Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: ihavenet - Virus

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 03.11.2012, 14:37   #1
Volker1k
 
ihavenet - Virus - Standard

ihavenet - Virus



Hallo Leute,

ich habe mir auch einen ihavenet-Virus eingehandelt. Kann mir jemand helfen?

Vielen Dank
Volker

Alt 03.11.2012, 14:42   #2
markusg
/// Malware-holic
 
ihavenet - Virus - Standard

ihavenet - Virus



hi
na ich nems zumindest an.
Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die
    OTL.exe
    .
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Kopiere nun den Inhalt in die
    Textbox.
Code:
ATTFilter
activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
C:\Windows\system32\*.tsp
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
         
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Kopiere
    nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread
__________________

__________________

Alt 03.11.2012, 15:52   #3
Volker1k
 
ihavenet - Virus - Standard

ihavenet - Virus



Danke erstmal für die schnelle Antwort.

Hier die erbetenen Dateien:
OTL.TxtOTL Logfile:
Code:
ATTFilter
OTL logfile created on: 03.11.2012 15:10:05 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Volker\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,97 Gb Total Physical Memory | 1,76 Gb Available Physical Memory | 59,21% Memory free
6,15 Gb Paging File | 4,72 Gb Available in Paging File | 76,66% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 116,44 Gb Total Space | 17,29 Gb Free Space | 14,85% Space Free | Partition Type: NTFS
Drive D: | 232,88 Gb Total Space | 84,61 Gb Free Space | 36,33% Space Free | Partition Type: NTFS
Drive F: | 114,98 Gb Total Space | 109,60 Gb Free Space | 95,32% Space Free | Partition Type: NTFS
 
Computer Name: VOLKER-1-K | User Name: Volker | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.11.03 13:17:20 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Volker\Desktop\OTL.exe
PRC - [2012.10.26 19:57:48 | 001,199,576 | ---- | M] (Spotify Ltd) -- C:\Users\Volker\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
PRC - [2012.08.08 20:46:33 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.05.02 00:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2012.05.01 23:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.04.24 01:11:55 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2011.03.18 16:50:58 | 002,271,608 | ---- | M] (TeamViewer GmbH) -- C:\Programme\TeamViewer\Version6\TeamViewer_Service.exe
PRC - [2011.01.25 18:13:16 | 001,678,704 | ---- | M] (SMART Technologies ULC) -- C:\Programme\SMART Technologies\SMART Product Drivers\SMARTSNMPAgent.exe
PRC - [2010.10.27 20:17:52 | 000,207,424 | ---- | M] (ArcSoft Inc.) -- C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
PRC - [2010.08.25 11:27:44 | 000,309,824 | ---- | M] (ArcSoft Inc.) -- C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
PRC - [2010.03.18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2009.11.13 12:28:04 | 000,110,592 | ---- | M] (WDC) -- C:\Programme\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
PRC - [2009.06.16 09:58:08 | 000,020,480 | ---- | M] (Memeo) -- C:\Programme\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
PRC - [2009.04.11 07:28:06 | 000,304,128 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\ink\TabTip.exe
PRC - [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008.08.26 14:27:04 | 000,103,824 | ---- | M] (Toshiba Europe GmbH) -- C:\Programme\Toshiba TEMPRO\Toshiba.Tempo.UI.TrayApplication.exe
PRC - [2008.08.26 14:26:44 | 000,099,720 | ---- | M] (Toshiba Europe GmbH) -- C:\Programme\Toshiba TEMPRO\TempoSVC.exe
PRC - [2008.08.25 08:58:20 | 000,077,824 | ---- | M] (Toshiba) -- C:\Programme\Toshiba\SmartFaceV\SmartFaceVWatchSrv.exe
PRC - [2008.08.19 21:34:32 | 000,083,312 | ---- | M] (TOSHIBA Corporation) -- C:\Programme\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
PRC - [2008.08.18 22:22:56 | 000,431,456 | ---- | M] (TOSHIBA Corporation) -- C:\Programme\Toshiba\Power Saver\TPwrMain.exe
PRC - [2008.08.18 22:22:02 | 000,431,456 | ---- | M] (TOSHIBA Corporation) -- C:\Programme\Toshiba\Power Saver\TosCoSrv.exe
PRC - [2008.07.30 09:02:08 | 000,667,648 | ---- | M] (TOSHIBA Corporation.) -- C:\Programme\Toshiba\HDMICtrlMan\HCMSoundChanger.exe
PRC - [2008.07.15 19:12:00 | 000,726,904 | ---- | M] (TOSHIBA Corporation) -- C:\Programme\Toshiba\FlashCards\TCrdMain.exe
PRC - [2008.07.15 15:16:58 | 000,106,496 | ---- | M] (TOSHIBA Corporation) -- C:\Programme\Toshiba\SMARTLogService\TosIPCSrv.exe
PRC - [2008.07.10 16:58:40 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Programme\Toshiba\ConfigFree\CFSvcs.exe
PRC - [2008.07.10 16:57:30 | 000,634,880 | ---- | M] (TOSHIBA CORPORATION) -- C:\Programme\Toshiba\ConfigFree\NDSTray.exe
PRC - [2008.06.24 09:06:14 | 000,509,816 | ---- | M] (TOSHIBA Corporation) -- C:\Programme\Toshiba\SmoothView\SmoothView.exe
PRC - [2008.05.20 13:42:00 | 000,716,800 | ---- | M] (TOSHIBA Corporation.) -- C:\Programme\Toshiba\HDMICtrlMan\HDMICtrlMan.exe
PRC - [2008.04.16 23:19:16 | 000,405,504 | ---- | M] (TOSHIBA CORPORATION) -- C:\Programme\Toshiba\ConfigFree\CFSwMgr.exe
PRC - [2008.01.21 03:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2008.01.21 03:25:33 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe
PRC - [2008.01.21 03:25:32 | 000,198,656 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\ink\InputPersonalization.exe
PRC - [2008.01.21 03:23:50 | 000,318,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cmd.exe
PRC - [2007.11.21 17:23:32 | 000,129,632 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\TODDSrv.exe
PRC - [2006.11.06 16:14:44 | 000,034,352 | ---- | M] () -- C:\Programme\Toshiba\Utilities\KeNotify.exe
PRC - [2006.10.05 11:10:12 | 000,009,216 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe
PRC - [2006.08.23 15:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Programme\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.09.12 12:12:24 | 002,098,200 | ---- | M] () -- c:\ProgramData\Browser Manager\2.2.643.41\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.dll
MOD - [2012.06.14 03:55:45 | 001,711,616 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\2467a133aee73396c830b9b0a9c7ec0d\Microsoft.VisualBasic.ni.dll
MOD - [2012.06.14 03:49:53 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8bbcd31ecc8edc7d1f9cdd83ef2bb2d3\System.ServiceProcess.ni.dll
MOD - [2012.06.14 03:42:59 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\f2691cfa7671cdc58179e56ba9227591\System.Windows.Forms.ni.dll
MOD - [2012.06.14 03:42:23 | 001,592,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\18f9789aa214c657113e676b3a9015aa\System.Drawing.ni.dll
MOD - [2012.06.14 03:39:42 | 012,219,392 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\7b6293b0c23321c255c2530aea8e32bb\PresentationCore.ni.dll
MOD - [2012.05.11 05:30:57 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\846b9cf2756fdd15f704c9bab9c70b6f\System.Runtime.Remoting.ni.dll
MOD - [2012.05.11 05:29:27 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\bd76aaaa03ddc15d1840207b5a480644\System.Configuration.ni.dll
MOD - [2012.05.11 05:27:33 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d2630342a066a7cb9056d9eb6157687a\System.Xml.ni.dll
MOD - [2012.05.11 05:18:36 | 003,325,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\54426ee1881b42af5b090e223f43823c\WindowsBase.ni.dll
MOD - [2012.05.11 05:18:20 | 007,953,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\28d633338fc8d29f8af31935ef7d001b\System.ni.dll
MOD - [2012.05.11 05:16:37 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\af9c9e9d7e0523cd444f8b551baa9cbf\mscorlib.ni.dll
MOD - [2011.06.24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011.06.24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010.10.12 10:48:34 | 000,877,056 | ---- | M] () -- C:\Programme\SMART Technologies\SMART Product Drivers\QtNetwork4.dll
MOD - [2010.10.12 10:48:24 | 007,462,912 | ---- | M] () -- C:\Programme\SMART Technologies\SMART Product Drivers\QtGui4.dll
MOD - [2010.10.12 10:48:22 | 002,011,648 | ---- | M] () -- C:\Programme\SMART Technologies\SMART Product Drivers\QtCore4.dll
MOD - [2008.09.16 20:18:06 | 000,132,608 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll
MOD - [2008.07.31 23:47:28 | 000,159,744 | ---- | M] () -- C:\Windows\System32\atitmmxx.dll
MOD - [2008.07.14 09:36:58 | 000,095,544 | ---- | M] () -- C:\Programme\Toshiba\FlashCards\TWarnMsg\TWarnMsg.dll
MOD - [2008.07.14 09:35:32 | 005,121,336 | ---- | M] () -- C:\Programme\Toshiba\FlashCards\BlackPng.dll
MOD - [2007.12.25 11:03:40 | 000,015,184 | ---- | M] () -- C:\Programme\Toshiba\PCDiag\NotifyPCD.dll
MOD - [2006.12.01 16:55:42 | 000,009,216 | ---- | M] () -- C:\Programme\Toshiba\TBS\NotifyTBS.dll
MOD - [2006.11.06 16:14:44 | 000,034,352 | ---- | M] () -- C:\Programme\Toshiba\Utilities\KeNotify.exe
MOD - [2006.10.10 10:44:16 | 000,009,728 | ---- | M] () -- C:\Programme\Toshiba\TOSHIBA Assist\NotifyX.dll
MOD - [2006.10.07 11:57:04 | 000,053,248 | ---- | M] () -- C:\Programme\Toshiba\TOSHIBA Disc Creator\NotifyTDC.dll
 
 
========== Services (SafeList) ==========
 
SRV - File not found [Auto | Stopped] -- c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)
SRV - [2012.10.30 16:24:43 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.10.27 08:23:46 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.07.03 12:19:28 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.05.02 00:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.01 23:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.07.20 06:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2011.03.18 16:50:58 | 002,271,608 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Programme\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2010.03.18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2009.11.13 12:28:04 | 000,110,592 | ---- | M] (WDC) [Auto | Running] -- C:\Programme\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe -- (WDDMService)
SRV - [2009.06.16 09:58:08 | 000,020,480 | ---- | M] (Memeo) [Auto | Running] -- C:\Programme\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe -- (WDSmartWareBackgroundService)
SRV - [2008.08.26 14:26:44 | 000,099,720 | ---- | M] (Toshiba Europe GmbH) [Auto | Running] -- C:\Programme\Toshiba TEMPRO\TempoSVC.exe -- (TempoMonitoringService)
SRV - [2008.08.25 08:58:20 | 000,077,824 | ---- | M] (Toshiba) [On_Demand | Running] -- C:\Programme\Toshiba\SmartFaceV\SmartFaceVWatchSrv.exe -- (SmartFaceVWatchSrv)
SRV - [2008.08.19 21:34:32 | 000,083,312 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Programme\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe -- (TNaviSrv)
SRV - [2008.08.18 22:22:02 | 000,431,456 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Programme\Toshiba\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV - [2008.07.15 15:16:58 | 000,106,496 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Programme\Toshiba\SMARTLogService\TosIPCSrv.exe -- (TOSHIBA SMART Log Service)
SRV - [2008.07.10 16:58:40 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Programme\Toshiba\ConfigFree\CFSvcs.exe -- (ConfigFree Service)
SRV - [2008.04.16 15:53:00 | 000,954,368 | ---- | M] (Atheros Communications, Inc.) [On_Demand | Stopped] -- C:\Programme\Jumpstart\jswpsapi.exe -- (jswpsapi)
SRV - [2008.01.21 03:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2008.01.21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007.11.21 17:23:32 | 000,129,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv)
SRV - [2006.10.26 13:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
SRV - [2006.10.05 11:10:12 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2006.08.23 15:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Programme\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\TpChoice.sys -- (TpChoice)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (Tosrfcom)
DRV - File not found [File_System | On_Demand | Stopped] --  -- (StarOpen)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - [2012.04.27 09:20:04 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012.04.24 23:32:27 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2012.04.16 20:17:40 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2011.01.25 18:14:16 | 000,011,632 | ---- | M] (SMART Technologies ULC) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SMARTMouseFilterx86.sys -- (SMARTMouseFilterx86)
DRV - [2011.01.25 18:14:02 | 000,021,872 | ---- | M] (SMART Technologies ULC) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SMARTVTabletPCx86.sys -- (SMARTVTabletPCx86)
DRV - [2011.01.25 18:13:52 | 000,014,704 | ---- | M] (SMART Technologies ULC) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SMARTVHidMini2000x86.sys -- (SMARTVHidMini2000x86)
DRV - [2010.06.17 14:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.02.13 12:02:52 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2008.08.19 21:01:44 | 000,279,376 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\tos_sps32.sys -- (tos_sps32)
DRV - [2008.08.07 16:01:44 | 000,097,536 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\jmcr.sys -- (JMCR)
DRV - [2008.08.06 15:26:08 | 000,124,928 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2008.08.01 01:40:28 | 003,894,272 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2008.07.28 15:53:48 | 000,919,552 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2008.07.15 18:59:06 | 000,017,960 | ---- | M] (Chicony Electronics Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\UVCFTR_S.SYS -- (UVCFTR)
DRV - [2008.05.07 10:30:12 | 000,025,896 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\LPCFilter.sys -- (LPCFilter)
DRV - [2008.04.28 16:59:18 | 000,020,384 | ---- | M] (Atheros Communications, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\jswpslwf.sys -- (jswpslwf)
DRV - [2008.04.28 08:26:42 | 000,014,352 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\AtiPcie.sys -- (AtiPcie)
DRV - [2008.02.06 23:23:46 | 000,166,448 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2007.12.14 10:53:24 | 000,024,200 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV - [2007.11.09 13:00:52 | 000,023,640 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\TVALZ_O.SYS -- (TVALZ)
DRV - [2007.10.04 02:14:16 | 000,024,448 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\emAudio.sys -- (emAudio)
DRV - [2007.10.04 02:14:12 | 000,484,736 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\emBDA.sys -- (USB28xxBGA)
DRV - [2007.10.04 02:13:54 | 000,038,656 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\emOEM.sys -- (USB28xxOEM)
DRV - [2006.11.28 14:11:00 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006.11.23 18:20:06 | 000,018,432 | ---- | M] (SIA Syncrosoft) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\synasUSB.sys -- (SynasUSB)
DRV - [2006.11.10 16:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\afc.sys -- (Afc)
DRV - [2006.10.23 15:32:20 | 000,009,216 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfec.sys -- (tosrfec)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSEA&bmod=TSEA
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.nixat.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://start.funmoods.com/results.php?f=4&a=make&q={searchTerms}
IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}
IE - HKLM\..\SearchScopes\{45328456-68AD-4A3D-8A8F-1757F94EC750}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSEA;
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=100&systemid=102&sr=0&q={searchTerms}
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=390&systemid=406&sr=0&q={searchTerms}
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2426}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=331121&systemid=426&sr=0&q={searchTerms}
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2801948
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,BrowserMngr Start Page = hxxp://search.babylon.com/?affID=115284&tt=3712_7&babsrc=HP_ss&mntrId=080c4bf800000000000000234e83fe26
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSEA&bmod=TSEA;
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.babylon.com/?affID=114435&tt=021012_ccp_4012_3&babsrc=HP_ss&mntrId=080c4bf800000000000000234e83fe26
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 2
IE - HKCU\..\URLSearchHook: {37483b40-c254-4a72-bda4-22ee90182c1e} - No CLSID value found
IE - HKCU\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - No CLSID value found
IE - HKCU\..\SearchScopes,BrowserMngrDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = hxxp://start.funmoods.com/?a=make&s={searchTerms}&f=4
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&affID=115284&tt=3712_7&babsrc=SP_ss&mntrId=080c4bf800000000000000234e83fe26
IE - HKCU\..\SearchScopes\{45328456-68AD-4A3D-8A8F-1757F94EC750}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSEA_deDE336
IE - HKCU\..\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}: "URL" = hxxp://127.0.0.1:4664/search&s=KtjdIn8LWQTMzcUdQm8DgTHcQRY?q={searchTerms}
IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=100&systemid=102&sr=0&q={searchTerms}
IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=390&systemid=406&sr=0&q={searchTerms}
IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2426}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=331121&systemid=426&sr=0&q={searchTerms}
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2801948
IE - HKCU\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = hxxp://mystart.incredibar.com/mb128/?search={searchTerms}&loc=IB_DS&a=6OyMpXWWSS&i=26
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch"
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..browser.search.selectedEngine: "Search the web (Babylon)"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://search.babylon.com/?affID=115284&tt=3712_7&babsrc=HP_ss&mntrId=080c4bf800000000000000234e83fe26"
FF - prefs.js..extensions.enabledItems: dictionary-switcher@design-noir.de:1.3.2
FF - prefs.js..extensions.enabledItems: smartwebprinting@hp.com:4.5
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.9
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}:6.0.31
FF - prefs.js..extensions.enabledItems: {37483b40-c254-4a72-bda4-22ee90182c1e}:3.12.2.3
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Program Files\TVUPlayer\npTVUAx.dll File not found
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012.02.12 14:30:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\Web Assistant\Firefox
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.10.27 07:49:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.10.27 07:49:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.10.30 16:24:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2012.10.30 16:24:20 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012.02.12 14:30:13 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\specialsavings@superfish.com: C:\Users\Volker\AppData\Roaming\Mozilla\Firefox\Profiles/x6ufwgec.default\extensions\specialsavings@superfish.com
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.10.27 07:49:31 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.10.27 07:49:23 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.10.30 16:24:12 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2012.10.30 16:24:20 | 000,000,000 | ---D | M]
 
[2012.07.17 13:14:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Volker\AppData\Roaming\mozilla\Extensions
[2010.09.06 14:50:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Volker\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012.08.28 17:49:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Volker\AppData\Roaming\mozilla\Firefox\Profiles\extensions
[2012.11.03 12:07:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Volker\AppData\Roaming\mozilla\Firefox\Profiles\x6ufwgec.default\extensions
[2012.09.26 07:11:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Volker\AppData\Roaming\mozilla\Firefox\Profiles\x6ufwgec.default\extensions\{af6ac4f2-9825-4fb6-a600-92bc5361f209}-trash
[2012.11.03 11:48:00 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Volker\AppData\Roaming\mozilla\Firefox\Profiles\x6ufwgec.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}(26)
[2012.09.26 06:51:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Volker\AppData\Roaming\mozilla\Firefox\Profiles\xjdpofl5.default-1348582397378\extensions
[2012.09.26 18:02:46 | 000,002,101 | ---- | M] () -- C:\Users\Volker\AppData\Roaming\mozilla\firefox\profiles\x6ufwgec.default\searchplugins\googlede.xml
[2012.09.26 18:01:39 | 000,001,030 | ---- | M] () -- C:\Users\Volker\AppData\Roaming\mozilla\firefox\profiles\x6ufwgec.default\searchplugins\wikipedia-de.xml
[2012.10.27 07:49:21 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.10.27 07:49:21 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012.10.27 07:49:21 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions\ffxtlbr@babylon.com
[2012.10.27 07:49:31 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010.03.19 08:23:30 | 000,686,592 | ---- | M] (Synatix GmbH) -- C:\Program Files\mozilla firefox\plugins\npmieze.dll
[2012.10.22 17:19:57 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.10.03 13:41:13 | 000,002,360 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2012.10.22 17:19:57 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.10.22 17:19:57 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2010.08.12 16:37:17 | 000,000,143 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\foxsearch.src
[2012.10.22 17:19:57 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.10.22 17:19:57 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.10.22 17:19:57 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - homepage: hxxp://search.babylon.com/?affID=115284&tt=3712_7&babsrc=HP_ss&mntrId=080c4bf800000000000000234e83fe26
CHR - Extension: No name found = C:\Users\Volker\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgafcinpmmpklohkojmllohdhomoefph\1.0\
 
O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {2EECD738-5844-4a99-B4B6-146BF802613B} - No CLSID value found.
O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (Funmoods Helper Object) - {75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} - C:\PROGRA~1\Funmoods\1.5.23.22\bh\escort.dll File not found
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Babylon IE plugin) - {9CFACCB6-2F3F-4177-94EA-0D2B72D384C1} - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll File not found
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Yontoo Layers) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo Layers Runtime\YontooIEClient.dll File not found
O3 - HKLM\..\Toolbar: (no name) - {D0F4A166-B8D4-48b8-9D63-80849FE137CB} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - No CLSID value found.
O4 - HKLM..\Run: [00TCrdMain] C:\Programme\Toshiba\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Babylon Client] C:\Program Files\Babylon\Babylon-Pro\Babylon.exe -AutoStart File not found
O4 - HKLM..\Run: [Camera Assistant Software] C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe (Chicony)
O4 - HKLM..\Run: [cfFncEnabler.exe] cfFncEnabler.exe File not found
O4 - HKLM..\Run: [Google EULA Launcher] c:\Program Files\Google\Google EULA\GoogleEULALauncher.exe ( )
O4 - HKLM..\Run: [HDMICtrlMan] C:\Programme\Toshiba\HDMICtrlMan\HDMICtrlMan.exe (TOSHIBA Corporation.)
O4 - HKLM..\Run: [HSON] C:\Programme\Toshiba\TBS\HSON.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe (TOSHIBA Electronics, Inc.)
O4 - HKLM..\Run: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START File not found
O4 - HKLM..\Run: [jswtrayutil] "C:\Program Files\Jumpstart\jswtrayutil.exe" File not found
O4 - HKLM..\Run: [KeNotify] C:\Programme\Toshiba\Utilities\KeNotify.exe ()
O4 - HKLM..\Run: [NDSTray.exe] NDSTray.exe File not found
O4 - HKLM..\Run: [SMART SNMP Agent] C:\Program Files\SMART Technologies\SMART Product Drivers\SMARTSNMPAgent.exe (SMART Technologies ULC)
O4 - HKLM..\Run: [SmoothView] C:\Programme\Toshiba\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [SVPWUTIL] C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe (TOSHIBA)
O4 - HKLM..\Run: [topi] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe (TOSHIBA)
O4 - HKLM..\Run: [Toshiba Registration] C:\Programme\Toshiba\Registration\ToshibaRegistration.exe (Toshiba)
O4 - HKLM..\Run: [Toshiba TEMPO] C:\Programme\Toshiba TEMPRO\Toshiba.Tempo.UI.TrayApplication.exe (Toshiba Europe GmbH)
O4 - HKLM..\Run: [TPwrMain] C:\Programme\Toshiba\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Gytoywehe] C:\Users\Volker\AppData\Roaming\Ofydt\ogapf.exe ()
O4 - HKCU..\Run: [Spotify Web Helper] C:\Users\Volker\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
O4 - HKCU..\Run: [vwdpohh] C:\Users\Volker\AppData\Roaming\KBDUR1P.dll ()
O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Translate this web page with Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm File not found
O8 - Extra context menu item: Translate with Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: eBay - Der weltweite Online Marktplatz - {76577871-04EC-495E-A12B-91F7C3600AFA} - hxxp://rover.ebay.com/rover/1/707-44556-9400-3/4 File not found
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Amazon.de - {8A918C1D-E123-4E36-B562-5C1519E434CE} - hxxp://www.amazon.de/exec/obidos/redirect-home?tag=Toshibadebholink-21&site=home File not found
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm File not found
O9 - Extra 'Tools' menuitem : Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.7.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{423FD622-8252-43C1-8A53-B849FF88C24D}: NameServer = 80.58.61.250,80.58.61.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{73D08BEA-B224-456F-BACA-3199B2769A7E}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (c:\progra~2\browse~1\22643~1.41\{16cdf~1\browse~1.dll) - c:\ProgramData\Browser Manager\2.2.643.41\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.dll ()
O20 - AppInit_DLLs: (c:\progra~1\google\google~2\goec62~1.dll) - c:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: D:\Fotos\Madrid\Madrid mit Nina um den 01.05.09 008.jpg
O24 - Desktop BackupWallPaper: D:\Fotos\Madrid\Madrid mit Nina um den 01.05.09 008.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{a6fd1c93-080b-11df-9606-00235a00acad}\Shell - "" = AutoRun
O33 - MountPoints2\{a6fd1c93-080b-11df-9606-00235a00acad}\Shell\AutoRun\command - "" = "E:\WD SmartWare.exe" autoplay=true
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - 
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - 
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.11.03 13:17:18 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Volker\Desktop\OTL.exe
[2012.11.03 13:05:25 | 000,000,000 | ---D | C] -- C:\ProgramData\XoftSpySE
[2012.11.03 12:43:48 | 000,000,000 | ---D | C] -- C:\Users\Volker\AppData\Roaming\Ugow
[2012.11.03 12:43:48 | 000,000,000 | ---D | C] -- C:\Users\Volker\AppData\Roaming\Ofydt
[2012.11.03 12:43:48 | 000,000,000 | ---D | C] -- C:\Users\Volker\AppData\Roaming\Egpo
[2012.10.30 16:24:12 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Thunderbird
[2012.10.27 07:49:20 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.11.03 14:31:27 | 000,000,000 | ---- | M] () -- C:\Users\Volker\defogger_reenable
[2012.11.03 14:29:15 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.11.03 14:28:11 | 000,050,477 | ---- | M] () -- C:\Users\Volker\Desktop\Defogger.exe
[2012.11.03 14:24:02 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.11.03 14:24:02 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.11.03 14:24:02 | 000,126,454 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.11.03 14:24:02 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.11.03 14:17:50 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.11.03 14:17:50 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.11.03 14:17:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.11.03 14:17:34 | 3186,016,256 | -HS- | M] () -- C:\hiberfil.sys
[2012.11.03 13:17:20 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Volker\Desktop\OTL.exe
[2012.11.01 11:43:25 | 000,102,400 | RHS- | M] () -- C:\Users\Volker\AppData\Roaming\KBDUR1P.dll
[2012.10.31 10:01:02 | 000,002,631 | ---- | M] () -- C:\Users\Volker\Desktop\Microsoft Office Word 2007.lnk
[2012.10.30 21:14:25 | 000,147,968 | ---- | M] () -- C:\Users\Volker\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.10.06 16:24:42 | 000,380,928 | ---- | M] () -- C:\Windows\System32\lame_enc.dll
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.11.03 14:31:27 | 000,000,000 | ---- | C] () -- C:\Users\Volker\defogger_reenable
[2012.11.03 14:28:11 | 000,050,477 | ---- | C] () -- C:\Users\Volker\Desktop\Defogger.exe
[2012.11.01 11:43:25 | 000,102,400 | RHS- | C] () -- C:\Users\Volker\AppData\Roaming\KBDUR1P.dll
[2012.10.06 16:24:40 | 000,380,928 | ---- | C] () -- C:\Windows\System32\lame_enc.dll
[2012.09.08 23:24:17 | 004,503,728 | ---- | C] () -- C:\ProgramData\dsgsdgdsgdsgw.pad
[2012.08.04 16:21:13 | 000,075,502 | ---- | C] () -- C:\Users\Volker\AppData\Roaming\WavePad.dmp
[2012.08.04 12:34:37 | 000,031,465 | ---- | C] () -- C:\Users\Volker\AppData\Local\funmoods.crx
[2012.05.08 19:31:59 | 000,000,552 | ---- | C] () -- C:\Users\Volker\AppData\Local\d3d8caps.dat
[2012.04.29 20:43:28 | 000,037,607 | ---- | C] () -- C:\Program Files\Common Files\license.rtf
[2012.04.29 20:43:28 | 000,008,046 | ---- | C] () -- C:\Program Files\Common Files\setupBanner.jpg
[2012.02.12 13:58:40 | 000,182,800 | ---- | C] () -- C:\Windows\hpoins36.dat
[2011.09.20 14:58:41 | 000,000,040 | -HS- | C] () -- C:\ProgramData\.zreglib
[2011.07.01 09:28:18 | 000,002,892 | ---- | C] () -- C:\Windows\System32\audcon.sys
[2009.08.16 18:46:35 | 000,001,356 | ---- | C] () -- C:\Users\Volker\AppData\Local\d3d9caps.dat
[2009.07.18 16:09:18 | 000,000,048 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009.07.17 23:16:09 | 000,147,968 | ---- | C] () -- C:\Users\Volker\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.07.17 20:55:55 | 000,000,000 | ---- | C] () -- C:\Users\Volker\AppData\Roaming\wklnhst.dat
 
========== ZeroAccess Check ==========
 
[2006.11.02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 07:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2012.10.06 15:26:03 | 000,000,000 | ---D | M] -- C:\Users\Volker\AppData\Roaming\Ableton
[2012.05.05 11:42:45 | 000,000,000 | ---D | M] -- C:\Users\Volker\AppData\Roaming\Anvil Studio
[2012.08.07 14:55:16 | 000,000,000 | ---D | M] -- C:\Users\Volker\AppData\Roaming\Babylon
[2009.10.24 14:24:07 | 000,000,000 | ---D | M] -- C:\Users\Volker\AppData\Roaming\Canneverbe_Limited
[2011.08.08 17:59:34 | 000,000,000 | ---D | M] -- C:\Users\Volker\AppData\Roaming\com.prezi.PreziDesktop
[2012.05.20 12:09:45 | 000,000,000 | ---D | M] -- C:\Users\Volker\AppData\Roaming\Digiarty
[2010.07.06 14:16:29 | 000,000,000 | ---D | M] -- C:\Users\Volker\AppData\Roaming\digital publishing
[2011.04.03 08:48:05 | 000,000,000 | ---D | M] -- C:\Users\Volker\AppData\Roaming\Dropbox
[2012.08.05 07:52:39 | 000,000,000 | ---D | M] -- C:\Users\Volker\AppData\Roaming\DVDVideoSoft
[2012.11.03 12:43:48 | 000,000,000 | ---D | M] -- C:\Users\Volker\AppData\Roaming\Egpo
[2012.08.07 14:55:37 | 000,000,000 | ---D | M] -- C:\Users\Volker\AppData\Roaming\ExpressFiles
[2011.04.07 21:28:13 | 000,000,000 | ---D | M] -- C:\Users\Volker\AppData\Roaming\GetRightToGo
[2011.01.13 22:39:45 | 000,000,000 | ---D | M] -- C:\Users\Volker\AppData\Roaming\Gutscheinmieze
[2009.10.27 20:21:28 | 000,000,000 | ---D | M] -- C:\Users\Volker\AppData\Roaming\IuM
[2012.05.12 23:33:13 | 000,000,000 | ---D | M] -- C:\Users\Volker\AppData\Roaming\MakeMusic
[2012.05.12 22:05:50 | 000,000,000 | ---D | M] -- C:\Users\Volker\AppData\Roaming\MusE
[2009.07.18 12:25:21 | 000,000,000 | ---D | M] -- C:\Users\Volker\AppData\Roaming\myphotobook
[2012.11.03 12:43:48 | 000,000,000 | ---D | M] -- C:\Users\Volker\AppData\Roaming\Ofydt
[2012.05.20 11:43:38 | 000,000,000 | ---D | M] -- C:\Users\Volker\AppData\Roaming\OpenCandy
[2011.09.21 18:26:00 | 000,000,000 | ---D | M] -- C:\Users\Volker\AppData\Roaming\OpenOffice.org
[2012.05.05 19:53:23 | 000,000,000 | ---D | M] -- C:\Users\Volker\AppData\Roaming\PerformerSoft
[2011.07.12 14:50:44 | 000,000,000 | ---D | M] -- C:\Users\Volker\AppData\Roaming\SMART Technologies
[2011.04.06 16:46:38 | 000,000,000 | ---D | M] -- C:\Users\Volker\AppData\Roaming\SMART Technologies Inc
[2012.11.03 12:54:32 | 000,000,000 | ---D | M] -- C:\Users\Volker\AppData\Roaming\Spotify
[2011.07.01 09:59:19 | 000,000,000 | ---D | M] -- C:\Users\Volker\AppData\Roaming\Steinberg
[2012.05.01 19:00:25 | 000,000,000 | ---D | M] -- C:\Users\Volker\AppData\Roaming\SuperUtils.com
[2011.03.31 16:58:18 | 000,000,000 | ---D | M] -- C:\Users\Volker\AppData\Roaming\TeamViewer
[2010.09.06 14:50:33 | 000,000,000 | ---D | M] -- C:\Users\Volker\AppData\Roaming\Thunderbird
[2012.07.16 21:27:25 | 000,000,000 | ---D | M] -- C:\Users\Volker\AppData\Roaming\Toshiba
[2012.08.04 12:31:45 | 000,000,000 | ---D | M] -- C:\Users\Volker\AppData\Roaming\TuneUp Software
[2012.05.27 10:59:21 | 000,000,000 | ---D | M] -- C:\Users\Volker\AppData\Roaming\TuneUpMedia
[2012.11.03 15:16:35 | 000,000,000 | ---D | M] -- C:\Users\Volker\AppData\Roaming\Ugow
[2011.05.30 13:22:35 | 000,000,000 | ---D | M] -- C:\Users\Volker\AppData\Roaming\Ulead Systems
[2010.01.24 00:25:03 | 000,000,000 | ---D | M] -- C:\Users\Volker\AppData\Roaming\Western Digital
[2012.10.03 21:03:15 | 000,000,000 | ---D | M] -- C:\Users\Volker\AppData\Roaming\YourFileDownloader
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*. >
[2010.10.31 22:13:09 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN
[2010.05.23 11:02:44 | 000,000,000 | ---D | M] -- C:\aeat
[2010.01.11 19:08:19 | 000,000,000 | -HSD | M] -- C:\Boot
[2006.11.02 14:02:03 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2009.07.17 20:25:09 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2008.09.18 08:44:34 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2009.09.20 23:09:21 | 000,000,000 | ---D | M] -- C:\MyVideos
[2008.01.21 03:32:31 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2012.11.03 13:13:17 | 000,000,000 | R--D | M] -- C:\Program Files
[2012.11.03 13:13:08 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2009.07.17 20:25:09 | 000,000,000 | -HSD | M] -- C:\Programme
[2012.05.12 23:25:55 | 000,000,000 | ---D | M] -- C:\PSFONTS
[2012.11.03 15:15:55 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2009.07.17 20:37:13 | 000,000,000 | ---D | M] -- C:\Toshiba
[2009.07.17 20:29:04 | 000,000,000 | R--D | M] -- C:\Users
[2012.11.03 12:04:07 | 000,000,000 | ---D | M] -- C:\Windows
[2008.09.18 08:41:44 | 000,000,000 | ---D | M] -- C:\Works
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
< C:\Windows\system32\*.tsp >
[2006.11.02 10:44:49 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\hidphone.tsp
[2006.11.02 10:44:49 | 000,038,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kmddsp.tsp
[2006.11.02 10:44:49 | 000,049,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ndptsp.tsp
[2006.11.02 10:44:49 | 000,081,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\remotesp.tsp
[2009.04.11 07:27:17 | 000,280,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\unimdm.tsp
[1 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]
[2006.11.02 14:01:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2006.11.02 14:01:49 | 000,032,542 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012.05.03 14:04:08 | 000,000,884 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job
 
< MD5 for: AGP440.SYS  >
[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys
[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2008.03.25 04:22:22 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=2D77788D0B7FE269044F58C86AE099CE -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_3e1ecd89\AGP440.sys
[2008.03.25 04:22:22 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=2D77788D0B7FE269044F58C86AE099CE -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.22142_none_ba734aead7ed1bb6\AGP440.sys
[2008.03.26 04:38:23 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=ED91751834103DB2A74470CD763A49FE -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_e4087235\AGP440.sys
[2008.03.26 04:38:23 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=ED91751834103DB2A74470CD763A49FE -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6000.20800_none_b8b64d46daa7e57a\AGP440.sys
[2006.11.02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008.01.21 03:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008.01.21 03:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006.11.02 10:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2008.06.03 04:29:54 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=9C0E70031905ADBF94EDB9EA14AF943B -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7f3e4ed9\atapi.sys
[2008.06.03 04:29:54 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=9C0E70031905ADBF94EDB9EA14AF943B -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.22193_none_dd6376773aedb5e4\atapi.sys
[2008.06.03 04:27:21 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E26DDFE464B464DAF1C739122978D1D6 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b7393fc6\atapi.sys
[2008.06.03 04:27:21 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E26DDFE464B464DAF1C739122978D1D6 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20847_none_dbb74a7b3d9afbc1\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
 
< MD5 for: EXPLORER.EXE  >
[2008.10.29 07:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008.10.29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008.10.30 04:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008.10.28 03:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2008.01.21 03:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe
 
< MD5 for: IASTORV.SYS  >
[2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys
[2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006.11.02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008.01.21 03:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2006.11.02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys
[2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2008.01.21 03:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll
 
< MD5 for: USER32.DLL  >
[2008.01.21 03:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll
[2009.04.11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll
[2009.04.11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.01.21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008.01.21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008.01.21 03:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2008.01.21 03:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2008.01.21 03:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2008.01.21 04:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008.01.21 04:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008.01.21 04:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006.11.02 11:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006.11.02 11:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
 
< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]
 
< %USERPROFILE%\*.* >
[2012.11.03 14:31:27 | 000,000,000 | ---- | M] () -- C:\Users\Volker\defogger_reenable
[2012.11.03 15:42:42 | 004,194,304 | -HS- | M] () -- C:\Users\Volker\ntuser.dat
[2012.11.03 15:42:42 | 000,262,144 | -H-- | M] () -- C:\Users\Volker\ntuser.dat.LOG1
[2009.07.17 20:29:04 | 000,000,000 | -H-- | M] () -- C:\Users\Volker\ntuser.dat.LOG2
[2012.11.03 12:00:03 | 000,065,536 | -HS- | M] () -- C:\Users\Volker\ntuser.dat{00a64d69-45ad-11e0-90ce-00235a00acad}.TM.blf
[2012.11.03 12:00:03 | 000,524,288 | -HS- | M] () -- C:\Users\Volker\ntuser.dat{00a64d69-45ad-11e0-90ce-00235a00acad}.TMContainer00000000000000000001.regtrans-ms
[2011.03.03 17:33:23 | 000,524,288 | -HS- | M] () -- C:\Users\Volker\ntuser.dat{00a64d69-45ad-11e0-90ce-00235a00acad}.TMContainer00000000000000000002.regtrans-ms
[2011.03.03 16:56:47 | 000,065,536 | -HS- | M] () -- C:\Users\Volker\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2011.03.03 16:56:47 | 000,524,288 | -HS- | M] () -- C:\Users\Volker\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2009.07.17 20:41:24 | 000,524,288 | -HS- | M] () -- C:\Users\Volker\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms
[2009.07.17 20:29:06 | 000,000,020 | -HS- | M] () -- C:\Users\Volker\ntuser.ini
[2012.10.31 10:35:55 | 000,015,133 | ---- | M] () -- C:\Users\Volker\Stadtrallye.docx
 
< %USERPROFILE%\Local Settings\Temp\*.exe >
 
< %USERPROFILE%\Local Settings\Temp\*.dll >
 
< %USERPROFILE%\Application Data\*.exe >
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16

< End of report >
         
--- --- ---

Extra.TxtOTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 03.11.2012 15:10:05 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Volker\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,97 Gb Total Physical Memory | 1,76 Gb Available Physical Memory | 59,21% Memory free
6,15 Gb Paging File | 4,72 Gb Available in Paging File | 76,66% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 116,44 Gb Total Space | 17,29 Gb Free Space | 14,85% Space Free | Partition Type: NTFS
Drive D: | 232,88 Gb Total Space | 84,61 Gb Free Space | 36,33% Space Free | Partition Type: NTFS
Drive F: | 114,98 Gb Total Space | 109,60 Gb Free Space | 95,32% Space Free | Partition Type: NTFS
 
Computer Name: VOLKER-1-K | User Name: Volker | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{147C253B-736C-40C2-A60F-85D219D954B1}" = rport=139 | protocol=6 | dir=out | app=system | 
"{1DE59135-CB81-42A4-956E-F19D52D6F376}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{52A22740-532B-478B-8422-9627A2A19091}" = rport=138 | protocol=17 | dir=out | app=system | 
"{6DC5DB9A-37F2-4982-BC69-1A37D1BD58C2}" = lport=137 | protocol=17 | dir=in | app=system | 
"{72C577A7-2F22-42FC-A153-9B1E92819368}" = lport=138 | protocol=17 | dir=in | app=system | 
"{9B62E0CB-92B8-4684-B0CC-70B06821EFEF}" = rport=445 | protocol=6 | dir=out | app=system | 
"{9F486D91-EBB4-4D66-888E-55D3D0B763AF}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{A29BA48C-B47B-4C8E-BEFF-7F7C141FCF92}" = lport=4000 | protocol=6 | dir=out | app=c:\program files\dll-files.com fixer\dllfixer.exe | 
"{ABB79EF3-069C-4B61-8561-39F59383B680}" = lport=445 | protocol=6 | dir=in | app=system | 
"{D7156D68-C344-47F4-BD5D-59B903A2733F}" = rport=137 | protocol=17 | dir=out | app=system | 
"{DAC81CFE-5D26-4A28-AD23-6BF66D82CA7D}" = lport=139 | protocol=6 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01148488-CC61-4BC0-A5ED-7F6DD60FE81B}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe | 
"{01C28C40-4D0B-42D8-8C9C-1073A2D7178B}" = protocol=17 | dir=in | app=c:\program files\expressfiles\expressfiles.exe | 
"{075E6639-B325-4B0E-84E9-00DF731CB67C}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgh.exe | 
"{0B145919-2403-47B9-A562-93389823B003}" = dir=in | app=c:\program files\hp\digital imaging\smart web printing\smartwebprintexe.exe | 
"{1033FCCE-DB80-413F-A0A7-5DD43EF38897}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgm.exe | 
"{10964190-1EBE-412A-A276-EBAD3D9AE331}" = protocol=6 | dir=in | app=c:\users\volker\appdata\roaming\dropbox\bin\dropbox.exe | 
"{17F9F2C8-5D7E-4D4F-8FD7-F654268D5E4E}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe | 
"{1973E93E-56A3-4DC1-9936-42AB83F70164}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgpc01.exe | 
"{1A943125-BD10-45F2-BA2E-8D8A680F8948}" = protocol=17 | dir=in | app=c:\program files\yourfiledownloader\yourfile.exe | 
"{1CDF98E9-3331-4D2A-A0AE-4FEC9AD55049}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{2BBEF008-C978-4E76-BC73-ADA626AD5B9D}" = protocol=17 | dir=in | app=c:\program files\yourfiledownloader\downloader.exe | 
"{2C7A8E96-B636-4A4C-A800-5B1FF06807B1}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{364D1DCA-D8AE-442D-B366-94CC55D7FE8C}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpsapp.exe | 
"{3CF3B339-4A64-4A9A-BE41-2F3F8227E531}" = protocol=6 | dir=in | app=c:\program files\smart technologies\smart product drivers\ucgui.exe | 
"{406E8E19-0603-48AC-8877-11639D8EA465}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpoews01.exe | 
"{41EFEF8F-CE82-4EBE-A116-550E4783F295}" = protocol=6 | dir=in | app=c:\program files\smart technologies\smart product drivers\smartsnmpagent.exe | 
"{535BBD17-7266-46A4-AA09-F4D5A7BB600A}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version6\teamviewer_service.exe | 
"{61B40E42-6193-457A-A097-025389E03B68}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqnrs08.exe | 
"{6454469D-D2C0-4691-BCE7-48CB498C8DAE}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{68E20ADE-C841-46BC-A0E8-F71D661EB5A5}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgplgtupl.exe | 
"{723CD3D6-5851-48A9-A613-2D4B1D44CB7C}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{81E0B8E3-C98D-48F7-9555-0B3643514D06}" = protocol=6 | dir=in | app=c:\program files\expressfiles\expressfiles.exe | 
"{8656F03F-7AA4-42C3-B7E5-863CBF76CFCF}" = dir=in | app=c:\program files\itunes\itunes.exe | 
"{8835802C-3384-4C3B-8F43-102B3F70942E}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpse.exe | 
"{884C3610-0B51-4D30-BEB6-3D78EACA8470}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version6\teamviewer.exe | 
"{8BE95F49-73F1-4263-B65A-56266A5ECBE7}" = dir=in | app=c:\program files\common files\hp\digital imaging\bin\hpqphotocrm.exe | 
"{8F11401D-3E73-4192-ADC7-9E45182F48DB}" = protocol=17 | dir=in | app=c:\program files\smart technologies\smart product drivers\smartsnmpagent.exe | 
"{8F9477AC-5B4E-40E3-AC0A-A604FCE9E2CE}" = protocol=6 | dir=in | app=c:\program files\yourfiledownloader\yourfile.exe | 
"{A358FE78-88B0-474C-81B8-853F73D10CB6}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe | 
"{A7F8968A-E641-4879-8E8D-50300C60A2C2}" = protocol=17 | dir=in | app=c:\program files\sweetim\communicator\sweetpacksupdatemanager.exe | 
"{AD7A166C-3106-4B1C-B731-6BAD8BF047DD}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{ADA4E9D5-F810-4958-A9EB-8A207C15263F}" = protocol=17 | dir=in | app=c:\windows\system32\msiexec.exe | 
"{B320E06A-5578-4775-804B-FBDCC3E1D930}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpfccopy.exe | 
"{B3B3458E-6FEC-4FE9-8D4D-474C5D46688C}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe | 
"{B612402E-8B86-4909-9C4A-892FDCDFA510}" = protocol=6 | dir=in | app=c:\program files\expressfiles\expressdl.exe | 
"{B8877334-3063-4614-BD71-CD4EAC37317E}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqcopy2.exe | 
"{B88E3969-FE1B-47AC-B5BE-6326971CA45E}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version6\teamviewer.exe | 
"{BF2F1098-7AEF-44D5-9403-4C6116F963A6}" = protocol=17 | dir=in | app=c:\program files\smart technologies\smart product drivers\ucgui.exe | 
"{C0776990-94A8-49F8-87C0-BE65866F822C}" = protocol=6 | dir=in | app=c:\program files\smart technologies\smart product drivers\ucservice.exe | 
"{C2CBB5E1-C416-4A13-A16A-C0A9FAC1E788}" = protocol=6 | dir=in | app=c:\program files\yourfiledownloader\downloader.exe | 
"{C9C52B8A-7B35-4363-9CE1-5A721F9DD02C}" = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe | 
"{CE592E30-5371-4AFE-9F45-4480D38FE664}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe | 
"{D0CE4C65-2E08-4FD4-97DB-FF2209EFFC64}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{D82E311F-A1B9-430F-BF85-AB90AE91B446}" = protocol=17 | dir=in | app=c:\users\volker\appdata\roaming\dropbox\bin\dropbox.exe | 
"{DB4ECB5A-C6CF-44E8-A5D2-CD948EFCF319}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{DECAA38E-5A9C-4EA6-949D-41FAC43C382F}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{E486F929-90E1-4B5A-9A10-143EF06438F1}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | 
"{EA6A6671-2122-48BC-983E-03EFCD67AC25}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version6\teamviewer_service.exe | 
"{F0CD706F-D786-44A4-9427-02E1F932C4D2}" = protocol=6 | dir=in | app=c:\program files\sweetim\communicator\sweetpacksupdatemanager.exe | 
"{F5C20CA0-3710-4F74-87F3-37827F7DEBEF}" = protocol=17 | dir=in | app=c:\program files\expressfiles\expressdl.exe | 
"{F76AADEE-D3AD-46EB-9BF8-11AC3FBC3729}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{FCB5A800-C931-4253-9E9A-7885C833E3FD}" = protocol=6 | dir=in | app=c:\windows\system32\msiexec.exe | 
"{FE59BE2E-6B6B-46B6-B0BA-6EAF4F9B3108}" = protocol=17 | dir=in | app=c:\program files\smart technologies\smart product drivers\ucservice.exe | 
"TCP Query User{13CED71F-03A4-4A45-AF78-77D3F771760E}C:\program files\ares\ares.exe" = protocol=6 | dir=in | app=c:\program files\ares\ares.exe | 
"TCP Query User{43EDE42E-BB48-49BA-BB79-201CEABB295E}C:\program files\smart technologies\smart product drivers\smartsnmpagent.exe" = protocol=6 | dir=in | app=c:\program files\smart technologies\smart product drivers\smartsnmpagent.exe | 
"TCP Query User{5D82DEB1-9AAE-4064-9F49-DDEB22A365E7}C:\users\volker\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\volker\appdata\roaming\spotify\spotify.exe | 
"TCP Query User{648C2C45-CCBF-4428-A404-F4989BB272C2}C:\windows\system32\rundll32.exe" = protocol=6 | dir=in | app=c:\windows\system32\rundll32.exe | 
"TCP Query User{84E0880A-A8FE-40F8-9478-710F07EBCDC2}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe | 
"TCP Query User{AA253288-701F-4A14-B1D7-F9DE23AA72A1}C:\program files\ares\ares.exe" = protocol=6 | dir=in | app=c:\program files\ares\ares.exe | 
"TCP Query User{AAE3973F-0367-4816-BFFE-520B3B1FD57B}C:\program files\tvuplayer\tvuplayer.exe" = protocol=6 | dir=in | app=c:\program files\tvuplayer\tvuplayer.exe | 
"TCP Query User{AD73DA3F-DC22-45FC-8253-73F18FF4F005}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"TCP Query User{C6A4AA31-728B-4F4E-A50B-1C7D47B4F9F8}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe | 
"TCP Query User{E7258CAC-8849-430B-8F35-E90AD037FAC3}C:\program files\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe | 
"UDP Query User{41082621-31BA-4FB0-BBB3-4BA11297DADB}C:\program files\ares\ares.exe" = protocol=17 | dir=in | app=c:\program files\ares\ares.exe | 
"UDP Query User{42BB6DC7-7985-4502-A770-6E36BFF36706}C:\program files\smart technologies\smart product drivers\smartsnmpagent.exe" = protocol=17 | dir=in | app=c:\program files\smart technologies\smart product drivers\smartsnmpagent.exe | 
"UDP Query User{5174FA0E-A9B5-4542-8611-A38B286817AF}C:\program files\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe | 
"UDP Query User{56011E56-A06A-45D9-8369-7B0D3C40DE89}C:\program files\ares\ares.exe" = protocol=17 | dir=in | app=c:\program files\ares\ares.exe | 
"UDP Query User{56E58528-BFA2-4D0D-ACF2-5B9D9D259454}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe | 
"UDP Query User{7D25CCD6-FE84-456E-87E5-BA29EF41830C}C:\program files\tvuplayer\tvuplayer.exe" = protocol=17 | dir=in | app=c:\program files\tvuplayer\tvuplayer.exe | 
"UDP Query User{A3C61277-8E13-47CC-8531-56A9D791FC26}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"UDP Query User{C2DC10B9-DA37-40C0-B007-8A5E2AE78739}C:\users\volker\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\volker\appdata\roaming\spotify\spotify.exe | 
"UDP Query User{C9CFEA10-6E8A-4543-9D3A-D920C0E1F259}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe | 
"UDP Query User{EB09215E-E461-4A61-9FFD-2B27D307EF72}C:\windows\system32\rundll32.exe" = protocol=17 | dir=in | app=c:\windows\system32\rundll32.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{}_is1" = Ares 3.1.5.3033
"{001E7FB6-BB6B-4ED0-BEDC-B5404ED96D4E}" = DocProc
"{0024E176-B245-2CFA-FD95-99170C8CE1DA}" = ATI Catalyst Install Manager
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{00405945-70C1-4B1D-9A3C-45A2883366AF}" = PS_AIO_05_C4600_Software_Min
"{03FAA727-E2B7-471C-AC41-2E1C7F29C7EA}" = Toshiba TEMPRO
"{04441EE4-3631-43DB-813A-9D031380C8E5}" = MarketingReg
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{07FB17D8-7DB6-4F06-80C4-8BE1719CB6A1}" = hpWLPGInstaller
"{0B775D7D-3AA7-F85A-58EF-56D68DE41799}" = CCC Help German
"{0D5D0BEE-FBA9-4928-A50D-6CDFAB827755}" = TOSHIBA ConfigFree
"{0F6F6876-6334-4977-B5DD-CFC12E193420}" = iTunes
"{0FEAB98A-EA81-BA2E-D8B4-A337DB86AE18}" = Catalyst Control Center Localization Italian
"{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}" = Utility Common Driver
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{1C971EE3-B4C4-4367-9676-57549919C6CE}" = TOSHIBA Benutzerhandbücher
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{21A2F5EE-1DC5-488A-BE7E-E526F8C61488}" = DeviceDiscovery
"{2290A680-4083-410A-ADCC-7092C67FC052}" = Toshiba Online Product Information
"{22CDA084-FA28-69D4-2EBE-D7EFB908565E}" = Catalyst Control Center Localization Korean
"{232DB76D-4751-41A9-9EC2-CDC0DAC1FAB6}" = WD SmartWare
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron JMB38X Flash Media Controller
"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java(TM) 6 Update 22
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 9
"{29207089-371F-A329-B585-7F1A1725A31C}" = Catalyst Control Center Localization Spanish
"{2D1551BB-4356-2A3F-6930-EB576DA7FAAF}" = Catalyst Control Center Localization Thai
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{3248F0A8-6813-11D6-A77B-00B0D0160060}" = Java(TM) 6 Update 6
"{37C866E4-AA67-4725-9E95-A39968DD7960}" = Camera Assistant Software for Toshiba
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{3B6ADFDD-17D1-F657-517E-349FDB13A4D4}" = CCC Help Norwegian
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{415B2719-AD3A-4944-B404-C472DB6085B3}" = Cisco EAP-FAST Module
"{415CD877-0970-4CB6-B178-1E72F7DC60E7}" = MyScript HWR (German)
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{44C81D1A-0520-49BB-B510-98B8DD414EA1}" = HP Photosmart C4600 All-In-One Driver Software 13.0 Rel .5
"{46A7DED5-2ACB-B759-5692-9F110E9B367A}" = Catalyst Control Center Localization Norwegian
"{48D245E0-AEE7-B940-C5EB-AC04740806A2}" = Catalyst Control Center Graphics Full Existing
"{49D73FB2-FCDE-70CE-C33E-386289088D32}" = CCC Help English
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4C450198-527B-719F-FA10-F1C5195F5E00}" = CCC Help Chinese Traditional
"{4C818AB1-8D06-443B-1464-FE65F91A0E88}" = CCC Help Greek
"{4CE6C6E8-0DAD-4757-86ED-7FB4035BA98B}" = SMART Product Drivers
"{4DF6D6EB-C560-3537-EF4D-F2837913E612}" = Catalyst Control Center Graphics Previews Vista
"{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password
"{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"{543E938C-BDC4-4933-A612-01293996845F}" = UnloadSupport
"{5626EF23-7E2F-7744-1635-BA01EB5DD385}" = Catalyst Control Center Localization Chinese Standard
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{58A0BECD-E983-64DD-F496-E06D1859992D}" = Catalyst Control Center Localization Finnish
"{5D650E32-36AA-1E93-EBB1-62BCAD4CA1DA}" = CCC Help Czech
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5F71BBC5-01D0-ACD8-71F4-6612EC307434}" = Catalyst Control Center Localization German
"{611EF8A2-4613-9D14-8227-9BBF183B4A83}" = CCC Help Russian
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{61F1F765-9CE2-4CA1-7A61-EEA035A461DF}" = CCC Help Hungarian
"{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
"{6326AAD3-9A54-9E3A-6523-B0CC6EC61CFC}" = CCC Help Thai
"{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Apple Application Support
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module
"{68A10D12-0D0F-4212-BDE6-D87FAD32A8FA}" = SmartWebPrinting
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6B4AD1A9-E73A-4184-9D6B-072F8A3C5EBA}" = VoiceOver Kit
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER
"{6C6DB10B-A3B1-AF9A-8112-7E29A11865BE}" = Catalyst Control Center Localization Turkish
"{6C76599B-5E89-F9BC-D997-010D3CAF73BD}" = CCC Help Chinese Standard
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71A80DE7-A133-9B2A-CDEF-32CF4D93DAB3}" = Catalyst Control Center Localization French
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TRDCReminder
"{788741FE-8F03-4DB2-A76C-43D748E81B67}" = Catalyst Control Center - Branding
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7B3425E6-6D8A-C439-7E29-16EDCAF20940}" = Catalyst Control Center Localization Japanese
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7CDD7C4C-5224-40E4-951F-51C12FEAB8AB}" = C4600
"{7EAEB757-4D63-481C-9765-F2F55D76A869}" = Anvil Studio 2012
"{7F40CE93-E345-E5D0-AA47-01B3E9C7A51E}" = CCC Help French
"{80EB34C1-4D7D-E462-6A78-D6DCE9DED0A4}" = CCC Help Italian
"{824D3839-DAA1-4315-A822-7AE3E620E528}" = VideoToolkit01
"{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module
"{8389382B-53BA-4A87-8854-91E3D80A5AC7}" = HP Photosmart Essential2.01
"{87725CEF-1BC6-47C5-B2CD-96DD6D392EE3}" = Dolby Control Center
"{8780B0B9-1D49-C9EF-0E9D-204276558193}" = Catalyst Control Center Graphics Light
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91954330-C8C1-7708-093C-65A5BEF0DDBD}" = Catalyst Control Center Localization Chinese Traditional
"{92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}" = 32 Bit HP CIO Components Installer
"{922E8525-AC7E-4294-ACAA-43712D4423C0}" = Adobe Flash Player 10 ActiveX
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{9550F8A6-3D21-4544-8B87-F9FE7E01B964}" = SMART Notebook
"{97BBECCF-B1FD-4010-8D4B-EFC9E3CCEECF}" = Driver Whiz
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9BFF3BEA-16EE-6A4D-5290-87BAE80B7860}" = Search Assistant Precisead
"{9EC9754D-CA34-4293-B5DB-3BD245A88A43}" = ArcSoft MediaImpression
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
"{A1A9DB17-BE08-8998-88DA-9AF66121B307}" = ccc-utility
"{A2A2D9CF-9A10-61BE-C41F-E64CF3EEFAF2}" = Catalyst Control Center Localization Greek
"{A498B88E-3DA4-653A-F9EB-8F278953DDC0}" = CCC Help Spanish
"{AC76BA86-7AD7-1031-7B44-A81300000003}" = Adobe Reader 8.1.3 - Deutsch
"{ACA85783-8EEA-4f0a-B2A3-A8173F30209F}" = C4200_doccd
"{AE8705FB-E13C-40A9-8A2D-68D6733FBFC2}" = Status
"{AF7FC1CA-79DF-43c3-90A3-33EFEB9294CE}" = AIO_Scan
"{B09BCBF6-87EE-4403-A336-3A9510856535}" = HP Photosmart All-In-One Software 9.0
"{B0BCDCBD-863D-4CAB-BF68-8D1F6B1BDC13}" = Atheros Wi-Fi Protected Setup Library
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B2A158F7-FC5E-B589-AA64-5D273BABCB68}" = Catalyst Control Center Core Implementation
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{B6070448-A831-E202-0F1F-3EA58D6A4BEE}" = CCC Help Dutch
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Disc Creator
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{BFA0E709-923C-4906-C62F-E08F5E5C6442}" = CCC Help Polish
"{BFDE4176-5DFE-4db9-AA00-8F30CB001BDA}" = c4200_Help
"{C10B1F0F-3B27-ECC1-A199-32DBFA86488C}" = Catalyst Control Center Graphics Full New
"{C2BAB668-2C3B-938D-741A-3B8F21D7F24D}" = CCC Help Danish
"{C39E671D-0528-4c5e-A034-8470C5BC393A}" = C4200
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{C408D954-254D-ECBF-6A0E-77A3949B184A}" = CCC Help Turkish
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C730E42C-935A-45BB-A0C5-37E5234D111B}" = TOSHIBA Face Recognition
"{C75CDBA2-3C86-481e-BD10-BDDA758F9DFF}" = hpPrintProjects
"{C76A79CB-5D4C-2F9D-1ECE-A14A4D152973}" = ccc-core-static
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CB319AA8-61A5-9BB5-B3D0-EC37061D6DF9}" = CCC Help Portuguese
"{CB382DF4-E0F0-2A6E-00EC-4F3B65510F76}" = Catalyst Control Center Localization Russian
"{CB5BB134-66AA-0AA9-CBCE-2ABB0528DD8F}" = Catalyst Control Center Localization Dutch
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{D0ACE207-0F90-402C-8CFA-2CB3D44CE689}" = Adobe Photoshop Lightroom 3.6
"{D249C9A4-8030-9E94-0F84-A8657478CF0B}" = Catalyst Control Center Localization Czech
"{D4DDFAA1-EC37-4529-AD5B-A433ADE68662}" = Apple Mobile Device Support
"{D642E38E-0D24-486C-9A2D-E316DD696F4B}" = Microsoft XML Parser
"{D8B7A682-20DA-4797-8415-B1FB14D4D32B}" = PS_AIO_Software
"{DC0A5F99-FD66-433F-9D3A-05DCBA64BE42}" = TrayApp
"{DDD5104F-1C44-49EB-9E6B-29EC5D27658B}" = HP Update
"{E0D47A97-8861-EEA0-C989-5E229F33A7C7}" = Catalyst Control Center Localization Portuguese
"{E2142733-460B-4BC8-0C06-B5E860312908}" = Catalyst Control Center Localization Danish
"{E28750A2-45F2-4b63-99F7-9F81A94B1E2D}" = PS_AIO_Software_min
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E5D2A8BB-9FFA-B33A-CC20-CFD7F33EAC52}" = Catalyst Control Center Localization Swedish
"{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORDCLauncher
"{EA47FA11-B0DE-AB2E-3097-505E457F5AA5}" = Catalyst Control Center Localization Hungarian
"{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}" = TOSHIBA SD Memory Utilities
"{ECE423CF-CD10-60DD-4A3A-8B7B3EA6AD03}" = CCC Help Finnish
"{EDAC6E0D-F93B-4B80-9377-F57D3BB5E6B1}" = MyScript HWR (Spanish)
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}" = DVD MovieFactory for TOSHIBA
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F4431ADE-A53E-70B9-CEE3-CF4B00CF3421}" = CCC Help Swedish
"{F44A9E2F-79FA-9421-A4FD-3942462B085D}" = CCC Help Korean
"{F4DFFE61-3F61-A61A-698F-A4C62D8F46F9}" = Catalyst Control Center InstallProxy
"{F56C72A0-AC46-35A1-1C37-B80C1A3ABE7D}" = Skins
"{F72E2DDC-3DB8-4190-A21D-63883D955FE7}" = PSSWCORE
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F80608B5-CBEF-A963-08E7-A1170B4FDC9C}" = Catalyst Control Center Localization Polish
"{F81AB80B-5BB7-4E36-8BA5-E07541CE1BFC}" = HDMI Control Manager
"{FD111943-7A14-F1F8-393B-02B5ABED3E8A}" = CCC Help Japanese
"{FD7F242B-9AA0-40c3-941E-3A9821D19C09}" = PS_AIO_ProductContext
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"1ClickDownload" = 1ClickDownloader
"3971-4815-1971-1205" = Renta2009 1.23
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Ares" = Ares 2.1.8
"Audacity_is1" = Audacity 1.2.6
"AudibleDownloadManager" = Audible Download Manager
"Audio Speed Changer Pro" = Audio Speed Changer Pro 1.4
"Avira AntiVir Desktop" = Avira Free Antivirus
"BIMPLite" = BIMP Lite 1.62
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2008-09-21 16:18
"Dany's Virtual Drum 2 (Beta 3)" = Dany's Virtual Drum 2 (Beta 3)
"DivX Setup.divx.com" = DivX-Setup
"e5d34685-b287-d0ba-6f4e-11a54427f2e2" = Contextual Tool Precisead
"fjvwqglgcsyqfvegv" = RON Too1 Precisead
"Google Desktop" = Google Desktop
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Photosmart Essential" = HP Photosmart Essential 2.01
"HP Print Projects" = HP Print Projects 1.0
"HP Smart Web Printing" = HP Smart Web Printing 4.5
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"HPOCR" = HP OCR Software 9.0
"InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisorkennwort
"InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
"InstallShield_{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TRDCReminder
"InstallShield_{C730E42C-935A-45BB-A0C5-37E5234D111B}" = TOSHIBA Face Recognition
"InstallShield_{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORDCLauncher
"InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"Live 8.2.2" = Live 8.2.2
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"MozBackup" = MozBackup 1.4.9
"Mozilla Firefox 15.0 (x86 de)" = Mozilla Firefox 15.0 (x86 de)
"Mozilla Thunderbird 16.0.2 (x86 de)" = Mozilla Thunderbird 16.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Pistonsoft BPM Detector_is1" = Pistonsoft BPM Detector 1.0
"Shop for HP Supplies" = Shop for HP Supplies
"Syncrosoft License Control" = Syncrosoft Lizenz Kontrolle
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TeamViewer 6" = TeamViewer 6
"TOSHIBA Software Modem" = TOSHIBA Software Modem
"TuneUpMedia" = TuneUp Companion 2.4.4.3
"VLC media player" = VLC media player 1.0.0
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"WinRAR archiver" = WinRAR
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Spotify" = Spotify
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 27.09.2011 11:37:31 | Computer Name = Volker-1-K | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 27.09.2011 14:30:30 | Computer Name = Volker-1-K | Source = WDSmartWareBackgroundService | ID = 0
Description = 
 
Error - 27.09.2011 14:31:17 | Computer Name = Volker-1-K | Source = WinMgmt | ID = 10
Description = 
 
Error - 28.09.2011 09:43:47 | Computer Name = Volker-1-K | Source = WDSmartWareBackgroundService | ID = 0
Description = 
 
Error - 28.09.2011 09:44:17 | Computer Name = Volker-1-K | Source = WinMgmt | ID = 10
Description = 
 
Error - 28.09.2011 10:12:00 | Computer Name = Volker-1-K | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 28.09.2011 16:13:51 | Computer Name = Volker-1-K | Source = WDSmartWareBackgroundService | ID = 0
Description = 
 
Error - 28.09.2011 16:14:20 | Computer Name = Volker-1-K | Source = WinMgmt | ID = 10
Description = 
 
Error - 28.09.2011 16:23:23 | Computer Name = Volker-1-K | Source = EventSystem | ID = 4621
Description = 
 
Error - 29.09.2011 09:36:19 | Computer Name = Volker-1-K | Source = WDSmartWareBackgroundService | ID = 0
Description = 
 
[ OSession Events ]
Error - 16.01.2010 06:47:13 | Computer Name = Volker-1-K | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 8737
 seconds with 2100 seconds of active time.  This session ended with a crash.
 
Error - 05.10.2010 14:51:54 | Computer Name = Volker-1-K | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6541.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 35
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 02.12.2010 11:07:06 | Computer Name = Volker-1-K | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1973
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 12.02.2012 08:45:02 | Computer Name = Volker-1-K | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2529
 seconds with 780 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 03.11.2012 07:39:17 | Computer Name = Volker-1-K | Source = PlugPlayManager | ID = 12
Description = Das Gerät "JMB38X MS Host Controller" (PCI\VEN_197B&DEV_2383&SUBSYS_FF021179&REV_00\4&21d1b20d&0&0328)
 wurde ohne vorbereitende Maßnahmen vom System entfernt.
 
Error - 03.11.2012 07:39:17 | Computer Name = Volker-1-K | Source = PlugPlayManager | ID = 12
Description = Das Gerät "JMB38X xD Host Controller" (PCI\VEN_197B&DEV_2384&SUBSYS_FF021179&REV_00\4&21d1b20d&0&0428)
 wurde ohne vorbereitende Maßnahmen vom System entfernt.
 
Error - 03.11.2012 09:17:43 | Computer Name = Volker-1-K | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 03.11.2012 um 13:50:22 unerwartet heruntergefahren.
 
Error - 03.11.2012 09:19:11 | Computer Name = Volker-1-K | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 03.11.2012 09:19:11 | Computer Name = Volker-1-K | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 03.11.2012 09:22:24 | Computer Name = Volker-1-K | Source = PlugPlayManager | ID = 12
Description = Das Gerät "OHCI-konformer IEEE 1394-Hostcontroller" (PCI\VEN_197B&DEV_2380&SUBSYS_FF001179&REV_00\4&21d1b20d&0&0028)
 wurde ohne vorbereitende Maßnahmen vom System entfernt.
 
Error - 03.11.2012 09:22:24 | Computer Name = Volker-1-K | Source = PlugPlayManager | ID = 12
Description = Das Gerät "JMB38X SD/MMC Host Controller" (PCI\VEN_197B&DEV_2382&SUBSYS_FF021179&REV_00\4&21d1b20d&0&0128)
 wurde ohne vorbereitende Maßnahmen vom System entfernt.
 
Error - 03.11.2012 09:22:24 | Computer Name = Volker-1-K | Source = PlugPlayManager | ID = 12
Description = Das Gerät "JMB38X SD Host Controller" (PCI\VEN_197B&DEV_2381&SUBSYS_FF021179&REV_00\4&21d1b20d&0&0228)
 wurde ohne vorbereitende Maßnahmen vom System entfernt.
 
Error - 03.11.2012 09:22:24 | Computer Name = Volker-1-K | Source = PlugPlayManager | ID = 12
Description = Das Gerät "JMB38X MS Host Controller" (PCI\VEN_197B&DEV_2383&SUBSYS_FF021179&REV_00\4&21d1b20d&0&0328)
 wurde ohne vorbereitende Maßnahmen vom System entfernt.
 
Error - 03.11.2012 09:22:24 | Computer Name = Volker-1-K | Source = PlugPlayManager | ID = 12
Description = Das Gerät "JMB38X xD Host Controller" (PCI\VEN_197B&DEV_2384&SUBSYS_FF021179&REV_00\4&21d1b20d&0&0428)
 wurde ohne vorbereitende Maßnahmen vom System entfernt.
 
 
< End of report >
         
--- --- ---


Gruß
Volker
__________________

Alt 03.11.2012, 16:59   #4
markusg
/// Malware-holic
 
ihavenet - Virus - Standard

ihavenet - Virus



hi

dieses script sowie evtl. folgende scripts sind nur für den jeweiligen user.
wenn ihr probleme habt, eröffnet eigene topics und wartet auf, für euch angepasste scripts.


• Starte bitte die OTL.exe
• Kopiere nun das Folgende in die Textbox.



Code:
ATTFilter
:OTL
O4 - HKCU..\Run: [vwdpohh] C:\Users\Volker\AppData\Roaming\KBDUR1P.dll ()
O4 - HKCU..\Run: [Gytoywehe] C:\Users\Volker\AppData\Roaming\Ofydt\ogapf.exe ()
[2012.11.03 12:43:48 | 000,000,000 | ---D | M] -- C:\Users\Volker\AppData\Roaming\Egpo
 :Files
C:\Users\Volker\AppData\Roaming\KBDUR1P.dll
C:\Users\Volker\AppData\Roaming\Ofydt
:Commands
[Reboot]
         


• Schliesse bitte nun alle Programme.
• Klicke nun bitte auf den Fix Button.
• OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
• Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren.
starte in den normalen modus.

falls du keine symbole hast, dann rechtsklick, ansicht, desktop symbole einblenden

Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang
in den Thread posten!




Drücke bitte die + E Taste.
  • Öffne dein Systemlaufwerk ( meistens C: )
  • Suche nun
    folgenden Ordner: _OTL und öffne diesen.
  • Mache einen Rechtsklick auf den Ordner Movedfiles --> Senden an --> Zip-Komprimierter Ordner

  • Dies wird eine Movedfiles.zip Datei in _OTL erstellen
  • Lade diese bitte in unseren Uploadchannel
    hoch. ( Durchsuchen --> C:\_OTL\Movedfiles.zip )
Teile mir mit ob der Upload problemlos geklappt hat. Danke im voraus

downloade get info:
http://markusg.trojaner-board.de/GetInfo.exe
doppelklicke die .exe
im selben ordner wird nun eine .txt erstellt:
summary-info.txt
diese doppelklicken und deren inhalt posten.

für eine weitere analyse benötige ich mal folgendes.
c:\Users\name\AppData\LocalLow\Sun\Java\Deployment\cache
dort rechtsklick auf den ordner cache, diesen mit winrar oder einem anderen programm packen, und im upload channel hochladen bitte
Trojaner-Board Upload Channel
wenn dies erledigt ist, bittemelden.


lade und instaliere 7zip:
7-Zip Download - 7-Zip 9.20
gehe dann auf start, ausführen, tippe:
regedit
enter
dort klappe auf der linken seite alles zu.
Gehe dann auf datei, exportieren, suche einen ort, den du leicht wiederfindest, und vergib einen dateinamen, den du leicht wieder erkennst.
schließe den registrierungseditor nach dem speichern, navigiere zu der datei die du soeben erstellt hast, rechtsklick, 7zip menü aufklappen, zu einem archiv hinzufügen wählen.
folgene einstellungen vornemen:
archivtyp, 7zip
kompressionsstärke: ultra
kompress.verfahren: lzma2
wörterbuchgröße: 64 mb
wortgröße: 273
größe solider blöcke: solide
klicke nun auf ok, archiv wird erstellt.
dieses lädst du bei:
File-Upload.net - Ihr kostenloser File Hoster!
hoch und sendest mir den download link bitte als private nachicht.

Frage:
hast du zum infektionszeitpunkt, bzw evtl. einen tag davor, etwas runtergeladen und instaliert bzw ausgeführt?
wurdest du beim besuch einer seite aufgefordert etwas zu instalieren bzw runterzuladen? diese infos hätte ich auch gern als private nachicht.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 03.11.2012, 17:22   #5
Volker1k
 
ihavenet - Virus - Standard

ihavenet - Virus



Danke, die Antwort kommt ja sehr schnell.

Aber, ich habe keine Text-Datei erhalten.

Wo kann die sich eventuell "verstecken"?

Gruß


Alt 03.11.2012, 17:28   #6
markusg
/// Malware-holic
 
ihavenet - Virus - Standard

ihavenet - Virus



macht nichts, mach weiter mit dem rest, die textdatei find ich dann schon im upload.
__________________
--> ihavenet - Virus

Alt 03.11.2012, 17:35   #7
Volker1k
 
ihavenet - Virus - Standard

ihavenet - Virus



Das Hochladen geht leider nicht.

Es wird immer gebeten, den Link zum Thread zu überprüfen, dabei habe ich ihn aus dem Thread selbst herauskopiert.

summary-info.txt

System volume information: dwHighDateTime = 0x1c927dc,dwLowDateTime = 0x40c20cff
System32: dwHighDateTime = 0x1c6fe70,dwLowDateTime = 0xa3cd0a16
dwSerialNumber = 0x80c4bf8

Alt 03.11.2012, 17:42   #8
markusg
/// Malware-holic
 
ihavenet - Virus - Standard

ihavenet - Virus



dann lad moved files auch bei
File-Upload.net - Ihr kostenloser File Hoster!
hoch und send mir den link als private nachicht + dem registry export + die info um die ich gebeten hab.
danke für getinfo.txt
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 03.11.2012, 17:45   #9
Volker1k
 
ihavenet - Virus - Standard

ihavenet - Virus



Sorry, du musst bitte ein bisschen langsamer machen.

Das Folgende verstehe ich nicht:
"gehe dann auf start, ausführen, tippe:
regedit
enter
"

An einen bestimmten Dowinload kann ich mich nicht erinnern.

Danke

wie schicke ich dir denn eine private Nachricht?

Hab's gefunden, Sorry

Alt 03.11.2012, 17:50   #10
markusg
/// Malware-holic
 
ihavenet - Virus - Standard

ihavenet - Virus



was verstehst du da nicht genau.
wenn du auf start gehst, hast du dort das feld ausführen bzw suchen
da schreibst du das genannte rein, und drückst enter.
wegen der privaten nachicht.
klicke auf meinen namen, dann auf nachicht senden, private nachicht an markusg senden, da trägst du nen betreff ein, und schreibst los :-)
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 03.11.2012, 17:55   #11
Volker1k
 
ihavenet - Virus - Standard

ihavenet - Virus



Nachricht ist wech ...

den Rest mache ich jetzt. ICh wusste nicht, dass "suchen" & "ausführen" das gleiche sind.

Alt 03.11.2012, 17:58   #12
markusg
/// Malware-holic
 
ihavenet - Virus - Standard

ihavenet - Virus



hi
hast du evtl. in der zwischenzeit ne meldung deines antivirus programms bekommen? falls ja, poste die mal
das erstellen vom archiv kannnst du sein lassen, die dll ist nicht drinn für die ich das archiv benötigt hätte
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 03.11.2012, 20:23   #13
Volker1k
 
ihavenet - Virus - Standard

ihavenet - Virus



Das Programm hat offensichtlich zwei Viren gefunden. Zu einem gibt es mir folgende Angabe: EXP/2012-1723.FP:
Verbreitungsmethode:
• Keine eigene Verbreitungsroutine
• Avast: Java:CVE-2012-1723-PI
• Microsoft: Exploit:Java/CVE-2012-1723.BTS
• Eset: Java/Exploit.CVE-2012-1723.CT


Betriebsysteme:
• Windows 2000
• Windows XP
• Windows 2003
• Windows Vista
• Windows Server 2008
• Windows 7


Auswirkungen:
• Kann zur Ausführung von schädlichem Code verwendet werden
• Lädt eine Dateien herunter
• Macht sich Software Verwundbarkeit zu nutzen
• CVE-2012-1723

Alt 03.11.2012, 20:24   #14
markusg
/// Malware-holic
 
ihavenet - Virus - Standard

ihavenet - Virus



öffne mal avira, verwaltung, quarantäne, poste mir dort alles was gefunden wurde, mit erkennungsname + pfad angabe
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 03.11.2012, 20:35   #15
Volker1k
 
ihavenet - Virus - Standard

ihavenet - Virus



Avira reagiert sehr langsam... Aber ich bin dran.

Antwort

Themen zu ihavenet - Virus
ihavenet, ihavenet.com virus, leute, virus



Ähnliche Themen: ihavenet - Virus


  1. Ihavenet - Virus
    Log-Analyse und Auswertung - 17.11.2013 (6)
  2. ihavenet virus
    Log-Analyse und Auswertung - 09.10.2013 (28)
  3. ihavenet-Virus
    Plagegeister aller Art und deren Bekämpfung - 09.10.2013 (11)
  4. 2x | Ihavenet - Virus
    Mülltonne - 30.09.2013 (1)
  5. IHAVENET-virus??
    Plagegeister aller Art und deren Bekämpfung - 30.09.2013 (12)
  6. ihavenet Virus
    Plagegeister aller Art und deren Bekämpfung - 18.06.2013 (11)
  7. Ihavenet.com Virus
    Plagegeister aller Art und deren Bekämpfung - 28.02.2013 (30)
  8. Ihavenet Virus
    Plagegeister aller Art und deren Bekämpfung - 12.12.2012 (13)
  9. ihavenet virus
    Plagegeister aller Art und deren Bekämpfung - 06.12.2012 (3)
  10. ihavenet Virus
    Log-Analyse und Auswertung - 01.12.2012 (13)
  11. Ihavenet.com Browser Hijacker- bei Googlesuche öffnen sich andere Seiten (Weiterleitung über Ihavenet.com)
    Log-Analyse und Auswertung - 21.11.2012 (13)
  12. Ihavenet.com - Virus
    Plagegeister aller Art und deren Bekämpfung - 09.11.2012 (9)
  13. ihavenet.com virus auf dem PC
    Plagegeister aller Art und deren Bekämpfung - 29.10.2012 (5)
  14. ihavenet virus
    Log-Analyse und Auswertung - 07.10.2012 (1)
  15. ihavenet- virus
    Plagegeister aller Art und deren Bekämpfung - 17.09.2012 (13)
  16. Ihavenet.com Virus
    Log-Analyse und Auswertung - 13.09.2012 (12)
  17. ihavenet-virus.. help
    Plagegeister aller Art und deren Bekämpfung - 10.09.2012 (3)

Zum Thema ihavenet - Virus - Hallo Leute, ich habe mir auch einen ihavenet-Virus eingehandelt. Kann mir jemand helfen? Vielen Dank Volker - ihavenet - Virus...
Archiv
Du betrachtest: ihavenet - Virus auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.