Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: claro-search entfernen

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 16.11.2012, 23:58   #1
cheffe142
 
claro-search entfernen - Standard

claro-search entfernen



Hi,
wie ich gelesen habe, bin ich nicht der einzige mit dem Problem des claro-search. Allerdings führen die Ratschläge nicht zu den erhofften Ergebnissen oder ich komme nicht weiter. Darum bitte hilft mir, diesen claro-search loszuwerden - Danke

Bisher habe ich es über die normal Deinsatallation per Systemsteuerung ausprobiert was nichts gebracht hat.
Anschließend habe ich mir spyhunter runter geladen, der auch was gefunden hat, aber man kann nur in der Vollversion Fehler beheben.
Dann kam der Spybot, auch der versagte beim Problem beheben kläglich.
Dann habe ich den awsMBR runtergeladen, den scan durchgeführt und den log gesichert und nun komme ich nicht mehr weiter...

Was muss ich nun machen?

Alt 17.11.2012, 09:57   #2
ryder
/// TB-Ausbilder
 
claro-search entfernen - Standard

claro-search entfernen





Ich werde dir bei deinem Problem helfen. Eine Bereinigung ist mitunter mit viel Arbeit für Dich (und mich) verbunden. Bevor es los geht, habe ich etwas Lesestoff für dich.
Zitat:
Lesestoff:
Regeln für die Bereinigung
Damit die Bereinigung funktioniert bitte ich dich, die folgenden Punkte aufmerksam zu lesen:
  • Bitte arbeite alle Schritte der Reihe nach ab. Gib mir bitte zu jedem Schritt Rückmeldung (Logfile oder Antwort).
  • Nur Scanns durchführen zu denen Du von einem Helfer aufgefordert wirst.
  • Bitte kein Crossposting (posten in mehreren Foren).
  • Installiere oder Deinstalliere während der Bereinigung keine Software, ausser Du wurdest dazu aufgefordert.
  • Lese Dir die Anleitung zuerst vollständig durch. Sollte etwas unklar sein, frage bevor Du beginnst.
  • Poste die Logfiles direkt in deinen Thread (möglichst in Code-Tags). Nicht anhängen ausser ich fordere Dich dazu auf oder das Logfile ist zu gross. Erschwert mir nämlich das auswerten.
  • Mache deinen Namen nur dann unkenntlich, wenn es unbedingt sein muss.
  • Sollte ich nicht nach 3 Tagen geantwortet haben, dann (und nur dann) schicke mir bitte eine PM.
  • Eine Bitte: Mache bitte solange mit, bis ich oder ein anderer Helfer dir mitteilt, dass du "sauber" bist. Das gebietet alleine schon die Höflichkeit und ein Verschwinden der Symptome bedeutet nicht, dass die Schädlinge auch wirklich alle entfernt wurden.
  • Hinweis: Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist meist der Schnellere und immer der sicherste Weg.
Wenn du das alles gelesen und verstanden hast, kannst du loslegen!
Schritt 1:
Deinstalliere Spybot!

Schritt 2:
AdwCleaner: Werbeprogramme suchen und löschen

Downloade Dir bitte AdwCleaner auf deinen Desktop.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Löschen.
  • Bestätige jeweils mit Ok.
  • Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[S1].txt.
Schritt 3:
Customscan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die OTL.exe.
  • Stelle folgendes ein:
    • Haken bei "Alle Benutzer scannen" und "Inklusive 64bit Scans"
    • Ausgabe: Minimal
    • Benutze SafeList in jedem Feld.
    • Haken bei "Benutze Hersteller-Whitelist"
    • Dateien erstellt und verändert innerhalb Datei-Alter
    • Haken bei LOP Prüfung und Purity Prüfung
  • Kopiere nun den Inhalt aus der Codebox in die Textbox.
Code:
ATTFilter
activex
netsvcs
msconfig
drivers32
safebootminimal
safebootnetwork
%SYSTEMDRIVE%\*.
%SYSTEMDRIVE%\*.*
%PROGRAMFILES%\*.exe
%PROGRAMFILES(X86)%\*.exe
%systemroot%\*. /mp /s
%windir%\installer\*. /10
%appdata%\*. 
%appdata%\*.* 
%appdata%\*.exe /s
%localappdata%\*. 
%localappdata%\*.*
%localappdata%\*.exe /s
%allusersprofile%\*. 
%allusersprofile%\*.*
%allusersprofile%\*.exe /s
CREATERESTOREPOINT
         
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Scan Button.
  • Kopiere nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread (möglichst in CODE-Tags)
Schritt 4:
Scan mit SecurityCheck
Downloade Dir bitte SecurityCheck
  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS- Box.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.
__________________

__________________

Alt 17.11.2012, 13:59   #3
cheffe142
 
claro-search entfernen - Standard

claro-search entfernen



ich bin jetzt bei dem Scan mit OTL und gib gerade die Häkchen an.

1. ich habe nichts wo inklusive 64bit scan steht (benutze auch 32bit Version)
2. ein Haken war bei "Use No-company-Name WhiteList", ich denke der muss weg oder?
__________________

Alt 17.11.2012, 14:02   #4
ryder
/// TB-Ausbilder
 
claro-search entfernen - Standard

claro-search entfernen



beides ist okay
__________________
Digitale Freibeuter gegen Malware!
Keine Hilfe per PM!

Alt 17.11.2012, 14:57   #5
cheffe142
 
claro-search entfernen - Standard

claro-search entfernen



hier ist die Logdatei vom ADWCleaner und der securitycheck

# AdwCleaner v2.007 - Datei am 17/11/2012 um 14:38:05 erstellt
# Aktualisiert am 06/11/2012 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (32 bits)
# Benutzer : Torben F - CHEFFE
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Torben F\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****

Gestoppt & Gelöscht : Browser Manager

***** [Dateien / Ordner] *****

Gelöscht mit Neustart : C:\ProgramData\Browser Manager
Ordner Gelöscht : C:\Program Files\ICQ6Toolbar
Ordner Gelöscht : C:\ProgramData\ICQ\ICQToolbar
Ordner Gelöscht : C:\Users\Torben F\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Browser Manager
Ordner Gelöscht : C:\Users\Torben F\AppData\Roaming\pdfforge

***** [Registrierungsdatenbank] *****

Daten Gelöscht : HKLM\..\Windows [AppInit_DLLs] = c:\progra~2\browse~1\23796~1.11\{16cdf~1\browse~1.dll
Schlüssel Gelöscht : HKCU\Software\DataMngr
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Schlüssel Gelöscht : HKLM\Software\Babylon
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\Software\DataMngr
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\pgafcinpmmpklohkojmllohdhomoefph
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Schlüssel Gelöscht : HKLM\SOFTWARE\Software
Schlüssel Gelöscht : HKU\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gelöscht : HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gelöscht : HKU\S-1-5-21-4193105443-658353482-3685622148-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Wert Gelöscht : HKCU\Software\Mozilla\Firefox\Extensions [{b64982b1-d112-42b5-b1e4-d3867c4533f8}]

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16421

Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - ICQ Search] = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd --> hxxp://www.google.com
Gelöscht : [HKCU\Software\Microsoft\Internet Explorer\Main - bProtector Start Page]

-\\ Mozilla Firefox v3.6.3 (de)

Profilname : default [Profil par défaut]
Datei : C:\Users\Torben F\AppData\Roaming\Mozilla\Firefox\Profiles\lnx6vjq9.default\prefs.js

C:\Users\Torben F\AppData\Roaming\Mozilla\Firefox\Profiles\lnx6vjq9.default\user.js ... Gelöscht !

[OK] Die Datei ist sauber.

Profilname : SafeBrowser
Datei : C:\ProgramData\Kaspersky Lab\SafeBrowser\S-1-5-21-4193105443-658353482-3685622148-1000\FireFox\prefs.js

[OK] Die Datei ist sauber.

-\\ Google Chrome v [Version kann nicht ermittelt werden]

Datei : C:\Users\Torben F\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

-\\ Opera v [Version kann nicht ermittelt werden]

Datei : C:\Users\Torben F\AppData\Roaming\Opera\Opera\operaprefs.ini

[OK] Die Datei ist sauber.

*************************

AdwCleaner[S1].txt - [3420 octets] - [17/11/2012 14:38:05]

########## EOF - C:\AdwCleaner[S1].txt - [3480 octets] ##########


und nun der scan

Results of screen317's Security Check version 0.99.54
Windows 7 Service Pack 1 x86 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Kaspersky Internet Security
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
CCleaner
Java(TM) 6 Update 31
Java version out of Date!
Adobe Flash Player 11.4.402.287
Adobe Reader X (10.1.4)
Mozilla Firefox (3.6.3) Firefox out of Date!
Mozilla Thunderbird (3.1.3) Thunderbird out of Date!
````````Process Check: objlist.exe by Laurent````````
Kaspersky Lab Kaspersky Internet Security 2013 avp.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:
````````````````````End of Log``````````````````````


Wie kopiere ich die txt-Dateien OTL.txt und Extra.txt in Code tags??


Alt 17.11.2012, 18:24   #6
ryder
/// TB-Ausbilder
 
claro-search entfernen - Standard

claro-search entfernen



SO gehts ...
Zitat:
Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
Ausserdem ...

Warnung: Registry-Cleaner
Zitat:
Lesestoff:
Registry-Cleaner und temporäre Dateien
Aus deinen Logfiles geht hervor, dass du eines dieser Programme benutzt. Wir empfehlen solche Programme nicht zu benutzen. Die Registrierung ist ein zentraler Bestandteil des Betriebssystems. Löscht ein Registry-Cleaner die falschen Zeilen kann das im schlimmsten Fall dazu führen, dass dein Computer unbootbar wird. Einige verwaiste Registryeinträge sind nicht weiter tragisch und auch die höhere Geschwindigkeit beim Booten ist normalerweise nicht merklich. Das Risiko, dass das Programm dein System "zerstört" ist einfach zu hoch. Ich empfehle dir also dringend, das Programm zu deinstallieren.

Beispielsweise bei CCleaner wird auch eine Funktion angeboten die temporären Dateien zu löschen. Wenn du von der Registrybereinigung die Finger läßt ist gegen den Einsatz von CCleaner nichts zu sagen. Ein alternatives Programm dafür möchte ich dir gerne noch empfehlen: TFC - einfach als Administrator starten und zurücklehnen.
BItte CCleaner deinstallieren oder Tip beachten.
__________________
--> claro-search entfernen

Alt 18.11.2012, 13:27   #7
cheffe142
 
claro-search entfernen - Standard

claro-search entfernen



so nun hier meine logdaten von OTl.exe
OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 17.11.2012 15:33:27 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Torben F\Desktop
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,13 Gb Available Physical Memory | 56,37% Memory free
4,00 Gb Paging File | 2,79 Gb Available in Paging File | 69,73% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 195,31 Gb Total Space | 97,19 Gb Free Space | 49,76% Space Free | Partition Type: NTFS
Drive D: | 117,19 Gb Total Space | 110,78 Gb Free Space | 94,53% Space Free | Partition Type: NTFS
Drive E: | 97,65 Gb Total Space | 96,23 Gb Free Space | 98,54% Space Free | Partition Type: NTFS
Drive F: | 55,61 Gb Total Space | 38,53 Gb Free Space | 69,29% Space Free | Partition Type: NTFS
 
Computer Name: CHEFFE | User Name: Torben F | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: On | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Torben F\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe (Kaspersky Lab ZAO)
PRC - C:\Programme\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
PRC - C:\Programme\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.)
PRC - C:\Programme\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)
PRC - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - D:\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
PRC - C:\Programme\HP\HP Photosmart 5510 series\Bin\ScanToPCActivationApp.exe (Hewlett-Packard Co.)
PRC - C:\Programme\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
PRC - C:\Programme\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation)
PRC - C:\Programme\REALTEK\11n USB Wireless LAN Utility\RtWLan.exe (Realtek Semiconductor Corp.)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation)
PRC - C:\Programme\REALTEK\11n USB Wireless LAN Utility\RtlService.exe (Realtek)
PRC - C:\Programme\avmwlanstick\WLanNetService.exe (AVM Berlin)
PRC - C:\Windows\System32\PSIService.exe ()
PRC - C:\Programme\Common Files\ACD Systems\DE\DevDetect.exe (ACD Systems, Ltd.)
 
 
========== Modules (No Company Name) ==========
 
MOD - c:\ProgramData\Browser Manager\2.3.796.11\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.dll ()
MOD - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\dblite.dll ()
MOD - C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Programme\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF ()
MOD - D:\WinRAR\RarExt.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (SpyHunter 4 Service) -- C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE File not found
SRV - (AVP) -- C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe (Kaspersky Lab ZAO)
SRV - (Akamai) -- c:\program files\common files\akamai/netsession_win_ce5ba24.dll ()
SRV - (Microsoft SharePoint Workspace Audit Service) -- D:\Ms Office 2007\Office14\GROOVE.EXE (Microsoft Corporation)
SRV - (Skype C2C Service) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (TomTomHOMEService) -- D:\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
SRV - (nvUpdatusService) -- C:\Programme\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
SRV - (TeamViewer6) -- C:\Programme\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (osppsvc) -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (wlidsvc) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (RtlService) -- C:\Programme\REALTEK\11n USB Wireless LAN Utility\RtlService.exe (Realtek)
SRV - (Realtek11nSU) -- C:\Programme\REALTEK\11n USB Wireless LAN Utility\RtlService.exe (Realtek)
SRV - (AVM WLAN Connection Service) -- C:\Programme\avmwlanstick\WLanNetService.exe (AVM Berlin)
SRV - (ProtexisLicensing) -- C:\Windows\System32\PSIService.exe ()
 
 
========== Driver Services (SafeList) ==========
 
DRV - (ZTEusbser6k) -- system32\DRIVERS\ZTEusbser6k.sys File not found
DRV - (ZTEusbnmea) -- system32\DRIVERS\ZTEusbnmea.sys File not found
DRV - (ZTEusbmdm6k) -- system32\DRIVERS\ZTEusbmdm6k.sys File not found
DRV - (PciCon) -- G:\PciCon.sys File not found
DRV - (massfilter) -- system32\drivers\massfilter.sys File not found
DRV - (esgiguard) -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys File not found
DRV - (KLIF) -- C:\Windows\System32\drivers\klif.sys (Kaspersky Lab)
DRV - (kltdi) -- C:\Windows\System32\drivers\kltdi.sys (Kaspersky Lab)
DRV - (klmouflt) -- C:\Windows\System32\drivers\klmouflt.sys (Kaspersky Lab)
DRV - (klkbdflt) -- C:\Windows\System32\drivers\klkbdflt.sys (Kaspersky Lab)
DRV - (kneps) -- C:\Windows\System32\drivers\kneps.sys (Kaspersky Lab)
DRV - (KLIM6) -- C:\Windows\System32\drivers\klim6.sys (Kaspersky Lab ZAO)
DRV - (EsgScanner) -- C:\Windows\System32\drivers\EsgScanner.sys ()
DRV - (kl1) -- C:\Windows\System32\drivers\kl1.sys (Kaspersky Lab ZAO)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (RTL8192su) -- C:\Windows\System32\drivers\RTL8192su.sys (Realtek Semiconductor Corporation                           )
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (NTGDT) -- C:\Windows\System32\drivers\NTGDT.SYS ()
DRV - (ssndis) -- C:\Windows\System32\drivers\ssndis.sys (Realtek Semiconductor Corporation)
DRV - (pfc) -- C:\Windows\System32\drivers\pfc.sys (Padus, Inc.)
DRV - (WSDPrintDevice) -- C:\Windows\System32\drivers\WSDPrint.sys (Microsoft Corporation)
DRV - (WSDScan) -- C:\Windows\System32\drivers\WSDScan.sys (Microsoft Corporation)
DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation)
DRV - (RTL8187B) -- C:\Windows\System32\drivers\RTL8187B.sys (Realtek Semiconductor Corporation                           )
DRV - (Atc002) -- C:\Windows\System32\drivers\l260x86.sys (Atheros Communications, Inc.)
DRV - (MTsensor) -- C:\Windows\System32\drivers\ASACPI.sys ()
DRV - (fwlanusbn) -- C:\Windows\System32\drivers\fwlanusbn.sys (AVM GmbH)
DRV - (avmeject) -- C:\Windows\System32\drivers\avmeject.sys (AVM Berlin)
DRV - (SPC230NC) -- C:\Windows\System32\drivers\SPC230NC.SYS (PixArt Imaging Inc.)
DRV - (AsIO) -- C:\Windows\System32\drivers\AsIO.sys ()
DRV - (PAEAFLT.sys) -- C:\Windows\System32\drivers\PAEAFLT.sys (PixArt Imaging Incorporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-4193105443-658353482-3685622148-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.t-online.de/
IE - HKU\S-1-5-21-4193105443-658353482-3685622148-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-4193105443-658353482-3685622148-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-4193105443-658353482-3685622148-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = A4 27 DB 8C 8E 05 CB 01  [binary data]
IE - HKU\S-1-5-21-4193105443-658353482-3685622148-1000\..\URLSearchHook:  - No CLSID value found
IE - HKU\S-1-5-21-4193105443-658353482-3685622148-1000\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKU\S-1-5-21-4193105443-658353482-3685622148-1000\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-4193105443-658353482-3685622148-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?FORM=IEFM1&q={searchTerms}&src={referrer:source?}
IE - HKU\S-1-5-21-4193105443-658353482-3685622148-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\S-1-5-21-4193105443-658353482-3685622148-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-4193105443-658353482-3685622148-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = fritz.box;<local>;*.local
 
IE - HKU\S-1-5-21-4193105443-658353482-3685622148-1005\..\SearchScopes,DefaultScope = 
 
========== FireFox ==========
 
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.t-online.de/"
FF - prefs.js..extensions.enabledAddons: anti_banner@kaspersky.com:13.0.1.4190
FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:11.0.1.400
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6906
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: KavAntiBanner@Kaspersky.ru:11.0.1.400
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.1.94
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: D:\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: D:\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: D:\MSOFFI~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: D:\MSOFFI~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011.11.24 17:46:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\url_advisor@kaspersky.com: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com [2012.09.10 17:18:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtual_keyboard@kaspersky.com: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com [2012.09.10 17:18:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\content_blocker@kaspersky.com: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com [2012.09.10 17:18:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\anti_banner@kaspersky.com: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com [2012.09.10 17:18:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\online_banking@kaspersky.com: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com [2012.09.10 17:18:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: D:\Mozilla Firfox\components [2012.11.13 17:38:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: D:\Mozilla Firfox\plugins [2012.11.13 17:38:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.3\extensions\\Components: D:\Thunderbird\components [2012.11.13 17:38:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.3\extensions\\Plugins: D:\Thunderbird\plugins [2012.11.13 17:38:47 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: D:\Mozilla Firfox\components [2012.11.13 17:38:08 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: D:\Mozilla Firfox\plugins [2012.11.13 17:38:47 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 14.0\extensions\\Components: D:\Thunderbird\components [2012.11.13 17:38:08 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 14.0\extensions\\Plugins: D:\Thunderbird\plugins [2012.11.13 17:38:47 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 15.0\extensions\\Components: D:\Thunderbird\components [2012.11.13 17:38:08 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 15.0\extensions\\Plugins: D:\Thunderbird\plugins [2012.11.13 17:38:47 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 15.0.1\extensions\\Components: D:\Thunderbird\components [2012.11.13 17:38:08 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 15.0.1\extensions\\Plugins: D:\Thunderbird\plugins [2012.11.13 17:38:47 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 16.0.1\extensions\\Components: D:\Thunderbird\components [2012.11.13 17:38:08 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 16.0.1\extensions\\Plugins: D:\Thunderbird\plugins [2012.11.13 17:38:47 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Components: D:\Thunderbird\components [2012.11.13 17:38:08 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Plugins: D:\Thunderbird\plugins [2012.11.13 17:38:47 | 000,000,000 | ---D | M]
 
[2011.03.02 12:31:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Torben F\AppData\Roaming\mozilla\Extensions
[2010.09.15 16:57:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Torben F\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011.03.02 12:31:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Torben F\AppData\Roaming\mozilla\Extensions\home2@tomtom.com
[2012.11.13 17:21:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Torben F\AppData\Roaming\mozilla\Firefox\Profiles\lnx6vjq9.default\extensions
[2012.11.14 23:03:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Torben F\AppData\Roaming\mozilla\Firefox\Profiles\mData\Kaspersky Lab\SafeBrowser\S-1-5-21-4193105443-658353482-3685622148-1000\FireFox\extensions
[2012.07.25 21:44:10 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\Torben F\AppData\Roaming\mozilla\firefox\profiles\lnx6vjq9.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012.09.10 17:18:11 | 000,000,000 | ---D | M] (Anti-Banner) -- C:\PROGRAM FILES\KASPERSKY LAB\KASPERSKY INTERNET SECURITY 2013\FFEXT\ANTI_BANNER@KASPERSKY.COM
File not found (No name found) -- C:\PROGRAMDATA\BROWSER MANAGER\2.3.796.11\{16CDFF19-861D-48E3-A751-D99A27784753}\FIREFOXEXTENSION
 
========== Chrome  ==========
 
CHR - homepage: hxxp://www.google.com
 
O1 HOSTS File: ([2009.06.10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\Ms Office 2007\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - D:\Ms Office 2007\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O3 - HKU\S-1-5-21-4193105443-658353482-3685622148-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-4193105443-658353482-3685622148-1000\..\Toolbar\WebBrowser: (no name) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - No CLSID value found.
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [Device Detector] C:\Program Files\Common Files\ACD Systems\DE\DevDetect.exe (ACD Systems, Ltd.)
O4 - HKU\S-1-5-21-4193105443-658353482-3685622148-1000..\Run: [ApplePhotoStreams] C:\Programme\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.)
O4 - HKU\S-1-5-21-4193105443-658353482-3685622148-1000..\Run: [ccleaner] D:\CCleaner\CCleaner.exe (Piriform Ltd)
O4 - HKU\S-1-5-21-4193105443-658353482-3685622148-1000..\Run: [HP Photosmart 5510 series (NET)] C:\Program Files\HP\HP Photosmart 5510 series\Bin\ScanToPCActivationApp.exe (Hewlett-Packard Co.)
O4 - HKU\S-1-5-21-4193105443-658353482-3685622148-1000..\Run: [iCloudServices] C:\Programme\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-4193105443-658353482-3685622148-1005..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: An OneNote s&enden - D:\Ms Office 2007\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\ie_banner_deny.htm ()
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - D:\Ms Office 2007\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://D:\MSOFFI~1\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: Virtuelle Tastatur - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Ms Office 2007\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Ms Office 2007\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - D:\Ms Office 2007\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - D:\Ms Office 2007\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Links untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-4193105443-658353482-3685622148-1000\..Trusted Ranges: Range1 ([*] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4E9668AC-8794-4EA0-9F90-B62E2FDC57C1}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AD16723B-BB95-4368-B10D-9E079BF01575}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E499EF9A-D485-4EF8-BAEB-FE87531F4652}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\bw+0 {19e3fb35-f515-4ae6-bc32-1ea74914c040} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bw+0s {19e3fb35-f515-4ae6-bc32-1ea74914c040} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bw-0 {19e3fb35-f515-4ae6-bc32-1ea74914c040} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bw00 {19e3fb35-f515-4ae6-bc32-1ea74914c040} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bw00s {19e3fb35-f515-4ae6-bc32-1ea74914c040} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bw-0s {19e3fb35-f515-4ae6-bc32-1ea74914c040} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bw10 {19e3fb35-f515-4ae6-bc32-1ea74914c040} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bw10s {19e3fb35-f515-4ae6-bc32-1ea74914c040} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bw20 {19e3fb35-f515-4ae6-bc32-1ea74914c040} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bw20s {19e3fb35-f515-4ae6-bc32-1ea74914c040} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bw30 {19e3fb35-f515-4ae6-bc32-1ea74914c040} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bw30s {19e3fb35-f515-4ae6-bc32-1ea74914c040} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bw40 {19e3fb35-f515-4ae6-bc32-1ea74914c040} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bw40s {19e3fb35-f515-4ae6-bc32-1ea74914c040} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bw50 {19e3fb35-f515-4ae6-bc32-1ea74914c040} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bw50s {19e3fb35-f515-4ae6-bc32-1ea74914c040} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bw60 {19e3fb35-f515-4ae6-bc32-1ea74914c040} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bw60s {19e3fb35-f515-4ae6-bc32-1ea74914c040} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bw70 {19e3fb35-f515-4ae6-bc32-1ea74914c040} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bw70s {19e3fb35-f515-4ae6-bc32-1ea74914c040} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bw80 {19e3fb35-f515-4ae6-bc32-1ea74914c040} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bw80s {19e3fb35-f515-4ae6-bc32-1ea74914c040} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bw90 {19e3fb35-f515-4ae6-bc32-1ea74914c040} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bw90s {19e3fb35-f515-4ae6-bc32-1ea74914c040} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwa0 {19e3fb35-f515-4ae6-bc32-1ea74914c040} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwa0s {19e3fb35-f515-4ae6-bc32-1ea74914c040} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwb0 {19e3fb35-f515-4ae6-bc32-1ea74914c040} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwb0s {19e3fb35-f515-4ae6-bc32-1ea74914c040} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwc0 {19e3fb35-f515-4ae6-bc32-1ea74914c040} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwc0s {19e3fb35-f515-4ae6-bc32-1ea74914c040} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwd0 {19e3fb35-f515-4ae6-bc32-1ea74914c040} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwd0s {19e3fb35-f515-4ae6-bc32-1ea74914c040} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwe0 {19e3fb35-f515-4ae6-bc32-1ea74914c040} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwe0s {19e3fb35-f515-4ae6-bc32-1ea74914c040} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwf0 {19e3fb35-f515-4ae6-bc32-1ea74914c040} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwf0s {19e3fb35-f515-4ae6-bc32-1ea74914c040} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - D:\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwg0 {19e3fb35-f515-4ae6-bc32-1ea74914c040} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwg0s {19e3fb35-f515-4ae6-bc32-1ea74914c040} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwh0 {19e3fb35-f515-4ae6-bc32-1ea74914c040} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwh0s {19e3fb35-f515-4ae6-bc32-1ea74914c040} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwi0 {19e3fb35-f515-4ae6-bc32-1ea74914c040} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwi0s {19e3fb35-f515-4ae6-bc32-1ea74914c040} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwj0 {19e3fb35-f515-4ae6-bc32-1ea74914c040} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwj0s {19e3fb35-f515-4ae6-bc32-1ea74914c040} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwk0 {19e3fb35-f515-4ae6-bc32-1ea74914c040} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwk0s {19e3fb35-f515-4ae6-bc32-1ea74914c040} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwl0 {19e3fb35-f515-4ae6-bc32-1ea74914c040} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwl0s {19e3fb35-f515-4ae6-bc32-1ea74914c040} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwm0 {19e3fb35-f515-4ae6-bc32-1ea74914c040} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwm0s {19e3fb35-f515-4ae6-bc32-1ea74914c040} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwn0 {19e3fb35-f515-4ae6-bc32-1ea74914c040} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwn0s {19e3fb35-f515-4ae6-bc32-1ea74914c040} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwo0 {19e3fb35-f515-4ae6-bc32-1ea74914c040} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwo0s {19e3fb35-f515-4ae6-bc32-1ea74914c040} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwp0 {19e3fb35-f515-4ae6-bc32-1ea74914c040} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwp0s {19e3fb35-f515-4ae6-bc32-1ea74914c040} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwq0 {19e3fb35-f515-4ae6-bc32-1ea74914c040} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwq0s {19e3fb35-f515-4ae6-bc32-1ea74914c040} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwr0 {19e3fb35-f515-4ae6-bc32-1ea74914c040} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwr0s {19e3fb35-f515-4ae6-bc32-1ea74914c040} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bws0 {19e3fb35-f515-4ae6-bc32-1ea74914c040} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bws0s {19e3fb35-f515-4ae6-bc32-1ea74914c040} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwt0 {19e3fb35-f515-4ae6-bc32-1ea74914c040} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwt0s {19e3fb35-f515-4ae6-bc32-1ea74914c040} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwu0 {19e3fb35-f515-4ae6-bc32-1ea74914c040} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwu0s {19e3fb35-f515-4ae6-bc32-1ea74914c040} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwv0 {19e3fb35-f515-4ae6-bc32-1ea74914c040} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwv0s {19e3fb35-f515-4ae6-bc32-1ea74914c040} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bww0 {19e3fb35-f515-4ae6-bc32-1ea74914c040} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bww0s {19e3fb35-f515-4ae6-bc32-1ea74914c040} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwx0 {19e3fb35-f515-4ae6-bc32-1ea74914c040} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwx0s {19e3fb35-f515-4ae6-bc32-1ea74914c040} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwy0 {19e3fb35-f515-4ae6-bc32-1ea74914c040} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwy0s {19e3fb35-f515-4ae6-bc32-1ea74914c040} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwz0 {19e3fb35-f515-4ae6-bc32-1ea74914c040} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwz0s {19e3fb35-f515-4ae6-bc32-1ea74914c040} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\offline-8876480 {19E3FB35-F515-4AE6-BC32-1EA74914C040} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - D:\Ms Office 2007\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2010.09.18 12:45:07 | 2183,895,927 | ---- | M] () - D:\AutoCAD2011 -- [ NTFS ]
O33 - MountPoints2\{f554385e-7222-11df-8e9c-001f1f753175}\Shell - "" = AutoRun
O33 - MountPoints2\{f554385e-7222-11df-8e9c-001f1f753175}\Shell\AutoRun\command - "" = N:\pushinst.exe
O34 - HKLM BootExecute: (autocheck autochk /p \??\L:)
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^TrayMin230.lnk - C:\Programme\Philips\Philips SPC230NC Webcam\TrayMin230.exe - ()
MsConfig - StartUpReg: Philips Intelligent Agent - hkey= - key= - D:\Intelligent Agent\Philips Intelligent Agent.exe (Philips Consumer Electronics)
MsConfig - StartUpReg: Sidebar - hkey= - key= - C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
 
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: VIDC.ACDV - C:\Windows\System32\ACDV.dll (ACD Systems)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.)
 
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.11.17 14:54:25 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Torben F\Desktop\OTL.exe
[2012.11.17 00:36:58 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012.11.16 20:25:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2012.11.16 20:25:32 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2012.11.16 17:25:32 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2012.11.16 17:18:34 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2012.11.16 06:57:15 | 000,047,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\WdfLdr.sys
[2012.11.16 06:57:15 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Wdfres.dll
[2012.11.16 06:56:52 | 000,172,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFPlatform.dll
[2012.11.16 06:56:51 | 000,613,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFx.dll
[2012.11.16 06:56:51 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFCoinstaller.dll
[2012.11.16 06:56:26 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012.11.16 06:56:25 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2012.11.16 06:56:25 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012.11.16 06:56:25 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012.11.16 06:56:25 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012.11.16 06:56:24 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012.11.16 06:56:24 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012.11.16 06:56:23 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012.11.16 06:42:16 | 000,175,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netcorehc.dll
[2012.11.16 06:42:16 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncsi.dll
[2012.11.16 06:42:16 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netevent.dll
[2012.11.16 06:42:09 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\synceng.dll
[2012.11.16 06:41:57 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dhcpcore6.dll
[2012.11.16 06:41:57 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dhcpcsvc6.dll
[2012.11.16 06:41:54 | 002,345,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012.11.13 17:38:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2012.11.13 17:38:33 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2012.11.12 22:00:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Browser Manager
[2012.11.12 21:58:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator
[2012.11.12 21:58:17 | 000,662,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSCOMCT2.OCX
[2012.11.12 21:58:17 | 000,137,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSMAPI32.OCX
[2012.11.12 21:58:17 | 000,086,528 | ---- | C] (pdfforge GbR) -- C:\Windows\System32\pdfcmon.dll
[2012.11.12 21:58:15 | 000,158,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSCMCDE.DLL
[2012.11.12 21:58:15 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSCC2DE.DLL
[2012.11.12 21:58:15 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSMPIDE.DLL
[2012.11.12 21:58:15 | 000,000,000 | ---D | C] -- C:\Program Files\PDFCreator
[2012.11.12 21:53:52 | 000,000,000 | ---D | C] -- C:\Users\Torben F\AppData\Local\Programs
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.11.17 15:30:01 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.11.17 15:01:00 | 000,000,262 | ---- | M] () -- C:\Windows\tasks\HP Photo Creations Messager.job
[2012.11.17 14:54:22 | 000,015,120 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.11.17 14:54:22 | 000,015,120 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.11.17 14:54:09 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Torben F\Desktop\OTL.exe
[2012.11.17 14:50:23 | 000,001,950 | ---- | M] () -- C:\Users\Torben F\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Photosmart 5510 series (Netzwerk).lnk
[2012.11.17 14:48:11 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.11.17 14:47:08 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
[2012.11.17 14:47:01 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.11.17 14:47:00 | 1610,014,720 | -HS- | M] () -- C:\hiberfil.sys
[2012.11.17 14:36:32 | 000,541,569 | ---- | M] () -- C:\Users\Torben F\Desktop\adwcleaner.exe
[2012.11.16 16:24:43 | 000,002,292 | ---- | M] () -- C:\Users\Torben F\Desktop\Sicherer Zahlungsverkehr.lnk
[2012.11.16 16:22:32 | 000,409,560 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.11.16 07:04:50 | 000,657,570 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.11.16 07:04:50 | 000,618,846 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.11.16 07:04:50 | 000,130,942 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.11.16 07:04:50 | 000,107,166 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.11.16 06:51:04 | 000,589,144 | ---- | M] (Kaspersky Lab) -- C:\Windows\System32\drivers\klif.sys
[2012.11.16 06:51:04 | 000,043,608 | ---- | M] (Kaspersky Lab) -- C:\Windows\System32\drivers\kltdi.sys
[2012.11.12 21:58:21 | 000,000,995 | ---- | M] () -- C:\Users\Public\Desktop\PDFCreator.lnk
[2012.10.18 18:59:05 | 002,345,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.11.17 14:37:04 | 000,541,569 | ---- | C] () -- C:\Users\Torben F\Desktop\adwcleaner.exe
[2012.11.16 06:57:17 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2012.11.16 06:56:51 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2012.11.12 21:58:21 | 000,000,995 | ---- | C] () -- C:\Users\Public\Desktop\PDFCreator.lnk
[2012.07.17 16:56:53 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2012.06.22 12:01:30 | 000,019,984 | ---- | C] () -- C:\Windows\System32\drivers\EsgScanner.sys
[2012.04.17 19:10:45 | 000,037,048 | ---- | C] () -- C:\Users\Torben F\AppData\Roaming\Kommagetrennte Werte (DOS).ADR
[2012.01.16 19:00:22 | 000,000,001 | R--- | C] () -- C:\Users\Torben F\serverport
[2011.12.09 14:24:00 | 000,069,632 | ---- | C] () -- C:\Windows\System32\xmltok.dll
[2011.12.09 14:24:00 | 000,036,864 | ---- | C] () -- C:\Windows\System32\xmlparse.dll
[2011.01.03 18:09:54 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Frameworks
[2011.01.03 18:09:54 | 000,000,268 | RH-- | C] () -- C:\Users\Torben F\AppData\Roaming\Folder Actions Handlers
[2011.01.03 18:09:54 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLev.DAT
[2011.01.03 18:09:53 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Framework
[2011.01.03 18:09:53 | 000,000,268 | RH-- | C] () -- C:\Users\Torben F\AppData\Roaming\Folder Actions
[2011.01.03 18:09:53 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLes.DAT
[2011.01.03 18:09:50 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Fonts
[2011.01.03 18:09:50 | 000,000,268 | RH-- | C] () -- C:\Users\Torben F\AppData\Roaming\Flowers
[2011.01.03 18:09:50 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLet.DAT
[2011.01.03 15:33:56 | 000,000,842 | ---- | C] () -- C:\Windows\System32\SPC230NC.INI
[2010.10.02 08:43:02 | 000,024,064 | ---- | C] () -- C:\Users\Torben F\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.06.08 17:23:56 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.04.30 15:43:50 | 000,001,024 | ---- | C] () -- C:\Users\Torben F\.rnd
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*. >
[2010.11.01 13:10:39 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2010.06.25 23:00:45 | 000,000,000 | ---D | M] -- C:\28b2e0517941069292
[2011.06.22 23:36:08 | 000,000,000 | -HSD | M] -- C:\Boot
[2012.11.17 10:19:01 | 000,000,000 | -HSD | M] -- C:\Config.Msi
[2009.07.14 05:53:55 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2010.04.27 21:53:09 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2011.05.31 09:37:20 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2009.07.14 03:37:05 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2012.11.17 14:38:07 | 000,000,000 | R--D | M] -- C:\Program Files
[2012.11.16 20:25:32 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2010.04.27 21:53:09 | 000,000,000 | -HSD | M] -- C:\Programme
[2010.04.27 21:53:09 | 000,000,000 | -HSD | M] -- C:\Recovery
[2012.11.17 15:37:39 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2012.03.06 17:55:21 | 000,000,000 | R--D | M] -- C:\Users
[2012.11.17 14:52:03 | 000,000,000 | ---D | M] -- C:\Windows
 
< %SYSTEMDRIVE%\*.* >
[2012.11.17 14:38:14 | 000,003,549 | ---- | M] () -- C:\AdwCleaner[S1].txt
[2009.06.10 22:42:20 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2010.11.20 13:40:07 | 000,383,786 | RHS- | M] () -- C:\bootmgr
[2010.04.27 18:29:45 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2009.06.10 22:42:20 | 000,000,010 | ---- | M] () -- C:\config.sys
[2012.11.17 14:47:00 | 1610,014,720 | -HS- | M] () -- C:\hiberfil.sys
[2010.04.30 16:30:08 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010.04.30 16:30:08 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2012.11.17 14:47:00 | 2146,689,024 | -HS- | M] () -- C:\pagefile.sys
[2011.01.03 15:46:22 | 000,921,632 | ---- | M] () -- C:\SPC230NC.DAT
[2012.04.02 19:52:39 | 000,000,160 | ---- | M] () -- C:\TO_InstallLog.txt
 
< %PROGRAMFILES%\*.exe >
Invalid Environment Variable: PROGRAMFILES(X86)
 
< %systemroot%\*. /mp /s >
 
< %windir%\installer\*. /10 >
[2012.11.13 17:46:47 | 000,000,000 | ---D | M] -- C:\Windows\installer\{0E64B098-8018-4256-BA23-C316A43AD9B0}
[2012.11.16 07:06:45 | 000,000,000 | ---D | M] -- C:\Windows\installer\{90140000-0011-0000-0000-0000000FF1CE}
[2012.11.16 07:06:19 | 000,000,000 | ---D | M] -- C:\Windows\installer\{91140000-0011-0000-0000-0000000FF1CE}
[2012.11.13 17:38:39 | 000,000,000 | ---D | M] -- C:\Windows\installer\{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}
[2012.11.13 17:47:22 | 000,000,000 | ---D | M] -- C:\Windows\installer\{F5266D28-E0B2-4130-BFC5-EE155AD514DC}
 
< %appdata%\*.  >
[2010.06.14 16:39:50 | 000,000,000 | ---D | M] -- C:\Users\Torben F\AppData\Roaming\ACD Systems
[2010.12.22 17:09:54 | 000,000,000 | ---D | M] -- C:\Users\Torben F\AppData\Roaming\Adobe
[2010.04.30 16:46:39 | 000,000,000 | ---D | M] -- C:\Users\Torben F\AppData\Roaming\AdobeUM
[2011.12.06 17:35:47 | 000,000,000 | ---D | M] -- C:\Users\Torben F\AppData\Roaming\Apple Computer
[2011.01.03 15:44:16 | 000,000,000 | ---D | M] -- C:\Users\Torben F\AppData\Roaming\ArcSoft
[2010.09.18 15:26:42 | 000,000,000 | ---D | M] -- C:\Users\Torben F\AppData\Roaming\ASCON Installer
[2012.04.20 15:16:43 | 000,000,000 | ---D | M] -- C:\Users\Torben F\AppData\Roaming\Canon
[2010.06.10 15:32:51 | 000,000,000 | ---D | M] -- C:\Users\Torben F\AppData\Roaming\Corel
[2010.12.23 20:51:01 | 000,000,000 | ---D | M] -- C:\Users\Torben F\AppData\Roaming\DivX
[2012.10.07 15:50:00 | 000,000,000 | ---D | M] -- C:\Users\Torben F\AppData\Roaming\dvdcss
[2010.04.30 16:46:15 | 000,000,000 | ---D | M] -- C:\Users\Torben F\AppData\Roaming\FileOpen
[2012.04.17 19:49:59 | 000,000,000 | ---D | M] -- C:\Users\Torben F\AppData\Roaming\GoContactSyncMOD
[2012.08.19 14:36:03 | 000,000,000 | ---D | M] -- C:\Users\Torben F\AppData\Roaming\HpUpdate
[2012.04.23 16:17:44 | 000,000,000 | ---D | M] -- C:\Users\Torben F\AppData\Roaming\ICQ
[2010.04.27 21:53:21 | 000,000,000 | ---D | M] -- C:\Users\Torben F\AppData\Roaming\Identities
[2011.01.04 11:27:41 | 000,000,000 | ---D | M] -- C:\Users\Torben F\AppData\Roaming\InstallShield
[2010.07.07 19:05:32 | 000,000,000 | ---D | M] -- C:\Users\Torben F\AppData\Roaming\IrfanView
[2010.04.30 15:35:22 | 000,000,000 | ---D | M] -- C:\Users\Torben F\AppData\Roaming\Logitech
[2010.06.07 12:43:02 | 000,000,000 | ---D | M] -- C:\Users\Torben F\AppData\Roaming\Macromedia
[2009.07.14 09:56:41 | 000,000,000 | ---D | M] -- C:\Users\Torben F\AppData\Roaming\Media Center Programs
[2012.04.14 16:39:55 | 000,000,000 | --SD | M] -- C:\Users\Torben F\AppData\Roaming\Microsoft
[2010.06.07 12:35:49 | 000,000,000 | ---D | M] -- C:\Users\Torben F\AppData\Roaming\Mozilla
[2010.04.30 15:46:46 | 000,000,000 | ---D | M] -- C:\Users\Torben F\AppData\Roaming\Nero
[2011.01.04 11:26:25 | 000,000,000 | ---D | M] -- C:\Users\Torben F\AppData\Roaming\Nikon
[2012.09.20 12:55:22 | 000,000,000 | ---D | M] -- C:\Users\Torben F\AppData\Roaming\Opera
[2012.11.03 14:18:26 | 000,000,000 | ---D | M] -- C:\Users\Torben F\AppData\Roaming\Skype
[2011.07.02 15:28:03 | 000,000,000 | ---D | M] -- C:\Users\Torben F\AppData\Roaming\skypePM
[2010.09.12 15:00:35 | 000,000,000 | ---D | M] -- C:\Users\Torben F\AppData\Roaming\SolidWorks
[2010.06.07 13:47:19 | 000,000,000 | ---D | M] -- C:\Users\Torben F\AppData\Roaming\T-Online
[2011.01.29 16:16:50 | 000,000,000 | ---D | M] -- C:\Users\Torben F\AppData\Roaming\TeamViewer
[2010.09.15 16:57:24 | 000,000,000 | ---D | M] -- C:\Users\Torben F\AppData\Roaming\Thunderbird
[2011.03.02 12:31:38 | 000,000,000 | ---D | M] -- C:\Users\Torben F\AppData\Roaming\TomTom
[2012.11.05 19:59:25 | 000,000,000 | ---D | M] -- C:\Users\Torben F\AppData\Roaming\vlc
[2010.08.29 07:55:39 | 000,000,000 | ---D | M] -- C:\Users\Torben F\AppData\Roaming\WinRAR
 
< %appdata%\*.*  >
[2011.01.03 18:09:50 | 000,000,268 | RH-- | M] () -- C:\Users\Torben F\AppData\Roaming\Flowers
[2011.01.03 18:09:53 | 000,000,268 | RH-- | M] () -- C:\Users\Torben F\AppData\Roaming\Folder Actions
[2011.01.03 18:09:54 | 000,000,268 | RH-- | M] () -- C:\Users\Torben F\AppData\Roaming\Folder Actions Handlers
[2012.04.17 19:18:07 | 000,037,048 | ---- | M] () -- C:\Users\Torben F\AppData\Roaming\Kommagetrennte Werte (DOS).ADR
 
< %appdata%\*.exe /s >
[2010.04.30 17:03:17 | 000,010,134 | R--- | M] () -- C:\Users\Torben F\AppData\Roaming\Microsoft\Installer\{12665B01-3F3A-4433-B179-9D8E352D7547}\ARPPRODUCTICON.exe
[2010.04.30 17:03:38 | 000,029,990 | R--- | M] () -- C:\Users\Torben F\AppData\Roaming\Microsoft\Installer\{17E14D89-3A9F-4706-9F9B-C2DFC7ABE94B}\ARPPRODUCTICON.exe
[2012.04.17 19:48:21 | 000,353,118 | R--- | M] () -- C:\Users\Torben F\AppData\Roaming\Microsoft\Installer\{67989938-3E0E-4DFD-B2D7-E31ED4FC726C}\_853F67D554F05449430E7E.exe
[2012.04.17 19:48:21 | 000,010,134 | R--- | M] () -- C:\Users\Torben F\AppData\Roaming\Microsoft\Installer\{67989938-3E0E-4DFD-B2D7-E31ED4FC726C}\_92A99803BE5A61641E7175.exe
[2012.04.17 19:48:21 | 000,353,118 | R--- | M] () -- C:\Users\Torben F\AppData\Roaming\Microsoft\Installer\{67989938-3E0E-4DFD-B2D7-E31ED4FC726C}\_B0EBDAF1314EB721C85967.exe
[2011.01.04 10:59:51 | 000,057,344 | R--- | M] (InstallShield Software Corp.) -- C:\Users\Torben F\AppData\Roaming\Microsoft\Installer\{87441A59-5E64-4096-A170-14EFE67200C3}\ARPPRODUCTICON.exe
 
< %localappdata%\*.  >
[2010.12.21 13:17:44 | 000,000,000 | ---D | M] -- C:\Users\Torben F\AppData\Local\Adobe
[2010.04.30 15:45:28 | 000,000,000 | ---D | M] -- C:\Users\Torben F\AppData\Local\Ahead
[2012.08.24 13:12:20 | 000,000,000 | ---D | M] -- C:\Users\Torben F\AppData\Local\Akamai
[2010.04.27 21:53:15 | 000,000,000 | -HSD | M] -- C:\Users\Torben F\AppData\Local\Anwendungsdaten
[2010.06.07 12:41:46 | 000,000,000 | ---D | M] -- C:\Users\Torben F\AppData\Local\AOL
[2010.06.07 13:35:41 | 000,000,000 | ---D | M] -- C:\Users\Torben F\AppData\Local\Apple
[2012.10.15 16:34:29 | 000,000,000 | ---D | M] -- C:\Users\Torben F\AppData\Local\Apple Computer
[2012.11.17 14:10:46 | 000,000,000 | ---D | M] -- C:\Users\Torben F\AppData\Local\B56D0D18-D487-4056-85B5-813D646F5354.aplzod
[2011.11.15 18:28:34 | 000,000,000 | ---D | M] -- C:\Users\Torben F\AppData\Local\Diagnostics
[2012.05.20 20:51:44 | 000,000,000 | ---D | M] -- C:\Users\Torben F\AppData\Local\ElevatedDiagnostics
[2012.11.14 23:04:31 | 000,000,000 | ---D | M] -- C:\Users\Torben F\AppData\Local\Google
[2012.07.17 17:07:31 | 000,000,000 | ---D | M] -- C:\Users\Torben F\AppData\Local\HP
[2012.06.20 16:22:30 | 000,000,000 | ---D | M] -- C:\Users\Torben F\AppData\Local\Macromedia
[2010.06.07 17:12:37 | 000,000,000 | ---D | M] -- C:\Users\Torben F\AppData\Local\MediaMonkey
[2012.04.19 19:06:33 | 000,000,000 | ---D | M] -- C:\Users\Torben F\AppData\Local\Microsoft
[2010.11.26 16:49:30 | 000,000,000 | ---D | M] -- C:\Users\Torben F\AppData\Local\Microsoft Games
[2012.04.13 17:04:49 | 000,000,000 | ---D | M] -- C:\Users\Torben F\AppData\Local\Microsoft Help
[2010.06.07 12:35:40 | 000,000,000 | ---D | M] -- C:\Users\Torben F\AppData\Local\Mozilla
[2011.01.04 11:26:25 | 000,000,000 | ---D | M] -- C:\Users\Torben F\AppData\Local\Nikon
[2012.09.20 12:55:22 | 000,000,000 | ---D | M] -- C:\Users\Torben F\AppData\Local\Opera
[2010.11.29 18:24:49 | 000,000,000 | ---D | M] -- C:\Users\Torben F\AppData\Local\Paint.NET
[2012.11.12 21:53:52 | 000,000,000 | ---D | M] -- C:\Users\Torben F\AppData\Local\Programs
[2012.11.17 15:39:04 | 000,000,000 | ---D | M] -- C:\Users\Torben F\AppData\Local\Temp
[2010.04.27 21:53:15 | 000,000,000 | -HSD | M] -- C:\Users\Torben F\AppData\Local\Temporary Internet Files
[2010.09.15 16:57:24 | 000,000,000 | ---D | M] -- C:\Users\Torben F\AppData\Local\Thunderbird
[2011.03.02 12:31:38 | 000,000,000 | ---D | M] -- C:\Users\Torben F\AppData\Local\TomTom
[2010.04.27 21:53:15 | 000,000,000 | -HSD | M] -- C:\Users\Torben F\AppData\Local\Verlauf
[2010.06.02 17:18:03 | 000,000,000 | ---D | M] -- C:\Users\Torben F\AppData\Local\VirtualStore
 
< %localappdata%\*.* >
[2012.02.07 19:57:52 | 000,024,064 | ---- | M] () -- C:\Users\Torben F\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.11.16 16:24:13 | 000,109,280 | ---- | M] () -- C:\Users\Torben F\AppData\Local\GDIPFONTCACHEV1.DAT
[2012.11.17 14:45:57 | 002,919,903 | -H-- | M] () -- C:\Users\Torben F\AppData\Local\IconCache.db
 
< %localappdata%\*.exe /s >
[2012.08.10 17:31:24 | 002,158,896 | ---- | M] (Akamai Technologies, Inc.) -- C:\Users\Torben F\AppData\Local\Akamai\admintool.exe
[2012.08.10 17:53:54 | 004,411,192 | ---- | M] (Akamai Technologies, Inc.) -- C:\Users\Torben F\AppData\Local\Akamai\ControlPanel.exe
[2012.08.24 13:11:22 | 010,965,688 | ---- | M] (Akamai Technologies, Inc.) -- C:\Users\Torben F\AppData\Local\Akamai\installer_no_upload_silent.exe
[2012.08.10 17:59:52 | 004,440,896 | ---- | M] (Akamai Technologies, Inc.) -- C:\Users\Torben F\AppData\Local\Akamai\netsession_win.exe
[2012.08.10 17:59:50 | 006,336,304 | ---- | M] (Akamai Technologies, Inc.) -- C:\Users\Torben F\AppData\Local\Akamai\rswinui.exe
[2012.08.10 17:59:52 | 002,243,384 | ---- | M] (Akamai Technologies, Inc.) -- C:\Users\Torben F\AppData\Local\Akamai\uninstall.exe
[2012.11.16 17:18:07 | 032,218,264 | ---- | M] () -- C:\Users\Torben F\AppData\Local\Temp\SHSetup.exe
[42 C:\Users\Torben F\AppData\Local\Temp\*.tmp files -> C:\Users\Torben F\AppData\Local\Temp\*.tmp -> ]
 
< %allusersprofile%\*.  >
[2012.09.13 17:34:30 | 000,000,000 | ---D | M] -- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2010.04.28 21:14:40 | 000,000,000 | ---D | M] -- C:\ProgramData\ACD Systems
[2012.09.04 17:38:13 | 000,000,000 | ---D | M] -- C:\ProgramData\Adobe
[2010.04.27 21:53:09 | 000,000,000 | -HSD | M] -- C:\ProgramData\Anwendungsdaten
[2011.06.17 16:53:03 | 000,000,000 | ---D | M] -- C:\ProgramData\Apple
[2010.06.21 17:03:46 | 000,000,000 | ---D | M] -- C:\ProgramData\Apple Computer
[2009.07.14 05:53:55 | 000,000,000 | -HSD | M] -- C:\ProgramData\Application Data
[2012.11.12 22:00:27 | 000,000,000 | ---D | M] -- C:\ProgramData\Browser Manager
[2010.04.30 15:13:23 | 000,000,000 | -H-D | M] -- C:\ProgramData\CanonBJ
[2012.01.10 22:16:56 | 000,000,000 | -H-D | M] -- C:\ProgramData\CanonEPP
[2012.01.10 22:16:56 | 000,000,000 | -H-D | M] -- C:\ProgramData\CanonIJEPPEX2
[2012.04.20 15:15:36 | 000,000,000 | -H-D | M] -- C:\ProgramData\CanonIJScan
[2012.01.10 22:17:01 | 000,000,000 | -H-D | M] -- C:\ProgramData\CanonIJSolutionMenuEX
[2012.07.01 17:32:25 | 000,000,000 | ---D | M] -- C:\ProgramData\CanonIJWSpt
[2010.04.30 17:02:52 | 000,000,000 | ---D | M] -- C:\ProgramData\Corel
[2009.07.14 05:53:55 | 000,000,000 | -HSD | M] -- C:\ProgramData\Desktop
[2011.11.24 17:46:36 | 000,000,000 | ---D | M] -- C:\ProgramData\DivX
[2009.07.14 05:53:55 | 000,000,000 | -HSD | M] -- C:\ProgramData\Documents
[2010.04.27 21:53:09 | 000,000,000 | -HSD | M] -- C:\ProgramData\Dokumente
[2011.01.03 18:09:54 | 000,000,000 | ---D | M] -- C:\ProgramData\EnterNHelp
[2010.04.27 21:53:09 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favoriten
[2009.07.14 05:53:55 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favorites
[2012.11.14 23:04:31 | 000,000,000 | ---D | M] -- C:\ProgramData\Google
[2012.07.17 16:57:48 | 000,000,000 | ---D | M] -- C:\ProgramData\HP
[2012.07.17 17:02:17 | 000,000,000 | ---D | M] -- C:\ProgramData\HP Photo Creations
[2010.11.20 16:03:52 | 000,000,000 | ---D | M] -- C:\ProgramData\hps
[2011.01.03 18:09:50 | 000,000,000 | ---D | M] -- C:\ProgramData\Hybrid Morph
[2012.11.17 14:38:07 | 000,000,000 | ---D | M] -- C:\ProgramData\ICQ
[2011.01.03 18:09:53 | 000,000,000 | ---D | M] -- C:\ProgramData\Images
[2011.01.03 18:09:54 | 000,000,000 | ---D | M] -- C:\ProgramData\Iterate Items
[2012.11.17 14:50:45 | 000,000,000 | ---D | M] -- C:\ProgramData\Kaspersky Lab
[2012.09.10 17:21:15 | 000,000,000 | ---D | M] -- C:\ProgramData\Kaspersky Lab Setup Files
[2010.06.29 21:38:17 | 000,000,000 | ---D | M] -- C:\ProgramData\McAfee
[2011.05.30 16:27:40 | 000,000,000 | --SD | M] -- C:\ProgramData\Microsoft
[2012.11.16 07:06:50 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft Help
[2010.04.30 17:02:51 | 000,000,000 | ---D | M] -- C:\ProgramData\My Music
[2010.10.08 12:48:31 | 000,000,000 | ---D | M] -- C:\ProgramData\Nero
[2011.01.04 12:05:56 | 000,000,000 | ---D | M] -- C:\ProgramData\Nikon
[2012.03.06 17:55:21 | 000,000,000 | ---D | M] -- C:\ProgramData\NVIDIA
[2012.03.06 17:51:01 | 000,000,000 | ---D | M] -- C:\ProgramData\NVIDIA Corporation
[2011.01.04 11:32:50 | 000,000,000 | ---D | M] -- C:\ProgramData\Philips
[2012.09.20 14:53:02 | 000,000,000 | ---D | M] -- C:\ProgramData\Skype
[2011.07.01 13:17:54 | 000,000,000 | ---D | M] -- C:\ProgramData\Skype Extras
[2012.11.17 14:19:18 | 000,000,000 | ---D | M] -- C:\ProgramData\Spybot - Search & Destroy
[2009.07.14 05:53:55 | 000,000,000 | -HSD | M] -- C:\ProgramData\Start Menu
[2010.04.27 21:53:09 | 000,000,000 | -HSD | M] -- C:\ProgramData\Startmenü
[2010.08.12 20:19:42 | 000,000,000 | ---D | M] -- C:\ProgramData\Sun
[2010.06.07 13:45:32 | 000,000,000 | ---D | M] -- C:\ProgramData\T-Online
[2009.07.14 05:53:55 | 000,000,000 | -HSD | M] -- C:\ProgramData\Templates
[2011.12.13 19:30:31 | 000,000,000 | ---D | M] -- C:\ProgramData\tmp
[2011.03.02 12:32:29 | 000,000,000 | ---D | M] -- C:\ProgramData\TomTom
[2011.01.03 18:09:54 | 000,000,000 | ---D | M] -- C:\ProgramData\Ultima_T15
[2010.04.27 21:53:09 | 000,000,000 | -HSD | M] -- C:\ProgramData\Vorlagen
[2010.06.07 13:37:32 | 000,000,000 | ---D | M] -- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
 
< %allusersprofile%\*.* >
[2012.07.17 16:56:53 | 000,000,057 | ---- | M] () -- C:\ProgramData\Ament.ini
[2010.06.08 17:23:56 | 000,000,056 | -H-- | M] () -- C:\ProgramData\ezsidmv.dat
[2011.01.03 18:09:50 | 000,000,268 | RH-- | M] () -- C:\ProgramData\Fonts
[2011.01.03 18:09:53 | 000,000,268 | RH-- | M] () -- C:\ProgramData\Framework
[2011.01.03 18:09:54 | 000,000,268 | RH-- | M] () -- C:\ProgramData\Frameworks
[2011.01.04 10:58:20 | 000,000,020 | -H-- | M] () -- C:\ProgramData\PKP_DLes.DAT
[2011.01.04 11:26:27 | 000,000,020 | -H-- | M] () -- C:\ProgramData\PKP_DLet.DAT
[2011.01.04 10:58:20 | 000,000,020 | -H-- | M] () -- C:\ProgramData\PKP_DLev.DAT
 
< %allusersprofile%\*.exe /s >
[2012.08.21 12:01:28 | 001,977,816 | ---- | M] (GEAR Software, Inc.) -- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1\GEARDIFx.exe
[2012.08.21 12:01:22 | 000,115,672 | ---- | M] (GEAR Software, Inc.) -- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1\x86\DifXInst32.exe
[2012.01.03 08:37:53 | 000,320,456 | ---- | M] (Adobe Systems Incorporated) -- C:\ProgramData\Adobe\ARM\Reader_10.1.1\18768\AcrobatUpdater.exe
[2012.01.03 08:37:53 | 000,843,712 | ---- | M] (Adobe Systems Incorporated) -- C:\ProgramData\Adobe\ARM\Reader_10.1.1\18768\AdobeARM.exe
[2012.01.03 08:37:53 | 000,320,456 | ---- | M] (Adobe Systems Incorporated) -- C:\ProgramData\Adobe\ARM\Reader_10.1.1\18768\AdobeARMHelper.exe
[2012.01.03 08:37:53 | 000,320,456 | ---- | M] (Adobe Systems Incorporated) -- C:\ProgramData\Adobe\ARM\Reader_10.1.1\18768\ReaderUpdater.exe
[2012.01.03 08:37:53 | 000,320,456 | ---- | M] (Adobe Systems Incorporated) -- C:\ProgramData\Adobe\ARM\Reader_10.1.1\21179\AcrobatUpdater.exe
[2012.01.03 08:37:53 | 000,843,712 | ---- | M] (Adobe Systems Incorporated) -- C:\ProgramData\Adobe\ARM\Reader_10.1.1\21179\AdobeARM.exe
[2012.01.03 08:37:53 | 000,320,456 | ---- | M] (Adobe Systems Incorporated) -- C:\ProgramData\Adobe\ARM\Reader_10.1.1\21179\AdobeARMHelper.exe
[2012.01.03 08:37:53 | 000,320,456 | ---- | M] (Adobe Systems Incorporated) -- C:\ProgramData\Adobe\ARM\Reader_10.1.1\21179\ReaderUpdater.exe
[2012.01.03 08:37:53 | 000,320,456 | ---- | M] (Adobe Systems Incorporated) -- C:\ProgramData\Adobe\ARM\Reader_10.1.1\29629\AcrobatUpdater.exe
[2012.01.03 08:37:53 | 000,843,712 | ---- | M] (Adobe Systems Incorporated) -- C:\ProgramData\Adobe\ARM\Reader_10.1.1\29629\AdobeARM.exe
[2012.01.03 08:37:53 | 000,320,456 | ---- | M] (Adobe Systems Incorporated) -- C:\ProgramData\Adobe\ARM\Reader_10.1.1\29629\AdobeARMHelper.exe
[2012.01.03 08:37:53 | 000,320,456 | ---- | M] (Adobe Systems Incorporated) -- C:\ProgramData\Adobe\ARM\Reader_10.1.1\29629\ReaderUpdater.exe
[2012.09.13 17:29:12 | 000,073,624 | ---- | M] (Apple Inc.) -- C:\ProgramData\Apple Computer\Installer Cache\iTunes 10.7.0.21\SetupAdmin.exe
[2011.10.06 04:00:12 | 000,073,576 | ---- | M] (Apple Inc.) -- C:\ProgramData\Apple\Installer Cache\iCloud Control Panel 1.0.1.29\SetupAdmin.exe
[2011.12.06 17:34:08 | 000,073,576 | ---- | M] (Apple Inc.) -- C:\ProgramData\Apple\Installer Cache\iCloud Control Panel 1.0.2.17\SetupAdmin.exe
[2012.03.14 18:07:23 | 000,073,576 | ---- | M] (Apple Inc.) -- C:\ProgramData\Apple\Installer Cache\iCloud Control Panel 1.1.0.40\SetupAdmin.exe
[2012.09.25 15:52:44 | 000,073,616 | ---- | M] (Apple Inc.) -- C:\ProgramData\Apple\Installer Cache\iCloud Control Panel 2.0.2.187\SetupAdmin.exe
[2010.11.21 14:50:35 | 000,056,969 | ---- | M] (DivX, Inc.) -- C:\ProgramData\DivX\ASPEncoder\Uninstaller.exe
[2011.11.24 17:46:21 | 000,057,591 | ---- | M] (DivX, Inc.) -- C:\ProgramData\DivX\ControlPanel\Uninstaller.exe
[2011.04.05 16:42:00 | 000,054,128 | ---- | M] (DivX, Inc.) -- C:\ProgramData\DivX\Converter\Uninstaller.exe
[2011.11.24 17:46:26 | 000,063,144 | ---- | M] (DivX, LLC) -- C:\ProgramData\DivX\DesktopService\Uninstaller.exe
[2010.11.21 14:51:07 | 000,054,153 | ---- | M] (DivX, Inc.) -- C:\ProgramData\DivX\DFXPlugin\Uninstaller.exe
[2010.06.07 17:18:13 | 000,529,220 | ---- | M] (DivX, Inc.) -- C:\ProgramData\DivX\DivX7\DivX Converter\DivXConverterUninstall.exe
[2010.06.07 17:18:17 | 000,529,220 | ---- | M] (DivX, Inc.) -- C:\ProgramData\DivX\DivX7\DivX Player\DivXPlayerUninstall.exe
[2010.06.07 17:18:18 | 000,529,220 | ---- | M] (DivX, Inc.) -- C:\ProgramData\DivX\DivX7\DivX Plus DirectShow Filters\DivXDSFiltersUninstall.exe
[2010.11.21 14:51:11 | 000,056,458 | ---- | M] (DivX, Inc.) -- C:\ProgramData\DivX\DivXDecoderShortcut\Uninstaller.exe
[2011.11.24 17:46:36 | 000,064,957 | ---- | M] (DivX, LLC) -- C:\ProgramData\DivX\DivXPlusShortcuts\Uninstaller.exe
[2011.04.05 16:42:03 | 000,062,879 | ---- | M] (DivX, LLC) -- C:\ProgramData\DivX\DSAACDecoder\Uninstaller.exe
[2011.11.24 17:46:23 | 000,057,275 | ---- | M] (DivX, Inc.) -- C:\ProgramData\DivX\DSASPDecoder\Uninstaller.exe
[2010.11.21 14:51:17 | 000,054,166 | ---- | M] (DivX, Inc.) -- C:\ProgramData\DivX\DSAVCDecoder\Uninstaller.exe
[2011.04.05 16:42:06 | 000,057,037 | ---- | M] (DivX, Inc.) -- C:\ProgramData\DivX\DSDesktopComponents\Uninstaller.exe
[2011.04.05 16:42:12 | 000,065,801 | ---- | M] (DivX, LLC) -- C:\ProgramData\DivX\MFComponents\Uninstaller.exe
[2011.04.05 16:41:49 | 000,054,101 | ---- | M] (DivX, Inc.) -- C:\ProgramData\DivX\MPEG2Plugin\Uninstaller.exe
[2011.11.24 17:46:16 | 000,061,667 | ---- | M] (DivX, LLC) -- C:\ProgramData\DivX\MSVC80CRTRedist\Uninstaller.exe
[2011.11.24 17:46:18 | 000,063,228 | ---- | M] (DivX, Inc.) -- C:\ProgramData\DivX\OVSHelper\Uninstaller.exe
[2010.11.21 14:52:16 | 000,057,736 | ---- | M] (DivX, Inc.) -- C:\ProgramData\DivX\Player\Uninstaller.exe
[2011.04.05 16:41:45 | 000,054,073 | ---- | M] (DivX, Inc.) -- C:\ProgramData\DivX\Qt4.5\Uninstaller.exe
[2010.11.21 14:45:19 | 000,144,696 | ---- | M] () -- C:\ProgramData\DivX\RunAsUser\RUNASUSERPROCESS.exe
[2011.11.24 17:41:07 | 000,926,560 | ---- | M] (DivX, LLC) -- C:\ProgramData\DivX\Setup\DivXSetup.exe
[2011.04.05 16:41:57 | 000,054,644 | ---- | M] (DivX, Inc.) -- C:\ProgramData\DivX\TranscodeEngine\Uninstaller.exe
[2010.11.21 14:51:33 | 000,084,038 | ---- | M] (DivX, Inc.) -- C:\ProgramData\DivX\TransferWizard\Uninstaller.exe
[2011.11.24 17:46:28 | 000,061,792 | ---- | M] (DivX, LLC) -- C:\ProgramData\DivX\Update\Uninstaller.exe
[2011.11.24 17:46:34 | 000,066,441 | ---- | M] (DivX, LLC) -- C:\ProgramData\DivX\WebPlayer\Uninstaller.exe
[2011.07.13 22:03:24 | 000,527,024 | ---- | M] (Google Inc.) -- C:\ProgramData\Google\Google Toolbar\Update\GoogleToolbarInstaller_updater_signed.exe
[2011.02.15 11:11:00 | 000,153,768 | ---- | M] () -- C:\ProgramData\HP Photo Creations\MessageCheck.exe
[2011.02.15 11:11:00 | 000,301,224 | ---- | M] (Visan / RocketLife) -- C:\ProgramData\HP Photo Creations\PhotoProductCore.exe
[2011.02.15 11:11:00 | 000,158,944 | ---- | M] () -- C:\ProgramData\HP Photo Creations\PhotoProductReg.exe
[2011.12.13 18:47:24 | 001,562,920 | ---- | M] () -- C:\ProgramData\hps\1320\setup_dm_Fotowelt.exe
[2010.05.07 15:27:22 | 000,068,256 | ---- | M] () -- C:\ProgramData\Kaspersky Lab Setup Files\Kaspersky Internet Security 2011 11.0.0.232\German\setup.exe
[2012.08.17 20:43:06 | 000,218,880 | ---- | M] (Kaspersky Lab ZAO) -- C:\ProgramData\Kaspersky Lab\AVP13\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav13\13.0.1.4190\avp.exe
[2012.10.29 22:23:21 | 000,917,984 | ---- | M] () -- C:\ProgramData\Microsoft\Windows Defender\LocalCopy\{68CBF6E9-9E3E-58B5-09E0-BEA04183832B}-firefox.exe
[2012.11.10 11:14:04 | 001,199,576 | ---- | M] () -- C:\ProgramData\Microsoft\Windows Defender\LocalCopy\{A3147B27-E1A3-F22A-9B9E-1589EC389439}-SpotifyWebHelper.exe
[2011.05.21 06:01:00 | 000,194,152 | ---- | M] (NVIDIA Corporation) -- C:\ProgramData\NVIDIA\Updatus\WLMerger.exe
[1970.01.01 01:00:00 | 000,114,886 | ---- | M] () -- C:\ProgramData\NVIDIA\Updatus\Download\3FB908F6\drsupdate.10165912_RUNASUSER.exe
[2012.08.13 12:33:30 | 003,064,000 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
 
<           >

< End of report >
         
--- --- ---


und die von EXTRA.exe
OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 17.11.2012 15:33:27 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Torben F\Desktop
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,13 Gb Available Physical Memory | 56,37% Memory free
4,00 Gb Paging File | 2,79 Gb Available in Paging File | 69,73% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 195,31 Gb Total Space | 97,19 Gb Free Space | 49,76% Space Free | Partition Type: NTFS
Drive D: | 117,19 Gb Total Space | 110,78 Gb Free Space | 94,53% Space Free | Partition Type: NTFS
Drive E: | 97,65 Gb Total Space | 96,23 Gb Free Space | 98,54% Space Free | Partition Type: NTFS
Drive F: | 55,61 Gb Total Space | 38,53 Gb Free Space | 69,29% Space Free | Partition Type: NTFS
 
Computer Name: CHEFFE | User Name: Torben F | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: On | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-4193105443-658353482-3685622148-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- D:\Mozilla Firfox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- "%1" %*
htmlfile [edit] -- "D:\Ms Office 2007\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "D:\Ms Office 2007\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [ACDBrowse] -- "D:\ACDSee\ACDSee\6.0\ACDSee6.exe" "%1" (ACD Systems Ltd.)
Directory [AddToPlaylistVLC] -- "D:\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with &IrfanView] -- "D:\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [CEWE FOTOSCHAU] -- "D:\dm-Fotowelt\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [dm-Fotowelt] -- "D:\dm-Fotowelt\dm-Fotowelt.exe" "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "D:\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04AA9CBE-6E36-4C56-B395-992BF87DBBB7}" = lport=139 | protocol=6 | dir=in | app=system | 
"{0BB115FC-F6FD-4DA8-A997-5D2F737B024F}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{1900A1F7-D749-420A-9B22-775AF054FAC3}" = lport=445 | protocol=6 | dir=in | app=system | 
"{19E64EF5-F793-44A1-8EA2-722540F05075}" = rport=445 | protocol=6 | dir=out | app=system | 
"{1EB68FCD-25F4-48F3-8077-C7F100ADBE19}" = lport=6004 | protocol=17 | dir=in | app=d:\ms office 2007\office14\outlook.exe | 
"{30620299-016F-48CD-A4D0-26F1DD7F5C2B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{3831BCAD-B98C-43AE-A6BF-0E233AE637DC}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{4443BDEA-B256-4614-843A-373598B70149}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{4534FDEC-CF31-4C82-88B1-4EF8E6486886}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{4557F0FE-35BE-4859-AC20-666A5374C8B9}" = rport=137 | protocol=17 | dir=out | app=system | 
"{4AB43EB4-A8E1-416D-A88F-CF5F17DA0AD5}" = rport=137 | protocol=17 | dir=out | app=system | 
"{6D86848C-6471-474B-A94A-3EEDA0BE8053}" = lport=53 | protocol=17 | dir=in | name=realtek ap udp prot | 
"{7148DDA0-5F99-44CD-8F58-73EAE7D2F91F}" = lport=53 | protocol=17 | dir=in | name=realtek ap udp prot | 
"{7612200D-C216-4AA2-9497-7E3F0B129BAE}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{774552A5-7AC7-44DD-BBE9-F757B5FB4D69}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{783F40F6-3F7D-4631-A4E5-AE87BA9648AC}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{7E2F4A3B-FA59-448C-93CB-2BA801C69F55}" = lport=138 | protocol=17 | dir=in | app=system | 
"{85027573-4866-47C7-A2E5-C8E19197B7AA}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{90817A75-C8F1-4D8F-B8D5-5CA8E20E9EB2}" = lport=1542 | protocol=17 | dir=in | name=realtek wps udp prot | 
"{958F39ED-55A5-4FAF-ABF4-363D6EB89BB7}" = lport=139 | protocol=6 | dir=in | app=system | 
"{97B200C5-595B-415D-90E0-792A190A4E93}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{A8610C75-D044-43A4-90DE-6CBB1EAB0389}" = lport=137 | protocol=17 | dir=in | app=system | 
"{A8CFDFE3-E7E0-4CD6-A5AB-A19281C5BD4B}" = rport=139 | protocol=6 | dir=out | app=system | 
"{AA933EF2-91F3-438C-8EF5-9FAFC220D9FB}" = lport=445 | protocol=6 | dir=in | app=system | 
"{AF279C22-D796-47D7-BC56-6DF2589845CC}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{B567C9B8-CF08-4BB6-BC42-C2FBEB8526F5}" = rport=138 | protocol=17 | dir=out | app=system | 
"{B9399614-8DD8-4FF7-8A3F-EA2E6640076D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{BA9AAD9C-8832-41B0-B60B-DB99DD7745B2}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{C4E26082-D4DC-4234-887F-09D73051FD39}" = lport=1542 | protocol=6 | dir=in | name=realtek wps tcp prot | 
"{C4FCBC00-B4F5-487F-B83A-344546AC3DDE}" = rport=445 | protocol=6 | dir=out | app=system | 
"{C7FF7030-4EBE-40AC-AC75-1F1CB102D15A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{CA731ED0-58A6-489A-ACC0-6CBF7D650330}" = lport=1542 | protocol=17 | dir=in | name=realtek wps udp prot | 
"{CEEF7976-E1B0-4044-BC63-BD40E2640DE0}" = lport=1542 | protocol=6 | dir=in | name=realtek wps tcp prot | 
"{D55A75BB-649A-4144-8F99-F645A9826EF0}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{D7B6C61B-6E26-47C6-9D12-DD55D81285DB}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{ED18C42C-E346-49EA-86F2-DCD74F0C720E}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{F2D26A8E-8015-424A-A7F3-D1FB6350B542}" = lport=137 | protocol=17 | dir=in | app=system | 
"{F31083BA-90AB-49AA-BF83-906B5F8C805D}" = rport=139 | protocol=6 | dir=out | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0DA7C290-5606-4253-8CCC-D01066E94CC6}" = protocol=17 | dir=in | app=c:\users\torben f\appdata\local\akamai\netsession_win.exe | 
"{1476D2EC-756D-4D8F-9B81-DFCE11F648AE}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{162D3F76-7442-41C8-9755-9567FEDA2C00}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{1D2D9F68-EDE0-4BF9-8D08-30C18503DE29}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{1E5686D7-6216-4496-9EF2-8E06A6285CA1}" = protocol=17 | dir=in | app=d:\ms office 2007\office14\onenote.exe | 
"{2341B49A-1BF3-4C9E-B37E-1D611C54BB22}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{26DC1F36-6297-498E-821B-B60E73416203}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{27523560-8ABA-41E2-9DFC-548CD5945DC9}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{2DF10E8A-3E17-4D59-912C-5B61D6F8C6CF}" = protocol=6 | dir=out | app=system | 
"{35B35087-5460-42C9-92C7-1B00B568B076}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{37C6F628-D9A1-40AD-B724-280345296C00}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{3B6A9104-E507-442F-B19C-D674BC230442}" = protocol=6 | dir=in | app=d:\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe | 
"{3DF9CBA6-5FCD-4297-AC84-E34BFFC9459F}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{42A9E870-FCE3-4AFC-A211-F5856A09EEE3}" = dir=in | app=d:\itunes\itunes.exe | 
"{464D10DD-13E4-49B3-A421-1B9EDDB90521}" = protocol=17 | dir=in | app=d:\ms office 2007\office14\groove.exe | 
"{57829840-ACFD-4650-A925-3E1AAA41289B}" = protocol=6 | dir=in | app=c:\program files\realtek\11n usb wireless lan utility\rtwlan.exe | 
"{5F480737-3464-4D46-89D1-969F46E172AC}" = dir=in | app=c:\program files\hp\hp photosmart 5510 series\bin\hpnetworkcommunicator.exe | 
"{6F45E238-5E1C-4798-BABD-3772CACC214B}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{71053B8B-54D0-4655-B07D-C54C3FDD02CD}" = dir=in | app=c:\program files\hp\hp photosmart 5510 series\bin\devicesetup.exe | 
"{71DE4EDC-6BA3-4F18-8412-90335019DD4B}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version6\teamviewer_service.exe | 
"{73C8D222-244F-4C84-9144-A5B7536FE5DF}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{74C5269E-4974-4AA0-9E1C-A214CA8EA338}" = protocol=17 | dir=in | app=c:\program files\realtek\11n usb wireless lan utility\rtwlan.exe | 
"{79402A79-B005-4860-BCC8-3F326ADF2B89}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe | 
"{828D6AED-AD1E-4FF1-8BD2-4544552224ED}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{84D11599-2337-4098-9F36-E21D6C07A152}" = protocol=6 | dir=in | app=c:\program files\icq7.6\icq.exe | 
"{995A3555-E819-4CF0-A250-654A9F49421D}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{A0C0C245-5A22-41E7-8AB1-F3A7F3EDF3BC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{A1333D4B-B062-4411-B9C6-578284772884}" = protocol=17 | dir=in | app=c:\program files\realtek\11n usb wireless lan utility\rtwlan.exe | 
"{A4A8D8B8-DEF7-42F9-973D-EBDCA54519F1}" = protocol=6 | dir=in | app=c:\users\torben f\appdata\local\akamai\netsession_win.exe | 
"{A80B6DDE-8E8F-48AD-8CE3-9F69B2597123}" = protocol=6 | dir=in | app=d:\ms office 2007\office14\onenote.exe | 
"{B49DA458-F713-4BB8-B651-65AE6E6002AC}" = protocol=6 | dir=in | app=c:\program files\icq7.6\icq.exe | 
"{BD1AC190-D45E-43EB-8AFC-8D543C1349C1}" = protocol=17 | dir=in | app=d:\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe | 
"{C32FCB86-569C-49C1-BEEF-357988114C5A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{C52CDD9B-625F-400B-A77B-914C0FCA7E08}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{C8E4CC99-C635-4355-A397-63989E52BB2F}" = protocol=6 | dir=in | app=d:\ms office 2007\office14\groove.exe | 
"{D5D9AE66-FB45-48A0-9011-F2D087CDE821}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | 
"{D6A5D0D2-4074-4533-88DB-1DC6B76CA34D}" = protocol=17 | dir=in | app=c:\program files\icq7.6\icq.exe | 
"{DC9D6593-D241-46CA-82E9-0BC28A0A45EF}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{DE05EFA7-C236-4CA1-B130-9BE84937ABB5}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version6\teamviewer.exe | 
"{E701A045-E0E4-42B3-9FD4-712A2CB16E77}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version6\teamviewer_service.exe | 
"{EEC39CAA-C1A5-4285-AD13-BCF449025799}" = protocol=17 | dir=in | app=c:\program files\icq7.6\icq.exe | 
"{F309223C-4C9D-41EA-BCA0-B71C199DC249}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version6\teamviewer.exe | 
"{F492EED2-0CDD-472A-83E4-2C5CE136564B}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{FC9FD8AD-78B1-4475-B09E-74A2DB08C559}" = protocol=6 | dir=in | app=c:\program files\realtek\11n usb wireless lan utility\rtwlan.exe | 
"{FDBE9C7C-C4AE-422E-AA94-4B1CB2231256}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{05F350C6-FA6A-40D0-A130-FB941B39152C}" = Philips SPC230NC Webcam
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID-Anmelde-Assistent
"{0F6F6876-6334-4977-B5DD-CFC12E193420}" = iTunes
"{12665B01-3F3A-4433-B179-9D8E352D7547}" = Try Corel Snapfire muvee autoProducer add on
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{17E14D89-3A9F-4706-9F9B-C2DFC7ABE94B}" = Corel Snapfire DVD Maker
"{1ADE1AA0-7F82-4BB1-B1BD-727DE438057B}" = Cool & Quiet
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
"{295C31E5-3F91-498E-9623-DA24D2FA2B6A}" = T-Online WLAN-Access Finder
"{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}" = Logitech SetPoint
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D30AB17-69E4-4F0F-9CF8-BED11CF8716F}" = CSI-Miami
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{415FA9AD-DA10-4ABE-97B6-5051D4795C90}" = HP FWUpdateEDO2
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{560985FB-4B76-4121-9189-7A2CDC7886D6}" = Kaspersky Internet Security 2013
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{6733975E-52C9-4624-805D-36A4F79F7BBB}" = MDESIGN Roloff/Matek Edition
"{67989938-3E0E-4DFD-B2D7-E31ED4FC726C}" = GO Contact Sync Mod
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6B4AD1A9-E73A-4184-9D6B-072F8A3C5EBA}" = VoiceOver Kit
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7644E42D-B096-457F-8B5B-901238FC81AE}" = ICQ7.6
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{79FA7C3A-23E9-415B-9D5F-465DBCA59247}" = ADAC RoutenPlaner 2006/2007
"{7ADE3A47-B425-45E9-8FF6-11BE2B775645}" = Corel Snapfire Plus
"{7B63B2922B174135AFC0E1377DD81EC2}" = 
"{80CCA55B-FCA8-47E2-9BFE-A24CDEE51031}" = SecurDisc Viewer
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 4.1.2
"{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie
"{87441A59-5E64-4096-A170-14EFE67200C3}" = Picture Control Utility
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8CC68433-5837-4075-B81F-EA7E4F14CE60}" = iCloud
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}" = Logitech Desktop Messenger
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A8C75F6-E5CC-47F9-962A-73FE54A8AF41}" = HP Photosmart 5510 series - Grundlegende Software für das Gerät
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C049499-055C-4a0c-A916-1D8CA1FF45EB}" = REALTEK Wireless LAN Driver and Utility
"{A7496F46-78AE-4DB2-BCF5-95F210FA6F96}" = Windows Live Movie Maker
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.3.5
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{C167A588-87AA-47BF-A88E-5B0F9A14480D}" = InterVideo DVDCopy5
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CECB7782-F35F-45CE-97C0-74BBBDC51C22}" = Webcam Video Viewer
"{D1E7142C-6BC3-49EB-A71A-E5D7ADAC7599}" = Nikon File Uploader 2
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D4DDFAA1-EC37-4529-AD5B-A433ADE68662}" = Apple Mobile Device Support
"{DDD62492-32A7-412B-8AF1-2CF032AD42E3}" = ViewNX 2
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F006F696-7D71-4118-AC02-B714980F6288}" = ACDSee for Pentax 2.0
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F5266D28-E0B2-4130-BFC5-EE155AD514DC}" = Apple Application Support
"7-Zip" = 7-Zip 4.65
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Akamai" = Akamai NetSession Interface Service
"AVMWLANCLI" = AVM FRITZ!WLAN
"CCleaner" = CCleaner
"CDex" = CDex extraction audio
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup" = DivX-Setup
"dm-Fotowelt" = dm-Fotowelt
"Formelsammlung Roloff-Matek" = Formelsammlung Roloff-Matek
"HP Photo Creations" = HP Photo Creations
"INSITU - Stahl - ME - 2004" = INSITU - Stahl - ME - 2004
"INSITU Aluminium - ME - 2004" = INSITU Aluminium - ME - 2004
"InstallWIX_{560985FB-4B76-4121-9189-7A2CDC7886D6}" = Kaspersky Internet Security 2013
"IrfanView" = IrfanView (remove only)
"MediaMonkey_is1" = MediaMonkey 3.2
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"Mozilla Thunderbird (3.1.3)" = Mozilla Thunderbird (3.1.3)
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"Philips Intelligent Agent_is1" = Philips Intelligent Agent
"Sweet Home 3D_is1" = Sweet Home 3D version 2.6
"TeamViewer 6" = TeamViewer 6
"TomTom HOME" = TomTom HOME 2.8.3.2499
"VLC media player" = VLC media player 1.0.5
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"WinZip" = WinZip
"YTdetect" = Yahoo! Detect
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-4193105443-658353482-3685622148-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface
"Mozilla Firefox 16.0.2 (x86 de)" = Mozilla Firefox 16.0.2 (x86 de)
"Mozilla Thunderbird 16.0.2 (x86 de)" = Mozilla Thunderbird 16.0.2 (x86 de)
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 01.09.2011 04:22:44 | Computer Name = cheffe | Source = Customer Experience Improvement Program | ID = 1008
Description = 
 
Error - 01.09.2011 13:00:08 | Computer Name = cheffe | Source = Windows Backup | ID = 4103
Description = 
 
[ System Events ]
Error - 14.11.2012 12:29:57 | Computer Name = cheffe | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits
 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt:
 Neustart des Diensts.
 
Error - 14.11.2012 12:30:27 | Computer Name = cheffe | Source = Service Control Manager | ID = 7032
Description = Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden
 des Dienstes "Windows Search" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen,
 ist fehlgeschlagen. Fehler:   %%1056
 
Error - 14.11.2012 14:57:35 | Computer Name = cheffe | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Kaspersky Anti-Virus Service" wurde unerwartet beendet.
 Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000
 Millisekunden durchgeführt: Neustart des Diensts.
 
Error - 16.11.2012 18:52:40 | Computer Name = cheffe | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?16.?11.?2012 um 23:51:13 unerwartet heruntergefahren.
 
Error - 16.11.2012 19:37:16 | Computer Name = cheffe | Source = Service Control Manager | ID = 7000
Description = Der Dienst "SpyHunter 4 Service" wurde aufgrund folgenden Fehlers 
nicht gestartet:   %%2
 
Error - 17.11.2012 05:19:14 | Computer Name = cheffe | Source = Service Control Manager | ID = 7000
Description = Der Dienst "SpyHunter 4 Service" wurde aufgrund folgenden Fehlers 
nicht gestartet:   %%2
 
Error - 17.11.2012 09:05:21 | Computer Name = cheffe | Source = Service Control Manager | ID = 7000
Description = Der Dienst "SpyHunter 4 Service" wurde aufgrund folgenden Fehlers 
nicht gestartet:   %%2
 
Error - 17.11.2012 09:21:02 | Computer Name = cheffe | Source = Service Control Manager | ID = 7000
Description = Der Dienst "SpyHunter 4 Service" wurde aufgrund folgenden Fehlers 
nicht gestartet:   %%2
 
Error - 17.11.2012 09:38:04 | Computer Name = cheffe | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Browser Manager" wurde unerwartet beendet. Dies ist bereits
 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt:
 Neustart des Diensts.
 
Error - 17.11.2012 09:47:02 | Computer Name = cheffe | Source = Service Control Manager | ID = 7000
Description = Der Dienst "SpyHunter 4 Service" wurde aufgrund folgenden Fehlers 
nicht gestartet:   %%2
 
 
< End of report >
         
--- --- ---



Ccleaner habe ich deinstalliert, den TFC kann ich jetzt einfach installieren?
Wie gehts nun weiter?

Alt 18.11.2012, 13:30   #8
cheffe142
 
claro-search entfernen - Standard

claro-search entfernen



so nun hier meine logdaten von OTL.exe
OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 17.11.2012 15:33:27 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Torben F\Desktop
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,13 Gb Available Physical Memory | 56,37% Memory free
4,00 Gb Paging File | 2,79 Gb Available in Paging File | 69,73% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 195,31 Gb Total Space | 97,19 Gb Free Space | 49,76% Space Free | Partition Type: NTFS
Drive D: | 117,19 Gb Total Space | 110,78 Gb Free Space | 94,53% Space Free | Partition Type: NTFS
Drive E: | 97,65 Gb Total Space | 96,23 Gb Free Space | 98,54% Space Free | Partition Type: NTFS
Drive F: | 55,61 Gb Total Space | 38,53 Gb Free Space | 69,29% Space Free | Partition Type: NTFS
 
Computer Name: CHEFFE | User Name: Torben F | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: On | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Torben F\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe (Kaspersky Lab ZAO)
PRC - C:\Programme\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
PRC - C:\Programme\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.)
PRC - C:\Programme\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)
PRC - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - D:\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
PRC - C:\Programme\HP\HP Photosmart 5510 series\Bin\ScanToPCActivationApp.exe (Hewlett-Packard Co.)
PRC - C:\Programme\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
PRC - C:\Programme\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation)
PRC - C:\Programme\REALTEK\11n USB Wireless LAN Utility\RtWLan.exe (Realtek Semiconductor Corp.)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation)
PRC - C:\Programme\REALTEK\11n USB Wireless LAN Utility\RtlService.exe (Realtek)
PRC - C:\Programme\avmwlanstick\WLanNetService.exe (AVM Berlin)
PRC - C:\Windows\System32\PSIService.exe ()
PRC - C:\Programme\Common Files\ACD Systems\DE\DevDetect.exe (ACD Systems, Ltd.)
 
 
========== Modules (No Company Name) ==========
 
MOD - c:\ProgramData\Browser Manager\2.3.796.11\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.dll ()
MOD - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\dblite.dll ()
MOD - C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Programme\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF ()
MOD - D:\WinRAR\RarExt.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (SpyHunter 4 Service) -- C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE File not found
SRV - (AVP) -- C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe (Kaspersky Lab ZAO)
SRV - (Akamai) -- c:\program files\common files\akamai/netsession_win_ce5ba24.dll ()
SRV - (Microsoft SharePoint Workspace Audit Service) -- D:\Ms Office 2007\Office14\GROOVE.EXE (Microsoft Corporation)
SRV - (Skype C2C Service) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (TomTomHOMEService) -- D:\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
SRV - (nvUpdatusService) -- C:\Programme\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
SRV - (TeamViewer6) -- C:\Programme\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (osppsvc) -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (wlidsvc) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (RtlService) -- C:\Programme\REALTEK\11n USB Wireless LAN Utility\RtlService.exe (Realtek)
SRV - (Realtek11nSU) -- C:\Programme\REALTEK\11n USB Wireless LAN Utility\RtlService.exe (Realtek)
SRV - (AVM WLAN Connection Service) -- C:\Programme\avmwlanstick\WLanNetService.exe (AVM Berlin)
SRV - (ProtexisLicensing) -- C:\Windows\System32\PSIService.exe ()
 
 
========== Driver Services (SafeList) ==========
 
DRV - (ZTEusbser6k) -- system32\DRIVERS\ZTEusbser6k.sys File not found
DRV - (ZTEusbnmea) -- system32\DRIVERS\ZTEusbnmea.sys File not found
DRV - (ZTEusbmdm6k) -- system32\DRIVERS\ZTEusbmdm6k.sys File not found
DRV - (PciCon) -- G:\PciCon.sys File not found
DRV - (massfilter) -- system32\drivers\massfilter.sys File not found
DRV - (esgiguard) -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys File not found
DRV - (KLIF) -- C:\Windows\System32\drivers\klif.sys (Kaspersky Lab)
DRV - (kltdi) -- C:\Windows\System32\drivers\kltdi.sys (Kaspersky Lab)
DRV - (klmouflt) -- C:\Windows\System32\drivers\klmouflt.sys (Kaspersky Lab)
DRV - (klkbdflt) -- C:\Windows\System32\drivers\klkbdflt.sys (Kaspersky Lab)
DRV - (kneps) -- C:\Windows\System32\drivers\kneps.sys (Kaspersky Lab)
DRV - (KLIM6) -- C:\Windows\System32\drivers\klim6.sys (Kaspersky Lab ZAO)
DRV - (EsgScanner) -- C:\Windows\System32\drivers\EsgScanner.sys ()
DRV - (kl1) -- C:\Windows\System32\drivers\kl1.sys (Kaspersky Lab ZAO)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (RTL8192su) -- C:\Windows\System32\drivers\RTL8192su.sys (Realtek Semiconductor Corporation                           )
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (NTGDT) -- C:\Windows\System32\drivers\NTGDT.SYS ()
DRV - (ssndis) -- C:\Windows\System32\drivers\ssndis.sys (Realtek Semiconductor Corporation)
DRV - (pfc) -- C:\Windows\System32\drivers\pfc.sys (Padus, Inc.)
DRV - (WSDPrintDevice) -- C:\Windows\System32\drivers\WSDPrint.sys (Microsoft Corporation)
DRV - (WSDScan) -- C:\Windows\System32\drivers\WSDScan.sys (Microsoft Corporation)
DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation)
DRV - (RTL8187B) -- C:\Windows\System32\drivers\RTL8187B.sys (Realtek Semiconductor Corporation                           )
DRV - (Atc002) -- C:\Windows\System32\drivers\l260x86.sys (Atheros Communications, Inc.)
DRV - (MTsensor) -- C:\Windows\System32\drivers\ASACPI.sys ()
DRV - (fwlanusbn) -- C:\Windows\System32\drivers\fwlanusbn.sys (AVM GmbH)
DRV - (avmeject) -- C:\Windows\System32\drivers\avmeject.sys (AVM Berlin)
DRV - (SPC230NC) -- C:\Windows\System32\drivers\SPC230NC.SYS (PixArt Imaging Inc.)
DRV - (AsIO) -- C:\Windows\System32\drivers\AsIO.sys ()
DRV - (PAEAFLT.sys) -- C:\Windows\System32\drivers\PAEAFLT.sys (PixArt Imaging Incorporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-4193105443-658353482-3685622148-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.t-online.de/
IE - HKU\S-1-5-21-4193105443-658353482-3685622148-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-4193105443-658353482-3685622148-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-4193105443-658353482-3685622148-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = A4 27 DB 8C 8E 05 CB 01  [binary data]
IE - HKU\S-1-5-21-4193105443-658353482-3685622148-1000\..\URLSearchHook:  - No CLSID value found
IE - HKU\S-1-5-21-4193105443-658353482-3685622148-1000\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKU\S-1-5-21-4193105443-658353482-3685622148-1000\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-4193105443-658353482-3685622148-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?FORM=IEFM1&q={searchTerms}&src={referrer:source?}
IE - HKU\S-1-5-21-4193105443-658353482-3685622148-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\S-1-5-21-4193105443-658353482-3685622148-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-4193105443-658353482-3685622148-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = fritz.box;<local>;*.local
 
IE - HKU\S-1-5-21-4193105443-658353482-3685622148-1005\..\SearchScopes,DefaultScope = 
 
========== FireFox ==========
 
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.t-online.de/"
FF - prefs.js..extensions.enabledAddons: anti_banner@kaspersky.com:13.0.1.4190
FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:11.0.1.400
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6906
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: KavAntiBanner@Kaspersky.ru:11.0.1.400
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.1.94
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: D:\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: D:\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: D:\MSOFFI~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: D:\MSOFFI~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011.11.24 17:46:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\url_advisor@kaspersky.com: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com [2012.09.10 17:18:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtual_keyboard@kaspersky.com: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com [2012.09.10 17:18:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\content_blocker@kaspersky.com: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com [2012.09.10 17:18:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\anti_banner@kaspersky.com: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com [2012.09.10 17:18:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\online_banking@kaspersky.com: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com [2012.09.10 17:18:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: D:\Mozilla Firfox\components [2012.11.13 17:38:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: D:\Mozilla Firfox\plugins [2012.11.13 17:38:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.3\extensions\\Components: D:\Thunderbird\components [2012.11.13 17:38:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.3\extensions\\Plugins: D:\Thunderbird\plugins [2012.11.13 17:38:47 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: D:\Mozilla Firfox\components [2012.11.13 17:38:08 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: D:\Mozilla Firfox\plugins [2012.11.13 17:38:47 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 14.0\extensions\\Components: D:\Thunderbird\components [2012.11.13 17:38:08 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 14.0\extensions\\Plugins: D:\Thunderbird\plugins [2012.11.13 17:38:47 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 15.0\extensions\\Components: D:\Thunderbird\components [2012.11.13 17:38:08 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 15.0\extensions\\Plugins: D:\Thunderbird\plugins [2012.11.13 17:38:47 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 15.0.1\extensions\\Components: D:\Thunderbird\components [2012.11.13 17:38:08 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 15.0.1\extensions\\Plugins: D:\Thunderbird\plugins [2012.11.13 17:38:47 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 16.0.1\extensions\\Components: D:\Thunderbird\components [2012.11.13 17:38:08 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 16.0.1\extensions\\Plugins: D:\Thunderbird\plugins [2012.11.13 17:38:47 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Components: D:\Thunderbird\components [2012.11.13 17:38:08 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Plugins: D:\Thunderbird\plugins [2012.11.13 17:38:47 | 000,000,000 | ---D | M]
 
[2011.03.02 12:31:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Torben F\AppData\Roaming\mozilla\Extensions
[2010.09.15 16:57:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Torben F\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011.03.02 12:31:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Torben F\AppData\Roaming\mozilla\Extensions\home2@tomtom.com
[2012.11.13 17:21:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Torben F\AppData\Roaming\mozilla\Firefox\Profiles\lnx6vjq9.default\extensions
[2012.11.14 23:03:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Torben F\AppData\Roaming\mozilla\Firefox\Profiles\mData\Kaspersky Lab\SafeBrowser\S-1-5-21-4193105443-658353482-3685622148-1000\FireFox\extensions
[2012.07.25 21:44:10 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\Torben F\AppData\Roaming\mozilla\firefox\profiles\lnx6vjq9.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012.09.10 17:18:11 | 000,000,000 | ---D | M] (Anti-Banner) -- C:\PROGRAM FILES\KASPERSKY LAB\KASPERSKY INTERNET SECURITY 2013\FFEXT\ANTI_BANNER@KASPERSKY.COM
File not found (No name found) -- C:\PROGRAMDATA\BROWSER MANAGER\2.3.796.11\{16CDFF19-861D-48E3-A751-D99A27784753}\FIREFOXEXTENSION
 
========== Chrome  ==========
 
CHR - homepage: hxxp://www.google.com
 
O1 HOSTS File: ([2009.06.10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\Ms Office 2007\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - D:\Ms Office 2007\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O3 - HKU\S-1-5-21-4193105443-658353482-3685622148-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-4193105443-658353482-3685622148-1000\..\Toolbar\WebBrowser: (no name) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - No CLSID value found.
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [Device Detector] C:\Program Files\Common Files\ACD Systems\DE\DevDetect.exe (ACD Systems, Ltd.)
O4 - HKU\S-1-5-21-4193105443-658353482-3685622148-1000..\Run: [ApplePhotoStreams] C:\Programme\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.)
O4 - HKU\S-1-5-21-4193105443-658353482-3685622148-1000..\Run: [ccleaner] D:\CCleaner\CCleaner.exe (Piriform Ltd)
O4 - HKU\S-1-5-21-4193105443-658353482-3685622148-1000..\Run: [HP Photosmart 5510 series (NET)] C:\Program Files\HP\HP Photosmart 5510 series\Bin\ScanToPCActivationApp.exe (Hewlett-Packard Co.)
O4 - HKU\S-1-5-21-4193105443-658353482-3685622148-1000..\Run: [iCloudServices] C:\Programme\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-4193105443-658353482-3685622148-1005..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: An OneNote s&enden - D:\Ms Office 2007\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\ie_banner_deny.htm ()
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - D:\Ms Office 2007\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://D:\MSOFFI~1\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: Virtuelle Tastatur - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Ms Office 2007\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Ms Office 2007\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - D:\Ms Office 2007\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - D:\Ms Office 2007\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Links untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-4193105443-658353482-3685622148-1000\..Trusted Ranges: Range1 ([*] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4E9668AC-8794-4EA0-9F90-B62E2FDC57C1}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AD16723B-BB95-4368-B10D-9E079BF01575}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E499EF9A-D485-4EF8-BAEB-FE87531F4652}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\bw+0 {19e3fb35-f515-4ae6-bc32-1ea74914c040} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bw+0s {19e3fb35-f515-4ae6-bc32-1ea74914c040} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bw-0 {19e3fb35-f515-4ae6-bc32-1ea74914c040} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bw00 {19e3fb35-f515-4ae6-bc32-1ea74914c040} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bw00s {19e3fb35-f515-4ae6-bc32-1ea74914c040} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bw-0s {19e3fb35-f515-4ae6-bc32-1ea74914c040} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bw10 {19e3fb35-f515-4ae6-bc32-1ea74914c040} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bw10s {19e3fb35-f515-4ae6-bc32-1ea74914c040} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bw20 {19e3fb35-f515-4ae6-bc32-1ea74914c040} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bw20s {19e3fb35-f515-4ae6-bc32-1ea74914c040} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bw30 {19e3fb35-f515-4ae6-bc32-1ea74914c040} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bw30s {19e3fb35-f515-4ae6-bc32-1ea74914c040} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bw40 {19e3fb35-f515-4ae6-bc32-1ea74914c040} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bw40s {19e3fb35-f515-4ae6-bc32-1ea74914c040} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bw50 {19e3fb35-f515-4ae6-bc32-1ea74914c040} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bw50s {19e3fb35-f515-4ae6-bc32-1ea74914c040} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bw60 {19e3fb35-f515-4ae6-bc32-1ea74914c040} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bw60s {19e3fb35-f515-4ae6-bc32-1ea74914c040} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bw70 {19e3fb35-f515-4ae6-bc32-1ea74914c040} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bw70s {19e3fb35-f515-4ae6-bc32-1ea74914c040} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bw80 {19e3fb35-f515-4ae6-bc32-1ea74914c040} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bw80s {19e3fb35-f515-4ae6-bc32-1ea74914c040} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bw90 {19e3fb35-f515-4ae6-bc32-1ea74914c040} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bw90s {19e3fb35-f515-4ae6-bc32-1ea74914c040} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwa0 {19e3fb35-f515-4ae6-bc32-1ea74914c040} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwa0s {19e3fb35-f515-4ae6-bc32-1ea74914c040} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwb0 {19e3fb35-f515-4ae6-bc32-1ea74914c040} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwb0s {19e3fb35-f515-4ae6-bc32-1ea74914c040} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwc0 {19e3fb35-f515-4ae6-bc32-1ea74914c040} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwc0s {19e3fb35-f515-4ae6-bc32-1ea74914c040} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwd0 {19e3fb35-f515-4ae6-bc32-1ea74914c040} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwd0s {19e3fb35-f515-4ae6-bc32-1ea74914c040} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwe0 {19e3fb35-f515-4ae6-bc32-1ea74914c040} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwe0s {19e3fb35-f515-4ae6-bc32-1ea74914c040} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwf0 {19e3fb35-f515-4ae6-bc32-1ea74914c040} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwf0s {19e3fb35-f515-4ae6-bc32-1ea74914c040} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - D:\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwg0 {19e3fb35-f515-4ae6-bc32-1ea74914c040} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwg0s {19e3fb35-f515-4ae6-bc32-1ea74914c040} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwh0 {19e3fb35-f515-4ae6-bc32-1ea74914c040} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwh0s {19e3fb35-f515-4ae6-bc32-1ea74914c040} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwi0 {19e3fb35-f515-4ae6-bc32-1ea74914c040} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwi0s {19e3fb35-f515-4ae6-bc32-1ea74914c040} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwj0 {19e3fb35-f515-4ae6-bc32-1ea74914c040} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwj0s {19e3fb35-f515-4ae6-bc32-1ea74914c040} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwk0 {19e3fb35-f515-4ae6-bc32-1ea74914c040} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwk0s {19e3fb35-f515-4ae6-bc32-1ea74914c040} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwl0 {19e3fb35-f515-4ae6-bc32-1ea74914c040} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwl0s {19e3fb35-f515-4ae6-bc32-1ea74914c040} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwm0 {19e3fb35-f515-4ae6-bc32-1ea74914c040} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwm0s {19e3fb35-f515-4ae6-bc32-1ea74914c040} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwn0 {19e3fb35-f515-4ae6-bc32-1ea74914c040} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwn0s {19e3fb35-f515-4ae6-bc32-1ea74914c040} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwo0 {19e3fb35-f515-4ae6-bc32-1ea74914c040} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwo0s {19e3fb35-f515-4ae6-bc32-1ea74914c040} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwp0 {19e3fb35-f515-4ae6-bc32-1ea74914c040} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwp0s {19e3fb35-f515-4ae6-bc32-1ea74914c040} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwq0 {19e3fb35-f515-4ae6-bc32-1ea74914c040} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwq0s {19e3fb35-f515-4ae6-bc32-1ea74914c040} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwr0 {19e3fb35-f515-4ae6-bc32-1ea74914c040} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwr0s {19e3fb35-f515-4ae6-bc32-1ea74914c040} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bws0 {19e3fb35-f515-4ae6-bc32-1ea74914c040} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bws0s {19e3fb35-f515-4ae6-bc32-1ea74914c040} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwt0 {19e3fb35-f515-4ae6-bc32-1ea74914c040} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwt0s {19e3fb35-f515-4ae6-bc32-1ea74914c040} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwu0 {19e3fb35-f515-4ae6-bc32-1ea74914c040} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwu0s {19e3fb35-f515-4ae6-bc32-1ea74914c040} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwv0 {19e3fb35-f515-4ae6-bc32-1ea74914c040} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwv0s {19e3fb35-f515-4ae6-bc32-1ea74914c040} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bww0 {19e3fb35-f515-4ae6-bc32-1ea74914c040} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bww0s {19e3fb35-f515-4ae6-bc32-1ea74914c040} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwx0 {19e3fb35-f515-4ae6-bc32-1ea74914c040} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwx0s {19e3fb35-f515-4ae6-bc32-1ea74914c040} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwy0 {19e3fb35-f515-4ae6-bc32-1ea74914c040} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwy0s {19e3fb35-f515-4ae6-bc32-1ea74914c040} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwz0 {19e3fb35-f515-4ae6-bc32-1ea74914c040} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwz0s {19e3fb35-f515-4ae6-bc32-1ea74914c040} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\offline-8876480 {19E3FB35-F515-4AE6-BC32-1EA74914C040} - D:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - D:\Ms Office 2007\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2010.09.18 12:45:07 | 2183,895,927 | ---- | M] () - D:\AutoCAD2011 -- [ NTFS ]
O33 - MountPoints2\{f554385e-7222-11df-8e9c-001f1f753175}\Shell - "" = AutoRun
O33 - MountPoints2\{f554385e-7222-11df-8e9c-001f1f753175}\Shell\AutoRun\command - "" = N:\pushinst.exe
O34 - HKLM BootExecute: (autocheck autochk /p \??\L:)
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^TrayMin230.lnk - C:\Programme\Philips\Philips SPC230NC Webcam\TrayMin230.exe - ()
MsConfig - StartUpReg: Philips Intelligent Agent - hkey= - key= - D:\Intelligent Agent\Philips Intelligent Agent.exe (Philips Consumer Electronics)
MsConfig - StartUpReg: Sidebar - hkey= - key= - C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
 
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: VIDC.ACDV - C:\Windows\System32\ACDV.dll (ACD Systems)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.)
 
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.11.17 14:54:25 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Torben F\Desktop\OTL.exe
[2012.11.17 00:36:58 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012.11.16 20:25:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2012.11.16 20:25:32 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2012.11.16 17:25:32 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2012.11.16 17:18:34 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2012.11.16 06:57:15 | 000,047,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\WdfLdr.sys
[2012.11.16 06:57:15 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Wdfres.dll
[2012.11.16 06:56:52 | 000,172,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFPlatform.dll
[2012.11.16 06:56:51 | 000,613,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFx.dll
[2012.11.16 06:56:51 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFCoinstaller.dll
[2012.11.16 06:56:26 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012.11.16 06:56:25 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2012.11.16 06:56:25 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012.11.16 06:56:25 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012.11.16 06:56:25 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012.11.16 06:56:24 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012.11.16 06:56:24 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012.11.16 06:56:23 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012.11.16 06:42:16 | 000,175,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netcorehc.dll
[2012.11.16 06:42:16 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncsi.dll
[2012.11.16 06:42:16 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netevent.dll
[2012.11.16 06:42:09 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\synceng.dll
[2012.11.16 06:41:57 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dhcpcore6.dll
[2012.11.16 06:41:57 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dhcpcsvc6.dll
[2012.11.16 06:41:54 | 002,345,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012.11.13 17:38:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2012.11.13 17:38:33 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2012.11.12 22:00:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Browser Manager
[2012.11.12 21:58:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator
[2012.11.12 21:58:17 | 000,662,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSCOMCT2.OCX
[2012.11.12 21:58:17 | 000,137,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSMAPI32.OCX
[2012.11.12 21:58:17 | 000,086,528 | ---- | C] (pdfforge GbR) -- C:\Windows\System32\pdfcmon.dll
[2012.11.12 21:58:15 | 000,158,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSCMCDE.DLL
[2012.11.12 21:58:15 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSCC2DE.DLL
[2012.11.12 21:58:15 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSMPIDE.DLL
[2012.11.12 21:58:15 | 000,000,000 | ---D | C] -- C:\Program Files\PDFCreator
[2012.11.12 21:53:52 | 000,000,000 | ---D | C] -- C:\Users\Torben F\AppData\Local\Programs
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.11.17 15:30:01 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.11.17 15:01:00 | 000,000,262 | ---- | M] () -- C:\Windows\tasks\HP Photo Creations Messager.job
[2012.11.17 14:54:22 | 000,015,120 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.11.17 14:54:22 | 000,015,120 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.11.17 14:54:09 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Torben F\Desktop\OTL.exe
[2012.11.17 14:50:23 | 000,001,950 | ---- | M] () -- C:\Users\Torben F\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Photosmart 5510 series (Netzwerk).lnk
[2012.11.17 14:48:11 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.11.17 14:47:08 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
[2012.11.17 14:47:01 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.11.17 14:47:00 | 1610,014,720 | -HS- | M] () -- C:\hiberfil.sys
[2012.11.17 14:36:32 | 000,541,569 | ---- | M] () -- C:\Users\Torben F\Desktop\adwcleaner.exe
[2012.11.16 16:24:43 | 000,002,292 | ---- | M] () -- C:\Users\Torben F\Desktop\Sicherer Zahlungsverkehr.lnk
[2012.11.16 16:22:32 | 000,409,560 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.11.16 07:04:50 | 000,657,570 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.11.16 07:04:50 | 000,618,846 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.11.16 07:04:50 | 000,130,942 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.11.16 07:04:50 | 000,107,166 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.11.16 06:51:04 | 000,589,144 | ---- | M] (Kaspersky Lab) -- C:\Windows\System32\drivers\klif.sys
[2012.11.16 06:51:04 | 000,043,608 | ---- | M] (Kaspersky Lab) -- C:\Windows\System32\drivers\kltdi.sys
[2012.11.12 21:58:21 | 000,000,995 | ---- | M] () -- C:\Users\Public\Desktop\PDFCreator.lnk
[2012.10.18 18:59:05 | 002,345,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.11.17 14:37:04 | 000,541,569 | ---- | C] () -- C:\Users\Torben F\Desktop\adwcleaner.exe
[2012.11.16 06:57:17 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2012.11.16 06:56:51 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2012.11.12 21:58:21 | 000,000,995 | ---- | C] () -- C:\Users\Public\Desktop\PDFCreator.lnk
[2012.07.17 16:56:53 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2012.06.22 12:01:30 | 000,019,984 | ---- | C] () -- C:\Windows\System32\drivers\EsgScanner.sys
[2012.04.17 19:10:45 | 000,037,048 | ---- | C] () -- C:\Users\Torben F\AppData\Roaming\Kommagetrennte Werte (DOS).ADR
[2012.01.16 19:00:22 | 000,000,001 | R--- | C] () -- C:\Users\Torben F\serverport
[2011.12.09 14:24:00 | 000,069,632 | ---- | C] () -- C:\Windows\System32\xmltok.dll
[2011.12.09 14:24:00 | 000,036,864 | ---- | C] () -- C:\Windows\System32\xmlparse.dll
[2011.01.03 18:09:54 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Frameworks
[2011.01.03 18:09:54 | 000,000,268 | RH-- | C] () -- C:\Users\Torben F\AppData\Roaming\Folder Actions Handlers
[2011.01.03 18:09:54 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLev.DAT
[2011.01.03 18:09:53 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Framework
[2011.01.03 18:09:53 | 000,000,268 | RH-- | C] () -- C:\Users\Torben F\AppData\Roaming\Folder Actions
[2011.01.03 18:09:53 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLes.DAT
[2011.01.03 18:09:50 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Fonts
[2011.01.03 18:09:50 | 000,000,268 | RH-- | C] () -- C:\Users\Torben F\AppData\Roaming\Flowers
[2011.01.03 18:09:50 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLet.DAT
[2011.01.03 15:33:56 | 000,000,842 | ---- | C] () -- C:\Windows\System32\SPC230NC.INI
[2010.10.02 08:43:02 | 000,024,064 | ---- | C] () -- C:\Users\Torben F\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.06.08 17:23:56 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.04.30 15:43:50 | 000,001,024 | ---- | C] () -- C:\Users\Torben F\.rnd
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*. >
[2010.11.01 13:10:39 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2010.06.25 23:00:45 | 000,000,000 | ---D | M] -- C:\28b2e0517941069292
[2011.06.22 23:36:08 | 000,000,000 | -HSD | M] -- C:\Boot
[2012.11.17 10:19:01 | 000,000,000 | -HSD | M] -- C:\Config.Msi
[2009.07.14 05:53:55 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2010.04.27 21:53:09 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2011.05.31 09:37:20 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2009.07.14 03:37:05 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2012.11.17 14:38:07 | 000,000,000 | R--D | M] -- C:\Program Files
[2012.11.16 20:25:32 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2010.04.27 21:53:09 | 000,000,000 | -HSD | M] -- C:\Programme
[2010.04.27 21:53:09 | 000,000,000 | -HSD | M] -- C:\Recovery
[2012.11.17 15:37:39 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2012.03.06 17:55:21 | 000,000,000 | R--D | M] -- C:\Users
[2012.11.17 14:52:03 | 000,000,000 | ---D | M] -- C:\Windows
 
< %SYSTEMDRIVE%\*.* >
[2012.11.17 14:38:14 | 000,003,549 | ---- | M] () -- C:\AdwCleaner[S1].txt
[2009.06.10 22:42:20 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2010.11.20 13:40:07 | 000,383,786 | RHS- | M] () -- C:\bootmgr
[2010.04.27 18:29:45 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2009.06.10 22:42:20 | 000,000,010 | ---- | M] () -- C:\config.sys
[2012.11.17 14:47:00 | 1610,014,720 | -HS- | M] () -- C:\hiberfil.sys
[2010.04.30 16:30:08 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010.04.30 16:30:08 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2012.11.17 14:47:00 | 2146,689,024 | -HS- | M] () -- C:\pagefile.sys
[2011.01.03 15:46:22 | 000,921,632 | ---- | M] () -- C:\SPC230NC.DAT
[2012.04.02 19:52:39 | 000,000,160 | ---- | M] () -- C:\TO_InstallLog.txt
 
< %PROGRAMFILES%\*.exe >
Invalid Environment Variable: PROGRAMFILES(X86)
 
< %systemroot%\*. /mp /s >
 
< %windir%\installer\*. /10 >
[2012.11.13 17:46:47 | 000,000,000 | ---D | M] -- C:\Windows\installer\{0E64B098-8018-4256-BA23-C316A43AD9B0}
[2012.11.16 07:06:45 | 000,000,000 | ---D | M] -- C:\Windows\installer\{90140000-0011-0000-0000-0000000FF1CE}
[2012.11.16 07:06:19 | 000,000,000 | ---D | M] -- C:\Windows\installer\{91140000-0011-0000-0000-0000000FF1CE}
[2012.11.13 17:38:39 | 000,000,000 | ---D | M] -- C:\Windows\installer\{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}
[2012.11.13 17:47:22 | 000,000,000 | ---D | M] -- C:\Windows\installer\{F5266D28-E0B2-4130-BFC5-EE155AD514DC}
 
< %appdata%\*.  >
[2010.06.14 16:39:50 | 000,000,000 | ---D | M] -- C:\Users\Torben F\AppData\Roaming\ACD Systems
[2010.12.22 17:09:54 | 000,000,000 | ---D | M] -- C:\Users\Torben F\AppData\Roaming\Adobe
[2010.04.30 16:46:39 | 000,000,000 | ---D | M] -- C:\Users\Torben F\AppData\Roaming\AdobeUM
[2011.12.06 17:35:47 | 000,000,000 | ---D | M] -- C:\Users\Torben F\AppData\Roaming\Apple Computer
[2011.01.03 15:44:16 | 000,000,000 | ---D | M] -- C:\Users\Torben F\AppData\Roaming\ArcSoft
[2010.09.18 15:26:42 | 000,000,000 | ---D | M] -- C:\Users\Torben F\AppData\Roaming\ASCON Installer
[2012.04.20 15:16:43 | 000,000,000 | ---D | M] -- C:\Users\Torben F\AppData\Roaming\Canon
[2010.06.10 15:32:51 | 000,000,000 | ---D | M] -- C:\Users\Torben F\AppData\Roaming\Corel
[2010.12.23 20:51:01 | 000,000,000 | ---D | M] -- C:\Users\Torben F\AppData\Roaming\DivX
[2012.10.07 15:50:00 | 000,000,000 | ---D | M] -- C:\Users\Torben F\AppData\Roaming\dvdcss
[2010.04.30 16:46:15 | 000,000,000 | ---D | M] -- C:\Users\Torben F\AppData\Roaming\FileOpen
[2012.04.17 19:49:59 | 000,000,000 | ---D | M] -- C:\Users\Torben F\AppData\Roaming\GoContactSyncMOD
[2012.08.19 14:36:03 | 000,000,000 | ---D | M] -- C:\Users\Torben F\AppData\Roaming\HpUpdate
[2012.04.23 16:17:44 | 000,000,000 | ---D | M] -- C:\Users\Torben F\AppData\Roaming\ICQ
[2010.04.27 21:53:21 | 000,000,000 | ---D | M] -- C:\Users\Torben F\AppData\Roaming\Identities
[2011.01.04 11:27:41 | 000,000,000 | ---D | M] -- C:\Users\Torben F\AppData\Roaming\InstallShield
[2010.07.07 19:05:32 | 000,000,000 | ---D | M] -- C:\Users\Torben F\AppData\Roaming\IrfanView
[2010.04.30 15:35:22 | 000,000,000 | ---D | M] -- C:\Users\Torben F\AppData\Roaming\Logitech
[2010.06.07 12:43:02 | 000,000,000 | ---D | M] -- C:\Users\Torben F\AppData\Roaming\Macromedia
[2009.07.14 09:56:41 | 000,000,000 | ---D | M] -- C:\Users\Torben F\AppData\Roaming\Media Center Programs
[2012.04.14 16:39:55 | 000,000,000 | --SD | M] -- C:\Users\Torben F\AppData\Roaming\Microsoft
[2010.06.07 12:35:49 | 000,000,000 | ---D | M] -- C:\Users\Torben F\AppData\Roaming\Mozilla
[2010.04.30 15:46:46 | 000,000,000 | ---D | M] -- C:\Users\Torben F\AppData\Roaming\Nero
[2011.01.04 11:26:25 | 000,000,000 | ---D | M] -- C:\Users\Torben F\AppData\Roaming\Nikon
[2012.09.20 12:55:22 | 000,000,000 | ---D | M] -- C:\Users\Torben F\AppData\Roaming\Opera
[2012.11.03 14:18:26 | 000,000,000 | ---D | M] -- C:\Users\Torben F\AppData\Roaming\Skype
[2011.07.02 15:28:03 | 000,000,000 | ---D | M] -- C:\Users\Torben F\AppData\Roaming\skypePM
[2010.09.12 15:00:35 | 000,000,000 | ---D | M] -- C:\Users\Torben F\AppData\Roaming\SolidWorks
[2010.06.07 13:47:19 | 000,000,000 | ---D | M] -- C:\Users\Torben F\AppData\Roaming\T-Online
[2011.01.29 16:16:50 | 000,000,000 | ---D | M] -- C:\Users\Torben F\AppData\Roaming\TeamViewer
[2010.09.15 16:57:24 | 000,000,000 | ---D | M] -- C:\Users\Torben F\AppData\Roaming\Thunderbird
[2011.03.02 12:31:38 | 000,000,000 | ---D | M] -- C:\Users\Torben F\AppData\Roaming\TomTom
[2012.11.05 19:59:25 | 000,000,000 | ---D | M] -- C:\Users\Torben F\AppData\Roaming\vlc
[2010.08.29 07:55:39 | 000,000,000 | ---D | M] -- C:\Users\Torben F\AppData\Roaming\WinRAR
 
< %appdata%\*.*  >
[2011.01.03 18:09:50 | 000,000,268 | RH-- | M] () -- C:\Users\Torben F\AppData\Roaming\Flowers
[2011.01.03 18:09:53 | 000,000,268 | RH-- | M] () -- C:\Users\Torben F\AppData\Roaming\Folder Actions
[2011.01.03 18:09:54 | 000,000,268 | RH-- | M] () -- C:\Users\Torben F\AppData\Roaming\Folder Actions Handlers
[2012.04.17 19:18:07 | 000,037,048 | ---- | M] () -- C:\Users\Torben F\AppData\Roaming\Kommagetrennte Werte (DOS).ADR
 
< %appdata%\*.exe /s >
[2010.04.30 17:03:17 | 000,010,134 | R--- | M] () -- C:\Users\Torben F\AppData\Roaming\Microsoft\Installer\{12665B01-3F3A-4433-B179-9D8E352D7547}\ARPPRODUCTICON.exe
[2010.04.30 17:03:38 | 000,029,990 | R--- | M] () -- C:\Users\Torben F\AppData\Roaming\Microsoft\Installer\{17E14D89-3A9F-4706-9F9B-C2DFC7ABE94B}\ARPPRODUCTICON.exe
[2012.04.17 19:48:21 | 000,353,118 | R--- | M] () -- C:\Users\Torben F\AppData\Roaming\Microsoft\Installer\{67989938-3E0E-4DFD-B2D7-E31ED4FC726C}\_853F67D554F05449430E7E.exe
[2012.04.17 19:48:21 | 000,010,134 | R--- | M] () -- C:\Users\Torben F\AppData\Roaming\Microsoft\Installer\{67989938-3E0E-4DFD-B2D7-E31ED4FC726C}\_92A99803BE5A61641E7175.exe
[2012.04.17 19:48:21 | 000,353,118 | R--- | M] () -- C:\Users\Torben F\AppData\Roaming\Microsoft\Installer\{67989938-3E0E-4DFD-B2D7-E31ED4FC726C}\_B0EBDAF1314EB721C85967.exe
[2011.01.04 10:59:51 | 000,057,344 | R--- | M] (InstallShield Software Corp.) -- C:\Users\Torben F\AppData\Roaming\Microsoft\Installer\{87441A59-5E64-4096-A170-14EFE67200C3}\ARPPRODUCTICON.exe
 
< %localappdata%\*.  >
[2010.12.21 13:17:44 | 000,000,000 | ---D | M] -- C:\Users\Torben F\AppData\Local\Adobe
[2010.04.30 15:45:28 | 000,000,000 | ---D | M] -- C:\Users\Torben F\AppData\Local\Ahead
[2012.08.24 13:12:20 | 000,000,000 | ---D | M] -- C:\Users\Torben F\AppData\Local\Akamai
[2010.04.27 21:53:15 | 000,000,000 | -HSD | M] -- C:\Users\Torben F\AppData\Local\Anwendungsdaten
[2010.06.07 12:41:46 | 000,000,000 | ---D | M] -- C:\Users\Torben F\AppData\Local\AOL
[2010.06.07 13:35:41 | 000,000,000 | ---D | M] -- C:\Users\Torben F\AppData\Local\Apple
[2012.10.15 16:34:29 | 000,000,000 | ---D | M] -- C:\Users\Torben F\AppData\Local\Apple Computer
[2012.11.17 14:10:46 | 000,000,000 | ---D | M] -- C:\Users\Torben F\AppData\Local\B56D0D18-D487-4056-85B5-813D646F5354.aplzod
[2011.11.15 18:28:34 | 000,000,000 | ---D | M] -- C:\Users\Torben F\AppData\Local\Diagnostics
[2012.05.20 20:51:44 | 000,000,000 | ---D | M] -- C:\Users\Torben F\AppData\Local\ElevatedDiagnostics
[2012.11.14 23:04:31 | 000,000,000 | ---D | M] -- C:\Users\Torben F\AppData\Local\Google
[2012.07.17 17:07:31 | 000,000,000 | ---D | M] -- C:\Users\Torben F\AppData\Local\HP
[2012.06.20 16:22:30 | 000,000,000 | ---D | M] -- C:\Users\Torben F\AppData\Local\Macromedia
[2010.06.07 17:12:37 | 000,000,000 | ---D | M] -- C:\Users\Torben F\AppData\Local\MediaMonkey
[2012.04.19 19:06:33 | 000,000,000 | ---D | M] -- C:\Users\Torben F\AppData\Local\Microsoft
[2010.11.26 16:49:30 | 000,000,000 | ---D | M] -- C:\Users\Torben F\AppData\Local\Microsoft Games
[2012.04.13 17:04:49 | 000,000,000 | ---D | M] -- C:\Users\Torben F\AppData\Local\Microsoft Help
[2010.06.07 12:35:40 | 000,000,000 | ---D | M] -- C:\Users\Torben F\AppData\Local\Mozilla
[2011.01.04 11:26:25 | 000,000,000 | ---D | M] -- C:\Users\Torben F\AppData\Local\Nikon
[2012.09.20 12:55:22 | 000,000,000 | ---D | M] -- C:\Users\Torben F\AppData\Local\Opera
[2010.11.29 18:24:49 | 000,000,000 | ---D | M] -- C:\Users\Torben F\AppData\Local\Paint.NET
[2012.11.12 21:53:52 | 000,000,000 | ---D | M] -- C:\Users\Torben F\AppData\Local\Programs
[2012.11.17 15:39:04 | 000,000,000 | ---D | M] -- C:\Users\Torben F\AppData\Local\Temp
[2010.04.27 21:53:15 | 000,000,000 | -HSD | M] -- C:\Users\Torben F\AppData\Local\Temporary Internet Files
[2010.09.15 16:57:24 | 000,000,000 | ---D | M] -- C:\Users\Torben F\AppData\Local\Thunderbird
[2011.03.02 12:31:38 | 000,000,000 | ---D | M] -- C:\Users\Torben F\AppData\Local\TomTom
[2010.04.27 21:53:15 | 000,000,000 | -HSD | M] -- C:\Users\Torben F\AppData\Local\Verlauf
[2010.06.02 17:18:03 | 000,000,000 | ---D | M] -- C:\Users\Torben F\AppData\Local\VirtualStore
 
< %localappdata%\*.* >
[2012.02.07 19:57:52 | 000,024,064 | ---- | M] () -- C:\Users\Torben F\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.11.16 16:24:13 | 000,109,280 | ---- | M] () -- C:\Users\Torben F\AppData\Local\GDIPFONTCACHEV1.DAT
[2012.11.17 14:45:57 | 002,919,903 | -H-- | M] () -- C:\Users\Torben F\AppData\Local\IconCache.db
 
< %localappdata%\*.exe /s >
[2012.08.10 17:31:24 | 002,158,896 | ---- | M] (Akamai Technologies, Inc.) -- C:\Users\Torben F\AppData\Local\Akamai\admintool.exe
[2012.08.10 17:53:54 | 004,411,192 | ---- | M] (Akamai Technologies, Inc.) -- C:\Users\Torben F\AppData\Local\Akamai\ControlPanel.exe
[2012.08.24 13:11:22 | 010,965,688 | ---- | M] (Akamai Technologies, Inc.) -- C:\Users\Torben F\AppData\Local\Akamai\installer_no_upload_silent.exe
[2012.08.10 17:59:52 | 004,440,896 | ---- | M] (Akamai Technologies, Inc.) -- C:\Users\Torben F\AppData\Local\Akamai\netsession_win.exe
[2012.08.10 17:59:50 | 006,336,304 | ---- | M] (Akamai Technologies, Inc.) -- C:\Users\Torben F\AppData\Local\Akamai\rswinui.exe
[2012.08.10 17:59:52 | 002,243,384 | ---- | M] (Akamai Technologies, Inc.) -- C:\Users\Torben F\AppData\Local\Akamai\uninstall.exe
[2012.11.16 17:18:07 | 032,218,264 | ---- | M] () -- C:\Users\Torben F\AppData\Local\Temp\SHSetup.exe
[42 C:\Users\Torben F\AppData\Local\Temp\*.tmp files -> C:\Users\Torben F\AppData\Local\Temp\*.tmp -> ]
 
< %allusersprofile%\*.  >
[2012.09.13 17:34:30 | 000,000,000 | ---D | M] -- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2010.04.28 21:14:40 | 000,000,000 | ---D | M] -- C:\ProgramData\ACD Systems
[2012.09.04 17:38:13 | 000,000,000 | ---D | M] -- C:\ProgramData\Adobe
[2010.04.27 21:53:09 | 000,000,000 | -HSD | M] -- C:\ProgramData\Anwendungsdaten
[2011.06.17 16:53:03 | 000,000,000 | ---D | M] -- C:\ProgramData\Apple
[2010.06.21 17:03:46 | 000,000,000 | ---D | M] -- C:\ProgramData\Apple Computer
[2009.07.14 05:53:55 | 000,000,000 | -HSD | M] -- C:\ProgramData\Application Data
[2012.11.12 22:00:27 | 000,000,000 | ---D | M] -- C:\ProgramData\Browser Manager
[2010.04.30 15:13:23 | 000,000,000 | -H-D | M] -- C:\ProgramData\CanonBJ
[2012.01.10 22:16:56 | 000,000,000 | -H-D | M] -- C:\ProgramData\CanonEPP
[2012.01.10 22:16:56 | 000,000,000 | -H-D | M] -- C:\ProgramData\CanonIJEPPEX2
[2012.04.20 15:15:36 | 000,000,000 | -H-D | M] -- C:\ProgramData\CanonIJScan
[2012.01.10 22:17:01 | 000,000,000 | -H-D | M] -- C:\ProgramData\CanonIJSolutionMenuEX
[2012.07.01 17:32:25 | 000,000,000 | ---D | M] -- C:\ProgramData\CanonIJWSpt
[2010.04.30 17:02:52 | 000,000,000 | ---D | M] -- C:\ProgramData\Corel
[2009.07.14 05:53:55 | 000,000,000 | -HSD | M] -- C:\ProgramData\Desktop
[2011.11.24 17:46:36 | 000,000,000 | ---D | M] -- C:\ProgramData\DivX
[2009.07.14 05:53:55 | 000,000,000 | -HSD | M] -- C:\ProgramData\Documents
[2010.04.27 21:53:09 | 000,000,000 | -HSD | M] -- C:\ProgramData\Dokumente
[2011.01.03 18:09:54 | 000,000,000 | ---D | M] -- C:\ProgramData\EnterNHelp
[2010.04.27 21:53:09 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favoriten
[2009.07.14 05:53:55 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favorites
[2012.11.14 23:04:31 | 000,000,000 | ---D | M] -- C:\ProgramData\Google
[2012.07.17 16:57:48 | 000,000,000 | ---D | M] -- C:\ProgramData\HP
[2012.07.17 17:02:17 | 000,000,000 | ---D | M] -- C:\ProgramData\HP Photo Creations
[2010.11.20 16:03:52 | 000,000,000 | ---D | M] -- C:\ProgramData\hps
[2011.01.03 18:09:50 | 000,000,000 | ---D | M] -- C:\ProgramData\Hybrid Morph
[2012.11.17 14:38:07 | 000,000,000 | ---D | M] -- C:\ProgramData\ICQ
[2011.01.03 18:09:53 | 000,000,000 | ---D | M] -- C:\ProgramData\Images
[2011.01.03 18:09:54 | 000,000,000 | ---D | M] -- C:\ProgramData\Iterate Items
[2012.11.17 14:50:45 | 000,000,000 | ---D | M] -- C:\ProgramData\Kaspersky Lab
[2012.09.10 17:21:15 | 000,000,000 | ---D | M] -- C:\ProgramData\Kaspersky Lab Setup Files
[2010.06.29 21:38:17 | 000,000,000 | ---D | M] -- C:\ProgramData\McAfee
[2011.05.30 16:27:40 | 000,000,000 | --SD | M] -- C:\ProgramData\Microsoft
[2012.11.16 07:06:50 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft Help
[2010.04.30 17:02:51 | 000,000,000 | ---D | M] -- C:\ProgramData\My Music
[2010.10.08 12:48:31 | 000,000,000 | ---D | M] -- C:\ProgramData\Nero
[2011.01.04 12:05:56 | 000,000,000 | ---D | M] -- C:\ProgramData\Nikon
[2012.03.06 17:55:21 | 000,000,000 | ---D | M] -- C:\ProgramData\NVIDIA
[2012.03.06 17:51:01 | 000,000,000 | ---D | M] -- C:\ProgramData\NVIDIA Corporation
[2011.01.04 11:32:50 | 000,000,000 | ---D | M] -- C:\ProgramData\Philips
[2012.09.20 14:53:02 | 000,000,000 | ---D | M] -- C:\ProgramData\Skype
[2011.07.01 13:17:54 | 000,000,000 | ---D | M] -- C:\ProgramData\Skype Extras
[2012.11.17 14:19:18 | 000,000,000 | ---D | M] -- C:\ProgramData\Spybot - Search & Destroy
[2009.07.14 05:53:55 | 000,000,000 | -HSD | M] -- C:\ProgramData\Start Menu
[2010.04.27 21:53:09 | 000,000,000 | -HSD | M] -- C:\ProgramData\Startmenü
[2010.08.12 20:19:42 | 000,000,000 | ---D | M] -- C:\ProgramData\Sun
[2010.06.07 13:45:32 | 000,000,000 | ---D | M] -- C:\ProgramData\T-Online
[2009.07.14 05:53:55 | 000,000,000 | -HSD | M] -- C:\ProgramData\Templates
[2011.12.13 19:30:31 | 000,000,000 | ---D | M] -- C:\ProgramData\tmp
[2011.03.02 12:32:29 | 000,000,000 | ---D | M] -- C:\ProgramData\TomTom
[2011.01.03 18:09:54 | 000,000,000 | ---D | M] -- C:\ProgramData\Ultima_T15
[2010.04.27 21:53:09 | 000,000,000 | -HSD | M] -- C:\ProgramData\Vorlagen
[2010.06.07 13:37:32 | 000,000,000 | ---D | M] -- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
 
< %allusersprofile%\*.* >
[2012.07.17 16:56:53 | 000,000,057 | ---- | M] () -- C:\ProgramData\Ament.ini
[2010.06.08 17:23:56 | 000,000,056 | -H-- | M] () -- C:\ProgramData\ezsidmv.dat
[2011.01.03 18:09:50 | 000,000,268 | RH-- | M] () -- C:\ProgramData\Fonts
[2011.01.03 18:09:53 | 000,000,268 | RH-- | M] () -- C:\ProgramData\Framework
[2011.01.03 18:09:54 | 000,000,268 | RH-- | M] () -- C:\ProgramData\Frameworks
[2011.01.04 10:58:20 | 000,000,020 | -H-- | M] () -- C:\ProgramData\PKP_DLes.DAT
[2011.01.04 11:26:27 | 000,000,020 | -H-- | M] () -- C:\ProgramData\PKP_DLet.DAT
[2011.01.04 10:58:20 | 000,000,020 | -H-- | M] () -- C:\ProgramData\PKP_DLev.DAT
 
< %allusersprofile%\*.exe /s >
[2012.08.21 12:01:28 | 001,977,816 | ---- | M] (GEAR Software, Inc.) -- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1\GEARDIFx.exe
[2012.08.21 12:01:22 | 000,115,672 | ---- | M] (GEAR Software, Inc.) -- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1\x86\DifXInst32.exe
[2012.01.03 08:37:53 | 000,320,456 | ---- | M] (Adobe Systems Incorporated) -- C:\ProgramData\Adobe\ARM\Reader_10.1.1\18768\AcrobatUpdater.exe
[2012.01.03 08:37:53 | 000,843,712 | ---- | M] (Adobe Systems Incorporated) -- C:\ProgramData\Adobe\ARM\Reader_10.1.1\18768\AdobeARM.exe
[2012.01.03 08:37:53 | 000,320,456 | ---- | M] (Adobe Systems Incorporated) -- C:\ProgramData\Adobe\ARM\Reader_10.1.1\18768\AdobeARMHelper.exe
[2012.01.03 08:37:53 | 000,320,456 | ---- | M] (Adobe Systems Incorporated) -- C:\ProgramData\Adobe\ARM\Reader_10.1.1\18768\ReaderUpdater.exe
[2012.01.03 08:37:53 | 000,320,456 | ---- | M] (Adobe Systems Incorporated) -- C:\ProgramData\Adobe\ARM\Reader_10.1.1\21179\AcrobatUpdater.exe
[2012.01.03 08:37:53 | 000,843,712 | ---- | M] (Adobe Systems Incorporated) -- C:\ProgramData\Adobe\ARM\Reader_10.1.1\21179\AdobeARM.exe
[2012.01.03 08:37:53 | 000,320,456 | ---- | M] (Adobe Systems Incorporated) -- C:\ProgramData\Adobe\ARM\Reader_10.1.1\21179\AdobeARMHelper.exe
[2012.01.03 08:37:53 | 000,320,456 | ---- | M] (Adobe Systems Incorporated) -- C:\ProgramData\Adobe\ARM\Reader_10.1.1\21179\ReaderUpdater.exe
[2012.01.03 08:37:53 | 000,320,456 | ---- | M] (Adobe Systems Incorporated) -- C:\ProgramData\Adobe\ARM\Reader_10.1.1\29629\AcrobatUpdater.exe
[2012.01.03 08:37:53 | 000,843,712 | ---- | M] (Adobe Systems Incorporated) -- C:\ProgramData\Adobe\ARM\Reader_10.1.1\29629\AdobeARM.exe
[2012.01.03 08:37:53 | 000,320,456 | ---- | M] (Adobe Systems Incorporated) -- C:\ProgramData\Adobe\ARM\Reader_10.1.1\29629\AdobeARMHelper.exe
[2012.01.03 08:37:53 | 000,320,456 | ---- | M] (Adobe Systems Incorporated) -- C:\ProgramData\Adobe\ARM\Reader_10.1.1\29629\ReaderUpdater.exe
[2012.09.13 17:29:12 | 000,073,624 | ---- | M] (Apple Inc.) -- C:\ProgramData\Apple Computer\Installer Cache\iTunes 10.7.0.21\SetupAdmin.exe
[2011.10.06 04:00:12 | 000,073,576 | ---- | M] (Apple Inc.) -- C:\ProgramData\Apple\Installer Cache\iCloud Control Panel 1.0.1.29\SetupAdmin.exe
[2011.12.06 17:34:08 | 000,073,576 | ---- | M] (Apple Inc.) -- C:\ProgramData\Apple\Installer Cache\iCloud Control Panel 1.0.2.17\SetupAdmin.exe
[2012.03.14 18:07:23 | 000,073,576 | ---- | M] (Apple Inc.) -- C:\ProgramData\Apple\Installer Cache\iCloud Control Panel 1.1.0.40\SetupAdmin.exe
[2012.09.25 15:52:44 | 000,073,616 | ---- | M] (Apple Inc.) -- C:\ProgramData\Apple\Installer Cache\iCloud Control Panel 2.0.2.187\SetupAdmin.exe
[2010.11.21 14:50:35 | 000,056,969 | ---- | M] (DivX, Inc.) -- C:\ProgramData\DivX\ASPEncoder\Uninstaller.exe
[2011.11.24 17:46:21 | 000,057,591 | ---- | M] (DivX, Inc.) -- C:\ProgramData\DivX\ControlPanel\Uninstaller.exe
[2011.04.05 16:42:00 | 000,054,128 | ---- | M] (DivX, Inc.) -- C:\ProgramData\DivX\Converter\Uninstaller.exe
[2011.11.24 17:46:26 | 000,063,144 | ---- | M] (DivX, LLC) -- C:\ProgramData\DivX\DesktopService\Uninstaller.exe
[2010.11.21 14:51:07 | 000,054,153 | ---- | M] (DivX, Inc.) -- C:\ProgramData\DivX\DFXPlugin\Uninstaller.exe
[2010.06.07 17:18:13 | 000,529,220 | ---- | M] (DivX, Inc.) -- C:\ProgramData\DivX\DivX7\DivX Converter\DivXConverterUninstall.exe
[2010.06.07 17:18:17 | 000,529,220 | ---- | M] (DivX, Inc.) -- C:\ProgramData\DivX\DivX7\DivX Player\DivXPlayerUninstall.exe
[2010.06.07 17:18:18 | 000,529,220 | ---- | M] (DivX, Inc.) -- C:\ProgramData\DivX\DivX7\DivX Plus DirectShow Filters\DivXDSFiltersUninstall.exe
[2010.11.21 14:51:11 | 000,056,458 | ---- | M] (DivX, Inc.) -- C:\ProgramData\DivX\DivXDecoderShortcut\Uninstaller.exe
[2011.11.24 17:46:36 | 000,064,957 | ---- | M] (DivX, LLC) -- C:\ProgramData\DivX\DivXPlusShortcuts\Uninstaller.exe
[2011.04.05 16:42:03 | 000,062,879 | ---- | M] (DivX, LLC) -- C:\ProgramData\DivX\DSAACDecoder\Uninstaller.exe
[2011.11.24 17:46:23 | 000,057,275 | ---- | M] (DivX, Inc.) -- C:\ProgramData\DivX\DSASPDecoder\Uninstaller.exe
[2010.11.21 14:51:17 | 000,054,166 | ---- | M] (DivX, Inc.) -- C:\ProgramData\DivX\DSAVCDecoder\Uninstaller.exe
[2011.04.05 16:42:06 | 000,057,037 | ---- | M] (DivX, Inc.) -- C:\ProgramData\DivX\DSDesktopComponents\Uninstaller.exe
[2011.04.05 16:42:12 | 000,065,801 | ---- | M] (DivX, LLC) -- C:\ProgramData\DivX\MFComponents\Uninstaller.exe
[2011.04.05 16:41:49 | 000,054,101 | ---- | M] (DivX, Inc.) -- C:\ProgramData\DivX\MPEG2Plugin\Uninstaller.exe
[2011.11.24 17:46:16 | 000,061,667 | ---- | M] (DivX, LLC) -- C:\ProgramData\DivX\MSVC80CRTRedist\Uninstaller.exe
[2011.11.24 17:46:18 | 000,063,228 | ---- | M] (DivX, Inc.) -- C:\ProgramData\DivX\OVSHelper\Uninstaller.exe
[2010.11.21 14:52:16 | 000,057,736 | ---- | M] (DivX, Inc.) -- C:\ProgramData\DivX\Player\Uninstaller.exe
[2011.04.05 16:41:45 | 000,054,073 | ---- | M] (DivX, Inc.) -- C:\ProgramData\DivX\Qt4.5\Uninstaller.exe
[2010.11.21 14:45:19 | 000,144,696 | ---- | M] () -- C:\ProgramData\DivX\RunAsUser\RUNASUSERPROCESS.exe
[2011.11.24 17:41:07 | 000,926,560 | ---- | M] (DivX, LLC) -- C:\ProgramData\DivX\Setup\DivXSetup.exe
[2011.04.05 16:41:57 | 000,054,644 | ---- | M] (DivX, Inc.) -- C:\ProgramData\DivX\TranscodeEngine\Uninstaller.exe
[2010.11.21 14:51:33 | 000,084,038 | ---- | M] (DivX, Inc.) -- C:\ProgramData\DivX\TransferWizard\Uninstaller.exe
[2011.11.24 17:46:28 | 000,061,792 | ---- | M] (DivX, LLC) -- C:\ProgramData\DivX\Update\Uninstaller.exe
[2011.11.24 17:46:34 | 000,066,441 | ---- | M] (DivX, LLC) -- C:\ProgramData\DivX\WebPlayer\Uninstaller.exe
[2011.07.13 22:03:24 | 000,527,024 | ---- | M] (Google Inc.) -- C:\ProgramData\Google\Google Toolbar\Update\GoogleToolbarInstaller_updater_signed.exe
[2011.02.15 11:11:00 | 000,153,768 | ---- | M] () -- C:\ProgramData\HP Photo Creations\MessageCheck.exe
[2011.02.15 11:11:00 | 000,301,224 | ---- | M] (Visan / RocketLife) -- C:\ProgramData\HP Photo Creations\PhotoProductCore.exe
[2011.02.15 11:11:00 | 000,158,944 | ---- | M] () -- C:\ProgramData\HP Photo Creations\PhotoProductReg.exe
[2011.12.13 18:47:24 | 001,562,920 | ---- | M] () -- C:\ProgramData\hps\1320\setup_dm_Fotowelt.exe
[2010.05.07 15:27:22 | 000,068,256 | ---- | M] () -- C:\ProgramData\Kaspersky Lab Setup Files\Kaspersky Internet Security 2011 11.0.0.232\German\setup.exe
[2012.08.17 20:43:06 | 000,218,880 | ---- | M] (Kaspersky Lab ZAO) -- C:\ProgramData\Kaspersky Lab\AVP13\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav13\13.0.1.4190\avp.exe
[2012.10.29 22:23:21 | 000,917,984 | ---- | M] () -- C:\ProgramData\Microsoft\Windows Defender\LocalCopy\{68CBF6E9-9E3E-58B5-09E0-BEA04183832B}-firefox.exe
[2012.11.10 11:14:04 | 001,199,576 | ---- | M] () -- C:\ProgramData\Microsoft\Windows Defender\LocalCopy\{A3147B27-E1A3-F22A-9B9E-1589EC389439}-SpotifyWebHelper.exe
[2011.05.21 06:01:00 | 000,194,152 | ---- | M] (NVIDIA Corporation) -- C:\ProgramData\NVIDIA\Updatus\WLMerger.exe
[1970.01.01 01:00:00 | 000,114,886 | ---- | M] () -- C:\ProgramData\NVIDIA\Updatus\Download\3FB908F6\drsupdate.10165912_RUNASUSER.exe
[2012.08.13 12:33:30 | 003,064,000 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
 
<           >

< End of report >
         
--- --- ---

[/CODE]

und die von EXTRA.exe
OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 17.11.2012 15:33:27 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Torben F\Desktop
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,13 Gb Available Physical Memory | 56,37% Memory free
4,00 Gb Paging File | 2,79 Gb Available in Paging File | 69,73% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 195,31 Gb Total Space | 97,19 Gb Free Space | 49,76% Space Free | Partition Type: NTFS
Drive D: | 117,19 Gb Total Space | 110,78 Gb Free Space | 94,53% Space Free | Partition Type: NTFS
Drive E: | 97,65 Gb Total Space | 96,23 Gb Free Space | 98,54% Space Free | Partition Type: NTFS
Drive F: | 55,61 Gb Total Space | 38,53 Gb Free Space | 69,29% Space Free | Partition Type: NTFS
 
Computer Name: CHEFFE | User Name: Torben F | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: On | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-4193105443-658353482-3685622148-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- D:\Mozilla Firfox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- "%1" %*
htmlfile [edit] -- "D:\Ms Office 2007\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "D:\Ms Office 2007\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [ACDBrowse] -- "D:\ACDSee\ACDSee\6.0\ACDSee6.exe" "%1" (ACD Systems Ltd.)
Directory [AddToPlaylistVLC] -- "D:\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with &IrfanView] -- "D:\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [CEWE FOTOSCHAU] -- "D:\dm-Fotowelt\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [dm-Fotowelt] -- "D:\dm-Fotowelt\dm-Fotowelt.exe" "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "D:\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04AA9CBE-6E36-4C56-B395-992BF87DBBB7}" = lport=139 | protocol=6 | dir=in | app=system | 
"{0BB115FC-F6FD-4DA8-A997-5D2F737B024F}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{1900A1F7-D749-420A-9B22-775AF054FAC3}" = lport=445 | protocol=6 | dir=in | app=system | 
"{19E64EF5-F793-44A1-8EA2-722540F05075}" = rport=445 | protocol=6 | dir=out | app=system | 
"{1EB68FCD-25F4-48F3-8077-C7F100ADBE19}" = lport=6004 | protocol=17 | dir=in | app=d:\ms office 2007\office14\outlook.exe | 
"{30620299-016F-48CD-A4D0-26F1DD7F5C2B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{3831BCAD-B98C-43AE-A6BF-0E233AE637DC}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{4443BDEA-B256-4614-843A-373598B70149}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{4534FDEC-CF31-4C82-88B1-4EF8E6486886}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{4557F0FE-35BE-4859-AC20-666A5374C8B9}" = rport=137 | protocol=17 | dir=out | app=system | 
"{4AB43EB4-A8E1-416D-A88F-CF5F17DA0AD5}" = rport=137 | protocol=17 | dir=out | app=system | 
"{6D86848C-6471-474B-A94A-3EEDA0BE8053}" = lport=53 | protocol=17 | dir=in | name=realtek ap udp prot | 
"{7148DDA0-5F99-44CD-8F58-73EAE7D2F91F}" = lport=53 | protocol=17 | dir=in | name=realtek ap udp prot | 
"{7612200D-C216-4AA2-9497-7E3F0B129BAE}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{774552A5-7AC7-44DD-BBE9-F757B5FB4D69}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{783F40F6-3F7D-4631-A4E5-AE87BA9648AC}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{7E2F4A3B-FA59-448C-93CB-2BA801C69F55}" = lport=138 | protocol=17 | dir=in | app=system | 
"{85027573-4866-47C7-A2E5-C8E19197B7AA}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{90817A75-C8F1-4D8F-B8D5-5CA8E20E9EB2}" = lport=1542 | protocol=17 | dir=in | name=realtek wps udp prot | 
"{958F39ED-55A5-4FAF-ABF4-363D6EB89BB7}" = lport=139 | protocol=6 | dir=in | app=system | 
"{97B200C5-595B-415D-90E0-792A190A4E93}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{A8610C75-D044-43A4-90DE-6CBB1EAB0389}" = lport=137 | protocol=17 | dir=in | app=system | 
"{A8CFDFE3-E7E0-4CD6-A5AB-A19281C5BD4B}" = rport=139 | protocol=6 | dir=out | app=system | 
"{AA933EF2-91F3-438C-8EF5-9FAFC220D9FB}" = lport=445 | protocol=6 | dir=in | app=system | 
"{AF279C22-D796-47D7-BC56-6DF2589845CC}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{B567C9B8-CF08-4BB6-BC42-C2FBEB8526F5}" = rport=138 | protocol=17 | dir=out | app=system | 
"{B9399614-8DD8-4FF7-8A3F-EA2E6640076D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{BA9AAD9C-8832-41B0-B60B-DB99DD7745B2}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{C4E26082-D4DC-4234-887F-09D73051FD39}" = lport=1542 | protocol=6 | dir=in | name=realtek wps tcp prot | 
"{C4FCBC00-B4F5-487F-B83A-344546AC3DDE}" = rport=445 | protocol=6 | dir=out | app=system | 
"{C7FF7030-4EBE-40AC-AC75-1F1CB102D15A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{CA731ED0-58A6-489A-ACC0-6CBF7D650330}" = lport=1542 | protocol=17 | dir=in | name=realtek wps udp prot | 
"{CEEF7976-E1B0-4044-BC63-BD40E2640DE0}" = lport=1542 | protocol=6 | dir=in | name=realtek wps tcp prot | 
"{D55A75BB-649A-4144-8F99-F645A9826EF0}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{D7B6C61B-6E26-47C6-9D12-DD55D81285DB}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{ED18C42C-E346-49EA-86F2-DCD74F0C720E}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{F2D26A8E-8015-424A-A7F3-D1FB6350B542}" = lport=137 | protocol=17 | dir=in | app=system | 
"{F31083BA-90AB-49AA-BF83-906B5F8C805D}" = rport=139 | protocol=6 | dir=out | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0DA7C290-5606-4253-8CCC-D01066E94CC6}" = protocol=17 | dir=in | app=c:\users\torben f\appdata\local\akamai\netsession_win.exe | 
"{1476D2EC-756D-4D8F-9B81-DFCE11F648AE}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{162D3F76-7442-41C8-9755-9567FEDA2C00}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{1D2D9F68-EDE0-4BF9-8D08-30C18503DE29}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{1E5686D7-6216-4496-9EF2-8E06A6285CA1}" = protocol=17 | dir=in | app=d:\ms office 2007\office14\onenote.exe | 
"{2341B49A-1BF3-4C9E-B37E-1D611C54BB22}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{26DC1F36-6297-498E-821B-B60E73416203}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{27523560-8ABA-41E2-9DFC-548CD5945DC9}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{2DF10E8A-3E17-4D59-912C-5B61D6F8C6CF}" = protocol=6 | dir=out | app=system | 
"{35B35087-5460-42C9-92C7-1B00B568B076}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{37C6F628-D9A1-40AD-B724-280345296C00}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{3B6A9104-E507-442F-B19C-D674BC230442}" = protocol=6 | dir=in | app=d:\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe | 
"{3DF9CBA6-5FCD-4297-AC84-E34BFFC9459F}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{42A9E870-FCE3-4AFC-A211-F5856A09EEE3}" = dir=in | app=d:\itunes\itunes.exe | 
"{464D10DD-13E4-49B3-A421-1B9EDDB90521}" = protocol=17 | dir=in | app=d:\ms office 2007\office14\groove.exe | 
"{57829840-ACFD-4650-A925-3E1AAA41289B}" = protocol=6 | dir=in | app=c:\program files\realtek\11n usb wireless lan utility\rtwlan.exe | 
"{5F480737-3464-4D46-89D1-969F46E172AC}" = dir=in | app=c:\program files\hp\hp photosmart 5510 series\bin\hpnetworkcommunicator.exe | 
"{6F45E238-5E1C-4798-BABD-3772CACC214B}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{71053B8B-54D0-4655-B07D-C54C3FDD02CD}" = dir=in | app=c:\program files\hp\hp photosmart 5510 series\bin\devicesetup.exe | 
"{71DE4EDC-6BA3-4F18-8412-90335019DD4B}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version6\teamviewer_service.exe | 
"{73C8D222-244F-4C84-9144-A5B7536FE5DF}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{74C5269E-4974-4AA0-9E1C-A214CA8EA338}" = protocol=17 | dir=in | app=c:\program files\realtek\11n usb wireless lan utility\rtwlan.exe | 
"{79402A79-B005-4860-BCC8-3F326ADF2B89}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe | 
"{828D6AED-AD1E-4FF1-8BD2-4544552224ED}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{84D11599-2337-4098-9F36-E21D6C07A152}" = protocol=6 | dir=in | app=c:\program files\icq7.6\icq.exe | 
"{995A3555-E819-4CF0-A250-654A9F49421D}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{A0C0C245-5A22-41E7-8AB1-F3A7F3EDF3BC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{A1333D4B-B062-4411-B9C6-578284772884}" = protocol=17 | dir=in | app=c:\program files\realtek\11n usb wireless lan utility\rtwlan.exe | 
"{A4A8D8B8-DEF7-42F9-973D-EBDCA54519F1}" = protocol=6 | dir=in | app=c:\users\torben f\appdata\local\akamai\netsession_win.exe | 
"{A80B6DDE-8E8F-48AD-8CE3-9F69B2597123}" = protocol=6 | dir=in | app=d:\ms office 2007\office14\onenote.exe | 
"{B49DA458-F713-4BB8-B651-65AE6E6002AC}" = protocol=6 | dir=in | app=c:\program files\icq7.6\icq.exe | 
"{BD1AC190-D45E-43EB-8AFC-8D543C1349C1}" = protocol=17 | dir=in | app=d:\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe | 
"{C32FCB86-569C-49C1-BEEF-357988114C5A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{C52CDD9B-625F-400B-A77B-914C0FCA7E08}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{C8E4CC99-C635-4355-A397-63989E52BB2F}" = protocol=6 | dir=in | app=d:\ms office 2007\office14\groove.exe | 
"{D5D9AE66-FB45-48A0-9011-F2D087CDE821}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | 
"{D6A5D0D2-4074-4533-88DB-1DC6B76CA34D}" = protocol=17 | dir=in | app=c:\program files\icq7.6\icq.exe | 
"{DC9D6593-D241-46CA-82E9-0BC28A0A45EF}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{DE05EFA7-C236-4CA1-B130-9BE84937ABB5}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version6\teamviewer.exe | 
"{E701A045-E0E4-42B3-9FD4-712A2CB16E77}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version6\teamviewer_service.exe | 
"{EEC39CAA-C1A5-4285-AD13-BCF449025799}" = protocol=17 | dir=in | app=c:\program files\icq7.6\icq.exe | 
"{F309223C-4C9D-41EA-BCA0-B71C199DC249}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version6\teamviewer.exe | 
"{F492EED2-0CDD-472A-83E4-2C5CE136564B}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{FC9FD8AD-78B1-4475-B09E-74A2DB08C559}" = protocol=6 | dir=in | app=c:\program files\realtek\11n usb wireless lan utility\rtwlan.exe | 
"{FDBE9C7C-C4AE-422E-AA94-4B1CB2231256}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{05F350C6-FA6A-40D0-A130-FB941B39152C}" = Philips SPC230NC Webcam
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID-Anmelde-Assistent
"{0F6F6876-6334-4977-B5DD-CFC12E193420}" = iTunes
"{12665B01-3F3A-4433-B179-9D8E352D7547}" = Try Corel Snapfire muvee autoProducer add on
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{17E14D89-3A9F-4706-9F9B-C2DFC7ABE94B}" = Corel Snapfire DVD Maker
"{1ADE1AA0-7F82-4BB1-B1BD-727DE438057B}" = Cool & Quiet
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
"{295C31E5-3F91-498E-9623-DA24D2FA2B6A}" = T-Online WLAN-Access Finder
"{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}" = Logitech SetPoint
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D30AB17-69E4-4F0F-9CF8-BED11CF8716F}" = CSI-Miami
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{415FA9AD-DA10-4ABE-97B6-5051D4795C90}" = HP FWUpdateEDO2
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{560985FB-4B76-4121-9189-7A2CDC7886D6}" = Kaspersky Internet Security 2013
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{6733975E-52C9-4624-805D-36A4F79F7BBB}" = MDESIGN Roloff/Matek Edition
"{67989938-3E0E-4DFD-B2D7-E31ED4FC726C}" = GO Contact Sync Mod
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6B4AD1A9-E73A-4184-9D6B-072F8A3C5EBA}" = VoiceOver Kit
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7644E42D-B096-457F-8B5B-901238FC81AE}" = ICQ7.6
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{79FA7C3A-23E9-415B-9D5F-465DBCA59247}" = ADAC RoutenPlaner 2006/2007
"{7ADE3A47-B425-45E9-8FF6-11BE2B775645}" = Corel Snapfire Plus
"{7B63B2922B174135AFC0E1377DD81EC2}" = 
"{80CCA55B-FCA8-47E2-9BFE-A24CDEE51031}" = SecurDisc Viewer
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 4.1.2
"{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie
"{87441A59-5E64-4096-A170-14EFE67200C3}" = Picture Control Utility
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8CC68433-5837-4075-B81F-EA7E4F14CE60}" = iCloud
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}" = Logitech Desktop Messenger
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A8C75F6-E5CC-47F9-962A-73FE54A8AF41}" = HP Photosmart 5510 series - Grundlegende Software für das Gerät
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C049499-055C-4a0c-A916-1D8CA1FF45EB}" = REALTEK Wireless LAN Driver and Utility
"{A7496F46-78AE-4DB2-BCF5-95F210FA6F96}" = Windows Live Movie Maker
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.3.5
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{C167A588-87AA-47BF-A88E-5B0F9A14480D}" = InterVideo DVDCopy5
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CECB7782-F35F-45CE-97C0-74BBBDC51C22}" = Webcam Video Viewer
"{D1E7142C-6BC3-49EB-A71A-E5D7ADAC7599}" = Nikon File Uploader 2
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D4DDFAA1-EC37-4529-AD5B-A433ADE68662}" = Apple Mobile Device Support
"{DDD62492-32A7-412B-8AF1-2CF032AD42E3}" = ViewNX 2
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F006F696-7D71-4118-AC02-B714980F6288}" = ACDSee for Pentax 2.0
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F5266D28-E0B2-4130-BFC5-EE155AD514DC}" = Apple Application Support
"7-Zip" = 7-Zip 4.65
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Akamai" = Akamai NetSession Interface Service
"AVMWLANCLI" = AVM FRITZ!WLAN
"CCleaner" = CCleaner
"CDex" = CDex extraction audio
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup" = DivX-Setup
"dm-Fotowelt" = dm-Fotowelt
"Formelsammlung Roloff-Matek" = Formelsammlung Roloff-Matek
"HP Photo Creations" = HP Photo Creations
"INSITU - Stahl - ME - 2004" = INSITU - Stahl - ME - 2004
"INSITU Aluminium - ME - 2004" = INSITU Aluminium - ME - 2004
"InstallWIX_{560985FB-4B76-4121-9189-7A2CDC7886D6}" = Kaspersky Internet Security 2013
"IrfanView" = IrfanView (remove only)
"MediaMonkey_is1" = MediaMonkey 3.2
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"Mozilla Thunderbird (3.1.3)" = Mozilla Thunderbird (3.1.3)
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"Philips Intelligent Agent_is1" = Philips Intelligent Agent
"Sweet Home 3D_is1" = Sweet Home 3D version 2.6
"TeamViewer 6" = TeamViewer 6
"TomTom HOME" = TomTom HOME 2.8.3.2499
"VLC media player" = VLC media player 1.0.5
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"WinZip" = WinZip
"YTdetect" = Yahoo! Detect
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-4193105443-658353482-3685622148-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface
"Mozilla Firefox 16.0.2 (x86 de)" = Mozilla Firefox 16.0.2 (x86 de)
"Mozilla Thunderbird 16.0.2 (x86 de)" = Mozilla Thunderbird 16.0.2 (x86 de)
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 01.09.2011 04:22:44 | Computer Name = cheffe | Source = Customer Experience Improvement Program | ID = 1008
Description = 
 
Error - 01.09.2011 13:00:08 | Computer Name = cheffe | Source = Windows Backup | ID = 4103
Description = 
 
[ System Events ]
Error - 14.11.2012 12:29:57 | Computer Name = cheffe | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits
 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt:
 Neustart des Diensts.
 
Error - 14.11.2012 12:30:27 | Computer Name = cheffe | Source = Service Control Manager | ID = 7032
Description = Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden
 des Dienstes "Windows Search" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen,
 ist fehlgeschlagen. Fehler:   %%1056
 
Error - 14.11.2012 14:57:35 | Computer Name = cheffe | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Kaspersky Anti-Virus Service" wurde unerwartet beendet.
 Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000
 Millisekunden durchgeführt: Neustart des Diensts.
 
Error - 16.11.2012 18:52:40 | Computer Name = cheffe | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?16.?11.?2012 um 23:51:13 unerwartet heruntergefahren.
 
Error - 16.11.2012 19:37:16 | Computer Name = cheffe | Source = Service Control Manager | ID = 7000
Description = Der Dienst "SpyHunter 4 Service" wurde aufgrund folgenden Fehlers 
nicht gestartet:   %%2
 
Error - 17.11.2012 05:19:14 | Computer Name = cheffe | Source = Service Control Manager | ID = 7000
Description = Der Dienst "SpyHunter 4 Service" wurde aufgrund folgenden Fehlers 
nicht gestartet:   %%2
 
Error - 17.11.2012 09:05:21 | Computer Name = cheffe | Source = Service Control Manager | ID = 7000
Description = Der Dienst "SpyHunter 4 Service" wurde aufgrund folgenden Fehlers 
nicht gestartet:   %%2
 
Error - 17.11.2012 09:21:02 | Computer Name = cheffe | Source = Service Control Manager | ID = 7000
Description = Der Dienst "SpyHunter 4 Service" wurde aufgrund folgenden Fehlers 
nicht gestartet:   %%2
 
Error - 17.11.2012 09:38:04 | Computer Name = cheffe | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Browser Manager" wurde unerwartet beendet. Dies ist bereits
 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt:
 Neustart des Diensts.
 
Error - 17.11.2012 09:47:02 | Computer Name = cheffe | Source = Service Control Manager | ID = 7000
Description = Der Dienst "SpyHunter 4 Service" wurde aufgrund folgenden Fehlers 
nicht gestartet:   %%2
 
 
< End of report >
         
--- --- ---

[/CODE]


Ccleaner habe ich deinstalliert, den TFC kann ich jetzt einfach installieren?
Wie gehts nun weiter?

Alt 18.11.2012, 13:48   #9
ryder
/// TB-Ausbilder
 
claro-search entfernen - Standard

claro-search entfernen



Gut!

Wir müssen jetzt noch ein paar Kontrollen machen.

Schritt 1:
Quick-Scan mit Malwarebytes

Downloade Dir bitte Malwarebytes
  • Installiere das Programm in den vorgegebenen Pfad.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Starte Malwarebytes, klicke auf Aktualisierung --> Suche nach Aktualisierung
  • Wenn das Update beendet wurde, aktiviere Quickscan durchführen und drücke auf Scannen.
  • Wenn der Scan beendet ist, klicke auf Ergebnisse anzeigen.
  • Versichere Dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
  • Poste das Logfile, welches sich in Notepad öffnet, hier in den Thread.
  • Nachträglich kannst du den Bericht unter "Log Dateien" finden.
Schritt 2:
ESET Online Scanner

Zitat:
Wichtig:
Bitte während der Online-Scans evtl. vorhandene externe Festplatten einschalten!
Bitte während der Scans alle Hintergrundwächter (Anti-Virus-Programm, Firewall, Skriptblocking und ähnliches) abstellen und nicht vergessen, alles hinterher wieder einzuschalten.
  • Bitte hier klicken --->
    • Firefox-User: Bitte esetsmartinstaller_enu.exe downloaden, installieren und starten.
    • IE-User müssen das Installieren eines ActiveX Elements erlauben.
  • Setze den einen Haken bei Yes, i accept the Terms of Use/Ja, ich stimme ... zu und drücke den Button.
  • Warte bis die Komponenten herunter geladen wurden.
  • Setze einen Haken bei "Scan archives/Archive prüfen" und entferne den Haken bei Remove Found Threads/Entdeckte Bedrohungen entfernen.
  • drücken. Die Signaturen werden herunter geladen und der Scan beginnt automatisch und kann sehr lange dauern!
Wenn der Scan beendet wurde
  • Klicke und dann
  • Speichere das Logfile als ESET.txt auf dem Desktop.
  • Klicke Back und Finish
Bitte poste die ESET.txt hier oder teile mir mit, dass nichts gefunden wurde.
Schritt 3:
Java Update (Windows XP, Vista, 7)
Dein Java ist nicht mehr aktuell. Ältere Versionen enthalten Sicherheitslücken, die von Malware missbraucht werden können.
  • Downloade dir bitte die neueste Java-Version und speichere die jxpiinstall.exe
  • Schließe alle laufenden Programme. Speziell deinen Browser.
  • Starte die jxpiinstall.exe. Diese wird den Installer für die neueste Java Version (Java 7 Update 9) herunter laden.
  • Während der Installation entferne den Haken bei:
Wenn die Installation beendet wurde:
  • Start > Systemsteuerung > Programme und deinstalliere alle älteren Java Versionen, falls vorhanden, und starte deinen Rechner neu.
Nach dem Neustart:
  • Öffne erneut die Systemsteuerung > Programme und klicke auf das Java Symbol.
  • Im Reiter Allgemein, klicke unter Temporäre Internetdateien auf Einstellungen.
  • Klicke auf Dateien löschen...
  • Gehe sicher, dass überall ein Haken gesetzt ist und klicke zweimal OK.
Schritt 4:
Update: Firefox, Addons und Plugins
  • Klicke auf > Hilfe > Über Firefox
  • Warte bis das Update geladen ist, klicke auf Update installieren und lasse Firefox neu starten.
  • Prüfe bitte, ob weitere Updates vorliegen oder ob Firefox aktuell ist.
  • Klicke nun auf > Add-ons > > Auf Updates überprüfen
  • Nach einem weiteren Neustart von Firefox sollte alles aktuell sein.

Prüfe bitte auch (regelmässig), ob folgende Links fehlende Updates bei deinen Plugins zeigen:
Schritt 5:
Thunderbirdupdate.

Schritt 6:
Scan mit SecurityCheck
Downloade Dir bitte SecurityCheck
  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS- Box.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.
__________________
Digitale Freibeuter gegen Malware!
Keine Hilfe per PM!

Alt 18.11.2012, 14:01   #10
cheffe142
 
claro-search entfernen - Standard

claro-search entfernen



den security Check habe ich zuvor schon runtergeladen und installiert, kann ich den dann benutzen?

Alt 18.11.2012, 14:02   #11
ryder
/// TB-Ausbilder
 
claro-search entfernen - Standard

claro-search entfernen



ja sicher, ich will nochmal ein weiteres logfile
__________________
Digitale Freibeuter gegen Malware!
Keine Hilfe per PM!

Alt 18.11.2012, 20:43   #12
cheffe142
 
claro-search entfernen - Standard

claro-search entfernen



hier nun noch einige logfiles


zuerst die von Malwarebytes Anti-Malware

Malwarebytes Anti-Malware (Test) 1.65.1.1000
Malwarebytes : Free Anti-Malware download

Datenbank Version: v2012.11.18.02

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Torben F :: CHEFFE [Administrator]

Schutz: Aktiviert

18.11.2012 15:00:58
mbam-log-2012-11-18 (15-00-58).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 229978
Laufzeit: 5 Minute(n), 17 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Users\Torben F\Downloads\7ZipSetup.exe (PUP.BundleInstaller.BI) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)


der ESET Onlinescan hat eine infizierte Datei gefunden, hier die Logfile

F:\Torben\ICQ\289632247\418901703 Max Hummel\unlocker1.8.9.exe Win32/Adware.ADON application cleaned by deleting - quarantined


und zu guter letzt, die checkup.txt Datei

Results of screen317's Security Check version 0.99.54
Windows 7 Service Pack 1 x86 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Kaspersky Internet Security
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware Version 1.65.1.1000
Java 7 Update 9
Adobe Flash Player 11.4.402.287
Adobe Reader X (10.1.4)
Mozilla Firefox (3.6.3) Firefox out of Date!
Mozilla Thunderbird (3.1.3) Thunderbird out of Date!
````````Process Check: objlist.exe by Laurent````````
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamgui.exe
Malwarebytes' Anti-Malware mbamscheduler.exe
Kaspersky Lab Kaspersky Internet Security 2013 avp.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:
````````````````````End of Log``````````````````````

Alt 18.11.2012, 21:04   #13
ryder
/// TB-Ausbilder
 
claro-search entfernen - Standard

claro-search entfernen



Für Firefox und Thunderbird hast du kein Update gemacht?
__________________
Digitale Freibeuter gegen Malware!
Keine Hilfe per PM!

Alt 18.11.2012, 21:10   #14
cheffe142
 
claro-search entfernen - Standard

claro-search entfernen



doch, da sagte er jeweils, dass es aktuell ist...

habe dann bei Systemsteuerung 2 Versionen von Firfox und Thunderbird gefunden.
Die älter von Mozilla hatte ich dann deinstalliert, aber da hat er dann Browser komplett gelöscht

Alt 18.11.2012, 21:34   #15
ryder
/// TB-Ausbilder
 
claro-search entfernen - Standard

claro-search entfernen



Weil hier in dem letzten Logfile was von Version 3 steht?
__________________
Digitale Freibeuter gegen Malware!
Keine Hilfe per PM!

Antwort

Themen zu claro-search entfernen
ausprobiert, durchgeführt, einzige, entferne, entfernen, ergebnisse, fehler, gefunde, geladen, hilft, log, loszuwerden, nicht mehr, nichts, problem, ratschläge, runter, runtergeladen, scan, schließe, spybot, spyhunter, systems, systemsteuerung, vollversion



Ähnliche Themen: claro-search entfernen


  1. Claro Search entfernen? (,it Logs)
    Plagegeister aller Art und deren Bekämpfung - 03.06.2013 (13)
  2. Claro search entfernen
    Plagegeister aller Art und deren Bekämpfung - 23.05.2013 (24)
  3. Spy Hunter 4 und Claro Search entfernen
    Plagegeister aller Art und deren Bekämpfung - 20.05.2013 (13)
  4. Claro Search entfernen- Wie?
    Plagegeister aller Art und deren Bekämpfung - 23.02.2013 (11)
  5. Claro - Search entfernen
    Plagegeister aller Art und deren Bekämpfung - 17.01.2013 (20)
  6. Claro Search entfernen
    Plagegeister aller Art und deren Bekämpfung - 28.12.2012 (9)
  7. Claro Search entfernen?!
    Plagegeister aller Art und deren Bekämpfung - 10.12.2012 (14)
  8. Claro-Search von Firefox entfernen
    Plagegeister aller Art und deren Bekämpfung - 09.12.2012 (15)
  9. Claro Search entfernen
    Plagegeister aller Art und deren Bekämpfung - 07.12.2012 (3)
  10. Claro-Search von Firefox entfernen
    Log-Analyse und Auswertung - 05.12.2012 (20)
  11. claro search entfernen
    Log-Analyse und Auswertung - 26.11.2012 (30)
  12. Claro-Search entfernen
    Plagegeister aller Art und deren Bekämpfung - 25.11.2012 (8)
  13. Claro Search entfernen
    Plagegeister aller Art und deren Bekämpfung - 24.11.2012 (16)
  14. Claro-Search kostenlos entfernen
    Plagegeister aller Art und deren Bekämpfung - 20.11.2012 (19)
  15. Claro search entfernen
    Plagegeister aller Art und deren Bekämpfung - 20.11.2012 (12)
  16. Claro-Search entfernen
    Plagegeister aller Art und deren Bekämpfung - 15.11.2012 (12)
  17. Claro-search Firefox entfernen
    Log-Analyse und Auswertung - 31.10.2012 (11)

Zum Thema claro-search entfernen - Hi, wie ich gelesen habe, bin ich nicht der einzige mit dem Problem des claro-search. Allerdings führen die Ratschläge nicht zu den erhofften Ergebnissen oder ich komme nicht weiter. Darum - claro-search entfernen...
Archiv
Du betrachtest: claro-search entfernen auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.