Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Hab ich ein Hacker?

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 20.10.2012, 15:21   #1
gabriella
 
Hab ich ein Hacker? - Standard

Hab ich ein Hacker?



hallo ihr lieben. hab schon viel gegoggelt. aber nie hab ich mein problem gefunden. oder ich hab in anderen foren wie die symptome gefragt und wurde hier geleitet.

mein problem ist. seit tagen war mein pc langsamer und die tastatur schrieb nicht mehr richtig. also die buchstabend wurden manchma nicht getippt musste dan öfter drauf.
dan hab ich die system wiederhherstellung durchgeführt. auf ein früherern zeit zurück gesetzte. dann ging es wieder. ich konnt normal schreiben.
dan nach paar tagen war wieder das selbe. aber es kam immer vor wenn ich das laptop meinem vater ausgeliehen hatte. dan kam das problem. aber er hat ja nix gemacht ausser auto verkauf seiten anzuschauen. ok er kennt sich auch nicht gut aus mit pc :/ jetzt hab ich wieder zurück gesetzt und kann wieder gut schreiben.

dan gestern abend is was ganz komisches passiert. ich war in facebook und habe eine freundin ne mail geschriebn. hab seehr lang geschrieben und wärend des scheibens wurde mein KOMPLETER text MAKIERT und GELÖSCHT
ich war geschockt. das ging in 1 sekunde sau schnell. ich dachte erst hab was falsch gemacht aber glaube nicht.
eine freundin sagt villt liegt das am touchmous am laptop?
aber ich bin nie da dran gekomen? es war wärend des tippen.
ok mein touchmouse spinnt auch manchma. dan wird der bildschirm kleiner die schrift. dan geht die seite zurück also auf die vorherrige seite. aber nur wenn ich auf dem touchmouse arbeite. dan spinnt der manchma so. aber ob der auch wärend des tippens was macht? Oo
dan hab ich gelesen das man auch so ein USB stick unter die tastatur verstekcen kann womit man hacken kann. ich weiss nciht ob ich sowas haben kann? woran sieht man oder erkennt man es?
ich hab den freund einmal in mein zimmer erwischt. er war unerlaubt drin. ich kam rein. aber hab ihn nicht an meinem laptop gesehen er war hinter der tür. hmm ob er das so schnell einbauen kan? als ich bemerkte das er nicht mehr da war bis ich hoch ging. sind villt 5min gewesen. reicht die zeit?

und ein freund hat unsren wlan passwort. und sein vater hat öfters unsren pc laptop repariert er hat auch den passwort usw. weiss nicht.
ob die das villt sind? ob die mich gehackt haben?
ich wurde doch gehackt oder?
ich hab ihn dan heut ma gefragt. ihm gefragt was da los war an mein pc. hat er erst versucht zu ignoierin. keine ahnung was du angestellt hast. hat erst so gemacht. und er war auf der arbeit. dan hat er gesagt warte kurz muss was machen. dan musste er die ganze zeit i.was machen. ob er wirklich gearbeitet hat?
oder nur ablenken wollte keine ahnung :/ er hat gaaaanz schön laaang was gemacht.
dan kam er wieder und hat mich nochma gefragt. habs ihm gesagt und er hat gefragt was für ein anti vir program ich hab. ich hatte avira program. und er sagte der wär sehr schlecht. hab dan ein anderes instaliert. avast hab ich instaliert.
ja dan hat er mir geholfen.
aber weiss nicht :/ wie erfahr ich sowas. hab echt angst. vorallem wenn er es ist dan weiss er alles -.- wenns fremde sind is ja noch nich so schlimm denk ich :/

ich hoffe jemand kann mir helfen bitte ...
ich hab damit auch ein komplete systemprüfung durchgefürt und es hat nix gefunden.

bitte bitte hilfe (

Alt 20.10.2012, 19:36   #2
markusg
/// Malware-holic
 
Hab ich ein Hacker? - Standard

Hab ich ein Hacker?



Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die
    OTL.exe
    .
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Kopiere nun den Inhalt in die
    Textbox.
Code:
ATTFilter
activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
C:\Windows\system32\*.tsp
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
         
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Kopiere
    nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread
__________________

__________________

Alt 20.10.2012, 21:24   #3
gabriella
 
Hab ich ein Hacker? - Standard

Hab ich ein Hacker?



für was soll ich das machen?
was passiert dan? warum muss ich das hier posten?
__________________

Alt 20.10.2012, 21:53   #4
markusg
/// Malware-holic
 
Hab ich ein Hacker? - Standard

Hab ich ein Hacker?



na damit wir deine frage beantworten können
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 20.10.2012, 23:24   #5
gabriella
 
Hab ich ein Hacker? - Standard

Hab ich ein Hacker?



ich wollte das jetzt herunterladen den link den du gegeben hast OTL
aber die webseite geht nicht???


Alt 20.10.2012, 23:30   #6
markusg
/// Malware-holic
 
Hab ich ein Hacker? - Standard

Hab ich ein Hacker?



dann guck dir den zweiten link an
__________________
--> Hab ich ein Hacker?

Alt 21.10.2012, 22:45   #7
gabriella
 
Hab ich ein Hacker? - Standard

Hab ich ein Hacker?



ok.. hab das in goggle angegebn. und hab das nun im desktop. also is nicht runtergeladen nur ein programm is angegangen.
und beim runterladen hat mein pc auch drauf gewahrnt das der nicht sicher sei?
und führ das jetzt durch. seit ner halben stunde läuft das wie lang dauert das?
und muss alle programme aus auch avast anti vir programm? Oo

OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 21.10.2012 23:15:16 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Melike\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,86 Gb Total Physical Memory | 2,18 Gb Available Physical Memory | 56,62% Memory free
7,71 Gb Paging File | 5,69 Gb Available in Paging File | 73,80% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 455,13 Gb Total Space | 385,05 Gb Free Space | 84,60% Space Free | Partition Type: NTFS
 
Computer Name: MELIKE-VAIO | User Name: Melike | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Melike\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe (Siber Systems)
PRC - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe ()
PRC - C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
PRC - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
PRC - C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Program Files (x86)\Samsung\Kies\Kies.exe (Samsung)
PRC - C:\Programme\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Programme\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe (Google Inc.)
PRC - C:\Users\Melike\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
PRC - C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
PRC - C:\Program Files (x86)\Yuna Software\Messenger Plus!\PlusService.exe (Yuna Software)
PRC - C:\Programme\Sony\VAIO Care\VCService.exe (Sony Corporation)
PRC - C:\Programme\Sony\VAIO Care\listener.exe (Sony of America Corporation)
PRC - C:\Program Files (x86)\SONY\VAIO Event Service\VESMgr.exe (Sony Corporation)
PRC - C:\Programme\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe (Sony Corporation)
PRC - C:\Program Files (x86)\SONY\Marketing Tools\MarketingTools.exe (Sony Corporation)
PRC - C:\Program Files (x86)\Avea Jet Mobil Modem\AssistantServices.exe ()
PRC - C:\Program Files (x86)\Avea Jet Mobil Modem\UIExec.exe ()
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\SONY\VAIO Event Service\VESMgrSub.exe (Sony Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe (Sony Corporation)
PRC - C:\Program Files (x86)\SONY\PMB\PMBVolumeWatcher.exe (Sony Corporation)
PRC - C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe (Sony Corporation)
PRC - C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe (Sony Corporation)
PRC - C:\Program Files (x86)\SONY\ISB Utility\ISBMgr.exe (Sony Corporation)
PRC - C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe (ArcSoft, Inc.)
PRC - C:\Program Files (x86)\SoftMaker Office 2008\smash.exe ()
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\26e0457a9776a0e9f23e3986686d90a5\System.ServiceProcess.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\d0e1cdaff8f9055187f8e7b52c060dff\System.Management.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\31fab24c51c0cfe8b8115f24545f169f\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\b68bee05c7e518172982cc92059c3315\System.Xaml.ni.dll ()
MOD - C:\Program Files (x86)\Common Files\AVG Secure Search\DNTInstaller\12.2.6\avgdttbx.dll ()
MOD - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\12.2.6\SiteSafety.dll ()
MOD - C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
MOD - C:\Users\Melike\AppData\Local\Temp\fbe2808e-2380-4f14-a1fa-3fa9c3a364e8\CliSecureRT.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\d239f585ee55f833dbe21e897e1265ac\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\00a4922fbf869a79c043b665035516b6\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\b7de318e9fd1ef519ca6c1f3b5dba8e0\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\09bd2126bba2ab4f29ed52afde1470d7\System.Core.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\4230ed1c7990e4ee8352baf67a2a85fa\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\9abe44a0f82070ead5f1256683a4d25a\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\a6e37a05b8d0cedbc5c3ea266ae3fc31\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\608d29d7cc89f3a9a195c91354561915\PresentationFramework.Aero.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\a84262e1224189f93e10cd3c403a9527\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\a6be120e49f895ef6b00e9918402395b\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\c1af4ec9a36f671617a8ecaec00373f4\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\69ca4a43ba14b66689715ad62aed70e6\System.ServiceProcess.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Program Files (x86)\Avea Jet Mobil Modem\UIExec.exe ()
MOD - C:\Program Files (x86)\SoftMaker Office 2008\smash.exe ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (SampleCollector) -- C:\Program Files\Sony\VAIO Care\VCPerfService.exe (Sony Corporation)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (vToolbarUpdater12.2.6) -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe ()
SRV - (avast! Antivirus) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (VUAgent) -- C:\Programme\Sony\VAIO Update Common\VUAgent.exe (Sony Corporation)
SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (VCService) -- C:\Programme\Sony\VAIO Care\VCService.exe (Sony Corporation)
SRV - (VAIO Event Service) -- C:\Program Files (x86)\SONY\VAIO Event Service\VESMgr.exe (Sony Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (ACDaemon) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (VcmXmlIfHelper) -- C:\Programme\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe (Sony Corporation)
SRV - (VcmIAlzMgr) -- C:\Programme\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe (Sony Corporation)
SRV - (VSNService) -- C:\Programme\Sony\VAIO Smart Network\VSNService.exe (Sony Corporation)
SRV - (UI Assistant Service) -- C:\Program Files (x86)\Avea Jet Mobil Modem\AssistantServices.exe ()
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (VAIO Power Management) -- C:\Programme\Sony\VAIO Power Management\SPMService.exe (Sony Corporation)
SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (PMBDeviceInfoProvider) -- C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe (Sony Corporation)
SRV - (SOHDms) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe (Sony Corporation)
SRV - (SOHPlMgr) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe (Sony Corporation)
SRV - (SOHDs) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe (Sony Corporation)
SRV - (SOHCImp) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe (Sony Corporation)
SRV - (SOHDBSvr) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe (Sony Corporation)
SRV - (VzCdbSvc) -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe (Sony Corporation)
SRV - (VAIO Entertainment TV Device Arbitration Service) -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe (Sony Corporation)
SRV - (VCFw) -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe (Sony Corporation)
SRV - (btwdins) -- C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
SRV - (VcmINSMgr) -- C:\Programme\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe (Sony Corporation)
SRV - (Roxio Upnp Server 10) -- C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe (Sonic Solutions)
SRV - (Roxio UPnP Renderer 10) -- C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe (Sonic Solutions)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (uCamMonitor) -- C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe (ArcSoft, Inc.)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (avgtp) -- C:\Windows\SysNative\drivers\avgtpx64.sys (AVG Technologies)
DRV:64bit: - (aswSnx) -- C:\Windows\SysNative\drivers\aswSnx.sys (AVAST Software)
DRV:64bit: - (aswSP) -- C:\Windows\SysNative\drivers\aswSP.sys (AVAST Software)
DRV:64bit: - (aswTdi) -- C:\Windows\SysNative\drivers\aswTdi.sys (AVAST Software)
DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (AVAST Software)
DRV:64bit: - (aswRdr) -- C:\Windows\SysNative\drivers\aswRdr2.sys (AVAST Software)
DRV:64bit: - (aswFsBlk) -- C:\Windows\SysNative\drivers\aswFsBlk.sys (AVAST Software)
DRV:64bit: - (ssudmdm) -- C:\Windows\SysNative\drivers\ssudmdm.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV:64bit: - (dg_ssudbus) -- C:\Windows\SysNative\drivers\ssudbus.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (mfehidk) -- C:\Windows\SysNative\drivers\mfehidk.sys (McAfee, Inc.)
DRV:64bit: - (mfeavfk) -- C:\Windows\SysNative\drivers\mfeavfk.sys (McAfee, Inc.)
DRV:64bit: - (mfesmfk) -- C:\Windows\SysNative\drivers\mfesmfk.sys (McAfee, Inc.)
DRV:64bit: - (mferkdk) -- C:\Windows\SysNative\drivers\mferkdk.sys (McAfee, Inc.)
DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (RTHDMIAzAudService) -- C:\Windows\SysNative\drivers\RtHDMIVX.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (HECIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (btwrchid) -- C:\Windows\SysNative\drivers\btwrchid.sys (Broadcom Corporation.)
DRV:64bit: - (btwavdt) -- C:\Windows\SysNative\drivers\btwavdt.sys (Broadcom Corporation.)
DRV:64bit: - (btwaudio) -- C:\Windows\SysNative\drivers\btwaudio.sys (Broadcom Corporation.)
DRV:64bit: - (btusbflt) -- C:\Windows\SysNative\drivers\btusbflt.sys (Broadcom Corporation.)
DRV:64bit: - (btwl2cap) -- C:\Windows\SysNative\drivers\btwl2cap.sys (Broadcom Corporation.)
DRV:64bit: - (Impcd) -- C:\Windows\SysNative\drivers\Impcd.sys (Intel Corporation)
DRV:64bit: - (yukonw7) -- C:\Windows\SysNative\drivers\yk62x64.sys ()
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (rimspci) -- C:\Windows\SysNative\drivers\rimssne64.sys (REDC)
DRV:64bit: - (ApfiltrService) -- C:\Windows\SysNative\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV:64bit: - (ZTEusbser6k) -- C:\Windows\SysNative\drivers\ZTEusbser6k.sys (ZTE Incorporated)
DRV:64bit: - (ZTEusbnmea) -- C:\Windows\SysNative\drivers\ZTEusbnmea.sys (ZTE Incorporated)
DRV:64bit: - (ZTEusbmdm6k) -- C:\Windows\SysNative\drivers\ZTEusbmdm6k.sys (ZTE Incorporated)
DRV:64bit: - (massfilter) -- C:\Windows\SysNative\drivers\massfilter.sys (ZTE Incorporated)
DRV:64bit: - (risdsnpe) -- C:\Windows\SysNative\drivers\risdsne64.sys (REDC)
DRV:64bit: - (SFEP) -- C:\Windows\SysNative\drivers\SFEP.sys (Sony Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (ArcSoftKsUFilter) -- C:\Windows\SysNative\drivers\ArcSoftKsUFilter.sys (ArcSoft, Inc.)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.chatzum.com/
IE - HKLM\..\URLSearchHook: {3d684ca7-5d30-4a7e-9768-e17df98df80f} - C:\Program Files (x86)\Messenger_Plus_DE\prxtbMess.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {542e4d79-1970-4e95-9862-fdb96f61b280} - C:\Program Files (x86)\Messenger_Plus_Live_Germany\tbMess.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {76aeea42-e04a-4b62-83ab-df4b2be2541e} - C:\Program Files (x86)\MessengerPlusLive_Germany_TB\tbMess.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://search.chatzum.com/?q={searchTerms}
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
IE - HKLM\..\SearchScopes\{F3AFFA0B-E041-4744-AA95-5DBAA91668EC}: "URL" = hxxp://startsear.ch/?aff=1&q={searchTerms}
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-3293341661-1854416894-1858696592-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=SVEC&bmod=EU01
IE - HKU\S-1-5-21-3293341661-1854416894-1858696592-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = 
IE - HKU\S-1-5-21-3293341661-1854416894-1858696592-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = 
IE - HKU\S-1-5-21-3293341661-1854416894-1858696592-1001\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-3293341661-1854416894-1858696592-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\S-1-5-21-3293341661-1854416894-1858696592-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-3293341661-1854416894-1858696592-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-3293341661-1854416894-1858696592-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 13 4E 57 36 4A F8 CA 01  [binary data]
IE - HKU\S-1-5-21-3293341661-1854416894-1858696592-1001\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKU\S-1-5-21-3293341661-1854416894-1858696592-1001\..\URLSearchHook: {3d684ca7-5d30-4a7e-9768-e17df98df80f} - C:\Program Files (x86)\Messenger_Plus_DE\prxtbMess.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-3293341661-1854416894-1858696592-1001\..\URLSearchHook: {542e4d79-1970-4e95-9862-fdb96f61b280} - C:\Program Files (x86)\Messenger_Plus_Live_Germany\tbMess.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-3293341661-1854416894-1858696592-1001\..\URLSearchHook: {76aeea42-e04a-4b62-83ab-df4b2be2541e} - C:\Program Files (x86)\MessengerPlusLive_Germany_TB\tbMess.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-3293341661-1854416894-1858696592-1001\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-3293341661-1854416894-1858696592-1001\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKU\S-1-5-21-3293341661-1854416894-1858696592-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?FORM=IEFM1&q={searchTerms}&src={referrer:source?}
IE - HKU\S-1-5-21-3293341661-1854416894-1858696592-1001\..\SearchScopes\{193B98E1-5744-4AEE-995D-9CCEC0FC8D29}: "URL" = hxxp://de.shopping.com/?linkin_id=8056363
IE - HKU\S-1-5-21-3293341661-1854416894-1858696592-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\S-1-5-21-3293341661-1854416894-1858696592-1001\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = https://isearch.avg.com/search?cid={6A4112F9-9F1B-4EE2-BB82-BC83169FEBC6}&mid=cf1f1c6c371b47d0b153d16df859924c-c120c58d62caccb0dac6dcee2749d9a25f365848&lang=de&ds=od011&pr=sa&d=2012-09-17 22:46:21&v=12.2.5.34&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-3293341661-1854416894-1858696592-1001\..\SearchScopes\{96bd48dd-741b-41ae-ac4a-aff96ba00f7e}: "URL" = hxxp://search.chatzum.com/?q={SearchTerms}
IE - HKU\S-1-5-21-3293341661-1854416894-1858696592-1001\..\SearchScopes\{AA022CC6-C197-438F-9A0F-9077E3A5DC21}: "URL" = hxxp://rover.ebay.com/rover/1/707-37276-16609-0/4?satitle={searchTerms}
IE - HKU\S-1-5-21-3293341661-1854416894-1858696592-1001\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
IE - HKU\S-1-5-21-3293341661-1854416894-1858696592-1001\..\SearchScopes\{B3953847-1DA2-4D11-A996-AF0C20CF1A17}: "URL" = hxxp://www.zinio.com/search/index.jsp?s={searchTerms}&rf=sonyie8search
IE - HKU\S-1-5-21-3293341661-1854416894-1858696592-1001\..\SearchScopes\{D9E04E38-4A08-45F4-85BD-55FC50494630}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SVEC_deDE380
IE - HKU\S-1-5-21-3293341661-1854416894-1858696592-1001\..\SearchScopes\{F3AFFA0B-E041-4744-AA95-5DBAA91668EC}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SVEC_deDE380
IE - HKU\S-1-5-21-3293341661-1854416894-1858696592-1001\..\SearchScopes\{F3D0CFC4-B924-40A3-B35A-F329786083EA}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=&apn_dtid=OSJ000&apn_uid=E7B8BBD1-35CF-4147-93EC-BC1BA214A718&apn_sauid=C02C270E-00DC-42B9-B336-EA205A90A549
IE - HKU\S-1-5-21-3293341661-1854416894-1858696592-1001\..\SearchScopes\Plasmoo: "URL" = hxxp://plasmoo.com/index.htm?SearchMashine=true&q={searchTerms}
IE - HKU\S-1-5-21-3293341661-1854416894-1858696592-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js - File not found
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\12.2.6\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Melike\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\12.2.5.34\ [2012.09.17 22:46:29 | 000,000,000 | ---D | M]
 
[2012.09.28 23:40:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Melike\AppData\Roaming\mozilla\Extensions
[2012.10.11 14:29:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Melike\AppData\Roaming\mozilla\Firefox\Profiles\uafe1gji.default\extensions
[2012.10.11 14:29:22 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Melike\AppData\Roaming\mozilla\Firefox\Profiles\uafe1gji.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.09.29 22:51:19 | 000,000,000 | ---D | M] ("Linkury Smartbar") -- C:\Users\Melike\AppData\Roaming\mozilla\Firefox\Profiles\uafe1gji.default\extensions\helperbar@helperbar.com
[2012.09.28 23:39:47 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.09.06 04:07:37 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.09.06 04:07:37 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.09.06 04:07:37 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.09.06 04:07:37 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.09.06 04:07:37 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.09.06 04:07:37 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (avast! EasyPass Toolbar Helper) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll (AVAST Software)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (Messenger Plus DE Toolbar) - {3d684ca7-5d30-4a7e-9768-e17df98df80f} - C:\Program Files (x86)\Messenger_Plus_DE\prxtbMess.dll (Conduit Ltd.)
O2 - BHO: (Messenger Plus Live Germany Toolbar) - {542e4d79-1970-4e95-9862-fdb96f61b280} - C:\Program Files (x86)\Messenger_Plus_Live_Germany\tbMess.dll (Conduit Ltd.)
O2 - BHO: (avast! EasyPass Toolbar Helper) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (AVAST Software)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (MessengerPlusLive Germany TB Toolbar) - {76aeea42-e04a-4b62-83ab-df4b2be2541e} - C:\Program Files (x86)\MessengerPlusLive_Germany_TB\tbMess.dll (Conduit Ltd.)
O2 - BHO: (IE5BarLauncherBHO Class) - {78F3A323-798E-4AEA-9A57-88F4B05FD5DD} - C:\Program Files (x86)\vShare.tv plugin\BarLcher.dll (VShare Inc.)
O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\12.2.5.34\AVG Secure Search_toolbar.dll ()
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3:64bit: - HKLM\..\Toolbar: (avast! EasyPass Toolbar) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Messenger Plus DE Toolbar) - {3d684ca7-5d30-4a7e-9768-e17df98df80f} - C:\Program Files (x86)\Messenger_Plus_DE\prxtbMess.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Messenger Plus Live Germany Toolbar) - {542e4d79-1970-4e95-9862-fdb96f61b280} - C:\Program Files (x86)\Messenger_Plus_Live_Germany\tbMess.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (avast! EasyPass Toolbar) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (MessengerPlusLive Germany TB Toolbar) - {76aeea42-e04a-4b62-83ab-df4b2be2541e} - C:\Program Files (x86)\MessengerPlusLive_Germany_TB\tbMess.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (VShareToolBar) - {7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} - C:\Program Files (x86)\vShare.tv plugin\BarLcher.dll (VShare Inc.)
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\12.2.5.34\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3:64bit: - HKU\S-1-5-21-3293341661-1854416894-1858696592-1001\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKU\S-1-5-21-3293341661-1854416894-1858696592-1001\..\Toolbar\WebBrowser: (Messenger Plus DE Toolbar) - {3D684CA7-5D30-4A7E-9768-E17DF98DF80F} - C:\Program Files (x86)\Messenger_Plus_DE\prxtbMess.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-3293341661-1854416894-1858696592-1001\..\Toolbar\WebBrowser: (Messenger Plus Live Germany Toolbar) - {542E4D79-1970-4E95-9862-FDB96F61B280} - C:\Program Files (x86)\Messenger_Plus_Live_Germany\tbMess.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-3293341661-1854416894-1858696592-1001\..\Toolbar\WebBrowser: (MessengerPlusLive Germany TB Toolbar) - {76AEEA42-E04A-4B62-83AB-DF4B2BE2541E} - C:\Program Files (x86)\MessengerPlusLive_Germany_TB\tbMess.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-3293341661-1854416894-1858696592-1001\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [Apoint] C:\Programme\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [MarketingTools] C:\Program Files (x86)\Sony\Marketing Tools\MarketingTools.exe (Sony Corporation)
O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe (Symantec Corporation)
O4 - HKLM..\Run: [PlusService] C:\Program Files (x86)\Yuna Software\Messenger Plus!\PlusService.exe (Yuna Software)
O4 - HKLM..\Run: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation)
O4 - HKLM..\Run: [ROC_ROC_NT] C:\Program Files (x86)\AVG Secure Search\ROC_ROC_NT.exe ()
O4 - HKLM..\Run: [UIExec] C:\Program Files (x86)\Avea Jet Mobil Modem\UIExec.exe ()
O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3293341661-1854416894-1858696592-1001..\Run: [Facebook Update] C:\Users\Melike\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKU\S-1-5-21-3293341661-1854416894-1858696592-1001..\Run: [KiesAirMessage] C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup File not found
O4 - HKU\S-1-5-21-3293341661-1854416894-1858696592-1001..\Run: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
O4 - HKU\S-1-5-21-3293341661-1854416894-1858696592-1001..\Run: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe (Samsung)
O4 - HKU\S-1-5-21-3293341661-1854416894-1858696592-1001..\Run: [RoboForm] C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems)
O4 - HKU\S-1-5-21-3293341661-1854416894-1858696592-1001..\Run: [Smash] C:\Program Files (x86)\SoftMaker Office 2008\Smash.exe ()
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-3293341661-1854416894-1858696592-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Add to &Evernote - C:\Program Files (x86)\Evernote\Evernote3.5\enbar.dll (Evernote Corporation)
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Melike\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8:64bit: - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Melike\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: RF - avast! EasyPass-Leiste ein/aus - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O8:64bit: - Extra context menu item: RF - Formular ausfüllen - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8:64bit: - Extra context menu item: RF - Formular speichern - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O8:64bit: - Extra context menu item: RF - Menü anpassen - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8 - Extra context menu item: Add to &Evernote - C:\Program Files (x86)\Evernote\Evernote3.5\enbar.dll (Evernote Corporation)
O8 - Extra context menu item: Free YouTube Download - C:\Users\Melike\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Melike\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: RF - avast! EasyPass-Leiste ein/aus - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O8 - Extra context menu item: RF - Formular ausfüllen - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8 - Extra context menu item: RF - Formular speichern - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O8 - Extra context menu item: RF - Menü anpassen - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O9:64bit: - Extra Button: Ausfüllen - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll (AVAST Software)
O9:64bit: - Extra 'Tools' menuitem : RF - Formular ausfüllen - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll (AVAST Software)
O9:64bit: - Extra Button: Speichern - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll (AVAST Software)
O9:64bit: - Extra 'Tools' menuitem : RF - Formular speichern - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll (AVAST Software)
O9:64bit: - Extra Button: Show Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll (AVAST Software)
O9:64bit: - Extra 'Tools' menuitem : RF - avast! EasyPass-Leiste ein/aus - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll (AVAST Software)
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Ausfüllen - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (AVAST Software)
O9 - Extra 'Tools' menuitem : RF - Formular ausfüllen - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (AVAST Software)
O9 - Extra Button: Speichern - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (AVAST Software)
O9 - Extra 'Tools' menuitem : RF - Formular speichern - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (AVAST Software)
O9 - Extra Button: Show Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (AVAST Software)
O9 - Extra 'Tools' menuitem : RF - avast! EasyPass-Leiste ein/aus - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (AVAST Software)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - C:\Program Files (x86)\Evernote\Evernote3.5\enbar.dll (Evernote Corporation)
O9 - Extra 'Tools' menuitem : Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - C:\Program Files (x86)\Evernote\Evernote3.5\enbar.dll (Evernote Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6DD0B22D-C026-4940-9700-1362E8BA5673}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EB67E911-867D-4C13-AE00-E3C7ECA0A89B}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\12.2.6\ViProtocol.dll ()
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\VESWinlogon: DllName - (VESWinlogon.dll) - C:\Windows\SysWow64\VESWinlogon.dll (Sony Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{ace558ec-843a-11e0-ad9f-0024bebd7bbf}\Shell - "" = AutoRun
O33 - MountPoints2\{ace558ec-843a-11e0-ad9f-0024bebd7bbf}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - 
ActiveX:64bit: >{DB562198-3A06-4B5D-86EF-D9ED5AD005BC} - RunDLL32 IEDKCS32.DLL,BrandIE4 CUSTOM
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
 
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.10.20 16:08:16 | 000,000,000 | ---D | C] -- C:\Users\Melike\AppData\Local\{49D5E3F5-9CFE-431D-882E-5138B29F4B71}
[2012.10.20 13:51:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! EasyPass
[2012.10.20 13:51:09 | 000,000,000 | ---D | C] -- C:\ProgramData\RoboForm
[2012.10.20 13:50:48 | 000,000,000 | ---D | C] -- C:\Users\Melike\Documents\My Avast EasyPass Data
[2012.10.20 13:49:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Siber Systems
[2012.10.20 13:47:52 | 000,359,464 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2012.10.20 13:47:52 | 000,025,232 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2012.10.20 13:47:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2012.10.20 13:47:50 | 000,054,072 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2012.10.20 13:47:49 | 000,969,200 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2012.10.20 13:47:49 | 000,059,728 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2012.10.20 13:47:48 | 000,285,328 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2012.10.20 13:47:48 | 000,071,600 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2012.10.20 13:46:48 | 000,041,224 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2012.10.20 13:46:46 | 000,227,648 | ---- | C] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2012.10.20 13:46:23 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2012.10.20 13:46:23 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2012.10.18 20:29:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012.10.17 14:45:09 | 000,000,000 | ---D | C] -- C:\Users\Melike\AppData\Local\{73A7E0FE-737C-49E0-858A-E4D7CC937078}
[2012.10.12 20:58:09 | 000,000,000 | ---D | C] -- C:\Users\Melike\AppData\Local\{05729DC2-4C75-49B9-BCBC-A0F25E7C4174}
[2012.10.12 00:51:02 | 000,000,000 | ---D | C] -- C:\Users\Melike\AppData\Local\{9B9F5C53-8813-486D-8E1F-461ED969D7A8}
[2012.10.08 22:57:45 | 000,000,000 | ---D | C] -- C:\Users\Melike\AppData\Local\{8A605B0D-72D9-40FE-9A43-874994F2B9C9}
[2012.10.07 18:31:19 | 000,000,000 | ---D | C] -- C:\Users\Melike\AppData\Local\{136909EC-0A36-4BDC-A5A9-401AEC31C701}
[2012.10.06 14:39:43 | 000,000,000 | ---D | C] -- C:\Users\Melike\AppData\Local\{BF6AE6D1-123F-4B16-8698-221DAED45DA9}
[2012.10.03 11:46:48 | 000,000,000 | ---D | C] -- C:\Users\Melike\AppData\Local\{C4F98B05-E10E-4D43-A852-5C6A5C43E989}
[2012.10.01 12:58:59 | 000,000,000 | ---D | C] -- C:\Users\Melike\AppData\Local\{B6CB8E81-F17A-4378-B1A2-775EA0DECF50}
[2012.10.01 11:36:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2012.09.29 00:03:03 | 000,000,000 | ---D | C] -- C:\Users\Melike\AppData\Local\Macromedia
[2012.09.29 00:02:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\McAfee Security Scan
[2012.09.28 23:39:55 | 000,000,000 | ---D | C] -- C:\Users\Melike\AppData\Roaming\Mozilla
[2012.09.28 23:39:55 | 000,000,000 | ---D | C] -- C:\Users\Melike\AppData\Local\Mozilla
[2012.09.28 23:39:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2012.09.28 23:39:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012.09.28 23:39:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012.09.26 22:25:37 | 000,000,000 | ---D | C] -- C:\Users\Melike\AppData\Local\{DDBB39CA-F502-4892-A7A6-59882323C504}
[2012.09.25 23:48:18 | 000,000,000 | ---D | C] -- C:\Users\Melike\AppData\Local\Smartbar
[2012.09.25 15:29:09 | 000,000,000 | ---D | C] -- C:\Users\Melike\AppData\Local\{0B74ABB6-6BEC-4BA9-B909-D18E0181BAB7}
[2012.09.24 15:08:24 | 000,000,000 | ---D | C] -- C:\Users\Melike\AppData\Local\{4B3BB9DB-1118-464E-AADB-265D6C7411ED}
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.10.21 23:14:14 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.10.21 23:01:38 | 000,001,142 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3293341661-1854416894-1858696592-1001UA.job
[2012.10.21 23:01:38 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.10.21 23:01:37 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.10.21 23:01:32 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.10.21 12:21:00 | 000,013,872 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.10.21 12:21:00 | 000,013,872 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.10.21 12:20:00 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3293341661-1854416894-1858696592-1001Core.job
[2012.10.21 12:11:49 | 3106,480,128 | -HS- | M] () -- C:\hiberfil.sys
[2012.10.20 13:47:52 | 000,001,922 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012.10.20 13:47:48 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2012.10.19 13:15:08 | 001,498,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.10.19 13:15:08 | 000,654,400 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.10.19 13:15:08 | 000,616,242 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.10.19 13:15:08 | 000,130,240 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.10.19 13:15:08 | 000,106,622 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.10.03 13:58:23 | 000,001,296 | ---- | M] () -- C:\Users\Melike\AppData\Roaming\wklnhst.dat
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.10.20 13:47:52 | 000,001,922 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012.10.20 13:47:48 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
[2012.08.28 10:04:34 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2012.08.28 10:04:34 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2012.08.28 10:04:34 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2012.08.28 10:04:34 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2012.08.28 10:04:32 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2012.03.25 19:48:46 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2011.07.09 11:36:41 | 000,000,000 | ---- | C] () -- C:\Users\Melike\AppData\Local\{5FA0EC5D-2424-498E-8B34-04968C2B9395}
[2010.06.07 14:10:50 | 000,001,296 | ---- | C] () -- C:\Users\Melike\AppData\Roaming\wklnhst.dat
[2010.05.20 19:33:56 | 000,000,221 | ---- | C] () -- C:\ProgramData\MusicStation.xml
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2011.12.18 17:40:22 | 000,000,000 | -HSD | M] -- C:\Users\Melike\AppData\Roaming\.#
[2010.09.13 09:35:14 | 000,000,000 | ---D | M] -- C:\Users\Melike\AppData\Roaming\Auslogics
[2012.10.11 14:29:28 | 000,000,000 | ---D | M] -- C:\Users\Melike\AppData\Roaming\DVDVideoSoft
[2011.05.10 19:24:11 | 000,000,000 | ---D | M] -- C:\Users\Melike\AppData\Roaming\DVDVideoSoftIEHelpers
[2010.11.26 13:29:24 | 000,000,000 | ---D | M] -- C:\Users\Melike\AppData\Roaming\NCH Swift Sound
[2012.09.17 22:44:38 | 000,000,000 | ---D | M] -- C:\Users\Melike\AppData\Roaming\OpenCandy
[2012.09.17 21:46:40 | 000,000,000 | ---D | M] -- C:\Users\Melike\AppData\Roaming\Samsung
[2012.04.14 18:30:09 | 000,000,000 | ---D | M] -- C:\Users\Melike\AppData\Roaming\SoftMaker
[2010.06.07 14:11:23 | 000,000,000 | ---D | M] -- C:\Users\Melike\AppData\Roaming\Template
[2010.07.18 22:50:58 | 000,000,000 | ---D | M] -- C:\Users\Melike\AppData\Roaming\Ulead Systems
[2011.09.13 13:48:28 | 000,000,000 | ---D | M] -- C:\Users\Melike\AppData\Roaming\Windows Live Writer
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*. >
[2010.06.07 14:06:54 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2012.05.13 22:52:13 | 000,000,000 | ---D | M] -- C:\7483fe05bf6f85242cf78f4dd2
[2010.01.15 10:10:53 | 000,000,000 | ---D | M] -- C:\Documentation
[2009.07.14 07:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2010.05.20 19:24:16 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2012.07.21 19:59:02 | 000,000,000 | ---D | M] -- C:\Firefox
[2009.12.25 23:35:29 | 000,000,000 | ---D | M] -- C:\Intel
[2010.01.15 09:38:30 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2009.07.14 05:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2012.10.20 13:46:23 | 000,000,000 | R--D | M] -- C:\Program Files
[2012.10.20 13:59:57 | 000,000,000 | R--D | M] -- C:\Program Files (x86)
[2012.10.20 13:59:57 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2010.05.20 19:24:16 | 000,000,000 | -HSD | M] -- C:\Programme
[2010.01.15 09:23:54 | 000,000,000 | -H-D | M] -- C:\SPLASH.000
[2010.01.15 09:23:42 | 000,000,000 | -H-D | M] -- C:\SPLASH.SYS
[2012.10.21 23:19:44 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2010.01.15 10:01:23 | 000,000,000 | ---D | M] -- C:\Temp
[2012.04.10 17:19:19 | 000,000,000 | ---D | M] -- C:\Update
[2010.05.21 22:02:23 | 000,000,000 | R--D | M] -- C:\Users
[2012.10.20 13:46:48 | 000,000,000 | ---D | M] -- C:\Windows
[2010.01.15 10:10:53 | 000,000,000 | ---D | M] -- C:\_FS_SWRINFO
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
< C:\Windows\system32\*.tsp >
[2009.07.14 03:14:11 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\hidphone.tsp
[2009.07.14 03:14:11 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kmddsp.tsp
[2009.07.14 03:14:11 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ndptsp.tsp
[2009.07.14 03:14:11 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\remotesp.tsp
[2010.11.20 14:16:53 | 000,281,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\unimdm.tsp
[2009.07.14 07:08:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2009.07.14 07:08:49 | 000,032,640 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010.01.15 09:24:53 | 000,001,120 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
[2010.01.15 09:24:53 | 000,001,124 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
[2012.03.29 18:49:20 | 000,000,884 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job
[2012.07.05 12:10:45 | 000,001,120 | ---- | C] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3293341661-1854416894-1858696592-1001Core.job
[2012.07.05 12:10:45 | 000,001,142 | ---- | C] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3293341661-1854416894-1858696592-1001UA.job
 
< MD5 for: AGP440.SYS  >
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: EXPLORER.EXE  >
[2011.02.26 08:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011.02.26 07:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009.07.14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011.02.26 07:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011.02.26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011.02.25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011.02.25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011.02.26 08:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010.11.20 14:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2009.08.03 08:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2009.10.31 08:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009.08.03 07:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010.11.20 15:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2009.10.31 08:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009.08.03 07:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009.07.14 03:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009.10.31 08:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2011.02.26 08:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2009.08.03 08:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
 
< MD5 for: IASTOR.SYS  >
[2009.11.21 01:09:48 | 000,537,112 | ---- | M] (Intel Corporation) MD5=073A606333B6F7BBF20AA856DF7F0997 -- C:\Windows\SysNative\drivers\iaStor.sys
[2009.11.21 01:09:48 | 000,537,112 | ---- | M] (Intel Corporation) MD5=073A606333B6F7BBF20AA856DF7F0997 -- C:\Windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_53f33454d751d4bd\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011.03.11 08:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
[2011.03.11 08:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys
[2011.03.11 08:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys
[2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.07.14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll
[2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
[2011.03.11 08:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys
[2011.03.11 08:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys
[2011.03.11 08:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009.07.14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll
[2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2009.07.14 03:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[2009.07.14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
[2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll
[2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009.07.14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009.10.28 09:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009.10.28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
< %USERPROFILE%\*.* >
[2012.10.21 23:49:20 | 004,718,592 | -HS- | M] () -- C:\Users\Melike\ntuser.dat
[2012.10.21 23:49:20 | 000,262,144 | -HS- | M] () -- C:\Users\Melike\ntuser.dat.LOG1
[2010.05.20 19:24:25 | 000,000,000 | -HS- | M] () -- C:\Users\Melike\ntuser.dat.LOG2
[2010.05.20 19:31:35 | 000,065,536 | -HS- | M] () -- C:\Users\Melike\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
[2010.05.20 19:31:35 | 000,524,288 | -HS- | M] () -- C:\Users\Melike\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
[2010.05.20 19:31:35 | 000,524,288 | -HS- | M] () -- C:\Users\Melike\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
[2012.09.29 23:52:04 | 000,065,536 | -HS- | M] () -- C:\Users\Melike\ntuser.dat{8331697f-0a31-11e2-8e83-0024bebd7bbf}.TM.blf
[2012.09.29 23:52:04 | 000,524,288 | -HS- | M] () -- C:\Users\Melike\ntuser.dat{8331697f-0a31-11e2-8e83-0024bebd7bbf}.TMContainer00000000000000000001.regtrans-ms
[2012.09.29 23:52:04 | 000,524,288 | -HS- | M] () -- C:\Users\Melike\ntuser.dat{8331697f-0a31-11e2-8e83-0024bebd7bbf}.TMContainer00000000000000000002.regtrans-ms
[2010.08.13 23:06:59 | 000,065,536 | -HS- | M] () -- C:\Users\Melike\ntuser.dat{acca8eaa-a6fe-11df-a3e0-0024bebd7bbf}.TM.blf
[2010.08.13 23:06:59 | 000,524,288 | -HS- | M] () -- C:\Users\Melike\ntuser.dat{acca8eaa-a6fe-11df-a3e0-0024bebd7bbf}.TMContainer00000000000000000001.regtrans-ms
[2010.08.13 23:06:59 | 000,524,288 | -HS- | M] () -- C:\Users\Melike\ntuser.dat{acca8eaa-a6fe-11df-a3e0-0024bebd7bbf}.TMContainer00000000000000000002.regtrans-ms
[2012.10.18 00:24:37 | 000,065,536 | -HS- | M] () -- C:\Users\Melike\ntuser.dat{f9c6ff0b-1881-11e2-a812-0024bebd7bbf}.TM.blf
[2012.10.18 00:24:37 | 000,524,288 | -HS- | M] () -- C:\Users\Melike\ntuser.dat{f9c6ff0b-1881-11e2-a812-0024bebd7bbf}.TMContainer00000000000000000001.regtrans-ms
[2012.10.18 00:24:37 | 000,524,288 | -HS- | M] () -- C:\Users\Melike\ntuser.dat{f9c6ff0b-1881-11e2-a812-0024bebd7bbf}.TMContainer00000000000000000002.regtrans-ms
[2010.05.20 19:24:25 | 000,000,020 | -HS- | M] () -- C:\Users\Melike\ntuser.ini
[2011.04.25 23:05:28 | 000,016,896 | -HS- | M] () -- C:\Users\Melike\Thumbs.db
 
< %USERPROFILE%\Local Settings\Temp\*.exe >
 
< %USERPROFILE%\Local Settings\Temp\*.dll >
 
< %USERPROFILE%\Application Data\*.exe >
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
 
<           >

< End of report >
         
--- --- ---

Alt 21.10.2012, 22:57   #8
gabriella
 
Hab ich ein Hacker? - Standard

Hab ich ein Hacker?



ok habs hingegrickt uuh..
oke hoffe das ihr was rausfinden könnt und gute nachrichten habt :/ hmmmm
*angst*OTL EXTRAS Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 21.10.2012 23:15:17 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Melike\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,86 Gb Total Physical Memory | 2,18 Gb Available Physical Memory | 56,62% Memory free
7,71 Gb Paging File | 5,69 Gb Available in Paging File | 73,80% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 455,13 Gb Total Space | 385,05 Gb Free Space | 84,60% Space Free | Partition Type: NTFS
 
Computer Name: MELIKE-VAIO | User Name: Melike | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0038B002-BDD6-46A2-B464-7F491E40932C}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{01D05582-92BC-4E53-B67C-7E996CE37B63}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{05B45D59-8741-4F6F-AD2B-3C4FCF065FB5}" = rport=137 | protocol=17 | dir=out | app=system | 
"{0FE16F6D-8EAB-4731-AEE7-F2C336CB3AA9}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{1197D92F-1EE5-4D19-B51B-7996F399BCBA}" = lport=138 | protocol=17 | dir=in | app=system | 
"{131FA784-0A3A-4895-BACF-0AA7F141A9E7}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{1397E4BD-334E-4C18-B79D-400E51A30AAD}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{156C641D-9119-4160-81DE-3D2580717B3D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{21D0F612-5961-4D44-8BE7-3FE2068BD2B6}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{31A3C57C-62DE-4136-9A7A-4C731A3549DF}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{4ED2F8B8-B4B4-4C97-A442-91F34300B0DC}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{54D3DBA8-CED3-4BC2-985F-88A15E078719}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{62E2B35E-5617-4239-9381-9AB30F79C3E6}" = rport=138 | protocol=17 | dir=out | app=system | 
"{74D2E7B5-02DD-4673-8EBA-40A5F3BE3FAB}" = lport=139 | protocol=6 | dir=in | app=system | 
"{7589E62D-549B-4AE3-B9FD-507A8DE533EE}" = rport=139 | protocol=6 | dir=out | app=system | 
"{79A8885A-A899-421E-B6C8-D8FF405A12AD}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{84E79916-B9DC-4AD7-B660-9A8E79605327}" = lport=445 | protocol=6 | dir=in | app=system | 
"{906409CF-D8D5-443A-83D7-A4A1CB09918A}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{9551D0F3-C70F-4263-B6C3-64777981A3EA}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{A05DC5AC-A597-438C-A013-845F933FC8CB}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{A6130409-7E13-4B77-996B-3ED1A0275AE5}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{ABCF6E94-65E3-4725-8046-E585E026EC8A}" = lport=137 | protocol=17 | dir=in | app=system | 
"{C2FA6D9C-09DF-4151-BD99-75471E472B35}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{C4962171-82AA-48CC-A03A-94F76D94BA67}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{DA4C6A03-2787-4E50-BB55-1113D3E90B5E}" = rport=445 | protocol=6 | dir=out | app=system | 
"{DD494FAD-4270-429C-BD0A-A4754B4BEE48}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{F3193D55-C8B1-4331-87F0-E4D1E7834366}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00C07CAD-7D3C-4250-972E-30AA0F95BC54}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{02EDFB00-492C-47AD-B832-71D607288A25}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{05EF32D8-F54A-4D71-AB04-B50CED03AD60}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{06DA5C9F-7DB6-495A-BC20-207B506B1252}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{06F13526-3FF7-424D-95F5-BE2A5ADDFA54}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{0816963C-1390-4D96-9E48-56AF9E6E884E}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{08F625D8-31AF-4418-B827-12160690504E}" = dir=in | app=c:\program files (x86)\skype\plugin manager\skypepm.exe | 
"{0BA9DED9-1FBA-4E73-98A5-C4FDDF3F0481}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{0CDFE7A5-2CDF-48C1-83AE-D205E76784B9}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{0E197811-3530-4B99-8BD5-CB3F681886A0}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{0EACEF54-E94C-4A53-84BD-110F6C870F38}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{0ECA1701-85D8-46CE-BB1C-39FE35ED2EC2}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{0F3744FD-A616-4CC5-A2D5-0B5D26D40CFA}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{0FF96153-58E4-400C-B678-2BDAD54985E0}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{1400327E-0756-4B60-929A-803249EED18A}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{1451C997-E170-4278-A3C5-F5BA4E0A803F}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{14EAD8CE-C1CB-461E-B1F3-929E8F1FA378}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{16FFEF08-ACA3-4B4D-9952-B039CA53C784}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{17FB88F2-339B-4D7E-9B46-709D9B8FBA23}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{19F03B13-031D-4BBC-997B-3AEAC7321EFB}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{1A30DB33-17B6-4789-A305-0E361CF6CCFC}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{1A550E6C-1204-45BA-AEFC-15D5787796BC}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{1B2BB6AB-8555-473D-914F-25E2BD3210E1}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{1CB223D3-2A65-4A6D-9A5E-D2C4989437D2}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{1CF408B4-0E39-4BC4-BD55-114BA8FFC8F1}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{211F6E1D-FC6F-44C0-A50A-830C665FF709}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{2134EDC4-2A5F-45F2-B99A-58BF6B827E2D}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{258EE1D2-7E1C-440F-87B8-60CBD2463464}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{26E102F0-B08B-4B9A-8AB7-8650410DEEDA}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{27E32931-5B41-4CEE-9088-38E4FF207A75}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{2811904D-5FEC-4182-9CAE-C1E3EC35DFED}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{2AB10742-BA74-42C2-997B-3A1915899DB2}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{2CE7E878-2F1F-4196-A271-D51093F434DB}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{31DF1A92-C834-4D3B-9F25-B23578736562}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{32B94F13-856A-4437-AD7B-A1EC3A44B417}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{352810BC-9AB1-46AE-A6F9-871D9EA29D2A}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{35D84326-64BD-4A34-AF1F-73374569F0FA}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{35D97A6C-26E0-47E1-9F64-883E5578287D}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{362A4A7F-1734-4A10-A356-322B73433B8A}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{3680FB38-D913-48AC-85CD-339D464B6174}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{36CD659E-C6D3-4B59-9DCC-E412BB921441}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{39EA6813-4E7C-4553-B812-87BA59AF2A32}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{3D1AABCA-F87B-468F-A98F-30042CB2A99E}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{3EE0F0B0-DF11-4BE0-9A30-D43F2A28447F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{3F768320-60E2-4342-989E-0FCB723AD502}" = protocol=6 | dir=out | app=system | 
"{40097138-CAC0-43BC-8498-9CDF139E479C}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{40838B3C-67FC-4B59-8412-FF4BD473066C}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{41B57E25-1747-45EB-AA1A-40CCF39CC4E0}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{4566CA9B-5E55-47E2-86CA-86EB7A467BB1}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{462471C4-FE6A-4E45-8F40-680B5527074F}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{4ABA1877-237E-4109-BC8F-FCA91EB19C33}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{4BB4EA87-8852-447D-AF85-32A29641FAFB}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{4DE24270-1B89-4AF7-AC58-596B359C115B}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{5189BDAA-6200-4B5F-8EB7-D0A3E71A0816}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{5221420F-B2D8-407F-B4A4-681D2E5ABD0F}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{523396F0-C745-4488-891D-A66D404E7E2D}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{52AD5823-FE95-44DB-A101-41F8BC132D73}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{54F0B290-EC3B-4297-950E-C10E0476D5B4}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{56BCA295-7689-4EC4-8266-B731E25E3B21}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{56EF29C4-7F84-4D16-AAA4-C1F0E36AEDA1}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{5A29500E-F56D-44E8-ADDF-77871C41C8A0}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe | 
"{5DE67CA3-BF4B-4562-8475-EFECDA5827F6}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{5E697E2C-A5BA-4933-AD2C-7D9D20FBD94E}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe | 
"{5EC535C1-C2C7-4657-A35D-195043BF7914}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{5FF71501-2A60-49C4-8661-EEEF628D2ABD}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{62FA2856-CD0C-4886-845E-7654B2E06913}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{635976B9-5588-4159-A0E7-01766B68DB5F}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{64C0F2DE-EA52-47FA-8AA0-E21CF214FC3D}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{6A36A7A6-307D-4A34-8F16-D1A1A30B5D46}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{6AD00D28-3F81-4269-B8D4-ECD6841A210F}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{6FCF9A62-C698-4D42-A9B5-ED701FABD10A}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{71632C56-2347-4FF4-B9F0-849C31C72942}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{72921A2C-9705-4F65-9A8A-52BA46EE5173}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{72D3F081-6E4D-410A-B043-54787C56964F}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{73DD2968-CB4C-4F24-AEDA-E9C5C6CBD4AB}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{7420A524-849E-44E7-AFA1-26596013D195}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{762906A1-4336-4226-A109-F395EFD35F16}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{76C04229-4E8D-4C4B-8976-81604379DC3D}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{785CC65E-879B-4160-800F-120427464752}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{78E1D262-6A77-4674-A0C7-BDDF81B0C07F}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{7990CC7A-4D91-4917-9B50-A9C8AE4DFB77}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{7A112467-5472-432C-B0F1-B90C27E64285}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{7B3DADF6-00F6-471F-8EE9-8E8700CE8D10}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{7B795135-E3B4-47E9-85D9-22D319660819}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{7D03EB01-838F-41D1-82C6-B0D3A835BB51}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{7DE89D4C-4728-4AC1-8CD8-14C5CBCFA2F6}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{7EDE587E-B713-4A21-A90D-32FC47911825}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{7F73284C-EDC3-4264-A08A-25596790B4CB}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{7FF8E901-D9F0-4CE8-80C1-FE4A8E832A03}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe | 
"{80446A2A-F223-4A7F-A771-FC1FC5E3FBEF}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{80AD7AB6-C223-421E-943B-AB0B6D9FFC16}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{80BCD0F2-19C1-4085-909D-6520902F95D6}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{81BD7CE2-02D1-4527-9001-8F163E938F4C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{83475A71-45B4-49DC-AC41-D0CCCABF88E0}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{8550AE1E-4ACE-459B-9E7F-57EB7FDF40AB}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{88156F62-F590-4714-94AD-179743D262E3}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{888C8C65-5838-4026-9A2F-C077F4037DA6}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{8A45BCC3-7CF9-4517-AB59-BF8CE1E672FB}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{8A801A17-BF47-448E-A792-FDE523ACE35B}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{8BB61BF1-105D-4BC3-84B3-F4FCABE058F3}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{8C4B1282-74E0-4C78-B46E-AA355D2C265C}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{94D1A8F4-294B-4A4F-A145-777870BA837C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{950D9484-6D95-4F2C-B3EF-7B543D25A824}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{9576DF62-0D71-4193-8B2E-574603703004}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{991D654A-3378-4121-9AB7-35688CAC6623}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{9A458080-8EA7-4FD4-BBDF-717376B08C75}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{9A8C4EDF-FB59-4DDF-8DD6-E9643F49627C}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{9B2BC216-8C3A-425E-B7B6-20296895B60E}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{9ED9A78A-554F-4E3F-A2ED-D8CEA31D7E54}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{9EE34528-1FB6-49E2-B2FD-395EB890F1EE}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{9F0ECB7B-7EEE-41BE-A2CE-54A47D348902}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{9F77A60B-F68D-4703-A309-6BE09408F972}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{A3D735F1-3EB3-422C-AE7B-9EA49BC4E802}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{A3DA34CA-BF5A-49A5-B26F-1E4AEA837E95}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{A47A336D-4C66-4746-863C-C683D141D8F3}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{AA9048CA-7736-4DAC-BCF5-6E912E4C7AB5}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{AADDCBCC-6D62-4ACA-A4AE-3FC0263182F5}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{AC6A654C-6695-41AB-BC77-56D3358C23F5}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{AE2BE6A5-1F0C-4711-9C31-8B466BFA7B90}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{AE89A0CD-EF19-4B3E-83CD-746B120D04BC}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{B35A657F-E336-4476-95F7-C3D40FEEAC75}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{B3F3B321-B02A-4B32-9228-EA40F7DEBE5E}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{B71ACB55-1A81-48D6-8248-304CC425D50D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{B75D1A5E-57C9-4A18-B6AC-70EC8DEB6165}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{B9124D25-34FE-4537-A194-91FF458AB04B}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{BB9D3FE9-661C-45CF-BC5A-76AC48CA0EF2}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{C7C72E5C-D05D-427C-B2DB-A5EE24FCEB47}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{C84313EC-0548-4866-8586-5CA10BAF59AA}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{C86E37A3-0304-4F3E-AB20-20751AF619EF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{CB3DFA0D-07CB-4B02-A2D3-80A4A9472A41}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{CEA6D9A2-4102-436F-A390-2C6FBDAD1B7E}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{CF462293-BA4C-4697-927E-2D54B2B22590}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{CF4D791F-1ADD-4076-8576-A43761AA22F7}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{CFE24664-DBDC-4932-8EF0-356E33B0A0EE}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{D02EB6B6-3679-4395-B433-5099C0E35596}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{D1E36F61-A873-4D82-9C00-EF647DA15F10}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{D35BAEF5-1014-40AC-90A8-18BF2247A428}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{D5B65EE5-F1AF-42B0-B152-F9CAA82C3CC4}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{D640BEB1-7839-4D57-9285-4FD39EA8E60C}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{D86867D4-8D59-4981-B89B-6FB5A59D08DF}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{D8A1794A-5D41-4E49-A496-5DFFA7714E72}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{D8F92A1A-24EC-44CD-9FEA-D9449B746A25}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{D9666E3E-06B6-4DE9-AE79-56FCD8A750DA}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{DD75EC21-79B3-4098-A8BF-7228412DC361}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{DF90CCF7-3C1C-498D-88B9-783C5CC88113}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{E1164364-C5E8-4F3C-A6CA-368B0DC491F8}" = dir=in | app=c:\users\melike\appdata\local\facebook\video\skype\facebookvideocalling.exe | 
"{E48BC1D1-4F13-45FB-807D-EEB84C504746}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{E4A4CEFE-0D62-4584-96F5-BC89ED4209D4}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{E547D82B-83CB-4D00-8147-2D8A483F2A87}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{E66F120B-CF67-4CED-842E-0CC0021B5BE5}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{E7443942-36D3-45D0-814F-2068ACB5987B}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{E7968619-F2F2-4F95-A724-44900FDC7610}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{E9D593A8-CB44-4F18-9596-BB34122BBEFB}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{EA5711B0-F0B8-4C65-A832-DA4DB2BADC82}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{EBBE3067-7B21-4BEE-A53C-4414D69C3914}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{F1723985-12CA-4EDE-AD53-62FF1AE92AC2}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{F473BEF5-1F02-4CFE-918F-333BCA2F6BBD}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{F4E008CC-00A2-4353-8D1E-6975E6F16B5E}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{F8977DAF-93B2-4813-A713-807183C2C552}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{F904B09C-F167-4341-8A60-D88DCED03A21}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"TCP Query User{383D74DD-1350-47EA-AF34-A96C458C9EC4}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe | 
"TCP Query User{3BABAFEF-E351-4089-9C72-5922F3A74366}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | 
"TCP Query User{438C282B-3886-4A09-B1DE-5DFB952FFEF7}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
"TCP Query User{838FB5C8-904D-4D73-978D-7E597D796B5D}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe | 
"UDP Query User{3376C703-8FDF-4560-8A0F-1F00B5440EA8}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
"UDP Query User{363B89E2-44B7-4F9C-9A67-227E50379ACF}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | 
"UDP Query User{63890753-B304-44C5-9D62-B7E9EF556996}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe | 
"UDP Query User{91B66029-8C33-43E6-9674-6BFBE2AD13F7}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{11D25EF7-85FC-4B58-8278-485939C8637F}" = VAIO Update Merge Module x64
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{26A24AE4-039D-4CA4-87B4-2F86416016FF}" = Java(TM) 6 Update 16 (64-bit)
"{393A9268-A428-4F5A-9B20-BD753309A98E}" = Click to Disc MergeModules x64
"{46261E1C-5E0D-484E-8CCC-7F770375FBA2}" = VU5x64
"{7C3AC18F-F19B-4082-8D13-7D603848E06C}" = VAIO Update Merge Module x64
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8CD311D9-CE40-2D2C-89CB-EED5027D9ED9}" = ccc-utility64
"{8D1163BE-5ECD-0303-87F7-35ED38BBB2E1}" = ATI Catalyst Install Manager
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = WIDCOMM Bluetooth Software
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Alps Pointing-device for VAIO
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{C37B6246-7D4A-4E5C-BFB4-11C8660BDC99}" = VAIO Movie Story MergeModules x64
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{E743BA71-5955-420B-AA52-67508054AD66}" = VAIO Update Merge Module x64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F83779DF-E1F5-43A2-A7BE-732F856FADB7}" = Microsoft SQL Server Compact 3.5 SP1 x64 English
"3BA80AB4C7E9F8497C115C844953A3D4BEB84D21" = Windows Driver Package - Broadcom HIDClass  (07/28/2009 6.2.0.9800)
"930E4792BDAEAFB62A9514EE7578775658A5D07C" = Windows Driver Package - Broadcom Bluetooth  (09/09/2009 6.2.0.9405)
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00B03993-F5A1-47B1-9C54-EC8FBDDDE17E}" = VAIO Care
"{01169717-5E26-9395-A544-DC9098896147}" = Catalyst Control Center InstallProxy
"{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion
"{0712E505-7C49-F24B-C526-53D13B070397}" = Catalyst Control Center Graphics Previews Vista
"{077AFFE9-BC8B-7811-0EEF-632D31E49C87}" = Catalyst Control Center Graphics Full New
"{0899D75A-C2FC-42EA-A702-5B9A5F24EAD5}" = VAIO Smart Network
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Central Data
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0DDDE141-9696-4E33-AB82-EF398169D7E5}" = Ulead PhotoImpact XL ESD
"{12D0BE8D-538C-4AB1-86DE-C540308F50DA}" = VAIO Content Metadata Manager Settings
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1873FFC1-FDCB-47E1-B7C7-F418211E3530}" = PMB VAIO Edition plug-in (VAIO Image Optimizer)
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1E450972-E996-4EC1-A4C3-1518A46928D0}" = VAIO Content Metadata Intelligent Network Service Manager
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Central Tools
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FD416D0-CC16-41D1-A25C-C9986CD8BBAB}" = VAIO Content Metadata Intelligent Analyzing Manager
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{208345BE-27BB-4367-B245-A5B6E764FDD0}" = VAIO Content Metadata Intelligent Analyzing Manager
"{2110ECBD-BF15-4673-8852-8C68DDEB26AC}" = Media Gallery
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{23825B69-36DF-4DAD-9CFD-118D11D80F16}" = Einstellungen für VAIO-Inhaltsüberwachung
"{26A24AE4-039D-4CA4-87B4-2F83216035FF}" = Java(TM) 6 Update 37
"{291FB4BF-EEC7-4CF9-8469-F39ED1DBC4D8}" = VAIO Content Metadata XML Interface Library
"{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
"{304FA186-DECC-9CC7-2FAE-0B67DB6FAE61}" = CCC Help Portuguese
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34DC654E-6E43-4BFA-9E00-6C16CFA7B9F0}" = VAIO Data Restore Tool
"{3619666A-CB7E-0D03-3DFB-3F83BAF0FB6B}" = CCC Help Turkish
"{36C5BBF0-E5BF-4DE1-B684-7E90B0C93FB5}" = VAIO Care
"{37531547-B1F4-45E6-98FC-8AF5F2F0EAA4}" = VAIO Content Metadata Manager Settings
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{37DA1B85-CB86-E048-8DB8-44B893C8AEA1}" = Catalyst Control Center Localization All
"{3DD0F01F-98E4-6682-6272-DC51658035CA}" = Catalyst Control Center Graphics Light
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{4427F384-B5BE-4769-B7D0-C784FC321EB1}" = VAIO Content Metadata Intelligent Network Service Manager
"{4882EBF5-CA37-4EF4-BCB8-9B0E78B907D0}" = VAIO Content Metadata Intelligent Analyzing Manager
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4DCEA9C1-4D6E-41BF-A854-28CFA8B56DBF}" = PMB VAIO Edition plug-in (Click to Disc)
"{537BF16E-7412-448C-95D8-846E85A1D817}" = Roxio Easy Media Creator 10 LJ
"{5449FB4F-1802-4D5B-A6D8-087DB1142147}" = Realtek HDMI Audio Driver for ATI
"{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}" = VAIO Data Restore Tool
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{596BED91-A1D8-4DF1-8CD1-1C777F7588AC}" = VAIO DVD Menu Data
"{5BEE8F1F-BD32-4553-8107-500439E43BD7}" = VAIO Update
"{5DDAFB4B-C52E-468A-9E23-3B0CEEB671BF}" = VAIO-Support für Übertragungen
"{62F7DA7E-CCCB-439C-A760-00C3926E761F}" = Microsoft Works
"{644EF892-C792-F4FE-7D3E-DDACDEE15ACA}" = CCC Help Russian
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6B1F20F2-6321-4669-A58C-33DF8E7517FF}" = VAIO Entertainment Platform
"{6D8ED20E-E792-4DAC-BB66-009836CBD80B}" = VAIO Content Monitoring Settings
"{6FA8BA2C-052B-4072-B8E2-2302C268BE9E}" = VAIO Movie Story Template Data
"{70991E0A-1108-437E-BA7D-085702C670C0}" = 
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72042FA6-5609-489F-A8EA-3C2DD650F667}" = VAIO Control Center
"{7392AA60-133D-4761-94DB-8FBC9B6CD5EA}" = VAIO Content Metadata Intelligent Network Service Manager
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Central Audio
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7BB90344-0647-468E-925A-7F69F7983421}" = ArcSoft Magic-i Visual Effects 2
"{7CAC6A44-C3DE-4153-ACA6-7524602C789E}" = Facebook Video Calling 1.2.0.159
"{803E4FA5-A940-4420-B89D-A8BC2E160247}" = VAIO Energie Verwaltung
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{885E16CA-C33E-082A-2A72-DDD9F8C2C20E}" = CCC Help Chinese Traditional
"{88C252C8-A7EE-4B60-BF74-8E5919A8048F}" = PMB VAIO Edition Guide
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8DE50158-80AA-4FF2-9E9F-0A7C46F71FCD}" = VAIO Media plus
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90850407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{911B0407-6000-11D3-8CFE-0050048383C9}" = Microsoft Word 2002
"{91AAC9F5-0BF7-BD73-C00E-F907C00A1612}" = CCC Help Thai
"{9238E8A4-BEBA-43A3-B926-769BDBF194C5}" = VAIO Media plus Opening Movie
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{931FE23C-BB40-4C7A-A594-DB35908D8E83}" = VAIO Quick Web Access
"{935B5086-C002-0FBC-0723-5741D2478EE7}" = Catalyst Control Center InstallProxy
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{96D0B6C6-5A72-4B47-8583-A87E55F5FE81}" = 
"{96D8E26D-70CB-44DE-AE50-43095A39E5B2}" = VAIO Entertainment Platform
"{9B163B82-3B46-4CE5-BF01-A53E550A8E58}" = Sony Home Network Library
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9DA53D22-D922-494C-B1D7-51CD9BCB9E4A}" = VAIO Hardware Diagnostics
"{9EAC0E21-510E-4259-A9C6-F5D5B8969036}" = Catalyst Control Center - Branding
"{A3563827-B0DB-44DC-B037-15CC4E5E692F}" = VAIO Content Metadata XML Interface Library
"{A63E7492-A0BC-4BB9-89A7-352965222380}" = VAIO Original Funktion Einstellungen
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A7C30414-2382-4086-B0D6-01A88ABA21C3}" = VAIO Gate
"{A7DA438C-2E43-4C20-BFDA-C1F4A6208558}" = Setting Utility Series
"{A8453E55-43B9-086C-8E81-05BDF7D685E8}" = Catalyst Control Center Graphics Previews Common
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A95187EF-BCF4-4468-B501-C0BAB976ADD1}" = VAIO Personalization Manager
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{A9E5EDA7-2E6C-49E7-924B-A32B89C24A04}" = Avea Jet Mobil Modem
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AB259D46-F851-41B0-9AFA-AED8998AD68A}" = MusicStation
"{AC050677-EAFC-4B57-8F83-8205F65134D2}" = VAIO Content Metadata XML Interface Library
"{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.2 - Deutsch
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B1DADBEB-7F82-4B29-84D6-5F14A020F0A0}" = VAIO Content Metadata Intelligent Analyzing Manager
"{B25563A0-41F4-4A81-A6C1-6DBC0911B1F3}" = PMB VAIO Edition plug-in (VAIO Movie Story)
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Central Copy
"{B6A98E5F-D6A7-46FB-9E9D-1F7BF443491C}" = PMB
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B7546697-2A80-4256-A24B-1C33163F535B}" = VAIO Gate Default
"{BCA907B6-5A0F-473E-8C63-0FF0CFAEB7B7}" = VAIO Personalization Manager
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}" = Norton Online Backup
"{C614B5D2-2AE5-5026-350F-C893A2EF690C}" = Catalyst Control Center Graphics Full Existing
"{C7477742-DDB4-43E5-AC8D-0259E1E661B1}" = VAIO Event Service
"{C9E84BA5-FCDD-B150-1EC9-F003F04607EC}" = CCC Help Swedish
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D03D02D8-AB64-4785-A48E-5AA8B0FB8C14}" = Sony Home Network Library
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D2D23D08-D10E-43D6-883C-78E0B2AC9CC6}" = VU5x86
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D60F97EC-EF06-4E1E-B0D1-C2CBABA62FA3}" = VAIO Wallpaper Contents
"{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}" = Intel(R) Turbo Boost Technology Driver
"{DA71EE59-9DF8-E845-942E-1974E620D9AB}" = CCC Help Chinese Standard
"{DD88F979-FA58-41AC-980C-A6E1A82B61D9}" = Media Gallery
"{DE8AAC73-6D8D-483E-96EA-CAEDDADB9079}" = ArcSoft WebCam Companion 3
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3DC1111-5D32-40F9-BB81-64E31294C1A4}" = VAIO Personalization Manager
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}" = Microsoft SQL Server Compact 3.5 SP1 English
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Central Core
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1432614-6183-49E6-98E8-674485463CFE}" = VAIO Original Function Settings
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F761359C-9CED-45AE-9A51-9D6605CD55C4}" = Evernote
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{F8D915D4-0E11-6E92-C51B-88AEA671E9EF}" = Catalyst Control Center Core Implementation
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FB77DB0C-6951-47B6-9D80-A0FDBEE0334C}" = 
"{FE51662F-D8F6-43B5-99D9-D4894AF00F83}" = Roxio Easy Media Creator Home
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AI RoboForm" = avast! EasyPass
"Audacity_is1" = Audacity 1.2.6
"avast" = avast! Free Antivirus
"AVG Secure Search" = AVG Security Toolbar
"conduitEngine" = Conduit Engine
"DVDVideoSoftTB Toolbar" = DVDVideoSoftTB Toolbar
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.7
"Free YouTube Download 3_is1" = Free YouTube Download 3 version 3.0.12.804
"Free YouTube Download_is1" = Free YouTube Download version 2.10.36.517
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.31.917
"Google Chrome" = Google Chrome
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{1873FFC1-FDCB-47E1-B7C7-F418211E3530}" = PMB VAIO Edition plug-in (VAIO Image Optimizer)
"InstallShield_{4DCEA9C1-4D6E-41BF-A854-28CFA8B56DBF}" = PMB VAIO Edition plug-in (Click to Disc)
"InstallShield_{6FA8BA2C-052B-4072-B8E2-2302C268BE9E}" = VAIO Movie Story Template Data
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"InstallShield_{88C252C8-A7EE-4B60-BF74-8E5919A8048F}" = PMB VAIO Edition Guide
"InstallShield_{B25563A0-41F4-4A81-A6C1-6DBC0911B1F3}" = PMB VAIO Edition plug-in (VAIO Movie Story)
"MarketingTools" = VAIO Marketing Tools
"Messenger Plus!" = Messenger Plus! 5
"Messenger_Plus_DE Toolbar" = Messenger Plus DE Toolbar
"Messenger_Plus_Live_Germany Toolbar" = Messenger_Plus_Live_Germany Toolbar
"MessengerPlusLive_Germany_TB Toolbar" = MessengerPlusLive Germany TB Toolbar
"sm-un1.u32" = SoftMaker Office 2008 (C:\Program Files (x86)\SoftMaker Office 2008)
"splashtop" = VAIO Quick Web Access
"Uninstall_is1" = Uninstall 1.0.0.1
"VAIO Help and Support" = 
"VAIO Premium Partners" = VAIO Premium Partners
"VAIO screensaver" = VAIO screensaver
"WavePad" = WavePad Audiobearbeitungs-Software
"WinLiveSuite" = Windows Live Essentials
"YTdetect" = Yahoo! Detect
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-3293341661-1854416894-1858696592-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Ask Toolbar Updater
"Kies Air Discovery Service" = Kies Air Discovery Service
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 19.10.2012 07:09:30 | Computer Name = Melike-VAIO | Source = VzCdbSvc | ID = 7
Description = Das Plug-In-Modul konnte nicht geladen werden. (GUID = {56F9312C-C989-4E04-8C23-299DEE3A36F5})
 (Fehlercode = 0x80042019)
 
Error - 19.10.2012 14:25:16 | Computer Name = Melike-VAIO | Source = VzCdbSvc | ID = 7
Description = Das Plug-In-Modul konnte nicht geladen werden. (GUID = {48512A59-C8A5-4805-9048-23C9E4194BFA})
 (Fehlercode = 0x80042000)
 
Error - 19.10.2012 14:25:16 | Computer Name = Melike-VAIO | Source = VzCdbSvc | ID = 7
Description = Das Plug-In-Modul konnte nicht geladen werden. (GUID = {56F9312C-C989-4E04-8C23-299DEE3A36F5})
 (Fehlercode = 0x80042019)
 
Error - 20.10.2012 05:10:32 | Computer Name = Melike-VAIO | Source = VzCdbSvc | ID = 7
Description = Das Plug-In-Modul konnte nicht geladen werden. (GUID = {48512A59-C8A5-4805-9048-23C9E4194BFA})
 (Fehlercode = 0x80042000)
 
Error - 20.10.2012 05:10:34 | Computer Name = Melike-VAIO | Source = VzCdbSvc | ID = 7
Description = Das Plug-In-Modul konnte nicht geladen werden. (GUID = {56F9312C-C989-4E04-8C23-299DEE3A36F5})
 (Fehlercode = 0x80042019)
 
Error - 20.10.2012 16:19:39 | Computer Name = Melike-VAIO | Source = VzCdbSvc | ID = 7
Description = Das Plug-In-Modul konnte nicht geladen werden. (GUID = {48512A59-C8A5-4805-9048-23C9E4194BFA})
 (Fehlercode = 0x80042000)
 
Error - 20.10.2012 16:19:40 | Computer Name = Melike-VAIO | Source = VzCdbSvc | ID = 7
Description = Das Plug-In-Modul konnte nicht geladen werden. (GUID = {56F9312C-C989-4E04-8C23-299DEE3A36F5})
 (Fehlercode = 0x80042019)
 
Error - 20.10.2012 18:20:30 | Computer Name = Melike-VAIO | Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 9.0.8112.16450 kann nicht mehr unter
 Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf 
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
 zu suchen.    Prozess-ID: 18d8    Startzeit: 01cdaf0c06030141    Endzeit: 210    Anwendungspfad:
 C:\Program Files (x86)\Internet Explorer\iexplore.exe    Berichts-ID:   
 
Error - 21.10.2012 06:12:37 | Computer Name = Melike-VAIO | Source = VzCdbSvc | ID = 7
Description = Das Plug-In-Modul konnte nicht geladen werden. (GUID = {48512A59-C8A5-4805-9048-23C9E4194BFA})
 (Fehlercode = 0x80042000)
 
Error - 21.10.2012 06:12:39 | Computer Name = Melike-VAIO | Source = VzCdbSvc | ID = 7
Description = Das Plug-In-Modul konnte nicht geladen werden. (GUID = {56F9312C-C989-4E04-8C23-299DEE3A36F5})
 (Fehlercode = 0x80042019)
 
[ System Events ]
Error - 20.10.2012 08:05:37 | Computer Name = Melike-VAIO | Source = bowser | ID = 8003
Description = 
 
Error - 20.10.2012 16:18:47 | Computer Name = Melike-VAIO | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Roxio Upnp Server 10 erreicht.
 
Error - 20.10.2012 16:19:23 | Computer Name = Melike-VAIO | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst VcmIAlzMgr erreicht.
 
Error - 20.10.2012 16:21:25 | Computer Name = Melike-VAIO | Source = bowser | ID = 8003
Description = 
 
Error - 20.10.2012 17:18:30 | Computer Name = Melike-VAIO | Source = bowser | ID = 8003
Description = 
 
Error - 21.10.2012 06:12:31 | Computer Name = Melike-VAIO | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Roxio Upnp Server 10 erreicht.
 
Error - 21.10.2012 06:13:44 | Computer Name = Melike-VAIO | Source = bowser | ID = 8003
Description = 
 
Error - 21.10.2012 07:16:42 | Computer Name = Melike-VAIO | Source = bowser | ID = 8003
Description = 
 
Error - 21.10.2012 08:19:48 | Computer Name = Melike-VAIO | Source = bowser | ID = 8003
Description = 
 
Error - 21.10.2012 17:35:41 | Computer Name = Melike-VAIO | Source = bowser | ID = 8003
Description = 
 
 
< End of report >
         
--- --- ---

Alt 22.10.2012, 19:02   #9
markusg
/// Malware-holic
 
Hab ich ein Hacker? - Standard

Hab ich ein Hacker?



Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich
ziehen und eine Bereinigung der Infektion noch erschweren.
Downloade dir bitte Combofix von einem dieser Downloadspiegel

Link 1
Link 2


WICHTIG - Speichere Combofix auf deinem Desktop
  • Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.


Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 22.10.2012, 22:16   #10
gabriella
 
Hab ich ein Hacker? - Standard

Hab ich ein Hacker?



und für was is das?
was is das jetzt? hab ich ein hacker? oder virus? hmm
ich mach das morgen. hoffe bekomm es hin

und wenn das bei dem neustart nicht angeht? also das problem doch nicht behoben wird? was mach ich dan

Alt 22.10.2012, 22:23   #11
markusg
/// Malware-holic
 
Hab ich ein Hacker? - Standard

Hab ich ein Hacker?



weis ich noch nicht.
ich werde es dir nach beendigung der analyse schon sagen :-)
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 22.10.2012, 22:28   #12
gabriella
 
Hab ich ein Hacker? - Standard

Hab ich ein Hacker?



oh oke? dachte die eine analyse reicht Oo
wieos muss man so viele durchführen? hmm und wie viele noch?
was kam den bei dem einen raus?

Alt 24.10.2012, 19:50   #13
markusg
/// Malware-holic
 
Hab ich ein Hacker? - Standard

Hab ich ein Hacker?



nein sie reicht nicht.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 27.10.2012, 22:36   #14
gabriella
 
Hab ich ein Hacker? - Standard

Hab ich ein Hacker?



hmm.... ok
kommt da jetzt wieder was?
kannst du mir bitte sagen wie viele tests noch kommen und warum????????
bitte. damit ich auch so ein überblick hab...
tut mir leid das es so lang gedauert hat

Combofix Logfile:
Code:
ATTFilter
ComboFix 12-10-26.05 - Melike 27.10.2012  23:09:40.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.3950.2129 [GMT 2:00]
ausgeführt von:: c:\users\Melike\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NSD68OV5\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\SoftMaker Office 2008\Smash.exe
c:\users\Melike\AppData\Local\Microsoft\Windows\Temporary Internet Files\tmp828A.tmp
c:\users\Melike\AppData\Local\Temp\fbe2808e-2380-4f14-a1fa-3fa9c3a364e8\CliSecureRT.dll
c:\users\Melike\AppData\Roaming\.#
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-09-27 bis 2012-10-27  ))))))))))))))))))))))))))))))
.
.
2012-10-27 21:21 . 2012-10-27 21:21	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-10-20 11:51 . 2012-10-20 11:51	--------	d-----w-	c:\programdata\RoboForm
2012-10-20 11:49 . 2012-10-20 11:49	--------	d-----w-	c:\program files (x86)\Siber Systems
2012-10-20 11:47 . 2012-10-23 10:18	364096	----a-w-	c:\windows\system32\drivers\aswSP.sys
2012-10-20 11:47 . 2012-10-23 10:18	25232	----a-w-	c:\windows\system32\drivers\aswFsBlk.sys
2012-10-20 11:47 . 2012-10-15 16:59	54072	----a-w-	c:\windows\system32\drivers\aswRdr2.sys
2012-10-20 11:47 . 2012-10-23 10:18	984144	----a-w-	c:\windows\system32\drivers\aswSnx.sys
2012-10-20 11:47 . 2012-10-23 10:18	59728	----a-w-	c:\windows\system32\drivers\aswTdi.sys
2012-10-20 11:47 . 2012-10-23 10:18	71600	----a-w-	c:\windows\system32\drivers\aswMonFlt.sys
2012-10-20 11:47 . 2012-10-23 10:17	285328	----a-w-	c:\windows\system32\aswBoot.exe
2012-10-20 11:46 . 2012-10-23 10:17	41224	----a-w-	c:\windows\avastSS.scr
2012-10-20 11:46 . 2012-10-23 10:17	227648	----a-w-	c:\windows\SysWow64\aswBoot.exe
2012-10-20 11:46 . 2012-10-20 11:46	--------	d-----w-	c:\programdata\AVAST Software
2012-10-20 11:46 . 2012-10-20 11:46	--------	d-----w-	c:\program files\AVAST Software
2012-10-18 18:29 . 2012-10-18 18:29	--------	d-----w-	c:\program files (x86)\Common Files\Java
2012-10-18 14:20 . 2012-08-20 18:38	4608	---ha-w-	c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2012-10-18 14:19 . 2012-08-31 18:19	1659760	----a-w-	c:\windows\system32\drivers\ntfs.sys
2012-10-18 14:19 . 2012-08-24 18:05	220160	----a-w-	c:\windows\system32\wintrust.dll
2012-10-18 14:19 . 2012-08-24 16:57	172544	----a-w-	c:\windows\SysWow64\wintrust.dll
2012-10-18 14:17 . 2012-09-14 19:19	2048	----a-w-	c:\windows\system32\tzres.dll
2012-10-18 14:01 . 2012-10-18 14:01	9575864	----a-w-	c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-10-17 22:18 . 2012-08-11 00:56	715776	----a-w-	c:\windows\system32\kerberos.dll
2012-10-17 22:18 . 2012-08-10 23:56	542208	----a-w-	c:\windows\SysWow64\kerberos.dll
2012-10-17 22:17 . 2012-06-02 05:41	1464320	----a-w-	c:\windows\system32\crypt32.dll
2012-10-17 22:17 . 2012-06-02 04:36	1159680	----a-w-	c:\windows\SysWow64\crypt32.dll
2012-10-17 22:17 . 2012-06-02 05:41	184320	----a-w-	c:\windows\system32\cryptsvc.dll
2012-10-17 22:17 . 2012-06-02 05:41	140288	----a-w-	c:\windows\system32\cryptnet.dll
2012-10-17 22:17 . 2012-06-02 04:36	140288	----a-w-	c:\windows\SysWow64\cryptsvc.dll
2012-10-17 22:17 . 2012-06-02 04:36	103936	----a-w-	c:\windows\SysWow64\cryptnet.dll
2012-10-10 13:58 . 2012-09-14 18:28	2048	----a-w-	c:\windows\SysWow64\tzres.dll
2012-10-01 09:36 . 2012-10-18 18:26	--------	d-----w-	c:\program files (x86)\Java
2012-09-29 21:02 . 2012-08-21 21:01	245760	----a-w-	c:\windows\system32\OxpsConverter.exe
2012-09-28 22:03 . 2012-09-28 22:03	--------	d-----w-	c:\users\Melike\AppData\Local\Macromedia
2012-09-28 22:02 . 2012-09-29 20:51	--------	d-----w-	c:\program files (x86)\McAfee Security Scan
2012-09-28 21:39 . 2012-09-28 21:39	--------	d-----w-	c:\users\Melike\AppData\Local\Mozilla
2012-09-28 21:39 . 2012-09-29 20:51	--------	d-----w-	c:\program files (x86)\Mozilla Maintenance Service
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-27 21:17 . 2012-10-27 21:17	69000	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{57536968-4FD6-46DE-B3BE-22CCD59CBFF0}\offreg.dll
2012-10-18 14:16 . 2010-05-29 15:49	65309168	----a-w-	c:\windows\system32\MRT.exe
2012-10-18 14:02 . 2012-03-29 16:49	696760	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2012-10-18 14:02 . 2011-05-16 10:24	73656	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-12 07:19 . 2012-10-26 11:04	9291768	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{57536968-4FD6-46DE-B3BE-22CCD59CBFF0}\mpengine.dll
2012-09-24 13:32 . 2012-05-21 16:29	477168	----a-w-	c:\windows\SysWow64\npdeployJava1.dll
2012-09-24 13:32 . 2010-12-22 21:35	473072	----a-w-	c:\windows\SysWow64\deployJava1.dll
2012-09-17 20:46 . 2012-09-17 20:46	31080	----a-w-	c:\windows\system32\drivers\avgtpx64.sys
2012-08-29 23:15 . 2012-08-29 23:15	3782214	----a-w-	C:\chatzum_nt.exe
2012-08-28 08:05 . 2012-09-17 19:42	4659712	----a-w-	c:\windows\SysWow64\Redemption.dll
2012-08-28 08:04 . 2012-08-28 08:04	90112	----a-w-	c:\windows\MAMCityDownload.ocx
2012-08-28 08:04 . 2012-08-28 08:04	81920	----a-w-	c:\windows\SysWow64\issacapi_bs-2.3.dll
2012-08-28 08:04 . 2012-08-28 08:04	65536	----a-w-	c:\windows\SysWow64\issacapi_pe-2.3.dll
2012-08-28 08:04 . 2012-08-28 08:04	57344	----a-w-	c:\windows\SysWow64\issacapi_se-2.3.dll
2012-08-28 08:04 . 2012-08-28 08:04	49152	----a-w-	c:\windows\SysWow64\MaJGUILib.dll
2012-08-28 08:04 . 2012-08-28 08:04	45056	----a-w-	c:\windows\SysWow64\MaXMLProto.dll
2012-08-28 08:04 . 2012-08-28 08:04	40960	----a-w-	c:\windows\SysWow64\MTTELECHIP.dll
2012-08-28 08:04 . 2012-08-28 08:04	330240	----a-w-	c:\windows\MASetupCaller.dll
2012-08-28 08:04 . 2012-08-28 08:04	30568	----a-w-	c:\windows\MusiccityDownload.exe
2012-08-28 08:04 . 2012-08-28 08:04	200704	----a-w-	c:\windows\SysWow64\muzwmts.dll
2012-08-28 08:04 . 2012-08-28 08:04	172032	----a-w-	c:\windows\SysWow64\muzapp.exe
2012-08-28 08:04 . 2012-08-28 08:04	143360	----a-w-	c:\windows\SysWow64\3DAudio.ax
2012-08-28 08:04 . 2012-08-28 08:04	135168	----a-w-	c:\windows\SysWow64\muzaf1.dll
2012-08-28 08:04 . 2012-08-28 08:04	122880	----a-w-	c:\windows\SysWow64\muzeffect.ax
2012-08-28 08:04 . 2012-08-28 08:04	118784	----a-w-	c:\windows\SysWow64\MaDRM.dll
2012-08-28 08:04 . 2012-08-28 08:04	110592	----a-w-	c:\windows\SysWow64\muzmp4sp.ax
2012-08-28 08:04 . 2012-09-17 19:41	821824	----a-w-	c:\windows\SysWow64\dgderapi.dll
2012-08-28 08:04 . 2012-08-28 08:04	974848	----a-w-	c:\windows\SysWow64\cis-2.4.dll
2012-08-28 08:04 . 2012-08-28 08:04	57344	----a-w-	c:\windows\SysWow64\MTXSYNCICON.dll
2012-08-28 08:04 . 2012-08-28 08:04	57344	----a-w-	c:\windows\SysWow64\MK_Lyric.dll
2012-08-28 08:04 . 2012-08-28 08:04	569344	----a-w-	c:\windows\SysWow64\muzdecode.ax
2012-08-28 08:04 . 2012-08-28 08:04	491520	----a-w-	c:\windows\SysWow64\muzapp.dll
2012-08-28 08:04 . 2012-08-28 08:04	45320	----a-w-	c:\windows\SysWow64\MAMACExtract.dll
2012-08-28 08:04 . 2012-08-28 08:04	45056	----a-w-	c:\windows\SysWow64\MACXMLProto.dll
2012-08-28 08:04 . 2012-08-28 08:04	352256	----a-w-	c:\windows\SysWow64\MSLUR71.dll
2012-08-28 08:04 . 2012-08-28 08:04	258048	----a-w-	c:\windows\SysWow64\muzoggsp.ax
2012-08-28 08:04 . 2012-08-28 08:04	245760	----a-w-	c:\windows\SysWow64\MSCLib.dll
2012-08-28 08:04 . 2012-08-28 08:04	24576	----a-w-	c:\windows\SysWow64\MASetupCleaner.exe
2012-08-28 08:04 . 2012-08-28 08:04	155648	----a-w-	c:\windows\SysWow64\MSFLib.dll
2012-08-28 08:04 . 2012-08-28 08:04	131072	----a-w-	c:\windows\SysWow64\muzmpgsp.ax
2012-08-24 11:15 . 2012-09-21 23:08	17810944	----a-w-	c:\windows\system32\mshtml.dll
2012-08-24 10:39 . 2012-09-21 23:08	10925568	----a-w-	c:\windows\system32\ieframe.dll
2012-08-24 10:31 . 2012-09-21 23:09	2312704	----a-w-	c:\windows\system32\jscript9.dll
2012-08-24 10:22 . 2012-09-21 23:09	1346048	----a-w-	c:\windows\system32\urlmon.dll
2012-08-24 10:21 . 2012-09-21 23:09	1392128	----a-w-	c:\windows\system32\wininet.dll
2012-08-24 10:20 . 2012-09-21 23:09	1494528	----a-w-	c:\windows\system32\inetcpl.cpl
2012-08-24 10:18 . 2012-09-21 23:09	237056	----a-w-	c:\windows\system32\url.dll
2012-08-24 10:17 . 2012-09-21 23:08	85504	----a-w-	c:\windows\system32\jsproxy.dll
2012-08-24 10:14 . 2012-09-21 23:09	173056	----a-w-	c:\windows\system32\ieUnatt.exe
2012-08-24 10:14 . 2012-09-21 23:08	816640	----a-w-	c:\windows\system32\jscript.dll
2012-08-24 10:13 . 2012-09-21 23:08	599040	----a-w-	c:\windows\system32\vbscript.dll
2012-08-24 10:12 . 2012-09-21 23:08	2144768	----a-w-	c:\windows\system32\iertutil.dll
2012-08-24 10:11 . 2012-09-21 23:09	729088	----a-w-	c:\windows\system32\msfeeds.dll
2012-08-24 10:10 . 2012-09-21 23:09	96768	----a-w-	c:\windows\system32\mshtmled.dll
2012-08-24 10:09 . 2012-09-21 23:09	2382848	----a-w-	c:\windows\system32\mshtml.tlb
2012-08-24 10:04 . 2012-09-21 23:09	248320	----a-w-	c:\windows\system32\ieui.dll
2012-08-24 06:59 . 2012-09-21 23:08	1800704	----a-w-	c:\windows\SysWow64\jscript9.dll
2012-08-24 06:51 . 2012-09-21 23:09	1129472	----a-w-	c:\windows\SysWow64\wininet.dll
2012-08-24 06:51 . 2012-09-21 23:09	1427968	----a-w-	c:\windows\SysWow64\inetcpl.cpl
2012-08-24 06:47 . 2012-09-21 23:09	142848	----a-w-	c:\windows\SysWow64\ieUnatt.exe
2012-08-24 06:47 . 2012-09-21 23:09	420864	----a-w-	c:\windows\SysWow64\vbscript.dll
2012-08-24 06:43 . 2012-09-21 23:09	2382848	----a-w-	c:\windows\SysWow64\mshtml.tlb
2012-08-22 18:12 . 2012-09-12 21:18	1913200	----a-w-	c:\windows\system32\drivers\tcpip.sys
2012-08-22 18:12 . 2012-09-12 21:18	950128	----a-w-	c:\windows\system32\drivers\ndis.sys
2012-08-22 18:12 . 2012-09-12 21:18	376688	----a-w-	c:\windows\system32\drivers\netio.sys
2012-08-22 18:12 . 2012-09-12 21:18	288624	----a-w-	c:\windows\system32\drivers\FWPKCLNT.SYS
2012-08-20 17:38 . 2012-10-18 14:21	44032	----a-w-	c:\windows\apppatch\acwow64.dll
2012-08-02 17:58 . 2012-09-12 21:18	574464	----a-w-	c:\windows\system32\d3d10level9.dll
2012-08-02 16:57 . 2012-09-12 21:18	490496	----a-w-	c:\windows\SysWow64\d3d10level9.dll
2012-07-31 10:42 . 2012-09-17 19:44	203104	----a-w-	c:\windows\system32\drivers\ssudmdm.sys
2012-07-31 10:42 . 2012-09-17 19:44	102240	----a-w-	c:\windows\system32\drivers\ssudbus.sys
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2012-05-04 1519272]
"{542e4d79-1970-4e95-9862-fdb96f61b280}"= "c:\program files (x86)\Messenger_Plus_Live_Germany\tbMess.dll" [2010-04-15 2515552]
"{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\program files (x86)\DVDVideoSoftTB\prxtbDVDV.dll" [2011-01-17 175912]
"{76aeea42-e04a-4b62-83ab-df4b2be2541e}"= "c:\program files (x86)\MessengerPlusLive_Germany_TB\tbMess.dll" [2010-06-13 2734688]
"{3d684ca7-5d30-4a7e-9768-e17df98df80f}"= "c:\program files (x86)\Messenger_Plus_DE\prxtbMess.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_CLASSES_ROOT\clsid\{542e4d79-1970-4e95-9862-fdb96f61b280}]
.
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
.
[HKEY_CLASSES_ROOT\clsid\{76aeea42-e04a-4b62-83ab-df4b2be2541e}]
.
[HKEY_CLASSES_ROOT\clsid\{3d684ca7-5d30-4a7e-9768-e17df98df80f}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2011-01-17 15:54	175912	----a-w-	c:\program files (x86)\ConduitEngine\prxConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{3d684ca7-5d30-4a7e-9768-e17df98df80f}]
2011-01-17 15:54	175912	----a-w-	c:\program files (x86)\Messenger_Plus_DE\prxtbMess.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{542e4d79-1970-4e95-9862-fdb96f61b280}]
2010-04-15 10:33	2515552	----a-w-	c:\program files (x86)\Messenger_Plus_Live_Germany\tbMess.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{76aeea42-e04a-4b62-83ab-df4b2be2541e}]
2010-06-13 18:10	2734688	----a-w-	c:\program files (x86)\MessengerPlusLive_Germany_TB\tbMess.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD}]
2011-06-01 15:47	177712	----a-w-	c:\program files (x86)\vShare.tv plugin\BarLcher.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
2011-01-17 14:54	175912	----a-w-	c:\program files (x86)\DVDVideoSoftTB\prxtbDVDV.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-09-17 20:46	1734240	----a-w-	c:\program files (x86)\AVG Secure Search\12.2.5.34\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2012-05-04 13:43	1519272	----a-w-	c:\program files (x86)\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{542e4d79-1970-4e95-9862-fdb96f61b280}"= "c:\program files (x86)\Messenger_Plus_Live_Germany\tbMess.dll" [2010-04-15 2515552]
"{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\program files (x86)\DVDVideoSoftTB\prxtbDVDV.dll" [2011-01-17 175912]
"{76aeea42-e04a-4b62-83ab-df4b2be2541e}"= "c:\program files (x86)\MessengerPlusLive_Germany_TB\tbMess.dll" [2010-06-13 2734688]
"{3d684ca7-5d30-4a7e-9768-e17df98df80f}"= "c:\program files (x86)\Messenger_Plus_DE\prxtbMess.dll" [2011-01-17 175912]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files (x86)\ConduitEngine\prxConduitEngine.dll" [2011-01-17 175912]
"{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5}"= "c:\program files (x86)\vShare.tv plugin\BarLcher.dll" [2011-06-01 177712]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2012-05-04 1519272]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\12.2.5.34\AVG Secure Search_toolbar.dll" [2012-09-17 1734240]
.
[HKEY_CLASSES_ROOT\clsid\{542e4d79-1970-4e95-9862-fdb96f61b280}]
.
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
.
[HKEY_CLASSES_ROOT\clsid\{76aeea42-e04a-4b62-83ab-df4b2be2541e}]
.
[HKEY_CLASSES_ROOT\clsid\{3d684ca7-5d30-4a7e-9768-e17df98df80f}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CLASSES_ROOT\clsid\{7ac3e13b-3bca-4158-b330-f66dbb03c1b5}]
[HKEY_CLASSES_ROOT\MyNewsBarLauncher.IE5BarLauncher.1]
[HKEY_CLASSES_ROOT\TypeLib\{BB7256DD-EBA9-480B-8441-A00388C2BEC3}]
[HKEY_CLASSES_ROOT\MyNewsBarLauncher.IE5BarLauncher]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"Facebook Update"="c:\users\Melike\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-07-12 138096]
"KiesPreload"="c:\program files (x86)\Samsung\Kies\Kies.exe" [2012-08-31 964024]
"KiesPDLR"="c:\program files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2012-08-31 21432]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-01-15 39408]
"RoboForm"="c:\program files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2012-10-20 96056]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2009-11-20 284696]
"ISBMgr.exe"="c:\program files (x86)\Sony\ISB Utility\ISBMgr.exe" [2009-08-26 320880]
"NortonOnlineBackupReminder"="c:\program files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" [2009-06-17 538472]
"PMBVolumeWatcher"="c:\program files (x86)\Sony\PMB\PMBVolumeWatcher.exe" [2009-10-24 597792]
"MarketingTools"="c:\program files (x86)\Sony\Marketing Tools\MarketingTools.exe" [2010-01-15 26624]
"PlusService"="c:\program files (x86)\Yuna Software\Messenger Plus!\PlusService.exe" [2011-05-26 800768]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008]
"ApnUpdater"="c:\program files (x86)\Ask.com\Updater\Updater.exe" [2012-05-04 1561768]
"UIExec"="c:\program files (x86)\Avea Jet Mobil Modem\UIExec.exe" [2009-12-23 132096]
"KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2012-08-31 3524536]
"vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2012-09-17 947808]
"ROC_ROC_NT"="c:\program files (x86)\AVG Secure Search\ROC_ROC_NT.exe" [2012-09-17 856160]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-09-17 254896]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-23 4297136]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-9-4 1081632]
Microsoft Office.lnk - c:\program files (x86)\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2009-12-01 21:03	98304	----a-w-	c:\windows\System32\VESWinlogon.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages	REG_MULTI_SZ   	kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-15 133104]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2009-11-20 13336]
R2 Roxio Upnp Server 10;Roxio Upnp Server 10;c:\program files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe [2009-08-31 362992]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-18 250808]
R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2009-11-18 52264]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-11-18 35104]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2012-07-31 102240]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-15 133104]
R3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2009-11-13 151936]
R3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2009-12-16 244736]
R3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [2009-10-29 11776]
R3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;c:\program files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [2009-08-31 313840]
R3 SOHCImp;VAIO Media plus Content Importer;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2009-10-15 120104]
R3 SOHDBSvr;VAIO Media plus Database Manager;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe [2009-10-15 70952]
R3 SOHDms;VAIO Media plus Digital Media Server;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [2009-10-15 427304]
R3 SOHDs;VAIO Media plus Device Searcher;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2009-10-15 75048]
R3 SOHPlMgr;VAIO Media plus Playlist Manager;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe [2009-10-15 91432]
R3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [2012-07-31 203104]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;c:\program files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2009-09-01 361840]
R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2010-02-19 115568]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2010-07-02 1255736]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-05-20 55280]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys [2012-09-17 31080]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-06-06 202752]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-10-23 71600]
S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2009-10-24 360224]
S2 rimspci;rimspci;c:\windows\system32\drivers\rimssne64.sys [2009-11-06 93696]
S2 risdsnpe;risdsnpe;c:\windows\system32\drivers\risdsne64.sys [2009-09-15 75776]
S2 SampleCollector;VAIO Care Performance Service;c:\program files\Sony\VAIO Care\VCPerfService.exe [2011-01-29 259192]
S2 uCamMonitor;CamMonitor;c:\program files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2008-09-18 104960]
S2 UI Assistant Service;UI Assistant Service;c:\program files (x86)\Avea Jet Mobil Modem\AssistantServices.exe [2009-12-23 246272]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-12-14 2320920]
S2 VCFw;VAIO Content Folder Watcher;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2009-09-14 642416]
S2 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2010-02-19 529776]
S2 VSNService;VSNService;c:\program files\Sony\VAIO Smart Network\VSNService.exe [2010-01-29 822784]
S2 vToolbarUpdater12.2.6;vToolbarUpdater12.2.6;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe [2012-09-17 722528]
S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys [2009-05-26 19968]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\drivers\HECIx64.sys [2009-12-14 56344]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\drivers\SFEP.sys [2009-08-19 11392]
S3 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe [2009-11-30 571248]
S3 VCService;VCService;c:\program files\Sony\VAIO Care\VCService.exe [2011-02-14 44736]
S3 VUAgent;VUAgent;c:\program files\Sony\VAIO Update Common\VUAgent.exe [2012-01-13 1256040]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-11-12 395264]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
Inhalt des "geplante Tasks" Ordners
.
2012-10-27 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 14:02]
.
2012-10-21 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3293341661-1854416894-1858696592-1001Core.job
- c:\users\Melike\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-05 10:15]
.
2012-10-26 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3293341661-1854416894-1858696592-1001UA.job
- c:\users\Melike\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-05 10:15]
.
2012-10-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-15 07:24]
.
2012-10-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-15 07:24]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-10-23 10:17	133400	----a-w-	c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-12-16 9636896]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-01-15 171520]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.de/
mStart Page = hxxp://search.chatzum.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Add to &Evernote - c:\program files (x86)\Evernote\Evernote3.5\enbar.dll/2000
IE: Free YouTube Download - c:\users\Melike\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Free YouTube to Mp3 Converter - c:\users\Melike\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: RF - avast! EasyPass-Leiste ein/aus - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: RF - Formular ausfüllen - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: RF - Formular speichern - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE: RF - Menü anpassen - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
TCP: DhcpNameServer = 192.168.2.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\12.2.6\ViProtocol.dll
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKCU-Run-Smash - c:\program files (x86)\SoftMaker Office 2008\Smash.exe
Wow6432Node-HKCU-Run-KiesAirMessage - c:\program files (x86)\Samsung\Kies\KiesAirMessage.exe
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
SafeBoot-mcmscsvc
SafeBoot-MCODS
WebBrowser-{542E4D79-1970-4E95-9862-FDB96F61B280} - (no file)
WebBrowser-{872B5B88-9DB5-4310-BDD0-AC189557E5F5} - (no file)
WebBrowser-{76AEEA42-E04A-4B62-83AB-DF4B2BE2541E} - (no file)
WebBrowser-{3D684CA7-5D30-4A7E-9768-E17DF98DF80F} - (no file)
HKLM-Run-Apoint - c:\program files (x86)\Apoint\Apoint.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SampleCollector]
"ImagePath"="\"c:\program files\Sony\VAIO Care\VCPerfService.exe\" \"/service\" \"/sstates\" \"/sampleinterval=5000\" \"/procinterval=5\" \"/dllinterval=120\" \"/counter=\Processor(_Total)\% Processor Time:1/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:1\" \"/counter=\Network Interface(*)\Bytes Total/sec:1\" \"/expandcounter=\Processor Information(*)\Processor Frequency:1\" \"/expandcounter=\Processor(*)\% Idle Time:1\" \"/expandcounter=\Processor(*)\% C1 Time:1\" \"/expandcounter=\Processor(*)\% C2 Time:1\" \"/expandcounter=\Processor(*)\% C3 Time:1\" \"/expandcounter=\Processor(*)\% Processor Time:1\" \"/directory=c:\programdata\Sony Corporation\VAIO Care\inteldata\""
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-3293341661-1854416894-1858696592-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-3293341661-1854416894-1858696592-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files (x86)\SONY\VAIO Event Service\VESMgr.exe
c:\windows\SysWOW64\DllHost.exe
c:\program files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
c:\program files\Sony\VAIO Care\listener.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-10-27  23:33:35 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-10-27 21:33
.
Vor Suchlauf: 13 Verzeichnis(se), 412.596.621.312 Bytes frei
Nach Suchlauf: 18 Verzeichnis(se), 414.093.750.272 Bytes frei
.
- - End Of File - - 7472E9AEC96CFE1DC514BA87F4BE0B9E
         
--- --- ---

Alt 29.10.2012, 19:08   #15
markusg
/// Malware-holic
 
Hab ich ein Hacker? - Standard

Hab ich ein Hacker?



sieht gut aus
download tdss killer:
http://www.trojaner-board.de/82358-t...entfernen.html
Klicke auf Change parameters
• Setze die Haken bei Verify driver digital signatures und Detect TDLFS file system
• Klick auf OK und anschließend auf Start scan
- bei funden erst mal immer skip wählen, log posten
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Antwort

Themen zu Hab ich ein Hacker?
ahnung, anderen, anderes, anti, anti vir, avast, avira, falsch, foren, fremde, freundin, gehackt, hacker, hacker?, langsamer, laptop, mail, nicht mehr, problem, seite, seiten, system, tastatur, wirklich, wlan, wärend



Ähnliche Themen: Hab ich ein Hacker?


  1. Rent-A-Hacker: Online-Markplatz für Hacker-Jobs
    Nachrichten - 19.01.2015 (0)
  2. lost+found: Hacker-Fehlalarm, Hacker-Sündenbock, Captcha-Hacker, Hacker-Apps
    Nachrichten - 02.11.2012 (0)
  3. Wenn Hacker Hacker hacken
    Nachrichten - 26.07.2010 (0)
  4. hacker eingenistet ?!
    Plagegeister aller Art und deren Bekämpfung - 25.05.2010 (23)
  5. Böser Hacker
    Log-Analyse und Auswertung - 21.05.2010 (21)
  6. hacker auf pw wie werd ich ihn los?
    Log-Analyse und Auswertung - 16.03.2010 (1)
  7. Hacker gesucht
    Überwachung, Datenschutz und Spam - 18.01.2010 (4)
  8. ???hacker????
    Mülltonne - 14.10.2008 (0)
  9. Hacker Angriff ?
    Antiviren-, Firewall- und andere Schutzprogramme - 05.02.2008 (10)
  10. Hilfe!!! Hacker
    Plagegeister aller Art und deren Bekämpfung - 17.10.2007 (4)
  11. Hacker ? O.O Msn-virus
    Plagegeister aller Art und deren Bekämpfung - 13.10.2007 (6)
  12. Türkisch Hacker
    Diskussionsforum - 06.10.2007 (4)
  13. was können hacker?
    Diskussionsforum - 10.09.2007 (10)
  14. Hacker
    Plagegeister aller Art und deren Bekämpfung - 13.08.2007 (37)
  15. Hacker?
    Antiviren-, Firewall- und andere Schutzprogramme - 24.07.2006 (14)
  16. Ein Hacker
    Plagegeister aller Art und deren Bekämpfung - 10.06.2006 (2)
  17. ist das ein Hacker?
    Plagegeister aller Art und deren Bekämpfung - 01.03.2005 (8)

Zum Thema Hab ich ein Hacker? - hallo ihr lieben. hab schon viel gegoggelt. aber nie hab ich mein problem gefunden. oder ich hab in anderen foren wie die symptome gefragt und wurde hier geleitet. mein problem - Hab ich ein Hacker?...
Archiv
Du betrachtest: Hab ich ein Hacker? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.