Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   AntiVir berichtet mir von zwei Trojanern, jedoch bei Malwarebytes Anti-Male kein Fund (https://www.trojaner-board.de/115196-antivir-berichtet-mir-zwei-trojanern-jedoch-malwarebytes-anti-male-kein-fund.html)

akay 15.05.2012 23:31
AntiVir berichtet mir von zwei Trojanern, jedoch bei Malwarebytes Anti-Male kein Fund
 
Guten Abend zusammen,

es scheint als hätte ich seit einigen Tagen ein Trojaner Problem.
Wenn ich mit Avira AntiVir einen Systemsuchdurchlauf starte, findet er immer wieder zwei Trojaner, die auch wieder auftauchen, nachdem ich sie aus der Quarantäne gelöscht habe. Jedes Mal bei jedem weiteren Suchdurchlauf, tauchen sie wieder auf :confused: und sie werden in die Quarantäne verschoben. Es handelt sich um folgende angebliche Trojaner:



Typ: Datei
Quelle: C:\Windows\System32\xpt8dpx4.tsp
Status: Infiziert
Quarantäne-Objekt: 4ea5c78a.qua
Wiederhergestellt: NEIN
Zu Avira hochgeladen: NEIN
Betriebssystem: Windows XP/VISTA Workstation/Windows 7
Suchengine: 8.02.10.64
Virendefinitionsdatei: 7.11.30.24
Meldung: TR/ATRAPS.Gen
Datum/Uhrzeit: 14.05.2012, 23:39

und




Typ: Datei
Quelle: C:\Windows\System32\aptwgw1v6.dll
Status: Infiziert
Quarantäne-Objekt: 5632e857.qua
Wiederhergestellt: NEIN
Zu Avira hochgeladen: NEIN
Betriebssystem: Windows XP/VISTA Workstation/Windows 7
Suchengine: 8.02.10.64
Virendefinitionsdatei: 7.11.30.24
Meldung: TR/Mediyes.EB.1
Datum/Uhrzeit: 14.05.2012, 23:37



Jetzt habe ich auch mal mit Malewarebytes einen Suchdurchlauf gestartet, aber das Programm berichtet mir von keinen Viren...

Anbei mal die Logfile:

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.05.15.06

Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
Ann-Kristin :: A-K-PC [Administrator]

15.05.2012 22:36:29
mbam-log-2012-05-15 (22-36-29).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 420417
Laufzeit: 1 Stunde(n), 37 Minute(n), 18 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)


So langsam verzweifel ich wirklich und hoffe, dass es noch eine andere Möglichkeit gibt als meinen kompletten PC neuaufzusetzen...
Ich habe jetzt auch echt was Angst, dass die Trojaner bereits auch schon meine Passwörter haben, vorallem habe ich auch die Tage noch Online-Banking betrieben :(((

Leider bin ich auch nicht so bewandert mit Viren...

Ich hoffe, dass ihr mir irgendwie weiterhelfen könnt!!

Vielen Dank schon mal!!!

Chris4You 16.05.2012 07:54
Hi,

kein Scanner erkennt alle Malware dieser Welt, daher prüfen wir die Dateien wie folgt (die Namensgebung der Dateien spricht für Malware bzw. z.B. Daemontools):

Bitte folgende Files prüfen:

Dateien Online überprüfen lassen:
  • Suche die Seite Virtustotal auf, klicke auf den Button „Durchsuchen“ und suche folgende Datei/Dateien:
Code:
C:\Windows\System32\xpt8dpx4.tsp
C:\Windows\System32\aptwgw1v6.dll
  • Lade nun nacheinander jede/alle Datei/Dateien hoch, und warte bis der Scan vorbei ist. (kann bis zu 2 Minuten dauern.)
  • Poste im Anschluss das Ergebnis der Auswertung, alles abkopieren und in einen Beitrag einfügen.
  • Wichtig: Auch die Größenangabe sowie den HASH mit kopieren!
Ggf. die Dateien aus der Quarantäne von Avira hochladen bzw. (wieder)herstellen lassen, hochladen und wieder in Qurantäne nehmen lassen.

OTL
Lade Dir OTL von Oldtimer herunter (http://filepony.de/download-otl/) und speichere es auf Deinem Desktop
  • Doppelklick auf die OTL.exe
  • Vista/Win7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt (OTL.TXT und EXTRAS.TXT)
  • Poste die Logfiles hier in den Thread
  • Zusätzlich folgendes Programm runterladen LanmanCheck ausführen und Ausgabe abkopieren und posten

chris

akay 16.05.2012 10:11
Hallo Chris,
danke erstmal für deine Antwort :)
Leider kann ich die Dateien bei Virustotal nicht hochladen, es kommt immer eine Meldung vonwegen, dass ich nicht berechtigt sei, diese Datei zu öffnen. Ich solle mich an den Adminstrator dieser Datei wenden.

:confused:

Hast du hierfür eine Lösung wie ich das umgehen kann?

Chris4You 16.05.2012 11:24
Hi,

wie öffnest Du die Dateien, aus dem Windowsverzeichnis oder aus der Quarantäne von Avira? Bist du als Admin eingeloggt?
Sonst über den abgesicherten Modus probieren...

Bitte ein OTL-Log erstellen:
OTL
Lade Dir OTL von Oldtimer herunter (http://filepony.de/download-otl/) und speichere es auf Deinem Desktop
  • Doppelklick auf die OTL.exe
  • Vista/Win7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt (OTL.TXT und EXTRAS.TXT)
  • Poste die Logfiles hier in den Thread

chris

akay 16.05.2012 17:39
Hallo Chris,

ich habe auf der Seite VirusTotal einfach auf "Choose File" geklickt, dann bei Dateiname "C:\Windows\System32\xpt8dpx4.tsp" und "C:\Windows\System32\aptwgw1v6.dll" eingegeben und dann auf Datei öffnen geklickt. Jedoch kommt dann die folgende Meldung: xpt8dpx4.tsp Sie verfügen nicht über die Berechtigung, diese Datei zu öffnen. Wenden Sie sich an den Besitzer dieser Datei oder einen Administrator, um diese Berechtigung zu erhalten."
Diese Benachrichtigung bekomme ich auch erst, wenn ich die zwei Dateien aus der Quarantäne von AntiVir wiederherstelle. Wenn die Dateien sich noch in der Quarantäne befinden, dann kommt eine Meldung, dass diese Dateien nicht gefunden wurden.

Ich wüsste jetzt nicht wie ich die Datei aus Avira öffnen könnte?!Oder wie und wo ich mich als Admin einloggen könnte?!Sorry, bin leider nicht so bewandert mit dem PC und somit ein wenig hilflos....:( :(

Die Logfiles von OTL sind Folgende:OTL Logfile:
Code:
OTL logfile created on: 5/16/2012 6:13:04 PM - Run 1
OTL by OldTimer - Version 3.2.43.0    Folder = C:\Users\Ann-Kristin\Desktop
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4.00 Gb Total Physical Memory | 2.41 Gb Available Physical Memory | 60.19% Memory free
8.00 Gb Paging File | 6.11 Gb Available in Paging File | 76.38% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 74.52 Gb Total Space | 11.12 Gb Free Space | 14.93% Space Free | Partition Type: NTFS
Drive D: | 208.92 Gb Total Space | 154.01 Gb Free Space | 73.72% Space Free | Partition Type: NTFS
 
Computer Name: A-K-PC | User Name: Ann-Kristin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Ann-Kristin\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Hotspot Shield\bin\openvpntray.exe ()
PRC - C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe ()
PRC - C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe ()
PRC - C:\Program Files (x86)\Hotspot Shield\HssWPR\hsssrv.exe (AnchorFree Inc.)
PRC - C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe (Sony)
PRC - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe (Google Inc.)
PRC - C:\Program Files (x86)\Guard-ICQ\GuardICQ.exe ()
PRC - C:\Users\Ann-Kristin\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe ()
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\ezprint.exe ()
PRC - C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\lxecmon.exe ()
PRC - C:\Windows\AsScrPro.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe ()
PRC - C:\Program Files (x86)\FreePDF_XP\fpassist.exe (shbox.de)
PRC - C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ATK Hotkey\HControl.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe ()
PRC - C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe (ASUSTek Computer Inc.)
PRC - C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe (ASUS)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
PRC - C:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ATK Hotkey\KBFiltr.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ATK Hotkey\Atouch64.exe ()
PRC - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
PRC - C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe (ASUSTek Computer Inc.)
PRC - C:\Program Files\ATKGFNEX\GFNEXSrv.exe ()
PRC - C:\Program Files (x86)\Samsung\Samsung Media Studio 5\SMSTray.exe (SAMSUNG ELECTRONICS)
PRC - C:\Program Files (x86)\MarkAny\ContentSafer\MaAgent.exe ((주)마크애니)
PRC - C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\Hotspot Shield\bin\openvpntray.exe ()
MOD - C:\Program Files (x86)\Hotspot Shield\bin\lang\gui-ger.dll ()
MOD - C:\Program Files (x86)\Sony\Sony PC Companion\PhoneUpdate.dll ()
MOD - C:\Program Files (x86)\Guard-ICQ\GuardICQ.exe ()
MOD - C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe ()
MOD - C:\Program Files (x86)\Sony\Sony PC Companion\MExplorer.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files (x86)\Sony\Sony PC Companion\Report.dll ()
MOD - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf ()
MOD - C:\Program Files (x86)\Sony\Sony PC Companion\TMonitorAPI.dll ()
MOD - C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\ezprint.exe ()
MOD - C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\lxecmon.exe ()
MOD - C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\Epwizard.DLL ()
MOD - C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\customui.dll ()
MOD - C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\Epfunct.DLL ()
MOD - C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\Eputil.DLL ()
MOD - C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\Imagutil.DLL ()
MOD - C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\lxecDRS.dll ()
MOD - C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\lxecscw.dll ()
MOD - C:\Program Files (x86)\Sony\Sony PC Companion\VObject.dll ()
MOD - C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe ()
MOD - C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe ()
MOD - C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\EPOEMDll.dll ()
MOD - C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\epstring.dll ()
MOD - C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\EPWizRes.dll ()
MOD - C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\lxecdatr.dll ()
MOD - C:\Windows\SysWOW64\LXECsmr.dll ()
MOD - C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\iptk.dll ()
MOD - C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\lxeccaps.dll ()
MOD - C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\lxecptp.dll ()
MOD - C:\Windows\SysWOW64\LXECsm.dll ()
MOD - C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll ()
MOD - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll ()
MOD - C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt.dll ()
MOD - C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt1.dll ()
MOD - C:\PROGRA~2\COMMON~1\MICROS~1\WEBFOL~1\1031\nsextint.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (lxec_device) -- C:\Windows\SysNative\lxeccoms.exe ( )
SRV:64bit: - (lxecCATSCustConnectService) -- C:\Windows\SysNative\spool\DRIVERS\x64\3\\lxecserv.exe ()
SRV:64bit: - (AFBAgent) -- C:\Windows\SysNative\FBAgent.exe (ASUSTeK Computer Inc.)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV:64bit: - (LanmanWorkstation) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (ATKGFNEXSrv) -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe ()
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (HssTrayService) -- C:\Program Files (x86)\Hotspot Shield\bin\HssTrayService.EXE ()
SRV - (hshld) -- C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe ()
SRV - (HssWd) -- C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe ()
SRV - (HssSrv) -- C:\Program Files (x86)\Hotspot Shield\HssWPR\hsssrv.exe (AnchorFree Inc.)
SRV - (Guard.Mail.ru) -- C:\Program Files (x86)\Guard-ICQ\GuardICQ.exe ()
SRV - (Sony PC Companion) -- C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe (Avanquest Software)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (Update-Service) -- C:\Windows\SysWOW64\UpdSvc.dll (Joosoft.com GmbH)
SRV - (lxecCATSCustConnectService) -- C:\Windows\system32\spool\DRIVERS\x64\3\\lxecserv.exe ()
SRV - (lxec_device) -- C:\Windows\SysWOW64\lxeccoms.exe ( )
SRV - (OberonGameConsoleService) -- C:\Program Files (x86)\Asus\Game Park\GameConsole\OberonGameConsoleService.exe ()
SRV - (ASLDRService) -- C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe (ASUS)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (ADSMService) -- C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe (ASUSTek Computer Inc.)
SRV - (IviRegMgr) -- C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (ggsemc) -- C:\Windows\SysNative\drivers\ggsemc.sys (Sony Ericsson Mobile Communications)
DRV:64bit: - (ggflt) -- C:\Windows\SysNative\drivers\ggflt.sys (Sony Ericsson Mobile Communications)
DRV:64bit: - (HssDrv) -- C:\Windows\SysNative\drivers\HssDrv.sys (AnchorFree Inc.)
DRV:64bit: - (taphss) -- C:\Windows\SysNative\drivers\taphss.sys (AnchorFree Inc)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (tbhsd) -- C:\Windows\SysNative\drivers\tbhsd.sys (RapidSolution Software AG)
DRV:64bit: - (AsDsm) -- C:\Windows\SysNative\drivers\AsDsm.sys (ASUSTek Computer Inc)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (AmUStor) -- C:\Windows\SysNative\drivers\AmUStor.sys (Alcor Micro, Corp.)
DRV:64bit: - (kbfiltr) -- C:\Windows\SysNative\drivers\kbfiltr.sys ( )
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ETD) -- C:\Windows\SysNative\drivers\ETD.sys (ELAN Microelectronic Corp.)
DRV:64bit: - (SiSGbeLH) -- C:\Windows\SysNative\drivers\SiSG664.sys (Silicon Integrated Systems Corp.)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (SNP2UVC) USB2.0 PC Camera (SNP2UVC) -- C:\Windows\SysNative\drivers\snp2uvc.sys ()
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ATK64AMD.sys (ASUS)
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (br3gmdm) -- C:\Windows\SysNative\drivers\br3gmdm.sys (BandRich Inc.)
DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation)
DRV:64bit: - (WimFltr) -- C:\Windows\SysNative\drivers\WimFltr.sys (Microsoft Corporation)
DRV:64bit: - (ASMMAP64) -- C:\Program Files\ATKGFNEX\ASMMAP64.sys ()
DRV:64bit: - (regi) -- C:\Windows\SysNative\drivers\regi.sys (InterVideo)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = about:blank
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = about:blank
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.web.de/br/ie9_startpage
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.google.com/ [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/
IE - HKCU\..\URLSearchHook:  - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{09038620-190C-402B-A92F-18864E6AB22F}: "URL" = hxxp://go.1und1.de/br/ie9_search_web/?su={searchTerms}
IE - HKCU\..\SearchScopes\{40064957-18EB-412d-9146-3F57E8D92EEC}: "URL" = hxxp://go.web.de/br/ie9_search_pic/?su={searchTerms}
IE - HKCU\..\SearchScopes\{5A817CF6-92D5-4DE5-AC38-82DF8A73EF28}: "URL" = hxxp://go.gmx.net/br/ie9_search_web/?su={searchTerms}
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GFRE_deDE361
IE - HKCU\..\SearchScopes\{6B1D1FB7-7233-4F7C-802C-21A1DDB12754}: "URL" = hxxp://go.web.de/br/ie9_search_web/?su={searchTerms}
IE - HKCU\..\SearchScopes\{8D27B32E-89EE-460e-82D2-5FC354078EAD}: "URL" = hxxp://go.web.de/br/ie9_search_produkte/?su={searchTerms}
IE - HKCU\..\SearchScopes\{DCE59F23-A446-45a5-9459-E68FDC0DE38D}: "URL" = hxxp://go.web.de/br/ie9_search_maps/?su={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
========== FireFox ==========
 
FF - prefs.js..network.proxy.no_proxies_on: "localhost,127.0.0.1"
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/01/04 00:53:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2012/01/04 00:53:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ann-Kristin\AppData\Roaming\mozilla\Extensions
[2012/05/16 17:34:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ann-Kristin\AppData\Roaming\mozilla\Firefox\Profiles\46osx4w2.default\extensions
[2012/01/31 23:16:09 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012/01/31 23:16:10 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}
[2012/01/24 23:32:00 | 000,000,000 | ---D | M] (Hotspot Shield Helper (Please allow this installation)) -- C:\Program Files (x86)\mozilla firefox\extensions\afurladvisor@anchorfree.com
File not found (No name found) -- C:\PROGRAM FILES (X86)\ORBITDOWNLOADER\ADDONS\ONECLICKYOUTUBEDOWNLOADER
[2012/02/11 22:05:13 | 000,143,229 | ---- | M] () (No name found) -- C:\USERS\ANN-KRISTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\46OSX4W2.DEFAULT\EXTENSIONS\COMPATIBILITY@ADDONS.MOZILLA.ORG.XPI
[2011/12/21 09:42:29 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/12/21 07:08:50 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011/12/21 07:02:40 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011/12/21 07:08:50 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011/12/21 07:08:50 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011/12/21 07:08:50 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2011/12/21 07:08:50 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - Extension: YouTube = C:\Users\Ann-Kristin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\
CHR - Extension: Google-Suche = C:\Users\Ann-Kristin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\
CHR - Extension: Google Mail = C:\Users\Ann-Kristin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\
 
O1 HOSTS File: ([2009/06/10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live Family Safety Browser Helper Class) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation)
O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (WEB.DE Toolbar BHO) - {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} - C:\Program Files\WEB.DE Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)
O2:64bit: - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE_64.dll (AnchorFree Inc.)
O2 - BHO: (WEB.DE Konfiguration) - {17166733-40EA-4432-A85C-AE672FF0E236} - C:\ProgramData\1und1InternetExplorerAddon\BHOXML.dll (1&1 Mail & Media GmbH)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (WEB.DE Toolbar BHO) - {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} - C:\Program Files (x86)\WEB.DE Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)
O2 - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE.dll (AnchorFree Inc.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (WEB.DE Toolbar) - {C424171E-592A-415a-9EB1-DFD6D95D3530} - C:\Program Files\WEB.DE Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (WEB.DE Toolbar) - {C424171E-592A-415a-9EB1-DFD6D95D3530} - C:\Program Files (x86)\WEB.DE Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (WEB.DE Toolbar) - {C424171E-592A-415A-9EB1-DFD6D95D3530} - C:\Program Files\WEB.DE Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)
O3 - HKCU\..\Toolbar\WebBrowser: (WEB.DE Toolbar) - {C424171E-592A-415A-9EB1-DFD6D95D3530} - C:\Program Files (x86)\WEB.DE Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)
O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (AlcorMicro Co., Ltd.)
O4:64bit: - HKLM..\Run: [EeeStorageBackup] C:\Program Files (x86)\ASUS\Asus WebStorage\BackupService.exe (ECAREME)
O4:64bit: - HKLM..\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronic Corp.)
O4:64bit: - HKLM..\Run: [EzPrint] C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\ezprint.exe ()
O4:64bit: - HKLM..\Run: [lxecmon.exe] C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\lxecmon.exe ()
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Arcor Online]  File not found
O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe (ASUS)
O4 - HKLM..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe (ASUS)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [FreePDF Assistant] C:\Program Files (x86)\FreePDF_XP\fpassist.exe (shbox.de)
O4 - HKLM..\Run: [Guard.Mail.ru.gui] C:\Program Files (x86)\Guard-ICQ\GuardICQ.exe ()
O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe (ASUS)
O4 - HKLM..\Run: [MAAgent] C:\Program Files (x86)\MarkAny\ContentSafer\MAAgent.exe ((주)마크애니)
O4 - HKLM..\Run: [Setwallpaper] c:\programdata\SetWallpaper.cmd File not found
O4 - HKLM..\Run: [SMSTray] C:\Program Files (x86)\Samsung\Samsung Media Studio 5\SMSTray.exe (SAMSUNG ELECTRONICS)
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKCU..\Run: [Sony PC Companion] C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe (Sony)
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKCU..\RunOnce: [DeleteGrabPro] C:\Windows\SysWow64\advpack.dll (Microsoft Corporation)
O4 - Startup: C:\Users\Ann-Kristin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Ann-Kristin\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 16
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Windows\system32\d3dyl0vvc.dll File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AE0DBBF2-C7B3-43F7-A622-F537BC2A9887}: NameServer = 10.36.88.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D4B869DF-68AA-43ED-84B8-E3B4D029F725}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\webde {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - C:\Program Files\WEB.DE Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\webde {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - C:\Program Files (x86)\WEB.DE Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {88485281-8b4b-4f8d-9ede-82e29a064277} - C:\PROGRA~2\MarkAny\CONTEN~1\MACSMA~1.DLL (MarkAny Cooperation.)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{178dc401-9c11-11df-8c35-e0cb4e24adf2}\Shell - "" = AutoRun
O33 - MountPoints2\{178dc401-9c11-11df-8c35-e0cb4e24adf2}\Shell\AutoRun\command - "" = F:\AUTORUN_o2Surfstick.exe /EjectCDROM
O33 - MountPoints2\{43174e06-87fa-11e1-8abc-ff81e7020b24}\Shell - "" = AutoRun
O33 - MountPoints2\{43174e06-87fa-11e1-8abc-ff81e7020b24}\Shell\AutoRun\command - "" = F:\Startme.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012/05/16 11:14:59 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Users\Ann-Kristin\Desktop\OTL.exe
[2012/05/13 11:58:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2012/05/13 11:57:17 | 000,000,000 | -HSD | C] -- C:\Windows\SysNative\%APPDATA%
[2012/05/13 11:56:40 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2012/05/13 11:56:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2012/05/13 11:54:04 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\%APPDATA%
[2012/05/12 18:15:39 | 001,541,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2012/05/12 18:15:38 | 001,837,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll
[2012/05/12 18:15:38 | 000,902,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
[2012/05/12 18:15:38 | 000,320,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll
[2012/05/12 18:15:38 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll
[2012/05/12 18:14:39 | 005,504,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012/05/12 18:14:37 | 003,958,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012/05/12 18:14:37 | 003,902,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012/05/12 18:08:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2012/05/12 18:08:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2012/05/06 11:34:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SharePoint
[2012/05/06 11:32:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Synchronization Services
[2012/05/06 11:32:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
[2012/05/06 11:25:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio 8
[2012/05/06 11:24:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Analysis Services
[2012/04/29 22:44:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ghostscript
[2012/04/29 19:26:41 | 000,000,000 | ---D | C] -- C:\Users\Ann-Kristin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PDF Blender
[2012/04/29 19:26:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF Blender
[2012/04/29 19:26:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PDF Blender
[2012/04/27 12:50:38 | 000,000,000 | ---D | C] -- C:\Users\Ann-Kristin\Desktop\ISAM
[2012/04/26 22:27:17 | 000,000,000 | ---D | C] -- C:\Users\Ann-Kristin\Desktop\House Sounds Vol_02 Disc 3
[2012/04/26 22:10:45 | 000,000,000 | ---D | C] -- C:\Users\Ann-Kristin\Desktop\House Sounds Vol.03
[2012/04/23 22:39:53 | 000,000,000 | ---D | C] -- C:\Users\Ann-Kristin\Steuererklärung
[2012/04/16 21:43:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Sony Ericsson
[2012/04/16 21:43:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sony Ericsson
[2012/04/16 21:42:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony
[2012/04/16 21:42:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Sony
[2012/04/16 21:42:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sony
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Ann-Kristin\Desktop\*.tmp files -> C:\Users\Ann-Kristin\Desktop\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012/05/16 18:06:22 | 000,058,811 | ---- | M] () -- C:\Users\Ann-Kristin\Desktop\Unbenannt.JPG
[2012/05/16 17:48:00 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/05/16 17:37:34 | 000,010,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/05/16 17:37:34 | 000,010,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/05/16 17:34:41 | 001,563,064 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/05/16 17:34:41 | 000,676,404 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012/05/16 17:34:41 | 000,634,946 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/05/16 17:34:41 | 000,142,620 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012/05/16 17:34:41 | 000,116,076 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/05/16 17:30:26 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/05/16 17:29:39 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/05/16 17:29:20 | 3220,647,936 | -HS- | M] () -- C:\hiberfil.sys
[2012/05/16 11:14:59 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\Ann-Kristin\Desktop\OTL.exe
[2012/05/15 22:34:40 | 000,001,111 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/05/13 15:11:41 | 000,453,848 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/05/13 13:18:40 | 000,000,032 | ---- | M] () -- C:\Windows\Menu.INI
[2012/05/13 11:48:13 | 000,002,152 | ---- | M] () -- C:\Windows\SysNative\AutoRunFilter.ini
[2012/05/12 20:16:36 | 000,001,743 | ---- | M] () -- C:\Windows\SysNative\ServiceFilter.ini
[2012/05/09 12:21:30 | 000,758,248 | ---- | M] () -- C:\Users\Ann-Kristin\Desktop\Reservierungsbestätigung Oktoberfest.pdf
[2012/05/09 10:41:06 | 000,132,832 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
[2012/05/09 10:41:06 | 000,098,848 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2012/05/06 09:52:54 | 000,085,066 | ---- | M] () -- C:\Users\Ann-Kristin\Desktop\microsoft Home Use Program.pdf
[2012/05/05 18:52:16 | 000,002,342 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012/04/29 22:52:50 | 000,541,835 | ---- | M] () -- C:\Users\Ann-Kristin\Desktop\Ausbildungszeugnis & Abschlussprüfung IK  .pdf
[2012/04/29 22:51:40 | 001,541,710 | ---- | M] () -- C:\Users\Ann-Kristin\Desktop\Zertifikate Englisch.pdf
[2012/04/29 19:29:37 | 000,000,523 | ---- | M] () -- C:\Users\Ann-Kristin\Desktop\ISAM - Verknüpfung.lnk
[2012/04/29 19:26:41 | 000,001,040 | ---- | M] () -- C:\Users\Ann-Kristin\Desktop\PDF Blender.lnk
[2012/04/25 22:07:29 | 000,015,706 | ---- | M] () -- C:\Users\Ann-Kristin\Desktop\moi.jpg
[2012/04/22 22:16:55 | 000,289,280 | ---- | M] () -- C:\Windows\SysNative\aptwgw1v6.dll
[2012/04/16 21:42:40 | 000,002,100 | ---- | M] () -- C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Ann-Kristin\Desktop\*.tmp files -> C:\Users\Ann-Kristin\Desktop\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012/05/16 18:06:22 | 000,058,811 | ---- | C] () -- C:\Users\Ann-Kristin\Desktop\Unbenannt.JPG
[2012/05/15 22:34:40 | 000,001,111 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/05/13 13:18:40 | 000,000,032 | ---- | C] () -- C:\Windows\Menu.INI
[2012/05/09 12:21:29 | 000,758,248 | ---- | C] () -- C:\Users\Ann-Kristin\Desktop\Reservierungsbestätigung Oktoberfest.pdf
[2012/05/06 09:52:54 | 000,085,066 | ---- | C] () -- C:\Users\Ann-Kristin\Desktop\microsoft Home Use Program.pdf
[2012/04/29 22:52:49 | 000,541,835 | ---- | C] () -- C:\Users\Ann-Kristin\Desktop\Ausbildungszeugnis & Abschlussprüfung IK  .pdf
[2012/04/29 22:51:37 | 001,541,710 | ---- | C] () -- C:\Users\Ann-Kristin\Desktop\Zertifikate Englisch.pdf
[2012/04/29 19:29:37 | 000,000,523 | ---- | C] () -- C:\Users\Ann-Kristin\Desktop\ISAM - Verknüpfung.lnk
[2012/04/29 19:26:41 | 000,001,040 | ---- | C] () -- C:\Users\Ann-Kristin\Desktop\PDF Blender.lnk
[2012/04/25 22:11:23 | 001,554,298 | ---- | C] () -- C:\Users\Ann-Kristin\Desktop\IMAG0207.JPG
[2012/04/25 22:07:29 | 000,015,706 | ---- | C] () -- C:\Users\Ann-Kristin\Desktop\moi.jpg
[2012/04/22 22:16:55 | 000,289,280 | ---- | C] () -- C:\Windows\SysNative\aptwgw1v6.dll
[2012/04/16 21:42:40 | 000,002,100 | ---- | C] () -- C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk
[2011/11/01 15:26:50 | 000,643,072 | ---- | C] ( ) -- C:\Windows\SysWow64\lxecpmui.dll
[2011/11/01 15:26:50 | 000,364,544 | ---- | C] ( ) -- C:\Windows\SysWow64\lxecinpa.dll
[2011/11/01 15:26:50 | 000,344,064 | ---- | C] () -- C:\Windows\SysWow64\lxeccomx.dll
[2011/11/01 15:26:50 | 000,344,064 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeciesc.dll
[2011/11/01 15:26:50 | 000,331,776 | ---- | C] () -- C:\Windows\SysWow64\LXECinst.dll
[2011/11/01 15:26:50 | 000,114,688 | ---- | C] () -- C:\Windows\SysWow64\lxecinsr.dll
[2011/11/01 15:26:50 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\lxecjswr.dll
[2011/11/01 15:26:50 | 000,036,864 | ---- | C] () -- C:\Windows\SysWow64\lxeccur.dll
[2011/11/01 15:26:49 | 001,048,576 | ---- | C] ( ) -- C:\Windows\SysWow64\lxecserv.dll
[2011/11/01 15:26:49 | 000,847,872 | ---- | C] ( ) -- C:\Windows\SysWow64\lxecusb1.dll
[2011/11/01 15:26:49 | 000,323,584 | ---- | C] () -- C:\Windows\SysWow64\lxecins.dll
[2011/11/01 15:26:49 | 000,262,144 | ---- | C] () -- C:\Windows\SysWow64\lxecinsb.dll
[2011/11/01 15:26:49 | 000,253,952 | ---- | C] () -- C:\Windows\SysWow64\lxeccu.dll
[2011/11/01 15:26:49 | 000,090,112 | ---- | C] () -- C:\Windows\SysWow64\lxeccub.dll
[2011/11/01 15:26:48 | 000,802,816 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeccomc.dll
[2011/11/01 15:26:48 | 000,688,128 | ---- | C] ( ) -- C:\Windows\SysWow64\lxechbn3.dll
[2011/11/01 15:26:48 | 000,598,696 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeccoms.exe
[2011/11/01 15:26:48 | 000,577,536 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeclmpm.dll
[2011/11/01 15:26:48 | 000,372,736 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeccomm.dll
[2011/11/01 15:26:48 | 000,324,264 | ---- | C] ( ) -- C:\Windows\SysWow64\lxecih.exe
[2011/11/01 15:26:47 | 000,373,416 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeccfg.exe
[2011/11/01 15:25:40 | 000,024,064 | ---- | C] () -- C:\Windows\SysWow64\LXECsmr.dll
[2011/11/01 15:25:39 | 000,299,008 | ---- | C] () -- C:\Windows\SysWow64\LXECsm.dll
[2011/05/21 23:14:45 | 000,000,000 | ---- | C] () -- C:\Users\Ann-Kristin\AppData\Local\{466D3147-0AAB-4568-9FA6-C6312C47D9FD}
[2010/12/01 19:17:06 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2010/10/23 17:54:25 | 000,000,119 | ---- | C] () -- C:\Windows\Podcasts.INI
[2010/10/17 20:34:30 | 000,000,022 | ---- | C] () -- C:\Users\Ann-Kristin\AppData\Local\cmdial32.ini
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 145 bytes -> C:\ProgramData\Temp:AB689DEA
@Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:734E442A
@Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:A724744F

< End of report >
--- --- ---

akay 16.05.2012 17:43
Und hier kommt noch der andere Logfile:
OTL EXTRAS Logfile:
Code:
OTL Extras logfile created on: 5/16/2012 6:13:04 PM - Run 1
OTL by OldTimer - Version 3.2.43.0    Folder = C:\Users\Ann-Kristin\Desktop
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4.00 Gb Total Physical Memory | 2.41 Gb Available Physical Memory | 60.19% Memory free
8.00 Gb Paging File | 6.11 Gb Available in Paging File | 76.38% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 74.52 Gb Total Space | 11.12 Gb Free Space | 14.93% Space Free | Partition Type: NTFS
Drive D: | 208.92 Gb Total Space | 154.01 Gb Free Space | 73.72% Space Free | Partition Type: NTFS
 
Computer Name: A-K-PC | User Name: Ann-Kristin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [CEWE FOTOSCHAU] -- "C:\Program Files (x86)\corporate benefits\Meine CEWE FOTOWELT\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Meine CEWE FOTOWELT] -- "C:\Program Files (x86)\corporate benefits\Meine CEWE FOTOWELT\Meine CEWE FOTOWELT.exe" "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [CEWE FOTOSCHAU] -- "C:\Program Files (x86)\corporate benefits\Meine CEWE FOTOWELT\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Meine CEWE FOTOWELT] -- "C:\Program Files (x86)\corporate benefits\Meine CEWE FOTOWELT\Meine CEWE FOTOWELT.exe" "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"AutoUpdateDisableNotify" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0EAC243B-D1AF-4FBE-87F7-5FAFE87FC5C2}" = lport=2869 | protocol=6 | dir=in | app=system |
"{458E041B-EE6A-4F88-BAC7-2CD30CAF7700}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
"{AFDF0EB4-2F6D-429B-9730-D47920960E96}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01F08BE8-1E73-41BE-9C50-FBD95B224760}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{0247BAB5-F15F-44E5-8362-532F6F7A86AF}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{05717C18-E027-4928-A62D-D046BC07E657}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{0680EFA8-EF64-4AA8-9112-BD3AF7819B58}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{0AC64ACE-BA8E-44A4-930E-FE635955F42B}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{0B8C74A8-EA0E-4AA7-8227-66BEEC97CC41}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{0D7A389F-53E4-4875-A489-774E9BC72C41}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{131F82A9-CE9E-491A-8118-A1C646F51BC9}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{18852FF6-636A-4E0C-94ED-783CB79FC65C}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{204B5454-CFD6-48FA-8A3D-E75CFDEBD605}" = protocol=6 | dir=in | app=c:\program files (x86)\abbyy finereader 6.0 sprint\scan\scanman6.exe |
"{233A762D-DF4E-4106-AFAB-819758C26158}" = protocol=6 | dir=in | app=c:\users\ann-kristin\appdata\roaming\dropbox\bin\dropbox.exe |
"{2CD7D1DD-2539-4DA7-B90D-197894229C75}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{3669D1B2-8FE2-4920-A9E9-24C2CE2530CE}" = dir=in | app=c:\windows\system32\lxeccoms.exe |
"{375573FB-641B-467E-B79D-C763F00808A8}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{375EAAD2-3C19-4296-BFC1-13BFD53A684F}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{3835591A-3F6F-439E-9188-8A19CF04B3DF}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{3AEB1C64-F902-4BB5-8F9A-9B1FC650AB46}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{47BF28E1-E0EF-407B-B4CF-9597B838325F}" = dir=in | app=c:\windows\system32\lxeccoms.exe |
"{49F1130F-1DB4-488C-82E2-B838C3B6FC55}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{53F02B35-25FD-478E-9C11-98BAB6A7A34B}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{5921500E-675A-4FF7-BEE9-23D20DA4D256}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{5F252032-5C35-436E-971E-2D15760E515B}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{6276676D-88AF-40B5-83C4-311AE9FA0959}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{663F4C29-BAC1-41A3-978B-000A92A0FA14}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{6C900211-972A-441C-B7DE-A9C3D619DB94}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{7891E00F-39ED-4014-9DC4-B7848D33BA5A}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{7CF93C6E-72F2-428E-B74B-6D57635C6A5E}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{7D1D4B8B-DE05-4EF1-9A00-16B1759EE52D}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{7F14AE48-AC77-4198-B379-0A1AA9C27E3A}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe |
"{7FBBB790-7A69-4B1A-970C-AEA5E7BE75AE}" = protocol=17 | dir=in | app=c:\program files (x86)\abbyy finereader 6.0 sprint\scan\scanman6.exe |
"{89E6F1E0-52C2-403D-AEA5-C246646206D6}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{8D1E80C5-1C96-4A8D-89E8-CF88E2A48409}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{9734828A-0AE8-4122-B905-8DCD6940C191}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{9BEC765A-8BCB-49CF-8E69-9EC592C08A8A}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{A811B5DE-649A-48DF-9CFE-26C72EE8CF21}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{AC84E289-C0E7-4703-A99F-1161843CC92C}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{AE9A70EE-D27E-4245-B06D-DBFC256A3F8C}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{AED302DB-C639-43AA-8139-A1DBC6DB2CC9}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{B1AC1E1E-C1B5-4CB9-9659-181B46DFAD9D}" = dir=in | app=c:\windows\system32\lxeccoms.exe |
"{B820D4F2-7696-4A9A-838B-E9952FF12654}" = protocol=6 | dir=in | app=c:\program files (x86)\sony ericsson\update engine\sony ericsson update engine.exe |
"{B8F2DA05-13E4-4ABF-9588-613F197B8EA6}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{BBE2DA4A-B160-4228-81EB-2A0B1127C339}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{BD64AEED-F14A-4C1A-A07F-1ED92E43A811}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{BD7DFB45-9AE4-4BB7-A50B-1CE9B9D85D40}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{D2EEBC4A-74D7-4232-89E7-0BBC97B32378}" = protocol=17 | dir=in | app=c:\users\ann-kristin\appdata\roaming\dropbox\bin\dropbox.exe |
"{DB153DA7-7C42-44E6-B72C-CCDE35C20B6F}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{E46F24A8-564A-42F8-AC55-9F6B51A6700E}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{E6B17B9B-7D12-404B-A40F-CFF20F7CCAD7}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{F3548631-04CC-4CA3-BF73-F0F1D1140A2B}" = protocol=17 | dir=in | app=c:\program files (x86)\sony ericsson\update engine\sony ericsson update engine.exe |
"{F8874625-A517-4C70-894A-2E768B20CC57}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{F9C89C62-5C87-4563-AE9E-96F2ABDBFA45}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{FA026C21-C851-4248-9E90-04D6993BCD82}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{FEA78BC2-CC81-4E87-9FFA-4DD32B91B289}" = dir=in | app=c:\program files (x86)\skype\plugin manager\skypepm.exe |
"TCP Query User{48172A6A-BB78-4A27-A1E8-6E1B743AE3F8}C:\program files (x86)\qip infium\infium.exe" = protocol=6 | dir=in | app=c:\program files (x86)\qip infium\infium.exe |
"TCP Query User{4DDFFA30-AE26-4FF5-9945-FB588F8070DB}C:\program files (x86)\orbitdownloader\orbitnet.exe" = protocol=6 | dir=in | app=c:\program files (x86)\orbitdownloader\orbitnet.exe |
"TCP Query User{6A866DFB-3F7C-4F47-8680-B82C55B58267}C:\program files (x86)\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files (x86)\icq6.5\icq.exe |
"TCP Query User{B7A4CC35-A0D9-41AA-A3C7-32BB00C60F19}C:\program files (x86)\qip\qip.exe" = protocol=6 | dir=in | app=c:\program files (x86)\qip\qip.exe |
"TCP Query User{E4910CB9-E1F6-4542-AED6-46E23049ADAC}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"UDP Query User{114E81B8-87FB-4A6A-BA9E-C5BF4D1DB10C}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"UDP Query User{58B05CD8-E3DC-4C6F-B504-942043AE761C}C:\program files (x86)\qip\qip.exe" = protocol=17 | dir=in | app=c:\program files (x86)\qip\qip.exe |
"UDP Query User{6EDA2284-1EFC-4401-B3C1-AC8F4B7F474E}C:\program files (x86)\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files (x86)\icq6.5\icq.exe |
"UDP Query User{9828F099-B846-43A5-8398-81737BB4DB72}C:\program files (x86)\orbitdownloader\orbitnet.exe" = protocol=17 | dir=in | app=c:\program files (x86)\orbitdownloader\orbitnet.exe |
"UDP Query User{E2E707D2-B788-4B69-9BE6-14CD819C039F}C:\program files (x86)\qip infium\infium.exe" = protocol=17 | dir=in | app=c:\program files (x86)\qip infium\infium.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{13F4A7F3-EABC-4261-AF6B-1317777F0755}" = Fast Boot
"{3768263E-8BE8-4CEF-9463-6D36F731824B}" = Windows Live Family Safety
"{4BDE7544-0A08-4AD9-8A8F-4B7944471C36}" = iTunes
"{63B4D80D-7BAC-4D1D-B9B6-27FF54197982}" = Regi
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0028-0404-1000-0000000FF1CE}" = Microsoft Office IME (Chinese (Traditional)) 2007
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0404-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Chinese (Traditional)) 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{90120000-002A-0408-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Greek) 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-002A-040C-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (French) 2007
"{90120000-002A-040D-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Hebrew) 2007
"{90120000-002A-0410-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Italian) 2007
"{90120000-002A-0413-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Dutch) 2007
"{90120000-002A-0816-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Portuguese (Portugal)) 2007
"{90120000-002A-0C0A-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Spanish) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{91EFE3A1-585E-4F66-B5F6-F118F56C4C47}" = ASUS Power4Gear Hybrid
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A2862596-B7C3-4D7F-A227-40FEDDF1332B}" = WEB.DE Toolbar MSVC100 CRT x64
"{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}" = Apple Mobile Device Support
"{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}" = SRS Premium Sound Control Panel
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"Asus WebStorage" = Asus WebStorage
"Elantech" = ETDWare PS/2-x64 7.0.5.7_WHQL
"Lexmark Pro800-Pro900 Series" = Lexmark Pro800-Pro900 Series
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"NVIDIA Drivers" = NVIDIA Drivers
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{06585B02-F20D-4AB2-9A64-86EF2AE0F8F0}" = ASUS AI Recovery
"{0969AF05-4FF6-4C00-9406-43599238DE0D}" = ASUS Splendid Video Enhancement Technology
"{0ADF1B89-17EA-489C-86DF-6E33DA8520A6}_is1" = flatster
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = ASUS LifeFrame3
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = InterVideo WinDVD 8
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{20FDF948-C8ED-4543-A539-F7F4AEF5AFA2}" = Wireless Console 3
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{24EE4523-711A-4BD1-95EA-F73A8A6950D3}" = Audials TV
"{26A24AE4-039D-4CA4-87B4-2F83216030FF}" = Java(TM) 6 Update 30
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{331C520E-D8C3-4AB9-ADF7-A666A3561922}" = Alcor Micro USB Card Reader
"{3B05F2FB-745B-4012-ADF2-439F36B2E70B}" = ATKOSD2
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}" = Junk Mail filter update
"{566BAEC0-74CB-4ACC-9E18-8779AC974FB0}" = Windows Live Toolbar
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{5A166C0B-9557-4364-A057-F946D674E6AC}" = Windows Live Mail
"{5B65EF64-1DFA-414A-8C94-7BB726158E21}" = ControlDeck
"{64452561-169F-4A36-A2FF-B5E118EC65F5}" = ASUS SmartLogon
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6B96DADA-1A27-4A04-8CB2-CC45168D05FA}" = Windows Live Fotogalerie
"{6C3496DF-CC4C-4CDE-87A1-8657619EE2D6}_is1" = Game Park Console
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7C05592D-424B-46CB-B505-E0013E8E75C9}" = ATK Hotkey
"{81821BF8-DA20-4F8C-AA87-F70A274828D4}" = Windows Live Writer
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110413757}" = Smileyville
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}" = Alice Greenfingers
"{835686C5-8650-49EB-8CA0-4528B4035495}" = Windows Live Call
"{837B6259-6FF5-4E66-87C1-A5A15ED36FF4}" = Windows Live Messenger
"{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60}" = Windows Live Anmelde-Assistent
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8C1E2925-14F8-45AA-B999-1E2A74BF5607}" = Windows Live Sync
"{8F21291E-0444-4B1D-B9F9-4370A73E346D}" = WinFlash
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0014-0000-0000-0000000FF1CE}" = Microsoft Office Professional 2007
"{90120000-0014-0000-0000-0000000FF1CE}_PRO_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0015-0404-0000-0000000FF1CE}" = Microsoft Office Access MUI (Chinese (Traditional)) 2007
"{90120000-0015-0404-0000-0000000FF1CE}_PROHYBRIDR_{7B317D54-6465-4DD1-9F08-41C3CD537B4E}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_PRO_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0015-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0015-0408-0000-0000000FF1CE}" = Microsoft Office Access MUI (Greek) 2007
"{90120000-0015-0408-0000-0000000FF1CE}_PROHYBRIDR_{F86B508B-F1A2-4841-B906-CDDA3A548A2A}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0015-040C-0000-0000000FF1CE}" = Microsoft Office Access MUI (French) 2007
"{90120000-0015-040C-0000-0000000FF1CE}_PROHYBRIDR_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0015-040D-0000-0000000FF1CE}" = Microsoft Office Access MUI (Hebrew) 2007
"{90120000-0015-040D-0000-0000000FF1CE}_PROHYBRIDR_{F328D99F-F535-4753-B2D4-3CD9603715F6}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0015-0410-0000-0000000FF1CE}" = Microsoft Office Access MUI (Italian) 2007
"{90120000-0015-0410-0000-0000000FF1CE}_PROHYBRIDR_{7F40286D-09A7-4DC0-A2A4-AA18D026D369}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0015-0413-0000-0000000FF1CE}" = Microsoft Office Access MUI (Dutch) 2007
"{90120000-0015-0413-0000-0000000FF1CE}_PROHYBRIDR_{26257879-B20D-4D30-A429-B387A4890929}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0015-0816-0000-0000000FF1CE}" = Microsoft Office Access MUI (Portuguese (Portugal)) 2007
"{90120000-0015-0816-0000-0000000FF1CE}_PROHYBRIDR_{F812A9CD-23C6-4BBC-B168-ED2C68B0F003}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0015-0C0A-0000-0000000FF1CE}" = Microsoft Office Access MUI (Spanish) 2007
"{90120000-0015-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{D79E9128-A250-4155-BE90-2BE81DE0406A}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0404-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Chinese (Traditional)) 2007
"{90120000-0016-0404-0000-0000000FF1CE}_PROHYBRIDR_{7B317D54-6465-4DD1-9F08-41C3CD537B4E}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_PRO_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0408-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Greek) 2007
"{90120000-0016-0408-0000-0000000FF1CE}_PROHYBRIDR_{F86B508B-F1A2-4841-B906-CDDA3A548A2A}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-040C-0000-0000000FF1CE}" = Microsoft Office Excel MUI (French) 2007
"{90120000-0016-040C-0000-0000000FF1CE}_PROHYBRIDR_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-040D-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Hebrew) 2007
"{90120000-0016-040D-0000-0000000FF1CE}_PROHYBRIDR_{F328D99F-F535-4753-B2D4-3CD9603715F6}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0410-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Italian) 2007
"{90120000-0016-0410-0000-0000000FF1CE}_PROHYBRIDR_{7F40286D-09A7-4DC0-A2A4-AA18D026D369}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0413-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Dutch) 2007
"{90120000-0016-0413-0000-0000000FF1CE}_PROHYBRIDR_{26257879-B20D-4D30-A429-B387A4890929}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0816-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Portuguese (Portugal)) 2007
"{90120000-0016-0816-0000-0000000FF1CE}_PROHYBRIDR_{F812A9CD-23C6-4BBC-B168-ED2C68B0F003}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0C0A-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Spanish) 2007
"{90120000-0016-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{D79E9128-A250-4155-BE90-2BE81DE0406A}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0404-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Chinese (Traditional)) 2007
"{90120000-0018-0404-0000-0000000FF1CE}_PROHYBRIDR_{7B317D54-6465-4DD1-9F08-41C3CD537B4E}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_PRO_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0408-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Greek) 2007
"{90120000-0018-0408-0000-0000000FF1CE}_PROHYBRIDR_{F86B508B-F1A2-4841-B906-CDDA3A548A2A}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-040C-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (French) 2007
"{90120000-0018-040C-0000-0000000FF1CE}_PROHYBRIDR_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-040D-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Hebrew) 2007
"{90120000-0018-040D-0000-0000000FF1CE}_PROHYBRIDR_{F328D99F-F535-4753-B2D4-3CD9603715F6}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0410-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Italian) 2007
"{90120000-0018-0410-0000-0000000FF1CE}_PROHYBRIDR_{7F40286D-09A7-4DC0-A2A4-AA18D026D369}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0413-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Dutch) 2007
"{90120000-0018-0413-0000-0000000FF1CE}_PROHYBRIDR_{26257879-B20D-4D30-A429-B387A4890929}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0816-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Portuguese (Portugal)) 2007
"{90120000-0018-0816-0000-0000000FF1CE}_PROHYBRIDR_{F812A9CD-23C6-4BBC-B168-ED2C68B0F003}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0C0A-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Spanish) 2007
"{90120000-0018-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{D79E9128-A250-4155-BE90-2BE81DE0406A}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0404-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Chinese (Traditional)) 2007
"{90120000-0019-0404-0000-0000000FF1CE}_PROHYBRIDR_{7B317D54-6465-4DD1-9F08-41C3CD537B4E}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_PRO_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0408-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Greek) 2007
"{90120000-0019-0408-0000-0000000FF1CE}_PROHYBRIDR_{F86B508B-F1A2-4841-B906-CDDA3A548A2A}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-040C-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (French) 2007
"{90120000-0019-040C-0000-0000000FF1CE}_PROHYBRIDR_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-040D-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Hebrew) 2007
"{90120000-0019-040D-0000-0000000FF1CE}_PROHYBRIDR_{F328D99F-F535-4753-B2D4-3CD9603715F6}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0410-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Italian) 2007
"{90120000-0019-0410-0000-0000000FF1CE}_PROHYBRIDR_{7F40286D-09A7-4DC0-A2A4-AA18D026D369}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0413-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Dutch) 2007
"{90120000-0019-0413-0000-0000000FF1CE}_PROHYBRIDR_{26257879-B20D-4D30-A429-B387A4890929}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0816-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Portuguese (Portugal)) 2007
"{90120000-0019-0816-0000-0000000FF1CE}_PROHYBRIDR_{F812A9CD-23C6-4BBC-B168-ED2C68B0F003}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0C0A-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Spanish) 2007
"{90120000-0019-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{D79E9128-A250-4155-BE90-2BE81DE0406A}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0404-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Chinese (Traditional)) 2007
"{90120000-001A-0404-0000-0000000FF1CE}_PROHYBRIDR_{7B317D54-6465-4DD1-9F08-41C3CD537B4E}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_PRO_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0408-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Greek) 2007
"{90120000-001A-0408-0000-0000000FF1CE}_PROHYBRIDR_{F86B508B-F1A2-4841-B906-CDDA3A548A2A}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-040C-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (French) 2007
"{90120000-001A-040C-0000-0000000FF1CE}_PROHYBRIDR_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-040D-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Hebrew) 2007
"{90120000-001A-040D-0000-0000000FF1CE}_PROHYBRIDR_{F328D99F-F535-4753-B2D4-3CD9603715F6}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0410-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Italian) 2007
"{90120000-001A-0410-0000-0000000FF1CE}_PROHYBRIDR_{7F40286D-09A7-4DC0-A2A4-AA18D026D369}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0413-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Dutch) 2007
"{90120000-001A-0413-0000-0000000FF1CE}_PROHYBRIDR_{26257879-B20D-4D30-A429-B387A4890929}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0816-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Portuguese (Portugal)) 2007
"{90120000-001A-0816-0000-0000000FF1CE}_PROHYBRIDR_{F812A9CD-23C6-4BBC-B168-ED2C68B0F003}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0C0A-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Spanish) 2007
"{90120000-001A-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{D79E9128-A250-4155-BE90-2BE81DE0406A}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0404-0000-0000000FF1CE}" = Microsoft Office Word MUI (Chinese (Traditional)) 2007
"{90120000-001B-0404-0000-0000000FF1CE}_PROHYBRIDR_{7B317D54-6465-4DD1-9F08-41C3CD537B4E}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_PRO_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0408-0000-0000000FF1CE}" = Microsoft Office Word MUI (Greek) 2007
"{90120000-001B-0408-0000-0000000FF1CE}_PROHYBRIDR_{F86B508B-F1A2-4841-B906-CDDA3A548A2A}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-040C-0000-0000000FF1CE}" = Microsoft Office Word MUI (French) 2007
"{90120000-001B-040C-0000-0000000FF1CE}_PROHYBRIDR_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-040D-0000-0000000FF1CE}" = Microsoft Office Word MUI (Hebrew) 2007
"{90120000-001B-040D-0000-0000000FF1CE}_PROHYBRIDR_{F328D99F-F535-4753-B2D4-3CD9603715F6}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0410-0000-0000000FF1CE}" = Microsoft Office Word MUI (Italian) 2007
"{90120000-001B-0410-0000-0000000FF1CE}_PROHYBRIDR_{7F40286D-09A7-4DC0-A2A4-AA18D026D369}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0413-0000-0000000FF1CE}" = Microsoft Office Word MUI (Dutch) 2007
"{90120000-001B-0413-0000-0000000FF1CE}_PROHYBRIDR_{26257879-B20D-4D30-A429-B387A4890929}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0816-0000-0000000FF1CE}" = Microsoft Office Word MUI (Portuguese (Portugal)) 2007
"{90120000-001B-0816-0000-0000000FF1CE}_PROHYBRIDR_{F812A9CD-23C6-4BBC-B168-ED2C68B0F003}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0C0A-0000-0000000FF1CE}" = Microsoft Office Word MUI (Spanish) 2007
"{90120000-001B-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{D79E9128-A250-4155-BE90-2BE81DE0406A}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0401-0000-0000000FF1CE}" = Microsoft Office Proof (Arabic) 2007
"{90120000-001F-0401-0000-0000000FF1CE}_PROHYBRIDR_{3E8EA473-ECCE-405F-A9CA-59446AEADD3A}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0403-0000-0000000FF1CE}" = Microsoft Office Proof (Catalan) 2007
"{90120000-001F-0403-0000-0000000FF1CE}_PROHYBRIDR_{BEADB115-DB47-4BD0-A9EC-AE585AFAB2D8}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0404-0000-0000000FF1CE}" = Microsoft Office Proof (Chinese (Traditional)) 2007
"{90120000-001F-0404-0000-0000000FF1CE}_PROHYBRIDR_{E4E8AF9E-0F8C-40E8-950A-CA40B7138049}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_PRO_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}_PROHYBRIDR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0408-0000-0000000FF1CE}" = Microsoft Office Proof (Greek) 2007
"{90120000-001F-0408-0000-0000000FF1CE}_PROHYBRIDR_{DB0C1C5A-7998-4B95-8BD5-ACACD18B0B53}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PRO_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PRO_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040D-0000-0000000FF1CE}" = Microsoft Office Proof (Hebrew) 2007
"{90120000-001F-040D-0000-0000000FF1CE}_PROHYBRIDR_{51590837-F141-43A8-B0EC-AEF16F1CBE78}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_PRO_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}_PROHYBRIDR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0413-0000-0000000FF1CE}" = Microsoft Office Proof (Dutch) 2007
"{90120000-001F-0413-0000-0000000FF1CE}_PROHYBRIDR_{2C95E7EE-FEA7-4B3A-A6E5-DF90A88B816A}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0416-0000-0000000FF1CE}" = Microsoft Office Proof (Portuguese (Brazil)) 2007
"{90120000-001F-0416-0000-0000000FF1CE}_PROHYBRIDR_{8A524694-0CA4-476A-9301-B1E9D70FC952}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0419-0000-0000000FF1CE}" = Microsoft Office Proof (Russian) 2007
"{90120000-001F-0419-0000-0000000FF1CE}_PROHYBRIDR_{EFE123B8-9F0A-4C50-A67B-0BADF3CB00DC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-042D-0000-0000000FF1CE}" = Microsoft Office Proof (Basque) 2007
"{90120000-001F-042D-0000-0000000FF1CE}_PROHYBRIDR_{017A6981-5E03-4A97-830A-35FE0927BB7F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0456-0000-0000000FF1CE}" = Microsoft Office Proof (Galician) 2007
"{90120000-001F-0456-0000-0000000FF1CE}_PROHYBRIDR_{A3A03B41-14EA-4E50-97D8-FCF429AE0CCB}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0816-0000-0000000FF1CE}" = Microsoft Office Proof (Portuguese (Portugal)) 2007
"{90120000-001F-0816-0000-0000000FF1CE}_PROHYBRIDR_{C8246FCF-12F8-4212-BC89-6ED049BA2FB8}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0028-0404-0000-0000000FF1CE}" = Microsoft Office IME (Chinese (Traditional)) 2007
"{90120000-0028-0404-0000-0000000FF1CE}_PROHYBRIDR_{55F3B092-C18B-4E04-9E53-F794641B39F4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0028-0404-1000-0000000FF1CE}_PROHYBRIDR_{490B52AE-965C-460C-9E0F-EE65C96F7AA1}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_PRO_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_PROHYBRIDR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0404-1000-0000000FF1CE}_PROHYBRIDR_{B1249A88-9E86-41F6-8942-848B01D2C316}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_PRO_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_PROHYBRIDR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0408-1000-0000000FF1CE}_PROHYBRIDR_{58D10C7E-20DE-47F0-BAFA-37A870A625F9}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_PROHYBRIDR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-040C-1000-0000000FF1CE}_PROHYBRIDR_{8283FD64-6A3B-4104-9E12-7CA25EF29A1A}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-040D-1000-0000000FF1CE}_PROHYBRIDR_{CA35966E-C879-49CB-A61C-B2EF26AE54B7}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0410-1000-0000000FF1CE}_PROHYBRIDR_{C0C7E58F-D0A1-4102-855B-0B7AA2E8F1C1}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0413-1000-0000000FF1CE}_PROHYBRIDR_{1D12BC91-360E-424C-97C4-813651313660}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0816-1000-0000000FF1CE}_PROHYBRIDR_{5E03E01D-304F-474D-B85F-06B2C9AE0583}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0C0A-1000-0000000FF1CE}_PROHYBRIDR_{430AE3E6-E982-4958-90FC-1C062BC74E22}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0404-0000-0000000FF1CE}" = Microsoft Office Proofing (Chinese (Traditional)) 2007
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-002C-0408-0000-0000000FF1CE}" = Microsoft Office Proofing (Greek) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-002C-040C-0000-0000000FF1CE}" = Microsoft Office Proofing (French) 2007
"{90120000-002C-040D-0000-0000000FF1CE}" = Microsoft Office Proofing (Hebrew) 2007
"{90120000-002C-0410-0000-0000000FF1CE}" = Microsoft Office Proofing (Italian) 2007
"{90120000-002C-0413-0000-0000000FF1CE}" = Microsoft Office Proofing (Dutch) 2007
"{90120000-002C-0816-0000-0000000FF1CE}" = Microsoft Office Proofing (Portuguese (Portugal)) 2007
"{90120000-002C-0C0A-0000-0000000FF1CE}" = Microsoft Office Proofing (Spanish) 2007
"{90120000-006E-0404-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Chinese (Traditional)) 2007
"{90120000-006E-0404-0000-0000000FF1CE}_PROHYBRIDR_{B1249A88-9E86-41F6-8942-848B01D2C316}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_PRO_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}_PROHYBRIDR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0408-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Greek) 2007
"{90120000-006E-0408-0000-0000000FF1CE}_PROHYBRIDR_{58D10C7E-20DE-47F0-BAFA-37A870A625F9}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROHYBRIDR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-040C-0000-0000000FF1CE}" = Microsoft Office Shared MUI (French) 2007
"{90120000-006E-040C-0000-0000000FF1CE}_PROHYBRIDR_{8283FD64-6A3B-4104-9E12-7CA25EF29A1A}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-040D-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Hebrew) 2007
"{90120000-006E-040D-0000-0000000FF1CE}_PROHYBRIDR_{CA35966E-C879-49CB-A61C-B2EF26AE54B7}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0410-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Italian) 2007
"{90120000-006E-0410-0000-0000000FF1CE}_PROHYBRIDR_{C0C7E58F-D0A1-4102-855B-0B7AA2E8F1C1}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0413-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Dutch) 2007
"{90120000-006E-0413-0000-0000000FF1CE}_PROHYBRIDR_{1D12BC91-360E-424C-97C4-813651313660}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0816-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Portuguese (Portugal)) 2007
"{90120000-006E-0816-0000-0000000FF1CE}_PROHYBRIDR_{5E03E01D-304F-474D-B85F-06B2C9AE0583}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0C0A-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Spanish) 2007
"{90120000-006E-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{430AE3E6-E982-4958-90FC-1C062BC74E22}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROHYBRIDR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_PROHYBRIDR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.PROPLUSR_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.PROPLUSR_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{95120000-0120-0407-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C450606-ED24-4958-92BA-B8940C99D441}" = PixiePack Codec Pack
"{9D48531D-2135-49FC-BC29-ACCDA5396A76}" = ASUS MultiFrame
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.2) - Deutsch
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C20CE592-B0F8-4D20-BF31-0151CA6331A6}" = Samsung Media Studio
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{CC4BBCBA-89F6-47C3-9B0F-5CE5BB1C316C}" = WEB.DE Toolbar MSVC100 CRT x86
"{D1E5870E-E3E5-4475-98A6-ADD614524ADF}" = ATK Media
"{D3D54F3E-C5C3-443D-978F-87A72E5616E8}" = ATK Generic Function Service
"{D6F879CC-59D6-4D4B-AE9B-D761E48D25ED}" = Skype™ 5.3
"{DF5F687F-8018-4542-9F98-7084E9022917}" = Windows Live Essentials
"{E3723A04-A894-4036-A78E-282E18F43C0A}_is1" = Tinypic 3.16
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}" = ASUS Virtual Camera
"{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}" = Sony PC Companion 2.10.053
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0DF4513-3C4C-4EB8-8012-2C5F70AF3988}" = ASUS FancyStart
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F69E83CF-B440-43F8-89E6-6EA80712109B}" = Windows Live Communications Platform
"{FA2092C5-7979-412D-A962-6485274AE1EE}" = ASUS Data Security Manager
"1&1 Mail & Media GmbH 1und1InternetExplorerAddon" = WEB.DE Internet Explorer Addon
"1&1 Mail & Media GmbH 1und1Softwareaktualisierung" = WEB.DE Softwareaktualisierung
"1&1 Mail & Media GmbH Toolbar IE8" = WEB.DE Toolbar für Internet Explorer
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"AFPL Ghostscript 8.54" = AFPL Ghostscript 8.54
"AFPL Ghostscript Fonts" = AFPL Ghostscript Fonts
"ASUS AP Bank_is1" = ASUS AP Bank
"ASUS_Screensaver" = ASUS_Screensaver
"Avira AntiVir Desktop" = Avira Free Antivirus
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon MOV Decoder" = Canon MOV Decoder
"Canon MOV Encoder" = Canon MOV Encoder
"ElsterFormular 13.1.0.8394p" = ElsterFormular
"ExpressRip" = Express Rip
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.2
"FreePDF_XP" = FreePDF (Remove only)
"Google Chrome" = Google Chrome
"GPL Ghostscript 8.70" = GPL Ghostscript 8.70
"Guard.Mail.ru" = Guard.ICQ
"HotspotShield" = Hotspot Shield 2.52
"InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = InterVideo WinDVD 8
"InstallShield_{331C520E-D8C3-4AB9-ADF7-A666A3561922}" = Alcor Micro USB Card Reader
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{63B4D80D-7BAC-4D1D-B9B6-27FF54197982}" = Regi
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"Lame MP3 Codec (for the ACM)" = Lame ACM MP3 Codec
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"Meine CEWE FOTOWELT" = Meine CEWE FOTOWELT
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"Mozilla Firefox 9.0.1 (x86 de)" = Mozilla Firefox 9.0.1 (x86 de)
"MyCamera Download Plugin" = CANON iMAGE GATEWAY MyCamera Download Plugin
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"PDF Blender" = PDF Blender
"PhotoStitch" = Canon Utilities PhotoStitch
"PRO" = Microsoft Office Professional 2007
"PROHYBRIDR" = 2007 Microsoft Office system
"Switch" = Switch Sound File Converter
"Uninstall_is1" = Uninstall 1.0.0.1
"Update Engine" = Sony Ericsson Update Engine
"WinGimp-2.0_is1" = GIMP 2.6.11
"WinLiveSuite_Wave3" = Windows Live Essentials
"XviD_is1" = XviD MPEG-4 Video Codec
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 5/16/2012 6:42:15 AM | Computer Name = A-K-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 10249
 
Error - 5/16/2012 6:42:16 AM | Computer Name = A-K-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 5/16/2012 6:42:16 AM | Computer Name = A-K-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 11512
 
Error - 5/16/2012 6:42:16 AM | Computer Name = A-K-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 11512
 
Error - 5/16/2012 6:42:17 AM | Computer Name = A-K-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 5/16/2012 6:42:17 AM | Computer Name = A-K-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 12792
 
Error - 5/16/2012 6:42:17 AM | Computer Name = A-K-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 12792
 
Error - 5/16/2012 6:42:19 AM | Computer Name = A-K-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 5/16/2012 6:42:19 AM | Computer Name = A-K-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 14086
 
Error - 5/16/2012 6:42:19 AM | Computer Name = A-K-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 14086
 
[ Media Center Events ]
Error - 3/11/2011 1:34:46 PM | Computer Name = A-K-PC | Source = MCUpdate | ID = 0
Description = 18:34:45 - Directory konnte nicht abgerufen werden (Fehler: Die Verbindung
 mit dem Remoteserver kann nicht hergestellt werden.) 
 
Error - 3/11/2011 1:35:41 PM | Computer Name = A-K-PC | Source = MCUpdate | ID = 0
Description = 18:35:28 - MCESpotlight konnte nicht abgerufen werden (Fehler: Die
 Verbindung mit dem Remoteserver kann nicht hergestellt werden.) 
 
Error - 3/11/2011 1:36:26 PM | Computer Name = A-K-PC | Source = MCUpdate | ID = 0
Description = 18:36:05 - MCEClientUX konnte nicht abgerufen werden (Fehler: Die
Verbindung mit dem Remoteserver kann nicht hergestellt werden.) 
 
Error - 3/11/2011 1:36:48 PM | Computer Name = A-K-PC | Source = MCUpdate | ID = 0
Description = 18:36:48 - Broadband konnte nicht abgerufen werden (Fehler: Die Verbindung
 mit dem Remoteserver kann nicht hergestellt werden.) 
 
Error - 3/12/2011 9:19:00 AM | Computer Name = A-K-PC | Source = MCUpdate | ID = 0
Description = 14:19:00 - Fehler beim Herstellen der Internetverbindung.  14:19:00
-    Serververbindung konnte nicht hergestellt werden.. 
 
Error - 3/12/2011 9:19:10 AM | Computer Name = A-K-PC | Source = MCUpdate | ID = 0
Description = 14:19:05 - Fehler beim Herstellen der Internetverbindung.  14:19:05
-    Serververbindung konnte nicht hergestellt werden.. 
 
Error - 4/11/2011 11:36:40 AM | Computer Name = A-K-PC | Source = MCUpdate | ID = 0
Description = 17:36:32 - Fehler beim Herstellen der Internetverbindung.  17:36:33
-    Serververbindung konnte nicht hergestellt werden.. 
 
Error - 4/15/2011 4:14:51 PM | Computer Name = A-K-PC | Source = MCUpdate | ID = 0
Description = 22:14:51 - Fehler beim Herstellen der Internetverbindung.  22:14:51
-    Serververbindung konnte nicht hergestellt werden.. 
 
Error - 4/15/2011 4:15:05 PM | Computer Name = A-K-PC | Source = MCUpdate | ID = 0
Description = 22:14:56 - Fehler beim Herstellen der Internetverbindung.  22:14:56
-    Serververbindung konnte nicht hergestellt werden.. 
 
Error - 4/17/2011 8:04:56 AM | Computer Name = A-K-PC | Source = MCUpdate | ID = 0
Description = 14:04:46 - Fehler beim Herstellen der Internetverbindung.  14:04:46
-    Serververbindung konnte nicht hergestellt werden.. 
 
[ System Events ]
Error - 5/15/2012 4:13:22 PM | Computer Name = A-K-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Arbeitsstationsdienst" wurde mit folgendem Fehler beendet:
  %%2
 
Error - 5/15/2012 4:13:26 PM | Computer Name = A-K-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 lxecCATSCustConnectService erreicht.
 
Error - 5/15/2012 4:13:26 PM | Computer Name = A-K-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "lxecCATSCustConnectService" wurde aufgrund folgenden Fehlers
 nicht gestartet:  %%1053
 
Error - 5/15/2012 7:34:01 PM | Computer Name = A-K-PC | Source = Microsoft-Windows-HAL | ID = 12
Description = Der Speicher wurde beim letzten Leistungsübergang des Systems von
der Plattformfirmware beschädigt. Überprüfen Sie, ob für Ihr System aktualisierte
 Firmware verfügbar ist.
 
Error - 5/16/2012 4:04:51 AM | Computer Name = A-K-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst lmhosts erreicht.
 
Error - 5/16/2012 5:37:54 AM | Computer Name = A-K-PC | Source = Schannel | ID = 36888
Description = Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus
 lautet: 10.
 
Error - 5/16/2012 6:42:27 AM | Computer Name = A-K-PC | Source = Microsoft-Windows-HAL | ID = 12
Description = Der Speicher wurde beim letzten Leistungsübergang des Systems von
der Plattformfirmware beschädigt. Überprüfen Sie, ob für Ihr System aktualisierte
 Firmware verfügbar ist.
 
Error - 5/16/2012 11:29:56 AM | Computer Name = A-K-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Arbeitsstationsdienst" wurde mit folgendem Fehler beendet:
  %%2
 
Error - 5/16/2012 11:29:58 AM | Computer Name = A-K-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 lxecCATSCustConnectService erreicht.
 
Error - 5/16/2012 11:29:58 AM | Computer Name = A-K-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "lxecCATSCustConnectService" wurde aufgrund folgenden Fehlers
 nicht gestartet:  %%1053
 
 
< End of report >
--- --- ---

Chris4You 17.05.2012 12:07
Hi,

Du bist als Admin eingeloggt..
Probiere die Onlineüberprüfung nochmal mit dem Pfad hier:
C:\Windows\SysNative\aptwgw1v6.dll

Fix für OTL:
  • Doppelklick auf die OTL.exe, um das Programm auszuführen.
  • Vista/Win7-User bitte per Rechtsklick und "Ausführen als Administrator" starten.
  • Kopiere den Inhalt der folgenden Codebox komplett in die OTL-Box unter "Custom Scan/Fixes"
Code:

:OTL
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

:reg
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AutoUpdateDisableNotify" = dword:0x00

:Commands
[emptytemp]
[Reboot]
  • Den roten Run Fixes! Button anklicken.
  • Bitte alles aus dem Ergebnisfenster (Results) herauskopieren.
  • Eine Kopie eines OTL-Fix-Logs wird in einer Textdatei in folgendem Ordner gespeichert:
  • %systemroot%\_OTL

Superantispyware (SASW):
http://www.trojaner-board.de/51871-a...tispyware.html

chris

akay 17.05.2012 14:04
Hi Chris,

leider funktioniert die Onlineüberprüfung nicht, da kommt auch wieder die Meldung, dass ich nicht die Berechtigung hätte, diese Datei zu öffnen.

Viele Grüße
Akay

Chris4You 17.05.2012 14:13
Hi,

wir schiessen sie mal mit OTL weg..
  • Doppelklick auf die OTL.exe, um das Programm auszuführen.
  • Vista/Win7-User bitte per Rechtsklick und "Ausführen als Administrator" starten.
  • Kopiere den Inhalt der folgenden Codebox komplett in die OTL-Box unter "Custom Scan/Fixes"
http://oldtimer.geekstogo.com/OTL/OTL_Main_Tutorial.gif
Code:
:OTL
[2012/04/22 22:16:55 | 000,289,280 | ---- | M] () -- C:\Windows\SysNative\aptwgw1v6.dll

:Commands
[purity]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]
  • Den roten Run Fixes! Button anklicken.
  • Bitte alles aus dem Ergebnisfenster (Results) herauskopieren.
  • Eine Kopie eines OTL-Fix-Logs wird in einer Textdatei in folgendem Ordner gespeichert:
  • %systemroot%\_OTL

Die andere suchen wir mal...
  • Doppelklick auf die SystemLook.exe, um das Tool zu starten.
  • Vista-User/Win7 mit Rechtsklick und als Administrator starten.
  • Kopiere den Inhalt der folgenden Codebox in das Textfeld des Tools:

Code:
:filefind
xpt8dpx4.tsp
  • Klicke nun auf den Button Look, um den Scan zu starten.
Wenn der Suchlauf beendet ist, wird sich Dein Editor mit den Ergebnissen öffnen, diese hier in den Thread posten.
Die Ergebnisse werden auf dem Desktop als SystemLook.txt gespeichert.

chris

akay 17.05.2012 17:41
Hallo Chris,

anbei das Logfile:

All processes killed
========== OTL ==========
C:\Windows\SysNative\aptwgw1v6.dll moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Ann-Kristin
->Temp folder emptied: 169940736 bytes
->Temporary Internet Files folder emptied: 1608087577 bytes
->Java cache emptied: 499974 bytes
->FireFox cache emptied: 46979250 bytes
->Google Chrome cache emptied: 6087217 bytes
->Flash cache emptied: 2629878 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 3709859 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50501 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 1,753.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.43.0 log created on 05172012_182549

Files\Folders moved on Reboot...
C:\Users\Ann-Kristin\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Ann-Kristin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat moved successfully.
C:\Users\Ann-Kristin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X1P1EDYC\indexCA7DVPEN.htm moved successfully.
C:\Users\Ann-Kristin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\V1VXI2DA\ads[1].htm moved successfully.
C:\Users\Ann-Kristin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GMT2R8Y8\virustotal_com[1].htm moved successfully.
C:\Users\Ann-Kristin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CMS9NGJ8\51871-anleitung-superantispyware[1].htm moved successfully.
C:\Users\Ann-Kristin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8TI9QWB0\115196-antivir-berichtet-mir-zwei-trojanern-jedoch-malwarebytes-anti-male-kein-fund[1].htm moved successfully.
C:\Users\Ann-Kristin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8E0NPHA7\indexCAZYA51T.htm moved successfully.
C:\Users\Ann-Kristin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6U6V0Z0N\si[1].htm moved successfully.
File\Folder C:\Windows\temp\TMP00000080CF9D46D2BD0CB28D not found!

Registry entries deleted on Reboot...

Hallo Chris,

anbei das Logfile von SystemLook.txt:

SystemLook 30.07.11 by jpshortstuff
Log created at 18:50 on 17/05/2012 by Ann-Kristin
Administrator - Elevation successful

========== filefind ==========

Searching for "xpt8dpx4.tsp"
C:\Windows\System32\xpt8dpx4.tsp --a---- 1414656 bytes [21:43 11/01/2012] [21:43 11/01/2012] (Unable to calculate MD5)

Searching for " "
No files found.

-= EOF =-


Viele Grüße und lieben Dank schon mal!!!

Hallo nochmal,

nun habe ich auch SuperAntiSpyware durchlaufen lassen und ich habe folgendes Logfile erhalten:
SUPERAntiSpyware Scan Log
SUPERAntiSpyware.com | Remove Malware | Remove Spyware - AntiMalware, AntiSpyware, AntiAdware!

Generated 05/17/2012 at 09:25 PM

Application Version : 5.0.1148

Core Rules Database Version : 8609
Trace Rules Database Version: 6421

Scan type : Complete Scan
Total Scan Time : 02:23:14

Operating System Information
Windows 7 Home Premium 64-bit (Build 6.01.7600)
UAC Off - Administrator

Memory items scanned : 670
Memory threats detected : 0
Registry items scanned : 67778
Registry threats detected : 0
File items scanned : 191586
File threats detected : 431

Adware.Tracking Cookie
C:\Users\Ann-Kristin\AppData\Roaming\Microsoft\Windows\Cookies\ann-kristin@ad.chip[1].txt [ /ad.chip ]
C:\Users\Ann-Kristin\AppData\Roaming\Microsoft\Windows\Cookies\ann-kristin@ads.mitfahrzentrale[1].txt [ /ads.mitfahrzentrale ]
C:\Users\Ann-Kristin\AppData\Roaming\Microsoft\Windows\Cookies\IVGU4G7O.txt [ /specificclick.net ]
C:\Users\Ann-Kristin\AppData\Roaming\Microsoft\Windows\Cookies\3GVO606Z.txt [ /adxpose.com ]
C:\Users\Ann-Kristin\AppData\Roaming\Microsoft\Windows\Cookies\VLBAMLUA.txt [ /www.zanox-affiliate.de ]
C:\Users\Ann-Kristin\AppData\Roaming\Microsoft\Windows\Cookies\WQBNZXHO.txt [ /citi.bridgetrack.com ]
C:\Users\Ann-Kristin\AppData\Roaming\Microsoft\Windows\Cookies\2O1N1WRT.txt [ /www.googleadservices.com ]
C:\Users\Ann-Kristin\AppData\Roaming\Microsoft\Windows\Cookies\AMBPRJY5.txt [ /ads.mach3.de ]
C:\Users\Ann-Kristin\AppData\Roaming\Microsoft\Windows\Cookies\TD0C4U7A.txt [ /ads.mikinimedia.de ]
C:\Users\Ann-Kristin\AppData\Roaming\Microsoft\Windows\Cookies\0TEACEMH.txt [ /tribalfusion.com ]
C:\Users\Ann-Kristin\AppData\Roaming\Microsoft\Windows\Cookies\1483LCK3.txt [ /imrworldwide.com ]
C:\Users\Ann-Kristin\AppData\Roaming\Microsoft\Windows\Cookies\I0Y8MP3F.txt [ /ads.pubmatic.com ]
C:\Users\Ann-Kristin\AppData\Roaming\Microsoft\Windows\Cookies\CLW9O55H.txt [ /advertising.com ]
C:\Users\Ann-Kristin\AppData\Roaming\Microsoft\Windows\Cookies\O41BQ1NG.txt [ /wmedia.rotator.hadj7.adjuggler.net ]
C:\Users\Ann-Kristin\AppData\Roaming\Microsoft\Windows\Cookies\YY6OAF3T.txt [ /ru4.com ]
C:\Users\Ann-Kristin\AppData\Roaming\Microsoft\Windows\Cookies\ZNMDERA3.txt [ /xiti.com ]
C:\Users\Ann-Kristin\AppData\Roaming\Microsoft\Windows\Cookies\Y8CE58QZ.txt [ /www.etracker.de ]
C:\Users\Ann-Kristin\AppData\Roaming\Microsoft\Windows\Cookies\Q8FT5XZV.txt [ /adfarm1.adition.com ]
C:\Users\Ann-Kristin\AppData\Roaming\Microsoft\Windows\Cookies\KAPZ15KI.txt [ /ads.carpooling.com ]
C:\Users\Ann-Kristin\AppData\Roaming\Microsoft\Windows\Cookies\DESR9ONG.txt [ /hotelreservationservice.122.2o7.net ]
C:\Users\Ann-Kristin\AppData\Roaming\Microsoft\Windows\Cookies\GWWDCX73.txt [ /ad2.adfarm1.adition.com ]
C:\Users\Ann-Kristin\AppData\Roaming\Microsoft\Windows\Cookies\2YYYTN0L.txt [ /smartadserver.com ]
C:\Users\Ann-Kristin\AppData\Roaming\Microsoft\Windows\Cookies\1KY7O2VO.txt [ /adserver.adtechus.com ]
C:\Users\Ann-Kristin\AppData\Roaming\Microsoft\Windows\Cookies\6E1A6T6L.txt [ /a.revenuemax.de ]
C:\Users\Ann-Kristin\AppData\Roaming\Microsoft\Windows\Cookies\K8OYUZFK.txt [ /tracking.quisma.com ]
C:\Users\Ann-Kristin\AppData\Roaming\Microsoft\Windows\Cookies\LNDHUMTW.txt [ /content.yieldmanager.com ]
C:\Users\Ann-Kristin\AppData\Roaming\Microsoft\Windows\Cookies\SKWWAB4S.txt [ /ads.creative-serving.com ]
C:\Users\Ann-Kristin\AppData\Roaming\Microsoft\Windows\Cookies\JTPKVTS0.txt [ /media6degrees.com ]
C:\Users\Ann-Kristin\AppData\Roaming\Microsoft\Windows\Cookies\RKMV32EQ.txt [ /guj.122.2o7.net ]
C:\Users\Ann-Kristin\AppData\Roaming\Microsoft\Windows\Cookies\2E92YGK3.txt [ /zanox-affiliate.de ]
C:\Users\Ann-Kristin\AppData\Roaming\Microsoft\Windows\Cookies\SPPAMQ8X.txt [ /ad1.adfarm1.adition.com ]
C:\Users\Ann-Kristin\AppData\Roaming\Microsoft\Windows\Cookies\L4RGAEX7.txt [ /adx.chip.de ]
C:\Users\Ann-Kristin\AppData\Roaming\Microsoft\Windows\Cookies\Y22LTWVI.txt [ /www.googleadservices.com ]
C:\Users\Ann-Kristin\AppData\Roaming\Microsoft\Windows\Cookies\DVR6WD35.txt [ /studivz.adfarm1.adition.com ]
C:\Users\Ann-Kristin\AppData\Roaming\Microsoft\Windows\Cookies\7MZDTVVW.txt [ /trafficmp.com ]
C:\Users\Ann-Kristin\AppData\Roaming\Microsoft\Windows\Cookies\3EYW44AK.txt [ /ads.diginights.com ]
C:\Users\Ann-Kristin\AppData\Roaming\Microsoft\Windows\Cookies\8I65TIAO.txt [ /ad.adnet.de ]
C:\Users\Ann-Kristin\AppData\Roaming\Microsoft\Windows\Cookies\X15A13CK.txt [ /serving-sys.com ]
C:\Users\Ann-Kristin\AppData\Roaming\Microsoft\Windows\Cookies\J6A8N4D3.txt [ /counter2.sexmoney.com ]
C:\Users\Ann-Kristin\AppData\Roaming\Microsoft\Windows\Cookies\YQ2VKAZ7.txt [ /deutschepostag.112.2o7.net ]
C:\Users\Ann-Kristin\AppData\Roaming\Microsoft\Windows\Cookies\47PU2GV7.txt [ /adinterax.com ]
C:\Users\Ann-Kristin\AppData\Roaming\Microsoft\Windows\Cookies\Z4KDH1S6.txt [ /clicksor.com ]
C:\Users\Ann-Kristin\AppData\Roaming\Microsoft\Windows\Cookies\8UGNZQJH.txt [ /youporn.com ]
C:\Users\Ann-Kristin\AppData\Roaming\Microsoft\Windows\Cookies\H9PKPFZX.txt [ /eas4.emediate.eu ]
C:\Users\Ann-Kristin\AppData\Roaming\Microsoft\Windows\Cookies\GSZ2SQ33.txt [ /revsci.net ]
C:\Users\Ann-Kristin\AppData\Roaming\Microsoft\Windows\Cookies\4FFTUT0G.txt [ /ad.zanox.com ]
C:\Users\Ann-Kristin\AppData\Roaming\Microsoft\Windows\Cookies\TGPYX0G6.txt [ /track.adform.net ]
C:\Users\Ann-Kristin\AppData\Roaming\Microsoft\Windows\Cookies\VHLB0Q05.txt [ /ad.ad-srv.net ]
C:\Users\Ann-Kristin\AppData\Roaming\Microsoft\Windows\Cookies\FF6C5ECO.txt [ /insightexpressai.com ]
C:\Users\Ann-Kristin\AppData\Roaming\Microsoft\Windows\Cookies\00FONV35.txt [ /cewecolor.112.2o7.net ]
C:\Users\Ann-Kristin\AppData\Roaming\Microsoft\Windows\Cookies\7UDXWFGZ.txt [ /ad.adition.net ]
C:\Users\Ann-Kristin\AppData\Roaming\Microsoft\Windows\Cookies\5NBJ9GB6.txt [ /ad.yieldmanager.com ]
C:\Users\Ann-Kristin\AppData\Roaming\Microsoft\Windows\Cookies\5P0P7F31.txt [ /ww251.smartadserver.com ]
C:\Users\Ann-Kristin\AppData\Roaming\Microsoft\Windows\Cookies\PCT823SN.txt [ /adtech.de ]
C:\Users\Ann-Kristin\AppData\Roaming\Microsoft\Windows\Cookies\KV1EMBJN.txt [ /2o7.net ]
C:\Users\Ann-Kristin\AppData\Roaming\Microsoft\Windows\Cookies\HG7DQIMD.txt [ /at.atwola.com ]
C:\Users\Ann-Kristin\AppData\Roaming\Microsoft\Windows\Cookies\H7I8XOLQ.txt [ /invitemedia.com ]
C:\Users\Ann-Kristin\AppData\Roaming\Microsoft\Windows\Cookies\CWSCJN1V.txt [ /atdmt.com ]
C:\Users\Ann-Kristin\AppData\Roaming\Microsoft\Windows\Cookies\F4L4V6MO.txt [ /ad3.adfarm1.adition.com ]
C:\Users\Ann-Kristin\AppData\Roaming\Microsoft\Windows\Cookies\D1N138ED.txt [ /webmasterplan.com ]
C:\Users\Ann-Kristin\AppData\Roaming\Microsoft\Windows\Cookies\FBRJYHG7.txt [ /eas.apm.emediate.eu ]
C:\Users\Ann-Kristin\AppData\Roaming\Microsoft\Windows\Cookies\TNZYL5BW.txt [ /im.banner.t-online.de ]
C:\Users\Ann-Kristin\AppData\Roaming\Microsoft\Windows\Cookies\TYP3PX0A.txt [ /traffictrack.de ]
C:\Users\Ann-Kristin\AppData\Roaming\Microsoft\Windows\Cookies\0LKDNCZH.txt [ /ads.as4x.tmcs.net ]
C:\Users\Ann-Kristin\AppData\Roaming\Microsoft\Windows\Cookies\BODW1JY3.txt [ /ad4.adfarm1.adition.com ]
C:\Users\Ann-Kristin\AppData\Roaming\Microsoft\Windows\Cookies\JDGB3F3S.txt [ /adform.net ]
C:\Users\Ann-Kristin\AppData\Roaming\Microsoft\Windows\Cookies\JGRN27OM.txt [ /harrenmedianetwork.com ]
C:\Users\Ann-Kristin\AppData\Roaming\Microsoft\Windows\Cookies\R1TH7CDO.txt [ /a1.interclick.com ]
C:\Users\Ann-Kristin\AppData\Roaming\Microsoft\Windows\Cookies\RGO5THIT.txt [ /track.effiliation.com ]
C:\Users\Ann-Kristin\AppData\Roaming\Microsoft\Windows\Cookies\Q6ODSU6S.txt [ /media.gan-online.com ]
C:\Users\Ann-Kristin\AppData\Roaming\Microsoft\Windows\Cookies\XMSWDLAP.txt [ /zanox.com ]
C:\Users\Ann-Kristin\AppData\Roaming\Microsoft\Windows\Cookies\LWUX2ETX.txt [ /accounts.google.com ]
C:\Users\Ann-Kristin\AppData\Roaming\Microsoft\Windows\Cookies\LTOE93ES.txt [ /ad.360yield.com ]
C:\Users\Ann-Kristin\AppData\Roaming\Microsoft\Windows\Cookies\HO4UCIW7.txt [ /yadro.ru ]
C:\Users\Ann-Kristin\AppData\Roaming\Microsoft\Windows\Cookies\MOJI30YY.txt [ /realmedia.com ]
C:\Users\Ann-Kristin\AppData\Roaming\Microsoft\Windows\Cookies\LV9QRNO0.txt [ /ads.masterweb.mach3.de ]
C:\Users\Ann-Kristin\AppData\Roaming\Microsoft\Windows\Cookies\OW204N8L.txt [ /dyntracker.com ]
C:\Users\Ann-Kristin\AppData\Roaming\Microsoft\Windows\Cookies\6WM66E2D.txt [ /edates.traffective-tracking.com ]
C:\Users\Ann-Kristin\AppData\Roaming\Microsoft\Windows\Cookies\DD4L37LL.txt [ /edge.download.newmedia.nacamar.net ]
C:\Users\Ann-Kristin\AppData\Roaming\Microsoft\Windows\Cookies\CDUW3AYE.txt [ /counter.sexsuche.tv ]
C:\Users\Ann-Kristin\AppData\Roaming\Microsoft\Windows\Cookies\VMPXWRED.txt [ /pro-market.net ]
C:\Users\Ann-Kristin\AppData\Roaming\Microsoft\Windows\Cookies\19HQ1AUS.txt [ /ads.pointroll.com ]
C:\Users\Ann-Kristin\AppData\Roaming\Microsoft\Windows\Cookies\FVCFN04Y.txt [ /de.sitestat.com ]
C:\Users\Ann-Kristin\AppData\Roaming\Microsoft\Windows\Cookies\CQYSOZGE.txt [ /ads.ad4game.com ]
C:\Users\Ann-Kristin\AppData\Roaming\Microsoft\Windows\Cookies\0J1AA99S.txt [ /7.rotator.wigetmedia.com ]
C:\Users\Ann-Kristin\AppData\Roaming\Microsoft\Windows\Cookies\8QEILX2N.txt [ /adserver.effilee.de ]
C:\Users\Ann-Kristin\AppData\Roaming\Microsoft\Windows\Cookies\7AGV0NEQ.txt [ /stats.paypal.com ]
C:\Users\Ann-Kristin\AppData\Roaming\Microsoft\Windows\Cookies\G0LZKCRD.txt [ /beta-ads.ace.advertising.com ]
C:\Users\Ann-Kristin\AppData\Roaming\Microsoft\Windows\Cookies\1QZCFJVU.txt [ /ad.nachtagenten.de ]
C:\Users\Ann-Kristin\AppData\Roaming\Microsoft\Windows\Cookies\ETD2QGIP.txt [ /d.mediaforge.com ]
C:\Users\Ann-Kristin\AppData\Roaming\Microsoft\Windows\Cookies\4QMH3PKO.txt [ /rotator.wigetmedia.com ]
C:\Users\Ann-Kristin\AppData\Roaming\Microsoft\Windows\Cookies\A27PEAQ0.txt [ /kontera.com ]
C:\Users\Ann-Kristin\AppData\Roaming\Microsoft\Windows\Cookies\HW5OG2IC.txt [ /c.atdmt.com ]
C:\Users\Ann-Kristin\AppData\Roaming\Microsoft\Windows\Cookies\S1UZBOM1.txt [ /collective-media.net ]
C:\Users\Ann-Kristin\AppData\Roaming\Microsoft\Windows\Cookies\L31PC8Y3.txt [ /questionmarket.com ]
C:\Users\Ann-Kristin\AppData\Roaming\Microsoft\Windows\Cookies\YRTTWV01.txt [ /server.adform.net ]
C:\Users\Ann-Kristin\AppData\Roaming\Microsoft\Windows\Cookies\6IOZ9500.txt [ /unitymedia.de ]
C:\Users\Ann-Kristin\AppData\Roaming\Microsoft\Windows\Cookies\J0LRR3AR.txt [ /clickfuse.com ]
C:\Users\Ann-Kristin\AppData\Roaming\Microsoft\Windows\Cookies\8RPC8WCR.txt [ /mediaservices-d.openxenterprise.com ]
C:\Users\Ann-Kristin\AppData\Roaming\Microsoft\Windows\Cookies\W4FOXR07.txt [ /hightraffic.hugoboss.com ]
C:\Users\Ann-Kristin\AppData\Roaming\Microsoft\Windows\Cookies\WPIBNUGW.txt [ /olympiaverlag.122.2o7.net ]
C:\Users\Ann-Kristin\AppData\Roaming\Microsoft\Windows\Cookies\3X3QBP85.txt [ /ads.saymedia.com ]
C:\Users\Ann-Kristin\AppData\Roaming\Microsoft\Windows\Cookies\00795W31.txt [ /yieldmanager.net ]
C:\Users\Ann-Kristin\AppData\Roaming\Microsoft\Windows\Cookies\K7WIK29W.txt [ /akamai.interclickproxy.com ]
C:\Users\Ann-Kristin\AppData\Roaming\Microsoft\Windows\Cookies\CQHR3K7C.txt [ /paypal.112.2o7.net ]
C:\Users\Ann-Kristin\AppData\Roaming\Microsoft\Windows\Cookies\2WOFX9BK.txt [ /tracking.mindshare.de ]
C:\Users\Ann-Kristin\AppData\Roaming\Microsoft\Windows\Cookies\AYAF14P2.txt [ /beiersdorf.122.2o7.net ]
C:\Users\Ann-Kristin\AppData\Roaming\Microsoft\Windows\Cookies\R68EWIR2.txt [ /content.yieldmanager.com ]
C:\Users\Ann-Kristin\AppData\Roaming\Microsoft\Windows\Cookies\7VF11W7M.txt [ /ads.linguee.com ]
C:\Users\Ann-Kristin\AppData\Roaming\Microsoft\Windows\Cookies\0BRM670Y.txt [ /ad2.ycasmd.info ]
C:\Users\Ann-Kristin\AppData\Roaming\Microsoft\Windows\Cookies\01VZQ8L3.txt [ /in.getclicky.com ]
C:\Users\Ann-Kristin\AppData\Roaming\Microsoft\Windows\Cookies\3452WKBU.txt [ /adserver2.clipkit.de ]
C:\Users\Ann-Kristin\AppData\Roaming\Microsoft\Windows\Cookies\JBW6QSCK.txt [ /ads.lzjl.com ]
C:\Users\Ann-Kristin\AppData\Roaming\Microsoft\Windows\Cookies\X98NXDI0.txt [ /legolas-media.com ]
C:\Users\Ann-Kristin\AppData\Roaming\Microsoft\Windows\Cookies\EA7YUJYV.txt [ /liveperson.net ]
C:\Users\Ann-Kristin\AppData\Roaming\Microsoft\Windows\Cookies\0ZDBUZFU.txt [ /bs.serving-sys.com ]
C:\Users\Ann-Kristin\AppData\Roaming\Microsoft\Windows\Cookies\LC7227A4.txt [ /247realmedia.com ]
C:\Users\Ann-Kristin\AppData\Roaming\Microsoft\Windows\Cookies\PAP8E59A.txt [ /adbrite.com ]
C:\Users\Ann-Kristin\AppData\Roaming\Microsoft\Windows\Cookies\FY5YB1B9.txt [ /track.effiliation.com ]
C:\Users\Ann-Kristin\AppData\Roaming\Microsoft\Windows\Cookies\298BZVJQ.txt [ /ad.profiwin.de ]
C:\Users\Ann-Kristin\AppData\Roaming\Microsoft\Windows\Cookies\7Q32Z6E6.txt [ /ads.undertone.com ]
C:\Users\Ann-Kristin\AppData\Roaming\Microsoft\Windows\Cookies\YXYP4W6Z.txt [ /www.usenext.de ]
C:\Users\Ann-Kristin\AppData\Roaming\Microsoft\Windows\Cookies\HYTM2XYO.txt [ /lucidmedia.com ]
C:\Users\Ann-Kristin\AppData\Roaming\Microsoft\Windows\Cookies\5LPTUC1W.txt [ /www.active-tracking.de ]
C:\Users\Ann-Kristin\AppData\Roaming\Microsoft\Windows\Cookies\FTPZLVZ1.txt [ /topliste-abc.de ]
C:\Users\Ann-Kristin\AppData\Roaming\Microsoft\Windows\Cookies\N9YX6UPT.txt [ /ad.dyntracker.com ]
C:\Users\Ann-Kristin\AppData\Roaming\Microsoft\Windows\Cookies\PDGEOSJG.txt [ /rts.pgmediaserve.com ]
C:\Users\Ann-Kristin\AppData\Roaming\Microsoft\Windows\Cookies\ZDQD6O25.txt [ /etargetnet.com ]
C:\Users\Ann-Kristin\AppData\Roaming\Microsoft\Windows\Cookies\D0ZMSQDQ.txt [ /bwincom.122.2o7.net ]
C:\Users\Ann-Kristin\AppData\Roaming\Microsoft\Windows\Cookies\UTWVL33G.txt [ /ad.123-template.com ]
C:\Users\Ann-Kristin\AppData\Roaming\Microsoft\Windows\Cookies\Y2CPJOK8.txt [ /pointroll.com ]
C:\Users\Ann-Kristin\AppData\Roaming\Microsoft\Windows\Cookies\J2HNWWSP.txt [ /www.googleadservices.com ]
C:\Users\Ann-Kristin\AppData\Roaming\Microsoft\Windows\Cookies\LRHJE2LJ.txt [ /unister-adservices.com ]
C:\Users\Ann-Kristin\AppData\Roaming\Microsoft\Windows\Cookies\J7L0C4QP.txt [ /partypoker.com ]
C:\Users\Ann-Kristin\AppData\Roaming\Microsoft\Windows\Cookies\KSHPGQHA.txt [ /quartermedia.de ]
C:\Users\Ann-Kristin\AppData\Roaming\Microsoft\Windows\Cookies\CYTDOLCG.txt [ /exoclick.com ]
C:\Users\Ann-Kristin\AppData\Roaming\Microsoft\Windows\Cookies\MT9TYC0A.txt [ /youporn.de ]
C:\Users\Ann-Kristin\AppData\Roaming\Microsoft\Windows\Cookies\AIEFZMX1.txt [ /www.googleadservices.com ]
C:\Users\Ann-Kristin\AppData\Roaming\Microsoft\Windows\Cookies\GFNIV61F.txt [ /track.senzapudore.net ]
C:\Users\Ann-Kristin\AppData\Roaming\Microsoft\Windows\Cookies\S1VWS9DO.txt [ /intermundomedia.com ]
C:\Users\Ann-Kristin\AppData\Roaming\Microsoft\Windows\Cookies\YU9FYNO6.txt [ /ad.dyntracker.de ]
C:\Users\Ann-Kristin\AppData\Roaming\Microsoft\Windows\Cookies\8LGY4024.txt [ /interclick.com ]
C:\Users\Ann-Kristin\AppData\Roaming\Microsoft\Windows\Cookies\WHQC91XF.txt [ /amazon-adsystem.com ]
C:\Users\Ann-Kristin\AppData\Roaming\Microsoft\Windows\Cookies\XONFVUEU.txt [ /www.youporn.com ]
C:\Users\Ann-Kristin\AppData\Roaming\Microsoft\Windows\Cookies\EV3A9Y7W.txt [ /ads.miomedi.de ]
C:\Users\Ann-Kristin\AppData\Roaming\Microsoft\Windows\Cookies\WWQ5CBEW.txt [ /ads.auto-motor-und-sport.de ]
C:\Users\Ann-Kristin\AppData\Roaming\Microsoft\Windows\Cookies\8UT55C2M.txt [ /www.googleadservices.com ]
C:\Users\Ann-Kristin\AppData\Roaming\Microsoft\Windows\Cookies\UFHHJW20.txt [ /rotator.hadj7.adjuggler.net ]
C:\Users\Ann-Kristin\AppData\Roaming\Microsoft\Windows\Cookies\V7XO9UE5.txt [ /youpornclub.de ]
C:\Users\Ann-Kristin\AppData\Roaming\Microsoft\Windows\Cookies\COF39WXF.txt [ /dc.tremormedia.com ]
C:\Users\Ann-Kristin\AppData\Roaming\Microsoft\Windows\Cookies\AGKML06U.txt [ /driverscanner.softonic.de ]
C:\Users\Ann-Kristin\AppData\Roaming\Microsoft\Windows\Cookies\4F4SJRP3.txt [ /eyewonder.com ]
C:\Users\Ann-Kristin\AppData\Roaming\Microsoft\Windows\Cookies\2QM3CWAQ.txt [ /www.googleadservices.com ]
C:\Users\Ann-Kristin\AppData\Roaming\Microsoft\Windows\Cookies\UH9FAK0B.txt [ /adserver.mitfahrzentrale.de ]
C:\Users\Ann-Kristin\AppData\Roaming\Microsoft\Windows\Cookies\1WBCEENF.txt [ /de.partypoker.com ]
C:\Users\Ann-Kristin\AppData\Roaming\Microsoft\Windows\Cookies\1SSFPK0Z.txt [ /myroitracking.com ]
C:\Users\Ann-Kristin\AppData\Roaming\Microsoft\Windows\Cookies\GUZC1FWM.txt [ /unister-adservices.com ]
C:\USERS\ANN-KRISTIN\AppData\Roaming\Microsoft\Windows\Cookies\PJR0U0KE.txt [ Cookie:ann-kristin@adsonar.com/adserving ]
C:\USERS\ANN-KRISTIN\AppData\Roaming\Microsoft\Windows\Cookies\SNY8O76L.txt [ Cookie:ann-kristin@www.ab-in-den-urlaub.de/ibe/offers/params/tt/adult/1/agent/ab-in-den-urlaub.de/area/35/depAirport/12/depDate/15.05.2012/dest/4/duration/6_3/optCategory/2/optSportOffer/-1/port/654/retDate/20.05.2012/hotelId/27479/topHotelSelected/0/start/1/ibecat/lastminute/route/flattrip/formSelected/ ]
C:\USERS\ANN-KRISTIN\AppData\Roaming\Microsoft\Windows\Cookies\ann-kristin@google[8].txt [ Cookie:ann-kristin@google.de/intl/de/ads/ ]
C:\USERS\ANN-KRISTIN\AppData\Roaming\Microsoft\Windows\Cookies\LTQIQEN8.txt [ Cookie:ann-kristin@tn.motorpresse-statistik.de/track/ ]
C:\USERS\ANN-KRISTIN\AppData\Roaming\Microsoft\Windows\Cookies\JBZDXKVQ.txt [ Cookie:ann-kristin@spielerkabine.net/stats/ ]
C:\USERS\ANN-KRISTIN\AppData\Roaming\Microsoft\Windows\Cookies\06VGTZVE.txt [ Cookie:ann-kristin@www.ab-in-den-urlaub.de/ibe/offers/params/tt/adult/1/agent/ab-in-den-urlaub.de/area/35/depAirport/12/depDate/15.05.2012/dest/4/duration/6_3/optCategory/2/optSportOffer/-1/port/654/retDate/20.05.2012/hotelId/1315/topHotelSelected/0/start/1/ibecat/lastminute/route/flattrip/formSelected/ ]
C:\USERS\ANN-KRISTIN\Cookies\IVGU4G7O.txt [ Cookie:ann-kristin@specificclick.net/ ]
C:\USERS\ANN-KRISTIN\Cookies\3GVO606Z.txt [ Cookie:ann-kristin@adxpose.com/ ]
C:\USERS\ANN-KRISTIN\Cookies\VLBAMLUA.txt [ Cookie:ann-kristin@www.zanox-affiliate.de/ ]
C:\USERS\ANN-KRISTIN\Cookies\WQBNZXHO.txt [ Cookie:ann-kristin@citi.bridgetrack.com/ ]
C:\USERS\ANN-KRISTIN\Cookies\2O1N1WRT.txt [ Cookie:ann-kristin@www.googleadservices.com/pagead/conversion/1056071884/ ]
C:\USERS\ANN-KRISTIN\Cookies\TD0C4U7A.txt [ Cookie:ann-kristin@ads.mikinimedia.de/ ]
C:\USERS\ANN-KRISTIN\Cookies\1483LCK3.txt [ Cookie:ann-kristin@imrworldwide.com/cgi-bin ]
C:\USERS\ANN-KRISTIN\Cookies\CLW9O55H.txt [ Cookie:ann-kristin@advertising.com/ ]
C:\USERS\ANN-KRISTIN\Cookies\O41BQ1NG.txt [ Cookie:ann-kristin@wmedia.rotator.hadj7.adjuggler.net/ ]
C:\USERS\ANN-KRISTIN\Cookies\ZNMDERA3.txt [ Cookie:ann-kristin@xiti.com/ ]
C:\USERS\ANN-KRISTIN\Cookies\Y8CE58QZ.txt [ Cookie:ann-kristin@www.etracker.de/ ]
C:\USERS\ANN-KRISTIN\Cookies\DESR9ONG.txt [ Cookie:ann-kristin@hotelreservationservice.122.2o7.net/ ]
C:\USERS\ANN-KRISTIN\Cookies\GWWDCX73.txt [ Cookie:ann-kristin@ad2.adfarm1.adition.com/ ]
C:\USERS\ANN-KRISTIN\Cookies\2YYYTN0L.txt [ Cookie:ann-kristin@smartadserver.com/ ]
C:\USERS\ANN-KRISTIN\Cookies\1KY7O2VO.txt [ Cookie:ann-kristin@adserver.adtechus.com/ ]
C:\USERS\ANN-KRISTIN\Cookies\6E1A6T6L.txt [ Cookie:ann-kristin@a.revenuemax.de/ ]
C:\USERS\ANN-KRISTIN\Cookies\K8OYUZFK.txt [ Cookie:ann-kristin@tracking.quisma.com/ ]
C:\USERS\ANN-KRISTIN\Cookies\LNDHUMTW.txt [ Cookie:ann-kristin@content.yieldmanager.com/ak/ ]
C:\USERS\ANN-KRISTIN\Cookies\RKMV32EQ.txt [ Cookie:ann-kristin@guj.122.2o7.net/ ]
C:\USERS\ANN-KRISTIN\Cookies\2E92YGK3.txt [ Cookie:ann-kristin@zanox-affiliate.de/ ]
C:\USERS\ANN-KRISTIN\Cookies\SPPAMQ8X.txt [ Cookie:ann-kristin@ad1.adfarm1.adition.com/ ]
C:\USERS\ANN-KRISTIN\Cookies\L4RGAEX7.txt [ Cookie:ann-kristin@adx.chip.de/ ]
C:\USERS\ANN-KRISTIN\Cookies\Y22LTWVI.txt [ Cookie:ann-kristin@www.googleadservices.com/pagead/conversion/1039033256/ ]
C:\USERS\ANN-KRISTIN\Cookies\DVR6WD35.txt [ Cookie:ann-kristin@studivz.adfarm1.adition.com/ ]
C:\USERS\ANN-KRISTIN\Cookies\7MZDTVVW.txt [ Cookie:ann-kristin@trafficmp.com/ ]
C:\USERS\ANN-KRISTIN\Cookies\8I65TIAO.txt [ Cookie:ann-kristin@ad.adnet.de/ ]
C:\USERS\ANN-KRISTIN\Cookies\J6A8N4D3.txt [ Cookie:ann-kristin@counter2.sexmoney.com/ ]
C:\USERS\ANN-KRISTIN\Cookies\YQ2VKAZ7.txt [ Cookie:ann-kristin@deutschepostag.112.2o7.net/ ]
C:\USERS\ANN-KRISTIN\Cookies\47PU2GV7.txt [ Cookie:ann-kristin@adinterax.com/ ]
C:\USERS\ANN-KRISTIN\Cookies\8UGNZQJH.txt [ Cookie:ann-kristin@youporn.com/ ]
C:\USERS\ANN-KRISTIN\Cookies\TGPYX0G6.txt [ Cookie:ann-kristin@track.adform.net/ ]
C:\USERS\ANN-KRISTIN\Cookies\FF6C5ECO.txt [ Cookie:ann-kristin@insightexpressai.com/ ]
C:\USERS\ANN-KRISTIN\Cookies\7UDXWFGZ.txt [ Cookie:ann-kristin@ad.adition.net/ ]
C:\USERS\ANN-KRISTIN\Cookies\5NBJ9GB6.txt [ Cookie:ann-kristin@ad.yieldmanager.com/ ]
C:\USERS\ANN-KRISTIN\Cookies\5P0P7F31.txt [ Cookie:ann-kristin@ww251.smartadserver.com/ ]
C:\USERS\ANN-KRISTIN\Cookies\KV1EMBJN.txt [ Cookie:ann-kristin@2o7.net/ ]
C:\USERS\ANN-KRISTIN\Cookies\HG7DQIMD.txt [ Cookie:ann-kristin@at.atwola.com/ ]
C:\USERS\ANN-KRISTIN\Cookies\H7I8XOLQ.txt [ Cookie:ann-kristin@invitemedia.com/ ]
C:\USERS\ANN-KRISTIN\Cookies\CWSCJN1V.txt [ Cookie:ann-kristin@atdmt.com/ ]
C:\USERS\ANN-KRISTIN\Cookies\F4L4V6MO.txt [ Cookie:ann-kristin@ad3.adfarm1.adition.com/ ]
C:\USERS\ANN-KRISTIN\Cookies\D1N138ED.txt [ Cookie:ann-kristin@webmasterplan.com/ ]
C:\USERS\ANN-KRISTIN\Cookies\TNZYL5BW.txt [ Cookie:ann-kristin@im.banner.t-online.de/ ]
C:\USERS\ANN-KRISTIN\Cookies\TYP3PX0A.txt [ Cookie:ann-kristin@traffictrack.de/ ]
C:\USERS\ANN-KRISTIN\Cookies\JDGB3F3S.txt [ Cookie:ann-kristin@adform.net/ ]
C:\USERS\ANN-KRISTIN\Cookies\R1TH7CDO.txt [ Cookie:ann-kristin@a1.interclick.com/ ]
C:\USERS\ANN-KRISTIN\Cookies\RGO5THIT.txt [ Cookie:ann-kristin@track.effiliation.com/ ]
C:\USERS\ANN-KRISTIN\Cookies\Q6ODSU6S.txt [ Cookie:ann-kristin@media.gan-online.com/ ]
C:\USERS\ANN-KRISTIN\Cookies\XMSWDLAP.txt [ Cookie:ann-kristin@zanox.com/ ]
C:\USERS\ANN-KRISTIN\Cookies\LWUX2ETX.txt [ Cookie:ann-kristin@accounts.google.com/ ]
C:\USERS\ANN-KRISTIN\Cookies\PJR0U0KE.txt [ Cookie:ann-kristin@adsonar.com/adserving ]
C:\USERS\ANN-KRISTIN\Cookies\HO4UCIW7.txt [ Cookie:ann-kristin@yadro.ru/ ]
C:\USERS\ANN-KRISTIN\Cookies\MOJI30YY.txt [ Cookie:ann-kristin@realmedia.com/ ]
C:\USERS\ANN-KRISTIN\Cookies\OW204N8L.txt [ Cookie:ann-kristin@dyntracker.com/ ]
C:\USERS\ANN-KRISTIN\Cookies\6WM66E2D.txt [ Cookie:ann-kristin@edates.traffective-tracking.com/ ]
C:\USERS\ANN-KRISTIN\Cookies\DD4L37LL.txt [ Cookie:ann-kristin@edge.download.newmedia.nacamar.net/ ]
C:\USERS\ANN-KRISTIN\Cookies\SNY8O76L.txt [ Cookie:ann-kristin@www.ab-in-den-urlaub.de/ibe/offers/params/tt/adult/1/agent/ab-in-den-urlaub.de/area/35/depAirport/12/depDate/15.05.2012/dest/4/duration/6_3/optCategory/2/optSportOffer/-1/port/654/retDate/20.05.2012/hotelId/27479/topHotelSelected/0/start/1/ibecat/lastminute/route/flattrip/formSelected/ ]
C:\USERS\ANN-KRISTIN\Cookies\CDUW3AYE.txt [ Cookie:ann-kristin@counter.sexsuche.tv/ ]
C:\USERS\ANN-KRISTIN\Cookies\VMPXWRED.txt [ Cookie:ann-kristin@pro-market.net/ ]
C:\USERS\ANN-KRISTIN\Cookies\19HQ1AUS.txt [ Cookie:ann-kristin@ads.pointroll.com/ ]
C:\USERS\ANN-KRISTIN\Cookies\FVCFN04Y.txt [ Cookie:ann-kristin@de.sitestat.com/otto-de/ottode-testcl/ ]
C:\USERS\ANN-KRISTIN\Cookies\0J1AA99S.txt [ Cookie:ann-kristin@7.rotator.wigetmedia.com/ ]
C:\USERS\ANN-KRISTIN\Cookies\8QEILX2N.txt [ Cookie:ann-kristin@adserver.effilee.de/ ]
C:\USERS\ANN-KRISTIN\Cookies\ann-kristin@google[8].txt [ Cookie:ann-kristin@google.de/intl/de/ads/ ]
C:\USERS\ANN-KRISTIN\Cookies\ETD2QGIP.txt [ Cookie:ann-kristin@d.mediaforge.com/ ]
C:\USERS\ANN-KRISTIN\Cookies\4QMH3PKO.txt [ Cookie:ann-kristin@rotator.wigetmedia.com/servlet/ajrotator/track/pt168325 ]
C:\USERS\ANN-KRISTIN\Cookies\A27PEAQ0.txt [ Cookie:ann-kristin@kontera.com/ ]
C:\USERS\ANN-KRISTIN\Cookies\S1UZBOM1.txt [ Cookie:ann-kristin@collective-media.net/ ]
C:\USERS\ANN-KRISTIN\Cookies\L31PC8Y3.txt [ Cookie:ann-kristin@questionmarket.com/ ]
C:\USERS\ANN-KRISTIN\Cookies\YRTTWV01.txt [ Cookie:ann-kristin@server.adform.net/ ]
C:\USERS\ANN-KRISTIN\Cookies\6IOZ9500.txt [ Cookie:ann-kristin@unitymedia.de/ ]
C:\USERS\ANN-KRISTIN\Cookies\WPIBNUGW.txt [ Cookie:ann-kristin@olympiaverlag.122.2o7.net/ ]
C:\USERS\ANN-KRISTIN\Cookies\3X3QBP85.txt [ Cookie:ann-kristin@ads.saymedia.com/ ]
C:\USERS\ANN-KRISTIN\Cookies\K7WIK29W.txt [ Cookie:ann-kristin@akamai.interclickproxy.com/ ]
C:\USERS\ANN-KRISTIN\Cookies\2WOFX9BK.txt [ Cookie:ann-kristin@tracking.mindshare.de/ ]
C:\USERS\ANN-KRISTIN\Cookies\AYAF14P2.txt [ Cookie:ann-kristin@beiersdorf.122.2o7.net/ ]
C:\USERS\ANN-KRISTIN\Cookies\R68EWIR2.txt [ Cookie:ann-kristin@content.yieldmanager.com/ ]
C:\USERS\ANN-KRISTIN\Cookies\01VZQ8L3.txt [ Cookie:ann-kristin@in.getclicky.com/ ]
C:\USERS\ANN-KRISTIN\Cookies\3452WKBU.txt [ Cookie:ann-kristin@adserver2.clipkit.de/ ]
C:\USERS\ANN-KRISTIN\Cookies\X98NXDI0.txt [ Cookie:ann-kristin@legolas-media.com/ ]
C:\USERS\ANN-KRISTIN\Cookies\EA7YUJYV.txt [ Cookie:ann-kristin@liveperson.net/ ]
C:\USERS\ANN-KRISTIN\Cookies\0ZDBUZFU.txt [ Cookie:ann-kristin@bs.serving-sys.com/ ]
C:\USERS\ANN-KRISTIN\Cookies\LC7227A4.txt [ Cookie:ann-kristin@247realmedia.com/ ]
C:\USERS\ANN-KRISTIN\Cookies\PAP8E59A.txt [ Cookie:ann-kristin@adbrite.com/ ]
C:\USERS\ANN-KRISTIN\Cookies\YXYP4W6Z.txt [ Cookie:ann-kristin@www.usenext.de/ ]
C:\USERS\ANN-KRISTIN\Cookies\HYTM2XYO.txt [ Cookie:ann-kristin@lucidmedia.com/ ]
C:\USERS\ANN-KRISTIN\Cookies\FTPZLVZ1.txt [ Cookie:ann-kristin@topliste-abc.de/ ]
C:\USERS\ANN-KRISTIN\Cookies\N9YX6UPT.txt [ Cookie:ann-kristin@ad.dyntracker.com/ ]
C:\USERS\ANN-KRISTIN\Cookies\PDGEOSJG.txt [ Cookie:ann-kristin@rts.pgmediaserve.com/ ]
C:\USERS\ANN-KRISTIN\Cookies\ZDQD6O25.txt [ Cookie:ann-kristin@etargetnet.com/ ]
C:\USERS\ANN-KRISTIN\Cookies\D0ZMSQDQ.txt [ Cookie:ann-kristin@bwincom.122.2o7.net/ ]
C:\USERS\ANN-KRISTIN\Cookies\LTQIQEN8.txt [ Cookie:ann-kristin@tn.motorpresse-statistik.de/track/ ]
C:\USERS\ANN-KRISTIN\Cookies\JBZDXKVQ.txt [ Cookie:ann-kristin@spielerkabine.net/stats/ ]
C:\USERS\ANN-KRISTIN\Cookies\Y2CPJOK8.txt [ Cookie:ann-kristin@pointroll.com/ ]
C:\USERS\ANN-KRISTIN\Cookies\J2HNWWSP.txt [ Cookie:ann-kristin@www.googleadservices.com/pagead/conversion/1027357641/ ]
C:\USERS\ANN-KRISTIN\Cookies\LRHJE2LJ.txt [ Cookie:ann-kristin@unister-adservices.com/services/ ]
C:\USERS\ANN-KRISTIN\Cookies\CYTDOLCG.txt [ Cookie:ann-kristin@exoclick.com/ ]
C:\USERS\ANN-KRISTIN\Cookies\MT9TYC0A.txt [ Cookie:ann-kristin@youporn.de/ ]
C:\USERS\ANN-KRISTIN\Cookies\AIEFZMX1.txt [ Cookie:ann-kristin@www.googleadservices.com/pagead/conversion/1072378660/ ]
C:\USERS\ANN-KRISTIN\Cookies\GFNIV61F.txt [ Cookie:ann-kristin@track.senzapudore.net/ ]
C:\USERS\ANN-KRISTIN\Cookies\YU9FYNO6.txt [ Cookie:ann-kristin@ad.dyntracker.de/ ]
C:\USERS\ANN-KRISTIN\Cookies\8LGY4024.txt [ Cookie:ann-kristin@interclick.com/ ]
C:\USERS\ANN-KRISTIN\Cookies\WHQC91XF.txt [ Cookie:ann-kristin@amazon-adsystem.com/ ]
C:\USERS\ANN-KRISTIN\Cookies\XONFVUEU.txt [ Cookie:ann-kristin@www.youporn.com/ ]
C:\USERS\ANN-KRISTIN\Cookies\8UT55C2M.txt [ Cookie:ann-kristin@www.googleadservices.com/pagead/conversion/962777929/ ]
C:\USERS\ANN-KRISTIN\Cookies\UFHHJW20.txt [ Cookie:ann-kristin@rotator.hadj7.adjuggler.net/servlet/ajrotator/track/pt143728 ]
C:\USERS\ANN-KRISTIN\Cookies\COF39WXF.txt [ Cookie:ann-kristin@dc.tremormedia.com/ ]
C:\USERS\ANN-KRISTIN\Cookies\06VGTZVE.txt [ Cookie:ann-kristin@www.ab-in-den-urlaub.de/ibe/offers/params/tt/adult/1/agent/ab-in-den-urlaub.de/area/35/depAirport/12/depDate/15.05.2012/dest/4/duration/6_3/optCategory/2/optSportOffer/-1/port/654/retDate/20.05.2012/hotelId/1315/topHotelSelected/0/start/1/ibecat/lastminute/route/flattrip/formSelected/ ]
C:\USERS\ANN-KRISTIN\Cookies\4F4SJRP3.txt [ Cookie:ann-kristin@eyewonder.com/ ]
C:\USERS\ANN-KRISTIN\Cookies\UH9FAK0B.txt [ Cookie:ann-kristin@adserver.mitfahrzentrale.de/ ]
C:\USERS\ANN-KRISTIN\Cookies\1WBCEENF.txt [ Cookie:ann-kristin@de.partypoker.com/ ]
C:\USERS\ANN-KRISTIN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\ANN-KRISTIN@ADS.MITFAHRZENTRALE[1].TXT [ /ADS.MITFAHRZENTRALE ]
ad.yieldmanager.com [ C:\USERS\ANN-KRISTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\46OSX4W2.DEFAULT\COOKIES.SQLITE ]
.adxpose.com [ C:\USERS\ANN-KRISTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\46OSX4W2.DEFAULT\COOKIES.SQLITE ]
.specificclick.net [ C:\USERS\ANN-KRISTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\46OSX4W2.DEFAULT\COOKIES.SQLITE ]
.doubleclick.net [ C:\USERS\ANN-KRISTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\46OSX4W2.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\ANN-KRISTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\46OSX4W2.DEFAULT\COOKIES.SQLITE ]
.webmasterplan.com [ C:\USERS\ANN-KRISTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\46OSX4W2.DEFAULT\COOKIES.SQLITE ]
.webmasterplan.com [ C:\USERS\ANN-KRISTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\46OSX4W2.DEFAULT\COOKIES.SQLITE ]
.webmasterplan.com [ C:\USERS\ANN-KRISTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\46OSX4W2.DEFAULT\COOKIES.SQLITE ]
.atdmt.com [ C:\USERS\ANN-KRISTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\46OSX4W2.DEFAULT\COOKIES.SQLITE ]
.atdmt.com [ C:\USERS\ANN-KRISTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\46OSX4W2.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\USERS\ANN-KRISTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\46OSX4W2.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\ANN-KRISTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\46OSX4W2.DEFAULT\COOKIES.SQLITE ]
.media6degrees.com [ C:\USERS\ANN-KRISTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\46OSX4W2.DEFAULT\COOKIES.SQLITE ]
.media6degrees.com [ C:\USERS\ANN-KRISTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\46OSX4W2.DEFAULT\COOKIES.SQLITE ]
.media6degrees.com [ C:\USERS\ANN-KRISTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\46OSX4W2.DEFAULT\COOKIES.SQLITE ]
.tradedoubler.com [ C:\USERS\ANN-KRISTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\46OSX4W2.DEFAULT\COOKIES.SQLITE ]
.tradedoubler.com [ C:\USERS\ANN-KRISTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\46OSX4W2.DEFAULT\COOKIES.SQLITE ]
.tradedoubler.com [ C:\USERS\ANN-KRISTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\46OSX4W2.DEFAULT\COOKIES.SQLITE ]
.apmebf.com [ C:\USERS\ANN-KRISTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\46OSX4W2.DEFAULT\COOKIES.SQLITE ]
.mediaplex.com [ C:\USERS\ANN-KRISTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\46OSX4W2.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\ANN-KRISTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\46OSX4W2.DEFAULT\COOKIES.SQLITE ]
.adxvalue.com [ C:\USERS\ANN-KRISTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\46OSX4W2.DEFAULT\COOKIES.SQLITE ]
adx.chip.de [ C:\USERS\ANN-KRISTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\46OSX4W2.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\ANN-KRISTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\46OSX4W2.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\ANN-KRISTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\46OSX4W2.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\ANN-KRISTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\46OSX4W2.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\ANN-KRISTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\46OSX4W2.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\ANN-KRISTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\46OSX4W2.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\ANN-KRISTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\46OSX4W2.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\ANN-KRISTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\46OSX4W2.DEFAULT\COOKIES.SQLITE ]
adx.chip.de [ C:\USERS\ANN-KRISTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\46OSX4W2.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\ANN-KRISTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\46OSX4W2.DEFAULT\COOKIES.SQLITE ]
ad.adition.net [ C:\USERS\ANN-KRISTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\46OSX4W2.DEFAULT\COOKIES.SQLITE ]
ad.adition.net [ C:\USERS\ANN-KRISTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\46OSX4W2.DEFAULT\COOKIES.SQLITE ]
adfarm1.adition.com [ C:\USERS\ANN-KRISTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\46OSX4W2.DEFAULT\COOKIES.SQLITE ]
track.adform.net [ C:\USERS\ANN-KRISTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\46OSX4W2.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\ANN-KRISTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\46OSX4W2.DEFAULT\COOKIES.SQLITE ]
.overture.com [ C:\USERS\ANN-KRISTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\46OSX4W2.DEFAULT\COOKIES.SQLITE ]
.amazon-adsystem.com [ C:\USERS\ANN-KRISTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\46OSX4W2.DEFAULT\COOKIES.SQLITE ]
.amazon-adsystem.com [ C:\USERS\ANN-KRISTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\46OSX4W2.DEFAULT\COOKIES.SQLITE ]
partners.webmasterplan.com [ C:\USERS\ANN-KRISTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\46OSX4W2.DEFAULT\COOKIES.SQLITE ]
www.googleadservices.com [ C:\USERS\ANN-KRISTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\46OSX4W2.DEFAULT\COOKIES.SQLITE ]
.webmasterplan.com [ C:\USERS\ANN-KRISTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\46OSX4W2.DEFAULT\COOKIES.SQLITE ]
.fastclick.net [ C:\USERS\ANN-KRISTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\46OSX4W2.DEFAULT\COOKIES.SQLITE ]
.smartadserver.com [ C:\USERS\ANN-KRISTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\46OSX4W2.DEFAULT\COOKIES.SQLITE ]
eas.apm.emediate.eu [ C:\USERS\ANN-KRISTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\46OSX4W2.DEFAULT\COOKIES.SQLITE ]
.webmasterplan.com [ C:\USERS\ANN-KRISTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\46OSX4W2.DEFAULT\COOKIES.SQLITE ]
.webmasterplan.com [ C:\USERS\ANN-KRISTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\46OSX4W2.DEFAULT\COOKIES.SQLITE ]
.adviva.net [ C:\USERS\ANN-KRISTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\46OSX4W2.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\ANN-KRISTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\46OSX4W2.DEFAULT\COOKIES.SQLITE ]
.BurstMedia [ C:\USERS\ANN-KRISTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\46OSX4W2.DEFAULT\COOKIES.SQLITE ]
.webmasterplan.com [ C:\USERS\ANN-KRISTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\46OSX4W2.DEFAULT\COOKIES.SQLITE ]
www.googleadservices.com [ C:\USERS\ANN-KRISTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\46OSX4W2.DEFAULT\COOKIES.SQLITE ]
.webmasterplan.com [ C:\USERS\ANN-KRISTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\46OSX4W2.DEFAULT\COOKIES.SQLITE ]
.webmasterplan.com [ C:\USERS\ANN-KRISTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\46OSX4W2.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\ANN-KRISTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\46OSX4W2.DEFAULT\COOKIES.SQLITE ]
.yadro.ru [ C:\USERS\ANN-KRISTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\46OSX4W2.DEFAULT\COOKIES.SQLITE ]
.yadro.ru [ C:\USERS\ANN-KRISTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\46OSX4W2.DEFAULT\COOKIES.SQLITE ]
.kontera.com [ C:\USERS\ANN-KRISTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\46OSX4W2.DEFAULT\COOKIES.SQLITE ]
.legolas-media.com [ C:\USERS\ANN-KRISTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\46OSX4W2.DEFAULT\COOKIES.SQLITE ]
.legolas-media.com [ C:\USERS\ANN-KRISTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\46OSX4W2.DEFAULT\COOKIES.SQLITE ]
.legolas-media.com [ C:\USERS\ANN-KRISTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\46OSX4W2.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\USERS\ANN-KRISTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\46OSX4W2.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\ANN-KRISTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\46OSX4W2.DEFAULT\COOKIES.SQLITE ]
.smartadserver.com [ C:\USERS\ANN-KRISTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\46OSX4W2.DEFAULT\COOKIES.SQLITE ]
.smartadserver.com [ C:\USERS\ANN-KRISTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\46OSX4W2.DEFAULT\COOKIES.SQLITE ]
.smartadserver.com [ C:\USERS\ANN-KRISTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\46OSX4W2.DEFAULT\COOKIES.SQLITE ]
tracking.mlsat02.de [ C:\USERS\ANN-KRISTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\46OSX4W2.DEFAULT\COOKIES.SQLITE ]
.tracking.quisma.com [ C:\USERS\ANN-KRISTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\46OSX4W2.DEFAULT\COOKIES.SQLITE ]
statse.webtrendslive.com [ C:\USERS\ANN-KRISTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\46OSX4W2.DEFAULT\COOKIES.SQLITE ]
.smartadserver.com [ C:\USERS\ANN-KRISTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\46OSX4W2.DEFAULT\COOKIES.SQLITE ]
.smartadserver.com [ C:\USERS\ANN-KRISTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\46OSX4W2.DEFAULT\COOKIES.SQLITE ]
.adxvalue.com [ C:\USERS\ANN-KRISTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\46OSX4W2.DEFAULT\COOKIES.SQLITE ]
.adxvalue.com [ C:\USERS\ANN-KRISTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\46OSX4W2.DEFAULT\COOKIES.SQLITE ]
.adxvalue.com [ C:\USERS\ANN-KRISTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\46OSX4W2.DEFAULT\COOKIES.SQLITE ]
.adxvalue.com [ C:\USERS\ANN-KRISTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\46OSX4W2.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\ANN-KRISTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\46OSX4W2.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\ANN-KRISTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\46OSX4W2.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\ANN-KRISTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\46OSX4W2.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\ANN-KRISTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\46OSX4W2.DEFAULT\COOKIES.SQLITE ]
ads.adxvalue.com [ C:\USERS\ANN-KRISTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\46OSX4W2.DEFAULT\COOKIES.SQLITE ]
ads.adxvalue.com [ C:\USERS\ANN-KRISTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\46OSX4W2.DEFAULT\COOKIES.SQLITE ]
ads.adxvalue.com [ C:\USERS\ANN-KRISTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\46OSX4W2.DEFAULT\COOKIES.SQLITE ]
ads.adxvalue.com [ C:\USERS\ANN-KRISTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\46OSX4W2.DEFAULT\COOKIES.SQLITE ]
.adxvalue.com [ C:\USERS\ANN-KRISTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\46OSX4W2.DEFAULT\COOKIES.SQLITE ]
track.adform.net [ C:\USERS\ANN-KRISTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\46OSX4W2.DEFAULT\COOKIES.SQLITE ]
.adform.net [ C:\USERS\ANN-KRISTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\46OSX4W2.DEFAULT\COOKIES.SQLITE ]
www.googleadservices.com [ C:\USERS\ANN-KRISTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\46OSX4W2.DEFAULT\COOKIES.SQLITE ]
.guj.122.2o7.net [ C:\USERS\ANN-KRISTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\46OSX4W2.DEFAULT\COOKIES.SQLITE ]
.zanox-affiliate.de [ C:\USERS\ANN-KRISTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\46OSX4W2.DEFAULT\COOKIES.SQLITE ]
.unitymedia.de [ C:\USERS\ANN-KRISTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\46OSX4W2.DEFAULT\COOKIES.SQLITE ]
.unitymedia.de [ C:\USERS\ANN-KRISTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\46OSX4W2.DEFAULT\COOKIES.SQLITE ]
.tracking.quisma.com [ C:\USERS\ANN-KRISTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\46OSX4W2.DEFAULT\COOKIES.SQLITE ]
.tracking.quisma.com [ C:\USERS\ANN-KRISTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\46OSX4W2.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\ANN-KRISTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\46OSX4W2.DEFAULT\COOKIES.SQLITE ]
.mediaplex.com [ C:\USERS\ANN-KRISTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\46OSX4W2.DEFAULT\COOKIES.SQLITE ]
.adtech.de [ C:\USERS\ANN-KRISTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\46OSX4W2.DEFAULT\COOKIES.SQLITE ]
.xiti.com [ C:\USERS\ANN-KRISTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\46OSX4W2.DEFAULT\COOKIES.SQLITE ]
dc.tremormedia.com [ C:\USERS\ANN-KRISTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\46OSX4W2.DEFAULT\COOKIES.SQLITE ]
.im.banner.t-online.de [ C:\USERS\ANN-KRISTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\46OSX4W2.DEFAULT\COOKIES.SQLITE ]
www.googleadservices.com [ C:\USERS\ANN-KRISTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\46OSX4W2.DEFAULT\COOKIES.SQLITE ]
.adtech.de [ C:\USERS\ANN-KRISTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\46OSX4W2.DEFAULT\COOKIES.SQLITE ]
.im.banner.t-online.de [ C:\USERS\ANN-KRISTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\46OSX4W2.DEFAULT\COOKIES.SQLITE ]
.im.banner.t-online.de [ C:\USERS\ANN-KRISTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\46OSX4W2.DEFAULT\COOKIES.SQLITE ]
.clickfuse.com [ C:\USERS\ANN-KRISTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\46OSX4W2.DEFAULT\COOKIES.SQLITE ]
.im.banner.t-online.de [ C:\USERS\ANN-KRISTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\46OSX4W2.DEFAULT\COOKIES.SQLITE ]
.im.banner.t-online.de [ C:\USERS\ANN-KRISTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\46OSX4W2.DEFAULT\COOKIES.SQLITE ]
.adtech.de [ C:\USERS\ANN-KRISTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\46OSX4W2.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\ANN-KRISTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\46OSX4W2.DEFAULT\COOKIES.SQLITE ]
.adtech.de [ C:\USERS\ANN-KRISTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\46OSX4W2.DEFAULT\COOKIES.SQLITE ]
.fastclick.net [ C:\USERS\ANN-KRISTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\46OSX4W2.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\ANN-KRISTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\46OSX4W2.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\ANN-KRISTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\46OSX4W2.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\ANN-KRISTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\46OSX4W2.DEFAULT\COOKIES.SQLITE ]
www.googleadservices.com [ C:\USERS\ANN-KRISTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\46OSX4W2.DEFAULT\COOKIES.SQLITE ]
etracker Home - forget log-file analysis, this is real-time Web Analytics and online market research [ C:\USERS\ANN-KRISTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\46OSX4W2.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\ANN-KRISTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\46OSX4W2.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\ANN-KRISTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\46OSX4W2.DEFAULT\COOKIES.SQLITE ]
ad.zanox.com [ C:\USERS\ANN-KRISTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\46OSX4W2.DEFAULT\COOKIES.SQLITE ]
.zanox.com [ C:\USERS\ANN-KRISTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\46OSX4W2.DEFAULT\COOKIES.SQLITE ]
.imrworldwide.com [ C:\USERS\ANN-KRISTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\46OSX4W2.DEFAULT\COOKIES.SQLITE ]
.imrworldwide.com [ C:\USERS\ANN-KRISTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\46OSX4W2.DEFAULT\COOKIES.SQLITE ]
ad3.adfarm1.adition.com [ C:\USERS\ANN-KRISTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\46OSX4W2.DEFAULT\COOKIES.SQLITE ]
.adtech.de [ C:\USERS\ANN-KRISTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\46OSX4W2.DEFAULT\COOKIES.SQLITE ]
ww251.smartadserver.com [ C:\USERS\ANN-KRISTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\46OSX4W2.DEFAULT\COOKIES.SQLITE ]
.webmasterplan.com [ C:\USERS\ANN-KRISTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\46OSX4W2.DEFAULT\COOKIES.SQLITE ]
.adtech.de [ C:\USERS\ANN-KRISTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\46OSX4W2.DEFAULT\COOKIES.SQLITE ]
.adtech.de [ C:\USERS\ANN-KRISTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\46OSX4W2.DEFAULT\COOKIES.SQLITE ]
.adtech.de [ C:\USERS\ANN-KRISTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\46OSX4W2.DEFAULT\COOKIES.SQLITE ]
.adtech.de [ C:\USERS\ANN-KRISTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\46OSX4W2.DEFAULT\COOKIES.SQLITE ]
eas.apm.emediate.eu [ C:\USERS\ANN-KRISTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\46OSX4W2.DEFAULT\COOKIES.SQLITE ]
.ru4.com [ C:\USERS\ANN-KRISTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\46OSX4W2.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\ANN-KRISTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\46OSX4W2.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\ANN-KRISTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\46OSX4W2.DEFAULT\COOKIES.SQLITE ]
.adtech.de [ C:\USERS\ANN-KRISTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\46OSX4W2.DEFAULT\COOKIES.SQLITE ]
www.googleadservices.com [ C:\USERS\ANN-KRISTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\46OSX4W2.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\ANN-KRISTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\46OSX4W2.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\ANN-KRISTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\46OSX4W2.DEFAULT\COOKIES.SQLITE ]
ad4.adfarm1.adition.com [ C:\USERS\ANN-KRISTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\46OSX4W2.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\ANN-KRISTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\46OSX4W2.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\ANN-KRISTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\46OSX4W2.DEFAULT\COOKIES.SQLITE ]
ad2.adfarm1.adition.com [ C:\USERS\ANN-KRISTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\46OSX4W2.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\ANN-KRISTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\46OSX4W2.DEFAULT\COOKIES.SQLITE ]
.tracking.quisma.com [ C:\USERS\ANN-KRISTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\46OSX4W2.DEFAULT\COOKIES.SQLITE ]
.doubleclick.net [ C:\USERS\ANN-KRISTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\46OSX4W2.DEFAULT\COOKIES.SQLITE ]
etracker Home - forget log-file analysis, this is real-time Web Analytics and online market research [ C:\USERS\ANN-KRISTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\46OSX4W2.DEFAULT\COOKIES.SQLITE ]
.overture.com [ C:\USERS\ANN-KRISTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\46OSX4W2.DEFAULT\COOKIES.SQLITE ]
.overture.com [ C:\USERS\ANN-KRISTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\46OSX4W2.DEFAULT\COOKIES.SQLITE ]
etracker Home - forget log-file analysis, this is real-time Web Analytics and online market research [ C:\USERS\ANN-KRISTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\46OSX4W2.DEFAULT\COOKIES.SQLITE ]
etracker Home - forget log-file analysis, this is real-time Web Analytics and online market research [ C:\USERS\ANN-KRISTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\46OSX4W2.DEFAULT\COOKIES.SQLITE ]
etracker Home - forget log-file analysis, this is real-time Web Analytics and online market research [ C:\USERS\ANN-KRISTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\46OSX4W2.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\ANN-KRISTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\46OSX4W2.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\ANN-KRISTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\46OSX4W2.DEFAULT\COOKIES.SQLITE ]
ad1.adfarm1.adition.com [ C:\USERS\ANN-KRISTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\46OSX4W2.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\USERS\ANN-KRISTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\46OSX4W2.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\USERS\ANN-KRISTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\46OSX4W2.DEFAULT\COOKIES.SQLITE ]
.lexmark.122.2o7.net [ C:\USERS\ANN-KRISTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\46OSX4W2.DEFAULT\COOKIES.SQLITE ]

Chris4You 18.05.2012 06:30
Hi,

nur cookies die gefunden wurden...
Die Date wurde von OTL in das Verzeichnis C:\_OTL\MovedFiles verschoben, dort solltest Du sie finden und nochmal bei virustotal scannen lassen können...

chris

akay 18.05.2012 09:25
Hey Guten Morgen,

anbei die Ergebnisse von VirusTotal, ich habe jetzt auch alle Unterordner mitgescannt:

1)

SHA256:
b802be1a861242063b53ca89e4e5b9e30e664e37988e4da4e77e5295ba523575

SHA1:
fbbf7babf665b89fa926cffbb1d959c6f8c7090a

MD5:
07646ff6332b3af3154ea294bb222f54

File size:
5.3 KB ( 5466 bytes )

File name:
05172012_182549.log

File type:
MP3

Detection ratio:
0 / 42

Analysis date:
2012-05-18 07:58:07 UTC ( 2 Minuten ago )

2)
SHA256:
6af74e5879e84f55259079a93fc4900fa5257b4ff8177e8807c2b9a47080abfe

SHA1:
03b8a02f02b97c46ee7c1ad2cb32f3211a75ea45

MD5:
2c5061aaf6acf1265113d84e218dbf4a

File size:
35.5 KB ( 36364 bytes )

File name:
indexCAZYA51T.htm

File type:
HTML

Detection ratio:
0 / 42

Analysis date:
2012-05-18 08:09:00 UTC ( 0 Minuten ago )

3)


SHA256:
b5e45e6c4587134953d65004e958af311736dcc6174ea2e359d3acf7c982742a

SHA1:
3d070565bcadfe323e6d4a9282f77b42333d9f6b

MD5:
7a5b9b38be5fffd883235ad67c06d6f6

File size:
226.8 KB ( 232252 bytes )

File name:
115196-antivir-berichtet-mir-zwei-trojanern-jedoch-malwarebytes-anti-male-kein-fund[1].htm

File type:
HTML

Detection ratio:
0 / 42

Analysis date:
2012-05-18 08:10:54 UTC ( 0 Minuten ago )

4)

SHA256:
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA1:
da39a3ee5e6b4b0d3255bfef95601890afd80709

MD5:
d41d8cd98f00b204e9800998ecf8427e

File size:
0 Bytes ( 0 bytes )

File name:
si[1].htm

File type:
unknown

Detection ratio:
0 / 42

Analysis date:
2012-05-18 08:08:18 UTC ( 2 Minuten ago )

5)

SHA256:
103f1b465e127b33812432c5d9b80adf9baa03722216349417201dcb5a56d19e

SHA1:
08f49e4f1b2f7568130427836de762da5191079a

MD5:
7a3e1434234c44bc50651d565c7272aa

File size:
51.2 KB ( 52443 bytes )

File name:
51871-anleitung-superantispyware[1].htm

File type:
HTML

Detection ratio:
0 / 42

Analysis date:
2012-05-18 08:12:01 UTC ( 1 Minute ago )

6)
c7eddd8e377214b9636121470cfb4d1f95d5fcbf5ef340f28ee5c77e28608dc6

SHA1:
3760ab5aaabee156c1559e8472ff174877613506

MD5:
c101ee9790a1eaa19ba809761a546fca

File size:
5.4 KB ( 5515 bytes )

File name:
ads[1].htm

File type:
HTML

Detection ratio:
0 / 42

Analysis date:
2012-05-18 08:13:19 UTC ( 1 Minute ago )

7)
c7eddd8e377214b9636121470cfb4d1f95d5fcbf5ef340f28ee5c77e28608dc6

SHA1:
3760ab5aaabee156c1559e8472ff174877613506

MD5:
c101ee9790a1eaa19ba809761a546fca

File size:
5.4 KB ( 5515 bytes )

File name:
ads[1].htm

File type:
HTML

Detection ratio:
0 / 42

Analysis date:
2012-05-18 08:13:19 UTC ( 1 Minute ago )

8)

SHA256:
374b901ce8a2ae52bebef7b25b2e0e9a88ae7db940bf68d529b7319fb7654136

SHA1:
93ed1b0713e5359d8d566d3a672de2ba27af03d4

MD5:
3055cc36dab48ecf7f90f53eaaa3f933

File size:
35.5 KB ( 36364 bytes )

File name:
indexCA7DVPEN.htm

File type:
HTML

Detection ratio:
0 / 42

Analysis date:
2012-05-18 08:14:00 UTC ( 0 Minuten ago )

9)
SHA256:
f71e677d3c08d299f7f48625b812578040a69b19bd8b16e178d06d49a3b3066f

SHA1:
a4968631f34449febbbef2d225197aad8d97294d

MD5:
b8b8373e7a7a132f527af905498defdd

File size:
287.9 KB ( 294820 bytes )

File name:
ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat

File type:
unknown

Detection ratio:
0 / 42

Analysis date:
2012-05-18 08:17:54 UTC ( 0 Minuten ago )

10)
SHA256:
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA1:
da39a3ee5e6b4b0d3255bfef95601890afd80709

MD5:
d41d8cd98f00b204e9800998ecf8427e

File size:
0 Bytes ( 0 bytes )

File name:
HELLO.EXE

File type:
unknown

Detection ratio:
0 / 42

Analysis date:
2012-05-18 08:18:10 UTC ( 4 Minuten ago )


Viele Grüße
Akay :)

Chris4You 18.05.2012 09:48
Hi,

erstelle noch mal ein neues OLT-Log und poste es...

chris

akay 18.05.2012 10:49
Hi,

anbei das OTL.Txt und das Extras.Txt als Anhang.

Viele Grüße

Chris4You 19.05.2012 16:08
Hi,

sieht ok aus...

chris

akay 19.05.2012 16:54
Hi Chris,
Vielen dank für deine Hilfe!!! :-) :-)
Ich bin jetzt wirklich froh :-)
Kann ich die Programme nun wieder deinstallieren?!
Viele grüße und noch ein schönes Wochenende!

Chris4You 19.05.2012 21:32
Hi,

ja...
Ev. SASW für "zwischendurchscanns" behalten (vor dem Scannen update nicht vergessen)...
OTL und das Verzeichnis C:\_OTL kannst Du löschen...

chris

akay 20.05.2012 13:38
Hallo Chris,

ok super, vielen Dank!
Du hast mich echt gerettet ;-)

Viele liebe Grüße
Akay

Hallo Chris,

jetzt hat Avira nochmal einen Suchdurchlauf gestartet und es wurde wieder ein Pfund gemeldet, eine von den selben Dateien, die auch schon am Anfang aufgefunden worden ist.
Ich habe hier mal den Report einkopiert.
Kannst du mir nochmal helfen?!
Dank dir schon mal!



Avira Free Antivirus
Erstellungsdatum der Reportdatei: Sonntag, 20. Mai 2012 20:55

Es wird nach 3716013 Virenstämmen gesucht.

Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.

Lizenznehmer : Avira AntiVir Personal - Free Antivirus
Seriennummer : 0000149996-ADJIE-0000001
Plattform : Windows 7 Home Premium
Windowsversion : (plain) [6.1.7600]
Boot Modus : Normal gebootet
Benutzername : SYSTEM
Computername : A-K-PC

Versionsinformationen:
BUILD.DAT : 12.0.0.1125 41829 Bytes 02.05.2012 16:34:00
AVSCAN.EXE : 12.3.0.15 466896 Bytes 09.05.2012 08:41:05
AVSCAN.DLL : 12.3.0.15 66256 Bytes 09.05.2012 08:41:05
LUKE.DLL : 12.3.0.15 68304 Bytes 09.05.2012 08:41:06
AVSCPLR.DLL : 12.3.0.14 97032 Bytes 09.05.2012 08:41:06
AVREG.DLL : 12.3.0.17 232200 Bytes 11.05.2012 15:17:53
VBASE000.VDF : 7.10.0.0 19875328 Bytes 06.11.2009 18:18:34
VBASE001.VDF : 7.11.0.0 13342208 Bytes 14.12.2010 23:31:49
VBASE002.VDF : 7.11.19.170 14374912 Bytes 20.12.2011 14:25:59
VBASE003.VDF : 7.11.21.238 4472832 Bytes 01.02.2012 19:24:31
VBASE004.VDF : 7.11.26.44 4329472 Bytes 28.03.2012 20:01:40
VBASE005.VDF : 7.11.29.136 2166272 Bytes 10.05.2012 15:17:46
VBASE006.VDF : 7.11.29.137 2048 Bytes 10.05.2012 15:17:47
VBASE007.VDF : 7.11.29.138 2048 Bytes 10.05.2012 15:17:47
VBASE008.VDF : 7.11.29.139 2048 Bytes 10.05.2012 15:17:47
VBASE009.VDF : 7.11.29.140 2048 Bytes 10.05.2012 15:17:47
VBASE010.VDF : 7.11.29.141 2048 Bytes 10.05.2012 15:17:47
VBASE011.VDF : 7.11.29.142 2048 Bytes 10.05.2012 15:17:47
VBASE012.VDF : 7.11.29.143 2048 Bytes 10.05.2012 15:17:47
VBASE013.VDF : 7.11.29.144 2048 Bytes 10.05.2012 15:17:47
VBASE014.VDF : 7.11.30.3 198144 Bytes 14.05.2012 16:18:57
VBASE015.VDF : 7.11.30.69 186368 Bytes 17.05.2012 07:54:25
VBASE016.VDF : 7.11.30.70 2048 Bytes 17.05.2012 07:54:25
VBASE017.VDF : 7.11.30.71 2048 Bytes 17.05.2012 07:54:26
VBASE018.VDF : 7.11.30.72 2048 Bytes 17.05.2012 07:54:26
VBASE019.VDF : 7.11.30.73 2048 Bytes 17.05.2012 07:54:26
VBASE020.VDF : 7.11.30.74 2048 Bytes 17.05.2012 07:54:26
VBASE021.VDF : 7.11.30.75 2048 Bytes 17.05.2012 07:54:26
VBASE022.VDF : 7.11.30.76 2048 Bytes 17.05.2012 07:54:26
VBASE023.VDF : 7.11.30.77 2048 Bytes 17.05.2012 07:54:26
VBASE024.VDF : 7.11.30.78 2048 Bytes 17.05.2012 07:54:26
VBASE025.VDF : 7.11.30.79 2048 Bytes 17.05.2012 07:54:27
VBASE026.VDF : 7.11.30.80 2048 Bytes 17.05.2012 07:54:27
VBASE027.VDF : 7.11.30.81 2048 Bytes 17.05.2012 07:54:27
VBASE028.VDF : 7.11.30.82 2048 Bytes 17.05.2012 07:54:27
VBASE029.VDF : 7.11.30.83 2048 Bytes 17.05.2012 07:54:27
VBASE030.VDF : 7.11.30.84 2048 Bytes 17.05.2012 07:54:27
VBASE031.VDF : 7.11.30.120 109056 Bytes 18.05.2012 12:31:28
Engineversion : 8.2.10.68
AEVDF.DLL : 8.1.2.2 106868 Bytes 15.12.2011 13:59:36
AESCRIPT.DLL : 8.1.4.19 455034 Bytes 11.05.2012 15:17:52
AESCN.DLL : 8.1.8.2 131444 Bytes 28.01.2012 13:29:02
AESBX.DLL : 8.2.5.5 606579 Bytes 12.03.2012 20:16:11
AERDL.DLL : 8.1.9.15 639348 Bytes 14.12.2011 23:31:02
AEPACK.DLL : 8.2.16.13 807287 Bytes 11.05.2012 15:17:52
AEOFFICE.DLL : 8.1.2.28 201082 Bytes 26.04.2012 20:20:31
AEHEUR.DLL : 8.1.4.28 4800886 Bytes 16.05.2012 22:15:59
AEHELP.DLL : 8.1.21.0 254326 Bytes 11.05.2012 15:17:47
AEGEN.DLL : 8.1.5.28 422260 Bytes 26.04.2012 20:19:47
AEEXP.DLL : 8.1.0.40 82292 Bytes 16.05.2012 22:16:00
AEEMU.DLL : 8.1.3.0 393589 Bytes 14.12.2011 23:30:58
AECORE.DLL : 8.1.25.6 201078 Bytes 16.03.2012 16:26:23
AEBB.DLL : 8.1.1.0 53618 Bytes 14.12.2011 23:30:58
AVWINLL.DLL : 12.3.0.15 27344 Bytes 09.05.2012 08:41:05
AVPREF.DLL : 12.3.0.15 51920 Bytes 09.05.2012 08:41:05
AVREP.DLL : 12.3.0.15 179208 Bytes 09.05.2012 08:41:06
AVARKT.DLL : 12.3.0.15 211408 Bytes 09.05.2012 08:41:05
AVEVTLOG.DLL : 12.3.0.15 169168 Bytes 09.05.2012 08:41:05
SQLITE3.DLL : 3.7.0.1 398288 Bytes 09.05.2012 08:41:06
AVSMTP.DLL : 12.3.0.15 63440 Bytes 09.05.2012 08:41:05
NETNT.DLL : 12.3.0.15 17104 Bytes 09.05.2012 08:41:06
RCIMAGE.DLL : 12.3.0.15 4447952 Bytes 09.05.2012 08:41:05
RCTEXT.DLL : 12.3.0.15 98512 Bytes 09.05.2012 08:41:05

Konfiguration für den aktuellen Suchlauf:
Job Name..............................: Vollständige Systemprüfung
Konfigurationsdatei...................: C:\Program Files (x86)\Avira\AntiVir Desktop\sysscan.avp
Protokollierung.......................: standard
Primäre Aktion........................: reparieren
Sekundäre Aktion......................: ignorieren
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: ein
Bootsektoren..........................: C:, D:,
Durchsuche aktive Programme...........: ein
Laufende Programme erweitert..........: ein
Durchsuche Registrierung..............: ein
Suche nach Rootkits...................: ein
Integritätsprüfung von Systemdateien..: aus
Datei Suchmodus.......................: Alle Dateien
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: erweitert

Beginn des Suchlaufs: Sonntag, 20. Mai 2012 20:55

Der Suchlauf über die Masterbootsektoren wird begonnen:
Masterbootsektor HD0
[INFO] Es wurde kein Virus gefunden!

Der Suchlauf über die Bootsektoren wird begonnen:
Bootsektor 'C:\'
[INFO] Es wurde kein Virus gefunden!
Bootsektor 'D:\'
[INFO] Es wurde kein Virus gefunden!

Der Suchlauf nach versteckten Objekten wird begonnen.
c:\adsm_pdata_0150
c:\adsm_pdata_0150
[HINWEIS] Das Verzeichnis ist nicht sichtbar.

Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'GoogleToolbarUser_32.exe' - '75' Modul(e) wurden durchsucht
Durchsuche Prozess 'iexplore.exe' - '175' Modul(e) wurden durchsucht
Durchsuche Prozess 'iexplore.exe' - '98' Modul(e) wurden durchsucht
Durchsuche Prozess 'avscan.exe' - '79' Modul(e) wurden durchsucht
Durchsuche Prozess 'openvpntray.exe' - '77' Modul(e) wurden durchsucht
Durchsuche Prozess 'ADSMSrv.exe' - '20' Modul(e) wurden durchsucht
Durchsuche Prozess 'CLMLSvc.exe' - '36' Modul(e) wurden durchsucht
Durchsuche Prozess 'AsScrPro.exe' - '32' Modul(e) wurden durchsucht
Durchsuche Prozess 'ADSMTray.exe' - '24' Modul(e) wurden durchsucht
Durchsuche Prozess 'iTunesHelper.exe' - '69' Modul(e) wurden durchsucht
Durchsuche Prozess 'GuardICQ.exe' - '36' Modul(e) wurden durchsucht
Durchsuche Prozess 'AdobeARM.exe' - '58' Modul(e) wurden durchsucht
Durchsuche Prozess 'jusched.exe' - '48' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '79' Modul(e) wurden durchsucht
Durchsuche Prozess 'fpassist.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'MaAgent.exe' - '37' Modul(e) wurden durchsucht
Durchsuche Prozess 'SMSTray.exe' - '41' Modul(e) wurden durchsucht
Durchsuche Prozess 'DMedia.exe' - '19' Modul(e) wurden durchsucht
Durchsuche Prozess 'ATKOSD2.exe' - '27' Modul(e) wurden durchsucht
Durchsuche Prozess 'PCCompanionInfo.exe' - '40' Modul(e) wurden durchsucht
Durchsuche Prozess 'HControlUser.exe' - '18' Modul(e) wurden durchsucht
Durchsuche Prozess 'Dropbox.exe' - '70' Modul(e) wurden durchsucht
Durchsuche Prozess 'PCCompanion.exe' - '118' Modul(e) wurden durchsucht
Durchsuche Prozess 'GoogleToolbarNotifier.exe' - '66' Modul(e) wurden durchsucht
Durchsuche Prozess 'ezprint.exe' - '61' Modul(e) wurden durchsucht
Durchsuche Prozess 'lxecmon.exe' - '43' Modul(e) wurden durchsucht
Durchsuche Prozess 'WDC.exe' - '29' Modul(e) wurden durchsucht
Durchsuche Prozess 'KBFiltr.exe' - '18' Modul(e) wurden durchsucht
Durchsuche Prozess 'ATKOSD.exe' - '18' Modul(e) wurden durchsucht
Durchsuche Prozess 'Atouch64.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'HControl.exe' - '35' Modul(e) wurden durchsucht
Durchsuche Prozess 'sensorsrv.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'wcourier.exe' - '35' Modul(e) wurden durchsucht
Durchsuche Prozess 'ControlDeckStartUp.exe' - '20' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'iviRegMgr.exe' - '22' Modul(e) wurden durchsucht
Durchsuche Prozess 'hsswd.exe' - '36' Modul(e) wurden durchsucht
Durchsuche Prozess 'hsssrv.exe' - '58' Modul(e) wurden durchsucht
Durchsuche Prozess 'openvpnas.exe' - '45' Modul(e) wurden durchsucht
Durchsuche Prozess 'GuardICQ.exe' - '56' Modul(e) wurden durchsucht
Durchsuche Prozess 'AppleMobileDeviceService.exe' - '64' Modul(e) wurden durchsucht
Durchsuche Prozess 'avguard.exe' - '69' Modul(e) wurden durchsucht
Durchsuche Prozess 'armsvc.exe' - '24' Modul(e) wurden durchsucht
Durchsuche Prozess 'sched.exe' - '42' Modul(e) wurden durchsucht
Durchsuche Prozess 'GFNEXSrv.exe' - '16' Modul(e) wurden durchsucht
Durchsuche Prozess 'ASLDRSrv.exe' - '21' Modul(e) wurden durchsucht

Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen:
Die Registry wurde durchsucht ( '2707' Dateien ).


Der Suchlauf über die ausgewählten Dateien wird begonnen:

Beginne mit der Suche in 'C:\' <OS>
C:\Program Files (x86)\Hotspot Shield\update\hss-update.upd
[WARNUNG] Die Version dieses Archives wird nicht unterstützt
C:\ProgramData\Spybot - Search & Destroy\Recovery\FraudCodecx.zip
[WARNUNG] Die Datei ist kennwortgeschützt
C:\Windows\System32\xpt8dpx4.tsp
[FUND] Ist das Trojanische Pferd TR/ATRAPS.Gen
[HINWEIS] Eine Sicherungskopie wurde unter dem Namen 5627dc99.qua erstellt ( QUARANTÄNE )
[WARNUNG] Die Datei wurde ignoriert.
Beginne mit der Suche in 'D:\' <DATA>


Ende des Suchlaufs: Sonntag, 20. Mai 2012 22:33
Benötigte Zeit: 1:37:17 Stunde(n)

Der Suchlauf wurde vollständig durchgeführt.

30264 Verzeichnisse wurden überprüft
974656 Dateien wurden geprüft
1 Viren bzw. unerwünschte Programme wurden gefunden
0 Dateien wurden als verdächtig eingestuft
0 Dateien wurden gelöscht
0 Viren bzw. unerwünschte Programme wurden repariert
1 Dateien wurden in die Quarantäne verschoben
0 Dateien wurden umbenannt
0 Dateien konnten nicht durchsucht werden
974655 Dateien ohne Befall
5153 Archive wurden durchsucht
3 Warnungen
2 Hinweise
1009816 Objekte wurden beim Rootkitscan durchsucht
1 Versteckte Objekte wurden gefunden

Chris4You 22.05.2012 12:49
Hi,

Scan mit SystemLook

Lade SystemLook von einem der folgenden Links und speichere das Tool auf dem Desktop.
32Bit
64Bit
  • Doppelklick auf die SystemLook.exe, um das Tool zu starten.
  • Vista-User/Win7 mit Rechtsklick und als Administrator starten.
  • Kopiere den Inhalt der folgenden Codebox in das Textfeld des Tools:

Code:

:filefind
xpt8dpx4.tsp
  • Klicke nun auf den Button Look, um den Scan zu starten.
Wenn der Suchlauf beendet ist, wird sich Dein Editor mit den Ergebnissen öffnen, diese hier in den Thread posten.
Die Ergebnisse werden auf dem Desktop als SystemLook.txt gespeichert.


Fix für OTL:
  • Doppelklick auf die OTL.exe, um das Programm auszuführen.
  • Vista/Win7-User bitte per Rechtsklick und "Ausführen als Administrator" starten.
  • Kopiere den Inhalt der folgenden Codebox komplett in die OTL-Box unter "Custom Scan/Fixes"
http://oldtimer.geekstogo.com/OTL/OTL_Main_Tutorial.gif
Code:


:FILES
C:\Windows\System32\xpt8dpx4.tsp

:Commands
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]
  • Den roten Run Fixes! Button anklicken.
  • Bitte alles aus dem Ergebnisfenster (Results) herauskopieren.
  • Eine Kopie eines OTL-Fix-Logs wird in einer Textdatei in folgendem Ordner gespeichert:
  • %systemroot%\_OTL

chris

akay 22.05.2012 21:47
Hallo Chris,
anbei das Ergebnis von SystemLook:

SystemLook 30.07.11 by jpshortstuff
Log created at 22:35 on 22/05/2012 by Ann-Kristin
Administrator - Elevation successful

========== filefind ==========

Searching for "xpt8dpx4.tsp"
C:\Windows\System32\xpt8dpx4.tsp --a---- 1414656 bytes [21:43 11/01/2012] [21:43 11/01/2012] (Unable to calculate MD5)

-= EOF =-

Und hier das Ergebnis von OTL:

All processes killed
========== FILES ==========
File\Folder C:\Windows\System32\xpt8dpx4.tsp not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Ann-Kristin
->Temp folder emptied: 666223 bytes
->Temporary Internet Files folder emptied: 127805781 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 781 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 6039855 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50233 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 128.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.43.1 log created on 05222012_224803

Files\Folders moved on Reboot...
C:\Users\Ann-Kristin\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Ann-Kristin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat moved successfully.
C:\Users\Ann-Kristin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XS579ZJJ\ads[4].htm moved successfully.
C:\Users\Ann-Kristin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VCUO03F9\anchorfree_net[1].htm moved successfully.
C:\Users\Ann-Kristin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NPBH3M1E\click[1].htm moved successfully.
File\Folder C:\Users\Ann-Kristin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NPBH3M1E\data_sync[1].htm not found!
C:\Users\Ann-Kristin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NPBH3M1E\ltag[1].htm moved successfully.
File\Folder C:\Users\Ann-Kristin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8UZD2QEU\anchorfree_net[1].htm not found!
C:\Users\Ann-Kristin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\42KW2L7N\ltag[1].htm moved successfully.
C:\Users\Ann-Kristin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\33F67SGG\anchorfree_net[1].htm moved successfully.

Registry entries deleted on Reboot...

Viele Grüße

Chris4You 24.05.2012 06:51
Hi,

hmm, das Teil wird gefunden, der Zugriff bzw. löschen klappt aber nicht...

Defogger
Downloade Dir bitte defogger von jpshortstuff auf Deinem Desktop.
  • Starte das Tool mit Doppelklick. Vista User: Bitte mit Rechtsklick "als Administrator starten".
  • Klicke nun auf den Disable Button um die Treiber gewisser Emulatoren zu deaktivieren.
  • Wenn der Scan beendet wurde ( Finished ), klicke auf OK.
  • Defogger fordert nun zum Neustart auf. Bestätige dies mit OK.
  • DeFogger erstellt nun ein Logfile auf dem Desktop (defogger_disable).
Poste bitte den Inhalt der Logfile in Deiner nächsten Antwort. Wenn wir die Bereinigung beendet haben, starte bitte defogger erneut und klicke den Re-enable Button.

OSAM
Prüft Programme/Treiber die gestartet werden online.
Folge den Anweisungen hier http://www.trojaner-board.de/84180-a...n-manager.html zur Erstellung eines Logs und poste das hier in Deinem Thread.

chris

chris

akay 27.05.2012 19:53
Hi Chris,

anbei die beiden Logfiles:

defogger_disable by jpshortstuff (23.02.10.1)
Log created at 20:34 on 27/05/2012 (Ann-Kristin)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-

OSAM Logfile:
Code:
Report of OSAM: Autorun Manager v5.0.11926.0
Online Solutions. Complex Protection for Information Systems
Saved at 20:53:12 on 27.05.2012

OS: Windows 7 Home Premium Edition (Build 7600), 64-bit
Default Browser: Mozilla Corporation Firefox 9.0.1

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Common]
-----( %SystemRoot%\Tasks )-----
"GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"nvcpl.cpl" - "NVIDIA Corporation" - C:\Windows\system32\nvcpl.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"mlcfg32.cpl" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~1\Office14\MLCFG32.CPL

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"ASMMAP64" (ASMMAP64) - ? - C:\Program Files\ATKGFNEX\ASMMAP64.sys
"avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys
"avkmgr" (avkmgr) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avkmgr.sys
"BandLuxe 3.5G HSDPA Adapter - USB" (br3gmdm) - "BandRich Inc." - C:\Windows\System32\DRIVERS\br3gmdm.sys
"Data Security Manager Driver" (AsDsm) - "ASUSTek Computer Inc" - C:\Windows\system32\drivers\AsDsm.sys
"FssFltr" (fssfltr) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\fssfltr.sys
"LGE Mobile Composite USB Device" (usbbus) - ? - C:\Windows\System32\DRIVERS\lgx64bus.sys  (File not found)
"LGE Mobile USB Modem" (USBModem) - ? - C:\Windows\System32\DRIVERS\lgx64modem.sys  (File not found)
"LGE Mobile USB Serial Port" (UsbDiag) - ? - C:\Windows\System32\DRIVERS\lgx64diag.sys  (File not found)
"regi" (regi) - "InterVideo" - C:\Windows\System32\drivers\regi.sys
"SASDIFSV" (SASDIFSV) - "SUPERAdBlocker.com and SUPERAntiSpyware.com" - C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
"SASKUTIL" (SASKUTIL) - "SUPERAdBlocker.com and SUPERAntiSpyware.com" - C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
"Tunebite High-Speed Dubbing" (tbhsd) - "RapidSolution Software AG" - C:\Windows\System32\drivers\tbhsd.sys
"WimFltr" (WimFltr) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\wimfltr.sys

[Explorer]
-----( HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? -  (File not found | COM-object registry key not found)
{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? -  (File not found | COM-object registry key not found)
{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? -  (File not found | COM-object registry key not found)
{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? -  (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )-----
{9C450606-ED24-4958-92BA-B8940C99D441} "PixiePack Codec Pack 1.1.400.0" - ? - C:\Program Files (x86)\PixiePack Codec Pack\InstallerHelper.exe
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\Help\hxds.dll
{828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL
{828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL
{91774881-D725-4E58-B298-07617B9B86A8} "Skype IE add-on Pluggable Protocol" - "Skype Technologies S.A." - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
{8FAF0273-9CA8-4efc-9536-1E35E254D5CD} "WEB.DE NewTab Protocol" - "1und1 Mail und Media GmbH" - C:\Program Files (x86)\WEB.DE Toolbar\IE\uitb.dll
{03C514A3-1EFB-4856-9F99-10D7BE1653C0} "Windows Live Mail HTML Asynchronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )-----
{B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
{88485281-8b4b-4f8d-9ede-82e29a064277} "ShellHook Class" - "MarkAny Cooperation." - C:\PROGRA~2\MarkAny\CONTEN~1\MACSMA~1.DLL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - C:\Program Files (x86)\7-Zip\7-zip.dll
{3D60EDA7-9AB4-4DA8-864C-D9B5F2E7281D} "Arbeitsbereiche" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
{D66DC78C-4F61-447F-942B-3FB6980118CF} "CInfoTipShellExt Class" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office14\VISSHE.DLL
{0563DB41-F538-4B37-A92D-4659049B7766} "CLSID_WLMCMimeFilter" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll
{99FD978C-D287-4F50-827F-B2C658EDA8E7} "Groove Explorer Icon Overlay 1 (GFS Unread Stub)" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
{AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} "Groove Explorer Icon Overlay 2 (GFS Stub)" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
{920E6DB1-9907-4370-B3A0-BAFC03D81399} "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
{16F3DD56-1AF5-4347-846D-7C10C4192619} "Groove Explorer Icon Overlay 3 (GFS Folder)" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
{2916C86E-86A6-43FE-8112-43ABE6BF8DCC} "Groove Explorer Icon Overlay 4 (GFS Unread Mark)" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
{2A541AE1-5BF6-4665-A8A3-CFA9672E4291} "Groove Folder Synchronization" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
{72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
{6C467336-8281-4E60-8204-430CED96822D} "Groove GFS Context Menu Handler" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
{B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
{A449600E-1DC6-4232-B948-9BD794D62056} "Groove GFS Stub Icon Handler" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
{387E725D-DC16-4D76-B310-2C93ED4752A0} "Groove XML Icon Handler" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
{506F4668-F13E-4AA1-BB04-B43203AB3CC0} "ImageExtractorShellExt Class" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office14\VISSHE.DLL
{792F0537-F929-4eb7-AC1D-FB6334C71550} "LG Phone" - ? -  (File not found | COM-object registry key not found)
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~1\Office14\msohevi.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\msoshext.dll
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\msoshext.dll
{0875DCB6-C686-4243-9432-ADCCF0B9F2D7} "Microsoft OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office14\ONFILTER.DLL
{00020D75-0000-0000-C000-000000000046} "Microsoft Outlook" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~1\Office14\MLSHEXT.DLL
{0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office14\OLKFSTUB.DLL
{E6FB5E20-DE35-11CF-9C87-00AA005127ED} "WebCheck" - ? -  (File not found | COM-object registry key not found)
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Webordner" - "Microsoft Corporation" - C:\PROGRA~2\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
{2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} "Windows Live Photo Gallery Autoplay Drop Target" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} "Windows Live Photo Gallery Editor Drop Target" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} "Windows Live Photo Gallery Editor Shim" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F30F90-3E96-453B-AFCD-D71989ECC2C7} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F33137-EE26-412F-8D71-F84E4C2C6625} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F374B7-B390-4884-B372-2FC349F2172B} "Windows Live Photo Gallery Viewer Drop Target" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F346CB-35A4-465B-8B8F-65A29DBAB1F6} "Windows Live Photo Gallery Viewer Shim" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll
{06A2568A-CED6-4187-BB20-400B8C02BE5A} "{06A2568A-CED6-4187-BB20-400B8C02BE5A}" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad )-----
{E6FB5E20-DE35-11CF-9C87-00AA005127ED} "WebCheck" - ? -  (File not found | COM-object registry key not found)

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
<binary data> "&Windows Live Toolbar" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
<binary data> "Google Toolbar" - "Google Inc." - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
ITBar7Height "ITBar7Height" - ? -  (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -  (File not found | COM-object registry key not found)
<binary data> "WEB.DE Toolbar" - "1und1 Mail und Media GmbH" - C:\Program Files (x86)\WEB.DE Toolbar\IE\uitb.dll
<binary data> "{C55BBCD6-41AD-48AD-9953-3609C48EACC7}" - ? -  (File not found | COM-object registry key not found)
<binary data> "{D4027C7F-154A-4066-A1AD-4243D8127440}" - ? -  (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_30" - "Sun Microsystems, Inc." - C:\Program Files (x86)\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} "Java Plug-in 1.6.0_30" - "Sun Microsystems, Inc." - C:\Program Files (x86)\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_30" - "Sun Microsystems, Inc." - C:\Program Files (x86)\Java\jre6\bin\npjpi160_30.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
{D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\Windows\SysWOW64\Macromed\Flash\Flash11e.ocx / hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
{E2883E8F-472F-4FB0-9522-AC9BF37916A7} "{E2883E8F-472F-4FB0-9522-AC9BF37916A7}" - ? -  (File not found | COM-object registry key not found) / hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
{5F7B1267-94A9-47F5-98DB-E99415F33AEC} "In Blog veröffentlichen" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
{898EA8C8-E7FF-479B-8935-AEC46303B9E5} "Skype Plug-In" - "Skype Technologies S.A." - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
{FFFDC614-B694-4AE6-AB38-5D6374584B52} "Verknüpfte &OneNote-Notizen" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
<binary data> "&Windows Live Toolbar" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
<binary data> "Google Toolbar" - "Google Inc." - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
Locked "Locked" - ? -  (File not found | COM-object registry key not found)
<binary data> "WEB.DE Toolbar" - "1und1 Mail und Media GmbH" - C:\Program Files (x86)\WEB.DE Toolbar\IE\uitb.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{AA58ED58-01DD-4d91-8333-CF10577473F7} "Google Toolbar Helper" - "Google Inc." - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
{72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} "Hotspot Shield Class" - ? - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} "Java(tm) Plug-In SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
{B4F3A835-0E21-4959-BA22-42B3008E02FF} "Office Document Cache Handler" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} "Skype Browser Helper" - "Skype Technologies S.A." - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
{17166733-40EA-4432-A85C-AE672FF0E236} "WEB.DE Konfiguration" - "1&1 Mail & Media GmbH" - C:\ProgramData\1und1InternetExplorerAddon\BHOXML.dll
{BF42D4A8-016E-4fcd-B1EB-837659FD77C6} "WEB.DE Toolbar BHO" - "1und1 Mail und Media GmbH" - C:\Program Files (x86)\WEB.DE Toolbar\IE\uitb.dll
{9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live Anmelde-Hilfsprogramm" - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} "Windows Live Toolbar Helper" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
{5C255C8A-E604-49b4-9D64-90988571CECB} "{5C255C8A-E604-49b4-9D64-90988571CECB}" - ? -  (File not found | COM-object registry key not found)

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Users\Ann-Kristin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
"Dropbox.lnk" - "Dropbox, Inc." - C:\Users\Ann-Kristin\AppData\Roaming\Dropbox\bin\Dropbox.exe  (Shortcut exists | File exists)
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
"FancyStart daemon.lnk" - "ASUSTeK Computer Inc." - C:\Program Files (x86)\ASUS\FancyStart\FancyStart.exe  (Shortcut exists | File exists)
"SRS Premium Sound.lnk" - "SRS Labs, Inc." - C:\Program Files\SRS Labs\SRS Premium Sound Control Panel\SRSPremiumPanel_64.exe  (Shortcut exists | File exists)
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"Sony PC Companion" - "Sony" - "C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe" /Background
"SUPERAntiSpyware" - "SUPERAntiSpyware.com" - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
"swg" - "Google Inc." - "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----
"StartupPrograms" - ? - rdpclip  (File not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"APSDaemon" - "Apple Inc." - "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
"ATKMEDIA" - "ASUS" - C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
"ATKOSD2" - "ASUS" - C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
"avgnt" - "Avira Operations GmbH & Co. KG" - "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
"BCSSync" - "Microsoft Corporation" - "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
"FreePDF Assistant" - "shbox.de" - C:\Program Files (x86)\FreePDF_XP\fpassist.exe
"Guard.Mail.ru.gui" - ? - "C:\Program Files (x86)\Guard-ICQ\GuardICQ.exe" /gui
"HControlUser" - "ASUS" - C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
"iTunesHelper" - "Apple Inc." - "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
"MAAgent" - "(주)마크애니" - C:\Program Files (x86)\MarkAny\ContentSafer\MAAgent.exe
"Setwallpaper" - ? - c:\programdata\SetWallpaper.cmd  (File not found)
"SMSTray" - "SAMSUNG ELECTRONICS" - C:\Program Files (x86)\Samsung\Samsung Media Studio 5\SMSTray.exe
"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
"UpdateLBPShortCut" - "CyberLink Corp." - "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
"UpdateP2GoShortCut" - "CyberLink Corp." - "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"Redirected Port" - ? - C:\Windows\system32\redmonnt.dll  (File found, but it contains no detailed information)

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"@%ProgramFiles%\Windows Defender\MsMpRes.dll,-103" (WinDefend) - ? - C:\Program Files (x86)\Windows Defender\mpsvc.dll  (File not found)
"@%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101" (WMPNetworkSvc) - ? - "C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe"  (File not found)
"Adobe Acrobat Update Service" (AdobeARMservice) - "Adobe Systems Incorporated" - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
"ADSM Service" (ADSMService) - "ASUSTek Computer Inc." - C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe
"AFBAgent" (AFBAgent) - "ASUSTeK Computer Inc." - C:\Windows\system32\FBAgent.exe
"Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
"ASLDR Service" (ASLDRService) - "ASUS" - C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe
"ATKGFNEX Service" (ATKGFNEXSrv) - ? - C:\Program Files\ATKGFNEX\GFNEXSrv.exe
"Avira Echtzeit Scanner" (AntiVirService) - "Avira Operations GmbH & Co. KG" - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
"Avira Planer" (AntiVirSchedulerService) - "Avira Operations GmbH & Co. KG" - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
"Dienst "Bonjour"" (Bonjour Service) - "Apple Inc." - C:\Program Files\Bonjour\mDNSResponder.exe
"Google Software Updater" (gusvc) - "Google" - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
"Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
"Google Update-Dienst (gupdatem)" (gupdatem) - "Google Inc." - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
"Guard.Mail.ru" (Guard.Mail.ru) - ? - C:\Program Files (x86)\Guard-ICQ\GuardICQ.exe
"Hotspot Shield Monitoring Service" (HssWd) - ? - C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe  (File found, but it contains no detailed information)
"Hotspot Shield Routing Service" (HssSrv) - ? - C:\Program Files (x86)\Hotspot Shield\HssWPR\hsssrv.exe
"Hotspot Shield Service" (hshld) - ? - C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe  (File found, but it contains no detailed information)
"Hotspot Shield Tray Service" (HssTrayService) - ? - C:\Program Files (x86)\Hotspot Shield\bin\HssTrayService.EXE  (File found, but it contains no detailed information)
"iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Program Files\iPod\bin\iPodService.exe
"IviRegMgr" (IviRegMgr) - "InterVideo" - C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
"Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
"Microsoft SharePoint Workspace Audit Service" (Microsoft SharePoint Workspace Audit Service) - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE
"NVIDIA Display Driver Service" (nvsvc) - "NVIDIA Corporation" - C:\Windows\system32\nvvsvc.exe
"Oberon Media Game Console service" (OberonGameConsoleService) - ? - C:\Program Files (x86)\Asus\Game Park\GameConsole\OberonGameConsoleService.exe
"Office  Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"Office Software Protection Platform" (osppsvc) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
"SAS Core Service" (!SASCORE) - "SUPERAntiSpyware.com" - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
"Sony PC Companion" (Sony PC Companion) - "Avanquest Software" - C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe
"Update-Service" (Update-Service) - ? - C:\Windows\System32\UpdSvc.dll  (File not found)
"Windows Live Family Safety" (fsssvc) - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe

[Winsock Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----
"d3dyl0vvc" - ? - C:\Windows\system32\d3dyl0vvc.dll  (File not found)
"mdnsNSP" - "Apple Inc." - C:\Program Files (x86)\Bonjour\mdnsNSP.dll

===[ Logfile end ]=========================================[ Logfile end ]===
--- --- ---

If You have questions or want to get some help, You can visit Online Solutions :: Index

Chris4You 28.05.2012 10:22
Hi,

wird nicht verwendet lt. OASM, lässt sich aber auch nicht löschen...

Dann hilft eigentlich nur Hardcore, die Entfernung wenn Windows nicht läuft...

Nachfolgen die CD brennen, mit der CD booten und vorher das OTL script entwender auf die Festplatte kopieren oder auf einen USB-Stick...

System mit OTL-PE scannen
  • Lade OTLPENet.exe von OldTimer herunter und speichere sie auf Deinem Desktop.
  • Anmerkung: Die Datei ist ca. 120 MB groß und es wird bei langsamer Internet-Verbindung ein wenig dauern, bis Du sie runtergeladen hast.
  • Wenn der Download fertig ist, mache einen Doppelklick auf die Datei und beantworte die Frage "Do you want to burn the CD?" mit Yes.
  • Lege eine leere CD in Deinen Brenner.
  • ImgBurn (oder Dein Brennprogramm) wird das Archiv extrahieren und OTLPE Network auf die CD brennen.
  • Wenn der Brenn-Vorgang abgeschlossen ist, wirst Du eine Dialogbox sehen => "Operation successfully completed".
  • Du kannst nun die Fenster des Brennprogramms schließen.
  • Starte das unbootbare System neu und boote von der CD, die Du gerade erstellt hast.
  • Dein System sollte nach einigen Minuten den REATOGO-X-PE Desktop anzeigen.
  • Mache einen Doppelklick auf das OTLPE Icon.
  • Wenn Du gefragt wirst "Do you wish to load the remote registry", dann wähle Yes.
  • Wenn Du gefragt wirst "Do you wish to load remote user profile(s) for scanning", dann wähle Yes.
  • Vergewissere Dich, dass die Box "Automatically Load All Remaining Users" gewählt ist und drücke OK.
  • OTLpe sollte nun starten.


http://image.hijackthis.de/upload/hjt1-034.jpg
  • Drücke Run Scan, um den Scan zu starten.
  • Wenn der Scan fertig ist, werden die Dateien C:\OTL.Txt und C:\Extras.Txt gesichert und mit Notepad++ geöffnet.
  • Kopiere diese Datei auf Deinen USB-Stick, wenn Du keine Internetverbindung auf diesem System hast.
  • Bitte poste den Inhalt von C:\OTL.Txt und Extras.Txt in diesen Thread.

Jetzt wie mit dem normalen OTL das Script reinkopieren und abfahren:
Code:
:FILES
C:\Windows\System32\xpt8dpx4.tsp

:Commands
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]
  • Den roten Run Fixes! Button anklicken.
  • Bitte alles aus dem Ergebnisfenster (Results) herauskopieren.
  • Eine Kopie eines OTL-Fix-Logs wird in einer Textdatei in folgendem Ordner gespeichert:
  • %systemroot%\_OTL

chris

akay 29.05.2012 17:50
Hi Chris,
leider kann ich OTL-PE nicht auf CD brennen, es erscheint nach dem Doppelklick das Fenster "0% Extracting", aber es läuft leider auch nicht weiter...
Kann ich OTLPE vielleicht auch so mit ImgBurn brennen?!

Viele Grüße

Chris4You 30.05.2012 06:43
Hi,

nein, die Datei muss sich entpacken... Keine Abfrage "Do you want to Burn the CD"?. Hast Du die Datei hier runtergeladen http://filepony.de/download-otlpe/?

chris

akay 30.05.2012 17:07
Hallo Chris,

ja ich habe die Datei mit dem angegebenen Link heruntergeladen, aber es erscheint immer die Meldung "C:\Users\Ann-Kristin\Desktop\OTLPENet.exe ist keine zulässige Win32-Anwendung."

Viele Grüße

Chris4You 30.05.2012 19:01
Hi,

hm, seltsam...
Probieren wir mal die Killbox...

KILLBOX - Pocket KillBox
http://virus-protect.org/killbox.html
oder
http://www.wintotal.de/Software/index.php?id=4101

Options: Delete on Reboot --> anhaken
reinkopieren:
Code:
C:\Windows\System32\xpt8dpx4.tsp
und klicke auf das rote Kreuz, wenn gefragt wird, ob "Do you want to reboot? "---- klicke auf "no",und kopiere das nächste rein, erst beim letzten auf "yes"

PC neustarten

chris

akay 30.05.2012 22:26
Huhuu,

so langsam verzweifel ich echt :/

Leider funktioniert der erste Link nicht, denn da kommt beim öffnen der exe-Datei auch die nachricht von wegen, dass es sich um keine zulässige win32-Anwendung handelt und wenn ich auf den zweiten Link gehe, dann kommt folgende Meldung: Dieser Eintrag existiert nicht.

:( Ich hoffe du kannst mir nochmal weiterhelfen....

Chris4You 31.05.2012 06:40
Hi,

ich werde alt...

OTL:
  • Doppelklick auf die OTL.exe, um das Programm auszuführen.
  • Vista/Win7-User bitte per Rechtsklick und "Ausführen als Administrator" starten.
  • Kopiere den Inhalt der folgenden Codebox komplett in die OTL-Box unter "Custom Scan/Fixes"
http://oldtimer.geekstogo.com/OTL/OTL_Main_Tutorial.gif
Code:
:OTL
SRV - (Update-Service) -- C:\Windows\SysWOW64\UpdSvc.dll (Joosoft.com GmbH)

:Commands
[purity]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]
  • Den roten Run Fixes! Button anklicken.
  • Bitte alles aus dem Ergebnisfenster (Results) herauskopieren.
  • Eine Kopie eines OTL-Fix-Logs wird in einer Textdatei in folgendem Ordner gespeichert:
  • %systemroot%\_OTL

Schluß mit lustig...

Combofix
Lade Combo Fix von http://download.bleepingcomputer.com/sUBs/ComboFix.exe und speichert es auf den Desktop.

Alle Fenster schliessen und combofix.exe starten und bestätige die folgende Abfrage mit 1 und drücke Enter.

Der Scan mit Combofix kann einige Zeit in Anspruch nehmen, also habe etwas Geduld. Während des Scans bitte nichts am Rechner unternehmen
Es kann möglich sein, dass der Rechner zwischendurch neu gestartet wird.
Nach Scanende wird ein Report (ComboFix.txt) angezeigt, den bitte kopieren und in deinem Thread einfuegen. Das Log solltest Du unter C:\ComboFix.txt finden...

chris

akay 31.05.2012 21:11
Hey,

leider bekomme ich auch bei ComboFix diese blöde Meldung von wegen Win32-Anwendung....

Aber hier mal das Logfile von OTL:

All processes killed
========== OTL ==========
Service Update-Service stopped successfully!
Service Update-Service deleted successfully!
C:\Windows\SysWOW64\UpdSvc.dll moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Ann-Kristin
->Temp folder emptied: 35331579 bytes
->Temporary Internet Files folder emptied: 140185444 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 578147775 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 8197 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 12377 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 32902 bytes
RecycleBin emptied: 110216522 bytes

Total Files Cleaned = 824.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.43.1 log created on 05312012_214518

Files\Folders moved on Reboot...
C:\Users\Ann-Kristin\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Ann-Kristin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat moved successfully.
C:\Users\Ann-Kristin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KB2PPM2G\115196-antivir-berichtet-mir-zwei-trojanern-jedoch-malwarebytes-anti-male-kein-fund-3[1].htm moved successfully.
C:\Users\Ann-Kristin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4QGGS6U2\facebook_com[1].htm moved successfully.

Registry entries deleted on Reboot...

Chris4You 01.06.2012 06:17
Hi,

lass jetzt nochmal Avira los und poste ein neues OTL-Log...

chris

akay 01.06.2012 17:31
Du meintest ich sollte Avira nochmal laufen lassen oder?!

Anbei das Logfile von Avira, Trojaner ist wieder gefunden worden und in Quarantäne verschoben worden...


Avira Free Antivirus
Erstellungsdatum der Reportdatei: Freitag, 1. Juni 2012 16:50

Es wird nach 3776968 Virenstämmen gesucht.

Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.

Lizenznehmer : Avira AntiVir Personal - Free Antivirus
Seriennummer : 0000149996-ADJIE-0000001
Plattform : Windows 7 Home Premium
Windowsversion : (plain) [6.1.7600]
Boot Modus : Normal gebootet
Benutzername : SYSTEM
Computername : A-K-PC

Versionsinformationen:
BUILD.DAT : 12.0.0.1125 41829 Bytes 02.05.2012 16:34:00
AVSCAN.EXE : 12.3.0.15 466896 Bytes 09.05.2012 08:41:05
AVSCAN.DLL : 12.3.0.15 66256 Bytes 09.05.2012 08:41:05
LUKE.DLL : 12.3.0.15 68304 Bytes 09.05.2012 08:41:06
AVSCPLR.DLL : 12.3.0.14 97032 Bytes 09.05.2012 08:41:06
AVREG.DLL : 12.3.0.17 232200 Bytes 11.05.2012 15:17:53
VBASE000.VDF : 7.10.0.0 19875328 Bytes 06.11.2009 18:18:34
VBASE001.VDF : 7.11.0.0 13342208 Bytes 14.12.2010 23:31:49
VBASE002.VDF : 7.11.19.170 14374912 Bytes 20.12.2011 14:25:59
VBASE003.VDF : 7.11.21.238 4472832 Bytes 01.02.2012 19:24:31
VBASE004.VDF : 7.11.26.44 4329472 Bytes 28.03.2012 20:01:40
VBASE005.VDF : 7.11.29.136 2166272 Bytes 10.05.2012 15:17:46
VBASE006.VDF : 7.11.29.137 2048 Bytes 10.05.2012 15:17:47
VBASE007.VDF : 7.11.29.138 2048 Bytes 10.05.2012 15:17:47
VBASE008.VDF : 7.11.29.139 2048 Bytes 10.05.2012 15:17:47
VBASE009.VDF : 7.11.29.140 2048 Bytes 10.05.2012 15:17:47
VBASE010.VDF : 7.11.29.141 2048 Bytes 10.05.2012 15:17:47
VBASE011.VDF : 7.11.29.142 2048 Bytes 10.05.2012 15:17:47
VBASE012.VDF : 7.11.29.143 2048 Bytes 10.05.2012 15:17:47
VBASE013.VDF : 7.11.29.144 2048 Bytes 10.05.2012 15:17:47
VBASE014.VDF : 7.11.30.3 198144 Bytes 14.05.2012 16:18:57
VBASE015.VDF : 7.11.30.69 186368 Bytes 17.05.2012 07:54:25
VBASE016.VDF : 7.11.30.143 223744 Bytes 21.05.2012 11:23:06
VBASE017.VDF : 7.11.30.207 287744 Bytes 23.05.2012 22:08:02
VBASE018.VDF : 7.11.31.57 188416 Bytes 28.05.2012 22:11:44
VBASE019.VDF : 7.11.31.111 214528 Bytes 30.05.2012 15:57:46
VBASE020.VDF : 7.11.31.151 116736 Bytes 31.05.2012 19:45:42
VBASE021.VDF : 7.11.31.152 2048 Bytes 31.05.2012 19:45:42
VBASE022.VDF : 7.11.31.153 2048 Bytes 31.05.2012 19:45:43
VBASE023.VDF : 7.11.31.154 2048 Bytes 31.05.2012 19:45:43
VBASE024.VDF : 7.11.31.155 2048 Bytes 31.05.2012 19:45:43
VBASE025.VDF : 7.11.31.156 2048 Bytes 31.05.2012 19:45:43
VBASE026.VDF : 7.11.31.157 2048 Bytes 31.05.2012 19:45:43
VBASE027.VDF : 7.11.31.158 2048 Bytes 31.05.2012 19:45:43
VBASE028.VDF : 7.11.31.159 2048 Bytes 31.05.2012 19:45:43
VBASE029.VDF : 7.11.31.160 2048 Bytes 31.05.2012 19:45:44
VBASE030.VDF : 7.11.31.161 2048 Bytes 31.05.2012 19:45:44
VBASE031.VDF : 7.11.31.162 2048 Bytes 31.05.2012 19:45:44
Engineversion : 8.2.10.78
AEVDF.DLL : 8.1.2.6 106868 Bytes 31.05.2012 19:46:45
AESCRIPT.DLL : 8.1.4.24 450939 Bytes 31.05.2012 19:46:43
AESCN.DLL : 8.1.8.2 131444 Bytes 28.01.2012 13:29:02
AESBX.DLL : 8.2.5.10 606580 Bytes 30.05.2012 15:58:35
AERDL.DLL : 8.1.9.15 639348 Bytes 14.12.2011 23:31:02
AEPACK.DLL : 8.2.16.16 807288 Bytes 30.05.2012 15:58:29
AEOFFICE.DLL : 8.1.2.28 201082 Bytes 26.04.2012 20:20:31
AEHEUR.DLL : 8.1.4.36 4874615 Bytes 31.05.2012 19:46:36
AEHELP.DLL : 8.1.21.0 254326 Bytes 11.05.2012 15:17:47
AEGEN.DLL : 8.1.5.28 422260 Bytes 26.04.2012 20:19:47
AEEXP.DLL : 8.1.0.44 82293 Bytes 30.05.2012 15:58:36
AEEMU.DLL : 8.1.3.0 393589 Bytes 14.12.2011 23:30:58
AECORE.DLL : 8.1.25.10 201080 Bytes 31.05.2012 19:45:48
AEBB.DLL : 8.1.1.0 53618 Bytes 14.12.2011 23:30:58
AVWINLL.DLL : 12.3.0.15 27344 Bytes 09.05.2012 08:41:05
AVPREF.DLL : 12.3.0.15 51920 Bytes 09.05.2012 08:41:05
AVREP.DLL : 12.3.0.15 179208 Bytes 09.05.2012 08:41:06
AVARKT.DLL : 12.3.0.15 211408 Bytes 09.05.2012 08:41:05
AVEVTLOG.DLL : 12.3.0.15 169168 Bytes 09.05.2012 08:41:05
SQLITE3.DLL : 3.7.0.1 398288 Bytes 09.05.2012 08:41:06
AVSMTP.DLL : 12.3.0.15 63440 Bytes 09.05.2012 08:41:05
NETNT.DLL : 12.3.0.15 17104 Bytes 09.05.2012 08:41:06
RCIMAGE.DLL : 12.3.0.15 4447952 Bytes 09.05.2012 08:41:05
RCTEXT.DLL : 12.3.0.15 98512 Bytes 09.05.2012 08:41:05

Konfiguration für den aktuellen Suchlauf:
Job Name..............................: Vollständige Systemprüfung
Konfigurationsdatei...................: C:\Program Files (x86)\Avira\AntiVir Desktop\sysscan.avp
Protokollierung.......................: standard
Primäre Aktion........................: reparieren
Sekundäre Aktion......................: ignorieren
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: ein
Bootsektoren..........................: C:, D:,
Durchsuche aktive Programme...........: ein
Laufende Programme erweitert..........: ein
Durchsuche Registrierung..............: ein
Suche nach Rootkits...................: ein
Integritätsprüfung von Systemdateien..: aus
Datei Suchmodus.......................: Alle Dateien
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: erweitert

Beginn des Suchlaufs: Freitag, 1. Juni 2012 16:50

Der Suchlauf über die Masterbootsektoren wird begonnen:
Masterbootsektor HD0
[INFO] Es wurde kein Virus gefunden!

Der Suchlauf über die Bootsektoren wird begonnen:
Bootsektor 'C:\'
[INFO] Es wurde kein Virus gefunden!
Bootsektor 'D:\'
[INFO] Es wurde kein Virus gefunden!

Der Suchlauf nach versteckten Objekten wird begonnen.
c:\adsm_pdata_0150
c:\adsm_pdata_0150
[HINWEIS] Das Verzeichnis ist nicht sichtbar.

Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'avscan.exe' - '79' Modul(e) wurden durchsucht
Durchsuche Prozess 'avcenter.exe' - '79' Modul(e) wurden durchsucht
Durchsuche Prozess 'PCCompanionInfo.exe' - '40' Modul(e) wurden durchsucht
Durchsuche Prozess 'iTunesHelper.exe' - '68' Modul(e) wurden durchsucht
Durchsuche Prozess 'jusched.exe' - '25' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '79' Modul(e) wurden durchsucht
Durchsuche Prozess 'fpassist.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'MaAgent.exe' - '37' Modul(e) wurden durchsucht
Durchsuche Prozess 'SMSTray.exe' - '41' Modul(e) wurden durchsucht
Durchsuche Prozess 'DMedia.exe' - '19' Modul(e) wurden durchsucht
Durchsuche Prozess 'ATKOSD2.exe' - '25' Modul(e) wurden durchsucht
Durchsuche Prozess 'HControlUser.exe' - '18' Modul(e) wurden durchsucht
Durchsuche Prozess 'Dropbox.exe' - '69' Modul(e) wurden durchsucht
Durchsuche Prozess 'PCCompanion.exe' - '116' Modul(e) wurden durchsucht
Durchsuche Prozess 'ezprint.exe' - '62' Modul(e) wurden durchsucht
Durchsuche Prozess 'lxecmon.exe' - '43' Modul(e) wurden durchsucht
Durchsuche Prozess 'openvpntray.exe' - '75' Modul(e) wurden durchsucht
Durchsuche Prozess 'CLMLSvc.exe' - '36' Modul(e) wurden durchsucht
Durchsuche Prozess 'AsScrPro.exe' - '32' Modul(e) wurden durchsucht
Durchsuche Prozess 'ADSMSrv.exe' - '20' Modul(e) wurden durchsucht
Durchsuche Prozess 'WDC.exe' - '29' Modul(e) wurden durchsucht
Durchsuche Prozess 'KBFiltr.exe' - '18' Modul(e) wurden durchsucht
Durchsuche Prozess 'ATKOSD.exe' - '18' Modul(e) wurden durchsucht
Durchsuche Prozess 'Atouch64.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'HControl.exe' - '35' Modul(e) wurden durchsucht
Durchsuche Prozess 'wcourier.exe' - '35' Modul(e) wurden durchsucht
Durchsuche Prozess 'sensorsrv.exe' - '27' Modul(e) wurden durchsucht
Durchsuche Prozess 'ControlDeckStartUp.exe' - '20' Modul(e) wurden durchsucht
Durchsuche Prozess 'iviRegMgr.exe' - '22' Modul(e) wurden durchsucht
Durchsuche Prozess 'hsswd.exe' - '36' Modul(e) wurden durchsucht
Durchsuche Prozess 'hsssrv.exe' - '52' Modul(e) wurden durchsucht
Durchsuche Prozess 'openvpnas.exe' - '52' Modul(e) wurden durchsucht
Durchsuche Prozess 'AppleMobileDeviceService.exe' - '63' Modul(e) wurden durchsucht
Durchsuche Prozess 'avguard.exe' - '69' Modul(e) wurden durchsucht
Durchsuche Prozess 'armsvc.exe' - '24' Modul(e) wurden durchsucht
Durchsuche Prozess 'sched.exe' - '42' Modul(e) wurden durchsucht
Durchsuche Prozess 'GFNEXSrv.exe' - '16' Modul(e) wurden durchsucht
Durchsuche Prozess 'ASLDRSrv.exe' - '21' Modul(e) wurden durchsucht

Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen:
C:\Program Files (x86)\Hotspot Shield\Uninstall.exe
[WARNUNG] Die Version dieses Archives wird nicht unterstützt
Die Registry wurde durchsucht ( '2673' Dateien ).


Der Suchlauf über die ausgewählten Dateien wird begonnen:

Beginne mit der Suche in 'C:\' <OS>
C:\Program Files (x86)\Hotspot Shield\Uninstall.exe
[WARNUNG] Die Version dieses Archives wird nicht unterstützt
C:\Program Files (x86)\Hotspot Shield\update\hss-update.upd
[WARNUNG] Die Version dieses Archives wird nicht unterstützt
C:\ProgramData\Spybot - Search & Destroy\Recovery\FraudCodecx.zip
[WARNUNG] Die Datei ist kennwortgeschützt
C:\Windows\System32\xpt8dpx4.tsp
[FUND] Ist das Trojanische Pferd TR/ATRAPS.Gen
[HINWEIS] Eine Sicherungskopie wurde unter dem Namen 55ee7129.qua erstellt ( QUARANTÄNE )
[WARNUNG] Die Datei wurde ignoriert.
Beginne mit der Suche in 'D:\' <DATA>


Ende des Suchlaufs: Freitag, 1. Juni 2012 18:13
Benötigte Zeit: 1:22:43 Stunde(n)

Der Suchlauf wurde vollständig durchgeführt.

29733 Verzeichnisse wurden überprüft
976612 Dateien wurden geprüft
1 Viren bzw. unerwünschte Programme wurden gefunden
0 Dateien wurden als verdächtig eingestuft
0 Dateien wurden gelöscht
0 Viren bzw. unerwünschte Programme wurden repariert
1 Dateien wurden in die Quarantäne verschoben
0 Dateien wurden umbenannt
0 Dateien konnten nicht durchsucht werden
976611 Dateien ohne Befall
5122 Archive wurden durchsucht
5 Warnungen
2 Hinweise
998706 Objekte wurden beim Rootkitscan durchsucht
1 Versteckte Objekte wurden gefunden

OTL habe ich jetzt so durchgeführt wie gestern...

All processes killed
========== OTL ==========
Error: No service named Update-Service was found to stop!
Service\Driver key Update-Service not found.
File C:\Windows\SysWOW64\UpdSvc.dll not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Ann-Kristin
->Temp folder emptied: 373062 bytes
->Temporary Internet Files folder emptied: 17114918 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 456 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 840 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 32902 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 17.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.43.1 log created on 06012012_183215

Files\Folders moved on Reboot...
C:\Users\Ann-Kristin\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Ann-Kristin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat moved successfully.
C:\Users\Ann-Kristin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UH0JBEXB\115196-antivir-berichtet-mir-zwei-trojanern-jedoch-malwarebytes-anti-male-kein-fund-3[2].htm moved successfully.

Registry entries deleted on Reboot...

Chris4You 02.06.2012 08:19
Hi,

bitte ein Log wie folgt erstellen:
(runtergeladen hast Du das ja schon...)
OTL
Lade Dir OTL von Oldtimer herunter (http://filepony.de/download-otl/) und speichere es auf Deinem Desktop
  • Doppelklick auf die OTL.exe
  • Vista/Win7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt (OTL.TXT und EXTRAS.TXT)
  • Poste die Logfiles hier in den Thread

Der gelöschte Treiber ist für die Erstellung des Trojaners zuständig, es müssen wir prüfen ob Treiber und Datei weg sind... (Avira hat das Pferd nochmal gefunden)...

Versuche ComboFix über einen anderen Rechner runterzuladen und via USB-Stick auf den verseuchten Rechner auf das Desktop kopieren und zu starten...

Meist sind Dateien dann nicht ausführbar, wenn der Download nicht vollständig erfolgte...

Wenn das alles nicht geht, dann müssen wir uns eine Boot-CD über einen anderen Rechner erstellen und von aussen "zugreifen"...

chris

akay 02.06.2012 12:48
Hey Chris,OTL Logfile:
Code:
OTL logfile created on: 6/2/2012 1:31:24 PM - Run 4
OTL by OldTimer - Version 3.2.43.1    Folder = C:\Users\Ann-Kristin\Desktop
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4.00 Gb Total Physical Memory | 2.26 Gb Available Physical Memory | 56.63% Memory free
8.00 Gb Paging File | 5.77 Gb Available in Paging File | 72.11% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 74.52 Gb Total Space | 11.67 Gb Free Space | 15.66% Space Free | Partition Type: NTFS
Drive D: | 208.92 Gb Total Space | 154.01 Gb Free Space | 73.72% Space Free | Partition Type: NTFS
 
Computer Name: A-K-PC | User Name: Ann-Kristin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Ann-Kristin\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe (Sony)
PRC - C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe ()
PRC - C:\Program Files (x86)\Hotspot Shield\bin\openvpntray.exe ()
PRC - C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe ()
PRC - C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe ()
PRC - C:\Users\Ann-Kristin\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Hotspot Shield\HssWPR\hsssrv.exe (AnchorFree Inc.)
PRC - C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\ezprint.exe ()
PRC - C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\lxecmon.exe ()
PRC - C:\Windows\AsScrPro.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe ()
PRC - C:\Program Files (x86)\FreePDF_XP\fpassist.exe (shbox.de)
PRC - C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ATK Hotkey\HControl.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe ()
PRC - C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe (ASUSTek Computer Inc.)
PRC - C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ATK Hotkey\KBFiltr.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ATK Hotkey\Atouch64.exe ()
PRC - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
PRC - C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe (ASUSTek Computer Inc.)
PRC - C:\Program Files\ATKGFNEX\GFNEXSrv.exe ()
PRC - C:\Program Files (x86)\Samsung\Samsung Media Studio 5\SMSTray.exe (SAMSUNG ELECTRONICS)
PRC - C:\Program Files (x86)\MarkAny\ContentSafer\MaAgent.exe ((주)마크애니)
PRC - C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe ()
MOD - C:\Program Files (x86)\Hotspot Shield\bin\lang\gui-ger.dll ()
MOD - C:\Program Files (x86)\Hotspot Shield\bin\openvpntray.exe ()
MOD - C:\Program Files (x86)\Sony\Sony PC Companion\TMonitorAPI.dll ()
MOD - C:\Program Files (x86)\Sony\Sony PC Companion\PhoneUpdate.dll ()
MOD - C:\Program Files (x86)\Sony\Sony PC Companion\MExplorer.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files (x86)\Sony\Sony PC Companion\Report.dll ()
MOD - C:\Program Files (x86)\Orbitdownloader\GrabPro.dll ()
MOD - C:\Program Files (x86)\Orbitdownloader\GrabKernel.dll ()
MOD - C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\ezprint.exe ()
MOD - C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\lxecmon.exe ()
MOD - C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\Epwizard.DLL ()
MOD - C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\customui.dll ()
MOD - C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\Epfunct.DLL ()
MOD - C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\Eputil.DLL ()
MOD - C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\Imagutil.DLL ()
MOD - C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\lxecDRS.dll ()
MOD - C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\lxecscw.dll ()
MOD - C:\Program Files (x86)\Sony\Sony PC Companion\VObject.dll ()
MOD - C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe ()
MOD - C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe ()
MOD - C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\EPOEMDll.dll ()
MOD - C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\epstring.dll ()
MOD - C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\EPWizRes.dll ()
MOD - C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\lxecdatr.dll ()
MOD - C:\Windows\SysWOW64\LXECsmr.dll ()
MOD - C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\iptk.dll ()
MOD - C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\lxeccaps.dll ()
MOD - C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\lxecptp.dll ()
MOD - C:\Windows\SysWOW64\LXECsm.dll ()
MOD - C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll ()
MOD - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE (SUPERAntiSpyware.com)
SRV:64bit: - (lxec_device) -- C:\Windows\SysNative\lxeccoms.exe ( )
SRV:64bit: - (lxecCATSCustConnectService) -- C:\Windows\SysNative\spool\DRIVERS\x64\3\\lxecserv.exe ()
SRV:64bit: - (AFBAgent) -- C:\Windows\SysNative\FBAgent.exe (ASUSTeK Computer Inc.)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV:64bit: - (LanmanWorkstation) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (ATKGFNEXSrv) -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe ()
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (HssTrayService) -- C:\Program Files (x86)\Hotspot Shield\bin\HssTrayService.EXE ()
SRV - (hshld) -- C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe ()
SRV - (HssWd) -- C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe ()
SRV - (Sony PC Companion) -- C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe (Avanquest Software)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (HssSrv) -- C:\Program Files (x86)\Hotspot Shield\HssWPR\hsssrv.exe (AnchorFree Inc.)
SRV - (lxecCATSCustConnectService) -- C:\Windows\system32\spool\DRIVERS\x64\3\\lxecserv.exe ()
SRV - (lxec_device) -- C:\Windows\SysWOW64\lxeccoms.exe ( )
SRV - (OberonGameConsoleService) -- C:\Program Files (x86)\Asus\Game Park\GameConsole\OberonGameConsoleService.exe ()
SRV - (ASLDRService) -- C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe (ASUS)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (ADSMService) -- C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe (ASUSTek Computer Inc.)
SRV - (IviRegMgr) -- C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (ggsemc) -- C:\Windows\SysNative\drivers\ggsemc.sys (Sony Ericsson Mobile Communications)
DRV:64bit: - (ggflt) -- C:\Windows\SysNative\drivers\ggflt.sys (Sony Ericsson Mobile Communications)
DRV:64bit: - (HssDrv) -- C:\Windows\SysNative\drivers\HssDrv.sys (AnchorFree Inc.)
DRV:64bit: - (taphss) -- C:\Windows\SysNative\drivers\taphss.sys (AnchorFree Inc)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH)
DRV:64bit: - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV:64bit: - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (tbhsd) -- C:\Windows\SysNative\drivers\tbhsd.sys (RapidSolution Software AG)
DRV:64bit: - (AsDsm) -- C:\Windows\SysNative\drivers\AsDsm.sys (ASUSTek Computer Inc)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (AmUStor) -- C:\Windows\SysNative\drivers\AmUStor.sys (Alcor Micro, Corp.)
DRV:64bit: - (kbfiltr) -- C:\Windows\SysNative\drivers\kbfiltr.sys ( )
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ETD) -- C:\Windows\SysNative\drivers\ETD.sys (ELAN Microelectronic Corp.)
DRV:64bit: - (SiSGbeLH) -- C:\Windows\SysNative\drivers\SiSG664.sys (Silicon Integrated Systems Corp.)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (SNP2UVC) USB2.0 PC Camera (SNP2UVC) -- C:\Windows\SysNative\drivers\snp2uvc.sys ()
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ATK64AMD.sys (ASUS)
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (br3gmdm) -- C:\Windows\SysNative\drivers\br3gmdm.sys (BandRich Inc.)
DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation)
DRV:64bit: - (WimFltr) -- C:\Windows\SysNative\drivers\WimFltr.sys (Microsoft Corporation)
DRV:64bit: - (ASMMAP64) -- C:\Program Files\ATKGFNEX\ASMMAP64.sys ()
DRV:64bit: - (regi) -- C:\Windows\SysNative\drivers\regi.sys (InterVideo)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = about:blank
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = about:blank
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = WEB.DE Suche - die Suchmaschine
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google
IE - HKCU\..\URLSearchHook:  - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{09038620-190C-402B-A92F-18864E6AB22F}: "URL" = hxxp://go.1und1.de/br/ie9_search_web/?su={searchTerms}
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&affID=109986&babsrc=SP_ss&mntrId=38b9037e00000000000000ffae0dbbf2
IE - HKCU\..\SearchScopes\{40064957-18EB-412d-9146-3F57E8D92EEC}: "URL" = hxxp://go.web.de/br/ie9_search_pic/?su={searchTerms}
IE - HKCU\..\SearchScopes\{5A817CF6-92D5-4DE5-AC38-82DF8A73EF28}: "URL" = hxxp://go.gmx.net/br/ie9_search_web/?su={searchTerms}
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GFRE_deDE361
IE - HKCU\..\SearchScopes\{6B1D1FB7-7233-4F7C-802C-21A1DDB12754}: "URL" = hxxp://go.web.de/br/ie9_search_web/?su={searchTerms}
IE - HKCU\..\SearchScopes\{8D27B32E-89EE-460e-82D2-5FC354078EAD}: "URL" = hxxp://go.web.de/br/ie9_search_produkte/?su={searchTerms}
IE - HKCU\..\SearchScopes\{DCE59F23-A446-45a5-9459-E68FDC0DE38D}: "URL" = hxxp://go.web.de/br/ie9_search_maps/?su={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
========== FireFox ==========
 
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..browser.startup.homepage: "hxxp://search.babylon.com/?affID=109986&babsrc=HP_ss&mntrId=38b9037e00000000000000ffae0dbbf2"
FF - prefs.js..keyword.URL: "hxxp://search.babylon.com/?affID=109986&babsrc=KW_ss&mntrId=38b9037e00000000000000ffae0dbbf2&q="
FF - prefs.js..network.proxy.no_proxies_on: "localhost,127.0.0.1"
FF - prefs.js..network.proxy.type: 0
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/01/04 00:53:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2012/01/04 00:53:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ann-Kristin\AppData\Roaming\mozilla\Extensions
[2012/05/30 22:41:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ann-Kristin\AppData\Roaming\mozilla\Firefox\Profiles\46osx4w2.default\extensions
[2012/01/31 23:16:09 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012/01/31 23:16:10 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}
[2012/01/24 23:32:00 | 000,000,000 | ---D | M] (Hotspot Shield Helper (Please allow this installation)) -- C:\Program Files (x86)\mozilla firefox\extensions\afurladvisor@anchorfree.com
[2012/05/27 23:21:03 | 000,000,000 | ---D | M] (OneClick YouTube Downloader) -- C:\PROGRAM FILES (X86)\ORBITDOWNLOADER\ADDONS\ONECLICKYOUTUBEDOWNLOADER
[2012/05/27 20:40:29 | 000,164,722 | ---- | M] () (No name found) -- C:\USERS\ANN-KRISTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\46OSX4W2.DEFAULT\EXTENSIONS\COMPATIBILITY@ADDONS.MOZILLA.ORG.XPI
[2011/12/21 09:42:29 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/12/21 07:08:50 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012/05/30 22:41:01 | 000,002,313 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
[2011/12/21 07:02:40 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011/12/21 07:08:50 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011/12/21 07:08:50 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011/12/21 07:08:50 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2011/12/21 07:08:50 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - Extension: No name found = C:\Users\Ann-Kristin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\
CHR - Extension: No name found = C:\Users\Ann-Kristin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\
CHR - Extension: No name found = C:\Users\Ann-Kristin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\
 
O1 HOSTS File: ([2009/06/10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live Family Safety Browser Helper Class) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation)
O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (WEB.DE Toolbar BHO) - {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} - C:\Program Files\WEB.DE Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)
O2:64bit: - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE_64.dll (AnchorFree Inc.)
O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files (x86)\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (WEB.DE Toolbar BHO) - {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} - C:\Program Files (x86)\WEB.DE Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)
O2 - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE.dll (AnchorFree Inc.)
O3:64bit: - HKLM\..\Toolbar: (WEB.DE Toolbar) - {C424171E-592A-415a-9EB1-DFD6D95D3530} - C:\Program Files\WEB.DE Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (WEB.DE Toolbar) - {C424171E-592A-415a-9EB1-DFD6D95D3530} - C:\Program Files (x86)\WEB.DE Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)
O3 - HKLM\..\Toolbar: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files (x86)\Orbitdownloader\GrabPro.dll ()
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (WEB.DE Toolbar) - {C424171E-592A-415A-9EB1-DFD6D95D3530} - C:\Program Files\WEB.DE Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)
O3 - HKCU\..\Toolbar\WebBrowser: (WEB.DE Toolbar) - {C424171E-592A-415A-9EB1-DFD6D95D3530} - C:\Program Files (x86)\WEB.DE Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)
O3 - HKCU\..\Toolbar\WebBrowser: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files (x86)\Orbitdownloader\GrabPro.dll ()
O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (AlcorMicro Co., Ltd.)
O4:64bit: - HKLM..\Run: [EeeStorageBackup] C:\Program Files (x86)\ASUS\Asus WebStorage\BackupService.exe (ECAREME)
O4:64bit: - HKLM..\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronic Corp.)
O4:64bit: - HKLM..\Run: [EzPrint] C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\ezprint.exe ()
O4:64bit: - HKLM..\Run: [lxecmon.exe] C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\lxecmon.exe ()
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Arcor Online]  File not found
O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe (ASUS)
O4 - HKLM..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe (ASUS)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [FreePDF Assistant] C:\Program Files (x86)\FreePDF_XP\fpassist.exe (shbox.de)
O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe (ASUS)
O4 - HKLM..\Run: [MAAgent] C:\Program Files (x86)\MarkAny\ContentSafer\MAAgent.exe ((주)마크애니)
O4 - HKLM..\Run: [Setwallpaper] c:\programdata\SetWallpaper.cmd File not found
O4 - HKLM..\Run: [SMSTray] C:\Program Files (x86)\Samsung\Samsung Media Studio 5\SMSTray.exe (SAMSUNG ELECTRONICS)
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKCU..\Run: [Sony PC Companion] C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe (Sony)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - Startup: C:\Users\Ann-Kristin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Ann-Kristin\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 16
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: &Download by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8:64bit: - Extra context menu item: &Grab video by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8:64bit: - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8:64bit: - Extra context menu item: Down&load all by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: &Download by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: &Grab video by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Down&load all by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\system32\d3dyl0vvc.dll File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AE0DBBF2-C7B3-43F7-A622-F537BC2A9887}: NameServer = 10.79.16.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D4B869DF-68AA-43ED-84B8-E3B4D029F725}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\webde {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - C:\Program Files\WEB.DE Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\webde {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - C:\Program Files (x86)\WEB.DE Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {88485281-8b4b-4f8d-9ede-82e29a064277} - C:\PROGRA~2\MarkAny\CONTEN~1\MACSMA~1.DLL (MarkAny Cooperation.)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{178dc401-9c11-11df-8c35-e0cb4e24adf2}\Shell - "" = AutoRun
O33 - MountPoints2\{178dc401-9c11-11df-8c35-e0cb4e24adf2}\Shell\AutoRun\command - "" = F:\AUTORUN_o2Surfstick.exe /EjectCDROM
O33 - MountPoints2\{43174e06-87fa-11e1-8abc-ff81e7020b24}\Shell - "" = AutoRun
O33 - MountPoints2\{43174e06-87fa-11e1-8abc-ff81e7020b24}\Shell\AutoRun\command - "" = F:\Startme.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012/05/30 22:40:51 | 000,000,000 | ---D | C] -- C:\Users\Ann-Kristin\AppData\Roaming\Babylon
[2012/05/30 22:40:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon
[2012/05/29 18:38:07 | 000,000,000 | ---D | C] -- C:\Users\Ann-Kristin\AppData\Roaming\ImgBurn
[2012/05/29 18:37:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn
[2012/05/29 18:37:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ImgBurn
[2012/05/27 23:21:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Orbit
[2012/05/27 23:21:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Orbitdownloader
[2012/05/27 20:48:52 | 000,000,000 | ---D | C] -- C:\Users\Ann-Kristin\Desktop\osam_autorun_manager_5_0_portable
[2012/05/24 00:49:51 | 000,000,000 | ---D | C] -- C:\Users\Ann-Kristin\Desktop\Musik
[2012/05/24 00:48:51 | 000,000,000 | ---D | C] -- C:\Users\Ann-Kristin\Desktop\Fotos
[2012/05/24 00:48:19 | 000,000,000 | ---D | C] -- C:\Users\Ann-Kristin\Desktop\EVONIK
[2012/05/24 00:36:39 | 000,000,000 | ---D | C] -- C:\ProgramData\hssff
[2012/05/21 18:06:12 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/05/20 22:49:49 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\Ann-Kristin\Desktop\OTL.exe
[2012/05/17 13:52:44 | 000,000,000 | ---D | C] -- C:\Users\Ann-Kristin\AppData\Roaming\SUPERAntiSpyware.com
[2012/05/17 13:51:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2012/05/17 13:51:51 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2012/05/17 13:51:51 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012/05/16 18:24:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2012/05/16 18:24:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\7-Zip
[2012/05/13 11:58:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2012/05/13 11:57:17 | 000,000,000 | -HSD | C] -- C:\Windows\SysNative\%APPDATA%
[2012/05/13 11:56:40 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2012/05/13 11:56:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2012/05/13 11:54:04 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\%APPDATA%
[2012/05/12 18:15:39 | 001,541,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2012/05/12 18:15:38 | 001,837,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll
[2012/05/12 18:15:38 | 000,902,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
[2012/05/12 18:15:38 | 000,320,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll
[2012/05/12 18:15:38 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll
[2012/05/12 18:14:39 | 005,504,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012/05/12 18:14:37 | 003,958,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012/05/12 18:14:37 | 003,902,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012/05/12 18:08:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2012/05/12 18:08:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2012/05/06 11:34:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SharePoint
[2012/05/06 11:32:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Synchronization Services
[2012/05/06 11:32:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
[2012/05/06 11:25:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio 8
[2012/05/06 11:24:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Analysis Services
 
========== Files - Modified Within 30 Days ==========
 
[2012/06/02 13:31:20 | 000,010,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/06/02 13:31:20 | 000,010,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/06/02 13:24:34 | 000,045,056 | ---- | M] () -- C:\Windows\SysNative\acovcnt.exe
[2012/06/02 13:24:24 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/06/02 13:23:48 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/06/02 13:23:41 | 3220,647,936 | -HS- | M] () -- C:\hiberfil.sys
[2012/06/01 17:48:05 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/06/01 16:42:08 | 001,563,064 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/06/01 16:42:08 | 000,676,404 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012/06/01 16:42:08 | 000,634,946 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/06/01 16:42:08 | 000,142,620 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012/06/01 16:42:08 | 000,116,076 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/05/31 21:46:04 | 000,018,671 | ---- | M] () -- C:\Users\Ann-Kristin\Desktop\ComboFix.exe
[2012/05/30 23:42:48 | 000,000,000 | ---- | M] () -- C:\Users\Ann-Kristin\Desktop\KillBox.exe
[2012/05/30 22:41:08 | 000,000,237 | ---- | M] () -- C:\user.js
[2012/05/30 17:53:50 | 000,002,028 | ---- | M] () -- C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk
[2012/05/29 18:37:24 | 000,001,867 | ---- | M] () -- C:\Users\Public\Desktop\ImgBurn.lnk
[2012/05/27 23:21:04 | 000,001,053 | ---- | M] () -- C:\Users\Ann-Kristin\Desktop\Orbit.lnk
[2012/05/27 20:47:12 | 004,272,474 | ---- | M] () -- C:\Users\Ann-Kristin\Desktop\osam_autorun_manager_5_0_portable.rar
[2012/05/24 00:49:21 | 000,000,024 | ---- | M] () -- C:\Windows\ATKPF.ini
[2012/05/22 22:41:40 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\cd.dat
[2012/05/20 22:49:50 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Ann-Kristin\Desktop\OTL.exe
[2012/05/20 20:56:08 | 000,001,854 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/05/19 14:26:57 | 000,002,186 | ---- | M] () -- C:\Windows\SysNative\AutoRunFilter.ini
[2012/05/17 18:37:19 | 000,001,761 | ---- | M] () -- C:\Windows\SysNative\ServiceFilter.ini
[2012/05/15 22:34:40 | 000,001,111 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/05/13 15:11:41 | 000,453,848 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/05/13 13:18:40 | 000,000,032 | ---- | M] () -- C:\Windows\Menu.INI
[2012/05/09 12:21:30 | 000,758,248 | ---- | M] () -- C:\Users\Ann-Kristin\Desktop\Reservierungsbestätigung Oktoberfest.pdf
[2012/05/09 10:41:06 | 000,132,832 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
[2012/05/09 10:41:06 | 000,098,848 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys
 
========== Files Created - No Company Name ==========
 
[2012/05/31 21:46:03 | 000,018,671 | ---- | C] () -- C:\Users\Ann-Kristin\Desktop\ComboFix.exe
[2012/05/30 23:42:42 | 000,000,000 | ---- | C] () -- C:\Users\Ann-Kristin\Desktop\KillBox.exe
[2012/05/30 22:41:07 | 000,000,237 | ---- | C] () -- C:\user.js
[2012/05/29 18:37:24 | 000,001,879 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn.lnk
[2012/05/29 18:37:24 | 000,001,867 | ---- | C] () -- C:\Users\Public\Desktop\ImgBurn.lnk
[2012/05/27 23:21:04 | 000,001,053 | ---- | C] () -- C:\Users\Ann-Kristin\Desktop\Orbit.lnk
[2012/05/27 20:47:11 | 004,272,474 | ---- | C] () -- C:\Users\Ann-Kristin\Desktop\osam_autorun_manager_5_0_portable.rar
[2012/05/22 22:41:40 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\cd.dat
[2012/05/17 13:51:56 | 000,001,854 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/05/15 22:34:40 | 000,001,111 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/05/13 13:18:40 | 000,000,032 | ---- | C] () -- C:\Windows\Menu.INI
[2012/05/09 12:21:29 | 000,758,248 | ---- | C] () -- C:\Users\Ann-Kristin\Desktop\Reservierungsbestätigung Oktoberfest.pdf
[2011/11/01 15:26:50 | 000,643,072 | ---- | C] ( ) -- C:\Windows\SysWow64\lxecpmui.dll
[2011/11/01 15:26:50 | 000,364,544 | ---- | C] ( ) -- C:\Windows\SysWow64\lxecinpa.dll
[2011/11/01 15:26:50 | 000,344,064 | ---- | C] () -- C:\Windows\SysWow64\lxeccomx.dll
[2011/11/01 15:26:50 | 000,344,064 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeciesc.dll
[2011/11/01 15:26:50 | 000,331,776 | ---- | C] () -- C:\Windows\SysWow64\LXECinst.dll
[2011/11/01 15:26:50 | 000,114,688 | ---- | C] () -- C:\Windows\SysWow64\lxecinsr.dll
[2011/11/01 15:26:50 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\lxecjswr.dll
[2011/11/01 15:26:50 | 000,036,864 | ---- | C] () -- C:\Windows\SysWow64\lxeccur.dll
[2011/11/01 15:26:49 | 001,048,576 | ---- | C] ( ) -- C:\Windows\SysWow64\lxecserv.dll
[2011/11/01 15:26:49 | 000,847,872 | ---- | C] ( ) -- C:\Windows\SysWow64\lxecusb1.dll
[2011/11/01 15:26:49 | 000,323,584 | ---- | C] () -- C:\Windows\SysWow64\lxecins.dll
[2011/11/01 15:26:49 | 000,262,144 | ---- | C] () -- C:\Windows\SysWow64\lxecinsb.dll
[2011/11/01 15:26:49 | 000,253,952 | ---- | C] () -- C:\Windows\SysWow64\lxeccu.dll
[2011/11/01 15:26:49 | 000,090,112 | ---- | C] () -- C:\Windows\SysWow64\lxeccub.dll
[2011/11/01 15:26:48 | 000,802,816 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeccomc.dll
[2011/11/01 15:26:48 | 000,688,128 | ---- | C] ( ) -- C:\Windows\SysWow64\lxechbn3.dll
[2011/11/01 15:26:48 | 000,598,696 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeccoms.exe
[2011/11/01 15:26:48 | 000,577,536 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeclmpm.dll
[2011/11/01 15:26:48 | 000,372,736 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeccomm.dll
[2011/11/01 15:26:48 | 000,324,264 | ---- | C] ( ) -- C:\Windows\SysWow64\lxecih.exe
[2011/11/01 15:26:47 | 000,373,416 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeccfg.exe
[2011/11/01 15:25:40 | 000,024,064 | ---- | C] () -- C:\Windows\SysWow64\LXECsmr.dll
[2011/11/01 15:25:39 | 000,299,008 | ---- | C] () -- C:\Windows\SysWow64\LXECsm.dll
[2011/05/21 23:14:45 | 000,000,000 | ---- | C] () -- C:\Users\Ann-Kristin\AppData\Local\{466D3147-0AAB-4568-9FA6-C6312C47D9FD}
[2010/12/01 19:17:06 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2010/10/23 17:54:25 | 000,000,119 | ---- | C] () -- C:\Windows\Podcasts.INI
[2010/10/17 20:34:30 | 000,000,022 | ---- | C] () -- C:\Users\Ann-Kristin\AppData\Local\cmdial32.ini
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 145 bytes -> C:\ProgramData\Temp:AB689DEA
@Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:734E442A
@Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:A724744F

< End of report >
--- --- ---
OTL Logfile:
Code:
OTL Extras logfile created on: 6/2/2012 1:31:24 PM - Run 4
OTL by OldTimer - Version 3.2.43.1    Folder = C:\Users\Ann-Kristin\Desktop
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4.00 Gb Total Physical Memory | 2.26 Gb Available Physical Memory | 56.63% Memory free
8.00 Gb Paging File | 5.77 Gb Available in Paging File | 72.11% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 74.52 Gb Total Space | 11.67 Gb Free Space | 15.66% Space Free | Partition Type: NTFS
Drive D: | 208.92 Gb Total Space | 154.01 Gb Free Space | 73.72% Space Free | Partition Type: NTFS
 
Computer Name: A-K-PC | User Name: Ann-Kristin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"AutoUpdateDisableNotify" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\Orbitdownloader\orbitdm.exe" = C:\Program Files (x86)\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"C:\Program Files (x86)\Orbitdownloader\orbitnet.exe" = C:\Program Files (x86)\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"C:\Program Files (x86)\Orbitdownloader\orbitdm.exe" = C:\Program Files (x86)\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"C:\Program Files (x86)\Orbitdownloader\orbitnet.exe" = C:\Program Files (x86)\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0EAC243B-D1AF-4FBE-87F7-5FAFE87FC5C2}" = lport=2869 | protocol=6 | dir=in | app=system |
"{458E041B-EE6A-4F88-BAC7-2CD30CAF7700}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
"{AFDF0EB4-2F6D-429B-9730-D47920960E96}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01F08BE8-1E73-41BE-9C50-FBD95B224760}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{0247BAB5-F15F-44E5-8362-532F6F7A86AF}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{05717C18-E027-4928-A62D-D046BC07E657}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{0680EFA8-EF64-4AA8-9112-BD3AF7819B58}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{0AC64ACE-BA8E-44A4-930E-FE635955F42B}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{0B8C74A8-EA0E-4AA7-8227-66BEEC97CC41}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{0D7A389F-53E4-4875-A489-774E9BC72C41}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{131F82A9-CE9E-491A-8118-A1C646F51BC9}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{18852FF6-636A-4E0C-94ED-783CB79FC65C}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{204B5454-CFD6-48FA-8A3D-E75CFDEBD605}" = protocol=6 | dir=in | app=c:\program files (x86)\abbyy finereader 6.0 sprint\scan\scanman6.exe |
"{233A762D-DF4E-4106-AFAB-819758C26158}" = protocol=6 | dir=in | app=c:\users\ann-kristin\appdata\roaming\dropbox\bin\dropbox.exe |
"{2CD7D1DD-2539-4DA7-B90D-197894229C75}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{3669D1B2-8FE2-4920-A9E9-24C2CE2530CE}" = dir=in | app=c:\windows\system32\lxeccoms.exe |
"{375573FB-641B-467E-B79D-C763F00808A8}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{375EAAD2-3C19-4296-BFC1-13BFD53A684F}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{3835591A-3F6F-439E-9188-8A19CF04B3DF}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{3AEB1C64-F902-4BB5-8F9A-9B1FC650AB46}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{47BF28E1-E0EF-407B-B4CF-9597B838325F}" = dir=in | app=c:\windows\system32\lxeccoms.exe |
"{53F02B35-25FD-478E-9C11-98BAB6A7A34B}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{5921500E-675A-4FF7-BEE9-23D20DA4D256}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{6276676D-88AF-40B5-83C4-311AE9FA0959}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{663F4C29-BAC1-41A3-978B-000A92A0FA14}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{6C900211-972A-441C-B7DE-A9C3D619DB94}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{7891E00F-39ED-4014-9DC4-B7848D33BA5A}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{7CF93C6E-72F2-428E-B74B-6D57635C6A5E}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{7D1D4B8B-DE05-4EF1-9A00-16B1759EE52D}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{7F14AE48-AC77-4198-B379-0A1AA9C27E3A}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe |
"{7FBBB790-7A69-4B1A-970C-AEA5E7BE75AE}" = protocol=17 | dir=in | app=c:\program files (x86)\abbyy finereader 6.0 sprint\scan\scanman6.exe |
"{89E6F1E0-52C2-403D-AEA5-C246646206D6}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{8D1E80C5-1C96-4A8D-89E8-CF88E2A48409}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{A811B5DE-649A-48DF-9CFE-26C72EE8CF21}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{AC84E289-C0E7-4703-A99F-1161843CC92C}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{AE9A70EE-D27E-4245-B06D-DBFC256A3F8C}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{AED302DB-C639-43AA-8139-A1DBC6DB2CC9}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{B1AC1E1E-C1B5-4CB9-9659-181B46DFAD9D}" = dir=in | app=c:\windows\system32\lxeccoms.exe |
"{B820D4F2-7696-4A9A-838B-E9952FF12654}" = protocol=6 | dir=in | app=c:\program files (x86)\sony ericsson\update engine\sony ericsson update engine.exe |
"{B8F2DA05-13E4-4ABF-9588-613F197B8EA6}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{BBE2DA4A-B160-4228-81EB-2A0B1127C339}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{BD64AEED-F14A-4C1A-A07F-1ED92E43A811}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{BD7DFB45-9AE4-4BB7-A50B-1CE9B9D85D40}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{D2EEBC4A-74D7-4232-89E7-0BBC97B32378}" = protocol=17 | dir=in | app=c:\users\ann-kristin\appdata\roaming\dropbox\bin\dropbox.exe |
"{DB153DA7-7C42-44E6-B72C-CCDE35C20B6F}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{E46F24A8-564A-42F8-AC55-9F6B51A6700E}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{E6B17B9B-7D12-404B-A40F-CFF20F7CCAD7}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{F3548631-04CC-4CA3-BF73-F0F1D1140A2B}" = protocol=17 | dir=in | app=c:\program files (x86)\sony ericsson\update engine\sony ericsson update engine.exe |
"{F8874625-A517-4C70-894A-2E768B20CC57}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{F9C89C62-5C87-4563-AE9E-96F2ABDBFA45}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{FA026C21-C851-4248-9E90-04D6993BCD82}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{FEA78BC2-CC81-4E87-9FFA-4DD32B91B289}" = dir=in | app=c:\program files (x86)\skype\plugin manager\skypepm.exe |
"TCP Query User{48172A6A-BB78-4A27-A1E8-6E1B743AE3F8}C:\program files (x86)\qip infium\infium.exe" = protocol=6 | dir=in | app=c:\program files (x86)\qip infium\infium.exe |
"TCP Query User{4DDFFA30-AE26-4FF5-9945-FB588F8070DB}C:\program files (x86)\orbitdownloader\orbitnet.exe" = protocol=6 | dir=in | app=c:\program files (x86)\orbitdownloader\orbitnet.exe |
"TCP Query User{6A866DFB-3F7C-4F47-8680-B82C55B58267}C:\program files (x86)\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files (x86)\icq6.5\icq.exe |
"TCP Query User{B7A4CC35-A0D9-41AA-A3C7-32BB00C60F19}C:\program files (x86)\qip\qip.exe" = protocol=6 | dir=in | app=c:\program files (x86)\qip\qip.exe |
"TCP Query User{E4910CB9-E1F6-4542-AED6-46E23049ADAC}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"UDP Query User{114E81B8-87FB-4A6A-BA9E-C5BF4D1DB10C}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"UDP Query User{58B05CD8-E3DC-4C6F-B504-942043AE761C}C:\program files (x86)\qip\qip.exe" = protocol=17 | dir=in | app=c:\program files (x86)\qip\qip.exe |
"UDP Query User{6EDA2284-1EFC-4401-B3C1-AC8F4B7F474E}C:\program files (x86)\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files (x86)\icq6.5\icq.exe |
"UDP Query User{9828F099-B846-43A5-8398-81737BB4DB72}C:\program files (x86)\orbitdownloader\orbitnet.exe" = protocol=17 | dir=in | app=c:\program files (x86)\orbitdownloader\orbitnet.exe |
"UDP Query User{E2E707D2-B788-4B69-9BE6-14CD819C039F}C:\program files (x86)\qip infium\infium.exe" = protocol=17 | dir=in | app=c:\program files (x86)\qip infium\infium.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{13F4A7F3-EABC-4261-AF6B-1317777F0755}" = Fast Boot
"{3768263E-8BE8-4CEF-9463-6D36F731824B}" = Windows Live Family Safety
"{4BDE7544-0A08-4AD9-8A8F-4B7944471C36}" = iTunes
"{63B4D80D-7BAC-4D1D-B9B6-27FF54197982}" = Regi
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0028-0404-1000-0000000FF1CE}" = Microsoft Office IME (Chinese (Traditional)) 2007
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0404-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Chinese (Traditional)) 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{90120000-002A-0408-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Greek) 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-002A-040C-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (French) 2007
"{90120000-002A-040D-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Hebrew) 2007
"{90120000-002A-0410-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Italian) 2007
"{90120000-002A-0413-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Dutch) 2007
"{90120000-002A-0816-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Portuguese (Portugal)) 2007
"{90120000-002A-0C0A-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Spanish) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{91EFE3A1-585E-4F66-B5F6-F118F56C4C47}" = ASUS Power4Gear Hybrid
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A2862596-B7C3-4D7F-A227-40FEDDF1332B}" = WEB.DE Toolbar MSVC100 CRT x64
"{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}" = Apple Mobile Device Support
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}" = SRS Premium Sound Control Panel
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"Asus WebStorage" = Asus WebStorage
"Elantech" = ETDWare PS/2-x64 7.0.5.7_WHQL
"Lexmark Pro800-Pro900 Series" = Lexmark Pro800-Pro900 Series
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"NVIDIA Drivers" = NVIDIA Drivers
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{06585B02-F20D-4AB2-9A64-86EF2AE0F8F0}" = ASUS AI Recovery
"{0969AF05-4FF6-4C00-9406-43599238DE0D}" = ASUS Splendid Video Enhancement Technology
"{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = ASUS LifeFrame3
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = InterVideo WinDVD 8
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{20FDF948-C8ED-4543-A539-F7F4AEF5AFA2}" = Wireless Console 3
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216030FF}" = Java(TM) 6 Update 30
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{331C520E-D8C3-4AB9-ADF7-A666A3561922}" = Alcor Micro USB Card Reader
"{3B05F2FB-745B-4012-ADF2-439F36B2E70B}" = ATKOSD2
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}" = Junk Mail filter update
"{566BAEC0-74CB-4ACC-9E18-8779AC974FB0}" = Windows Live Toolbar
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{5A166C0B-9557-4364-A057-F946D674E6AC}" = Windows Live Mail
"{5B65EF64-1DFA-414A-8C94-7BB726158E21}" = ControlDeck
"{64452561-169F-4A36-A2FF-B5E118EC65F5}" = ASUS SmartLogon
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6B96DADA-1A27-4A04-8CB2-CC45168D05FA}" = Windows Live Fotogalerie
"{6C3496DF-CC4C-4CDE-87A1-8657619EE2D6}_is1" = Game Park Console
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7C05592D-424B-46CB-B505-E0013E8E75C9}" = ATK Hotkey
"{81821BF8-DA20-4F8C-AA87-F70A274828D4}" = Windows Live Writer
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}" = Alice Greenfingers
"{835686C5-8650-49EB-8CA0-4528B4035495}" = Windows Live Call
"{837B6259-6FF5-4E66-87C1-A5A15ED36FF4}" = Windows Live Messenger
"{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60}" = Windows Live Anmelde-Assistent
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8C1E2925-14F8-45AA-B999-1E2A74BF5607}" = Windows Live Sync
"{8F21291E-0444-4B1D-B9F9-4370A73E346D}" = WinFlash
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0014-0000-0000-0000000FF1CE}" = Microsoft Office Professional 2007
"{90120000-0014-0000-0000-0000000FF1CE}_PRO_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0015-0404-0000-0000000FF1CE}" = Microsoft Office Access MUI (Chinese (Traditional)) 2007
"{90120000-0015-0404-0000-0000000FF1CE}_PROHYBRIDR_{7B317D54-6465-4DD1-9F08-41C3CD537B4E}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_PRO_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0015-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0015-0408-0000-0000000FF1CE}" = Microsoft Office Access MUI (Greek) 2007
"{90120000-0015-0408-0000-0000000FF1CE}_PROHYBRIDR_{F86B508B-F1A2-4841-B906-CDDA3A548A2A}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0015-040C-0000-0000000FF1CE}" = Microsoft Office Access MUI (French) 2007
"{90120000-0015-040C-0000-0000000FF1CE}_PROHYBRIDR_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0015-040D-0000-0000000FF1CE}" = Microsoft Office Access MUI (Hebrew) 2007
"{90120000-0015-040D-0000-0000000FF1CE}_PROHYBRIDR_{F328D99F-F535-4753-B2D4-3CD9603715F6}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0015-0410-0000-0000000FF1CE}" = Microsoft Office Access MUI (Italian) 2007
"{90120000-0015-0410-0000-0000000FF1CE}_PROHYBRIDR_{7F40286D-09A7-4DC0-A2A4-AA18D026D369}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0015-0413-0000-0000000FF1CE}" = Microsoft Office Access MUI (Dutch) 2007
"{90120000-0015-0413-0000-0000000FF1CE}_PROHYBRIDR_{26257879-B20D-4D30-A429-B387A4890929}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0015-0816-0000-0000000FF1CE}" = Microsoft Office Access MUI (Portuguese (Portugal)) 2007
"{90120000-0015-0816-0000-0000000FF1CE}_PROHYBRIDR_{F812A9CD-23C6-4BBC-B168-ED2C68B0F003}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0015-0C0A-0000-0000000FF1CE}" = Microsoft Office Access MUI (Spanish) 2007
"{90120000-0015-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{D79E9128-A250-4155-BE90-2BE81DE0406A}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0404-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Chinese (Traditional)) 2007
"{90120000-0016-0404-0000-0000000FF1CE}_PROHYBRIDR_{7B317D54-6465-4DD1-9F08-41C3CD537B4E}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_PRO_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0408-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Greek) 2007
"{90120000-0016-0408-0000-0000000FF1CE}_PROHYBRIDR_{F86B508B-F1A2-4841-B906-CDDA3A548A2A}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-040C-0000-0000000FF1CE}" = Microsoft Office Excel MUI (French) 2007
"{90120000-0016-040C-0000-0000000FF1CE}_PROHYBRIDR_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-040D-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Hebrew) 2007
"{90120000-0016-040D-0000-0000000FF1CE}_PROHYBRIDR_{F328D99F-F535-4753-B2D4-3CD9603715F6}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0410-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Italian) 2007
"{90120000-0016-0410-0000-0000000FF1CE}_PROHYBRIDR_{7F40286D-09A7-4DC0-A2A4-AA18D026D369}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0413-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Dutch) 2007
"{90120000-0016-0413-0000-0000000FF1CE}_PROHYBRIDR_{26257879-B20D-4D30-A429-B387A4890929}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0816-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Portuguese (Portugal)) 2007
"{90120000-0016-0816-0000-0000000FF1CE}_PROHYBRIDR_{F812A9CD-23C6-4BBC-B168-ED2C68B0F003}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0C0A-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Spanish) 2007
"{90120000-0016-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{D79E9128-A250-4155-BE90-2BE81DE0406A}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0404-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Chinese (Traditional)) 2007
"{90120000-0018-0404-0000-0000000FF1CE}_PROHYBRIDR_{7B317D54-6465-4DD1-9F08-41C3CD537B4E}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_PRO_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0408-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Greek) 2007
"{90120000-0018-0408-0000-0000000FF1CE}_PROHYBRIDR_{F86B508B-F1A2-4841-B906-CDDA3A548A2A}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-040C-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (French) 2007
"{90120000-0018-040C-0000-0000000FF1CE}_PROHYBRIDR_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-040D-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Hebrew) 2007
"{90120000-0018-040D-0000-0000000FF1CE}_PROHYBRIDR_{F328D99F-F535-4753-B2D4-3CD9603715F6}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0410-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Italian) 2007
"{90120000-0018-0410-0000-0000000FF1CE}_PROHYBRIDR_{7F40286D-09A7-4DC0-A2A4-AA18D026D369}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0413-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Dutch) 2007
"{90120000-0018-0413-0000-0000000FF1CE}_PROHYBRIDR_{26257879-B20D-4D30-A429-B387A4890929}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0816-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Portuguese (Portugal)) 2007
"{90120000-0018-0816-0000-0000000FF1CE}_PROHYBRIDR_{F812A9CD-23C6-4BBC-B168-ED2C68B0F003}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0C0A-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Spanish) 2007
"{90120000-0018-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{D79E9128-A250-4155-BE90-2BE81DE0406A}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0404-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Chinese (Traditional)) 2007
"{90120000-0019-0404-0000-0000000FF1CE}_PROHYBRIDR_{7B317D54-6465-4DD1-9F08-41C3CD537B4E}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_PRO_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0408-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Greek) 2007
"{90120000-0019-0408-0000-0000000FF1CE}_PROHYBRIDR_{F86B508B-F1A2-4841-B906-CDDA3A548A2A}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-040C-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (French) 2007
"{90120000-0019-040C-0000-0000000FF1CE}_PROHYBRIDR_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-040D-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Hebrew) 2007
"{90120000-0019-040D-0000-0000000FF1CE}_PROHYBRIDR_{F328D99F-F535-4753-B2D4-3CD9603715F6}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0410-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Italian) 2007
"{90120000-0019-0410-0000-0000000FF1CE}_PROHYBRIDR_{7F40286D-09A7-4DC0-A2A4-AA18D026D369}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0413-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Dutch) 2007
"{90120000-0019-0413-0000-0000000FF1CE}_PROHYBRIDR_{26257879-B20D-4D30-A429-B387A4890929}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0816-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Portuguese (Portugal)) 2007
"{90120000-0019-0816-0000-0000000FF1CE}_PROHYBRIDR_{F812A9CD-23C6-4BBC-B168-ED2C68B0F003}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0C0A-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Spanish) 2007
"{90120000-0019-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{D79E9128-A250-4155-BE90-2BE81DE0406A}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0404-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Chinese (Traditional)) 2007
"{90120000-001A-0404-0000-0000000FF1CE}_PROHYBRIDR_{7B317D54-6465-4DD1-9F08-41C3CD537B4E}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_PRO_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0408-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Greek) 2007
"{90120000-001A-0408-0000-0000000FF1CE}_PROHYBRIDR_{F86B508B-F1A2-4841-B906-CDDA3A548A2A}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-040C-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (French) 2007
"{90120000-001A-040C-0000-0000000FF1CE}_PROHYBRIDR_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-040D-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Hebrew) 2007
"{90120000-001A-040D-0000-0000000FF1CE}_PROHYBRIDR_{F328D99F-F535-4753-B2D4-3CD9603715F6}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0410-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Italian) 2007
"{90120000-001A-0410-0000-0000000FF1CE}_PROHYBRIDR_{7F40286D-09A7-4DC0-A2A4-AA18D026D369}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0413-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Dutch) 2007
"{90120000-001A-0413-0000-0000000FF1CE}_PROHYBRIDR_{26257879-B20D-4D30-A429-B387A4890929}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0816-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Portuguese (Portugal)) 2007
"{90120000-001A-0816-0000-0000000FF1CE}_PROHYBRIDR_{F812A9CD-23C6-4BBC-B168-ED2C68B0F003}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0C0A-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Spanish) 2007
"{90120000-001A-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{D79E9128-A250-4155-BE90-2BE81DE0406A}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0404-0000-0000000FF1CE}" = Microsoft Office Word MUI (Chinese (Traditional)) 2007
"{90120000-001B-0404-0000-0000000FF1CE}_PROHYBRIDR_{7B317D54-6465-4DD1-9F08-41C3CD537B4E}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_PRO_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0408-0000-0000000FF1CE}" = Microsoft Office Word MUI (Greek) 2007
"{90120000-001B-0408-0000-0000000FF1CE}_PROHYBRIDR_{F86B508B-F1A2-4841-B906-CDDA3A548A2A}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-040C-0000-0000000FF1CE}" = Microsoft Office Word MUI (French) 2007
"{90120000-001B-040C-0000-0000000FF1CE}_PROHYBRIDR_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-040D-0000-0000000FF1CE}" = Microsoft Office Word MUI (Hebrew) 2007
"{90120000-001B-040D-0000-0000000FF1CE}_PROHYBRIDR_{F328D99F-F535-4753-B2D4-3CD9603715F6}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0410-0000-0000000FF1CE}" = Microsoft Office Word MUI (Italian) 2007
"{90120000-001B-0410-0000-0000000FF1CE}_PROHYBRIDR_{7F40286D-09A7-4DC0-A2A4-AA18D026D369}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0413-0000-0000000FF1CE}" = Microsoft Office Word MUI (Dutch) 2007
"{90120000-001B-0413-0000-0000000FF1CE}_PROHYBRIDR_{26257879-B20D-4D30-A429-B387A4890929}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0816-0000-0000000FF1CE}" = Microsoft Office Word MUI (Portuguese (Portugal)) 2007
"{90120000-001B-0816-0000-0000000FF1CE}_PROHYBRIDR_{F812A9CD-23C6-4BBC-B168-ED2C68B0F003}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0C0A-0000-0000000FF1CE}" = Microsoft Office Word MUI (Spanish) 2007
"{90120000-001B-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{D79E9128-A250-4155-BE90-2BE81DE0406A}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0401-0000-0000000FF1CE}" = Microsoft Office Proof (Arabic) 2007
"{90120000-001F-0401-0000-0000000FF1CE}_PROHYBRIDR_{3E8EA473-ECCE-405F-A9CA-59446AEADD3A}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0403-0000-0000000FF1CE}" = Microsoft Office Proof (Catalan) 2007
"{90120000-001F-0403-0000-0000000FF1CE}_PROHYBRIDR_{BEADB115-DB47-4BD0-A9EC-AE585AFAB2D8}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0404-0000-0000000FF1CE}" = Microsoft Office Proof (Chinese (Traditional)) 2007
"{90120000-001F-0404-0000-0000000FF1CE}_PROHYBRIDR_{E4E8AF9E-0F8C-40E8-950A-CA40B7138049}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_PRO_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}_PROHYBRIDR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0408-0000-0000000FF1CE}" = Microsoft Office Proof (Greek) 2007
"{90120000-001F-0408-0000-0000000FF1CE}_PROHYBRIDR_{DB0C1C5A-7998-4B95-8BD5-ACACD18B0B53}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PRO_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PRO_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040D-0000-0000000FF1CE}" = Microsoft Office Proof (Hebrew) 2007
"{90120000-001F-040D-0000-0000000FF1CE}_PROHYBRIDR_{51590837-F141-43A8-B0EC-AEF16F1CBE78}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_PRO_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}_PROHYBRIDR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0413-0000-0000000FF1CE}" = Microsoft Office Proof (Dutch) 2007
"{90120000-001F-0413-0000-0000000FF1CE}_PROHYBRIDR_{2C95E7EE-FEA7-4B3A-A6E5-DF90A88B816A}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0416-0000-0000000FF1CE}" = Microsoft Office Proof (Portuguese (Brazil)) 2007
"{90120000-001F-0416-0000-0000000FF1CE}_PROHYBRIDR_{8A524694-0CA4-476A-9301-B1E9D70FC952}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0419-0000-0000000FF1CE}" = Microsoft Office Proof (Russian) 2007
"{90120000-001F-0419-0000-0000000FF1CE}_PROHYBRIDR_{EFE123B8-9F0A-4C50-A67B-0BADF3CB00DC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-042D-0000-0000000FF1CE}" = Microsoft Office Proof (Basque) 2007
"{90120000-001F-042D-0000-0000000FF1CE}_PROHYBRIDR_{017A6981-5E03-4A97-830A-35FE0927BB7F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0456-0000-0000000FF1CE}" = Microsoft Office Proof (Galician) 2007
"{90120000-001F-0456-0000-0000000FF1CE}_PROHYBRIDR_{A3A03B41-14EA-4E50-97D8-FCF429AE0CCB}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0816-0000-0000000FF1CE}" = Microsoft Office Proof (Portuguese (Portugal)) 2007
"{90120000-001F-0816-0000-0000000FF1CE}_PROHYBRIDR_{C8246FCF-12F8-4212-BC89-6ED049BA2FB8}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0028-0404-0000-0000000FF1CE}" = Microsoft Office IME (Chinese (Traditional)) 2007
"{90120000-0028-0404-0000-0000000FF1CE}_PROHYBRIDR_{55F3B092-C18B-4E04-9E53-F794641B39F4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0028-0404-1000-0000000FF1CE}_PROHYBRIDR_{490B52AE-965C-460C-9E0F-EE65C96F7AA1}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_PRO_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_PROHYBRIDR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0404-1000-0000000FF1CE}_PROHYBRIDR_{B1249A88-9E86-41F6-8942-848B01D2C316}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_PRO_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_PROHYBRIDR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0408-1000-0000000FF1CE}_PROHYBRIDR_{58D10C7E-20DE-47F0-BAFA-37A870A625F9}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_PROHYBRIDR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-040C-1000-0000000FF1CE}_PROHYBRIDR_{8283FD64-6A3B-4104-9E12-7CA25EF29A1A}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-040D-1000-0000000FF1CE}_PROHYBRIDR_{CA35966E-C879-49CB-A61C-B2EF26AE54B7}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0410-1000-0000000FF1CE}_PROHYBRIDR_{C0C7E58F-D0A1-4102-855B-0B7AA2E8F1C1}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0413-1000-0000000FF1CE}_PROHYBRIDR_{1D12BC91-360E-424C-97C4-813651313660}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0816-1000-0000000FF1CE}_PROHYBRIDR_{5E03E01D-304F-474D-B85F-06B2C9AE0583}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0C0A-1000-0000000FF1CE}_PROHYBRIDR_{430AE3E6-E982-4958-90FC-1C062BC74E22}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0404-0000-0000000FF1CE}" = Microsoft Office Proofing (Chinese (Traditional)) 2007
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-002C-0408-0000-0000000FF1CE}" = Microsoft Office Proofing (Greek) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-002C-040C-0000-0000000FF1CE}" = Microsoft Office Proofing (French) 2007
"{90120000-002C-040D-0000-0000000FF1CE}" = Microsoft Office Proofing (Hebrew) 2007
"{90120000-002C-0410-0000-0000000FF1CE}" = Microsoft Office Proofing (Italian) 2007
"{90120000-002C-0413-0000-0000000FF1CE}" = Microsoft Office Proofing (Dutch) 2007
"{90120000-002C-0816-0000-0000000FF1CE}" = Microsoft Office Proofing (Portuguese (Portugal)) 2007
"{90120000-002C-0C0A-0000-0000000FF1CE}" = Microsoft Office Proofing (Spanish) 2007
"{90120000-006E-0404-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Chinese (Traditional)) 2007
"{90120000-006E-0404-0000-0000000FF1CE}_PROHYBRIDR_{B1249A88-9E86-41F6-8942-848B01D2C316}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_PRO_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}_PROHYBRIDR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0408-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Greek) 2007
"{90120000-006E-0408-0000-0000000FF1CE}_PROHYBRIDR_{58D10C7E-20DE-47F0-BAFA-37A870A625F9}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROHYBRIDR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-040C-0000-0000000FF1CE}" = Microsoft Office Shared MUI (French) 2007
"{90120000-006E-040C-0000-0000000FF1CE}_PROHYBRIDR_{8283FD64-6A3B-4104-9E12-7CA25EF29A1A}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-040D-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Hebrew) 2007
"{90120000-006E-040D-0000-0000000FF1CE}_PROHYBRIDR_{CA35966E-C879-49CB-A61C-B2EF26AE54B7}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0410-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Italian) 2007
"{90120000-006E-0410-0000-0000000FF1CE}_PROHYBRIDR_{C0C7E58F-D0A1-4102-855B-0B7AA2E8F1C1}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0413-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Dutch) 2007
"{90120000-006E-0413-0000-0000000FF1CE}_PROHYBRIDR_{1D12BC91-360E-424C-97C4-813651313660}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0816-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Portuguese (Portugal)) 2007
"{90120000-006E-0816-0000-0000000FF1CE}_PROHYBRIDR_{5E03E01D-304F-474D-B85F-06B2C9AE0583}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0C0A-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Spanish) 2007
"{90120000-006E-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{430AE3E6-E982-4958-90FC-1C062BC74E22}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROHYBRIDR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_PROHYBRIDR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.PROPLUSR_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.PROPLUSR_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{95120000-0120-0407-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C450606-ED24-4958-92BA-B8940C99D441}" = PixiePack Codec Pack
"{9D48531D-2135-49FC-BC29-ACCDA5396A76}" = ASUS MultiFrame
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C20CE592-B0F8-4D20-BF31-0151CA6331A6}" = Samsung Media Studio
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{CC4BBCBA-89F6-47C3-9B0F-5CE5BB1C316C}" = WEB.DE Toolbar MSVC100 CRT x86
"{D1E5870E-E3E5-4475-98A6-ADD614524ADF}" = ATK Media
"{D3D54F3E-C5C3-443D-978F-87A72E5616E8}" = ATK Generic Function Service
"{D6F879CC-59D6-4D4B-AE9B-D761E48D25ED}" = Skype™ 5.3
"{DF5F687F-8018-4542-9F98-7084E9022917}" = Windows Live Essentials
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}" = ASUS Virtual Camera
"{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}" = Sony PC Companion 2.10.065
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0DF4513-3C4C-4EB8-8012-2C5F70AF3988}" = ASUS FancyStart
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F69E83CF-B440-43F8-89E6-6EA80712109B}" = Windows Live Communications Platform
"{FA2092C5-7979-412D-A962-6485274AE1EE}" = ASUS Data Security Manager
"1&1 Mail & Media GmbH 1und1Softwareaktualisierung" = WEB.DE Softwareaktualisierung
"1&1 Mail & Media GmbH Toolbar IE8" = WEB.DE Toolbar für Internet Explorer
"7-Zip" = 7-Zip 9.20
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"AFPL Ghostscript 8.54" = AFPL Ghostscript 8.54
"AFPL Ghostscript Fonts" = AFPL Ghostscript Fonts
"ASUS AP Bank_is1" = ASUS AP Bank
"ASUS_Screensaver" = ASUS_Screensaver
"Avira AntiVir Desktop" = Avira Free Antivirus
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon MOV Decoder" = Canon MOV Decoder
"Canon MOV Encoder" = Canon MOV Encoder
"ElsterFormular 13.1.0.8394p" = ElsterFormular
"ExpressRip" = Express Rip
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.2
"FreePDF_XP" = FreePDF (Remove only)
"Google Chrome" = Google Chrome
"GPL Ghostscript 8.70" = GPL Ghostscript 8.70
"HotspotShield" = Hotspot Shield 2.53
"ImgBurn" = ImgBurn
"InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = InterVideo WinDVD 8
"InstallShield_{331C520E-D8C3-4AB9-ADF7-A666A3561922}" = Alcor Micro USB Card Reader
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{63B4D80D-7BAC-4D1D-B9B6-27FF54197982}" = Regi
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"Lame MP3 Codec (for the ACM)" = Lame ACM MP3 Codec
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"Mozilla Firefox 9.0.1 (x86 de)" = Mozilla Firefox 9.0.1 (x86 de)
"MyCamera Download Plugin" = CANON iMAGE GATEWAY MyCamera Download Plugin
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"Orbit_is1" = Orbit Downloader
"PDF Blender" = PDF Blender
"PhotoStitch" = Canon Utilities PhotoStitch
"PRO" = Microsoft Office Professional 2007
"PROHYBRIDR" = 2007 Microsoft Office system
"Switch" = Switch Sound File Converter
"Uninstall_is1" = Uninstall 1.0.0.1
"Update Engine" = Sony Ericsson Update Engine
"WinGimp-2.0_is1" = GIMP 2.6.11
"WinLiveSuite_Wave3" = Windows Live Essentials
"XviD_is1" = XviD MPEG-4 Video Codec
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 5/27/2012 2:14:54 PM | Computer Name = A-K-PC | Source = Bonjour Service | ID = 100
Description =
 
Error - 5/27/2012 2:14:54 PM | Computer Name = A-K-PC | Source = Bonjour Service | ID = 100
Description =
 
Error - 5/27/2012 2:15:01 PM | Computer Name = A-K-PC | Source = Bonjour Service | ID = 100
Description =
 
Error - 5/27/2012 2:15:01 PM | Computer Name = A-K-PC | Source = Bonjour Service | ID = 100
Description =
 
Error - 5/27/2012 2:15:01 PM | Computer Name = A-K-PC | Source = Bonjour Service | ID = 100
Description =
 
Error - 5/28/2012 5:43:28 AM | Computer Name = A-K-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files
 (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
 Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
 AIR.dll" in Zeile 3.  Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
 des "version"-Attributs im assemblyIdentity-Element ist ungültig.
 
Error - 5/28/2012 6:38:43 PM | Computer Name = A-K-PC | Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 9.0.8112.16421 kann nicht mehr unter
 Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
 zu suchen.    Prozess-ID: 1258    Startzeit: 01cd3d21a0f6bbc0    Endzeit: 180    Anwendungspfad:
 C:\Program Files (x86)\Internet Explorer\iexplore.exe    Berichts-ID: 
 
Error - 5/30/2012 4:55:31 PM | Computer Name = A-K-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 9.0.8112.16421,
 Zeitstempel: 0x4d76255d  Name des fehlerhaften Moduls: nvwgf2um.dll, Version: 8.15.11.8678,
 Zeitstempel: 0x4a86ed91  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0004672e  ID des fehlerhaften
 Prozesses: 0x1148  Startzeit der fehlerhaften Anwendung: 0x01cd3ea68333be40  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Internet Explorer\iexplore.exe  Pfad
 des fehlerhaften Moduls: C:\Windows\system32\nvwgf2um.dll  Berichtskennung: cab792a0-aa99-11e1-a697-f93ec0ed5624
 
Error - 5/30/2012 5:18:57 PM | Computer Name = A-K-PC | Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 9.0.8112.16421 kann nicht mehr unter
 Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
 zu suchen.    Prozess-ID: 5b4    Startzeit: 01cd3ea9ab765ec8    Endzeit: 78    Anwendungspfad:
C:\Program Files (x86)\Internet Explorer\iexplore.exe    Berichts-ID: 
 
Error - 5/30/2012 5:19:22 PM | Computer Name = A-K-PC | Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 9.0.8112.16421 kann nicht mehr unter
 Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
 zu suchen.    Prozess-ID: de8    Startzeit: 01cd3ea8d9429a48    Endzeit: 16    Anwendungspfad:
C:\Program Files (x86)\Internet Explorer\iexplore.exe    Berichts-ID: 1e2558e9-aa9d-11e1-9239-f796660345d9

 
[ Media Center Events ]
Error - 3/11/2011 1:34:46 PM | Computer Name = A-K-PC | Source = MCUpdate | ID = 0
Description = 18:34:45 - Directory konnte nicht abgerufen werden (Fehler: Die Verbindung
 mit dem Remoteserver kann nicht hergestellt werden.) 
 
Error - 3/11/2011 1:35:41 PM | Computer Name = A-K-PC | Source = MCUpdate | ID = 0
Description = 18:35:28 - MCESpotlight konnte nicht abgerufen werden (Fehler: Die
 Verbindung mit dem Remoteserver kann nicht hergestellt werden.) 
 
Error - 3/11/2011 1:36:26 PM | Computer Name = A-K-PC | Source = MCUpdate | ID = 0
Description = 18:36:05 - MCEClientUX konnte nicht abgerufen werden (Fehler: Die
Verbindung mit dem Remoteserver kann nicht hergestellt werden.) 
 
Error - 3/11/2011 1:36:48 PM | Computer Name = A-K-PC | Source = MCUpdate | ID = 0
Description = 18:36:48 - Broadband konnte nicht abgerufen werden (Fehler: Die Verbindung
 mit dem Remoteserver kann nicht hergestellt werden.) 
 
Error - 3/12/2011 9:19:00 AM | Computer Name = A-K-PC | Source = MCUpdate | ID = 0
Description = 14:19:00 - Fehler beim Herstellen der Internetverbindung.  14:19:00
-    Serververbindung konnte nicht hergestellt werden.. 
 
Error - 3/12/2011 9:19:10 AM | Computer Name = A-K-PC | Source = MCUpdate | ID = 0
Description = 14:19:05 - Fehler beim Herstellen der Internetverbindung.  14:19:05
-    Serververbindung konnte nicht hergestellt werden.. 
 
Error - 4/11/2011 11:36:40 AM | Computer Name = A-K-PC | Source = MCUpdate | ID = 0
Description = 17:36:32 - Fehler beim Herstellen der Internetverbindung.  17:36:33
-    Serververbindung konnte nicht hergestellt werden.. 
 
Error - 4/15/2011 4:14:51 PM | Computer Name = A-K-PC | Source = MCUpdate | ID = 0
Description = 22:14:51 - Fehler beim Herstellen der Internetverbindung.  22:14:51
-    Serververbindung konnte nicht hergestellt werden.. 
 
Error - 4/15/2011 4:15:05 PM | Computer Name = A-K-PC | Source = MCUpdate | ID = 0
Description = 22:14:56 - Fehler beim Herstellen der Internetverbindung.  22:14:56
-    Serververbindung konnte nicht hergestellt werden.. 
 
Error - 4/17/2011 8:04:56 AM | Computer Name = A-K-PC | Source = MCUpdate | ID = 0
Description = 14:04:46 - Fehler beim Herstellen der Internetverbindung.  14:04:46
-    Serververbindung konnte nicht hergestellt werden.. 
 
[ System Events ]
Error - 6/1/2012 10:45:07 AM | Computer Name = A-K-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Arbeitsstationsdienst" wurde mit folgendem Fehler beendet:
  %%2
 
Error - 6/1/2012 10:45:09 AM | Computer Name = A-K-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 lxecCATSCustConnectService erreicht.
 
Error - 6/1/2012 10:45:09 AM | Computer Name = A-K-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "lxecCATSCustConnectService" wurde aufgrund folgenden Fehlers
 nicht gestartet:  %%1053
 
Error - 6/1/2012 12:32:16 PM | Computer Name = A-K-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "ASLDR Service" wurde unerwartet beendet. Dies ist bereits
1 Mal passiert.
 
Error - 6/1/2012 12:36:49 PM | Computer Name = A-K-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Arbeitsstationsdienst" wurde mit folgendem Fehler beendet:
  %%2
 
Error - 6/1/2012 12:36:51 PM | Computer Name = A-K-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 lxecCATSCustConnectService erreicht.
 
Error - 6/1/2012 12:36:51 PM | Computer Name = A-K-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "lxecCATSCustConnectService" wurde aufgrund folgenden Fehlers
 nicht gestartet:  %%1053
 
Error - 6/2/2012 7:23:56 AM | Computer Name = A-K-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Arbeitsstationsdienst" wurde mit folgendem Fehler beendet:
  %%2
 
Error - 6/2/2012 7:24:00 AM | Computer Name = A-K-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 lxecCATSCustConnectService erreicht.
 
Error - 6/2/2012 7:24:00 AM | Computer Name = A-K-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "lxecCATSCustConnectService" wurde aufgrund folgenden Fehlers
 nicht gestartet:  %%1053
 
 
< End of report >
--- --- ---


Combofix Logfile:
Code:
ComboFix 12-06-02.02 - Ann-Kristin 02.06.2012  14:04:22.1.2 - x64
Microsoft Windows 7 Home Premium  6.1.7600.0.1252.49.1031.18.4095.2558 [GMT 2:00]
ausgeführt von:: G:\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\FullRemove.exe
c:\users\Ann-Kristin\AppData\Roaming\.#
c:\windows\SysWow64\muzapp.exe
.
.
(((((((((((((((((((((((  Dateien erstellt von 2012-05-02 bis 2012-06-02  ))))))))))))))))))))))))))))))
.
.
2012-06-02 12:14 . 2012-06-02 12:14        --------        d-----w-        c:\users\Default\AppData\Local\temp
2012-06-02 11:29 . 2012-05-08 17:02        8955792        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{4104DC14-0B6D-428B-A83A-811A12DA4EF2}\mpengine.dll
2012-05-30 20:41 . 2012-05-30 20:41        237        ----a-w-        C:\user.js
2012-05-30 20:40 . 2012-05-30 20:40        --------        d-----w-        c:\users\Ann-Kristin\AppData\Roaming\Babylon
2012-05-30 20:40 . 2012-05-30 20:40        --------        d-----w-        c:\programdata\Babylon
2012-05-29 16:38 . 2012-05-29 16:38        --------        d-----w-        c:\users\Ann-Kristin\AppData\Roaming\ImgBurn
2012-05-29 16:37 . 2012-05-29 16:37        --------        d-----w-        c:\program files (x86)\ImgBurn
2012-05-27 21:21 . 2012-05-27 21:21        --------        d-----w-        c:\program files (x86)\Orbitdownloader
2012-05-23 22:36 . 2012-05-23 22:36        --------        d-----w-        c:\programdata\hssff
2012-05-21 16:06 . 2012-05-21 16:06        --------        d-----w-        C:\_OTL
2012-05-17 11:52 . 2012-05-17 11:52        --------        d-----w-        c:\users\Ann-Kristin\AppData\Roaming\SUPERAntiSpyware.com
2012-05-17 11:51 . 2012-05-30 21:00        --------        d-----w-        c:\program files\SUPERAntiSpyware
2012-05-17 11:51 . 2012-05-17 11:51        --------        d-----w-        c:\programdata\SUPERAntiSpyware.com
2012-05-16 16:24 . 2012-05-16 16:24        --------        d-----w-        c:\program files (x86)\7-Zip
2012-05-13 09:57 . 2012-05-13 09:57        --------        d-sh--w-        c:\windows\system32\%APPDATA%
2012-05-13 09:56 . 2012-05-13 09:56        --------        d-----w-        c:\program files\Microsoft Silverlight
2012-05-13 09:56 . 2012-05-13 09:56        --------        d-----w-        c:\program files (x86)\Microsoft Silverlight
2012-05-13 09:54 . 2012-05-13 09:54        --------        d-sh--w-        c:\windows\SysWow64\%APPDATA%
2012-05-12 16:15 . 2012-03-03 06:29        1541120        ----a-w-        c:\windows\system32\DWrite.dll
2012-05-12 16:15 . 2012-03-03 05:40        1074176        ----a-w-        c:\windows\SysWow64\DWrite.dll
2012-05-12 16:15 . 2012-03-03 06:29        320512        ----a-w-        c:\windows\system32\d3d10_1core.dll
2012-05-12 16:15 . 2012-03-03 06:29        197120        ----a-w-        c:\windows\system32\d3d10_1.dll
2012-05-12 16:15 . 2012-03-03 06:29        1837568        ----a-w-        c:\windows\system32\d3d10warp.dll
2012-05-12 16:15 . 2012-03-03 06:29        902656        ----a-w-        c:\windows\system32\d2d1.dll
2012-05-12 16:15 . 2012-03-03 05:40        1170944        ----a-w-        c:\windows\SysWow64\d3d10warp.dll
2012-05-12 16:15 . 2012-03-03 05:40        739840        ----a-w-        c:\windows\SysWow64\d2d1.dll
2012-05-12 16:15 . 2012-03-03 05:40        218624        ----a-w-        c:\windows\SysWow64\d3d10_1core.dll
2012-05-12 16:15 . 2012-03-03 05:40        161792        ----a-w-        c:\windows\SysWow64\d3d10_1.dll
2012-05-12 16:14 . 2012-04-02 05:34        5504880        ----a-w-        c:\windows\system32\ntoskrnl.exe
2012-05-12 16:14 . 2012-04-02 03:01        3143680        ----a-w-        c:\windows\system32\win32k.sys
2012-05-12 16:14 . 2012-04-02 04:46        3958128        ----a-w-        c:\windows\SysWow64\ntkrnlpa.exe
2012-05-12 16:14 . 2012-04-02 04:46        3902320        ----a-w-        c:\windows\SysWow64\ntoskrnl.exe
2012-05-12 16:14 . 2012-03-17 07:55        75632        ----a-w-        c:\windows\system32\drivers\partmgr.sys
2012-05-12 16:14 . 2012-03-30 11:09        1895280        ----a-w-        c:\windows\system32\drivers\tcpip.sys
2012-05-12 16:14 . 2012-04-02 05:26        1732096        ----a-w-        c:\program files\Windows Journal\NBDoc.DLL
2012-05-12 16:14 . 2012-04-02 05:24        1367552        ----a-w-        c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-12 16:14 . 2012-04-02 05:24        1393664        ----a-w-        c:\program files\Windows Journal\JNTFiltr.dll
2012-05-12 16:14 . 2012-04-02 04:40        936960        ----a-w-        c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2012-05-12 16:14 . 2012-04-02 05:24        1402880        ----a-w-        c:\program files\Windows Journal\JNWDRV.dll
2012-05-12 16:08 . 2012-05-16 15:35        --------        d-----w-        c:\program files (x86)\Spybot - Search & Destroy
2012-05-12 16:08 . 2012-05-16 15:35        --------        d-----w-        c:\programdata\Spybot - Search & Destroy
2012-05-06 09:32 . 2012-05-06 09:32        --------        d-----w-        c:\program files (x86)\Microsoft Synchronization Services
2012-05-06 09:25 . 2012-05-06 09:25        --------        d-----w-        c:\program files (x86)\Microsoft Visual Studio 8
2012-05-06 09:24 . 2012-05-06 09:24        --------        d-----w-        c:\program files (x86)\Microsoft Analysis Services
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-02 11:24 . 2009-12-20 14:02        45056        ----a-w-        c:\windows\system32\acovcnt.exe
2012-05-09 08:41 . 2012-01-02 14:24        98848        ----a-w-        c:\windows\system32\drivers\avgntflt.sys
2012-05-09 08:41 . 2012-01-02 14:24        132832        ----a-w-        c:\windows\system32\drivers\avipbb.sys
2012-04-04 13:56 . 2010-01-08 20:11        24904        ----a-w-        c:\windows\system32\drivers\mbam.sys
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{BF42D4A8-016E-4fcd-B1EB-837659FD77C6}]
2011-12-12 16:12        1600616        ----a-w-        c:\program files (x86)\WEB.DE Toolbar\IE\uitb.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{C424171E-592A-415a-9EB1-DFD6D95D3530}"= "c:\program files (x86)\WEB.DE Toolbar\IE\uitb.dll" [2011-12-12 1600616]
.
[HKEY_CLASSES_ROOT\clsid\{c424171e-592a-415a-9eb1-dfd6d95d3530}]
[HKEY_CLASSES_ROOT\uitb.Toolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{99F77431-0658-476F-99CE-A05F35CDC7BA}]
[HKEY_CLASSES_ROOT\uitb.Toolbar]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-02 01:08        143360        ----a-w-        c:\program files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt1.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58        94208        ----a-w-        c:\users\Ann-Kristin\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58        94208        ----a-w-        c:\users\Ann-Kristin\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58        94208        ----a-w-        c:\users\Ann-Kristin\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58        94208        ----a-w-        c:\users\Ann-Kristin\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sony PC Companion"="c:\program files (x86)\Sony\Sony PC Companion\PCCompanion.exe" [2012-04-12 445624]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-05-30 4786048]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-12-04 218408]
"HControlUser"="c:\program files (x86)\ASUS\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"ATKOSD2"="c:\program files (x86)\ASUS\ATKOSD2\ATKOSD2.exe" [2009-08-17 6859392]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Media\DMedia.exe" [2009-08-20 170624]
"SMSTray"="c:\program files (x86)\Samsung\Samsung Media Studio 5\SMSTray.exe" [2007-02-23 126976]
"MAAgent"="c:\program files (x86)\MarkAny\ContentSafer\MAAgent.exe" [2007-01-30 57344]
"FreePDF Assistant"="c:\program files (x86)\FreePDF_XP\fpassist.exe" [2009-09-05 385024]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-05-09 348624]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-06 421736]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
.
c:\users\Ann-Kristin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Ann-Kristin\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-2-15 24246216]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
FancyStart daemon.lnk - c:\windows\Installer\{F0DF4513-3C4C-4EB8-8012-2C5F70AF3988}\_A1DDD39913A1970387B7B3.exe [2009-11-30 12862]
SRS Premium Sound.lnk - c:\windows\Installer\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}\NewShortcut5_21C7B668029A47458B27645FE6E4A715.exe [2009-11-30 156880]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-08 135664]
R2 lxecCATSCustConnectService;lxecCATSCustConnectService;c:\windows\system32\spool\DRIVERS\x64\3\\lxecserv.exe [2010-04-14 45736]
R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [x]
R3 br3gmdm;BandLuxe 3.5G HSDPA Adapter - USB;c:\windows\system32\DRIVERS\br3gmdm.sys [x]
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [x]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-08 135664]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [x]
R3 Sony PC Companion;Sony PC Companion;c:\program files (x86)\Sony\Sony PC Companion\PCCService.exe [2012-01-18 155320]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-05-09 86224]
S2 ASMMAP64;ASMMAP64;c:\program files\ATKGFNEX\ASMMAP64.sys [2007-07-24 14904]
S2 hshld;Hotspot Shield Service;c:\program files (x86)\Hotspot Shield\bin\openvpnas.exe [2012-04-10 542552]
S2 HssWd;Hotspot Shield Monitoring Service;c:\program files (x86)\Hotspot Shield\bin\hsswd.exe [2012-04-02 329544]
S2 lxec_device;lxec_device;c:\windows\system32\lxeccoms.exe [2010-04-14 1052328]
S2 OberonGameConsoleService;Oberon Media Game Console service;c:\program files (x86)\Asus\Game Park\GameConsole\OberonGameConsoleService.exe [2009-09-15 44312]
S2 regi;regi;c:\windows\system32\drivers\regi.sys [x]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Update-Service-Installer-Service        REG_MULTI_SZ          Update-Service-Installer-Service
Update-Service        REG_MULTI_SZ          Update-Service
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{9C450606-ED24-4958-92BA-B8940C99D441}]
2009-03-04 15:32        8192        ----a-w-        c:\program files (x86)\PixiePack Codec Pack\InstallerHelper.exe
.
Inhalt des "geplante Tasks" Ordners
.
2012-06-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-08 16:19]
.
2012-06-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-08 16:19]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BF42D4A8-016E-4fcd-B1EB-837659FD77C6}]
2011-12-12 16:12        1993832        ----a-w-        c:\program files\WEB.DE Toolbar\IE\uitb.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}]
2012-04-02 18:47        287048        ----a-w-        c:\program files (x86)\Hotspot Shield\HssIE\HssIE_64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{C424171E-592A-415a-9EB1-DFD6D95D3530}"= "c:\program files\WEB.DE Toolbar\IE\uitb.dll" [2011-12-12 1993832]
.
[HKEY_CLASSES_ROOT\CLSID\{C424171E-592A-415a-9EB1-DFD6D95D3530}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-02 00:52        159744        ----a-w-        c:\program files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x64\OverlayIconShlExt1_64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58        97792        ----a-w-        c:\users\Ann-Kristin\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58        97792        ----a-w-        c:\users\Ann-Kristin\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58        97792        ----a-w-        c:\users\Ann-Kristin\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58        97792        ----a-w-        c:\users\Ann-Kristin\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayIconExtension1]
@="{fe25455d-b4c2-4e32-97d2-92632ec1c224}"
[HKEY_CLASSES_ROOT\CLSID\{fe25455d-b4c2-4e32-97d2-92632ec1c224}]
2009-11-25 10:47        444752        ----a-w-        c:\windows\System32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayIconExtension2]
@="{1fae2d88-a78e-4f03-909f-be818a3c1ce6}"
[HKEY_CLASSES_ROOT\CLSID\{1fae2d88-a78e-4f03-909f-be818a3c1ce6}]
2009-11-25 10:47        444752        ----a-w-        c:\windows\System32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EeeStorageBackup"="c:\program files (x86)\ASUS\Asus WebStorage\BackupService.exe" [2009-08-25 947472]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-08-15 16336416]
"ETDWare"="c:\program files\Elantech\ETDCtrl.exe" [2009-07-30 617856]
"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2009-08-12 323072]
"lxecmon.exe"="c:\program files (x86)\Lexmark Pro800-Pro900 Series\lxecmon.exe" [2010-05-17 770728]
"EzPrint"="c:\program files (x86)\Lexmark Pro800-Pro900 Series\ezprint.exe" [2010-05-17 148280]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.com/
uLocal Page = c:\windows\system32\blank.htm
mStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
mWindow Title = Microsoft Internet Explorer
uInternet Settings,ProxyOverride = <local>
IE: &Download by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/204
IE: An OneNote s&enden - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: Do&wnload selected by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/202
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Nach Microsoft &Excel exportieren - c:\progra~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{AE0DBBF2-C7B3-43F7-A622-F537BC2A9887}: NameServer = 10.79.16.1
Handler: webde - {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - c:\program files (x86)\WEB.DE Toolbar\IE\uitb.dll
FF - ProfilePath - c:\users\Ann-Kristin\AppData\Roaming\Mozilla\Firefox\Profiles\46osx4w2.default\
FF - prefs.js: browser.startup.homepage - hxxp://search.babylon.com/?affID=109986&babsrc=HP_ss&mntrId=38b9037e00000000000000ffae0dbbf2
FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?affID=109986&babsrc=KW_ss&mntrId=38b9037e00000000000000ffae0dbbf2&q=
FF - prefs.js: network.proxy.type - 0
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=109986
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - 38b9037e00000000000000ffae0dbbf2
FF - user.js: extensions.BabylonToolbar_i.hardId - 38b9037e00000000000000ffae0dbbf2
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15490
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1722:41
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-Setwallpaper - c:\programdata\SetWallpaper.cmd
Wow6432Node-HKLM-Run-Arcor Online - (no file)
Toolbar-Locked - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
AddRemove-ASUS_Screensaver - c:\windows\system32\ASUS_Screensaver.scr
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe
c:\program files\ATKGFNEX\GFNEXSrv.exe
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Hotspot Shield\HssWPR\hsssrv.exe
c:\program files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
c:\program files (x86)\ASUS\SmartLogon\sensorsrv.exe
c:\program files (x86)\ASUS\ATK Hotkey\HControl.exe
c:\program files (x86)\ASUS\ATK Hotkey\ATKOSD.exe
c:\program files (x86)\ASUS\ATK Hotkey\KBFiltr.exe
c:\program files (x86)\ASUS\ATK Hotkey\WDC.exe
c:\program files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe
c:\program files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe
c:\windows\AsScrPro.exe
c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe
c:\program files (x86)\Hotspot Shield\bin\openvpntray.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-06-02  14:39:54 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-06-02 12:39
.
Vor Suchlauf: 12 Verzeichnis(se), 12.377.464.832 Bytes frei
Nach Suchlauf: 20 Verzeichnis(se), 11.830.935.552 Bytes frei
.
- - End Of File - - 0D607AE83C649B130CB67FC8B6C22D76
--- --- ---

Chris4You 04.06.2012 06:36
Hi,

suchen wir nochmal nach dem Teil...

  • Doppelklick auf die SystemLook.exe, um das Tool zu starten.
  • Vista-User/Win7 mit Rechtsklick und als Administrator starten.
  • Kopiere den Inhalt der folgenden Codebox in das Textfeld des Tools:

Code:

:filefind
xpt8dpx4.tsp
d3dyl0vvc.dll

:regfind
xpt8dpx4.tsp
  • Klicke nun auf den Button Look, um den Scan zu starten.
Wenn der Suchlauf beendet ist, wird sich Dein Editor mit den Ergebnissen öffnen, diese hier in den Thread posten.
Die Ergebnisse werden auf dem Desktop als SystemLook.txt gespeichert.

Das Info bei Autoupdate ist im Securitycenter abgeschaltet, ist das gewollt...?

chris

akay 04.06.2012 18:21
Hallo Chris,


nee das mit dem Autoupdate ist nicht gewollt.
Du meinst sicherlich die Option unter System undSicherheit--> Windows Update --> Automatische Updates aktivieren oder deaktivieren, oder? Ich habe es nun abgeändert. Ich hatte mir jetzt auch mal Kaspersky runtergeladen und Avira vom PC runtergeworfen, in der Hoffnung dass es dafür sorgt, dass ich mir solche Viecher nicht mehr einfange...Kaspersky hatte mich dann auch auf so ein paar Programme aufmerksam gemacht, die evtl gefährlich sein können, die ich dann auch mal runtergeschmissen habe.

Hier nun zum SystemLook.txt:

SystemLook 30.07.11 by jpshortstuff
Log created at 19:16 on 04/06/2012 by Ann-Kristin
Administrator - Elevation successful

========== filefind ==========

Searching for "xpt8dpx4.tsp"
C:\Windows\System32\xpt8dpx4.tsp --a---- 1414656 bytes [21:43 11/01/2012] [21:43 11/01/2012] 9390EF13C47B7F578CFA8621FF364992

Searching for "d3dyl0vvc.dll"
No files found.

========== regfind ==========

Searching for "xpt8dpx4.tsp"
No data found.

-= EOF =-

Chris4You 05.06.2012 06:45
Hi,

die Datei ist nach wie vor da, wir setzen jetzt mal ComboFix darauf an...

ComboFix-Script
Die nachfolgenden Zeilen abkopieren und in den Windows-Editor(start->Programme->zubehör->edior)
kopieren und auf dem Desktop unter dem Namen "CFScript.txt" speichern (ohne Anführungszeichen!).
Code:
KILLALL::

RootKit::
C:\Windows\System32\xpt8dpx4.tsp
Danach die CFScript.txt mit der Mause anklicken und gedrückt halten und über dem ComboFix-Symbol fallen lassen.
(Maustaste loslassen, nennt man "Drag-and-Drop";o).
Jetzt sollte combofix starten und das script ausführen, poste das combofix-Log!

chris

akay 06.06.2012 01:24
Hi Chris,
anbei ComboFix Log.

Combofix Logfile:
Code:
ComboFix 12-06-05.03 - Ann-Kristin 06.06.2012  0:26.2.2 - x64
Microsoft Windows 7 Home Premium  6.1.7600.0.1252.49.1031.18.4095.2491 [GMT 2:00]
ausgeführt von:: c:\users\Ann-Kristin\Desktop\ComboFix.exe
AV: Kaspersky Internet Security *Disabled/Updated* {2EAA32A5-1EE1-1B22-95DA-337730C6E984}
FW: Kaspersky Internet Security *Disabled* {1691B380-548E-1A7A-BE85-9A42CE15AEFF}
SP: Kaspersky Internet Security *Disabled/Updated* {95CBD341-38DB-14AC-AF6A-08054B41A339}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((  Dateien erstellt von 2012-05-05 bis 2012-06-05  ))))))))))))))))))))))))))))))
.
.
2012-06-05 22:34 . 2012-06-05 22:34        --------        d-----w-        c:\users\Default\AppData\Local\temp
2012-06-05 22:14 . 2012-05-08 17:02        8955792        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{C504341C-D0B1-49B6-BE2D-553C62445E04}\mpengine.dll
2012-06-03 19:21 . 2012-06-03 19:21        419488        ----a-w-        c:\windows\SysWow64\FlashPlayerApp.exe
2012-06-03 18:14 . 2012-06-05 22:36        --------        d-----w-        c:\programdata\Kaspersky Lab
2012-06-03 18:14 . 2012-06-03 18:14        --------        d-----w-        c:\program files (x86)\Kaspersky Lab
2012-05-30 20:41 . 2012-05-30 20:41        237        ----a-w-        C:\user.js
2012-05-30 20:40 . 2012-05-30 20:40        --------        d-----w-        c:\users\Ann-Kristin\AppData\Roaming\Babylon
2012-05-30 20:40 . 2012-05-30 20:40        --------        d-----w-        c:\programdata\Babylon
2012-05-29 16:38 . 2012-05-29 16:38        --------        d-----w-        c:\users\Ann-Kristin\AppData\Roaming\ImgBurn
2012-05-29 16:37 . 2012-05-29 16:37        --------        d-----w-        c:\program files (x86)\ImgBurn
2012-05-23 22:36 . 2012-05-23 22:36        --------        d-----w-        c:\programdata\hssff
2012-05-21 16:06 . 2012-05-21 16:06        --------        d-----w-        C:\_OTL
2012-05-16 16:24 . 2012-05-16 16:24        --------        d-----w-        c:\program files (x86)\7-Zip
2012-05-13 09:57 . 2012-05-13 09:57        --------        d-sh--w-        c:\windows\system32\%APPDATA%
2012-05-13 09:56 . 2012-05-13 09:56        --------        d-----w-        c:\program files\Microsoft Silverlight
2012-05-13 09:56 . 2012-05-13 09:56        --------        d-----w-        c:\program files (x86)\Microsoft Silverlight
2012-05-13 09:54 . 2012-05-13 09:54        --------        d-sh--w-        c:\windows\SysWow64\%APPDATA%
2012-05-12 16:15 . 2012-03-03 06:29        1541120        ----a-w-        c:\windows\system32\DWrite.dll
2012-05-12 16:15 . 2012-03-03 05:40        1074176        ----a-w-        c:\windows\SysWow64\DWrite.dll
2012-05-12 16:15 . 2012-03-03 06:29        320512        ----a-w-        c:\windows\system32\d3d10_1core.dll
2012-05-12 16:15 . 2012-03-03 06:29        197120        ----a-w-        c:\windows\system32\d3d10_1.dll
2012-05-12 16:15 . 2012-03-03 06:29        1837568        ----a-w-        c:\windows\system32\d3d10warp.dll
2012-05-12 16:15 . 2012-03-03 06:29        902656        ----a-w-        c:\windows\system32\d2d1.dll
2012-05-12 16:15 . 2012-03-03 05:40        1170944        ----a-w-        c:\windows\SysWow64\d3d10warp.dll
2012-05-12 16:15 . 2012-03-03 05:40        739840        ----a-w-        c:\windows\SysWow64\d2d1.dll
2012-05-12 16:15 . 2012-03-03 05:40        218624        ----a-w-        c:\windows\SysWow64\d3d10_1core.dll
2012-05-12 16:15 . 2012-03-03 05:40        161792        ----a-w-        c:\windows\SysWow64\d3d10_1.dll
2012-05-12 16:14 . 2012-04-02 05:34        5504880        ----a-w-        c:\windows\system32\ntoskrnl.exe
2012-05-12 16:14 . 2012-04-02 03:01        3143680        ----a-w-        c:\windows\system32\win32k.sys
2012-05-12 16:14 . 2012-04-02 04:46        3958128        ----a-w-        c:\windows\SysWow64\ntkrnlpa.exe
2012-05-12 16:14 . 2012-04-02 04:46        3902320        ----a-w-        c:\windows\SysWow64\ntoskrnl.exe
2012-05-12 16:14 . 2012-03-17 07:55        75632        ----a-w-        c:\windows\system32\drivers\partmgr.sys
2012-05-12 16:14 . 2012-03-30 11:09        1895280        ----a-w-        c:\windows\system32\drivers\tcpip.sys
2012-05-12 16:14 . 2012-04-02 05:26        1732096        ----a-w-        c:\program files\Windows Journal\NBDoc.DLL
2012-05-12 16:14 . 2012-04-02 05:24        1367552        ----a-w-        c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-12 16:14 . 2012-04-02 05:24        1393664        ----a-w-        c:\program files\Windows Journal\JNTFiltr.dll
2012-05-12 16:14 . 2012-04-02 04:40        936960        ----a-w-        c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2012-05-12 16:14 . 2012-04-02 05:24        1402880        ----a-w-        c:\program files\Windows Journal\JNWDRV.dll
2012-05-12 16:08 . 2012-05-16 15:35        --------        d-----w-        c:\program files (x86)\Spybot - Search & Destroy
2012-05-12 16:08 . 2012-05-16 15:35        --------        d-----w-        c:\programdata\Spybot - Search & Destroy
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-04 20:13 . 2009-12-20 14:02        45056        ----a-w-        c:\windows\system32\acovcnt.exe
2012-06-03 19:21 . 2012-01-02 14:10        70304        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl
.
.
(((((((((((((((((((((((((((((  SnapShot@2012-06-02_12.21.00  )))))))))))))))))))))))))))))))))))))))))
.
- 2009-07-14 04:54 . 2012-06-02 12:16        32768              c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-06-05 22:35        32768              c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-06-05 22:35        32768              c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-06-02 12:16        32768              c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-11-30 01:11 . 2012-06-05 22:37        69376              c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-06-05 22:37        45130              c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2009-12-16 19:00 . 2012-06-05 22:10        21224              c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1019101953-637996755-3478337811-1000_UserData.bin
+ 2009-07-14 05:30 . 2012-06-03 18:15        86016              c:\windows\system32\DriverStore\infpub.dat
- 2009-07-14 05:30 . 2012-05-30 15:55        86016              c:\windows\system32\DriverStore\infpub.dat
+ 2011-03-10 16:36 . 2011-03-10 16:36        29488              c:\windows\system32\DriverStore\FileRepository\klim6.inf_amd64_neutral_e2fc5f0a3b5b03bc\klim6.sys
+ 2011-03-11 10:43 . 2011-03-11 10:43        35907              c:\windows\system32\drivers\klop.dat
+ 2009-11-02 18:27 . 2009-11-02 18:27        22544              c:\windows\system32\drivers\klmouflt.sys
+ 2011-03-10 16:36 . 2011-03-10 16:36        29488              c:\windows\system32\drivers\klim6.sys
+ 2011-03-04 11:23 . 2011-03-04 11:23        11864              c:\windows\system32\drivers\kl2.sys
- 2009-12-17 10:50 . 2012-06-02 12:16        16384              c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-12-17 10:50 . 2012-06-05 22:09        16384              c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-12-17 10:50 . 2012-06-02 12:16        32768              c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-12-17 10:50 . 2012-06-05 22:09        32768              c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-06-05 22:09        49152              c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-06-02 12:16        49152              c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:46 . 2012-06-05 22:11        78512              c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2010-03-23 17:31 . 2012-06-03 20:38        2002              c:\windows\system32\wdi\ERCQueuedResolutions.dat
+ 2012-06-04 17:11 . 2012-06-05 22:15        1810              c:\windows\SoftwareDistribution\EventCache\{1975D7D2-A5D2-45EC-8ED8-D7FE7BE6E214}.bin
+ 2012-06-05 22:35 . 2012-06-05 22:35        2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-06-02 12:16 . 2012-06-02 12:16        2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-06-05 22:35 . 2012-06-05 22:35        2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-06-02 12:16 . 2012-06-02 12:16        2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-06-03 19:21 . 2012-06-03 19:21        351904              c:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_2_202_235_ActiveX.exe
+ 2012-06-03 19:21 . 2012-06-03 19:21        424096              c:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_2_202_235_ActiveX.dll
+ 2012-06-03 19:21 . 2012-06-03 19:21        257696              c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
+ 2010-05-05 16:01 . 2012-06-05 22:35        245760              c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2010-05-05 16:01 . 2012-06-02 12:16        245760              c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2009-07-14 04:54 . 2012-06-02 12:16        344064              c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-06-05 22:35        344064              c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 02:36 . 2012-06-02 11:49        634946              c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-06-02 12:22        634946              c:\windows\system32\perfh009.dat
+ 2009-08-04 09:51 . 2012-06-02 12:22        676404              c:\windows\system32\perfh007.dat
- 2009-08-04 09:51 . 2012-06-02 11:49        676404              c:\windows\system32\perfh007.dat
+ 2009-07-14 02:36 . 2012-06-02 12:22        116076              c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-06-02 11:49        116076              c:\windows\system32\perfc009.dat
- 2009-08-04 09:51 . 2012-06-02 11:49        142620              c:\windows\system32\perfc007.dat
+ 2009-08-04 09:51 . 2012-06-02 12:22        142620              c:\windows\system32\perfc007.dat
+ 2012-06-03 19:21 . 2012-06-03 19:21        631456              c:\windows\system32\Macromed\Flash\FlashUtil64_11_2_202_235_ActiveX.exe
+ 2012-06-03 19:21 . 2012-06-03 19:21        461984              c:\windows\system32\Macromed\Flash\FlashUtil64_11_2_202_235_ActiveX.dll
+ 2011-04-24 21:14 . 2011-04-24 21:14        234896              c:\windows\system32\klogon.dll
+ 2009-07-14 05:30 . 2012-06-03 18:15        143360              c:\windows\system32\DriverStore\infstrng.dat
- 2009-07-14 05:30 . 2012-05-30 15:55        143360              c:\windows\system32\DriverStore\infstrng.dat
+ 2009-07-14 05:30 . 2012-06-03 18:15        143360              c:\windows\system32\DriverStore\infstor.dat
- 2009-07-14 05:30 . 2012-05-30 15:55        143360              c:\windows\system32\DriverStore\infstor.dat
+ 2012-06-03 18:16 . 2012-06-03 18:16        152233              c:\windows\system32\drivers\klin.dat
+ 2012-06-03 18:13 . 2012-06-03 18:13        615728              c:\windows\system32\drivers\klif.sys
+ 2012-06-03 18:16 . 2012-06-03 18:16        107177              c:\windows\system32\drivers\klick.dat
+ 2011-03-04 11:23 . 2011-03-04 11:23        460888              c:\windows\system32\drivers\kl1.sys
+ 2009-07-14 05:12 . 2012-06-05 22:09        262144              c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2009-07-14 05:12 . 2012-06-02 12:16        262144              c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2009-07-14 05:01 . 2012-06-02 12:14        408756              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-06-05 22:34        408756              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 04:45 . 2012-06-05 22:11        3798234              c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
- 2009-07-14 04:45 . 2012-05-13 13:15        3798234              c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2011-10-13 16:49 . 2011-10-13 16:49        4647424              c:\windows\Installer\2a601.msi
+ 2009-07-14 02:34 . 2012-06-05 22:24        10485760              c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
- 2009-07-14 02:34 . 2012-06-02 11:39        10485760              c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
+ 2012-01-03 17:31 . 2012-06-05 22:34        12037320              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1019101953-637996755-3478337811-1000-12288.dat
.
-- Snapshot auf jetziges Datum zurückgesetzt --
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-02 01:08        143360        ----a-w-        c:\program files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt1.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58        94208        ----a-w-        c:\users\Ann-Kristin\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58        94208        ----a-w-        c:\users\Ann-Kristin\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58        94208        ----a-w-        c:\users\Ann-Kristin\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58        94208        ----a-w-        c:\users\Ann-Kristin\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sony PC Companion"="c:\program files (x86)\Sony\Sony PC Companion\PCCompanion.exe" [2012-04-12 445624]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-12-04 218408]
"HControlUser"="c:\program files (x86)\ASUS\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"ATKOSD2"="c:\program files (x86)\ASUS\ATKOSD2\ATKOSD2.exe" [2009-08-17 6859392]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Media\DMedia.exe" [2009-08-20 170624]
"SMSTray"="c:\program files (x86)\Samsung\Samsung Media Studio 5\SMSTray.exe" [2007-02-23 126976]
"MAAgent"="c:\program files (x86)\MarkAny\ContentSafer\MAAgent.exe" [2007-01-30 57344]
"FreePDF Assistant"="c:\program files (x86)\FreePDF_XP\fpassist.exe" [2009-09-05 385024]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-06 421736]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"AVP"="c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe" [2011-04-24 202296]
.
c:\users\Ann-Kristin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Ann-Kristin\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-2-15 24246216]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
FancyStart daemon.lnk - c:\windows\Installer\{F0DF4513-3C4C-4EB8-8012-2C5F70AF3988}\_A1DDD39913A1970387B7B3.exe [2009-11-30 12862]
SRS Premium Sound.lnk - c:\windows\Installer\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}\NewShortcut5_21C7B668029A47458B27645FE6E4A715.exe [2009-11-30 156880]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [x]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-08 135664]
R2 lxecCATSCustConnectService;lxecCATSCustConnectService;c:\windows\system32\spool\DRIVERS\x64\3\\lxecserv.exe [2010-04-14 45736]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-03 257696]
R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [x]
R3 br3gmdm;BandLuxe 3.5G HSDPA Adapter - USB;c:\windows\system32\DRIVERS\br3gmdm.sys [x]
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [x]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-08 135664]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [x]
R3 Sony PC Companion;Sony PC Companion;c:\program files (x86)\Sony\Sony PC Companion\PCCService.exe [2012-01-18 155320]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S1 kl2;kl2;c:\windows\system32\DRIVERS\kl2.sys [x]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [x]
S2 ASMMAP64;ASMMAP64;c:\program files\ATKGFNEX\ASMMAP64.sys [2007-07-24 14904]
S2 hshld;Hotspot Shield Service;c:\program files (x86)\Hotspot Shield\bin\openvpnas.exe [2012-04-10 542552]
S2 HssWd;Hotspot Shield Monitoring Service;c:\program files (x86)\Hotspot Shield\bin\hsswd.exe [2012-04-02 329544]
S2 lxec_device;lxec_device;c:\windows\system32\lxeccoms.exe [2010-04-14 1052328]
S2 OberonGameConsoleService;Oberon Media Game Console service;c:\program files (x86)\Asus\Game Park\GameConsole\OberonGameConsoleService.exe [2009-09-15 44312]
S2 regi;regi;c:\windows\system32\drivers\regi.sys [x]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [x]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Update-Service-Installer-Service        REG_MULTI_SZ          Update-Service-Installer-Service
Update-Service        REG_MULTI_SZ          Update-Service
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{9C450606-ED24-4958-92BA-B8940C99D441}]
2009-03-04 15:32        8192        ----a-w-        c:\program files (x86)\PixiePack Codec Pack\InstallerHelper.exe
.
Inhalt des "geplante Tasks" Ordners
.
2012-06-05 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-03 19:21]
.
2012-06-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-08 16:19]
.
2012-06-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-08 16:19]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-02 00:52        159744        ----a-w-        c:\program files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x64\OverlayIconShlExt1_64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58        97792        ----a-w-        c:\users\Ann-Kristin\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58        97792        ----a-w-        c:\users\Ann-Kristin\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58        97792        ----a-w-        c:\users\Ann-Kristin\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58        97792        ----a-w-        c:\users\Ann-Kristin\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayIconExtension1]
@="{fe25455d-b4c2-4e32-97d2-92632ec1c224}"
[HKEY_CLASSES_ROOT\CLSID\{fe25455d-b4c2-4e32-97d2-92632ec1c224}]
2009-11-25 10:47        444752        ----a-w-        c:\windows\System32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayIconExtension2]
@="{1fae2d88-a78e-4f03-909f-be818a3c1ce6}"
[HKEY_CLASSES_ROOT\CLSID\{1fae2d88-a78e-4f03-909f-be818a3c1ce6}]
2009-11-25 10:47        444752        ----a-w-        c:\windows\System32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EeeStorageBackup"="c:\program files (x86)\ASUS\Asus WebStorage\BackupService.exe" [2009-08-25 947472]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-08-15 16336416]
"ETDWare"="c:\program files\Elantech\ETDCtrl.exe" [2009-07-30 617856]
"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2009-08-12 323072]
"lxecmon.exe"="c:\program files (x86)\Lexmark Pro800-Pro900 Series\lxecmon.exe" [2010-05-17 770728]
"EzPrint"="c:\program files (x86)\Lexmark Pro800-Pro900 Series\ezprint.exe" [2010-05-17 148280]
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = about:blank
uLocal Page = c:\windows\system32\blank.htm
mStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
IE: An OneNote s&enden - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Hinzufügen zu Anti-Banner - c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm
IE: Nach Microsoft &Excel exportieren - c:\progra~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{AE0DBBF2-C7B3-43F7-A622-F537BC2A9887}: NameServer = 10.79.16.1
FF - ProfilePath - c:\users\Ann-Kristin\AppData\Roaming\Mozilla\Firefox\Profiles\46osx4w2.default\
FF - prefs.js: browser.startup.homepage - hxxp://search.babylon.com/?affID=109986&babsrc=HP_ss&mntrId=38b9037e00000000000000ffae0dbbf2
FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?affID=109986&babsrc=KW_ss&mntrId=38b9037e00000000000000ffae0dbbf2&q=
FF - prefs.js: network.proxy.type - 0
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=109986
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - 38b9037e00000000000000ffae0dbbf2
FF - user.js: extensions.BabylonToolbar_i.hardId - 38b9037e00000000000000ffae0dbbf2
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15490
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1722:41
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{C424171E-592A-415A-9EB1-DFD6D95D3530} - (no file)
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe
c:\program files\ATKGFNEX\GFNEXSrv.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Hotspot Shield\HssWPR\hsssrv.exe
c:\program files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
c:\program files (x86)\ASUS\SmartLogon\sensorsrv.exe
c:\program files (x86)\ASUS\ATK Hotkey\HControl.exe
c:\program files (x86)\ASUS\ATK Hotkey\ATKOSD.exe
c:\program files (x86)\ASUS\ATK Hotkey\KBFiltr.exe
c:\program files (x86)\ASUS\ATK Hotkey\WDC.exe
c:\program files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe
c:\program files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe
c:\windows\AsScrPro.exe
c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe
c:\program files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-06-06  00:44:13 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-06-05 22:44
ComboFix2.txt  2012-06-02 12:40
.
Vor Suchlauf: 18 Verzeichnis(se), 12.880.867.328 Bytes frei
Nach Suchlauf: 19 Verzeichnis(se), 12.737.212.416 Bytes frei
.
- - End Of File - - 15D8B2A2EA4E8203444DF10B3DDC9E3A
--- --- ---

Chris4You 06.06.2012 06:43
Hi,

hmm hat das mit dem Drag-an-Drop funktioniert? CF meldet nicht, dass er das File "gekillt" hätte...
Prüfe mal bitte, ob das Script für CF nicht etwa "CFScript.txt.txt" heisst

Was sagt Kaspersky zu dem File (xpt8dpx4.tsp)?

chris

akay 06.06.2012 18:53
Liste der Anhänge anzeigen (Anzahl: 1)
Hi Chris,

also die Datei heißt wirklich CFScript.txt und Kaspersky sieht die Datei irgendwie nicht als bedrohlich an?
Ich habe dir mal ein Sreenshot gemacht...
Irgendwie echt komisch :/

P.S. Mit Drag & Drop hat es übrigens auch funktioniert.

Chris4You 06.06.2012 20:39
Hi,

ja, kein Scanner findet alles...
In der Reg wird das Teil nicht aufgerufen (wir haben danach gesucht)...

Ich wäre versucht nochmal die Killbox drauf anzusetzen...

http://virus-protect.org/killbox.html
oder
http://www.wintotal.de/Software/index.php?id=4101

Options: Delete on Reboot --> anhaken
reinkopieren:
Code:
C:\Windows\System32\xpt8dpx4.tsp
und klicke auf das rote Kreuz, wenn gefragt wird, ob "Do you want to reboot? "---- klicke auf "no",und kopiere das nächste rein, erst beim letzten auf "yes"

PC neustarten

chris

akay 09.06.2012 17:15
Hi Chris,
sorry für die späte Antwort, aber ich war die letzte Tage nicht da ;-)
Also die beiden Links funktionieren irgendwie nicht richtig, die du mir geschickt hast.
Bei dem ersten Link verweiste er mich weieter (• lade Killbox auf das Windows Desktop ) aber dann öffnet sich eine neue Seite auf der ich aber die Killbox nicht runter laden kann.
Bei dem zweiten Link kommt folgende Meldung "Dieser Eintrag existiert nicht.".
Kannst du die beiden Links vielleicht mal ausprobieren? Vielleicht mache ich ja auch etwas falsch. Letztens hatte das mit der Killbox ja auch noch funktioniert, hm...

Viele Grüße

Chris4You 10.06.2012 08:49
Hi,

probiere mal den Link aus...
http://www.chip.de/downloads/Pocket-..._20730776.html

chris

akay 10.06.2012 13:19
Hi,

es scheint funktioniert zu haben :)

Viele Grüße
A-K

Chris4You 11.06.2012 06:31
Hi,

ok, dann wären wir erstmal durch...

chris

akay 11.06.2012 07:53
Guten Morgen,

Vielen lieben Dank!
Ich hoffe, ich habe jetzt erstmal Ruhe ;-)

Liebe Grüße
Akay


Alle Zeitangaben in WEZ +1. Es ist jetzt 04:11 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19