- f:\act\microsoft sql server\MSSQL.1\MSSQL\Binn\sqlservr.exe
PRC - [2010.12.10 17:29:30 | 000,238,944 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe
PRC - [2010.11.20 13:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2010.11.20 13:17:41 | 001,174,016 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe
PRC - [2010.06.17 20:56:44 | 000,370,176 | ---- | M] (shbox.de) -- C:\Programme\FreePDF_XP\fpassist.exe
PRC - [2010.01.09 20:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
PRC - [2009.12.21 16:34:38 | 000,743,992 | ---- | M] (Infowatch) -- C:\Programme\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe
PRC - [2009.04.02 10:56:18 | 000,017,408 | ---- | M] (Sage Software, Inc.) -- F:\act\act for windows\Act.Outlook.Service.exe
PRC - [2009.03.27 17:10:56 | 000,014,336 | ---- | M] (LSI Corporation) -- C:\Programme\LSI SoftModem\agrsmsvc.exe
PRC - [2009.02.24 11:08:50 | 000,503,808 | ---- | M] (Sage Software, Inc.) -- F:\act\act for windows\Act.Scheduler.UI.exe
PRC - [2009.02.24 11:08:50 | 000,081,920 | ---- | M] (Sage Software, Inc.) -- F:\act\act for windows\Act.Scheduler.exe
PRC - [2008.10.24 16:35:44 | 000,128,296 | ---- | M] () -- C:\Programme\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
PRC - [2008.02.08 06:41:12 | 000,185,632 | ---- | M] (Protexis Inc.) -- C:\Programme\Common Files\Protexis\License Service\PsiService_2.exe
PRC - [2007.04.13 08:20:21 | 000,097,432 | ---- | M] () -- C:\Programme\Canon\IJPLM\ijplmsvc.exe

========== Modules (No Company Name) ==========

MOD - [2013.01.10 08:17:36 | 001,801,728 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\866894ebe5258bf9f45d6b063229e990\System.Xaml.ni.dll
MOD - [2013.01.10 08:13:42 | 000,126,976 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Interop.ADChronopher\9886857aa56c7133fc5a60b2085396e2\Interop.ADChronopher.ni.dll
MOD - [2013.01.10 08:13:30 | 000,517,120 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Genghis\330d35b48fdc9bbca217da4e48b229f9\Genghis.ni.dll
MOD - [2013.01.10 08:12:12 | 000,489,472 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\8511eac49521cf5fa810ec3367c40cab\IAStorUtil.ni.dll
MOD - [2013.01.10 08:12:12 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\5d918739168186b055c86a63123a1a30\IAStorCommon.ni.dll
MOD - [2013.01.10 08:11:38 | 002,297,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\77dfcfed5fd5f67d0d3edc545935bb21\System.Core.ni.dll
MOD - [2013.01.10 08:11:13 | 000,761,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Act.UI.Widgets\f08e4aab6c221503c51e555da690c804\Act.UI.Widgets.ni.dll
MOD - [2013.01.10 08:10:07 | 003,854,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Act.Shared.Windows.#\79ccbad5698a86a5a86f39b2d6a84a0e\Act.Shared.Windows.Forms.ni.dll
MOD - [2013.01.10 08:10:04 | 000,712,192 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Act.Shared.Win32\b2fb39b631eeb436201a4307ccbaaf13\Act.Shared.Win32.ni.dll
MOD - [2013.01.10 08:10:03 | 000,112,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Act.Shared.Utilities\1f83e57982605681b4bfcda47fc40173\Act.Shared.Utilities.ni.dll
MOD - [2013.01.10 08:09:59 | 004,245,504 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Act.Shared.Images\4647860fd29065d9f1550e686783087d\Act.Shared.Images.ni.dll
MOD - [2013.01.10 08:09:56 | 000,101,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Act.Shared.Diagnost#\76b582349f6b8060f92e9724b3c82517\Act.Shared.Diagnostics.ni.dll
MOD - [2013.01.10 08:09:52 | 001,381,888 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Act.Framework.Synch#\1e49b2cfb447a3428503575c2d6134da\Act.Framework.Synchronization.ni.dll
MOD - [2013.01.10 08:09:38 | 008,667,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Act.Framework\06ca508ac2f6c0bafa9593b6f1fd563e\Act.Framework.ni.dll
MOD - [2013.01.10 08:06:39 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\68f617caf670fefc0be769a294dc4ffd\System.ServiceProcess.ni.dll
MOD - [2013.01.10 08:06:35 | 010,580,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Design\c68040f7f0d621d43b25aa31a61cc8ab\System.Design.ni.dll
MOD - [2013.01.10 08:06:08 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll
MOD - [2013.01.10 08:06:06 | 000,628,224 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\01c6cb58745f397c9b7ccf3ab7bfc9cd\System.EnterpriseServices.ni.dll
MOD - [2013.01.10 08:06:05 | 000,627,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\536d704e93ffec9b54e4a0312fb5b996\System.Transactions.ni.dll
MOD - [2013.01.10 08:06:04 | 006,611,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\dd20416f723ee13ffb4173ec1afc4ec4\System.Data.ni.dll
MOD - [2013.01.10 08:05:04 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\865d2bf19a7af7fab8660a42d92550fe\System.Windows.Forms.ni.dll
MOD - [2013.01.10 08:04:52 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll
MOD - [2013.01.10 08:04:29 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf827fe7bc99d9bcf0ba3621054ef527\WindowsBase.ni.dll
MOD - [2013.01.10 08:04:20 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll
MOD - [2013.01.10 08:04:15 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll
MOD - [2013.01.10 08:04:13 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll
MOD - [2013.01.10 08:03:59 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll
MOD - [2013.01.10 00:52:42 | 018,002,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\14f511c47523f19ca591eb207e9e2084\PresentationFramework.ni.dll
MOD - [2013.01.10 00:52:20 | 000,595,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\dfeff31ab1e7cd3480c8942290c92f5d\PresentationFramework.Aero.ni.dll
MOD - [2013.01.10 00:52:18 | 013,199,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\e43f80b6a3a40323520dd89cb77500a8\System.Windows.Forms.ni.dll
MOD - [2013.01.10 00:52:15 | 000,982,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\5de5d8c1c02e33789e3cf7e3f54c0ec9\System.Configuration.ni.dll
MOD - [2013.01.10 00:52:10 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\43cd41484df96d15df949eb17dd88152\System.Xml.ni.dll
MOD - [2013.01.10 00:52:06 | 001,667,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\b573c6a62bb88df0ee2af59b6a8ca910\System.Drawing.ni.dll
MOD - [2013.01.10 00:52:03 | 011,451,904 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\e10fd15441d278c04a03302880a3e231\PresentationCore.ni.dll
MOD - [2013.01.10 00:51:49 | 003,858,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\7a9ff5ce3a909d075179a2ac70d8f388\WindowsBase.ni.dll
MOD - [2013.01.10 00:51:44 | 009,094,656 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\15872842e3e63ddf0f720f406706198e\System.ni.dll
MOD - [2013.01.10 00:51:36 | 014,412,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\3f95a6d480ed1ebe45cf27b770ba94ed\mscorlib.ni.dll
MOD - [2013.01.08 07:39:22 | 001,940,992 | ---- | M] () -- C:\Programme\Fieldston Software\gSyncit\gSyncit.core.dll
MOD - [2013.01.06 11:15:06 | 000,837,632 | ---- | M] () -- C:\Programme\Fieldston Software\gSyncit\System.Data.SQLite.dll
MOD - [2012.11.09 12:34:10 | 003,137,024 | ---- | M] () -- C:\Programme\FAX.de\ComCenter\ComCenterEasy.exe
MOD - [2012.11.09 12:28:00 | 000,914,432 | ---- | M] () -- C:\Programme\FAX.de\ComCenter\CCCTCPIP.dll
MOD - [2012.10.29 17:36:51 | 000,972,664 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Microsoft.Office.Interop.Outlook\14.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Outlook.dll
MOD - [2012.10.25 19:55:25 | 000,094,648 | ---- | M] () -- C:\Programme\Kaspersky Lab\Kaspersky PURE 2.0\avpapplication.dll
MOD - [2012.10.23 12:13:49 | 000,294,912 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Janus.Windows.ExplorerBar.v3\3.5.0.0__21d5517571b185bf\Janus.Windows.ExplorerBar.v3.dll
MOD - [2012.10.23 12:13:49 | 000,208,896 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Janus.Windows.Common.v3\3.5.0.0__21d5517571b185bf\Janus.Windows.Common.v3.dll
MOD - [2012.10.23 12:13:29 | 000,280,064 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Act.Outlook.Service.Desktop\11.1.183.0__ebf6b2ff4d0a08aa\Act.Outlook.Service.Desktop.dll
MOD - [2012.10.23 12:13:29 | 000,279,552 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Act.Outlook.Service.Shared\11.1.183.0__ebf6b2ff4d0a08aa\Act.Outlook.Service.Shared.dll
MOD - [2012.10.23 12:13:29 | 000,135,168 | ---- | M] () -- C:\Windows\assembly\GAC_32\Act.Outlook.Message.Reader\11.1.183.0__ebf6b2ff4d0a08aa\Act.Outlook.Message.Reader.dll
MOD - [2012.10.23 12:13:29 | 000,038,912 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Act.Outlook.Service.AppCommon\11.1.183.0__ebf6b2ff4d0a08aa\Act.Outlook.Service.AppCommon.dll
MOD - [2012.10.23 12:13:29 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Act.Outlook.Service.Interfaces\11.1.183.0__ebf6b2ff4d0a08aa\Act.Outlook.Service.Interfaces.dll
MOD - [2012.01.08 14:41:12 | 000,093,696 | ---- | M] () -- C:\Programme\FileZilla FTP Client\fzshellext.dll
MOD - [2011.12.24 11:22:20 | 007,422,352 | ---- | M] () -- C:\Programme\Kaspersky Lab\Kaspersky PURE 2.0\qtgui4.dll
MOD - [2011.12.24 11:22:20 | 000,795,024 | ---- | M] () -- C:\Programme\Kaspersky Lab\Kaspersky PURE 2.0\qtnetwork4.dll
MOD - [2011.12.24 11:22:16 | 001,270,160 | ---- | M] () -- C:\Programme\Kaspersky Lab\Kaspersky PURE 2.0\qtscript4.dll
MOD - [2011.12.24 11:22:16 | 000,192,912 | ---- | M] () -- C:\Programme\Kaspersky Lab\Kaspersky PURE 2.0\qtsql4.dll
MOD - [2011.12.24 11:22:14 | 002,453,904 | ---- | M] () -- C:\Programme\Kaspersky Lab\Kaspersky PURE 2.0\qtdeclarative4.dll
MOD - [2011.12.24 11:22:12 | 002,126,224 | ---- | M] () -- C:\Programme\Kaspersky Lab\Kaspersky PURE 2.0\qtcore4.dll
MOD - [2011.12.24 11:21:10 | 000,459,152 | ---- | M] () -- C:\Programme\Kaspersky Lab\Kaspersky PURE 2.0\dblite.dll
MOD - [2011.09.05 18:36:52 | 000,025,088 | ---- | M] () -- C:\Programme\Kaspersky Lab\Kaspersky PURE 2.0\imageformats\qgif4.dll
MOD - [2011.09.05 18:36:50 | 000,180,224 | ---- | M] () -- C:\Programme\Kaspersky Lab\Kaspersky PURE 2.0\imageformats\qjpeg4.dll
MOD - [2011.03.17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Programme\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010.11.13 01:02:22 | 000,434,176 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll
MOD - [2010.11.13 01:02:21 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2010.11.05 02:59:41 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll
MOD - [2010.11.05 02:58:05 | 002,927,616 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2010.07.04 22:32:38 | 000,010,752 | ---- | M] () -- C:\Programme\Unlocker\UnlockerCOM.dll
MOD - [2009.06.10 23:14:06 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll
MOD - [2009.06.10 22:23:19 | 000,261,632 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll

========== Services (SafeList) ==========

SRV - [2013.01.11 00:24:31 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.12.14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.12.14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012.12.06 13:24:53 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.07.27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.07.17 14:49:00 | 001,713,904 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2012.06.22 17:17:14 | 000,013,632 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2011.12.24 11:24:36 | 000,202,296 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Programme\Kaspersky Lab\Kaspersky PURE 2.0\avp.exe -- (AVP)
SRV - [2011.07.20 05:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2011.07.18 14:23:22 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010.12.10 17:30:50 | 000,086,880 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
SRV - [2010.12.10 17:29:30 | 029,293,408 | ---- | M] (Microsoft Corporation) [Auto | Running] -- f:\act\microsoft sql server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$ACT7)
SRV - [2010.12.10 17:29:30 | 000,238,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser)
SRV - [2010.12.10 17:29:30 | 000,044,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper)
SRV - [2010.11.20 13:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2010.01.09 20:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2010.01.09 20:18:00 | 000,149,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
SRV - [2009.12.21 16:34:38 | 000,743,992 | ---- | M] (Infowatch) [Auto | Running] -- C:\Programme\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe -- (CSObjectsSrv)
SRV - [2009.07.14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009.03.27 17:10:56 | 000,014,336 | ---- | M] (LSI Corporation) [Auto | Running] -- C:\Programme\LSI SoftModem\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2009.02.24 11:08:50 | 000,081,920 | ---- | M] (Sage Software, Inc.) [Auto | Running] -- F:\act\act for windows\Act.Scheduler.exe -- (ACT! Scheduler)
SRV - [2008.10.24 16:35:44 | 000,128,296 | ---- | M] () [Auto | Running] -- C:\Programme\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe -- (AAV UpdateService)
SRV - [2008.02.08 06:41:12 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- C:\Programme\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2007.05.31 15:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007.05.31 15:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2007.04.13 08:20:21 | 000,097,432 | ---- | M] () [Auto | Running] -- C:\Programme\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\vmnetadapter.sys -- (VMnetAdapter)
DRV - File not found [File_System | On_Demand | Stopped] -- -- (Rpmrmovrpksv)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\KUSBusByTCPMasterBus.sys -- (KUSBusByTCPMasterBus)
DRV - [2012.12.30 12:26:45 | 000,105,728 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avmaura.sys -- (avmaura)
DRV - [2012.12.14 16:49:28 | 000,021,104 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012.11.01 21:52:48 | 000,064,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dc3d.sys -- (dc3d)
DRV - [2012.10.25 19:57:21 | 000,585,560 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\System32\drivers\klif.sys -- (KLIF)
DRV - [2012.09.19 10:02:06 | 000,181,344 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudmdm.sys -- (ssudmdm)
DRV - [2012.09.19 10:02:06 | 000,083,168 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudbus.sys -- (dg_ssudbus)
DRV - [2012.07.13 15:28:28 | 000,101,248 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avmaudio.sys -- (avmaudio)
DRV - [2012.04.25 07:03:28 | 000,067,960 | ---- | M] (Citrix Systems, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\ctxusbm.sys -- (ctxusbm)
DRV - [2012.04.19 11:31:38 | 000,015,704 | ---- | M] (Focusrite Audio Engineering Limited) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\automap.sys -- (automap)
DRV - [2012.01.25 11:23:10 | 000,319,264 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7)
DRV - [2011.12.04 22:23:51 | 000,121,464 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AnyDVD.sys -- (AnyDVD)
DRV - [2011.11.21 11:52:06 | 000,144,896 | ---- | M] (1&1 Internet AG) [File_System | System | Running] -- C:\Windows\System32\drivers\ui11rdr.SYS -- (ui11rdr)
DRV - [2011.10.20 10:48:00 | 000,135,984 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\kl1.sys -- (kl1)
DRV - [2011.10.20 10:48:00 | 000,013,104 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\System32\drivers\kl2.sys -- (kl2)
DRV - [2011.10.05 11:46:36 | 000,041,944 | ---- | M] (Novation DMS Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvnusbaudio.sys -- (NvnUsbAudio)
DRV - [2011.08.19 15:55:30 | 000,169,056 | ---- | M] (Focusrite A.E.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Saffire.sys -- (Saffire)
DRV - [2011.08.19 15:55:30 | 000,040,672 | ---- | M] (Focusrite A.E.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SaffireMidi.sys -- (SaffireMidi)
DRV - [2011.08.19 15:55:30 | 000,032,992 | ---- | M] (Focusrite A.E.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SaffireAudio.sys -- (SaffireAudio)
DRV - [2011.06.13 16:34:46 | 000,231,248 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\Windows\System32\drivers\truecrypt.sys -- (truecrypt)
DRV - [2011.03.10 17:36:18 | 000,023,856 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\System32\drivers\klim6.sys -- (KLIM6)
DRV - [2010.11.20 11:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.11.20 10:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WINUSB)
DRV - [2010.11.04 23:12:04 | 000,006,656 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\iPodDrv.sys -- (iPodDrv)
DRV - [2010.10.07 13:11:37 | 006,639,616 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETwLv32.sys -- (NETwLv32)
DRV - [2010.07.04 20:51:26 | 000,004,096 | ---- | M] () [Kernel | Unavailable | Unknown] -- C:\Programme\Unlocker\UnlockerDriver5.sys -- (UnlockerDriver5)
DRV - [2009.12.14 11:44:24 | 000,088,632 | ---- | M] (Infowatch) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\CSCrySec.sys -- (CSCrySec)
DRV - [2009.12.14 11:44:24 | 000,039,352 | ---- | M] (Infowatch) [Kernel | System | Running] -- C:\Windows\System32\drivers\CSVirtualDiskDrv.sys -- (CSVirtualDiskDrv)
DRV - [2009.11.02 19:27:16 | 000,019,984 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\klmouflt.sys -- (klmouflt)
DRV - [2009.07.14 00:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | System | Running] -- C:\Windows\System32\drivers\serial.sys -- (Serial)
DRV - [2009.07.13 23:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32)
DRV - [2009.06.11 12:18:30 | 001,161,664 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2007.04.25 12:32:42 | 000,031,232 | ---- | M] (SMSC) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\smscirda.sys -- (SMSCIRDA)
DRV - [2006.11.01 18:20:28 | 000,005,888 | ---- | M] (FUJITSU LIMITED) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\fuj02b1.sys -- (FUJ02B1)
DRV - [2006.10.30 08:42:28 | 001,786,880 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32)
DRV - [2004.01.18 03:15:00 | 000,004,864 | ---- | M] (FUJITSU LIMITED) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\fuj02e3.sys -- (FUJ02E3)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://home.sweetim.com/?crg=3.1010000.10011&barid={1CD70569-1D3E-11E2-8EC9-00037AE207C4}
IE - HKLM\..\SearchScopes,DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847}
IE - HKLM\..\SearchScopes\{84C124CC-8BC4-40D0-9104-F5017D258584}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2736476
IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}&crg=3.1010000.10011&barid={1CD70569-1D3E-11E2-8EC9-00037AE207C4}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://home.sweetim.com/?crg=3.1010000.10011&barid={1CD70569-1D3E-11E2-8EC9-00037AE207C4}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E1 28 F9 99 D7 29 CC 01 [binary data]
IE - HKCU\..\URLSearchHook: {7e111a5c-3d11-4f56-9463-5310c3c69025} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://startsear.ch/?aff=1&q={searchTerms}
IE - HKCU\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=SPC2&o=15000&src=crm&q={searchTerms}&locale=en_US&apn_ptnrs=PV&apn_dtid=YYYYYYYYDE&apn_uid=1B326E73-9C80-4F1E-8CD2-FD628BFA8C16&apn_sauid=34938708-92E9-44B8-B992-4E0039EAD5D3
IE - HKCU\..\SearchScopes\{84C124CC-8BC4-40D0-9104-F5017D258584}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2736476
IE - HKCU\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}&crg=3.1010000.10011&barid={1CD70569-1D3E-11E2-8EC9-00037AE207C4}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.defaultthis.engineName: "Freeware.de Customized Web Search"
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledAddons: fb_add_on%40avm.de:1.6.3
FF - prefs.js..extensions.enabledAddons: %7B72CA2996-F580-47DF-98FF-0B853D09CEC8%7D:6.0.1.55
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1
FF - prefs.js..keyword.URL: "hxxp://search.sweetim.com/search.asp?src=2&q="
FF - prefs.js..network.proxy.type: 0
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "hxxp://search.sweetim.com/search.asp?src=2&q="

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
FF - HKLM\Software\MozillaPlugins\@Citrix.com/npican: C:\Program Files\Citrix\ICA Client\npicaN.dll (Citrix Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.10.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Windows\system32\TVUAx\npTVUAx.dll (TVU networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.124\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.124\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@kaspersky.com/Password Manager: C:\PROGRA~1\KASPER~1\KASPER~1.0\KASPER~2\MODULE~1\npkpmAutofill.dll (Kaspersky Lab)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\linkfilter@kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\linkfilter@kaspersky.ru [2012.10.25 19:58:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\virtualKeyboard@kaspersky.ru [2012.10.25 19:58:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\KavAntiBanner@Kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\KavAntiBanner@Kaspersky.ru [2012.10.25 19:58:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.12.06 13:24:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.12.06 13:24:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.10.30 12:31:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{72CA2996-F580-47DF-98FF-0B853D09CEC8}: C:\Users\floatyflow\AppData\Roaming\Kaspersky Lab\Password Manager\kpmAutofill [2013.01.09 11:22:52 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.12.06 13:24:53 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.12.06 13:24:48 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.10.30 12:31:26 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Thunderbird\Extensions\\{72CA2996-F580-47DF-98FF-0B853D09CEC8}: C:\Users\floatyflow\AppData\Roaming\Kaspersky Lab\Password Manager\kpmAutofill [2013.01.09 11:22:52 | 000,000,000 | ---D | M]

[2011.06.13 16:19:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\floatyflow\AppData\Roaming\mozilla\Extensions
[2011.06.13 16:19:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\floatyflow\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2013.01.09 11:00:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\floatyflow\AppData\Roaming\mozilla\Firefox\Profiles\vub5vfg6.default\extensions
[2012.12.27 18:40:31 | 000,000,000 | ---D | M] ("FRITZ!Box AddOn") -- C:\Users\floatyflow\AppData\Roaming\mozilla\Firefox\Profiles\vub5vfg6.default\extensions\fb_add_on@avm.de
[2011.11.19 15:42:10 | 000,000,000 | ---D | M] (TVU Web Player) -- C:\Users\floatyflow\AppData\Roaming\mozilla\Firefox\Profiles\vub5vfg6.default\extensions\firefox@tvunetworks.com
[2012.12.22 12:50:44 | 000,783,286 | ---- | M] () (No name found) -- C:\Users\floatyflow\AppData\Roaming\mozilla\firefox\profiles\vub5vfg6.default\extensions\ext@sprng.me.xpi
[2012.11.24 16:40:14 | 000,804,627 | ---- | M] () (No name found) -- C:\Users\floatyflow\AppData\Roaming\mozilla\firefox\profiles\vub5vfg6.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012.04.09 16:39:58 | 000,002,333 | ---- | M] () -- C:\Users\floatyflow\AppData\Roaming\mozilla\firefox\profiles\vub5vfg6.default\searchplugins\askcom.xml
[2012.10.23 19:19:55 | 000,003,998 | ---- | M] () -- C:\Users\floatyflow\AppData\Roaming\mozilla\firefox\profiles\vub5vfg6.default\searchplugins\sweetim.xml
[2012.12.06 13:24:47 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2013.01.09 11:22:52 | 000,000,000 | ---D | M] (Password Manager plugin) -- C:\USERS\FLOATYFLOW\APPDATA\ROAMING\KASPERSKY LAB\PASSWORD MANAGER\KPMAUTOFILL
[2012.12.06 13:24:53 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.06.09 12:41:48 | 000,081,920 | ---- | M] (vShare.tv ) -- C:\Program Files\mozilla firefox\plugins\npvsharetvplg.dll
[2011.07.11 22:48:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2012.09.06 03:07:37 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.09.06 03:07:37 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.09.06 03:07:37 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.09.06 03:07:37 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.09.06 03:07:37 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.09.06 03:07:37 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2009.06.10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Programme\Kaspersky Lab\Kaspersky PURE 2.0\ievkbd.dll (Kaspersky Lab ZAO)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Programme\Kaspersky Lab\Kaspersky PURE 2.0\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (SMTTB2009 Class) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Programme\DealBulldog Toolbar\tbcore3.dll ()
O2 - BHO: (Yontoo) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Programme\Yontoo\YontooIEClient.dll (Yontoo LLC)
O3 - HKLM\..\Toolbar: (DealBulldog Toolbar) - {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Programme\DealBulldog Toolbar\tbcore3.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (DealBulldog Toolbar) - {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Programme\DealBulldog Toolbar\tbcore3.dll ()
O4 - HKLM..\Run: [(default)] File not found
O4 - HKLM..\Run: [Act! Preloader] F:\act\act for windows\ActSage.exe (Sage Software, Inc.)
O4 - HKLM..\Run: [Act.Outlook.Service] F:\act\act for windows\Act.Outlook.Service.exe (Sage Software, Inc.)
O4 - HKLM..\Run: [ACTSchedulerUI] "F:\act\act for windows\Act.Scheduler.UI.exe" -Dfalse File not found
O4 - HKLM..\Run: [ApnUpdater] "C:\Program Files\Ask.com\Updater\Updater.exe" File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky PURE 2.0\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [FreePDF Assistant] C:\Programme\FreePDF_XP\fpassist.exe (shbox.de)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe (Microsoft Corporation)
O4 - HKLM..\Run: [IntelliType Pro] C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Ocs_SM] C:\Users\floatyflow\AppData\Roaming\OCS\SM\SearchAnonymizer.exe (OCS)
O4 - HKCU..\Run: [AVMUSBFernanschluss] C:\Users\floatyflow\AppData\Local\Apps\2.0\TERQC7A3.DM0\4B6564EL.QPQ\frit..tion_8488884cfbcefd60_0002.0003_f406d43803d5433d\AVMAutoStart.exe (AVM Berlin)
O4 - HKCU..\Run: [Comcenter Easy] C:\Programme\FAX.de\ComCenter\ComCenterEasy.exe ()
O4 - HKCU..\Run: [gSyncit] C:\Programme\Fieldston Software\gSyncit\gsyncit.exe (Fieldston Software)
O4 - HKCU..\Run: [PeerBlock] C:\Programme\PeerBlock\peerblock.exe (PeerBlock, LLC)
O4 - Startup: C:\Users\floatyflow\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\floatyflow\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Programme\Kaspersky Lab\Kaspersky PURE 2.0\ie_banner_deny.htm ()
O8 - Extra context menu item: Kaspersky PURE - C:\Programme\Kaspersky Lab\Kaspersky PURE 2.0\Kaspersky Password Manager\Module Retargetable Folder\spIEBho.dll (Kaspersky Lab)
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Programme\Kaspersky Lab\Kaspersky PURE 2.0\ievkbd.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Programme\Kaspersky Lab\Kaspersky PURE 2.0\klwtbbho.dll (Kaspersky Lab ZAO)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O13 - gopher Prefix: missing
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.10.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4C9DF8B8-E1D3-43FE-9604-3FC79B72E766}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FF3D0153-1DE8-4316-BD0D-25262CFD4648}: DhcpNameServer = 192.168.7.59
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Citrix\ICACLI~1\RSHook.dll) - C:\Programme\Citrix\ICA Client\RSHook.dll (Citrix Systems, Inc.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - Winlogon\Notify\klogon: DllName - (C:\Windows\system32\klogon.dll) - C:\Windows\System32\klogon.dll (Kaspersky Lab ZAO)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - Unable to read "AutoRun" value or value not present!
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2012.09.09 17:22:59 | 000,000,000 | ---- | M] () - C:\AutomapClients.ini -- [ NTFS ]
O33 - MountPoints2\D\Shell - "" = AutoRun
O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\SETUP.EXE
O33 - MountPoints2\D\Shell\configure\command - "" = D:\SETUP.EXE
O33 - MountPoints2\D\Shell\install\command - "" = D:\SETUP.EXE
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013.01.12 12:44:30 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\floatyflow\Desktop\OTL.exe
[2013.01.12 12:01:39 | 000,000,000 | ---D | C] -- C:\Users\floatyflow\Desktop\Kaspersky
[2013.01.12 09:36:25 | 000,000,000 | ---D | C] -- C:\Attachments
[2013.01.11 22:03:38 | 000,000,000 | ---D | C] -- C:\Users\floatyflow\AppData\Roaming\Malwarebytes
[2013.01.11 22:03:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.01.11 22:03:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.01.11 22:03:25 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013.01.11 22:03:25 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013.01.11 00:47:21 | 000,000,000 | ---D | C] -- C:\Windows\rescache
[2013.01.09 10:31:01 | 000,000,000 | ---D | C] -- C:\Windows\System32\IO
[2013.01.08 23:18:20 | 000,000,000 | ---D | C] -- C:\Users\floatyflow\AppData\Roaming\gSyncit
[2013.01.08 23:17:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\gSyncit
[2013.01.08 23:17:58 | 000,000,000 | ---D | C] -- C:\Program Files\Fieldston Software
[2012.12.30 21:12:37 | 000,000,000 | ---D | C] -- C:\Users\floatyflow\AppData\Local\Audible
[2012.12.30 21:12:31 | 000,255,352 | ---- | C] (Audible, Inc.) -- C:\Windows\System32\awrdscdc.ax
[2012.12.30 21:01:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AudibleManager
[2012.12.30 21:01:01 | 000,000,000 | ---D | C] -- C:\Users\floatyflow\Documents\Audible
[2012.12.30 21:01:00 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Audible
[2012.12.30 21:01:00 | 000,000,000 | ---D | C] -- C:\Program Files\Audible
[2012.12.30 12:27:12 | 000,105,728 | ---- | C] (AVM Berlin) -- C:\Windows\System32\drivers\avmaura.sys
[2012.12.27 16:38:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft-Maus- und Tastatur-Center
[2012.12.27 16:38:17 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Mouse and Keyboard Center
[2012.12.22 12:43:55 | 000,000,000 | ---D | C] -- C:\Users\floatyflow\AppData\Local\Programs
[2012.12.20 16:30:12 | 000,000,000 | ---D | C] -- C:\Users\floatyflow\AppData\Local\Steinberg
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013.01.12 12:45:56 | 000,000,186 | ---- | M] () -- C:\Users\floatyflow\Desktop\Trjaner-Board - Anleitung.URL
[2013.01.12 12:44:23 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\floatyflow\Desktop\OTL.exe
[2013.01.12 12:40:58 | 000,000,000 | ---- | M] () -- C:\Users\floatyflow\defogger_reenable
[2013.01.12 12:39:55 | 000,050,477 | ---- | M] () -- C:\Users\floatyflow\Desktop\Defogger.exe
[2013.01.12 12:24:04 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.01.12 12:24:03 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.01.12 11:12:09 | 000,019,136 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.01.12 11:12:09 | 000,019,136 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.01.12 11:04:34 | 000,000,952 | -HS- | M] () -- C:\ProgramData\KGyGaAvL.sys
[2013.01.12 11:03:30 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.01.12 11:02:54 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.01.12 11:02:37 | 2609,373,184 | -HS- | M] () -- C:\hiberfil.sys
[2013.01.10 14:16:11 | 000,007,622 | ---- | M] () -- C:\Users\floatyflow\AppData\Local\Resmon.ResmonCfg
[2013.01.10 12:10:31 | 000,447,847 | ---- | M] () -- C:\Users\floatyflow\Desktop\ACT-Fehlermeldung.jpg
[2013.01.10 10:07:14 | 000,759,276 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.01.10 10:07:14 | 000,713,948 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.01.10 10:07:14 | 000,170,954 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.01.10 10:07:14 | 000,143,734 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.01.10 09:25:27 | 000,001,681 | ---- | M] () -- C:\Users\floatyflow\Desktop\starter.exe - Verknüpfung.lnk
[2013.01.10 07:59:13 | 000,377,008 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013.01.09 09:10:06 | 000,000,021 | ---- | M] () -- C:\Users\floatyflow\AppData\Local\mc.pixel.data
[2013.01.04 13:45:58 | 000,001,058 | ---- | M] () -- C:\Users\floatyflow\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012.12.30 21:23:51 | 371,861,335 | ---- | M] () -- C:\Users\floatyflow\Desktop\Die7WegezurEffektivität-Teil1_ep7_florian.brand.aax
[2012.12.30 21:12:35 | 000,001,917 | ---- | M] () -- C:\Users\floatyflow\Desktop\Audible Manager.lnk
[2012.12.30 21:12:31 | 000,255,352 | ---- | M] (Audible, Inc.) -- C:\Windows\System32\awrdscdc.ax
[2012.12.30 12:26:45 | 000,105,728 | ---- | M] (AVM Berlin) -- C:\Windows\System32\drivers\avmaura.sys
[2012.12.27 18:42:00 | 000,001,562 | ---- | M] () -- C:\Users\floatyflow\Desktop\BrandBox.lnk
[2012.12.27 16:38:50 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_point32_01011.Wdf
[2012.12.27 16:35:22 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_dc3d_01011.Wdf
[2012.12.14 16:49:28 | 000,021,104 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013.01.12 12:45:28 | 000,000,186 | ---- | C] () -- C:\Users\floatyflow\Desktop\Trjaner-Board - Anleitung.URL
[2013.01.12 12:40:58 | 000,000,000 | ---- | C] () -- C:\Users\floatyflow\defogger_reenable
[2013.01.12 12:39:59 | 000,050,477 | ---- | C] () -- C:\Users\floatyflow\Desktop\Defogger.exe
[2013.01.10 12:10:31 | 000,447,847 | ---- | C] () -- C:\Users\floatyflow\Desktop\ACT-Fehlermeldung.jpg
[2013.01.10 11:24:54 | 000,002,251 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
[2013.01.10 09:25:27 | 000,001,681 | ---- | C] () -- C:\Users\floatyflow\Desktop\starter.exe - Verknüpfung.lnk
[2013.01.10 00:12:15 | 000,001,058 | ---- | C] () -- C:\Users\floatyflow\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012.12.30 21:36:44 | 371,861,335 | ---- | C] () -- C:\Users\floatyflow\Desktop\Die7WegezurEffektivität-Teil1_ep7_florian.brand.aax
[2012.12.30 21:01:36 | 000,001,917 | ---- | C] () -- C:\Users\floatyflow\Desktop\Audible Manager.lnk
[2012.12.27 18:42:00 | 000,001,562 | ---- | C] () -- C:\Users\floatyflow\Desktop\BrandBox.lnk
[2012.12.27 16:38:50 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_point32_01011.Wdf
[2012.12.27 16:35:22 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_dc3d_01011.Wdf
[2012.11.30 07:44:15 | 000,000,008 | RHS- | C] () -- C:\ProgramData\37FD5C512F.sys
[2012.11.12 16:10:06 | 000,006,913 | ---- | C] () -- C:\Users\floatyflow\AppData\Roaming\Kommagetrennte Werte (Windows).EML
[2012.10.30 14:25:26 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2012.10.23 12:15:16 | 000,000,952 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2012.10.23 12:15:16 | 000,000,088 | RHS- | C] () -- C:\ProgramData\25F1CB694F.sys
[2012.09.10 15:44:57 | 000,002,892 | ---- | C] () -- C:\Windows\System32\audcon.sys
[2012.09.10 14:20:30 | 000,000,045 | ---- | C] () -- C:\Windows\System32\SYNSOPOS.exe.cfg
[2012.09.10 14:20:28 | 000,086,016 | ---- | C] () -- C:\Windows\System32\SYNSOPOS.exe
[2012.09.07 16:56:05 | 000,000,021 | ---- | C] () -- C:\Users\floatyflow\AppData\Local\mc.pixel.data
[2012.09.06 17:03:33 | 000,332,665 | ---- | C] () -- C:\Windows\System32\drivers\RTAIODAT.DAT
[2012.06.04 10:22:43 | 000,017,408 | ---- | C] () -- C:\Users\floatyflow\AppData\Local\WebpageIcons.db
[2012.06.04 09:47:29 | 000,116,189 | ---- | C] () -- C:\Windows\System32\drivers\klin.dat
[2012.06.04 09:47:29 | 000,098,168 | ---- | C] () -- C:\Windows\System32\drivers\klick.dat
[2012.05.17 15:42:36 | 000,476,766 | ---- | C] () -- C:\Windows\Pixel Creation Suite Uninstaller.exe
[2012.02.12 02:45:42 | 000,000,032 | ---- | C] () -- C:\Users\floatyflow\.simfy
[2012.01.31 18:15:42 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll
[2012.01.31 18:15:42 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll
[2012.01.31 18:15:42 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll
[2012.01.31 18:15:42 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll
[2012.01.19 21:05:48 | 000,107,520 | RHS- | C] () -- C:\Windows\System32\TAKDSDecoder.dll
[2012.01.19 20:18:30 | 000,000,125 | -HS- | C] () -- C:\ProgramData\.zreglib
[2011.10.31 20:58:05 | 000,073,728 | ---- | C] () -- C:\Windows\System32\Uninstall.dll
[2011.10.07 17:25:03 | 000,020,992 | ---- | C] () -- C:\Windows\System32\UNDERFLW.DLL
[2011.10.07 17:23:10 | 000,011,910 | ---- | C] () -- C:\Windows\Genmidi.dll
[2011.10.07 17:23:09 | 000,011,910 | ---- | C] () -- C:\Windows\System32\GENMIDI.DLL
[2011.07.28 16:22:47 | 000,000,017 | ---- | C] () -- C:\Windows\System32\shortcut_ex.dat
[2011.06.25 11:22:52 | 001,580,544 | ---- | C] () -- C:\Windows\System32\PDFCtrl.dll
[2011.06.25 11:22:51 | 001,712,128 | ---- | C] () -- C:\Windows\System32\iPostCtl.dll
[2011.06.25 11:22:50 | 001,968,640 | ---- | C] () -- C:\Windows\System32\iFaxCtrl.dll
[2011.06.25 11:22:50 | 000,072,704 | ---- | C] () -- C:\Windows\System32\CTRLSRV.EXE
[2011.06.18 17:15:07 | 000,007,622 | ---- | C] () -- C:\Users\floatyflow\AppData\Local\Resmon.ResmonCfg
[2011.06.18 16:26:07 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2011.06.14 19:34:30 | 000,116,224 | ---- | C] () -- C:\Windows\System32\redmonnt.dll
[2011.06.14 19:34:30 | 000,045,056 | ---- | C] () -- C:\Windows\System32\unredmon.exe
[2011.06.14 01:21:42 | 000,759,276 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2011.06.14 01:21:42 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2011.06.14 01:21:42 | 000,170,954 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2011.06.14 01:21:42 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2011.06.13 16:09:41 | 000,033,134 | ---- | C] () -- C:\Users\floatyflow\AppData\Roaming\UserTile.png
[2011.03.11 11:43:54 | 000,029,763 | ---- | C] () -- C:\Windows\System32\drivers\klopp.dat

========== ZeroAccess Check ==========

[2009.07.14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[2012.10.23 12:13:29 | 000,000,000 | ---D | M] -- C:\Windows\assembly\GAC_MSIL\Act.Outlook.Service.Desktop

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2012.02.17 19:07:31 | 000,000,000 | ---D | M] -- C:\Users\floatyflow\AppData\Roaming\1&1
[2012.09.09 16:14:24 | 000,000,000 | ---D | M] -- C:\Users\floatyflow\AppData\Roaming\Ableton
[2012.10.23 11:54:54 | 000,000,000 | ---D | M] -- C:\Users\floatyflow\AppData\Roaming\ACT
[2012.09.13 19:21:08 | 000,000,000 | ---D | M] -- C:\Users\floatyflow\AppData\Roaming\AlcaTech
[2011.12.19 19:43:45 | 000,000,000 | ---D | M] -- C:\Users\floatyflow\AppData\Roaming\Amazon
[2012.03.21 23:01:05 | 000,000,000 | ---D | M] -- C:\Users\floatyflow\AppData\Roaming\Audacity
[2013.01.09 11:43:55 | 000,000,000 | ---D | M] -- C:\Users\floatyflow\AppData\Roaming\BitTorrent
[2011.09.24 19:00:08 | 000,000,000 | ---D | M] -- C:\Users\floatyflow\AppData\Roaming\Cache
[2012.09.15 13:42:16 | 000,000,000 | ---D | M] -- C:\Users\floatyflow\AppData\Roaming\Canon
[2011.06.25 11:24:15 | 000,000,000 | ---D | M] -- C:\Users\floatyflow\AppData\Roaming\ComCenter
[2011.06.18 19:16:36 | 000,000,000 | ---D | M] -- C:\Users\floatyflow\AppData\Roaming\Device Doctor
[2013.01.12 11:04:55 | 000,000,000 | ---D | M] -- C:\Users\floatyflow\AppData\Roaming\Dropbox
[2012.01.02 21:41:09 | 000,000,000 | ---D | M] -- C:\Users\floatyflow\AppData\Roaming\DVDVideoSoft
[2011.07.26 19:15:43 | 000,000,000 | ---D | M] -- C:\Users\floatyflow\AppData\Roaming\elsterformular
[2013.01.08 18:45:41 | 000,000,000 | ---D | M] -- C:\Users\floatyflow\AppData\Roaming\FileZilla
[2011.06.18 16:49:59 | 000,000,000 | ---D | M] -- C:\Users\floatyflow\AppData\Roaming\FreeFileSync
[2011.12.26 01:18:06 | 000,000,000 | ---D | M] -- C:\Users\floatyflow\AppData\Roaming\GHISLER
[2013.01.12 09:35:21 | 000,000,000 | ---D | M] -- C:\Users\floatyflow\AppData\Roaming\gSyncit
[2012.10.19 15:47:30 | 000,000,000 | ---D | M] -- C:\Users\floatyflow\AppData\Roaming\ICAClient
[2012.10.23 12:15:15 | 000,000,000 | ---D | M] -- C:\Users\floatyflow\AppData\Roaming\IsolatedStorage
[2012.10.25 05:11:03 | 000,000,000 | ---D | M] -- C:\Users\floatyflow\AppData\Roaming\Kalkulator
[2011.09.25 04:08:56 | 000,000,000 | ---D | M] -- C:\Users\floatyflow\AppData\Roaming\Live Recordings
[2011.09.24 18:59:40 | 000,000,000 | ---D | M] -- C:\Users\floatyflow\AppData\Roaming\Live Reports
[2011.10.15 00:44:23 | 000,000,000 | ---D | M] -- C:\Users\floatyflow\AppData\Roaming\Music Recognition
[2011.10.08 14:08:46 | 000,000,000 | ---D | M] -- C:\Users\floatyflow\AppData\Roaming\MusicBrainz
[2012.01.19 20:33:29 | 000,000,000 | ---D | M] -- C:\Users\floatyflow\AppData\Roaming\OCS
[2012.01.19 21:05:49 | 000,000,000 | ---D | M] -- C:\Users\floatyflow\AppData\Roaming\OpenCandy
[2011.06.14 15:49:44 | 000,000,000 | ---D | M] -- C:\Users\floatyflow\AppData\Roaming\OpenOffice.org
[2012.01.19 20:33:39 | 000,000,000 | ---D | M] -- C:\Users\floatyflow\AppData\Roaming\Opera
[2012.05.17 15:31:27 | 000,000,000 | ---D | M] -- C:\Users\floatyflow\AppData\Roaming\Pixlromatic
[2012.02.15 20:17:42 | 000,000,000 | ---D | M] -- C:\Users\floatyflow\AppData\Roaming\Samsung
[2012.02.12 02:45:39 | 000,000,000 | ---D | M] -- C:\Users\floatyflow\AppData\Roaming\Simfy
[2011.08.01 13:58:44 | 000,000,000 | ---D | M] -- C:\Users\floatyflow\AppData\Roaming\SoftGrid Client
[2012.12.30 18:00:55 | 000,000,000 | ---D | M] -- C:\Users\floatyflow\AppData\Roaming\Spotify
[2012.09.10 15:45:26 | 000,000,000 | ---D | M] -- C:\Users\floatyflow\AppData\Roaming\Steinberg
[2012.02.15 20:23:34 | 000,000,000 | ---D | M] -- C:\Users\floatyflow\AppData\Roaming\Temp
[2011.06.13 16:19:24 | 000,000,000 | ---D | M] -- C:\Users\floatyflow\AppData\Roaming\Thunderbird
[2011.06.30 14:38:18 | 000,000,000 | ---D | M] -- C:\Users\floatyflow\AppData\Roaming\TP
[2011.06.13 16:50:23 | 000,000,000 | ---D | M] -- C:\Users\floatyflow\AppData\Roaming\TrueCrypt
[2011.06.18 19:16:19 | 000,000,000 | ---D | M] -- C:\Users\floatyflow\AppData\Roaming\WinBatch
[2012.11.13 09:29:12 | 000,000,000 | ---D | M] -- C:\Users\floatyflow\AppData\Roaming\Windows Live Writer
[2012.01.19 21:27:10 | 000,000,000 | ---D | M] -- C:\Users\floatyflow\AppData\Roaming\Xilisoft

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 227 bytes -> C:\ProgramData\TEMP:15B79D44
@Alternate Data Stream - 216 bytes -> C:\ProgramData\TEMP:6B9ADB51
@Alternate Data Stream - 143 bytes -> C:\Users\floatyflow\AppData\Roaming\Kommagetrennte Werte (Windows).EML:OECustomProperty
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:98353363

< End of report >

</code>

6.
Und hier das Logfile "Extras.txt" (ja, ich habe zudem Probleme mit dem Autostart eines benötigten SQL-Dienstes (ACT 7) und kämpfe mit dem reibungslosen Funktionieren einer veralteten Outlook-Version ...)

<code>
OTL Extras logfile created on: 12.01.2013 12:47:42 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\floatyflow\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

3,24 Gb Total Physical Memory | 1,72 Gb Available Physical Memory | 53,09% Memory free
6,48 Gb Paging File | 4,55 Gb Available in Paging File | 70,29% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 55,88 Gb Total Space | 8,70 Gb Free Space | 15,57% Space Free | Partition Type: NTFS
Drive E: | 58,59 Gb Total Space | 7,81 Gb Free Space | 13,33% Space Free | Partition Type: NTFS
Drive F: | 409,88 Gb Total Space | 363,64 Gb Free Space | 88,72% Space Free | Partition Type: NTFS
Drive H: | 407,16 Gb Total Space | 3,76 Gb Free Space | 0,92% Space Free | Partition Type: NTFS
Drive I: | 1,89 Gb Total Space | 1,25 Gb Free Space | 65,89% Space Free | Partition Type: FAT

Computer Name: FLOW | User Name: floatyflow | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [oneclickpdf] -- "F:\Programme\OneClickPDF.exe" %l (Sowedoo Software)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{030470E6-4B6A-4217-BC27-9D344677BF0A}" = lport=445 | protocol=6 | dir=in | app=system |
"{07B79BB9-C374-4E0C-B945-B38483BE2B2B}" = rport=445 | protocol=6 | dir=out | app=system |
"{09A7B19A-D1C2-4ACD-BF8F-AA696E350FFA}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{26389FE6-BA72-461D-B4EA-FCD3549B9F1A}" = rport=139 | protocol=6 | dir=out | app=system |
"{2963E7DF-4957-431E-BD78-406F53ECB08E}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{2A1FC666-58EA-4257-B88C-38781F87872D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{2CACC662-A912-4752-ACDF-8E37B095764E}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{36429E05-6D58-4279-869D-A06D0F5F52B1}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{3807069F-EA60-4BDB-ABBA-C34D4F00FDC6}" = rport=137 | protocol=17 | dir=out | app=system |
"{3CC59C00-3C0B-417B-8264-D721445E3CA2}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{42F8A2A2-FE0A-4054-A8A6-55AD8D28AFB8}" = lport=139 | protocol=6 | dir=in | app=system |
"{4EFE8F58-B1E3-4016-B11A-7DC772ACDC09}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe |
"{4FDF681F-E9B9-4A15-8944-53AC6F0F5F5A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{55788B64-57EB-4920-A2A8-4EE04F31A11F}" = lport=2869 | protocol=6 | dir=in | app=system |
"{5612F6EF-7E31-41BD-A744-B6A1CE075CE2}" = lport=137 | protocol=17 | dir=in | app=system |
"{56AF3116-0130-420C-BD40-159C32A0C3AB}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{6D23E3AB-9F5B-45F4-9804-5DC4FC7DA288}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{6F2327F1-3C45-401D-8CA3-16ADAEA07F18}" = lport=7303 | protocol=17 | dir=in | name=control center udp port |
"{6FBA83DB-5B53-4F9D-B0EE-8B3A2D1C7388}" = rport=10243 | protocol=6 | dir=out | app=system |
"{7009A947-F508-4B29-89CE-048157CD6EB2}" = lport=138 | protocol=17 | dir=in | app=system |
"{7164FC3D-CEFD-4E36-894A-07BD014161A0}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{7ED28501-7B70-46FC-9922-2EADA98CAFA6}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{8ABD346C-8F3D-4A53-827B-558C25357180}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{8D6AEB06-F595-4AAE-A9E2-DE66498115A2}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{98678E30-2CF8-4B1C-BD23-D90DE35A9393}" = rport=138 | protocol=17 | dir=out | app=system |
"{A05F6F5B-F003-4A45-B8B5-D5F04263F955}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B7CE6280-6DC5-42AF-BFEF-6512CE75D831}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 |
"{B904FC12-974F-4DE4-9A13-63F1F78542DF}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{CA9F5A77-48D4-417F-90F5-1A19E9DB0900}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{CAED9B3B-3E8F-4B9D-872D-019314399841}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{CD68CEA3-D693-43A2-8CFC-96378AC96F06}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{CEAFB347-D43A-43F0-B6E2-34572FB84BFD}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{F1001130-F1D7-4D41-A636-5678B8D13EA9}" = lport=10243 | protocol=6 | dir=in | app=system |
"{F60D355F-0613-4374-8E8D-102EF8BF1C3E}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00F21725-AEC7-403F-B21A-778604CBF6E4}" = protocol=17 | dir=in | app=c:\users\floatyflow\appdata\local\apps\2.0\terqc7a3.dm0\4b6564el.qpq\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\fritzbox-usb-fernanschluss.exe |
"{016A93C2-B17F-4CAF-9ED9-D4BC108881E6}" = protocol=17 | dir=in | app=c:\program files\digitus\mfp server control center\control center.exe |
"{1828BEF3-3F09-4F4E-9300-CAE38D343DA3}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{1A6E3F8E-245C-4C4E-838A-5BCF2910DAD1}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{1E6538A3-E054-4ED0-9763-1B071809EA56}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{2956D898-774E-470B-8331-6B84E2590A8F}" = protocol=17 | dir=in | app=c:\windows\system32\msiexec.exe |
"{2B9233FE-FE26-484D-A7D6-FB8A211523E6}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{2C18B717-9D6E-41C2-9F77-4DA3051F25A6}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{3A5ED095-B863-42E2-B909-BDB51A80465C}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{3B0FD559-D501-421F-949C-19C2C022922D}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{3CC882E0-A192-4BFB-BECA-9E4F03C96ECC}" = protocol=17 | dir=in | app=c:\users\floatyflow\appdata\local\apps\2.0\terqc7a3.dm0\4b6564el.qpq\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\fritzbox-usb-fernanschluss.exe |
"{47CED35D-2560-49C2-9241-B24F8759B0AB}" = protocol=6 | dir=out | app=system |
"{492754ED-B324-4E65-8570-AE6747DDFB96}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{56FF73F0-DC38-4A3E-9F0B-A0B0EF5110FC}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{587DDA3F-E6FC-4039-9D9A-E9059CB7EFAD}" = protocol=6 | dir=in | app=c:\users\floatyflow\appdata\local\apps\2.0\terqc7a3.dm0\4b6564el.qpq\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\fritzbox-usb-fernanschluss.exe |
"{6E8C39E6-8FFF-47FE-8FA4-EA0C6E049011}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{6ECEEC29-7116-4750-AABB-DC64BFB522EB}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{76907469-F6CC-4EE2-8BBB-BFFC9087F670}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{769AC205-F98D-4F51-B97D-B74EBDD2C1CE}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{79E1AE87-1E2B-41BA-9B66-10A1E593A97E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7B7F41D9-6A13-4F1E-85F3-7761775ECA29}" = protocol=17 | dir=in | app=c:\users\floatyflow\appdata\local\apps\2.0\terqc7a3.dm0\4b6564el.qpq\frit..tion_8488884cfbcefd60_0002.0003_f406d43803d5433d\fritzbox-usb-fernanschluss.exe |
"{81584154-99AC-428D-8C78-37CAF7C2A791}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{82832242-728E-4A99-93BC-7D2E1C5E6909}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{88799EC2-0BBE-45CE-9EED-D7AD95C4B112}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{910142D6-1868-4184-BF11-66118CA069E3}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{91205BC2-C88D-456E-B202-794373E7FE5E}" = protocol=6 | dir=in | app=c:\users\floatyflow\appdata\roaming\dropbox\bin\dropbox.exe |
"{94F2DCC8-9B3C-416D-A3BB-F128F8A18468}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{9CF1120B-074C-4A7A-9E4E-1955F7F7A4CA}" = protocol=6 | dir=in | app=c:\users\floatyflow\appdata\local\apps\2.0\terqc7a3.dm0\4b6564el.qpq\frit..tion_8488884cfbcefd60_0002.0003_f406d43803d5433d\fritzbox-usb-fernanschluss.exe |
"{9D113A82-6EB8-4B77-B754-79DD79EFA704}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{9DFAB52D-0B02-42C5-9C6A-697F9E99656A}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{9F958CCF-7FAF-4151-891C-84EA336104BD}" = protocol=6 | dir=in | app=c:\users\floatyflow\appdata\local\apps\2.0\terqc7a3.dm0\4b6564el.qpq\frit..tion_8488884cfbcefd60_0002.0003_f406d43803d5433d\fritzbox-usb-fernanschluss.exe |
"{A0579371-6CF2-4B80-915D-067EE5C850B3}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{A154229F-2292-4795-9FA4-C6789743DED1}" = protocol=6 | dir=in | app=c:\program files\sweetim\communicator\sweetpacksupdatemanager.exe |
"{A3A1CBAD-F360-43AD-9687-7F93DC955CD1}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{A46D35CD-B82F-411C-8E62-22A8ABAC3E08}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{AD9AD54F-A01F-4FEE-B531-F6E5638FE71C}" = protocol=17 | dir=in | app=c:\windows\system32\muzapp.exe |
"{AFAFAB57-1984-413F-9478-8C2EBF59B5E3}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{B288713C-BF41-4CB0-80B7-29CB352D23C5}" = protocol=17 | dir=in | app=c:\program files\sweetim\communicator\sweetpacksupdatemanager.exe |
"{B6F3E3C2-02B9-42A9-9362-705A2F224A30}" = protocol=6 | dir=in | app=c:\windows\system32\muzapp.exe |
"{BEA6660D-97DB-4976-AD7C-1220D482306C}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{C211B02E-E3DD-4D14-A200-27C7715D8818}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{CB2A4F91-FEA9-412B-810F-1C34B30D2962}" = protocol=6 | dir=in | app=c:\windows\system32\muzapp.exe |
"{D063AE09-5CAF-4845-9CC3-6B96CDC51FD7}" = protocol=6 | dir=in | app=c:\program files\digitus\mfp server control center\control center.exe |
"{D0966CF7-0E58-4629-B719-993A8DF76251}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{D3DF5389-965C-411D-BBB3-B14EA24E9055}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{D68780F7-F458-4307-A536-53D67FE8FDF8}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{D8179C8D-7BA4-4487-BE7A-FEAD057AD53A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D94AFE34-3F69-4235-86B7-D888BD36CDD4}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{E07FCF19-3262-45E5-81C7-1FA1720F5B0A}" = protocol=6 | dir=in | app=c:\users\floatyflow\appdata\local\apps\2.0\terqc7a3.dm0\4b6564el.qpq\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\fritzbox-usb-fernanschluss.exe |
"{E21D23E7-B4EF-41AE-BAF0-90BE14B0FC26}" = protocol=17 | dir=in | app=c:\users\floatyflow\appdata\local\apps\2.0\terqc7a3.dm0\4b6564el.qpq\frit..tion_8488884cfbcefd60_0002.0003_f406d43803d5433d\fritzbox-usb-fernanschluss.exe |
"{E8F774D2-2514-4F33-81CF-D6B7F40CF3A0}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{EE4E85C1-BAC5-41DC-85BD-B969DADAB643}" = protocol=6 | dir=in | app=c:\windows\system32\msiexec.exe |
"{EF46BD39-79E3-4D3D-A456-95529F5EBBD5}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F1EB69D2-2484-4730-B8C7-BC22F003ABE4}" = protocol=17 | dir=in | app=c:\users\floatyflow\appdata\roaming\dropbox\bin\dropbox.exe |
"{FB01F10C-5422-4134-B1E5-47E535E3C225}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{FB9C047E-4AC5-4975-A07F-D5612E50C131}" = protocol=17 | dir=in | app=c:\windows\system32\muzapp.exe |
"{FE793D28-281A-46E1-8F11-64115B6ACE15}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"TCP Query User{0B115B4F-3B8C-4541-9616-A033B7E116BD}C:\program files\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files\winamp\winamp.exe |
"TCP Query User{111C38F8-5597-441F-B39D-1216907E6AEB}C:\program files\bittorrent\bittorrent.exe" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"TCP Query User{16D8FB26-2012-4BE4-BEB8-9E0AA0360E86}C:\program files\digitus\mfp server control center\control center.exe" = protocol=6 | dir=in | app=c:\program files\digitus\mfp server control center\control center.exe |
"TCP Query User{3FC3A394-26F7-456A-B6A6-95F3679160C6}C:\program files\novation\automap\automapserver.exe" = protocol=6 | dir=in | app=c:\program files\novation\automap\automapserver.exe |
"TCP Query User{42242FC0-207C-4729-9381-E1F7EFF00E6F}C:\users\floatyflow\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\floatyflow\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{7C25000C-6431-4C0B-A24F-F2A6A4853C88}F:\act\act for windows\actsage.exe" = protocol=6 | dir=in | app=f:\act\act for windows\actsage.exe |
"TCP Query User{B48BC85E-6948-436F-8A97-4E2DD2FE1C30}C:\program files\novation\automap\automapserver.exe" = protocol=6 | dir=in | app=c:\program files\novation\automap\automapserver.exe |
"TCP Query User{CCF07DB7-66A7-4565-A8DF-C7F386A55397}F:\act\act for windows\actsage.exe" = protocol=6 | dir=in | app=f:\act\act for windows\actsage.exe |
"TCP Query User{D6D8BE4C-B4F4-4E9C-A34A-FE6425B3F953}C:\users\floatyflow\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\floatyflow\appdata\roaming\spotify\spotify.exe |
"TCP Query User{E5B38D26-CAB3-40F7-8FB7-38D05293948C}C:\program files\bittorrent\bittorrent.exe" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"UDP Query User{0327F600-E605-40E2-BF0D-05A88605ACF9}C:\program files\novation\automap\automapserver.exe" = protocol=17 | dir=in | app=c:\program files\novation\automap\automapserver.exe |
"UDP Query User{3EC045E1-580E-4DF6-83C1-4A71F37804EE}F:\act\act for windows\actsage.exe" = protocol=17 | dir=in | app=f:\act\act for windows\actsage.exe |
"UDP Query User{44CB4F2A-A3F8-4B5F-8DBD-CE826CC4762D}C:\users\floatyflow\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\floatyflow\appdata\roaming\spotify\spotify.exe |
"UDP Query User{56E2E759-536D-49E6-A04B-71DAD5B8CDE2}C:\program files\bittorrent\bittorrent.exe" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"UDP Query User{651DA8F0-79D0-4461-9E03-C844BD3617D0}C:\program files\bittorrent\bittorrent.exe" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"UDP Query User{7936967E-2818-4A72-B756-1B631F497C98}C:\program files\digitus\mfp server control center\control center.exe" = protocol=17 | dir=in | app=c:\program files\digitus\mfp server control center\control center.exe |
"UDP Query User{79A1BC05-B938-4AE6-9D02-9EAF5C692646}C:\program files\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files\winamp\winamp.exe |
"UDP Query User{817626D9-4524-4AFC-BB93-706181CC705A}C:\users\floatyflow\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\floatyflow\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{A2DAF0A9-06E7-4DA1-9E40-2FA78466A5FB}F:\act\act for windows\actsage.exe" = protocol=17 | dir=in | app=f:\act\act for windows\actsage.exe |
"UDP Query User{BC942F44-D5B6-4FB8-8F46-206D54B6C1D9}C:\program files\novation\automap\automapserver.exe" = protocol=17 | dir=in | app=c:\program files\novation\automap\automapserver.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{015C5B35-B678-451C-9AEE-821E8D69621C}_is1" = PeerBlock 1.1 (r518)
"{01F3B542-11E2-4BF2-9D7A-0F6B597C05D5}" = gSyncit
"{03CC9D58-B132-4CC0-A521-4F3660AA43C7}" = Movie Maker
"{0454BB9A-2A7A-4214-BDFF-937F7A711A44}" = Windows Live Communications Platform
"{079F01C3-751A-43BA-BBB6-6239D4F0F19A}" = EASY Office
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0A561DC3-36F0-4EBA-961D-531F82D053C9}" = Self-Service Plug-in
"{0EB183F5-17C6-45AA-96EC-888C615AD53C}" = Citrix Receiver (HDX Flash-Umleitung)
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP610_series" = Canon MP610 series
"{14DC0059-00F1-4F62-BD1A-AB23CD51A95E}" = Adobe AIR
"{153DE537-5D75-44AA-9245-B4F354165B42}" = Kalkulator
"{15F3A6F5-06AE-4332-AE3E-21CD0416827A}" = Windows Live Mail
"{18D03DE2-D142-4A6C-B346-2FA7C8D76A57}" = BassStation
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{1B947146-366B-42CD-86D5-219993CE3EE2}" = Windows Live MIME IFilter
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{234AB115-C6C4-4ACB-A029-8845120E4F37}" = Online Plug-in
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 10
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (ACT7)
"{2D270A67-B7CD-4281-B2FE-60DF18D19B8E}" = Kaspersky PURE 2.0
"{30F99474-EBE3-4134-A02B-F6CD38CFE243}" = Photo Gallery
"{33286280-8617-11E1-8FF6-B8AC6F97B88E}" = Google Earth Plug-in
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{36B6CCCF-97C3-4BC3-8890-A2E778C0037E}" = Citrix Receiver Updater
"{37334614-FAB1-4C67-9973-BC6C1DF82DAE}" = Citrix Receiver (USB)
"{396CE0B5-DC06-46D2-A870-47798143AE85}" = ACT! by Sage Premium 2009 (11.0)
"{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3CBD94C1-BA15-488C-888B-D8DD296CC6DC}" = Fotogalerie
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{400C31E4-796F-4E86-8FDC-C3C4FACC6847}" = Junk Mail filter update
"{41A63ADA-088B-1C2D-43B3-E4087FE79881}" = Pixlr-o-matic
"{4412F224-3849-4461-A3E9-DEEF8D252790}" = Visual Studio C++ 10.0 Runtime
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CCBD1F4-CEEC-452A-9CB8-46564B501315}" = Windows Live UX Platform
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{5E1375CB-6792-4464-8715-CC3EC83D48FA}" = VirtualDJ Home FREE
"{690F5BA3-5DEB-42CD-962B-F687EE59FAA7}" = Windows Live Essentials
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A8DB215-7BCD-4377-B015-2E4541A3E7C6}" = Windows Live PIMT Platform
"{70854FE6-3BF1-4C69-94D0-BEB821102E34}" = Windows Live Mail
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7670D32F-DAE6-4E49-8C8B-B3F08B5B1686}" = Microsoft SQL Server Native Client
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support
"{8256F87F-8554-4457-8C3D-3F3324697D9F}" = Windows Live ID Sign-in Assistant
"{84374A47-1DF5-4013-90D4-1288819869B1}" = Microsoft-Maus- und Tastatur-Center
"{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo 1.10.02
"{8913AC02-67B8-4B52-91B2-BBA7B9C265B5}" = Windows Live Writer Resources
"{8A642ACD-CE3A-4A23-A8B1-A0F7EB12B214}" = Windows Live SOXE Definitions
"{8B583E95-EF9E-48D8-AF3B-15FD4F28B682}" = HDGraph
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_OUTLOOKR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_OUTLOOKR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_OUTLOOKR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_OUTLOOKR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_OUTLOOKR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_OUTLOOKR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.PRJPROR_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PRJPROR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PRJPROR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.SingleImage_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00B4-0407-0000-0000000FF1CE}" = Microsoft Office Project MUI (German) 2010
"{90140000-00B4-0407-0000-0000000FF1CE}_Office14.PRJPROR_{86D01646-1942-4253-B11F-68F5ED259B17}" = Microsoft Project 2010 Service Pack 1 (SP1)
"{904CCF62-818D-4675-BC76-D37EB399F917}" = Windows Mobile-Gerätecenter
"{91120000-001A-0000-0000-0000000FF1CE}" = Microsoft Office Outlook 2007
"{91120000-001A-0000-0000-0000000FF1CE}_OUTLOOKR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91140000-003B-0000-0000-0000000FF1CE}" = Microsoft Office Project Professional 2010
"{91140000-003B-0000-0000-0000000FF1CE}_Office14.PRJPROR_{8A8F117F-8EDB-440D-B679-F08909D729F7}" = Microsoft Project 2010 Service Pack 1 (SP1)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{ABD43F00-91CA-4BDC-A28E-CB3271A39386}" = Citrix Receiver (DV)
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{AFA42FE1-A5C3-485F-9180-BFCF5BF1F1C3}" = AAVUpdateManager
"{B727564C-47D3-473A-AC9E-F4BE7B1BD5D3}" = Windows Live UX Platform Language Pack
"{C424CD5E-EA05-4D3E-B5DA-F9F149E1D3AC}" = Windows Live Installer
"{C9B6EFD0-4F01-4BBA-8374-39AD99A3ED72}" = Windows Live Photo Common
"{CCD2BAD2-0919-40CB-80CC-E9538B0E4C2E}" = Steuer-Spar-Erklärung 2012
"{CF07B703-ACF2-4003-AF18-1EA840920D38}}_is1" = Focusrite Plug-in Suite 1.1
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D2C146B1-948D-47EF-8387-5D1C6B980F7C}" = Windows Live Writer
"{DD60885C-0CBE-40D8-AA14-11D8EDD7D97C}" = Citrix Receiver Inside
"{DD811185-0A2F-460A-B1DD-D786E6034011}" = Citrix Receiver(Aero)
"{DF0C0EB1-6940-4B18-A3AB-014F28A5028C}" = Ableton Live 8
"{DF2035BE-5820-4965-BD97-7FAF8D4A7879}" = Microsoft_VC90_CRT_x86
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E1203F8C-FF34-4968-A4A5-B4F1F8533DAB}" = Photo Common
"{E32D85B0-1B37-4192-81F1-46804EE760E3}" = One Click PDF 2.0
"{E7084B89-69E0-46B3-A118-8F99D06988CD}" = Microsoft SQL Server VSS Writer
"{E8FC7C4A-FE4E-4356-A1B7-4DC57620DD5C}" = Citrix Authentication Manager
"{ED6C77F9-4D7E-447C-9EC0-9A212D075535}" = Movie Maker
"{EFB21DE7-8C19-4A88-BB28-A766E16493BC}" = Adobe Photoshop CS
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FDF36223-1144-4309-A5C2-3D5DC40B6C82}" = Advanced PDF Password Recovery
"{FE7C0B3D-50B9-4951-BE78-A321CBF86552}" = Windows Live SOXE
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"1&1 Upload-Manager" = 1&1 Upload-Manager
"6D7E910F-716D-41E2-98A4-29691C352C1A_is1" = Lookeen Version 8.2.2.5088
"7-Zip" = 7-Zip 9.20
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9
"AnyDVD" = AnyDVD
"AudibleManager" = AudibleManager
"Automap Universal_is1" = Automap 4.6
"B991B020-2968-11D8-AF23-444553540000_is1" = FreeMind
"BBE Sonic Maximizer PlugIn" = BBE Sonic Maximizer PlugIn
"BigTick_Rainbow2_is1" = Rainbow Synth Version 2.1
"BitTorrent" = BitTorrent
"Canon MP610 series Benutzerregistrierung" = Canon MP610 series Benutzerregistrierung
"CANONIJPLM100" = PIXMA Extended Survey Program
"CitrixOnlinePluginPackWeb" = Citrix Receiver
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.58
"DealBulldog Toolbar" = DealBulldog Toolbar
"DeeSampler 1.05" = DeeSampler 1.05
"Device Doctor_is1" = Device Doctor v1.0
"Easy CD-DA Extractor 16" = Easy CD-DA Extractor 16
"eLicenser Control" = eLicenser Control
"ElsterFormular für Unternehmer 12.3.2.6814u" = ElsterFormular für Unternehmer
"Emagic EVP73 VSTi v1.0" = Emagic EVP73 VSTi v1.0
"FileZilla Client" = FileZilla Client 3.5.3
"Finanzplan Demo-CD 2012" = Finanzplan Demo-CD 2012
"Finanzplan in Excel Version 3.2.02" = Finanzplan in Excel Version 3.2.02
"FM Heaven v1.1 VSTi" = FM Heaven v1.1 VSTi
"FM.Heaven.VSTi.v1.2" = FM.Heaven.VSTi.v1.2
"Free Video to MP3 Converter_is1" = Free Video to MP3 Converter version 5.0.4.1228
"FreeFileSync" = FreeFileSync v3.17
"FreePDF_XP" = FreePDF (Remove only)
"GPL Ghostscript" = GPL Ghostscript
"HALion v1.0 VSTi" = HALion v1.0 VSTi
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"InstallShield_{396CE0B5-DC06-46D2-A870-47798143AE85}" = ACT! by Sage Premium 2009 (11.0)
"InstallWIX_{2D270A67-B7CD-4281-B2FE-60DF18D19B8E}" = Kaspersky PURE 2.0
"Live 8.2.6" = Live 8.2.6
"LSI Soft Modem" = LSI HDA Modem
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"Marvell Miniport Driver" = Marvell Miniport Driver
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Mouse and Keyboard Center" = Microsoft-Maus- und Tastatur-Center
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mixxx (1.10.1)" = Mixxx 1.10.1
"Mozilla Firefox 17.0.1 (x86 de)" = Mozilla Firefox 17.0.1 (x86 de)
"Mozilla Thunderbird 16.0.2 (x86 de)" = Mozilla Thunderbird 16.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MusicBrainz Picard" = MusicBrainz Picard
"MyTomTom" = MyTomTom 3.2.0.802
"Native Instruments B4 v1.11" = Native Instruments B4 v1.11
"Native Instruments Battery v1.0" = Native Instruments Battery v1.0
"Native Instruments Pro-52 v2.0-OxYGeN" = Native Instruments Pro-52 v2.0-OxYGeN
"Native Instruments Spektral Delay" = Native Instruments Spektral Delay
"Novation USB Audio Driver_is1" = Novation USB Audio Driver 2.3
"Office14.PRJPROR" = Microsoft Project Professional 2010
"Office14.SingleImage" = Microsoft Office Home and Student 2010
"OUTLOOKR" = Microsoft Office Outlook 2007
"PDF-XChange 3_is1" = PDF-XChange 3
"Pixel Creation Suite" = Pixel Creation Suite
"Pixlromatic" = Pixlr-o-matic
"QuadraSID 6581 VSTi v1.1" = QuadraSID 6581 VSTi v1.1
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"ReMOTE ZeRO SL_is1" = ReMOTE ZeRO SL 1.0
"rgcAudio Pentagon I VSTi_is1" = rgcAudio Pentagon I VSTi v1.0
"Saffire PRO 40_is1" = Saffire MixControl 2.4
"Sample Tank XL" = Sample Tank XL
"Saved by Technology DeeSampler v1" = Saved by Technology DeeSampler v1
"Square I VSTi_is1" = rgcAudio Square I VSTi v1.2
"Steinberg LM-4 VSTi v1.1" = Steinberg LM-4 VSTi v1.1
"Steinberg Model-E v1.0" = Steinberg Model-E v1.0
"TBL BassLine v1.2 VSTi" = TBL BassLine v1.2 VSTi
"TBL BassLine v1.3 VSTi" = TBL BassLine v1.3 VSTi
"Totalcmd" = Total Commander (Remove or Repair)
"TrueCrypt" = TrueCrypt
"Unlocker" = Unlocker 1.9.1
"VLC media player" = VLC media player 1.1.11
"vShare.tv plugin" = vShare.tv plugin 1.3
"Waldorf Attack VSTi v1.0" = Waldorf Attack VSTi v1.0
"Waldorf.PPG.Wave2.V-OxYGeN" = Waldorf.PPG.Wave2.V-OxYGeN
"WaveLabLE7" = WaveLab LE 7
"Waves Native Gold Bundle v3.01" = Waves Native Gold Bundle v3.01
"WIDI Recognition System Pro 4.11" = WIDI Recognition System Pro 4.11 (remove only)
"Winamp" = Winamp
"WinLiveSuite" = Windows Live Essentials
"Winmail Reader_is1" = Winmail Reader 1.1.12

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"f018cf21c0452c64" = FRITZ!Box USB-Fernanschluss
"MyFreeCodec" = MyFreeCodec
"Spotify" = Spotify
"Winamp Detect" = Winamp Erkennungs-Plug-in

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 26.09.2012 18:43:13 | Computer Name = flow | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 81557

Error - 27.09.2012 03:32:13 | Computer Name = flow | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 27.09.2012 03:32:14 | Computer Name = flow | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 31822098

Error - 27.09.2012 03:32:14 | Computer Name = flow | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 31822098

Error - 27.09.2012 04:45:36 | Computer Name = flow | Source = MsiInstaller | ID = 10005
Description =

Error - 27.09.2012 06:31:47 | Computer Name = flow | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\device
doctor\aud_vista_win7_6.0.1.6363_pv\Vista64\RAVBg64.exe". Die abhängige Assemblierung
"Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".

Error - 27.09.2012 06:31:47 | Computer Name = flow | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\device
doctor\aud_vista_win7_6.0.1.6363_pv\Vista64\RAVCpl64.exe". Die abhängige Assemblierung
"Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".

Error - 27.09.2012 06:31:49 | Computer Name = flow | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\device
doctor\aud_vista_win7_6.0.1.6363_pv\Vista64\vncutil64.exe". Die abhängige Assemblierung
"Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".

Error - 27.09.2012 06:31:50 | Computer Name = flow | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "f:\programme\easy
cd-da extractor 16\register64.exe". Die abhängige Assemblierung "Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".

Error - 27.09.2012 06:32:02 | Computer Name = flow | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\freefilesync\Bin\FreeFileSync_x64.exe".
Die
abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".

Error - 27.09.2012 06:32:02 | Computer Name = flow | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\freefilesync\Bin\RealtimeSync_x64.exe".
Die
abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".

[ OSession Events ]
Error - 15.11.2012 07:06:32 | Computer Name = flow | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6661.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 33
seconds with 0 seconds of active time. This session ended with a crash.

Error - 09.01.2013 14:17:12 | Computer Name = flow | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 17165
seconds with 720 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 12.01.2013 05:17:36 | Computer Name = flow | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
SQL Server (ACT7) erreicht.

Error - 12.01.2013 05:17:36 | Computer Name = flow | Source = Service Control Manager | ID = 7000
Description = Der Dienst "SQL Server (ACT7)" wurde aufgrund folgenden Fehlers nicht
gestartet: %%1053

Error - 12.01.2013 05:17:37 | Computer Name = flow | Source = Service Control Manager | ID = 7024
Description = Der Dienst "SQL Server Active Directory Helper" wurde mit folgendem
dienstspezifischem Fehler beendet: %%-1073741724.

Error - 12.01.2013 05:54:54 | Computer Name = flow | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
SQL Server (ACT7) erreicht.

Error - 12.01.2013 05:54:54 | Computer Name = flow | Source = Service Control Manager | ID = 7000
Description = Der Dienst "SQL Server (ACT7)" wurde aufgrund folgenden Fehlers nicht
gestartet: %%1053

Error - 12.01.2013 05:54:55 | Computer Name = flow | Source = Service Control Manager | ID = 7024
Description = Der Dienst "SQL Server Active Directory Helper" wurde mit folgendem
dienstspezifischem Fehler beendet: %%-1073741724.

Error - 12.01.2013 06:00:19 | Computer Name = flow | Source = Service Control Manager | ID = 7030
Description = Der Dienst "SQL Server (ACT7)" ist als interaktiver Dienst gekennzeichnet.
Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich
sind. Der Dienst wird möglicherweise nicht richtig funktionieren.

Error - 12.01.2013 06:04:14 | Computer Name = flow | Source = Service Control Manager | ID = 7024
Description = Der Dienst "SQL Server Active Directory Helper" wurde mit folgendem
dienstspezifischem Fehler beendet: %%-1073741724.

Error - 12.01.2013 06:24:01 | Computer Name = flow | Source = Service Control Manager | ID = 7034
Description = Dienst "Google Update-Dienst (gupdate)" wurde unerwartet beendet.
Dies ist bereits 1 Mal passiert.

Error - 12.01.2013 06:24:31 | Computer Name = flow | Source = DCOM | ID = 10010
Description =

< End of report >

</code>

7.
Das Logfile Gmer.txt als Gmer.zip anbei. (Sonst zuviele Zeichen in diesem Thema ...)

Es würde mich sehr freuen, wenn ich Hilfe zur Lösung des Kaspersky-Problems und - falls offensichtlich - ev. Tipps zu Stabilisierung meines System erhalten würde

Herzlichen Dank im Vorwege!

Automatischer Start von Kaspersky 2012 geht nicht

Plagegeister aller Art und deren Bekämpfung: Automatischer Start von Kaspersky 2012 geht nicht

Automatischer Start von Kaspersky 2012 geht nicht

Ähnliche Themen: Automatischer Start von Kaspersky 2012 geht nicht