Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: adserverplus kommt wieder

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 25.11.2012, 22:52   #1
egeg
 
adserverplus kommt wieder - Standard

adserverplus kommt wieder



Hallo, ich habe dieses adserverplus pop-up auf meinen Rechner und wollte ihn mit MBAM entfernen. Der Scan hat etwas gefunden und das habe ich dann entfernt. Allerdings kam das pop-up wieder, wenn auch seltener. Der nächste scan hat aber keine infizierten Dateien gefunden. Was nun?
egeg

Alt 27.11.2012, 08:18   #2
schrauber
/// the machine
/// TB-Ausbilder
 

adserverplus kommt wieder - Standard

adserverplus kommt wieder



Hi,


Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die OTL.exe.
  • Kopiere nun den Inhalt aus der Codebox in die Textbox.
Code:
ATTFilter
activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
%windir%\installer\*. /5
%localappdata%\*. /5
CREATERESTOREPOINT
         
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Kopiere nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread




Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Vista und Win7 User mit Rechtsklick "als Admininstartor starten"
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. ( Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit.
__________________

__________________

Alt 27.11.2012, 20:18   #3
egeg
 
adserverplus kommt wieder - Standard

adserverplus kommt wieder



OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 27.11.2012 15:32:50 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Dokumente und Einstellungen\Gröschel\Desktop\Download
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,97 Gb Total Physical Memory | 2,42 Gb Available Physical Memory | 61,10% Memory free
7,93 Gb Paging File | 6,19 Gb Available in Paging File | 78,06% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 116,44 Gb Total Space | 39,15 Gb Free Space | 33,62% Space Free | Partition Type: NTFS
Drive D: | 334,67 Gb Total Space | 334,59 Gb Free Space | 99,97% Space Free | Partition Type: NTFS
Drive F: | 3,68 Gb Total Space | 2,06 Gb Free Space | 56,00% Space Free | Partition Type: FAT32
 
Computer Name: ESTHER-PC | User Name: Esther | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.11.27 15:02:09 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Gröschel\Desktop\Download\OTL.exe
PRC - [2012.11.26 14:20:44 | 000,085,280 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2012.11.26 14:20:15 | 000,384,800 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.11.26 14:20:15 | 000,109,344 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.11.13 14:08:12 | 003,487,240 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
PRC - [2012.11.13 14:07:24 | 000,168,384 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
PRC - [2012.11.13 14:07:20 | 001,369,624 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
PRC - [2012.11.13 14:07:16 | 001,103,392 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
PRC - [2012.10.02 12:13:44 | 003,064,000 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2012.09.29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.09.29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012.08.31 15:02:03 | 002,754,984 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
PRC - [2012.07.02 10:16:06 | 000,695,448 | ---- | M] () -- C:\Users\Esther\AppData\Roaming\BrowserCompanion\tbhcn.exe
PRC - [2011.10.13 16:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
PRC - [2011.06.14 17:35:02 | 000,201,080 | ---- | M] (Telefónica) -- C:\Program Files (x86)\o2\Mobile Connection Manager\ImpWiFiSvc.exe
PRC - [2011.02.07 10:47:10 | 003,576,152 | ---- | M] () -- C:\Program Files (x86)\Tobit Radio.fx\Server\rfx-server.exe
PRC - [2009.10.23 01:45:40 | 001,593,344 | ---- | M] () -- C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
PRC - [2009.09.24 22:50:02 | 000,053,888 | ---- | M] () -- C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
PRC - [2009.08.17 18:58:46 | 006,859,392 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
PRC - [2009.08.12 23:20:46 | 000,178,816 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\HControl.exe
PRC - [2009.06.19 19:29:42 | 000,105,016 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
PRC - [2009.06.19 19:29:26 | 002,488,888 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe
PRC - [2009.06.16 02:30:42 | 000,084,536 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe
PRC - [2008.12.23 02:15:34 | 000,174,648 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe
PRC - [2008.08.14 06:00:08 | 000,113,208 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\KBFiltr.exe
PRC - [2008.08.14 05:59:56 | 000,301,624 | ---- | M] () -- C:\Program Files (x86)\ASUS\ATK Hotkey\Atouch64.exe
PRC - [2008.03.31 11:55:48 | 000,225,280 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe
PRC - [2007.08.08 09:08:40 | 000,094,208 | ---- | M] () -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.07.02 10:16:06 | 000,695,448 | ---- | M] () -- C:\Users\Esther\AppData\Roaming\BrowserCompanion\tbhcn.exe
MOD - [2009.10.23 01:45:40 | 001,593,344 | ---- | M] () -- C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
MOD - [2009.09.24 22:50:02 | 000,053,888 | ---- | M] () -- C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2009.09.17 20:36:34 | 000,359,552 | ---- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Windows\SysNative\FBAgent.exe -- (AFBAgent)
SRV:64bit: - [2009.07.14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV:64bit: - [2007.08.08 09:08:40 | 000,094,208 | ---- | M] () [Auto | Running] -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)
SRV - [2012.11.26 14:20:44 | 000,085,280 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.11.26 14:20:15 | 000,109,344 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.11.20 23:57:52 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.11.17 20:31:55 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.10.02 12:13:44 | 003,064,000 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2012.09.29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.09.29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012.08.31 15:02:03 | 002,754,984 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2012.07.13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011.10.21 14:23:42 | 000,196,176 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011.10.13 16:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate)
SRV - [2011.06.14 17:35:02 | 000,201,080 | ---- | M] (Telefónica) [Auto | Running] -- C:\Program Files (x86)\o2\Mobile Connection Manager\ImpWiFiSvc.exe -- (TGCM_ImportWiFiSvc)
SRV - [2011.02.07 10:47:10 | 003,576,152 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Tobit Radio.fx\Server\rfx-server.exe -- (Radio.fx)
SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.06.16 02:30:42 | 000,084,536 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe -- (ASLDRService)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008.03.31 11:55:48 | 000,225,280 | ---- | M] (ASUSTek Computer Inc.) [On_Demand | Running] -- C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe -- (ADSMService)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.11.13 16:26:39 | 000,129,216 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012.11.13 16:26:39 | 000,098,888 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012.09.29 19:54:26 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012.09.24 08:58:11 | 000,027,800 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2012.08.21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.02.14 00:42:32 | 000,093,272 | ---- | M] (Citrix Systems, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ctxusbm.sys -- (ctxusbm)
DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.10.09 07:49:52 | 000,085,504 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ew_jubusenum.sys -- (huawei_enumerator)
DRV:64bit: - [2010.08.31 11:09:00 | 000,256,000 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbnet.sys -- (ewusbnet)
DRV:64bit: - [2010.08.07 10:49:04 | 000,121,600 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard)
DRV:64bit: - [2010.07.27 02:52:16 | 000,117,248 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ew_hwusbdev.sys -- (ew_hwusbdev)
DRV:64bit: - [2009.12.26 11:03:51 | 000,035,384 | ---- | M] (ASUSTek Computer Inc) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\AsDsm.sys -- (AsDsm)
DRV:64bit: - [2009.08.21 07:48:17 | 000,044,032 | ---- | M] (Alcor Micro, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AmUStor.sys -- (AmUStor)
DRV:64bit: - [2009.08.11 03:16:42 | 001,490,432 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009.08.06 22:24:13 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009.07.28 21:05:51 | 007,345,632 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009.07.27 08:04:35 | 000,058,880 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2009.07.20 10:29:39 | 000,015,416 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kbfiltr.sys -- (kbfiltr)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 01:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2009.07.09 04:11:41 | 000,140,800 | ---- | M] (ELAN Microelectronic Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD)
DRV:64bit: - [2009.06.10 21:35:57 | 000,056,832 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SiSG664.sys -- (SiSGbeLH)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.06.05 11:15:55 | 001,806,400 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\snp2uvc.sys -- (SNP2UVC)
DRV:64bit: - [2009.05.13 02:07:19 | 000,015,928 | ---- | M] (ASUS) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ATK64AMD.sys -- (MTsensor)
DRV:64bit: - [2009.04.30 14:43:33 | 000,081,440 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2008.12.08 16:35:52 | 000,061,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2008.05.24 02:27:28 | 000,154,168 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV:64bit: - [2007.07.24 20:11:32 | 000,014,904 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\ATKGFNEX\ASMMAP64.sys -- (ASMMAP64)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2008.11.03 12:33:20 | 000,040,256 | ---- | M] (Funkwerk Enterprise Communications GmbH) [Kernel | Auto | Stopped] -- C:\Windows\SysWOW64\drivers\elcapitd.sys -- (elcapitd)
DRV - [2007.01.23 14:28:30 | 000,151,296 | ---- | M] (Funkwerk Enterprise Communications GmbH) [Kernel | Auto | Stopped] -- C:\Windows\SysWOW64\drivers\ELCAPI20.SYS -- (elcapi20)
DRV - [2004.03.10 16:17:16 | 000,118,381 | ---- | M] (elmeg communication systems) [Kernel | Auto | Stopped] -- C:\Windows\SysWOW64\drivers\elcapibs.sys -- (elcapibs)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.searchplusnetwork.com/?sp=vit4
IE - HKCU\..\SearchScopes,DefaultScope = {138BFF40-2808-4FA4-AB33-61205CEEF1AC}
IE - HKCU\..\SearchScopes\{138BFF40-2808-4FA4-AB33-61205CEEF1AC}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-3&o=APN10398&src=kw&q={searchTerms}&locale=&apn_ptnrs=^ABW&apn_dtid=^YYYYYY^YY^FR&apn_uid=d6581590-3a75-40e7-a813-12f3831f15da&apn_sauid=9BA75351-F8B1-49A4-858C-1F0444CCA01F
IE - HKCU\..\SearchScopes\{4327FABE-3C22-4689-8DBF-D226CF777FE9}: "URL" = hxxp://www.searchplusnetwork.com/?sp=vit4&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "chrome://speeddial/content/speeddial.xul"
FF - prefs.js..extensions.enabledAddons: optout@google.com:1.5
FF - prefs.js..extensions.enabledAddons: {398e77b8-2304-11dc-8314-0800200c9a66}:0.3.17
FF - prefs.js..extensions.enabledAddons: {6e84150a-d526-41f1-a480-a67d3fed910d}:1.5.1
FF - prefs.js..extensions.enabledAddons: firefox@ghostery.com:2.8.3
FF - prefs.js..extensions.enabledAddons: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20120926
FF - prefs.js..extensions.enabledAddons: {0538E3E3-7E9B-4d49-8831-A227C80A7AD3}:2.2.2
FF - prefs.js..extensions.enabledAddons: {64161300-e22b-11db-8314-0800200c9a66}:0.9.6.10
FF - prefs.js..extensions.enabledAddons: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:6.3.0.11079
FF - prefs.js..extensions.enabledAddons: {1018e4d6-728f-4b20-ad56-37578a4de76b}:4.2.3
FF - prefs.js..extensions.enabledAddons: toolbar@gmx.net:2.3.4
FF - prefs.js..extensions.enabledAddons: toolbar-ff@payback.de:1.1.9.99
FF - prefs.js..extensions.enabledAddons: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.6.2
FF - prefs.js..extensions.enabledAddons: {37E4D8EA-8BDA-4831-8EA1-89053939A250}:3.0.0.2
FF - prefs.js..extensions.enabledAddons: bbrs_002@blabbers.com:1.0.5
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6
FF - prefs.js..extensions.enabledItems: {ca0849e8-2c76-42ae-9abe-34e14d337acf}:1.94
FF - prefs.js..extensions.enabledItems: {8AA36F4F-6DC7-4c06-77AF-5035170634FE}:2010.01.21
FF - prefs.js..extensions.enabledItems: optout@google.com:1.2
FF - prefs.js..extensions.enabledItems: {edc0b8a5-c050-4bb2-b785-a623b4515abf}:1.9
FF - prefs.js..extensions.enabledItems: {1018e4d6-728f-4b20-ad56-37578a4de76b}:4.1.1
FF - prefs.js..extensions.enabledItems: {9fb7d178-155a-4318-9173-1a8eaaea7fe4}:2.1.10
FF - prefs.js..extensions.enabledItems: {0538E3E3-7E9B-4d49-8831-A227C80A7AD3}:2.0.2
FF - prefs.js..extensions.enabledItems: firefox@ghostery.com:2.5.2
FF - prefs.js..extensions.enabledItems: {21e48e29-f574-4619-b65d-0f00eea92e5b}:1.86
FF - prefs.js..extensions.enabledItems: {398e77b8-2304-11dc-8314-0800200c9a66}:0.3.13
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.1.0.1
FF - prefs.js..extensions.enabledItems: {37E4D8EA-8BDA-4831-8EA1-89053939A250}:3.0.0.2
FF - prefs.js..extensions.enabledItems: {64161300-e22b-11db-8314-0800200c9a66}:0.9.5.8
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20110323
FF - prefs.js..extensions.enabledItems: {6e84150a-d526-41f1-a480-a67d3fed910d}:1.4.5.1
FF - prefs.js..extensions.enabledItems: {64e8cc5b-20db-4212-8320-178fc5ae71f7}:1.5
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: maps@ovi.com:4.0.12.12
FF - prefs.js..extensions.enabledItems: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}:7.3.3.42
FF - prefs.js..extensions.enabledItems: bkmrksync@nokia.com:1.0.0.732
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.2.0.7116
FF - prefs.js..network.proxy.http_port: 80
FF - prefs.js..network.proxy.type: 0
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_110.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.3.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.3.1: C:\Program Files\Oracle\JavaFX 2.0 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_110.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Citrix.com/npican: C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll (Citrix Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.11.13 18:33:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.11.20 23:57:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.11.13 18:33:02 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.11.20 23:57:48 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
 
[2012.07.10 22:15:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Esther\AppData\Roaming\mozilla\Extensions
[2010.01.31 01:41:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Esther\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012.11.23 21:55:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Esther\AppData\Roaming\mozilla\Firefox\Profiles\1zmmrx73.default\extensions
[2012.10.09 15:27:14 | 000,000,000 | ---D | M] (Forecastfox) -- C:\Users\Esther\AppData\Roaming\mozilla\Firefox\Profiles\1zmmrx73.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
[2012.11.09 21:31:09 | 000,000,000 | ---D | M] (Flagfox) -- C:\Users\Esther\AppData\Roaming\mozilla\Firefox\Profiles\1zmmrx73.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
[2012.07.10 23:15:24 | 000,000,000 | ---D | M] (PDF Download) -- C:\Users\Esther\AppData\Roaming\mozilla\Firefox\Profiles\1zmmrx73.default\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}
[2012.07.10 23:16:53 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\Esther\AppData\Roaming\mozilla\Firefox\Profiles\1zmmrx73.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}(2)
[2012.07.10 23:23:19 | 000,000,000 | ---D | M] (IE Tab) -- C:\Users\Esther\AppData\Roaming\mozilla\Firefox\Profiles\1zmmrx73.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
[2012.07.10 23:23:58 | 000,000,000 | ---D | M] (GA?) -- C:\Users\Esther\AppData\Roaming\mozilla\Firefox\Profiles\1zmmrx73.default\extensions\{7c6d11c6-41b5-11dc-8314-0800200c9a66}(2)
[2012.07.10 23:24:34 | 000,000,000 | ---D | M] (Update Notifier) -- C:\Users\Esther\AppData\Roaming\mozilla\Firefox\Profiles\1zmmrx73.default\extensions\{95f24680-9e31-11da-a746-0800200c9a66}(2)
[2012.10.03 11:46:57 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Esther\AppData\Roaming\mozilla\Firefox\Profiles\1zmmrx73.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2012.08.08 10:25:31 | 000,000,000 | ---D | M] (Browser Companion Helper) -- C:\Users\Esther\AppData\Roaming\mozilla\Firefox\Profiles\1zmmrx73.default\extensions\bbrs_002@blabbers.com
[2012.09.20 13:40:05 | 000,000,000 | ---D | M] (Ghostery) -- C:\Users\Esther\AppData\Roaming\mozilla\Firefox\Profiles\1zmmrx73.default\extensions\firefox@ghostery.com
[2012.11.23 21:55:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Esther\AppData\Roaming\mozilla\Firefox\Profiles\1zmmrx73.default\extensions\staged
[2012.11.18 00:40:13 | 000,284,001 | ---- | M] () (No name found) -- C:\Users\Esther\AppData\Roaming\mozilla\firefox\profiles\1zmmrx73.default\extensions\compatibility@addons.mozilla.org.xpi
[2011.07.27 23:07:48 | 000,008,363 | ---- | M] () (No name found) -- C:\Users\Esther\AppData\Roaming\mozilla\firefox\profiles\1zmmrx73.default\extensions\optout@google.com.xpi
[2012.11.17 20:27:13 | 000,128,837 | ---- | M] () (No name found) -- C:\Users\Esther\AppData\Roaming\mozilla\firefox\profiles\1zmmrx73.default\extensions\toolbar-ff@payback.de.xpi
[2012.11.16 10:33:54 | 000,510,620 | ---- | M] () (No name found) -- C:\Users\Esther\AppData\Roaming\mozilla\firefox\profiles\1zmmrx73.default\extensions\toolbar@gmx.net.xpi
[2012.02.10 17:24:04 | 000,265,651 | ---- | M] () (No name found) -- C:\Users\Esther\AppData\Roaming\mozilla\firefox\profiles\1zmmrx73.default\extensions\{398e77b8-2304-11dc-8314-0800200c9a66}.xpi
[2012.10.11 08:54:05 | 000,281,285 | ---- | M] () (No name found) -- C:\Users\Esther\AppData\Roaming\mozilla\firefox\profiles\1zmmrx73.default\extensions\{64161300-e22b-11db-8314-0800200c9a66}.xpi
[2012.04.24 14:49:51 | 000,081,104 | ---- | M] () (No name found) -- C:\Users\Esther\AppData\Roaming\mozilla\firefox\profiles\1zmmrx73.default\extensions\{6e84150a-d526-41f1-a480-a67d3fed910d}.xpi
[2012.11.23 21:55:49 | 000,530,519 | ---- | M] () (No name found) -- C:\Users\Esther\AppData\Roaming\mozilla\firefox\profiles\1zmmrx73.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2012.11.23 18:48:35 | 000,804,627 | ---- | M] () (No name found) -- C:\Users\Esther\AppData\Roaming\mozilla\firefox\profiles\1zmmrx73.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012.11.06 20:38:41 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Esther\AppData\Roaming\mozilla\firefox\profiles\1zmmrx73.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\0324adea3b6ec02af09ea4ae9424591b_expire
[2012.09.03 09:53:29 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Esther\AppData\Roaming\mozilla\firefox\profiles\1zmmrx73.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\170f337942c410233f577de5778810a6_expire
[2012.09.27 20:48:32 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Esther\AppData\Roaming\mozilla\firefox\profiles\1zmmrx73.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\18b763e639ba239c25419e9c3582f6f7_expire
[2012.09.09 20:37:16 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Esther\AppData\Roaming\mozilla\firefox\profiles\1zmmrx73.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\1bcf5a8f2429c4942ad539ef2c5df336_expire
[2012.11.26 23:11:01 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Esther\AppData\Roaming\mozilla\firefox\profiles\1zmmrx73.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\292124057d00cb0fa73db6b90d079658_expire
[2012.11.26 23:11:03 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Esther\AppData\Roaming\mozilla\firefox\profiles\1zmmrx73.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\2a86ac4f3322238b4f27d14a09839275_expire
[2012.08.11 14:18:47 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Esther\AppData\Roaming\mozilla\firefox\profiles\1zmmrx73.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\2e74403c227112bec523796d5a77d77e_expire
[2012.08.16 12:55:23 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Esther\AppData\Roaming\mozilla\firefox\profiles\1zmmrx73.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\3b507b6d0186efd3615b9b9233c5f708_expire
[2012.11.27 14:11:34 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Esther\AppData\Roaming\mozilla\firefox\profiles\1zmmrx73.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\3b6b74d5a92c729ce36a9d055d3db8e9_expire
[2012.09.26 21:32:11 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Esther\AppData\Roaming\mozilla\firefox\profiles\1zmmrx73.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\439eac9034cc1874d9d95196c5876d75_expire
[2012.11.26 23:11:02 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Esther\AppData\Roaming\mozilla\firefox\profiles\1zmmrx73.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\4d3d10bd28ff623813254a49b26be41f_expire
[2012.10.21 12:00:14 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Esther\AppData\Roaming\mozilla\firefox\profiles\1zmmrx73.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\5f4ce27504a73ff97d1936c597c769e5_expire
[2012.09.05 14:04:25 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Esther\AppData\Roaming\mozilla\firefox\profiles\1zmmrx73.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\61e2ae11ba3d1cbe8887ea80f192e299_expire
[2012.11.27 15:01:58 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Esther\AppData\Roaming\mozilla\firefox\profiles\1zmmrx73.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\6ff6ea009817b27df633b37777d528cd_expire
[2012.11.27 14:11:34 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Esther\AppData\Roaming\mozilla\firefox\profiles\1zmmrx73.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\8a8dc36effa0a0300d6fb1a383936a49_expire
[2012.09.04 17:04:00 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Esther\AppData\Roaming\mozilla\firefox\profiles\1zmmrx73.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\8ccfda3ab1ab5bbc5d7af38840ba022b_expire
[2012.11.27 14:11:34 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Esther\AppData\Roaming\mozilla\firefox\profiles\1zmmrx73.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\8ffbb13aa6f702b0cafab391f90d1db7_expire
[2012.11.21 15:20:43 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Esther\AppData\Roaming\mozilla\firefox\profiles\1zmmrx73.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\92014bb7f6462cb491e652ca4941f1d2_expire
[2012.08.20 09:06:00 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Esther\AppData\Roaming\mozilla\firefox\profiles\1zmmrx73.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\9803c283e94e743374151c4bbe60a5df_expire
[2012.11.27 14:11:33 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Esther\AppData\Roaming\mozilla\firefox\profiles\1zmmrx73.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\a38dbdd1af07f4236d43e8fd995f57a6_expire
[2012.11.26 23:11:01 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Esther\AppData\Roaming\mozilla\firefox\profiles\1zmmrx73.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\a4cc6ab573e4a5fee2a418e22d3c14dc_expire
[2012.09.19 18:49:11 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Esther\AppData\Roaming\mozilla\firefox\profiles\1zmmrx73.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\a74277a9a3c0203a3093f810f43fbc11_expire
[2012.11.26 23:11:01 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Esther\AppData\Roaming\mozilla\firefox\profiles\1zmmrx73.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\bf73732e1f0b76bac435293ba3880579_expire
[2012.10.30 21:43:46 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Esther\AppData\Roaming\mozilla\firefox\profiles\1zmmrx73.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\c6d8337e4b016a68fdbb60b29e7d254d_expire
[2012.10.28 20:21:52 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Esther\AppData\Roaming\mozilla\firefox\profiles\1zmmrx73.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\cbb647c72e5b13b52d1392c603dcfde6_expire
[2012.08.20 09:06:00 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Esther\AppData\Roaming\mozilla\firefox\profiles\1zmmrx73.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\cbb69a449d3e39b3a3781ffb1d7fa52b_expire
[2012.08.11 21:41:42 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Esther\AppData\Roaming\mozilla\firefox\profiles\1zmmrx73.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\d2458fd784f4eb7cff549c598cd14651_expire
[2012.08.26 14:44:48 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Esther\AppData\Roaming\mozilla\firefox\profiles\1zmmrx73.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\d83bb387de1d7c4401815e133de06c6b_expire
[2012.11.26 23:11:04 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Esther\AppData\Roaming\mozilla\firefox\profiles\1zmmrx73.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\d89bfd841403290d610bcf662008b443_expire
[2012.09.06 19:44:48 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Esther\AppData\Roaming\mozilla\firefox\profiles\1zmmrx73.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\dc6668d28979688b1e2066d1dcaef0f6_expire
[2012.10.30 21:43:46 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Esther\AppData\Roaming\mozilla\firefox\profiles\1zmmrx73.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\df4525cd4117d8ae1c7453b139759242_expire
[2012.09.19 18:49:11 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Esther\AppData\Roaming\mozilla\firefox\profiles\1zmmrx73.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\e02b35320e5111f1b626466c13c70a0a_expire
[2012.08.26 12:40:16 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Esther\AppData\Roaming\mozilla\firefox\profiles\1zmmrx73.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\e7215b147326809c45f6cf0952274624_expire
[2012.11.19 10:11:49 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Esther\AppData\Roaming\mozilla\firefox\profiles\1zmmrx73.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\e72174145ae7671ff95578a2089c26b2_expire
[2012.11.26 23:11:02 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Esther\AppData\Roaming\mozilla\firefox\profiles\1zmmrx73.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\e919434ec29526b28593c426e4264271_expire
[2012.11.19 10:11:48 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Esther\AppData\Roaming\mozilla\firefox\profiles\1zmmrx73.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\ece5f266221b5245c6e3d7e27ddee963_expire
[2012.10.21 12:00:13 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Esther\AppData\Roaming\mozilla\firefox\profiles\1zmmrx73.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\ece71b71690fad200cbed95871ef4bb2_expire
[2012.11.26 23:11:02 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Esther\AppData\Roaming\mozilla\firefox\profiles\1zmmrx73.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\f03527c67e08602d2e4c18ae7867300d_expire
[2012.11.26 23:11:02 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Esther\AppData\Roaming\mozilla\firefox\profiles\1zmmrx73.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\fa74672918974682c82b8d91dfbe0d6b_expire
[2012.11.26 23:11:02 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Esther\AppData\Roaming\mozilla\firefox\profiles\1zmmrx73.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\ff4d692d5e7cccbc4b3e9ef4062b1c6f_expire
[2012.10.27 18:31:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.11.02 23:34:18 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012.10.27 18:31:53 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.06.14 23:46:57 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.09.11 22:24:45 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.06.14 23:46:57 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.14 23:46:57 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.14 23:46:57 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.14 23:46:56 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - homepage: hxxp://www.google.com/
CHR - homepage: hxxp://www.google.com/
CHR - Extension: YouTube = C:\Users\Esther\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Browser Companion Helper = C:\Users\Esther\AppData\Local\Google\Chrome\User Data\Default\Extensions\bodddioamolcibagionmmobehnbhiakf\1.0.5_0\
CHR - Extension: Google-Suche = C:\Users\Esther\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Google Mail = C:\Users\Esther\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live Family Safety Browser Helper Class) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation)
O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.0 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (CtxIEInterceptorBHO Class) - {2C4631FF-5CC8-4EBC-A0DF-34C92291759E} - C:\Program Files (x86)\Citrix\ICA Client\IEInterceptor.dll (Citrix Systems, Inc.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Softonic Helper Object) - {E87806B5-E908-45FD-AF5E-957D83E58E68} - C:\Program Files (x86)\Softonic\Softonic\1.6.7.4\bh\Softonic.dll (Softonic.com)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Softonic Toolbar) - {5018CFD2-804D-4C99-9F81-25EAEA2769DE} - C:\Program Files (x86)\Softonic\Softonic\1.6.7.4\SoftonicTlbr.dll (Softonic.com)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (AlcorMicro Co., Ltd.)
O4:64bit: - HKLM..\Run: [EeeStorageBackup] C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe ()
O4:64bit: - HKLM..\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronic Corp.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [ACPW05DE] C:\Program Files (x86)\ACD Systems\ACDSee Pro\5.0\ACDSeeProInTouch2.exe (ACD Systems)
O4 - HKLM..\Run: [ACSW14DE] C:\Program Files (x86)\ACD Systems\ACDSee\14.0\ACDSeeInTouch2.exe (ACD Systems)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe (ASUS)
O4 - HKLM..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe (ASUS)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [ConnectionCenter] C:\Program Files (x86)\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)
O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe (ASUS)
O4 - HKLM..\Run: [SDTray] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKLM..\Run: [Setwallpaper] c:\programdata\SetWallpaper.cmd File not found
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKCU..\Run: [Spybot-S&D Cleaning] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Users\Esther\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tbhcn.lnk = C:\Users\Esther\AppData\Roaming\BrowserCompanion\tbhcn.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 10.3.1)
O16:64bit: - DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 10.9.2)
O16 - DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 10.9.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{05CFBC11-049E-4698-A6A2-680D88B58D98}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6698DEB4-9406-4C40-8E08-30C6AC4A944B}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D8B642B4-93E4-4C3B-8142-2496BE889BAA}: DhcpNameServer = 192.168.1.250
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\application/x-ica - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=euc-jp - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=ISO-8859-1 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=MS936 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=MS949 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=MS950 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=UTF8 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=UTF-8 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=euc-jp - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=ISO-8859-1 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=MS936 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=MS949 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=MS950 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=UTF8 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=UTF-8 - No CLSID value found
O18:64bit: - Protocol\Filter\ica - No CLSID value found
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\application/x-ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~2\Citrix\ICACLI~1\RSHook.dll) - C:\PROGRA~2\Citrix\ICACLI~1\RSHook.dll (Citrix Systems, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{cc2dcca7-e2bc-11e1-9a3b-e0cb4e57a3b4}\Shell - "" = AutoRun
O33 - MountPoints2\{cc2dcca7-e2bc-11e1-9a3b-e0cb4e57a3b4}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{cc2dccc0-e2bc-11e1-9a3b-e0cb4e57a3b4}\Shell - "" = AutoRun
O33 - MountPoints2\{cc2dccc0-e2bc-11e1-9a3b-e0cb4e57a3b4}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
 
MsConfig:64bit - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: ADSMTray - hkey= - key= - C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe (ASUSTek Computer Inc.)
MsConfig:64bit - StartUpReg: ASUS Screen Saver Protector - hkey= - key= - C:\Windows\AsScrPro.exe (ASUS)
MsConfig:64bit - StartUpReg: CLMLServer - hkey= - key= - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
MsConfig:64bit - StartUpReg: RtHDVCpl - hkey= - key= - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.11.26 14:05:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2012.11.26 01:18:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2012.11.26 01:18:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
[2012.11.26 01:18:08 | 000,017,272 | ---- | C] (Safer Networking Limited) -- C:\Windows\SysNative\sdnclean64.exe
[2012.11.26 01:18:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy 2
[2012.11.26 01:17:16 | 000,000,000 | ---D | C] -- C:\Users\Esther\AppData\Local\Programs
[2012.11.25 23:39:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.11.25 23:39:53 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.11.25 23:39:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.11.21 12:15:32 | 000,000,000 | ---D | C] -- C:\Users\Esther\AppData\Roaming\Malwarebytes
[2012.11.21 12:15:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.11.20 23:57:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird
[2012.11.13 19:26:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012.11.13 19:25:14 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012.11.13 19:25:13 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012.11.13 19:25:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2012.11.13 19:25:13 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2012.11.13 19:24:39 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2012.11.13 19:24:31 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2012.11.13 19:24:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2012.11.13 18:32:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2012.11.13 18:32:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2012.11.13 18:32:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2012.11.11 22:23:04 | 000,000,000 | ---D | C] -- C:\Users\Esther\AppData\Roaming\temp
[2012.11.11 22:23:00 | 000,000,000 | ---D | C] -- C:\Users\Esther\AppData\Roaming\EeeStorageUploader
[2 C:\*.tmp files -> C:\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.11.27 15:16:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.11.27 15:08:00 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.11.27 14:08:01 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.11.27 14:04:00 | 000,010,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.11.27 14:04:00 | 000,010,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.11.27 13:56:50 | 000,002,020 | ---- | M] () -- C:\Windows\SysNative\AutoRunFilter.ini
[2012.11.27 13:55:38 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.11.27 13:55:35 | 3193,716,736 | -HS- | M] () -- C:\hiberfil.sys
[2012.11.26 12:30:22 | 000,009,728 | ---- | M] () -- C:\Users\Esther\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.11.26 11:53:56 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.11.26 11:53:56 | 000,654,166 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.11.26 11:53:56 | 000,616,008 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.11.26 11:53:56 | 000,130,006 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.11.26 11:53:56 | 000,106,388 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.11.26 11:41:48 | 000,001,753 | ---- | M] () -- C:\Windows\SysNative\ServiceFilter.ini
[2012.11.26 01:18:16 | 000,002,175 | ---- | M] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
[2012.11.25 23:39:54 | 000,001,111 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.11.22 08:06:16 | 000,025,435 | ---- | M] () -- C:\Users\Esther\Desktop\Forum Virus.odt
[2012.11.19 13:47:21 | 000,075,184 | ---- | M] () -- C:\Users\Esther\Desktop\weihnachtsheft_2012_bestellschein.pdf
[2012.11.16 10:36:38 | 000,478,008 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.11.13 19:26:26 | 000,001,785 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012.11.13 18:32:55 | 000,001,847 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2012.11.13 16:26:39 | 000,129,216 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys
[2012.11.13 16:26:39 | 000,098,888 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2012.11.04 22:25:12 | 011,637,327 | ---- | M] () -- C:\Users\Esther\Desktop\KFM_Web_Handbuch.pdf
[2 C:\*.tmp files -> C:\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.11.26 14:03:20 | 000,001,110 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.11.26 14:03:20 | 000,001,106 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.11.26 01:18:16 | 000,002,187 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
[2012.11.26 01:18:16 | 000,002,175 | ---- | C] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
[2012.11.25 23:39:54 | 000,001,111 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.11.21 14:47:42 | 000,025,435 | ---- | C] () -- C:\Users\Esther\Desktop\Forum Virus.odt
[2012.11.19 13:47:21 | 000,075,184 | ---- | C] () -- C:\Users\Esther\Desktop\weihnachtsheft_2012_bestellschein.pdf
[2012.11.16 10:28:12 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2012.11.16 10:10:45 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2012.11.13 19:26:26 | 000,001,785 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012.11.13 18:32:55 | 000,001,847 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2012.11.04 22:25:12 | 011,637,327 | ---- | C] () -- C:\Users\Esther\Desktop\KFM_Web_Handbuch.pdf
[2012.09.10 20:17:11 | 000,233,472 | ---- | C] () -- C:\Windows\SysWow64\NetCapiConfig.exe
[2012.09.10 20:17:11 | 000,147,456 | ---- | C] () -- C:\Windows\SysWow64\elcapitd.exe
[2012.09.10 13:55:28 | 000,000,046 | ---- | C] () -- C:\Windows\hmview.ini
[2012.08.26 13:10:14 | 000,009,728 | ---- | C] () -- C:\Users\Esther\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.08.23 21:02:00 | 002,648,064 | ---- | C] () -- C:\Windows\SysWow64\dvmsg.dll
[2012.08.12 21:19:27 | 000,000,000 | ---- | C] () -- C:\Windows\OpPrintServer.INI
[2012.07.12 21:32:08 | 000,000,874 | ---- | C] () -- C:\Users\Esther\AppData\Local\recently-used.xbel
[2012.07.12 20:16:38 | 000,000,432 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2012.07.12 20:16:37 | 000,000,034 | ---- | C] () -- C:\Windows\SysWow64\BD7030.DAT
[2012.07.11 19:58:42 | 000,000,600 | ---- | C] () -- C:\Users\Esther\AppData\Local\PUTTY.RND
[2009.12.26 10:42:58 | 000,131,368 | ---- | C] () -- C:\ProgramData\FullRemove.exe
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012.08.13 18:31:36 | 000,000,000 | ---D | M] -- C:\Users\Esther\AppData\Roaming\ACD Systems
[2012.07.27 23:47:04 | 000,000,000 | ---D | M] -- C:\Users\Esther\AppData\Roaming\aliasworlds
[2012.11.11 22:22:57 | 000,000,000 | ---D | M] -- C:\Users\Esther\AppData\Roaming\Asus WebStorage
[2012.07.15 20:30:21 | 000,000,000 | ---D | M] -- C:\Users\Esther\AppData\Roaming\BlamGames
[2012.09.02 21:48:00 | 000,000,000 | ---D | M] -- C:\Users\Esther\AppData\Roaming\Boolat Games
[2012.11.27 15:37:31 | 000,000,000 | ---D | M] -- C:\Users\Esther\AppData\Roaming\BrowserCompanion
[2012.08.12 21:26:07 | 000,000,000 | ---D | M] -- C:\Users\Esther\AppData\Roaming\Canon
[2012.08.20 20:59:05 | 000,000,000 | ---D | M] -- C:\Users\Esther\AppData\Roaming\DivoGames
[2012.11.11 22:23:00 | 000,000,000 | ---D | M] -- C:\Users\Esther\AppData\Roaming\EeeStorageUploader
[2012.09.14 14:28:24 | 000,000,000 | ---D | M] -- C:\Users\Esther\AppData\Roaming\EPSON
[2012.07.27 23:26:39 | 000,000,000 | ---D | M] -- C:\Users\Esther\AppData\Roaming\Farm Mania 2.1
[2012.07.15 19:50:33 | 000,000,000 | ---D | M] -- C:\Users\Esther\AppData\Roaming\Harmonic Flow
[2012.07.13 08:58:28 | 000,000,000 | ---D | M] -- C:\Users\Esther\AppData\Roaming\ICAClient
[2012.07.26 13:14:10 | 000,000,000 | ---D | M] -- C:\Users\Esther\AppData\Roaming\LegacyGames
[2012.09.02 22:25:12 | 000,000,000 | ---D | M] -- C:\Users\Esther\AppData\Roaming\Nevosoft-Breeze
[2012.08.08 12:31:20 | 000,000,000 | ---D | M] -- C:\Users\Esther\AppData\Roaming\OpenOffice.org
[2012.09.02 21:16:58 | 000,000,000 | ---D | M] -- C:\Users\Esther\AppData\Roaming\PlayFirst
[2012.09.12 09:12:55 | 000,000,000 | ---D | M] -- C:\Users\Esther\AppData\Roaming\TeamViewer
[2012.08.10 14:32:10 | 000,000,000 | ---D | M] -- C:\Users\Esther\AppData\Roaming\Telefónica
[2012.11.11 22:23:04 | 000,000,000 | ---D | M] -- C:\Users\Esther\AppData\Roaming\temp
[2012.08.10 14:32:08 | 000,000,000 | ---D | M] -- C:\Users\Esther\AppData\Roaming\TGCMLog
[2012.07.11 17:01:05 | 000,000,000 | ---D | M] -- C:\Users\Esther\AppData\Roaming\Thunderbird
[2012.08.23 21:02:12 | 000,000,000 | ---D | M] -- C:\Users\Esther\AppData\Roaming\Tobit
[2012.07.12 21:57:54 | 000,000,000 | ---D | M] -- C:\Users\Esther\AppData\Roaming\XnView
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*. >
[2012.09.25 13:13:27 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2012.07.10 19:06:19 | 000,000,000 | -H-D | M] -- C:\asus.dat
[2009.12.26 11:02:22 | 000,000,000 | -H-D | M] -- C:\ASUS.SYS
[2012.09.22 21:49:42 | 000,000,000 | ---D | M] -- C:\BigFishGamesCache
[2012.07.13 12:25:56 | 000,000,000 | -HSD | M] -- C:\Boot
[2009.07.14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2012.07.11 15:14:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen
[2009.12.26 11:03:36 | 000,000,000 | ---D | M] -- C:\eSupport
[2009.12.26 10:15:28 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2009.12.26 10:52:59 | 000,000,000 | ---D | M] -- C:\NV28642856.TMP-nv1064
[2009.12.26 10:53:35 | 000,000,000 | ---D | M] -- C:\NV40284032.TMP-nv1182
[2009.07.14 04:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2012.11.13 19:25:14 | 000,000,000 | R--D | M] -- C:\Program Files
[2012.11.26 14:06:47 | 000,000,000 | R--D | M] -- C:\Program Files (x86)
[2012.11.26 01:18:23 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2012.07.10 18:46:55 | 000,000,000 | -HSD | M] -- C:\Recovery
[2012.11.27 15:35:05 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2012.07.10 18:48:35 | 000,000,000 | R--D | M] -- C:\Users
[2012.11.26 14:40:17 | 000,000,000 | ---D | M] -- C:\Windows
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
< %windir%\installer\*. /5 >
[2012.11.26 14:05:14 | 000,000,000 | ---D | M] -- C:\Windows\installer\{291E2930-2240-11E2-BC84-B8AC6F98CCE3}
 
< %localappdata%\*. /5 >
[2012.11.26 01:17:16 | 000,000,000 | ---D | M] -- C:\Users\Esther\AppData\Local\Programs
[2012.11.27 15:30:04 | 000,000,000 | ---D | M] -- C:\Users\Esther\AppData\Local\Temp
 
<           >
[2009.07.14 06:08:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2009.07.14 06:08:49 | 000,032,632 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012.07.11 16:36:42 | 000,000,884 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job
[2012.11.26 14:03:20 | 000,001,106 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
[2012.11.26 14:03:20 | 000,001,110 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 249 bytes -> C:\ProgramData\Temp:04ADB7A6
@Alternate Data Stream - 246 bytes -> C:\ProgramData\Temp:E153075C
@Alternate Data Stream - 242 bytes -> C:\ProgramData\Temp:FD786DCA
@Alternate Data Stream - 231 bytes -> C:\ProgramData\Temp:8DD36B71
@Alternate Data Stream - 230 bytes -> C:\ProgramData\Temp:8AC20936
@Alternate Data Stream - 226 bytes -> C:\ProgramData\Temp:9B2BD056
@Alternate Data Stream - 221 bytes -> C:\ProgramData\Temp:5CD70138
@Alternate Data Stream - 213 bytes -> C:\ProgramData\Temp:D01ACC06
@Alternate Data Stream - 204 bytes -> C:\ProgramData\Temp:413E2927
@Alternate Data Stream - 203 bytes -> C:\ProgramData\Temp:D882BE37
@Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:734E442A
@Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:4CF61E54
@Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:A724744F
@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:217A2A36
@Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:B88E99C8

< End of report >
         
--- --- ---
__________________

Alt 27.11.2012, 20:19   #4
egeg
 
adserverplus kommt wieder - Standard

adserverplus kommt wieder



OTL EXTRAS Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 27.11.2012 15:32:50 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Dokumente und Einstellungen\Gröschel\Desktop\Download
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,97 Gb Total Physical Memory | 2,42 Gb Available Physical Memory | 61,10% Memory free
7,93 Gb Paging File | 6,19 Gb Available in Paging File | 78,06% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 116,44 Gb Total Space | 39,15 Gb Free Space | 33,62% Space Free | Partition Type: NTFS
Drive D: | 334,67 Gb Total Space | 334,59 Gb Free Space | 99,97% Space Free | Partition Type: NTFS
Drive F: | 3,68 Gb Total Space | 2,06 Gb Free Space | 56,00% Space Free | Partition Type: FAT32
 
Computer Name: ESTHER-PC | User Name: Esther | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- Reg Error: Key error. File not found
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [ACDSee 14.Manage] -- "C:\Program Files (x86)\ACD Systems\ACDSee\14.0\ACDSeeQV14.exe" "%1" (ACD Systems International Inc.)
Directory [ACDSee Pro 5.Manage] -- "C:\Program Files (x86)\ACD Systems\ACDSee Pro\5.0\ACDSeeQVPro5.exe" "%1" (ACD Systems International Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [ACDSee 14.Manage] -- "C:\Program Files (x86)\ACD Systems\ACDSee\14.0\ACDSeeQV14.exe" "%1" (ACD Systems International Inc.)
Directory [ACDSee Pro 5.Manage] -- "C:\Program Files (x86)\ACD Systems\ACDSee Pro\5.0\ACDSeeQVPro5.exe" "%1" (ACD Systems International Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"AutoUpdateDisableNotify" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02E51578-7E01-445B-9AEA-7F0F7757185B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{03CAF0F9-1C45-4831-A09C-70F451123525}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{050E7BEA-D00D-4849-992A-CE9FF188B663}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{0F17FEC3-EC5D-4E2E-8B91-7BD0A2E970E4}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{38E3B288-FB13-4E52-8E26-DF5D4DED42CE}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{4874B472-2264-4E8F-A5D2-3AB9EFEA864B}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe | 
"{4D325331-B41F-4661-952B-A273078D5D6F}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{508CBF7B-21DC-4D2D-9271-3B49E4ABBD58}" = rport=138 | protocol=17 | dir=out | app=system | 
"{5B6A12DF-0FA8-4764-9B55-A014537112B7}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{6573BF92-C1FC-49A1-96AE-22736F82833E}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{65814B7C-CF56-41A9-A344-70AEB1428FF7}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{802EA49B-E6E8-4837-8D28-88BAE284C691}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{83BB2A53-FCD6-42B8-A05A-5EF21F56909A}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{8A67A611-28A2-49E8-BCB0-56A1ACCF2142}" = lport=138 | protocol=17 | dir=in | app=system | 
"{8A67F8A8-1351-443E-B9BA-7B3CF4975392}" = lport=445 | protocol=6 | dir=in | app=system | 
"{9E0AC17A-7E19-4E0E-9CF2-3BE12207F980}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{A2E65A1A-01FB-4498-B9DF-36F9909D8FB3}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{A8194362-3582-4A90-BC56-86CB1FAAD671}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{B469D4C5-081E-461D-9E90-B06DC282D635}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{CCDC6D64-F1C8-4B6E-B365-88637EAA4C43}" = lport=137 | protocol=17 | dir=in | app=system | 
"{D732CE52-7B82-47A1-978E-EB29B893F637}" = lport=139 | protocol=6 | dir=in | app=system | 
"{D92D93DF-5D59-43BF-9579-0A4951EC766F}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{DD37FF2B-7889-4EFE-BFE7-83159C49D11C}" = rport=137 | protocol=17 | dir=out | app=system | 
"{E82CC842-5C83-4640-B03D-FDAFC8987877}" = rport=445 | protocol=6 | dir=out | app=system | 
"{F024B33C-B77C-477C-B07D-2F3A44DA2AFF}" = rport=139 | protocol=6 | dir=out | app=system | 
"{F4768A49-7247-4807-BC21-C8CADBA7B7D0}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{021E7C12-28FC-4703-BECF-3D7D77D68E79}" = protocol=6 | dir=in | app=c:\program files (x86)\tobit radio.fx\client\rfx-client.exe | 
"{0AFC1FD6-CC62-495F-8EC7-5BEE85182ABA}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{0CB8A144-CA21-4E95-8082-A11C3EFCE976}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{0E6F9A6A-2C11-40B7-8237-43A25AAE460D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{1019291E-2D33-4B72-A74A-44DCFBE9DC44}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{22664D91-560A-4088-A187-55AAC381C2C4}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{2319F8C7-9AAF-4665-92F6-D12AFE184A71}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{2A642861-D513-4BCE-9C02-3026F65917BF}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{2CF3B970-A6B9-4E16-AF9E-A48A5D2411CC}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{38807692-AB6D-4860-8E90-DA94A09102A4}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe | 
"{3AF43E56-F29F-4B81-9797-FF47672F1DD5}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{4F21112B-BFAF-4E41-B728-D5A093254583}" = protocol=6 | dir=in | app=c:\program files (x86)\tobit radio.fx\server\rfx-server.exe | 
"{5750E438-E453-4725-9961-983AD085B169}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{5F9564E8-C13B-4A07-A61B-4C58195459A7}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe | 
"{668ABAF0-A69D-4C68-BD61-DC172F17560B}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{67A8A10E-6224-4E4F-9ADF-336434ED6305}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | 
"{73602B21-FC7F-43A7-BE99-AF834EF853DF}" = protocol=17 | dir=in | app=c:\program files (x86)\tobit radio.fx\server\rfx-server.exe | 
"{76B47941-D16E-4F92-8AF4-9B42558F469D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{79EB3E98-9CE6-4614-B65B-2E761F2BEADC}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{81628CCC-E1D0-419D-942A-FB08929AEFCE}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{9C9100DF-C577-4000-951D-AA5C07AF6995}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe | 
"{A3374036-A3EB-40E1-9470-40D61EF10B12}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{A405B847-4A73-42AC-858F-81C2CCD6F02F}" = protocol=17 | dir=in | app=c:\program files (x86)\tobit radio.fx\client\rfx-client.exe | 
"{A98625FA-4551-443C-804E-40D68E73971F}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{AB966045-9D36-4FC7-88A4-E0B835736438}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{BF8D5B16-89FB-413F-A334-98462350E823}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{C26FC6C1-A0DD-48CD-8152-90AB4E288367}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{C47E4DBF-80D0-48C6-BBCC-7880B3EBE993}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{C6BA9CCF-C1D0-407E-9CE2-F7CA2804B8EB}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe | 
"{CCF974A9-F636-494F-BD55-C35594BEC4FC}" = protocol=6 | dir=out | app=system | 
"{CE810CFF-62A3-428A-9891-D06B7DF91DAE}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{CEC6BC26-2AAA-4C98-A921-A45080A2C409}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe | 
"{D28E26FF-0EFF-4645-B5A8-E530532378C3}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe | 
"{D4A65752-1543-477C-9F3A-781C73C8C27C}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{E21004F3-1FE1-48FB-A68D-8F4ABEB3B775}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{F0159824-7FED-479B-9C9B-A75625CA183C}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{FA506297-5527-4E2C-A897-F3E4DD4BB98D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"TCP Query User{197DFCC2-2207-4D9C-850F-051B0B2AA0EA}C:\windows\syswow64\netcapiconfig.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\netcapiconfig.exe | 
"UDP Query User{BC829758-A3BC-4F43-A0B4-9CB0CB8C6AD2}C:\windows\syswow64\netcapiconfig.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\netcapiconfig.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1111706F-666A-4037-7777-203648764D10}" = JavaFX 2.0.3 (64-bit)
"{13F4A7F3-EABC-4261-AF6B-1317777F0755}" = Fast Boot
"{1493B2AE-0261-47D2-B1AA-F4DAD0F6C48B}" = iTunes
"{2222706F-666A-4037-7777-203648764D10}" = JavaFX 2.0.3 SDK (64-bit)
"{26A24AE4-039D-4CA4-87B4-2F86417003FF}" = Java(TM) 7 Update 3 (64-bit)
"{293C4FDD-FB80-48F8-8B40-F085392FDAA1}" = Eumex RNDIS64 Treiber V1.02
"{3768263E-8BE8-4CEF-9463-6D36F731824B}" = Windows Live Family Safety
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{64A3A4F4-B792-11D6-A78A-00B0D0170030}" = Java(TM) SE Development Kit 7 Update 3 (64-bit)
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{7446FE8D-C1F9-4D42-AAAE-5DBCE58605A6}" = Apple Mobile Device Support
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0028-0404-1000-0000000FF1CE}" = Microsoft Office IME (Chinese (Traditional)) 2007
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0404-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Chinese (Traditional)) 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{90120000-002A-0408-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Greek) 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-002A-040C-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (French) 2007
"{90120000-002A-040D-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Hebrew) 2007
"{90120000-002A-0410-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Italian) 2007
"{90120000-002A-0413-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Dutch) 2007
"{90120000-002A-0816-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Portuguese (Portugal)) 2007
"{90120000-002A-0C0A-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Spanish) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{91EFE3A1-585E-4F66-B5F6-F118F56C4C47}" = ASUS Power4Gear Hybrid
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}" = SRS Premium Sound Control Panel
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"7B73EBFEF26F2C40D3AA9D389F5CF2C77121106C" = Windows-Treiberpaket - T-Home Net  (06/30/2010 6.0.6000.16384)
"ASUS WebStorage" = ASUS WebStorage
"Elantech" = ETDWare PS/2-x64 7.0.5.7_WHQL
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"NVIDIA Drivers" = NVIDIA Drivers
"USB 2.0 VGA UVC WebCam" = USB 2.0 VGA UVC WebCam
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{007C5268-FB1C-49B9-A5E7-37D66DE46B9C}" = Online Plug-in
"{06585B02-F20D-4AB2-9A64-86EF2AE0F8F0}" = ASUS AI Recovery
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{16480125-0428-4097-9A2A-74464004D169}" = EOS Capture 1.3
"{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = ASUS LifeFrame3
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{20FDF948-C8ED-4543-A539-F7F4AEF5AFA2}" = Wireless Console 3
"{218BBBE3-FE63-4BB2-81A8-7435575A84FA}" = PhotoStitch
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83217003F0}" = Java(TM) 7 Update 3
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 9
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Client Installation Program
"{28291BD5-92D2-4685-82DC-CCA925C53CCA}" = RemoteCapture Task 1.1
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{291E2930-2240-11E2-BC84-B8AC6F98CCE3}" = Google Earth Plug-in
"{2DE9C112-2482-4D27-AA90-1504DFD9F117}" = Citrix Authentication Manager
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{33CF7CDF-9805-4500-9CC7-D19D52AD63C4}" = Canon Camera WIA Driver
"{35E0BA9D-3AFE-402A-99CA-D94FE1E73D18}" = ACDSee Pro 5
"{3B05F2FB-745B-4012-ADF2-439F36B2E70B}" = ATKOSD2
"{3F1C9552-58E0-4AAC-A616-AE3A28720EC6}" = GimpShop 2.8
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}" = Junk Mail filter update
"{4C552FD3-2CCD-4E00-AC64-0681DBB3F8B5}" = OpenOffice.org 3.4
"{5662C158-CA24-4228-BF6C-596FADA08682}" = Camera Support Core Library
"{5A166C0B-9557-4364-A057-F946D674E6AC}" = Windows Live Mail
"{5B65EF64-1DFA-414A-8C94-7BB726158E21}" = ControlDeck
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{619387A7-F174-457C-9A4F-AB68D928D1A2}" = funkwerk Eumex 401 WIN-Tools V2.00
"{64452561-169F-4A36-A2FF-B5E118EC65F5}" = ASUS SmartLogon
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6B96DADA-1A27-4A04-8CB2-CC45168D05FA}" = Windows Live Fotogalerie
"{6F5A71BD-9EC9-4A59-BFBD-CA63CFB4885D}" = ACDSee 14
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{789CF5F1-3326-4B7B-9D01-31047E0F5651}" = Canon Utilities Digital Photo Professional 1.6.1
"{7B847C9D-6758-45E6-B598-3BD8F43EAE9E}" = Camera Window DS
"{7C05592D-424B-46CB-B505-E0013E8E75C9}" = ATK Hotkey
"{81821BF8-DA20-4F8C-AA87-F70A274828D4}" = Windows Live Writer
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110209593}" = Chicken Invaders 2
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110413757}" = Smileyville
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}" = Alice Greenfingers
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115233673}" = Dream Day Wedding Married in Manhattan
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-116864777}" = Piggly
"{835686C5-8650-49EB-8CA0-4528B4035495}" = Windows Live Call
"{837B6259-6FF5-4E66-87C1-A5A15ED36FF4}" = Windows Live Messenger
"{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60}" = Windows Live Anmelde-Assistent
"{862983D7-FA08-493E-A9ED-6B7859E069D3}" = Canon PhotoRecord
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8C1E2925-14F8-45AA-B999-1E2A74BF5607}" = Windows Live Sync
"{8EC50898-E24A-4C0C-A1F2-A71A8DBF291F}" = Citrix Receiver Inside
"{8F21291E-0444-4B1D-B9F9-4370A73E346D}" = WinFlash
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0015-0404-0000-0000000FF1CE}" = Microsoft Office Access MUI (Chinese (Traditional)) 2007
"{90120000-0015-0404-0000-0000000FF1CE}_PROHYBRIDR_{7B317D54-6465-4DD1-9F08-41C3CD537B4E}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0015-0408-0000-0000000FF1CE}" = Microsoft Office Access MUI (Greek) 2007
"{90120000-0015-0408-0000-0000000FF1CE}_PROHYBRIDR_{F86B508B-F1A2-4841-B906-CDDA3A548A2A}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0015-040C-0000-0000000FF1CE}" = Microsoft Office Access MUI (French) 2007
"{90120000-0015-040C-0000-0000000FF1CE}_PROHYBRIDR_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0015-040D-0000-0000000FF1CE}" = Microsoft Office Access MUI (Hebrew) 2007
"{90120000-0015-040D-0000-0000000FF1CE}_PROHYBRIDR_{F328D99F-F535-4753-B2D4-3CD9603715F6}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0015-0410-0000-0000000FF1CE}" = Microsoft Office Access MUI (Italian) 2007
"{90120000-0015-0410-0000-0000000FF1CE}_PROHYBRIDR_{7F40286D-09A7-4DC0-A2A4-AA18D026D369}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0015-0413-0000-0000000FF1CE}" = Microsoft Office Access MUI (Dutch) 2007
"{90120000-0015-0413-0000-0000000FF1CE}_PROHYBRIDR_{26257879-B20D-4D30-A429-B387A4890929}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0015-0816-0000-0000000FF1CE}" = Microsoft Office Access MUI (Portuguese (Portugal)) 2007
"{90120000-0015-0816-0000-0000000FF1CE}_PROHYBRIDR_{F812A9CD-23C6-4BBC-B168-ED2C68B0F003}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0015-0C0A-0000-0000000FF1CE}" = Microsoft Office Access MUI (Spanish) 2007
"{90120000-0015-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{D79E9128-A250-4155-BE90-2BE81DE0406A}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0404-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Chinese (Traditional)) 2007
"{90120000-0016-0404-0000-0000000FF1CE}_PROHYBRIDR_{7B317D54-6465-4DD1-9F08-41C3CD537B4E}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0408-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Greek) 2007
"{90120000-0016-0408-0000-0000000FF1CE}_PROHYBRIDR_{F86B508B-F1A2-4841-B906-CDDA3A548A2A}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-040C-0000-0000000FF1CE}" = Microsoft Office Excel MUI (French) 2007
"{90120000-0016-040C-0000-0000000FF1CE}_PROHYBRIDR_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-040D-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Hebrew) 2007
"{90120000-0016-040D-0000-0000000FF1CE}_PROHYBRIDR_{F328D99F-F535-4753-B2D4-3CD9603715F6}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0410-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Italian) 2007
"{90120000-0016-0410-0000-0000000FF1CE}_PROHYBRIDR_{7F40286D-09A7-4DC0-A2A4-AA18D026D369}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0413-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Dutch) 2007
"{90120000-0016-0413-0000-0000000FF1CE}_PROHYBRIDR_{26257879-B20D-4D30-A429-B387A4890929}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0816-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Portuguese (Portugal)) 2007
"{90120000-0016-0816-0000-0000000FF1CE}_PROHYBRIDR_{F812A9CD-23C6-4BBC-B168-ED2C68B0F003}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0C0A-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Spanish) 2007
"{90120000-0016-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{D79E9128-A250-4155-BE90-2BE81DE0406A}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0404-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Chinese (Traditional)) 2007
"{90120000-0018-0404-0000-0000000FF1CE}_PROHYBRIDR_{7B317D54-6465-4DD1-9F08-41C3CD537B4E}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0408-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Greek) 2007
"{90120000-0018-0408-0000-0000000FF1CE}_PROHYBRIDR_{F86B508B-F1A2-4841-B906-CDDA3A548A2A}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-040C-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (French) 2007
"{90120000-0018-040C-0000-0000000FF1CE}_PROHYBRIDR_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-040D-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Hebrew) 2007
"{90120000-0018-040D-0000-0000000FF1CE}_PROHYBRIDR_{F328D99F-F535-4753-B2D4-3CD9603715F6}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0410-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Italian) 2007
"{90120000-0018-0410-0000-0000000FF1CE}_PROHYBRIDR_{7F40286D-09A7-4DC0-A2A4-AA18D026D369}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0413-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Dutch) 2007
"{90120000-0018-0413-0000-0000000FF1CE}_PROHYBRIDR_{26257879-B20D-4D30-A429-B387A4890929}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0816-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Portuguese (Portugal)) 2007
"{90120000-0018-0816-0000-0000000FF1CE}_PROHYBRIDR_{F812A9CD-23C6-4BBC-B168-ED2C68B0F003}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0C0A-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Spanish) 2007
"{90120000-0018-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{D79E9128-A250-4155-BE90-2BE81DE0406A}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0404-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Chinese (Traditional)) 2007
"{90120000-0019-0404-0000-0000000FF1CE}_PROHYBRIDR_{7B317D54-6465-4DD1-9F08-41C3CD537B4E}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0408-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Greek) 2007
"{90120000-0019-0408-0000-0000000FF1CE}_PROHYBRIDR_{F86B508B-F1A2-4841-B906-CDDA3A548A2A}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-040C-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (French) 2007
"{90120000-0019-040C-0000-0000000FF1CE}_PROHYBRIDR_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-040D-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Hebrew) 2007
"{90120000-0019-040D-0000-0000000FF1CE}_PROHYBRIDR_{F328D99F-F535-4753-B2D4-3CD9603715F6}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0410-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Italian) 2007
"{90120000-0019-0410-0000-0000000FF1CE}_PROHYBRIDR_{7F40286D-09A7-4DC0-A2A4-AA18D026D369}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0413-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Dutch) 2007
"{90120000-0019-0413-0000-0000000FF1CE}_PROHYBRIDR_{26257879-B20D-4D30-A429-B387A4890929}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0816-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Portuguese (Portugal)) 2007
"{90120000-0019-0816-0000-0000000FF1CE}_PROHYBRIDR_{F812A9CD-23C6-4BBC-B168-ED2C68B0F003}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0C0A-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Spanish) 2007
"{90120000-0019-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{D79E9128-A250-4155-BE90-2BE81DE0406A}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0404-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Chinese (Traditional)) 2007
"{90120000-001A-0404-0000-0000000FF1CE}_PROHYBRIDR_{7B317D54-6465-4DD1-9F08-41C3CD537B4E}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0408-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Greek) 2007
"{90120000-001A-0408-0000-0000000FF1CE}_PROHYBRIDR_{F86B508B-F1A2-4841-B906-CDDA3A548A2A}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-040C-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (French) 2007
"{90120000-001A-040C-0000-0000000FF1CE}_PROHYBRIDR_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-040D-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Hebrew) 2007
"{90120000-001A-040D-0000-0000000FF1CE}_PROHYBRIDR_{F328D99F-F535-4753-B2D4-3CD9603715F6}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0410-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Italian) 2007
"{90120000-001A-0410-0000-0000000FF1CE}_PROHYBRIDR_{7F40286D-09A7-4DC0-A2A4-AA18D026D369}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0413-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Dutch) 2007
"{90120000-001A-0413-0000-0000000FF1CE}_PROHYBRIDR_{26257879-B20D-4D30-A429-B387A4890929}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0816-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Portuguese (Portugal)) 2007
"{90120000-001A-0816-0000-0000000FF1CE}_PROHYBRIDR_{F812A9CD-23C6-4BBC-B168-ED2C68B0F003}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0C0A-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Spanish) 2007
"{90120000-001A-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{D79E9128-A250-4155-BE90-2BE81DE0406A}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0404-0000-0000000FF1CE}" = Microsoft Office Word MUI (Chinese (Traditional)) 2007
"{90120000-001B-0404-0000-0000000FF1CE}_PROHYBRIDR_{7B317D54-6465-4DD1-9F08-41C3CD537B4E}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0408-0000-0000000FF1CE}" = Microsoft Office Word MUI (Greek) 2007
"{90120000-001B-0408-0000-0000000FF1CE}_PROHYBRIDR_{F86B508B-F1A2-4841-B906-CDDA3A548A2A}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-040C-0000-0000000FF1CE}" = Microsoft Office Word MUI (French) 2007
"{90120000-001B-040C-0000-0000000FF1CE}_PROHYBRIDR_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-040D-0000-0000000FF1CE}" = Microsoft Office Word MUI (Hebrew) 2007
"{90120000-001B-040D-0000-0000000FF1CE}_PROHYBRIDR_{F328D99F-F535-4753-B2D4-3CD9603715F6}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0410-0000-0000000FF1CE}" = Microsoft Office Word MUI (Italian) 2007
"{90120000-001B-0410-0000-0000000FF1CE}_PROHYBRIDR_{7F40286D-09A7-4DC0-A2A4-AA18D026D369}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0413-0000-0000000FF1CE}" = Microsoft Office Word MUI (Dutch) 2007
"{90120000-001B-0413-0000-0000000FF1CE}_PROHYBRIDR_{26257879-B20D-4D30-A429-B387A4890929}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0816-0000-0000000FF1CE}" = Microsoft Office Word MUI (Portuguese (Portugal)) 2007
"{90120000-001B-0816-0000-0000000FF1CE}_PROHYBRIDR_{F812A9CD-23C6-4BBC-B168-ED2C68B0F003}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0C0A-0000-0000000FF1CE}" = Microsoft Office Word MUI (Spanish) 2007
"{90120000-001B-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{D79E9128-A250-4155-BE90-2BE81DE0406A}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0401-0000-0000000FF1CE}" = Microsoft Office Proof (Arabic) 2007
"{90120000-001F-0401-0000-0000000FF1CE}_PROHYBRIDR_{3E8EA473-ECCE-405F-A9CA-59446AEADD3A}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0403-0000-0000000FF1CE}" = Microsoft Office Proof (Catalan) 2007
"{90120000-001F-0403-0000-0000000FF1CE}_PROHYBRIDR_{BEADB115-DB47-4BD0-A9EC-AE585AFAB2D8}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0404-0000-0000000FF1CE}" = Microsoft Office Proof (Chinese (Traditional)) 2007
"{90120000-001F-0404-0000-0000000FF1CE}_PROHYBRIDR_{E4E8AF9E-0F8C-40E8-950A-CA40B7138049}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_PROHYBRIDR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0408-0000-0000000FF1CE}" = Microsoft Office Proof (Greek) 2007
"{90120000-001F-0408-0000-0000000FF1CE}_PROHYBRIDR_{DB0C1C5A-7998-4B95-8BD5-ACACD18B0B53}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040D-0000-0000000FF1CE}" = Microsoft Office Proof (Hebrew) 2007
"{90120000-001F-040D-0000-0000000FF1CE}_PROHYBRIDR_{51590837-F141-43A8-B0EC-AEF16F1CBE78}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_PROHYBRIDR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0413-0000-0000000FF1CE}" = Microsoft Office Proof (Dutch) 2007
"{90120000-001F-0413-0000-0000000FF1CE}_PROHYBRIDR_{2C95E7EE-FEA7-4B3A-A6E5-DF90A88B816A}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0416-0000-0000000FF1CE}" = Microsoft Office Proof (Portuguese (Brazil)) 2007
"{90120000-001F-0416-0000-0000000FF1CE}_PROHYBRIDR_{8A524694-0CA4-476A-9301-B1E9D70FC952}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0419-0000-0000000FF1CE}" = Microsoft Office Proof (Russian) 2007
"{90120000-001F-0419-0000-0000000FF1CE}_PROHYBRIDR_{EFE123B8-9F0A-4C50-A67B-0BADF3CB00DC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-042D-0000-0000000FF1CE}" = Microsoft Office Proof (Basque) 2007
"{90120000-001F-042D-0000-0000000FF1CE}_PROHYBRIDR_{017A6981-5E03-4A97-830A-35FE0927BB7F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0456-0000-0000000FF1CE}" = Microsoft Office Proof (Galician) 2007
"{90120000-001F-0456-0000-0000000FF1CE}_PROHYBRIDR_{A3A03B41-14EA-4E50-97D8-FCF429AE0CCB}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0816-0000-0000000FF1CE}" = Microsoft Office Proof (Portuguese (Portugal)) 2007
"{90120000-001F-0816-0000-0000000FF1CE}_PROHYBRIDR_{C8246FCF-12F8-4212-BC89-6ED049BA2FB8}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0028-0404-0000-0000000FF1CE}" = Microsoft Office IME (Chinese (Traditional)) 2007
"{90120000-0028-0404-0000-0000000FF1CE}_PROHYBRIDR_{55F3B092-C18B-4E04-9E53-F794641B39F4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0028-0404-1000-0000000FF1CE}_PROHYBRIDR_{490B52AE-965C-460C-9E0F-EE65C96F7AA1}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_PROHYBRIDR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0404-1000-0000000FF1CE}_PROHYBRIDR_{B1249A88-9E86-41F6-8942-848B01D2C316}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_PROHYBRIDR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0408-1000-0000000FF1CE}_PROHYBRIDR_{58D10C7E-20DE-47F0-BAFA-37A870A625F9}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_PROHYBRIDR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-040C-1000-0000000FF1CE}_PROHYBRIDR_{8283FD64-6A3B-4104-9E12-7CA25EF29A1A}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-040D-1000-0000000FF1CE}_PROHYBRIDR_{CA35966E-C879-49CB-A61C-B2EF26AE54B7}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0410-1000-0000000FF1CE}_PROHYBRIDR_{C0C7E58F-D0A1-4102-855B-0B7AA2E8F1C1}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0413-1000-0000000FF1CE}_PROHYBRIDR_{1D12BC91-360E-424C-97C4-813651313660}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0816-1000-0000000FF1CE}_PROHYBRIDR_{5E03E01D-304F-474D-B85F-06B2C9AE0583}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0C0A-1000-0000000FF1CE}_PROHYBRIDR_{430AE3E6-E982-4958-90FC-1C062BC74E22}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0404-0000-0000000FF1CE}" = Microsoft Office Proofing (Chinese (Traditional)) 2007
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-002C-0408-0000-0000000FF1CE}" = Microsoft Office Proofing (Greek) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-002C-040C-0000-0000000FF1CE}" = Microsoft Office Proofing (French) 2007
"{90120000-002C-040D-0000-0000000FF1CE}" = Microsoft Office Proofing (Hebrew) 2007
"{90120000-002C-0410-0000-0000000FF1CE}" = Microsoft Office Proofing (Italian) 2007
"{90120000-002C-0413-0000-0000000FF1CE}" = Microsoft Office Proofing (Dutch) 2007
"{90120000-002C-0816-0000-0000000FF1CE}" = Microsoft Office Proofing (Portuguese (Portugal)) 2007
"{90120000-002C-0C0A-0000-0000000FF1CE}" = Microsoft Office Proofing (Spanish) 2007
"{90120000-006E-0404-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Chinese (Traditional)) 2007
"{90120000-006E-0404-0000-0000000FF1CE}_PROHYBRIDR_{B1249A88-9E86-41F6-8942-848B01D2C316}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_PROHYBRIDR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0408-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Greek) 2007
"{90120000-006E-0408-0000-0000000FF1CE}_PROHYBRIDR_{58D10C7E-20DE-47F0-BAFA-37A870A625F9}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROHYBRIDR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-040C-0000-0000000FF1CE}" = Microsoft Office Shared MUI (French) 2007
"{90120000-006E-040C-0000-0000000FF1CE}_PROHYBRIDR_{8283FD64-6A3B-4104-9E12-7CA25EF29A1A}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-040D-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Hebrew) 2007
"{90120000-006E-040D-0000-0000000FF1CE}_PROHYBRIDR_{CA35966E-C879-49CB-A61C-B2EF26AE54B7}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0410-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Italian) 2007
"{90120000-006E-0410-0000-0000000FF1CE}_PROHYBRIDR_{C0C7E58F-D0A1-4102-855B-0B7AA2E8F1C1}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0413-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Dutch) 2007
"{90120000-006E-0413-0000-0000000FF1CE}_PROHYBRIDR_{1D12BC91-360E-424C-97C4-813651313660}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0816-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Portuguese (Portugal)) 2007
"{90120000-006E-0816-0000-0000000FF1CE}_PROHYBRIDR_{5E03E01D-304F-474D-B85F-06B2C9AE0583}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0C0A-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Spanish) 2007
"{90120000-006E-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{430AE3E6-E982-4958-90FC-1C062BC74E22}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROHYBRIDR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_PROHYBRIDR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{954BF446-BBC9-42CC-87A6-EBF0D55CA19A}" = Internet Library
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D48531D-2135-49FC-BC29-ACCDA5396A76}" = ASUS MultiFrame
"{A0791198-3F0C-4FB4-870C-5734C4CB5F16}" = Citrix Receiver (USB)
"{A0F34E4E-25F0-4B68-AE8F-EF0C15CB1FED}" = RAW Image Task 2.0
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A70D14C6-FF2C-4B8E-A643-7E74EC607614}" = Camera Window DVC
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.5.2 MUI
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{B4089055-D468-45A4-A6BA-5A138DD715FC}" = Bing Bar
"{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1" = Spybot - Search & Destroy
"{B48A3CE4-2F1E-45EF-841A-C0A3C407EB0F}" = Self-Service Plug-in
"{B4D8A5FE-83C9-44AB-88C7-9AB30EFE482A}" = Citrix Receiver(Aero)
"{B5A5627C-0173-4DB2-ADA8-740479370F67}" = Express Gate
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C1D76D7A-F3BB-47EA-A746-5B1E2FFC1DF2}" = Canon ZoomBrowser EX
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{C7C7FA4B-40FF-4B4E-A566-1ABF8FAC38BB}" = Citrix Receiver (HDX Flash-Umleitung)
"{D1E5870E-E3E5-4475-98A6-ADD614524ADF}" = ATK Media
"{D3D54F3E-C5C3-443D-978F-87A72E5616E8}" = ATK Generic Function Service
"{D777101F-1708-46ED-916E-3BE885F78F55}" = Citrix Receiver (DV)
"{DF5F687F-8018-4542-9F98-7084E9022917}" = Windows Live Essentials
"{E0333A93-11A6-4F87-B497-D3C5AABDDA6A}" = funkwerk Eumex 401 CAPI V1.00
"{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}" = ASUS Live Update
"{E73534D5-CC93-4C63-9072-5A9734255C74}" = Camera Window MC
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0DF4513-3C4C-4EB8-8012-2C5F70AF3988}" = ASUS FancyStart
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F4BF5F6B-F695-4762-AEB2-D095A4C34D89}" = Alcor Micro USB Card Reader
"{F5266D28-E0B2-4130-BFC5-EE155AD514DC}" = Apple Application Support
"{F69E83CF-B440-43F8-89E6-6EA80712109B}" = Windows Live Communications Platform
"{FA2092C5-7979-412D-A962-6485274AE1EE}" = ASUS Data Security Manager
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"ASUS AP Bank_is1" = ASUS AP Bank
"ASUS_UL_Series_Screensaver" = ASUS_UL_Series_Screensaver
"Avira AntiVir Desktop" = Avira Free Antivirus
"BFG-A Gnome's Home - The Great Crystal Crusade" = A Gnome's Home: The Great Crystal Crusade
"BFG-Alice's Tea Cup Madness" = Alice's Tea Cup Madness
"BFG-Amelies Cafe - Sommerspass" = Amelies Cafe - Sommerspa&szlig;
"BFGC" = Big Fish Games: Game Manager
"BFG-Die Legende von Atlantis - Exodus" = Die Legende von Atlantis: Exodus
"BFG-Farm Frenzy - Frische Fische" = Farm Frenzy: Frische Fische
"BFG-Farm Mania - Hot Vacation" = Farm Mania: Hot Vacation
"BFG-Jack of All Tribes" = Jack of All Tribes
"BFG-Legends of Atlantis - Exodus" = Legends of Atlantis: Exodus
"BFG-Mein Landleben 2" = Mein Landleben 2
"BFG-Patricia's Quest for Sun" = Patricia's Quest for Sun
"BFG-The Promised Land" = The Promised Land
"CitrixOnlinePluginPackWeb" = Citrix Receiver
"DBG SMMB_is1" = Die große Stuttgarter Multimediabibel
"EPSON Scanner" = EPSON Scan
"HUAWEI DataCard Driver" = HUAWEI DataCard Driver 4.20.12.00
"InstallShield_{16480125-0428-4097-9A2A-74464004D169}" = Canon Utilities EOS Capture 1.3
"InstallShield_{218BBBE3-FE63-4BB2-81A8-7435575A84FA}" = Canon Utilities PhotoStitch 3.1
"InstallShield_{28291BD5-92D2-4685-82DC-CCA925C53CCA}" = Canon RemoteCapture Task for ZoomBrowser EX
"InstallShield_{33CF7CDF-9805-4500-9CC7-D19D52AD63C4}" = Canon EOS Kiss_N REBEL_XT 350D Pilote WIA 
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{5662C158-CA24-4228-BF6C-596FADA08682}" = Canon Camera Support Core Library
"InstallShield_{619387A7-F174-457C-9A4F-AB68D928D1A2}" = funkwerk Eumex 401 WIN-Tools V2.00
"InstallShield_{789CF5F1-3326-4B7B-9D01-31047E0F5651}" = Canon Utilities Digital Photo Professional 1.6.1
"InstallShield_{7B847C9D-6758-45E6-B598-3BD8F43EAE9E}" = Canon Camera Window DS for ZoomBrowser EX
"InstallShield_{954BF446-BBC9-42CC-87A6-EBF0D55CA19A}" = Canon Internet Library for ZoomBrowser EX
"InstallShield_{A0F34E4E-25F0-4B68-AE8F-EF0C15CB1FED}" = Canon RAW Image Task for ZoomBrowser EX
"InstallShield_{A70D14C6-FF2C-4B8E-A643-7E74EC607614}" = Canon Camera Window DVC for ZoomBrowser EX
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"InstallShield_{E73534D5-CC93-4C63-9072-5A9734255C74}" = Canon Camera Window for ZoomBrowser EX
"InstallShield_{F4BF5F6B-F695-4762-AEB2-D095A4C34D89}" = Alcor Micro USB Card Reader
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000
"Mozilla Firefox 16.0.2 (x86 de)" = Mozilla Firefox 16.0.2 (x86 de)
"Mozilla Thunderbird 17.0 (x86 de)" = Mozilla Thunderbird 17.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"o2DE" = Mobile Connection Manager
"PROHYBRIDR" = 2007 Microsoft Office system
"Softonic" = Softonic toolbar  on IE
"TeamViewer 7" = TeamViewer 7
"Tobit Radio.fx Server 16" = hr2 RadioRecorder
"WinLiveSuite_Wave3" = Windows Live Essentials
"XnView_is1" = XnView 1.99
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 18.11.2012 07:18:38 | Computer Name = Esther-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 18.11.2012 07:18:38 | Computer Name = Esther-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 25163
 
Error - 18.11.2012 07:18:38 | Computer Name = Esther-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 25163
 
Error - 18.11.2012 07:18:53 | Computer Name = Esther-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 18.11.2012 07:18:53 | Computer Name = Esther-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 39905
 
Error - 18.11.2012 07:18:53 | Computer Name = Esther-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 39905
 
Error - 18.11.2012 07:19:07 | Computer Name = Esther-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 18.11.2012 07:19:07 | Computer Name = Esther-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 53742
 
Error - 18.11.2012 07:19:07 | Computer Name = Esther-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 53742
 
Error - 18.11.2012 09:00:49 | Computer Name = Esther-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files
 (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
 Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
 AIR.dll" in Zeile 3.  Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
 des "version"-Attributs im assemblyIdentity-Element ist ungültig.
 
Error - 18.11.2012 15:20:20 | Computer Name = Esther-PC | Source = RasClient | ID = 20227
Description = 
 
[ Media Center Events ]
Error - 26.08.2012 16:25:27 | Computer Name = Esther-PC | Source = MCUpdate | ID = 0
Description = 22:25:27 - Fehler beim Herstellen der Internetverbindung.  22:25:27 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 26.08.2012 16:25:39 | Computer Name = Esther-PC | Source = MCUpdate | ID = 0
Description = 22:25:32 - Fehler beim Herstellen der Internetverbindung.  22:25:32 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 28.08.2012 18:43:00 | Computer Name = Esther-PC | Source = MCUpdate | ID = 0
Description = 00:43:00 - Fehler beim Herstellen der Internetverbindung.  00:43:00 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 28.08.2012 18:43:17 | Computer Name = Esther-PC | Source = MCUpdate | ID = 0
Description = 00:43:05 - Fehler beim Herstellen der Internetverbindung.  00:43:05 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 15.09.2012 13:30:53 | Computer Name = Esther-PC | Source = MCUpdate | ID = 0
Description = 19:30:53 - Fehler beim Herstellen der Internetverbindung.  19:30:53 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 15.09.2012 13:31:02 | Computer Name = Esther-PC | Source = MCUpdate | ID = 0
Description = 19:30:58 - Fehler beim Herstellen der Internetverbindung.  19:30:58 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 17.09.2012 12:47:52 | Computer Name = Esther-PC | Source = MCUpdate | ID = 0
Description = 18:47:47 - Broadband konnte nicht abgerufen werden (Fehler: Die Verbindung
 mit dem Remoteserver kann nicht hergestellt werden.)  
 
Error - 19.09.2012 12:52:27 | Computer Name = Esther-PC | Source = MCUpdate | ID = 0
Description = 18:52:27 - Fehler beim Herstellen der Internetverbindung.  18:52:27 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 19.09.2012 12:52:37 | Computer Name = Esther-PC | Source = MCUpdate | ID = 0
Description = 18:52:32 - Fehler beim Herstellen der Internetverbindung.  18:52:32 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 22.09.2012 05:08:06 | Computer Name = Esther-PC | Source = MCUpdate | ID = 0
Description = 11:08:06 - MCEClientUX konnte nicht abgerufen werden (Fehler: Die 
Verbindung mit dem Remoteserver kann nicht hergestellt werden.)  
 
[ Spybot - Search and Destroy Events ]
Error - 26.11.2012 05:21:40 | Computer Name = Esther-PC | Source = SDCleaner | ID = 100
Description = LoadCleaningInstructions
 
Error - 26.11.2012 07:48:19 | Computer Name = Esther-PC | Source = SDCleaner | ID = 100
Description = LoadCleaningInstructions
 
[ System Events ]
Error - 17.11.2012 15:25:20 | Computer Name = Esther-PC | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\Windows\SysWow64\Drivers\elcapitd.sys
 nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
 des Treibers zu erhalten.
 
Error - 17.11.2012 15:25:20 | Computer Name = Esther-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "elcapitd" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%1275
 
Error - 18.11.2012 06:17:38 | Computer Name = Esther-PC | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\Drivers\elcapi20.sys
 nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
 des Treibers zu erhalten.
 
Error - 18.11.2012 06:17:38 | Computer Name = Esther-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "elcapi20" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%1275
 
Error - 18.11.2012 06:17:38 | Computer Name = Esther-PC | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\Windows\SysWow64\Drivers\elcapibs.sys
 nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
 des Treibers zu erhalten.
 
Error - 18.11.2012 06:17:38 | Computer Name = Esther-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "elcapibs" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%1275
 
Error - 18.11.2012 06:17:38 | Computer Name = Esther-PC | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\Windows\SysWow64\Drivers\elcapitd.sys
 nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
 des Treibers zu erhalten.
 
Error - 18.11.2012 06:17:38 | Computer Name = Esther-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "elcapitd" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%1275
 
Error - 18.11.2012 06:20:45 | Computer Name = Esther-PC | Source = Server | ID = 2505
Description = Aufgrund eines doppelten Netzwerknamens konnte zu der Transportschicht
 \Device\NetBT_Tcpip_{F294DB0A-888E-448C-A705-774B624487F9} vom Serverdienst nicht
 gebunden werden. Der Serverdienst konnte nicht gestartet werden.
 
Error - 18.11.2012 08:22:45 | Computer Name = Esther-PC | Source = Server | ID = 2505
Description = Aufgrund eines doppelten Netzwerknamens konnte zu der Transportschicht
 \Device\NetBT_Tcpip_{F294DB0A-888E-448C-A705-774B624487F9} vom Serverdienst nicht
 gebunden werden. Der Serverdienst konnte nicht gestartet werden.
 
 
< End of report >
         
--- --- ---


aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2012-11-27 20:58:36
-----------------------------
20:58:36.342 OS Version: Windows x64 6.1.7601 Service Pack 1
20:58:36.342 Number of processors: 2 586 0x170A
20:58:36.342 ComputerName: ESTHER-PC UserName: Esther
20:58:37.793 Initialize success
21:04:12.103 AVAST engine defs: 12112701
21:04:42.460 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
21:04:42.460 Disk 0 Vendor: ST950032 0002 Size: 476940MB BusType: 3
21:04:42.476 Disk 0 MBR read successfully
21:04:42.476 Disk 0 MBR scan
21:04:42.476 Disk 0 Windows VISTA default MBR code
21:04:42.492 Disk 0 Partition 1 00 1C Hidd FAT32 LBA MSDOS5.0 14997 MB offset 2048
21:04:42.507 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 119232 MB offset 30716280
21:04:42.523 Disk 0 Partition - 00 0F Extended LBA 342706 MB offset 274904280
21:04:42.538 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 342706 MB offset 274904343
21:04:42.570 Disk 0 scanning C:\Windows\system32\drivers
21:04:57.526 Service scanning
21:05:28.667 Modules scanning
21:05:28.667 Disk 0 trace - called modules:
21:05:29.228 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys hal.dll
21:05:29.244 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800495c060]
21:05:29.244 3 CLASSPNP.SYS[fffff88001bb443f] -> nt!IofCallDriver -> [0xfffffa8003cf3330]
21:05:29.259 5 ACPI.sys[fffff88000e0b7a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004708050]
21:05:30.492 AVAST engine scan C:\Windows
21:05:33.770 AVAST engine scan C:\Windows\system32
21:09:38.632 AVAST engine scan C:\Windows\system32\drivers
21:09:56.900 AVAST engine scan C:\Users\Esther
21:30:52.777 AVAST engine scan C:\ProgramData
21:32:47.219 Scan finished successfully
21:34:33.893 Disk 0 MBR has been saved successfully to "C:\Users\Esther\Desktop\MBR.dat"
21:34:33.908 The log file has been saved successfully to "C:\Users\Esther\Desktop\aswMBR.txt"

Alt 28.11.2012, 06:45   #5
schrauber
/// the machine
/// TB-Ausbilder
 

adserverplus kommt wieder - Standard

adserverplus kommt wieder



Hi,

Spybot komplett deinstallieren.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).



und ein frisches OTL log bitte.

__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 28.11.2012, 08:27   #6
egeg
 
adserverplus kommt wieder - Standard

adserverplus kommt wieder



# AdwCleaner v2.009 - Datei am 28/11/2012 um 09:20:22 erstellt
# Aktualisiert am 24/11/2012 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Esther - ESTHER-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Dokumente und Einstellungen\Gröschel\Desktop\Download\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gelöscht : C:\user.js
Datei Gelöscht : C:\Users\Esther\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tbhcn.lnk
Ordner Gelöscht : C:\Program Files (x86)\Softonic
Ordner Gelöscht : C:\ProgramData\Ask
Ordner Gelöscht : C:\Users\Esther\AppData\Local\Temp\AskSearch
Ordner Gelöscht : C:\Users\Esther\AppData\LocalLow\Softonic
Ordner Gelöscht : C:\Users\Esther\AppData\Roaming\BrowserCompanion
Ordner Gelöscht : C:\Users\Esther\AppData\Roaming\Mozilla\Firefox\Profiles\1zmmrx73.default\extensions\bbrs_002@blabbers.com
Ordner Gelöscht : C:\Users\Esther\AppData\Roaming\Mozilla\Firefox\Profiles\1zmmrx73.default\extensions\staged

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKLM\Software\BrowserCompanion
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{20EDC024-43C5-423E-B7F5-FD93523E0D9F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\tdataprotocol.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\updatebho.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\wit4ie.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\escort.escortIEPane
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\S
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Softonic.dskBnd
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Softonic.dskBnd.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Softonic.SoftonicHlpr
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Softonic.SoftonicHlpr.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\SoftonicApp.appCore
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\SoftonicApp.appCore.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\srv.SoftonicSrvc
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\srv.SoftonicSrvc.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{11D9E165-B8C1-4734-A56C-BC4FCACA966B}
Schlüssel Gelöscht : HKLM\Software\Freeze.com
Schlüssel Gelöscht : HKLM\Software\Softonic
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{087CDC12-0A11-4D1D-8DCF-44185D7C3496}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{088BF3A9-6AE8-47B9-A3FB-26262F236C79}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Softonic
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{087CDC12-0A11-4D1D-8DCF-44185D7C3496}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{088BF3A9-6AE8-47B9-A3FB-26262F236C79}

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16421

Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://www.searchplusnetwork.com/?sp=vit4 --> hxxp://www.google.com

-\\ Mozilla Firefox v16.0.2 (de)

Profilname : default
Datei : C:\Users\Esther\AppData\Roaming\Mozilla\Firefox\Profiles\1zmmrx73.default\prefs.js

C:\Users\Esther\AppData\Roaming\Mozilla\Firefox\Profiles\1zmmrx73.default\user.js ... Gelöscht !

Gelöscht : user_pref("browser.search.defaultengine", "Ask.com");
Gelöscht : user_pref("browser.search.defaultenginename", "Ask.com");
Gelöscht : user_pref("browser.search.order.1", "Ask.com");
Gelöscht : user_pref("extensions.Softonic.admin", false);
Gelöscht : user_pref("extensions.Softonic.aflt", "SD");
Gelöscht : user_pref("extensions.Softonic.autoRvrt", "false");
Gelöscht : user_pref("extensions.Softonic.cntry", "DE");
Gelöscht : user_pref("extensions.Softonic.cv", "cv5");
Gelöscht : user_pref("extensions.Softonic.dfltLng", "de");
Gelöscht : user_pref("extensions.Softonic.dfltlng", "de");
Gelöscht : user_pref("extensions.Softonic.dfltsrch", "false");
Gelöscht : user_pref("extensions.Softonic.envrmnt", "production");
Gelöscht : user_pref("extensions.Softonic.excTlbr", false);
Gelöscht : user_pref("extensions.Softonic.hdrMd5", "9EEEF34A9616421C5C2E3C44D7D9A180");
Gelöscht : user_pref("extensions.Softonic.hmpg", false);
Gelöscht : user_pref("extensions.Softonic.hrdid", "c6bc4e92000000000000000000000000");
Gelöscht : user_pref("extensions.Softonic.id", "c6bc4e92000000000000000000000000");
Gelöscht : user_pref("extensions.Softonic.instlDay", "15560");
Gelöscht : user_pref("extensions.Softonic.instlRef", "INF1205T01");
Gelöscht : user_pref("extensions.Softonic.instlday", "15560");
Gelöscht : user_pref("extensions.Softonic.instlref", "INF1205T01");
Gelöscht : user_pref("extensions.Softonic.isdcmntcmplt", "false");
Gelöscht : user_pref("extensions.Softonic.keywordurl", "");
Gelöscht : user_pref("extensions.Softonic.lastVrsnTs", "1.6.7.411:40:31");
Gelöscht : user_pref("extensions.Softonic.mntrvrsn", "1.3.0");
Gelöscht : user_pref("extensions.Softonic.newTab", false);
Gelöscht : user_pref("extensions.Softonic.newtab", "false");
Gelöscht : user_pref("extensions.Softonic.newtaburl", "");
Gelöscht : user_pref("extensions.Softonic.prdct", "Softonic");
Gelöscht : user_pref("extensions.Softonic.propectorlck", 83747962);
Gelöscht : user_pref("extensions.Softonic.prtnrId", "softonic");
Gelöscht : user_pref("extensions.Softonic.prtnrid", "softonic");
Gelöscht : user_pref("extensions.Softonic.rvrtMsg", "Click Yes to keep current home page and default search set[...]
Gelöscht : user_pref("extensions.Softonic.savedVrsnTs", "1");
Gelöscht : user_pref("extensions.Softonic.sg", "tz");
Gelöscht : user_pref("extensions.Softonic.smplGrp", "none");
Gelöscht : user_pref("extensions.Softonic.smplgrp", "none");
Gelöscht : user_pref("extensions.Softonic.srch", "");
Gelöscht : user_pref("extensions.Softonic.srchprvdr", "");
Gelöscht : user_pref("extensions.Softonic.tlbrId", "base");
Gelöscht : user_pref("extensions.Softonic.tlbrSrchUrl", "hxxp://search.softonic.com/INF1205T01/tb_v1?SearchSour[...]
Gelöscht : user_pref("extensions.Softonic.tlbrid", "base");
Gelöscht : user_pref("extensions.Softonic.tlbrsrchurl", "hxxp://search.softonic.com/INF1205T01/tb_v1?SearchSour[...]
Gelöscht : user_pref("extensions.Softonic.vrsn", "1.6.7.4");
Gelöscht : user_pref("extensions.Softonic.vrsnTs", "1.6.7.411:40:31");
Gelöscht : user_pref("extensions.Softonic.vrsni", "1.6.7.4");
Gelöscht : user_pref("extensions.Softonic.vrsnts", "1.6.7.411:40:31");
Gelöscht : user_pref("extensions.Softonic_i.newTab", false);
Gelöscht : user_pref("extensions.Softonic_i.smplGrp", "none");
Gelöscht : user_pref("extensions.Softonic_i.vrsnTs", "1.6.7.411:40:31");
Gelöscht : user_pref("extensions.ui.lastCategory", "addons://search/softonic");

-\\ Google Chrome v [Version kann nicht ermittelt werden]

Datei : C:\Users\Esther\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

*************************

AdwCleaner[S1].txt - [7422 octets] - [28/11/2012 09:20:22]

########## EOF - C:\AdwCleaner[S1].txt - [7482 octets] ##########

OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 28.11.2012 09:31:48 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Dokumente und Einstellungen\Gröschel\Desktop\Download
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,97 Gb Total Physical Memory | 2,50 Gb Available Physical Memory | 63,00% Memory free
7,93 Gb Paging File | 6,27 Gb Available in Paging File | 79,01% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 116,44 Gb Total Space | 39,20 Gb Free Space | 33,66% Space Free | Partition Type: NTFS
Drive D: | 334,67 Gb Total Space | 334,59 Gb Free Space | 99,97% Space Free | Partition Type: NTFS
 
Computer Name: ESTHER-PC | User Name: Esther | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.11.27 15:02:09 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Gröschel\Desktop\Download\OTL.exe
PRC - [2012.11.26 14:20:44 | 000,085,280 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2012.11.26 14:20:15 | 000,384,800 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.11.26 14:20:15 | 000,109,344 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.10.02 12:13:44 | 003,064,000 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2012.09.29 19:54:26 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.09.29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.09.29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012.08.31 15:02:03 | 002,754,984 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
PRC - [2012.04.05 10:11:18 | 001,144,704 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\ICA Client\Receiver\Receiver.exe
PRC - [2012.04.05 08:17:42 | 000,871,576 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
PRC - [2012.04.05 08:14:40 | 000,371,864 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
PRC - [2012.04.03 10:00:24 | 000,051,128 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe
PRC - [2011.11.17 01:36:22 | 001,231,472 | ---- | M] (ACD Systems) -- C:\Program Files (x86)\ACD Systems\ACDSee\14.0\ACDSeeInTouch2.exe
PRC - [2011.11.17 00:04:20 | 000,822,384 | ---- | M] (ACD Systems) -- C:\Program Files (x86)\ACD Systems\ACDSee Pro\5.0\ACDSeeProInTouch2.exe
PRC - [2011.10.21 14:23:42 | 000,196,176 | ---- | M] (Microsoft Corporation.) -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
PRC - [2011.10.13 16:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
PRC - [2011.06.14 17:35:02 | 000,201,080 | ---- | M] (Telefónica) -- C:\Program Files (x86)\o2\Mobile Connection Manager\ImpWiFiSvc.exe
PRC - [2011.02.07 10:47:10 | 003,576,152 | ---- | M] () -- C:\Program Files (x86)\Tobit Radio.fx\Server\rfx-server.exe
PRC - [2009.12.26 11:03:43 | 003,058,304 | ---- | M] (ASUS) -- C:\Windows\AsScrPro.exe
PRC - [2009.10.23 01:45:40 | 001,593,344 | ---- | M] () -- C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
PRC - [2009.09.24 22:50:02 | 000,053,888 | ---- | M] () -- C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
PRC - [2009.08.20 05:31:48 | 000,170,624 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
PRC - [2009.08.17 18:58:46 | 006,859,392 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
PRC - [2009.08.12 23:20:46 | 000,178,816 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\HControl.exe
PRC - [2009.06.24 21:30:18 | 000,272,952 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe
PRC - [2009.06.19 19:29:42 | 000,105,016 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
PRC - [2009.06.19 19:29:26 | 002,488,888 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe
PRC - [2009.06.16 02:30:42 | 000,084,536 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe
PRC - [2009.05.19 00:58:38 | 000,305,720 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
PRC - [2008.12.23 02:15:34 | 000,174,648 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe
PRC - [2008.08.14 06:00:08 | 000,113,208 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\KBFiltr.exe
PRC - [2008.08.14 05:59:56 | 000,301,624 | ---- | M] () -- C:\Program Files (x86)\ASUS\ATK Hotkey\Atouch64.exe
PRC - [2008.07.19 04:52:16 | 000,104,936 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
PRC - [2008.03.31 11:55:48 | 000,225,280 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe
PRC - [2007.11.30 20:20:44 | 000,051,768 | ---- | M] () -- C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
PRC - [2007.08.08 09:08:40 | 000,094,208 | ---- | M] () -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.11.16 10:40:21 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d040079bc7148afeca03c5abb6fc3c61\System.Windows.Forms.ni.dll
MOD - [2012.11.16 10:39:55 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\4e80768a2d88c7a333e43cbb7a6c0705\System.Drawing.ni.dll
MOD - [2012.11.16 10:39:12 | 007,988,736 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9dd758ac0bf7358ac6e4720610fcc63c\System.ni.dll
MOD - [2012.11.16 10:38:52 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\187d7c66735c533de851c76384f86912\mscorlib.ni.dll
MOD - [2012.02.20 20:29:04 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012.02.20 20:28:42 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2009.10.23 01:45:40 | 001,593,344 | ---- | M] () -- C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
MOD - [2009.09.24 22:50:02 | 000,053,888 | ---- | M] () -- C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
MOD - [2008.08.28 01:32:36 | 000,619,816 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
MOD - [2008.06.09 18:55:08 | 000,013,096 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
MOD - [2007.11.30 20:20:44 | 000,051,768 | ---- | M] () -- C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2009.09.17 20:36:34 | 000,359,552 | ---- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Windows\SysNative\FBAgent.exe -- (AFBAgent)
SRV:64bit: - [2009.07.14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV:64bit: - [2007.08.08 09:08:40 | 000,094,208 | ---- | M] () [Auto | Running] -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)
SRV - [2012.11.26 14:20:44 | 000,085,280 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.11.26 14:20:15 | 000,109,344 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.11.20 23:57:52 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.11.17 20:31:55 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.10.02 12:13:44 | 003,064,000 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2012.09.29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.09.29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012.08.31 15:02:03 | 002,754,984 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2012.07.13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011.10.21 14:23:42 | 000,196,176 | ---- | M] (Microsoft Corporation.) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011.10.13 16:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate)
SRV - [2011.06.14 17:35:02 | 000,201,080 | ---- | M] (Telefónica) [Auto | Running] -- C:\Program Files (x86)\o2\Mobile Connection Manager\ImpWiFiSvc.exe -- (TGCM_ImportWiFiSvc)
SRV - [2011.02.07 10:47:10 | 003,576,152 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Tobit Radio.fx\Server\rfx-server.exe -- (Radio.fx)
SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.06.16 02:30:42 | 000,084,536 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe -- (ASLDRService)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008.03.31 11:55:48 | 000,225,280 | ---- | M] (ASUSTek Computer Inc.) [On_Demand | Running] -- C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe -- (ADSMService)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.11.13 16:26:39 | 000,129,216 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012.11.13 16:26:39 | 000,098,888 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012.09.29 19:54:26 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012.09.24 08:58:11 | 000,027,800 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2012.08.21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.02.14 00:42:32 | 000,093,272 | ---- | M] (Citrix Systems, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ctxusbm.sys -- (ctxusbm)
DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.10.09 07:49:52 | 000,085,504 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ew_jubusenum.sys -- (huawei_enumerator)
DRV:64bit: - [2010.08.31 11:09:00 | 000,256,000 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbnet.sys -- (ewusbnet)
DRV:64bit: - [2010.08.07 10:49:04 | 000,121,600 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard)
DRV:64bit: - [2010.07.27 02:52:16 | 000,117,248 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ew_hwusbdev.sys -- (ew_hwusbdev)
DRV:64bit: - [2009.12.26 11:03:51 | 000,035,384 | ---- | M] (ASUSTek Computer Inc) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\AsDsm.sys -- (AsDsm)
DRV:64bit: - [2009.08.21 07:48:17 | 000,044,032 | ---- | M] (Alcor Micro, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmUStor.sys -- (AmUStor)
DRV:64bit: - [2009.08.11 03:16:42 | 001,490,432 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009.08.06 22:24:13 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009.07.28 21:05:51 | 007,345,632 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009.07.27 08:04:35 | 000,058,880 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2009.07.20 10:29:39 | 000,015,416 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kbfiltr.sys -- (kbfiltr)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 01:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2009.07.09 04:11:41 | 000,140,800 | ---- | M] (ELAN Microelectronic Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD)
DRV:64bit: - [2009.06.10 21:35:57 | 000,056,832 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SiSG664.sys -- (SiSGbeLH)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.06.05 11:15:55 | 001,806,400 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\snp2uvc.sys -- (SNP2UVC)
DRV:64bit: - [2009.05.13 02:07:19 | 000,015,928 | ---- | M] (ASUS) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ATK64AMD.sys -- (MTsensor)
DRV:64bit: - [2009.04.30 14:43:33 | 000,081,440 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2008.12.08 16:35:52 | 000,061,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2008.05.24 02:27:28 | 000,154,168 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV:64bit: - [2007.07.24 20:11:32 | 000,014,904 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\ATKGFNEX\ASMMAP64.sys -- (ASMMAP64)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2008.11.03 12:33:20 | 000,040,256 | ---- | M] (Funkwerk Enterprise Communications GmbH) [Kernel | Auto | Stopped] -- C:\Windows\SysWOW64\drivers\elcapitd.sys -- (elcapitd)
DRV - [2007.01.23 14:28:30 | 000,151,296 | ---- | M] (Funkwerk Enterprise Communications GmbH) [Kernel | Auto | Stopped] -- C:\Windows\SysWOW64\drivers\ELCAPI20.SYS -- (elcapi20)
DRV - [2004.03.10 16:17:16 | 000,118,381 | ---- | M] (elmeg communication systems) [Kernel | Auto | Stopped] -- C:\Windows\SysWOW64\drivers\elcapibs.sys -- (elcapibs)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKCU\..\SearchScopes,DefaultScope = 
IE - HKCU\..\SearchScopes\{138BFF40-2808-4FA4-AB33-61205CEEF1AC}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-3&o=APN10398&src=kw&q={searchTerms}&locale=&apn_ptnrs=^ABW&apn_dtid=^YYYYYY^YY^FR&apn_uid=d6581590-3a75-40e7-a813-12f3831f15da&apn_sauid=9BA75351-F8B1-49A4-858C-1F0444CCA01F
IE - HKCU\..\SearchScopes\{4327FABE-3C22-4689-8DBF-D226CF777FE9}: "URL" = hxxp://www.searchplusnetwork.com/?sp=vit4&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "chrome://speeddial/content/speeddial.xul"
FF - prefs.js..extensions.enabledAddons: optout@google.com:1.5
FF - prefs.js..extensions.enabledAddons: {398e77b8-2304-11dc-8314-0800200c9a66}:0.3.17
FF - prefs.js..extensions.enabledAddons: {6e84150a-d526-41f1-a480-a67d3fed910d}:1.5.1
FF - prefs.js..extensions.enabledAddons: firefox@ghostery.com:2.8.3
FF - prefs.js..extensions.enabledAddons: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20120926
FF - prefs.js..extensions.enabledAddons: {0538E3E3-7E9B-4d49-8831-A227C80A7AD3}:2.2.2
FF - prefs.js..extensions.enabledAddons: {64161300-e22b-11db-8314-0800200c9a66}:0.9.6.10
FF - prefs.js..extensions.enabledAddons: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:6.3.0.11079
FF - prefs.js..extensions.enabledAddons: {1018e4d6-728f-4b20-ad56-37578a4de76b}:4.2.3
FF - prefs.js..extensions.enabledAddons: toolbar@gmx.net:2.3.4
FF - prefs.js..extensions.enabledAddons: toolbar-ff@payback.de:1.1.9.99
FF - prefs.js..extensions.enabledAddons: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.6.2
FF - prefs.js..extensions.enabledAddons: {37E4D8EA-8BDA-4831-8EA1-89053939A250}:3.0.0.2
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6
FF - prefs.js..extensions.enabledItems: {ca0849e8-2c76-42ae-9abe-34e14d337acf}:1.94
FF - prefs.js..extensions.enabledItems: {8AA36F4F-6DC7-4c06-77AF-5035170634FE}:2010.01.21
FF - prefs.js..extensions.enabledItems: optout@google.com:1.2
FF - prefs.js..extensions.enabledItems: {edc0b8a5-c050-4bb2-b785-a623b4515abf}:1.9
FF - prefs.js..extensions.enabledItems: {1018e4d6-728f-4b20-ad56-37578a4de76b}:4.1.1
FF - prefs.js..extensions.enabledItems: {9fb7d178-155a-4318-9173-1a8eaaea7fe4}:2.1.10
FF - prefs.js..extensions.enabledItems: {0538E3E3-7E9B-4d49-8831-A227C80A7AD3}:2.0.2
FF - prefs.js..extensions.enabledItems: firefox@ghostery.com:2.5.2
FF - prefs.js..extensions.enabledItems: {21e48e29-f574-4619-b65d-0f00eea92e5b}:1.86
FF - prefs.js..extensions.enabledItems: {398e77b8-2304-11dc-8314-0800200c9a66}:0.3.13
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.1.0.1
FF - prefs.js..extensions.enabledItems: {37E4D8EA-8BDA-4831-8EA1-89053939A250}:3.0.0.2
FF - prefs.js..extensions.enabledItems: {64161300-e22b-11db-8314-0800200c9a66}:0.9.5.8
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20110323
FF - prefs.js..extensions.enabledItems: {6e84150a-d526-41f1-a480-a67d3fed910d}:1.4.5.1
FF - prefs.js..extensions.enabledItems: {64e8cc5b-20db-4212-8320-178fc5ae71f7}:1.5
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: maps@ovi.com:4.0.12.12
FF - prefs.js..extensions.enabledItems: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}:7.3.3.42
FF - prefs.js..extensions.enabledItems: bkmrksync@nokia.com:1.0.0.732
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.2.0.7116
FF - prefs.js..network.proxy.http_port: 80
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_110.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.3.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.3.1: C:\Program Files\Oracle\JavaFX 2.0 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_110.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Citrix.com/npican: C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll (Citrix Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.11.13 18:33:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.11.20 23:57:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.11.13 18:33:02 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.11.20 23:57:48 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
 
[2012.07.10 22:15:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Esther\AppData\Roaming\mozilla\Extensions
[2010.01.31 01:41:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Esther\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012.11.28 09:20:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Esther\AppData\Roaming\mozilla\Firefox\Profiles\1zmmrx73.default\extensions
[2012.10.09 15:27:14 | 000,000,000 | ---D | M] (Forecastfox) -- C:\Users\Esther\AppData\Roaming\mozilla\Firefox\Profiles\1zmmrx73.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
[2012.11.09 21:31:09 | 000,000,000 | ---D | M] (Flagfox) -- C:\Users\Esther\AppData\Roaming\mozilla\Firefox\Profiles\1zmmrx73.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
[2012.07.10 23:15:24 | 000,000,000 | ---D | M] (PDF Download) -- C:\Users\Esther\AppData\Roaming\mozilla\Firefox\Profiles\1zmmrx73.default\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}
[2012.07.10 23:16:53 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\Esther\AppData\Roaming\mozilla\Firefox\Profiles\1zmmrx73.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}(2)
[2012.07.10 23:23:19 | 000,000,000 | ---D | M] (IE Tab) -- C:\Users\Esther\AppData\Roaming\mozilla\Firefox\Profiles\1zmmrx73.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
[2012.07.10 23:23:58 | 000,000,000 | ---D | M] (GA?) -- C:\Users\Esther\AppData\Roaming\mozilla\Firefox\Profiles\1zmmrx73.default\extensions\{7c6d11c6-41b5-11dc-8314-0800200c9a66}(2)
[2012.07.10 23:24:34 | 000,000,000 | ---D | M] (Update Notifier) -- C:\Users\Esther\AppData\Roaming\mozilla\Firefox\Profiles\1zmmrx73.default\extensions\{95f24680-9e31-11da-a746-0800200c9a66}(2)
[2012.10.03 11:46:57 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Esther\AppData\Roaming\mozilla\Firefox\Profiles\1zmmrx73.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2012.09.20 13:40:05 | 000,000,000 | ---D | M] (Ghostery) -- C:\Users\Esther\AppData\Roaming\mozilla\Firefox\Profiles\1zmmrx73.default\extensions\firefox@ghostery.com
[2012.11.18 00:40:13 | 000,284,001 | ---- | M] () (No name found) -- C:\Users\Esther\AppData\Roaming\mozilla\firefox\profiles\1zmmrx73.default\extensions\compatibility@addons.mozilla.org.xpi
[2011.07.27 23:07:48 | 000,008,363 | ---- | M] () (No name found) -- C:\Users\Esther\AppData\Roaming\mozilla\firefox\profiles\1zmmrx73.default\extensions\optout@google.com.xpi
[2012.11.17 20:27:13 | 000,128,837 | ---- | M] () (No name found) -- C:\Users\Esther\AppData\Roaming\mozilla\firefox\profiles\1zmmrx73.default\extensions\toolbar-ff@payback.de.xpi
[2012.11.16 10:33:54 | 000,510,620 | ---- | M] () (No name found) -- C:\Users\Esther\AppData\Roaming\mozilla\firefox\profiles\1zmmrx73.default\extensions\toolbar@gmx.net.xpi
[2012.02.10 17:24:04 | 000,265,651 | ---- | M] () (No name found) -- C:\Users\Esther\AppData\Roaming\mozilla\firefox\profiles\1zmmrx73.default\extensions\{398e77b8-2304-11dc-8314-0800200c9a66}.xpi
[2012.10.11 08:54:05 | 000,281,285 | ---- | M] () (No name found) -- C:\Users\Esther\AppData\Roaming\mozilla\firefox\profiles\1zmmrx73.default\extensions\{64161300-e22b-11db-8314-0800200c9a66}.xpi
[2012.04.24 14:49:51 | 000,081,104 | ---- | M] () (No name found) -- C:\Users\Esther\AppData\Roaming\mozilla\firefox\profiles\1zmmrx73.default\extensions\{6e84150a-d526-41f1-a480-a67d3fed910d}.xpi
[2012.11.23 21:55:49 | 000,530,519 | ---- | M] () (No name found) -- C:\Users\Esther\AppData\Roaming\mozilla\firefox\profiles\1zmmrx73.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2012.11.23 18:48:35 | 000,804,627 | ---- | M] () (No name found) -- C:\Users\Esther\AppData\Roaming\mozilla\firefox\profiles\1zmmrx73.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012.10.27 18:31:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.11.02 23:34:18 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012.10.27 18:31:53 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.06.14 23:46:57 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.09.11 22:24:45 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.06.14 23:46:57 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.14 23:46:57 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.14 23:46:57 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.14 23:46:56 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - homepage: hxxp://www.google.com/
CHR - homepage: hxxp://www.google.com/
CHR - Extension: YouTube = C:\Users\Esther\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Browser Companion Helper = C:\Users\Esther\AppData\Local\Google\Chrome\User Data\Default\Extensions\bodddioamolcibagionmmobehnbhiakf\1.0.5_0\
CHR - Extension: Google-Suche = C:\Users\Esther\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Google Mail = C:\Users\Esther\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live Family Safety Browser Helper Class) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation)
O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.0 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (CtxIEInterceptorBHO Class) - {2C4631FF-5CC8-4EBC-A0DF-34C92291759E} - C:\Program Files (x86)\Citrix\ICA Client\IEInterceptor.dll (Citrix Systems, Inc.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Softonic Helper Object) - {E87806B5-E908-45FD-AF5E-957D83E58E68} - C:\Program Files (x86)\Softonic\Softonic\1.6.7.4\bh\Softonic.dll File not found
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Softonic Toolbar) - {5018CFD2-804D-4C99-9F81-25EAEA2769DE} - C:\Program Files (x86)\Softonic\Softonic\1.6.7.4\SoftonicTlbr.dll File not found
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (AlcorMicro Co., Ltd.)
O4:64bit: - HKLM..\Run: [EeeStorageBackup] C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe ()
O4:64bit: - HKLM..\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronic Corp.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [ACPW05DE] C:\Program Files (x86)\ACD Systems\ACDSee Pro\5.0\ACDSeeProInTouch2.exe (ACD Systems)
O4 - HKLM..\Run: [ACSW14DE] C:\Program Files (x86)\ACD Systems\ACDSee\14.0\ACDSeeInTouch2.exe (ACD Systems)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe (ASUS)
O4 - HKLM..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe (ASUS)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [ConnectionCenter] C:\Program Files (x86)\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)
O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe (ASUS)
O4 - HKLM..\Run: [Setwallpaper] c:\programdata\SetWallpaper.cmd File not found
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 10.3.1)
O16:64bit: - DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 10.9.2)
O16 - DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 10.9.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{05CFBC11-049E-4698-A6A2-680D88B58D98}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6698DEB4-9406-4C40-8E08-30C6AC4A944B}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D8B642B4-93E4-4C3B-8142-2496BE889BAA}: DhcpNameServer = 192.168.1.250
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\application/x-ica - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=euc-jp - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=ISO-8859-1 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=MS936 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=MS949 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=MS950 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=UTF8 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=UTF-8 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=euc-jp - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=ISO-8859-1 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=MS936 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=MS949 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=MS950 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=UTF8 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=UTF-8 - No CLSID value found
O18:64bit: - Protocol\Filter\ica - No CLSID value found
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\application/x-ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~2\Citrix\ICACLI~1\RSHook.dll) - C:\PROGRA~2\Citrix\ICACLI~1\RSHook.dll (Citrix Systems, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{cc2dcca7-e2bc-11e1-9a3b-e0cb4e57a3b4}\Shell - "" = AutoRun
O33 - MountPoints2\{cc2dcca7-e2bc-11e1-9a3b-e0cb4e57a3b4}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{cc2dccc0-e2bc-11e1-9a3b-e0cb4e57a3b4}\Shell - "" = AutoRun
O33 - MountPoints2\{cc2dccc0-e2bc-11e1-9a3b-e0cb4e57a3b4}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.11.26 14:05:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2012.11.26 01:18:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2012.11.26 01:18:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy 2
[2012.11.26 01:17:16 | 000,000,000 | ---D | C] -- C:\Users\Esther\AppData\Local\Programs
[2012.11.25 23:39:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.11.25 23:39:53 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.11.25 23:39:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.11.21 12:15:32 | 000,000,000 | ---D | C] -- C:\Users\Esther\AppData\Roaming\Malwarebytes
[2012.11.21 12:15:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.11.20 23:57:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird
[2012.11.13 19:26:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012.11.13 19:25:14 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012.11.13 19:25:13 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012.11.13 19:25:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2012.11.13 19:25:13 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2012.11.13 19:24:39 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2012.11.13 19:24:31 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2012.11.13 19:24:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2012.11.13 18:32:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2012.11.13 18:32:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2012.11.13 18:32:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2012.11.11 22:23:04 | 000,000,000 | ---D | C] -- C:\Users\Esther\AppData\Roaming\temp
[2012.11.11 22:23:00 | 000,000,000 | ---D | C] -- C:\Users\Esther\AppData\Roaming\EeeStorageUploader
[2 C:\*.tmp files -> C:\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.11.28 09:29:55 | 000,010,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.11.28 09:29:55 | 000,010,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.11.28 09:22:26 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.11.28 09:21:58 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.11.28 09:21:55 | 3193,716,736 | -HS- | M] () -- C:\hiberfil.sys
[2012.11.28 09:16:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.11.28 09:08:05 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.11.27 21:34:33 | 000,000,512 | ---- | M] () -- C:\Users\Esther\Desktop\MBR.dat
[2012.11.27 13:56:50 | 000,002,020 | ---- | M] () -- C:\Windows\SysNative\AutoRunFilter.ini
[2012.11.26 12:30:22 | 000,009,728 | ---- | M] () -- C:\Users\Esther\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.11.26 11:53:56 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.11.26 11:53:56 | 000,654,166 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.11.26 11:53:56 | 000,616,008 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.11.26 11:53:56 | 000,130,006 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.11.26 11:53:56 | 000,106,388 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.11.26 11:41:48 | 000,001,753 | ---- | M] () -- C:\Windows\SysNative\ServiceFilter.ini
[2012.11.25 23:39:54 | 000,001,111 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.11.22 08:06:16 | 000,025,435 | ---- | M] () -- C:\Users\Esther\Desktop\Forum Virus.odt
[2012.11.19 13:47:21 | 000,075,184 | ---- | M] () -- C:\Users\Esther\Desktop\weihnachtsheft_2012_bestellschein.pdf
[2012.11.16 10:36:38 | 000,478,008 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.11.13 19:26:26 | 000,001,785 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012.11.13 18:32:55 | 000,001,847 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2012.11.13 16:26:39 | 000,129,216 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys
[2012.11.13 16:26:39 | 000,098,888 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2012.11.04 22:25:12 | 011,637,327 | ---- | M] () -- C:\Users\Esther\Desktop\KFM_Web_Handbuch.pdf
[2 C:\*.tmp files -> C:\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.11.27 21:34:33 | 000,000,512 | ---- | C] () -- C:\Users\Esther\Desktop\MBR.dat
[2012.11.26 14:03:20 | 000,001,110 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.11.26 14:03:20 | 000,001,106 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.11.25 23:39:54 | 000,001,111 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.11.21 14:47:42 | 000,025,435 | ---- | C] () -- C:\Users\Esther\Desktop\Forum Virus.odt
[2012.11.19 13:47:21 | 000,075,184 | ---- | C] () -- C:\Users\Esther\Desktop\weihnachtsheft_2012_bestellschein.pdf
[2012.11.16 10:28:12 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2012.11.16 10:10:45 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2012.11.13 19:26:26 | 000,001,785 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012.11.13 18:32:55 | 000,001,847 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2012.11.04 22:25:12 | 011,637,327 | ---- | C] () -- C:\Users\Esther\Desktop\KFM_Web_Handbuch.pdf
[2012.09.10 20:17:11 | 000,233,472 | ---- | C] () -- C:\Windows\SysWow64\NetCapiConfig.exe
[2012.09.10 20:17:11 | 000,147,456 | ---- | C] () -- C:\Windows\SysWow64\elcapitd.exe
[2012.09.10 13:55:28 | 000,000,046 | ---- | C] () -- C:\Windows\hmview.ini
[2012.08.26 13:10:14 | 000,009,728 | ---- | C] () -- C:\Users\Esther\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.08.23 21:02:00 | 002,648,064 | ---- | C] () -- C:\Windows\SysWow64\dvmsg.dll
[2012.08.12 21:19:27 | 000,000,000 | ---- | C] () -- C:\Windows\OpPrintServer.INI
[2012.07.12 21:32:08 | 000,000,874 | ---- | C] () -- C:\Users\Esther\AppData\Local\recently-used.xbel
[2012.07.12 20:16:38 | 000,000,432 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2012.07.12 20:16:37 | 000,000,034 | ---- | C] () -- C:\Windows\SysWow64\BD7030.DAT
[2012.07.11 19:58:42 | 000,000,600 | ---- | C] () -- C:\Users\Esther\AppData\Local\PUTTY.RND
[2009.12.26 10:42:58 | 000,131,368 | ---- | C] () -- C:\ProgramData\FullRemove.exe
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012.08.13 18:31:36 | 000,000,000 | ---D | M] -- C:\Users\Esther\AppData\Roaming\ACD Systems
[2012.07.27 23:47:04 | 000,000,000 | ---D | M] -- C:\Users\Esther\AppData\Roaming\aliasworlds
[2012.11.11 22:22:57 | 000,000,000 | ---D | M] -- C:\Users\Esther\AppData\Roaming\Asus WebStorage
[2012.07.15 20:30:21 | 000,000,000 | ---D | M] -- C:\Users\Esther\AppData\Roaming\BlamGames
[2012.09.02 21:48:00 | 000,000,000 | ---D | M] -- C:\Users\Esther\AppData\Roaming\Boolat Games
[2012.08.12 21:26:07 | 000,000,000 | ---D | M] -- C:\Users\Esther\AppData\Roaming\Canon
[2012.08.20 20:59:05 | 000,000,000 | ---D | M] -- C:\Users\Esther\AppData\Roaming\DivoGames
[2012.11.11 22:23:00 | 000,000,000 | ---D | M] -- C:\Users\Esther\AppData\Roaming\EeeStorageUploader
[2012.09.14 14:28:24 | 000,000,000 | ---D | M] -- C:\Users\Esther\AppData\Roaming\EPSON
[2012.07.27 23:26:39 | 000,000,000 | ---D | M] -- C:\Users\Esther\AppData\Roaming\Farm Mania 2.1
[2012.07.15 19:50:33 | 000,000,000 | ---D | M] -- C:\Users\Esther\AppData\Roaming\Harmonic Flow
[2012.07.13 08:58:28 | 000,000,000 | ---D | M] -- C:\Users\Esther\AppData\Roaming\ICAClient
[2012.07.26 13:14:10 | 000,000,000 | ---D | M] -- C:\Users\Esther\AppData\Roaming\LegacyGames
[2012.09.02 22:25:12 | 000,000,000 | ---D | M] -- C:\Users\Esther\AppData\Roaming\Nevosoft-Breeze
[2012.08.08 12:31:20 | 000,000,000 | ---D | M] -- C:\Users\Esther\AppData\Roaming\OpenOffice.org
[2012.09.02 21:16:58 | 000,000,000 | ---D | M] -- C:\Users\Esther\AppData\Roaming\PlayFirst
[2012.09.12 09:12:55 | 000,000,000 | ---D | M] -- C:\Users\Esther\AppData\Roaming\TeamViewer
[2012.08.10 14:32:10 | 000,000,000 | ---D | M] -- C:\Users\Esther\AppData\Roaming\Telefónica
[2012.11.11 22:23:04 | 000,000,000 | ---D | M] -- C:\Users\Esther\AppData\Roaming\temp
[2012.08.10 14:32:08 | 000,000,000 | ---D | M] -- C:\Users\Esther\AppData\Roaming\TGCMLog
[2012.07.11 17:01:05 | 000,000,000 | ---D | M] -- C:\Users\Esther\AppData\Roaming\Thunderbird
[2012.08.23 21:02:12 | 000,000,000 | ---D | M] -- C:\Users\Esther\AppData\Roaming\Tobit
[2012.07.12 21:57:54 | 000,000,000 | ---D | M] -- C:\Users\Esther\AppData\Roaming\XnView
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 249 bytes -> C:\ProgramData\Temp:04ADB7A6
@Alternate Data Stream - 248 bytes -> C:\ProgramData\Temp:8AC20936
@Alternate Data Stream - 246 bytes -> C:\ProgramData\Temp:E153075C
@Alternate Data Stream - 242 bytes -> C:\ProgramData\Temp:FD786DCA
@Alternate Data Stream - 231 bytes -> C:\ProgramData\Temp:8DD36B71
@Alternate Data Stream - 226 bytes -> C:\ProgramData\Temp:9B2BD056
@Alternate Data Stream - 221 bytes -> C:\ProgramData\Temp:5CD70138
@Alternate Data Stream - 213 bytes -> C:\ProgramData\Temp:D01ACC06
@Alternate Data Stream - 204 bytes -> C:\ProgramData\Temp:413E2927
@Alternate Data Stream - 203 bytes -> C:\ProgramData\Temp:D882BE37
@Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:734E442A
@Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:4CF61E54
@Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:A724744F
@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:217A2A36
@Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:B88E99C8

< End of report >
         
--- --- ---

Alt 28.11.2012, 11:07   #7
schrauber
/// the machine
/// TB-Ausbilder
 

adserverplus kommt wieder - Standard

adserverplus kommt wieder



Hi,

Noch Probleme?


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 29.11.2012, 13:18   #8
egeg
 
adserverplus kommt wieder - Standard

adserverplus kommt wieder



ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=832883fcc65cde46af281cacfe4231cd
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-11-28 11:42:36
# local_time=2012-11-29 12:42:36 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1792 16777215 100 0 3664013 3664013 0 0
# compatibility_mode=5893 16776574 100 94 5910638 105766365 0 0
# compatibility_mode=8192 67108863 100 0 38078 38078 0 0
# scanned=223216
# found=3
# cleaned=0
# scan_time=9641
C:\Dokumente und Einstellungen\Gröschel\Desktop\Download\SoftonicDownloader_fuer_java-development-kit.exe a variant of Win32/SoftonicDownloader.D application (unable to clean) 00000000000000000000000000000000 I
C:\Dokumente und Einstellungen\Gröschel\Desktop\Download\SoftonicDownloader_fuer_java-se-runtime-environment-jre(1).exe a variant of Win32/SoftonicDownloader.D application (unable to clean) 00000000000000000000000000000000 I
C:\Dokumente und Einstellungen\Gröschel\Desktop\Download\SoftonicDownloader_fuer_java-se-runtime-environment-jre.exe a variant of Win32/SoftonicDownloader.D application (unable to clean) 00000000000000000000000000000000 I

Alt 30.11.2012, 07:10   #9
schrauber
/// the machine
/// TB-Ausbilder
 

adserverplus kommt wieder - Standard

adserverplus kommt wieder



Meine Frage?

Poste noch bitte ein frisches OTL logfile.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 01.12.2012, 13:42   #10
egeg
 
adserverplus kommt wieder - Standard

adserverplus kommt wieder



Bisher ist adserver nich wieder gekommen.
Ein paar mal ist der Falshplayer in Firefox abgestürzt. Aber das ist gestern auch nicht mehr passiert.OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 01.12.2012 13:55:19 - Run 4
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Dokumente und Einstellungen\Gröschel\Desktop\Download
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,97 Gb Total Physical Memory | 2,74 Gb Available Physical Memory | 68,99% Memory free
7,93 Gb Paging File | 6,44 Gb Available in Paging File | 81,15% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 116,44 Gb Total Space | 45,09 Gb Free Space | 38,73% Space Free | Partition Type: NTFS
Drive D: | 334,67 Gb Total Space | 334,59 Gb Free Space | 99,97% Space Free | Partition Type: NTFS
 
Computer Name: ESTHER-PC | User Name: Esther | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.11.27 15:02:09 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Gröschel\Desktop\Download\OTL.exe
PRC - [2012.11.26 14:20:44 | 000,085,280 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2012.11.26 14:20:15 | 000,384,800 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.11.26 14:20:15 | 000,109,344 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.10.02 12:13:44 | 003,064,000 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2012.09.29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.09.29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012.08.31 15:02:03 | 002,754,984 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
PRC - [2011.10.13 16:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
PRC - [2011.06.14 17:35:02 | 000,201,080 | ---- | M] (Telefónica) -- C:\Program Files (x86)\o2\Mobile Connection Manager\ImpWiFiSvc.exe
PRC - [2011.02.07 10:47:10 | 003,576,152 | ---- | M] () -- C:\Program Files (x86)\Tobit Radio.fx\Server\rfx-server.exe
PRC - [2009.10.23 01:45:40 | 001,593,344 | ---- | M] () -- C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
PRC - [2009.09.24 22:50:02 | 000,053,888 | ---- | M] () -- C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
PRC - [2009.08.17 18:58:46 | 006,859,392 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
PRC - [2009.08.12 23:20:46 | 000,178,816 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\HControl.exe
PRC - [2009.06.19 19:29:42 | 000,105,016 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
PRC - [2009.06.19 19:29:26 | 002,488,888 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe
PRC - [2009.06.16 02:30:42 | 000,084,536 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe
PRC - [2008.12.23 02:15:34 | 000,174,648 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe
PRC - [2008.08.14 06:00:08 | 000,113,208 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\KBFiltr.exe
PRC - [2008.08.14 05:59:56 | 000,301,624 | ---- | M] () -- C:\Program Files (x86)\ASUS\ATK Hotkey\Atouch64.exe
PRC - [2008.03.31 11:55:48 | 000,225,280 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe
PRC - [2007.08.08 09:08:40 | 000,094,208 | ---- | M] () -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2009.10.23 01:45:40 | 001,593,344 | ---- | M] () -- C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
MOD - [2009.09.24 22:50:02 | 000,053,888 | ---- | M] () -- C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2009.09.17 20:36:34 | 000,359,552 | ---- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Windows\SysNative\FBAgent.exe -- (AFBAgent)
SRV:64bit: - [2009.07.14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV:64bit: - [2007.08.08 09:08:40 | 000,094,208 | ---- | M] () [Auto | Running] -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)
SRV - [2012.11.26 14:20:44 | 000,085,280 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.11.26 14:20:15 | 000,109,344 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.11.20 23:57:52 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.11.17 20:31:55 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.10.02 12:13:44 | 003,064,000 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2012.09.29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.09.29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012.08.31 15:02:03 | 002,754,984 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2012.07.13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011.10.21 14:23:42 | 000,196,176 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011.10.13 16:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate)
SRV - [2011.06.14 17:35:02 | 000,201,080 | ---- | M] (Telefónica) [Auto | Running] -- C:\Program Files (x86)\o2\Mobile Connection Manager\ImpWiFiSvc.exe -- (TGCM_ImportWiFiSvc)
SRV - [2011.02.07 10:47:10 | 003,576,152 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Tobit Radio.fx\Server\rfx-server.exe -- (Radio.fx)
SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.06.16 02:30:42 | 000,084,536 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe -- (ASLDRService)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008.03.31 11:55:48 | 000,225,280 | ---- | M] (ASUSTek Computer Inc.) [On_Demand | Running] -- C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe -- (ADSMService)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.11.13 16:26:39 | 000,129,216 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012.11.13 16:26:39 | 000,098,888 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012.09.29 19:54:26 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012.09.24 08:58:11 | 000,027,800 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2012.08.21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.02.14 00:42:32 | 000,093,272 | ---- | M] (Citrix Systems, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ctxusbm.sys -- (ctxusbm)
DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.10.09 07:49:52 | 000,085,504 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ew_jubusenum.sys -- (huawei_enumerator)
DRV:64bit: - [2010.08.31 11:09:00 | 000,256,000 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbnet.sys -- (ewusbnet)
DRV:64bit: - [2010.08.07 10:49:04 | 000,121,600 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard)
DRV:64bit: - [2010.07.27 02:52:16 | 000,117,248 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ew_hwusbdev.sys -- (ew_hwusbdev)
DRV:64bit: - [2009.12.26 11:03:51 | 000,035,384 | ---- | M] (ASUSTek Computer Inc) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\AsDsm.sys -- (AsDsm)
DRV:64bit: - [2009.08.21 07:48:17 | 000,044,032 | ---- | M] (Alcor Micro, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmUStor.sys -- (AmUStor)
DRV:64bit: - [2009.08.11 03:16:42 | 001,490,432 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009.08.06 22:24:13 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009.07.28 21:05:51 | 007,345,632 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009.07.27 08:04:35 | 000,058,880 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2009.07.20 10:29:39 | 000,015,416 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kbfiltr.sys -- (kbfiltr)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 01:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2009.07.09 04:11:41 | 000,140,800 | ---- | M] (ELAN Microelectronic Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD)
DRV:64bit: - [2009.06.10 21:35:57 | 000,056,832 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SiSG664.sys -- (SiSGbeLH)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.06.05 11:15:55 | 001,806,400 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\snp2uvc.sys -- (SNP2UVC)
DRV:64bit: - [2009.05.13 02:07:19 | 000,015,928 | ---- | M] (ASUS) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ATK64AMD.sys -- (MTsensor)
DRV:64bit: - [2009.04.30 14:43:33 | 000,081,440 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2008.12.08 16:35:52 | 000,061,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2008.05.24 02:27:28 | 000,154,168 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV:64bit: - [2007.07.24 20:11:32 | 000,014,904 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\ATKGFNEX\ASMMAP64.sys -- (ASMMAP64)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2008.11.03 12:33:20 | 000,040,256 | ---- | M] (Funkwerk Enterprise Communications GmbH) [Kernel | Auto | Stopped] -- C:\Windows\SysWOW64\drivers\elcapitd.sys -- (elcapitd)
DRV - [2007.01.23 14:28:30 | 000,151,296 | ---- | M] (Funkwerk Enterprise Communications GmbH) [Kernel | Auto | Stopped] -- C:\Windows\SysWOW64\drivers\ELCAPI20.SYS -- (elcapi20)
DRV - [2004.03.10 16:17:16 | 000,118,381 | ---- | M] (elmeg communication systems) [Kernel | Auto | Stopped] -- C:\Windows\SysWOW64\drivers\elcapibs.sys -- (elcapibs)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKCU\..\SearchScopes,DefaultScope = 
IE - HKCU\..\SearchScopes\{138BFF40-2808-4FA4-AB33-61205CEEF1AC}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-3&o=APN10398&src=kw&q={searchTerms}&locale=&apn_ptnrs=^ABW&apn_dtid=^YYYYYY^YY^FR&apn_uid=d6581590-3a75-40e7-a813-12f3831f15da&apn_sauid=9BA75351-F8B1-49A4-858C-1F0444CCA01F
IE - HKCU\..\SearchScopes\{4327FABE-3C22-4689-8DBF-D226CF777FE9}: "URL" = hxxp://www.searchplusnetwork.com/?sp=vit4&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "chrome://speeddial/content/speeddial.xul"
FF - prefs.js..extensions.enabledAddons: optout@google.com:1.5
FF - prefs.js..extensions.enabledAddons: {398e77b8-2304-11dc-8314-0800200c9a66}:0.3.17
FF - prefs.js..extensions.enabledAddons: {6e84150a-d526-41f1-a480-a67d3fed910d}:1.5.1
FF - prefs.js..extensions.enabledAddons: firefox@ghostery.com:2.8.3
FF - prefs.js..extensions.enabledAddons: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20120926
FF - prefs.js..extensions.enabledAddons: {0538E3E3-7E9B-4d49-8831-A227C80A7AD3}:2.2.2
FF - prefs.js..extensions.enabledAddons: {64161300-e22b-11db-8314-0800200c9a66}:0.9.6.10
FF - prefs.js..extensions.enabledAddons: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:6.3.0.11079
FF - prefs.js..extensions.enabledAddons: {1018e4d6-728f-4b20-ad56-37578a4de76b}:4.2.3
FF - prefs.js..extensions.enabledAddons: toolbar@gmx.net:2.3.4
FF - prefs.js..extensions.enabledAddons: toolbar-ff@payback.de:1.1.9.99
FF - prefs.js..extensions.enabledAddons: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.6.2
FF - prefs.js..extensions.enabledAddons: {37E4D8EA-8BDA-4831-8EA1-89053939A250}:3.0.0.2
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6
FF - prefs.js..extensions.enabledItems: {ca0849e8-2c76-42ae-9abe-34e14d337acf}:1.94
FF - prefs.js..extensions.enabledItems: {8AA36F4F-6DC7-4c06-77AF-5035170634FE}:2010.01.21
FF - prefs.js..extensions.enabledItems: optout@google.com:1.2
FF - prefs.js..extensions.enabledItems: {edc0b8a5-c050-4bb2-b785-a623b4515abf}:1.9
FF - prefs.js..extensions.enabledItems: {1018e4d6-728f-4b20-ad56-37578a4de76b}:4.1.1
FF - prefs.js..extensions.enabledItems: {9fb7d178-155a-4318-9173-1a8eaaea7fe4}:2.1.10
FF - prefs.js..extensions.enabledItems: {0538E3E3-7E9B-4d49-8831-A227C80A7AD3}:2.0.2
FF - prefs.js..extensions.enabledItems: firefox@ghostery.com:2.5.2
FF - prefs.js..extensions.enabledItems: {21e48e29-f574-4619-b65d-0f00eea92e5b}:1.86
FF - prefs.js..extensions.enabledItems: {398e77b8-2304-11dc-8314-0800200c9a66}:0.3.13
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.1.0.1
FF - prefs.js..extensions.enabledItems: {37E4D8EA-8BDA-4831-8EA1-89053939A250}:3.0.0.2
FF - prefs.js..extensions.enabledItems: {64161300-e22b-11db-8314-0800200c9a66}:0.9.5.8
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20110323
FF - prefs.js..extensions.enabledItems: {6e84150a-d526-41f1-a480-a67d3fed910d}:1.4.5.1
FF - prefs.js..extensions.enabledItems: {64e8cc5b-20db-4212-8320-178fc5ae71f7}:1.5
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: maps@ovi.com:4.0.12.12
FF - prefs.js..extensions.enabledItems: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}:7.3.3.42
FF - prefs.js..extensions.enabledItems: bkmrksync@nokia.com:1.0.0.732
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.2.0.7116
FF - prefs.js..network.proxy.http_port: 80
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_110.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.3.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.3.1: C:\Program Files\Oracle\JavaFX 2.0 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_110.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Citrix.com/npican: C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll (Citrix Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.11.13 18:33:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.11.20 23:57:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.11.13 18:33:02 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.11.20 23:57:48 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
 
[2012.07.10 22:15:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Esther\AppData\Roaming\mozilla\Extensions
[2010.01.31 01:41:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Esther\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012.11.28 09:20:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Esther\AppData\Roaming\mozilla\Firefox\Profiles\1zmmrx73.default\extensions
[2012.10.09 15:27:14 | 000,000,000 | ---D | M] (Forecastfox) -- C:\Users\Esther\AppData\Roaming\mozilla\Firefox\Profiles\1zmmrx73.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
[2012.11.09 21:31:09 | 000,000,000 | ---D | M] (Flagfox) -- C:\Users\Esther\AppData\Roaming\mozilla\Firefox\Profiles\1zmmrx73.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
[2012.07.10 23:15:24 | 000,000,000 | ---D | M] (PDF Download) -- C:\Users\Esther\AppData\Roaming\mozilla\Firefox\Profiles\1zmmrx73.default\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}
[2012.07.10 23:16:53 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\Esther\AppData\Roaming\mozilla\Firefox\Profiles\1zmmrx73.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}(2)
[2012.07.10 23:23:19 | 000,000,000 | ---D | M] (IE Tab) -- C:\Users\Esther\AppData\Roaming\mozilla\Firefox\Profiles\1zmmrx73.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
[2012.07.10 23:23:58 | 000,000,000 | ---D | M] (GA?) -- C:\Users\Esther\AppData\Roaming\mozilla\Firefox\Profiles\1zmmrx73.default\extensions\{7c6d11c6-41b5-11dc-8314-0800200c9a66}(2)
[2012.07.10 23:24:34 | 000,000,000 | ---D | M] (Update Notifier) -- C:\Users\Esther\AppData\Roaming\mozilla\Firefox\Profiles\1zmmrx73.default\extensions\{95f24680-9e31-11da-a746-0800200c9a66}(2)
[2012.10.03 11:46:57 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Esther\AppData\Roaming\mozilla\Firefox\Profiles\1zmmrx73.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2012.09.20 13:40:05 | 000,000,000 | ---D | M] (Ghostery) -- C:\Users\Esther\AppData\Roaming\mozilla\Firefox\Profiles\1zmmrx73.default\extensions\firefox@ghostery.com
[2012.11.18 00:40:13 | 000,284,001 | ---- | M] () (No name found) -- C:\Users\Esther\AppData\Roaming\mozilla\firefox\profiles\1zmmrx73.default\extensions\compatibility@addons.mozilla.org.xpi
[2011.07.27 23:07:48 | 000,008,363 | ---- | M] () (No name found) -- C:\Users\Esther\AppData\Roaming\mozilla\firefox\profiles\1zmmrx73.default\extensions\optout@google.com.xpi
[2012.11.17 20:27:13 | 000,128,837 | ---- | M] () (No name found) -- C:\Users\Esther\AppData\Roaming\mozilla\firefox\profiles\1zmmrx73.default\extensions\toolbar-ff@payback.de.xpi
[2012.11.16 10:33:54 | 000,510,620 | ---- | M] () (No name found) -- C:\Users\Esther\AppData\Roaming\mozilla\firefox\profiles\1zmmrx73.default\extensions\toolbar@gmx.net.xpi
[2012.02.10 17:24:04 | 000,265,651 | ---- | M] () (No name found) -- C:\Users\Esther\AppData\Roaming\mozilla\firefox\profiles\1zmmrx73.default\extensions\{398e77b8-2304-11dc-8314-0800200c9a66}.xpi
[2012.10.11 08:54:05 | 000,281,285 | ---- | M] () (No name found) -- C:\Users\Esther\AppData\Roaming\mozilla\firefox\profiles\1zmmrx73.default\extensions\{64161300-e22b-11db-8314-0800200c9a66}.xpi
[2012.04.24 14:49:51 | 000,081,104 | ---- | M] () (No name found) -- C:\Users\Esther\AppData\Roaming\mozilla\firefox\profiles\1zmmrx73.default\extensions\{6e84150a-d526-41f1-a480-a67d3fed910d}.xpi
[2012.11.23 21:55:49 | 000,530,519 | ---- | M] () (No name found) -- C:\Users\Esther\AppData\Roaming\mozilla\firefox\profiles\1zmmrx73.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2012.11.23 18:48:35 | 000,804,627 | ---- | M] () (No name found) -- C:\Users\Esther\AppData\Roaming\mozilla\firefox\profiles\1zmmrx73.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012.10.27 18:31:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.11.02 23:34:18 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012.10.27 18:31:53 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.06.14 23:46:57 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.09.11 22:24:45 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.06.14 23:46:57 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.14 23:46:57 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.14 23:46:57 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.14 23:46:56 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - homepage: hxxp://www.google.com/
CHR - homepage: hxxp://www.google.com/
CHR - Extension: YouTube = C:\Users\Esther\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Browser Companion Helper = C:\Users\Esther\AppData\Local\Google\Chrome\User Data\Default\Extensions\bodddioamolcibagionmmobehnbhiakf\1.0.5_0\
CHR - Extension: Google-Suche = C:\Users\Esther\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Google Mail = C:\Users\Esther\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live Family Safety Browser Helper Class) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation)
O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.0 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (CtxIEInterceptorBHO Class) - {2C4631FF-5CC8-4EBC-A0DF-34C92291759E} - C:\Program Files (x86)\Citrix\ICA Client\IEInterceptor.dll (Citrix Systems, Inc.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Softonic Helper Object) - {E87806B5-E908-45FD-AF5E-957D83E58E68} - C:\Program Files (x86)\Softonic\Softonic\1.6.7.4\bh\Softonic.dll File not found
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Softonic Toolbar) - {5018CFD2-804D-4C99-9F81-25EAEA2769DE} - C:\Program Files (x86)\Softonic\Softonic\1.6.7.4\SoftonicTlbr.dll File not found
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (AlcorMicro Co., Ltd.)
O4:64bit: - HKLM..\Run: [EeeStorageBackup] C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe ()
O4:64bit: - HKLM..\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronic Corp.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [ACPW05DE] C:\Program Files (x86)\ACD Systems\ACDSee Pro\5.0\ACDSeeProInTouch2.exe (ACD Systems)
O4 - HKLM..\Run: [ACSW14DE] C:\Program Files (x86)\ACD Systems\ACDSee\14.0\ACDSeeInTouch2.exe (ACD Systems)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe (ASUS)
O4 - HKLM..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe (ASUS)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [ConnectionCenter] C:\Program Files (x86)\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)
O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe (ASUS)
O4 - HKLM..\Run: [Setwallpaper] c:\programdata\SetWallpaper.cmd File not found
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 10.3.1)
O16:64bit: - DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 10.9.2)
O16 - DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 10.9.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{05CFBC11-049E-4698-A6A2-680D88B58D98}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6698DEB4-9406-4C40-8E08-30C6AC4A944B}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D8B642B4-93E4-4C3B-8142-2496BE889BAA}: DhcpNameServer = 192.168.1.250
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\application/x-ica - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=euc-jp - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=ISO-8859-1 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=MS936 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=MS949 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=MS950 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=UTF8 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=UTF-8 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=euc-jp - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=ISO-8859-1 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=MS936 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=MS949 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=MS950 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=UTF8 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=UTF-8 - No CLSID value found
O18:64bit: - Protocol\Filter\ica - No CLSID value found
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\application/x-ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~2\Citrix\ICACLI~1\RSHook.dll) - C:\PROGRA~2\Citrix\ICACLI~1\RSHook.dll (Citrix Systems, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{cc2dcca7-e2bc-11e1-9a3b-e0cb4e57a3b4}\Shell - "" = AutoRun
O33 - MountPoints2\{cc2dcca7-e2bc-11e1-9a3b-e0cb4e57a3b4}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{cc2dccc0-e2bc-11e1-9a3b-e0cb4e57a3b4}\Shell - "" = AutoRun
O33 - MountPoints2\{cc2dccc0-e2bc-11e1-9a3b-e0cb4e57a3b4}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.11.26 14:05:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2012.11.26 01:18:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2012.11.26 01:18:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy 2
[2012.11.26 01:17:16 | 000,000,000 | ---D | C] -- C:\Users\Esther\AppData\Local\Programs
[2012.11.25 23:39:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.11.25 23:39:53 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.11.25 23:39:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.11.21 12:15:32 | 000,000,000 | ---D | C] -- C:\Users\Esther\AppData\Roaming\Malwarebytes
[2012.11.21 12:15:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.11.20 23:57:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird
[2012.11.13 19:26:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012.11.13 19:25:14 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012.11.13 19:25:13 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012.11.13 19:25:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2012.11.13 19:25:13 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2012.11.13 19:24:39 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2012.11.13 19:24:31 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2012.11.13 19:24:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2012.11.13 18:32:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2012.11.13 18:32:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2012.11.13 18:32:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2012.11.11 22:23:04 | 000,000,000 | ---D | C] -- C:\Users\Esther\AppData\Roaming\temp
[2012.11.11 22:23:00 | 000,000,000 | ---D | C] -- C:\Users\Esther\AppData\Roaming\EeeStorageUploader
[2 C:\*.tmp files -> C:\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.12.01 13:28:30 | 000,010,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.12.01 13:28:30 | 000,010,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.12.01 13:21:11 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.12.01 13:20:37 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.12.01 13:20:33 | 3193,716,736 | -HS- | M] () -- C:\hiberfil.sys
[2012.12.01 08:28:01 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.12.01 08:27:49 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.11.28 14:47:25 | 000,035,986 | ---- | M] () -- C:\Users\Esther\Desktop\Nikolaus1.odt
[2012.11.28 12:25:55 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.11.28 12:25:55 | 000,654,166 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.11.28 12:25:55 | 000,616,008 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.11.28 12:25:55 | 000,130,006 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.11.28 12:25:55 | 000,106,388 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.11.27 21:34:33 | 000,000,512 | ---- | M] () -- C:\Users\Esther\Desktop\MBR.dat
[2012.11.27 13:56:50 | 000,002,020 | ---- | M] () -- C:\Windows\SysNative\AutoRunFilter.ini
[2012.11.26 12:30:22 | 000,009,728 | ---- | M] () -- C:\Users\Esther\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.11.26 11:41:48 | 000,001,753 | ---- | M] () -- C:\Windows\SysNative\ServiceFilter.ini
[2012.11.25 23:39:54 | 000,001,111 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.11.22 08:06:16 | 000,025,435 | ---- | M] () -- C:\Users\Esther\Desktop\Forum Virus.odt
[2012.11.19 13:47:21 | 000,075,184 | ---- | M] () -- C:\Users\Esther\Desktop\weihnachtsheft_2012_bestellschein.pdf
[2012.11.16 10:36:38 | 000,478,008 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.11.13 19:26:26 | 000,001,785 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012.11.13 18:32:55 | 000,001,847 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2012.11.13 16:26:39 | 000,129,216 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys
[2012.11.13 16:26:39 | 000,098,888 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2012.11.04 22:25:12 | 011,637,327 | ---- | M] () -- C:\Users\Esther\Desktop\KFM_Web_Handbuch.pdf
[2 C:\*.tmp files -> C:\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.11.28 14:47:17 | 000,035,986 | ---- | C] () -- C:\Users\Esther\Desktop\Nikolaus1.odt
[2012.11.27 21:34:33 | 000,000,512 | ---- | C] () -- C:\Users\Esther\Desktop\MBR.dat
[2012.11.26 14:03:20 | 000,001,110 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.11.26 14:03:20 | 000,001,106 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.11.25 23:39:54 | 000,001,111 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.11.21 14:47:42 | 000,025,435 | ---- | C] () -- C:\Users\Esther\Desktop\Forum Virus.odt
[2012.11.19 13:47:21 | 000,075,184 | ---- | C] () -- C:\Users\Esther\Desktop\weihnachtsheft_2012_bestellschein.pdf
[2012.11.16 10:28:12 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2012.11.16 10:10:45 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2012.11.13 19:26:26 | 000,001,785 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012.11.13 18:32:55 | 000,001,847 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2012.11.04 22:25:12 | 011,637,327 | ---- | C] () -- C:\Users\Esther\Desktop\KFM_Web_Handbuch.pdf
[2012.09.10 20:17:11 | 000,233,472 | ---- | C] () -- C:\Windows\SysWow64\NetCapiConfig.exe
[2012.09.10 20:17:11 | 000,147,456 | ---- | C] () -- C:\Windows\SysWow64\elcapitd.exe
[2012.09.10 13:55:28 | 000,000,046 | ---- | C] () -- C:\Windows\hmview.ini
[2012.08.26 13:10:14 | 000,009,728 | ---- | C] () -- C:\Users\Esther\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.08.23 21:02:00 | 002,648,064 | ---- | C] () -- C:\Windows\SysWow64\dvmsg.dll
[2012.08.12 21:19:27 | 000,000,000 | ---- | C] () -- C:\Windows\OpPrintServer.INI
[2012.07.12 21:32:08 | 000,000,874 | ---- | C] () -- C:\Users\Esther\AppData\Local\recently-used.xbel
[2012.07.12 20:16:38 | 000,000,432 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2012.07.12 20:16:37 | 000,000,034 | ---- | C] () -- C:\Windows\SysWow64\BD7030.DAT
[2012.07.11 19:58:42 | 000,000,600 | ---- | C] () -- C:\Users\Esther\AppData\Local\PUTTY.RND
[2009.12.26 10:42:58 | 000,131,368 | ---- | C] () -- C:\ProgramData\FullRemove.exe
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012.08.13 18:31:36 | 000,000,000 | ---D | M] -- C:\Users\Esther\AppData\Roaming\ACD Systems
[2012.07.27 23:47:04 | 000,000,000 | ---D | M] -- C:\Users\Esther\AppData\Roaming\aliasworlds
[2012.11.11 22:22:57 | 000,000,000 | ---D | M] -- C:\Users\Esther\AppData\Roaming\Asus WebStorage
[2012.07.15 20:30:21 | 000,000,000 | ---D | M] -- C:\Users\Esther\AppData\Roaming\BlamGames
[2012.09.02 21:48:00 | 000,000,000 | ---D | M] -- C:\Users\Esther\AppData\Roaming\Boolat Games
[2012.08.12 21:26:07 | 000,000,000 | ---D | M] -- C:\Users\Esther\AppData\Roaming\Canon
[2012.08.20 20:59:05 | 000,000,000 | ---D | M] -- C:\Users\Esther\AppData\Roaming\DivoGames
[2012.11.11 22:23:00 | 000,000,000 | ---D | M] -- C:\Users\Esther\AppData\Roaming\EeeStorageUploader
[2012.09.14 14:28:24 | 000,000,000 | ---D | M] -- C:\Users\Esther\AppData\Roaming\EPSON
[2012.11.29 23:50:48 | 000,000,000 | ---D | M] -- C:\Users\Esther\AppData\Roaming\Farm Mania 2.1
[2012.07.15 19:50:33 | 000,000,000 | ---D | M] -- C:\Users\Esther\AppData\Roaming\Harmonic Flow
[2012.07.13 08:58:28 | 000,000,000 | ---D | M] -- C:\Users\Esther\AppData\Roaming\ICAClient
[2012.07.26 13:14:10 | 000,000,000 | ---D | M] -- C:\Users\Esther\AppData\Roaming\LegacyGames
[2012.09.02 22:25:12 | 000,000,000 | ---D | M] -- C:\Users\Esther\AppData\Roaming\Nevosoft-Breeze
[2012.08.08 12:31:20 | 000,000,000 | ---D | M] -- C:\Users\Esther\AppData\Roaming\OpenOffice.org
[2012.09.02 21:16:58 | 000,000,000 | ---D | M] -- C:\Users\Esther\AppData\Roaming\PlayFirst
[2012.09.12 09:12:55 | 000,000,000 | ---D | M] -- C:\Users\Esther\AppData\Roaming\TeamViewer
[2012.08.10 14:32:10 | 000,000,000 | ---D | M] -- C:\Users\Esther\AppData\Roaming\Telefónica
[2012.11.11 22:23:04 | 000,000,000 | ---D | M] -- C:\Users\Esther\AppData\Roaming\temp
[2012.08.10 14:32:08 | 000,000,000 | ---D | M] -- C:\Users\Esther\AppData\Roaming\TGCMLog
[2012.07.11 17:01:05 | 000,000,000 | ---D | M] -- C:\Users\Esther\AppData\Roaming\Thunderbird
[2012.08.23 21:02:12 | 000,000,000 | ---D | M] -- C:\Users\Esther\AppData\Roaming\Tobit
[2012.07.12 21:57:54 | 000,000,000 | ---D | M] -- C:\Users\Esther\AppData\Roaming\XnView
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 249 bytes -> C:\ProgramData\Temp:04ADB7A6
@Alternate Data Stream - 248 bytes -> C:\ProgramData\Temp:8AC20936
@Alternate Data Stream - 246 bytes -> C:\ProgramData\Temp:E153075C
@Alternate Data Stream - 242 bytes -> C:\ProgramData\Temp:FD786DCA
@Alternate Data Stream - 231 bytes -> C:\ProgramData\Temp:8DD36B71
@Alternate Data Stream - 226 bytes -> C:\ProgramData\Temp:9B2BD056
@Alternate Data Stream - 221 bytes -> C:\ProgramData\Temp:5CD70138
@Alternate Data Stream - 213 bytes -> C:\ProgramData\Temp:D01ACC06
@Alternate Data Stream - 213 bytes -> C:\ProgramData\Temp:217A2A36
@Alternate Data Stream - 204 bytes -> C:\ProgramData\Temp:413E2927
@Alternate Data Stream - 203 bytes -> C:\ProgramData\Temp:D882BE37
@Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:734E442A
@Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:4CF61E54
@Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:A724744F
@Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:B88E99C8

< End of report >
         
--- --- ---

Alt 01.12.2012, 18:48   #11
schrauber
/// the machine
/// TB-Ausbilder
 

adserverplus kommt wieder - Standard

adserverplus kommt wieder



Hallo,


Fixen mit OTL

  • Starte bitte die OTL.exe.
  • Kopiere nun den Inhalt aus der Codebox in die Textbox.
Code:
ATTFilter
:OTL
IE - HKCU\..\SearchScopes\{138BFF40-2808-4FA4-AB33-61205CEEF1AC}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-3&o=APN10398&src=kw&q={searchTerms}&locale=&apn_ptnrs=^ABW&apn_dtid=^YYYYYY^YY^FR&apn_uid=d6581590-3a75-40e7-a813-12f3831f15da&apn_sauid=9BA75351-F8B1-49A4-858C-1F0444CCA01F
IE - HKCU\..\SearchScopes\{4327FABE-3C22-4689-8DBF-D226CF777FE9}: "URL" = hxxp://www.searchplusnetwork.com/?sp=vit4&q={searchTerms}
:Commands
[emptytemp]
         
  • Solltest du deinen Benutzernamen z. B. durch "*****" unkenntlich gemacht haben, so füge an entsprechender Stelle deinen richtigen Benutzernamen ein. Andernfalls wird der Fix nicht funktionieren.
  • Schließe bitte nun alle Programme.
  • Klicke nun bitte auf den Fix Button.
  • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
  • Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
    ( Auch zu finden unter C:\_OTL\MovedFiles\<Uhrzeit_Datum>.txt)
    Kopiere nun den Inhalt hier in Deinen Thread




Rechner bitte mal nen Tag zwei testen und Rückmeldung geben
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 05.12.2012, 09:51   #12
egeg
 
adserverplus kommt wieder - Standard

adserverplus kommt wieder



All processes killed
========== OTL ==========
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{138BFF40-2808-4FA4-AB33-61205CEEF1AC}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{138BFF40-2808-4FA4-AB33-61205CEEF1AC}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{4327FABE-3C22-4689-8DBF-D226CF777FE9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4327FABE-3C22-4689-8DBF-D226CF777FE9}\ not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Esther
->Temp folder emptied: 203409110 bytes
->Temporary Internet Files folder emptied: 261374971 bytes
->Java cache emptied: 2240941 bytes
->FireFox cache emptied: 121654645 bytes
->Google Chrome cache emptied: 6453157 bytes
->Flash cache emptied: 18786 bytes

User: Public

%systemdrive% .tmp files removed: 31248 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 10613820 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50434 bytes
RecycleBin emptied: 186015 bytes

Total Files Cleaned = 578,00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 12052012_101449

Files\Folders moved on Reboot...
C:\Users\Esther\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...


Adserver kommt nicht mehr wieder! Super, vielen Dank!
Gibts bei Euch ein "Donate" button?

Firefox funktionert allerdings schlecher als IE, wobei dies natürlich auch an FF liegen kann. Allerdings kenne ich mich da nicht aus und weiß nicht, ob es an den Java / Flashplayer bzw. den NOscrip Einstelungen oder so was liegt.

Alt 05.12.2012, 12:27   #13
schrauber
/// the machine
/// TB-Ausbilder
 

adserverplus kommt wieder - Standard

adserverplus kommt wieder



Hi,

Schau mal im Benutzerkontrollzentrum, wenn du ganz runter scrollst, da sollte was sein mit Donate .

Deinstallier mal FF und installier ihn neu, poste dann ein frisches OTL logfile. Immer noch Probleme mit FF?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Antwort

Themen zu adserverplus kommt wieder
adserverplus, dateien, entferne, gefunde, infizierte, infizierten, kommt wieder, malwarebytes, mbam, pop-up, rechner, scan



Ähnliche Themen: adserverplus kommt wieder


  1. GVU Kommt wieder Win7
    Log-Analyse und Auswertung - 24.03.2013 (9)
  2. Adserverplus(Pop-up) kommt andauernd
    Plagegeister aller Art und deren Bekämpfung - 30.01.2013 (1)
  3. ad.adserverplus erscheint immer wieder
    Log-Analyse und Auswertung - 15.11.2012 (28)
  4. Stimme kommt immer wieder.
    Plagegeister aller Art und deren Bekämpfung - 28.08.2011 (1)
  5. Trojaner kommt immer wieder
    Log-Analyse und Auswertung - 05.08.2010 (19)
  6. JS/Redirector.455 kommt immer wieder
    Plagegeister aller Art und deren Bekämpfung - 26.10.2009 (3)
  7. Tr/Dropper.Gen kommt wieder
    Plagegeister aller Art und deren Bekämpfung - 07.10.2009 (1)
  8. TR Dropper.gen kommt ständig wieder
    Log-Analyse und Auswertung - 24.07.2009 (11)
  9. Trojaner kommt immer wieder
    Plagegeister aller Art und deren Bekämpfung - 02.06.2009 (1)
  10. Virus kommt wieder
    Log-Analyse und Auswertung - 11.01.2009 (0)
  11. Trojaner kommt immer wieder...
    Log-Analyse und Auswertung - 24.08.2008 (11)
  12. uEXci4uY.exe kommt immer wieder
    Plagegeister aller Art und deren Bekämpfung - 11.07.2008 (22)
  13. Swizzor DH kommt immer wieder
    Log-Analyse und Auswertung - 11.09.2006 (8)
  14. Swizzor kommt immer wieder
    Log-Analyse und Auswertung - 30.04.2006 (1)
  15. Dialer kommt immer wieder...
    Log-Analyse und Auswertung - 22.02.2005 (5)
  16. searchcentral.cc kommt immer wieder!
    Plagegeister aller Art und deren Bekämpfung - 23.09.2004 (1)
  17. Startseite kommt immer wieder
    Log-Analyse und Auswertung - 12.08.2004 (2)

Zum Thema adserverplus kommt wieder - Hallo, ich habe dieses adserverplus pop-up auf meinen Rechner und wollte ihn mit MBAM entfernen. Der Scan hat etwas gefunden und das habe ich dann entfernt. Allerdings kam das pop-up - adserverplus kommt wieder...
Archiv
Du betrachtest: adserverplus kommt wieder auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.