Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: click to continue by savings sidekick

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 28.11.2012, 00:08   #1
Hele
 
click to continue by savings sidekick - Standard

click to continue by savings sidekick



Hallo liebe Moderatoren,

wie so viele habe auch ich immer gehofft Euch nicht zu benötigen.
Leider war diese Vermutung ein Trugschluss.

Ich habe vor wenigen Tagen im Firefox ein Add-On entdeckt welches sich "savings sidekick" nannte.

Aufgefallen ist es mir am 22. November als ich in einem Forum unterstrichene Worte sah.
Durch eine Telefongespräch mit dem Forumsbetreiber bekam ich den Hinweis dass ich wohl einen "Fehler" im Firefox hätte.
Daraufhin schaute ich mir die Seite mit dem Browser Safari an, dort war nichts zu sehen.
Also habe ich go**** bemüht und las den Hinweis mir einmal die Firefox Add-Ons genauer anzusehen. Ich sah dort das "es" sich am 16. November eingenistete.
Ich entfernte "savings sidekick" als Add-On und starete den Rechner neu.
Danach war "savings sidekick" aus Firefox entfernt.

Jedoch glaubte ich nicht dass das alles gewesen sein soll, also schaute ich auf Eurer Seite nach.
Und Bingo :-( ich sollte leider Recht behalten.
Nach einem Scan mit Malwarebytes war es klar.


Code:
ATTFilter
 Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Datenbank Version: v2012.11.27.11

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
xxxx :: xxxx-PC [Administrator]

27.11.2012 21:06:42
mbam-log-2012-11-27 (21-06-42).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 255915
Laufzeit: 5 Minute(n), 29 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 9
HKCR\CLSID\{11111111-1111-1111-1111-110011501160} (PUP.CrossRider.SSK) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\TypeLib\{44444444-4444-4444-4444-440044504460} (PUP.CrossRider.SSK) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\Interface\{55555555-5555-5555-5555-550055505560} (PUP.CrossRider.SSK) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\CrossriderApp0005060.BHO.1 (PUP.CrossRider.SSK) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110011501160} (PUP.CrossRider.SSK) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011501160} (PUP.CrossRider.SSK) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011501160} (PUP.CrossRider.SSK) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Savings Sidekick (PUP.CrossRider.SSK) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\215 APPS (PUP.CrossFire.SA) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Registrierungswerte: 1
HKCU\Software\InstalledBrowserExtensions\215 Apps|5060 (PUP.CrossFire.SA) -> Daten: Savings Sidekick -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 2
C:\ProgramData\IBUpdaterService (PUP.InstallBrain) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\Savings Sidekick (PUP.CrossRider.SSK) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateien: 10
C:\Program Files (x86)\Savings Sidekick\Savings Sidekick.dll (PUP.CrossRider.SSK) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\ProgramData\IBUpdaterService\repository.xml (PUP.InstallBrain) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\Savings Sidekick\Savings SidekickInstaller.log (PUP.CrossRider.SSK) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\Savings Sidekick\ButtonUtil.dll (PUP.CrossRider.SSK) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\Savings Sidekick\Savings Sidekick-bg.exe (PUP.CrossRider.SSK) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\Savings Sidekick\Savings Sidekick.exe (PUP.CrossRider.SSK) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\Savings Sidekick\Savings Sidekick.ico (PUP.CrossRider.SSK) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\Savings Sidekick\Savings Sidekick.ini (PUP.CrossRider.SSK) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\Savings Sidekick\Uninstall.exe (PUP.CrossRider.SSK) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\xxxx\AppData\Local\Savings Sidekick\Chrome\Savings Sidekick.crx (PUP.CrossRider.SSK) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
         
Schande über mich, denn leider habe ich die in Quarantäne gestellten Dateien gelöscht. Da habe ich leider nicht bis zum Ende gelesen.


Code:
ATTFilter
OTL logfile created on: 27.11.2012 22:59:42 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Hele\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
6,00 Gb Total Physical Memory | 3,84 Gb Available Physical Memory | 63,97% Memory free
12,00 Gb Paging File | 9,73 Gb Available in Paging File | 81,12% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931,41 Gb Total Space | 228,56 Gb Free Space | 24,54% Space Free | Partition Type: NTFS
 
Computer Name: Hele-PC | User Name: Hele | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.11.27 22:22:10 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Hele\Desktop\OTL.exe
PRC - [2012.11.20 07:16:04 | 000,916,960 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012.11.09 13:05:07 | 001,807,800 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe
PRC - [2012.11.09 12:59:02 | 000,997,320 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe
PRC - [2012.11.09 12:59:02 | 000,711,112 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe
PRC - [2012.11.02 20:00:42 | 002,400,800 | ---- | M] () -- C:\ProgramData\Browser Manager\2.4.897.175\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\browsermngr.exe
PRC - [2012.10.10 04:51:06 | 010,415,008 | ---- | M] (NTeWORKS) -- C:\Program Files (x86)\PicPick\picpick.exe
PRC - [2012.07.27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.07.18 17:04:33 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2012.07.18 17:04:24 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
PRC - [2012.07.18 17:04:23 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.07.18 17:04:22 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.06.20 12:18:08 | 001,568,976 | ---- | M] (Ask) -- C:\Program Files (x86)\Ask.com\Updater\Updater.exe
PRC - [2011.11.03 03:11:54 | 000,066,560 | ---- | M] (Nalpeiron Ltd.) -- C:\Windows\SysWOW64\nlssrv32.exe
PRC - [2011.09.14 22:06:38 | 000,169,624 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe
PRC - [2010.09.06 02:19:58 | 000,169,408 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
PRC - [2010.04.05 11:55:01 | 000,116,104 | ---- | M] () -- C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
PRC - [2010.04.02 09:18:54 | 001,185,112 | ---- | M] (CANON INC.) -- C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE
PRC - [2010.03.18 10:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2009.04.17 10:09:46 | 000,935,208 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
PRC - [2009.02.23 11:48:50 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.11.20 07:16:18 | 002,400,224 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2012.11.09 13:05:06 | 014,586,808 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_110.dll
MOD - [2012.11.09 12:59:03 | 000,134,600 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\13.2.0\SiteSafety.dll
MOD - [2012.11.09 12:59:02 | 000,997,320 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe
MOD - [2012.11.09 12:59:02 | 000,566,728 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\DNTInstaller\13.2.0\avgdttbx.dll
MOD - [2012.11.02 20:00:42 | 002,400,800 | ---- | M] () -- C:\ProgramData\Browser Manager\2.4.897.175\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\browsermngr.exe
MOD - [2012.11.02 19:59:20 | 002,139,168 | ---- | M] () -- C:\ProgramData\Browser Manager\2.4.897.175\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\browsermngr.dll
MOD - [2011.09.27 06:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011.09.27 06:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2009.11.24 15:17:16 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2012.11.20 07:16:13 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.11.09 13:05:07 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.11.09 12:59:02 | 000,711,112 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe -- (vToolbarUpdater13.2.0)
SRV - [2012.11.02 20:00:42 | 002,400,800 | ---- | M] () [Auto | Running] -- C:\ProgramData\Browser Manager\2.4.897.175\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\browsermngr.exe -- (Browser Manager)
SRV - [2012.09.12 20:21:48 | 000,368,896 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Programme\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2012.09.12 20:21:48 | 000,022,072 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2012.08.02 12:42:04 | 008,786,848 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Programme\Tablet\Wacom\Wacom_Tablet.exe -- (TabletServiceWacom)
SRV - [2012.08.02 12:42:04 | 000,565,152 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Programme\Tablet\Wacom\Wacom_TouchService.exe -- (TouchServiceWacom)
SRV - [2012.07.27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.07.18 17:04:33 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.07.18 17:04:24 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService)
SRV - [2012.07.18 17:04:23 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.07.13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011.11.03 03:11:54 | 000,066,560 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\Windows\SysWOW64\nlssrv32.exe -- (nlsX86cc)
SRV - [2011.09.14 22:06:38 | 000,169,624 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor10.0)
SRV - [2010.12.10 16:36:54 | 000,153,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
SRV - [2010.09.06 02:19:58 | 000,169,408 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor9.0)
SRV - [2010.04.05 11:55:01 | 000,116,104 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE -- (IJPLMSVC)
SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.03.18 10:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.04.17 10:09:46 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2009.02.23 11:48:50 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.11.09 12:59:03 | 000,030,568 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtpx64.sys -- (avgtp)
DRV:64bit: - [2012.08.30 21:03:48 | 000,128,456 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012.08.21 12:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012.07.18 17:04:42 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012.07.18 17:04:42 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2012.07.18 17:04:41 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012.06.21 14:12:00 | 000,068,512 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wachidrouter.sys -- (WacHidRouter)
DRV:64bit: - [2012.06.21 14:12:00 | 000,013,728 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hidkmdf.sys -- (hidkmdf)
DRV:64bit: - [2012.05.22 13:07:18 | 000,015,736 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wacomrouterfilter.sys -- (wacomrouterfilter)
DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.08.01 14:59:06 | 000,045,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2011.05.18 07:08:32 | 000,047,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)
DRV:64bit: - [2011.05.10 07:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.08.27 05:32:20 | 000,161,280 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ss_bmdm.sys -- (ss_bmdm)
DRV:64bit: - [2010.08.27 05:32:20 | 000,128,000 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ss_bserd.sys -- (ss_bserd)
DRV:64bit: - [2010.08.27 05:32:20 | 000,127,488 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ss_bbus.sys -- (ss_bbus)
DRV:64bit: - [2010.08.27 05:32:20 | 000,018,944 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ss_bmdfl.sys -- (ss_bmdfl)
DRV:64bit: - [2010.07.26 14:18:58 | 000,020,568 | ---- | M] (Devguru Co., Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dgderdrv.sys -- (dgderdrv)
DRV:64bit: - [2010.07.26 14:15:26 | 000,016,392 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TFsExDisk.sys -- (TFsExDisk)
DRV:64bit: - [2010.03.19 03:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009.11.24 15:52:14 | 006,174,720 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009.11.18 11:30:56 | 000,123,408 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 21:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.03.01 23:05:32 | 000,187,392 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV - [2010.07.26 14:15:26 | 000,016,392 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys -- (TFsExDisk)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [1999.10.13 14:19:20 | 000,012,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\usbscan.sys -- (usbscan)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook: {699d7c86-b4fb-477b-b738-3d7a16439036} - C:\Program Files (x86)\Island-Forum\tbIsla.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = hxxp://www.claro-search.com/?affID=114508&tt=4512_3&babsrc=HP_clro&mntrId=88f18f94000000000000406186292efb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://isearch.avg.com/?cid={D74498D5-1FCC-4678-83DA-D662D8236DFB}&mid=a9eb25d8297147d092a49128c0cdc708-0f92206d30766c61a0e476dfd538e92fdc7dee00&lang=en&ds=bm013&pr=sa&d=2012-09-05 17:59:02&v=13.2.0.5&sap=hp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 3A EF 97 98 72 FB CC 01  [binary data]
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKCU\..\URLSearchHook: {699d7c86-b4fb-477b-b738-3d7a16439036} - C:\Program Files (x86)\Island-Forum\tbIsla.dll (Conduit Ltd.)
IE - HKCU\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://www.claro-search.com/?q={searchTerms}&affID=114508&tt=4512_3&babsrc=SP_clro&mntrId=88f18f94000000000000406186292efb
IE - HKCU\..\SearchScopes\{482D0F30-8F15-4196-B9CC-FE1D26521EEC}: "URL" = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = https://isearch.avg.com/search?cid={D74498D5-1FCC-4678-83DA-D662D8236DFB}&mid=a9eb25d8297147d092a49128c0cdc708-0f92206d30766c61a0e476dfd538e92fdc7dee00&lang=en&ds=bm013&pr=sa&d=2012-09-05 17:59:02&v=12.2.0.5&sap=dsp&q={searchTerms}
IE - HKCU\..\SearchScopes\{E4DD147D-1147-48C2-A882-262B75A206A9}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-W1&o=100000080&src=kw&q={searchTerms}&locale=de_DE&apn_ptnrs=JM&apn_dtid=YYYYYYYYDE&apn_uid=76caf8f0-cb63-4079-9288-35200330b8e1&apn_sauid=F72F764F-A2CF-4767-A9E4-5D9761D99B7F
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.defaultthis.engineName: "Island und mehr... Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2693572&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.bing.com/?cc=de"
FF - prefs.js..extensions.enabledAddons: ich%40maltegoetz.de:1.4.3
FF - prefs.js..extensions.enabledAddons: is%40dictionaries.addons.mozilla.org:1.3
FF - prefs.js..extensions.enabledAddons: %7B1018e4d6-728f-4b20-ad56-37578a4de76b%7D:4.2.3
FF - prefs.js..extensions.enabledAddons: %7B20cc25e2-48c9-45e1-9a1f-1ccc1882b81b%7D:1.9
FF - prefs.js..extensions.enabledAddons: %7B64161300-e22b-11db-8314-0800200c9a66%7D:0.9.6.10
FF - prefs.js..extensions.enabledAddons: %7B699d7c86-b4fb-477b-b738-3d7a16439036%7D:3.16.0.3
FF - prefs.js..extensions.enabledAddons: %7B872b5b88-9db5-4310-bdd0-ac189557e5f5%7D:3.16.0.3
FF - prefs.js..extensions.enabledAddons: %7BACAA314B-EEBA-48e4-AD47-84E31C44796C%7D:4.2.1.7
FF - prefs.js..extensions.enabledAddons: %7Bc36177c0-224a-11da-8cd6-0800200c9a91%7D:3.9.81
FF - prefs.js..extensions.enabledAddons: %7Bef4e370e-d9f0-4e00-b93e-a4f274cfdd5a%7D:1.4.5
FF - prefs.js..extensions.enabledAddons: %7Bdfefbe51-ca52-484b-adf0-6b158b05262d%7D:2.4.897.175
FF - prefs.js..extensions.enabledAddons: toolbar%40ask.com:3.15.4.100015
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.8
FF - prefs.js..extensions.enabledItems: {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}:1.4.2b
FF - prefs.js..extensions.enabledItems: {64161300-e22b-11db-8314-0800200c9a66}:0.9.5.8
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:2.7.0.14
FF - prefs.js..extensions.enabledItems: {699d7c86-b4fb-477b-b738-3d7a16439036}:3.4.1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2693572&q="
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_110.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.0: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@wacom.com/wtPlugin,version=2.1.0.2: C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_110.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\13.2.0\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@wacom.com/wtPlugin,version=2.1.0.2: C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Hele\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Hele\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\wacom.com/WacomTabletPlugin: C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\FireFoxExt\13.2.0.5 [2012.11.09 13:00:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.11.27 18:26:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.11.17 19:49:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.11.17 19:49:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{dfefbe51-ca52-484b-adf0-6b158b05262d}: C:\ProgramData\Browser Manager\2.4.897.175\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\FirefoxExtension [2012.11.11 17:30:46 | 000,000,000 | ---D | M]
 
[2010.07.28 18:29:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hele\AppData\Roaming\mozilla\Extensions
[2010.07.27 06:48:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hele\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012.11.24 19:08:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hele\AppData\Roaming\mozilla\Firefox\Profiles\0z7dx9gw.default\extensions
[2012.11.10 15:51:01 | 000,000,000 | ---D | M] (Flagfox) -- C:\Users\Hele\AppData\Roaming\mozilla\Firefox\Profiles\0z7dx9gw.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
[2012.11.10 15:51:07 | 000,000,000 | ---D | M] (Island und mehr... Community Toolbar) -- C:\Users\Hele\AppData\Roaming\mozilla\Firefox\Profiles\0z7dx9gw.default\extensions\{699d7c86-b4fb-477b-b738-3d7a16439036}
[2012.11.09 13:00:30 | 000,000,000 | ---D | M] (DVDVideoSoftTB Community Toolbar) -- C:\Users\Hele\AppData\Roaming\mozilla\Firefox\Profiles\0z7dx9gw.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2012.11.22 19:36:08 | 000,000,000 | ---D | M] ("DVDVideoSoft YouTube MP3 and Video Download") -- C:\Users\Hele\AppData\Roaming\mozilla\Firefox\Profiles\0z7dx9gw.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.09.16 18:09:08 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\Hele\AppData\Roaming\mozilla\Firefox\Profiles\0z7dx9gw.default\extensions\ich@maltegoetz.de
[2012.11.20 18:53:43 | 000,000,000 | ---D | M] (Icelandic Dictionary) -- C:\Users\Hele\AppData\Roaming\mozilla\Firefox\Profiles\0z7dx9gw.default\extensions\is@dictionaries.addons.mozilla.org
[2012.08.26 12:47:38 | 000,000,000 | ---D | M] ("Avira SearchFree Toolbar plus Web Protection") -- C:\Users\Hele\AppData\Roaming\mozilla\Firefox\Profiles\0z7dx9gw.default\extensions\toolbar@ask.com
[2011.06.02 13:42:44 | 000,010,285 | ---- | M] () (No name found) -- C:\Users\Hele\AppData\Roaming\mozilla\firefox\profiles\0z7dx9gw.default\extensions\{20cc25e2-48c9-45e1-9a1f-1ccc1882b81b}.xpi
[2012.10.11 08:11:03 | 000,281,285 | ---- | M] () (No name found) -- C:\Users\Hele\AppData\Roaming\mozilla\firefox\profiles\0z7dx9gw.default\extensions\{64161300-e22b-11db-8314-0800200c9a66}.xpi
[2012.11.22 19:13:18 | 000,035,614 | ---- | M] () (No name found) -- C:\Users\Hele\AppData\Roaming\mozilla\firefox\profiles\0z7dx9gw.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi
[2012.07.15 11:32:28 | 000,177,357 | ---- | M] () (No name found) -- C:\Users\Hele\AppData\Roaming\mozilla\firefox\profiles\0z7dx9gw.default\extensions\{c36177c0-224a-11da-8cd6-0800200c9a91}.xpi
[2012.11.24 19:08:52 | 000,804,627 | ---- | M] () (No name found) -- C:\Users\Hele\AppData\Roaming\mozilla\firefox\profiles\0z7dx9gw.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012.04.01 11:32:31 | 000,685,019 | ---- | M] () (No name found) -- C:\Users\Hele\AppData\Roaming\mozilla\firefox\profiles\0z7dx9gw.default\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}.xpi
[2012.04.01 11:32:41 | 000,002,411 | ---- | M] () -- C:\Users\Hele\AppData\Roaming\mozilla\firefox\profiles\0z7dx9gw.default\searchplugins\askcom.xml
[2011.05.18 18:04:32 | 000,000,939 | ---- | M] () -- C:\Users\Hele\AppData\Roaming\mozilla\firefox\profiles\0z7dx9gw.default\searchplugins\conduit.xml
[2012.11.26 19:39:22 | 000,001,610 | ---- | M] () -- C:\Users\Hele\AppData\Roaming\mozilla\firefox\profiles\0z7dx9gw.default\searchplugins\ixquick-https---deutsch.xml
[2010.11.03 16:32:08 | 000,000,834 | ---- | M] () -- C:\Users\Hele\AppData\Roaming\mozilla\firefox\profiles\0z7dx9gw.default\searchplugins\lonely-planet-online.xml
[2012.11.27 18:26:28 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.11.11 17:30:46 | 000,000,000 | ---D | M] (Browser Manager) -- C:\PROGRAMDATA\BROWSER MANAGER\2.4.897.175\{61D8B74E-8D89-46FF-AFA6-33382C54AC73}\FIREFOXEXTENSION
[2012.11.20 07:17:00 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.10.26 19:49:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2012.11.20 08:13:26 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.11.09 12:59:30 | 000,003,573 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml
[2012.11.10 15:50:20 | 000,006,522 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
[2012.11.20 08:13:26 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.11.20 08:13:26 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.11.20 08:13:26 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.11.20 08:13:26 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.11.20 08:13:26 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider:  ()
CHR - default_search_provider: search_url = 
CHR - default_search_provider: suggest_url = 
CHR - homepage: hxxp://www.claro-search.com/?affID=114508&tt=4512_3&babsrc=HP_clro&mntrId=88f18f94000000000000406186292efb
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Claro LTD Helper Object) - {000F18F2-09EB-4A59-82B2-5AE4184C39C3} - C:\Program Files (x86)\Claro LTD\claro\1.8.3.10\bh\claro.dll (Montera Technologeis LTD)
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (Island-Forum Toolbar) - {699d7c86-b4fb-477b-b738-3d7a16439036} - C:\Program Files (x86)\Island-Forum\tbIsla.dll (Conduit Ltd.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll ()
O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Island-Forum Toolbar) - {699d7c86-b4fb-477b-b738-3d7a16439036} - C:\Program Files (x86)\Island-Forum\tbIsla.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (no name) - {D0F4A166-B8D4-48b8-9D63-80849FE137CB} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (Island-Forum Toolbar) - {699D7C86-B4FB-477B-B738-3D7A16439036} - C:\Program Files (x86)\Island-Forum\tbIsla.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft Device Center\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [IntelliType Pro] c:\Program Files\Microsoft Device Center\itype.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Programme\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.)
O4 - HKLM..\Run: [ROC_roc_ssl_v12] C:\Program Files (x86)\AVG Secure Search\ROC_roc_ssl_v12.exe ()
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
O4 - HKCU..\Run: [PicPick Start] C:\Program Files (x86)\PicPick\picpick.exe (NTeWORKS)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Hele\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm ()
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Hele\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://c:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Free YouTube Download - C:\Users\Hele\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Hele\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://c:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000019 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab (Java Plug-in 10.4.0)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.7.0_04)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{236FDCB1-0D63-4919-8875-5408D003D4F9}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\13.2.0\ViProtocol.dll ()
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (c:\progra~3\browse~1\24897~1.175\{61d8b~1\browse~1.dll) - c:\ProgramData\Browser Manager\2.4.897.175\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\browsermngr.dll ()
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{2df44f93-f587-11df-9530-406186292efb}\Shell - "" = AutoRun
O33 - MountPoints2\{2df44f93-f587-11df-9530-406186292efb}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.11.27 22:22:08 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Hele\Desktop\OTL.exe
[2012.11.27 21:05:42 | 000,000,000 | ---D | C] -- C:\Users\Hele\AppData\Roaming\Malwarebytes
[2012.11.27 21:05:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.11.27 21:04:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.11.27 21:04:57 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.11.27 21:04:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.11.17 19:49:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2012.11.14 17:54:51 | 000,000,000 | ---D | C] -- C:\Program Files\autostitch
[2012.11.12 12:45:04 | 000,000,000 | ---D | C] -- C:\Users\Hele\AppData\Roaming\Media Player Classic
[2012.11.10 17:46:00 | 000,000,000 | ---D | C] -- C:\Users\Hele\Documents\Videos
[2012.11.10 16:14:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kastor Free Vimeo Downloader
[2012.11.10 16:14:05 | 000,000,000 | ---D | C] -- C:\Users\Hele\AppData\Roaming\KastorFreeVimeoDownloader
[2012.11.10 16:14:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Kastor Free Vimeo Downloader
[2012.11.10 15:52:08 | 000,000,000 | ---D | C] -- C:\Users\Hele\AppData\Roaming\Claro
[2012.11.10 15:50:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Claro LTD
[2012.11.10 15:50:15 | 000,000,000 | ---D | C] -- C:\Users\Hele\AppData\Local\Savings Sidekick
[2012.11.10 15:50:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon
[2012.11.10 15:50:01 | 000,000,000 | ---D | C] -- C:\Users\Hele\AppData\Roaming\Babylon
[2012.11.10 15:49:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Browser Manager
[2012.11.10 15:45:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack
[2012.11.10 15:45:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\K-Lite Codec Pack
[2012.11.10 14:59:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DVDVideoSoft
[2012.11.10 13:58:03 | 000,000,000 | ---D | C] -- C:\Users\Hele\AppData\Roaming\Leadertech
[2012.10.29 23:10:29 | 000,000,000 | ---D | C] -- C:\Program Files\EasyDownLight
[2012.10.29 09:10:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
 
========== Files - Modified Within 30 Days ==========
 
[2012.11.27 23:02:24 | 000,017,330 | ---- | M] () -- C:\Users\Hele\Desktop\Malwarebytes Scan 27112012.odt
[2012.11.27 23:02:24 | 000,000,102 | -H-- | M] () -- C:\Users\Hele\Desktop\.~lock.Malwarebytes Scan 27112012.odt#
[2012.11.27 22:57:00 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.11.27 22:54:46 | 000,021,698 | ---- | M] () -- C:\Users\Hele\Documents\TB anfrage.odt
[2012.11.27 22:47:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.11.27 22:22:10 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Hele\Desktop\OTL.exe
[2012.11.27 22:20:23 | 000,000,000 | ---- | M] () -- C:\Users\Hele\defogger_reenable
[2012.11.27 22:18:42 | 000,050,477 | ---- | M] () -- C:\Users\Hele\Desktop\Defogger.exe
[2012.11.27 22:09:00 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3320590840-971583442-1121360795-1004UA.job
[2012.11.27 21:34:44 | 000,148,755 | ---- | M] () -- C:\Users\Hele\Desktop\Bild 3.png
[2012.11.27 21:31:49 | 000,014,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.11.27 21:31:49 | 000,014,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.11.27 21:24:26 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.11.27 21:23:51 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.11.27 21:23:47 | 536,223,743 | -HS- | M] () -- C:\hiberfil.sys
[2012.11.27 21:21:54 | 000,127,097 | ---- | M] () -- C:\Users\Hele\Desktop\Bild 2.png
[2012.11.27 21:19:36 | 000,248,701 | ---- | M] () -- C:\Users\Hele\Desktop\Bild 1.png
[2012.11.27 21:05:04 | 000,001,116 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.11.26 18:46:08 | 000,615,920 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.11.25 19:35:41 | 000,165,698 | ---- | M] () -- C:\Users\Hele\Desktop\Was guckst du.pdf
[2012.11.25 15:28:10 | 010,058,285 | ---- | M] () -- C:\Users\Hele\Desktop\galileodesign_photoshop_elements_10_wolf.pdf
[2012.11.25 15:09:01 | 000,001,072 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3320590840-971583442-1121360795-1004Core.job
[2012.11.22 18:20:14 | 000,001,331 | ---- | M] () -- C:\Users\Hele\Desktop\RouteConverterWindows64 - Verknüpfung.lnk
[2012.11.22 18:18:41 | 000,001,150 | ---- | M] () -- C:\Users\Hele\Desktop\EasyDownLight - Verknüpfung.lnk
[2012.11.22 18:18:03 | 000,001,123 | ---- | M] () -- C:\Users\Hele\Desktop\autostitch - Verknüpfung.lnk
[2012.11.19 08:32:34 | 000,011,119 | ---- | M] () -- C:\Users\Hele\Documents\Widerspruch **** Sparkasse.odt
[2012.11.19 08:30:53 | 001,657,310 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.11.19 08:30:53 | 000,715,260 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.11.19 08:30:53 | 000,666,274 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.11.19 08:30:53 | 000,155,188 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.11.19 08:30:53 | 000,125,408 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.11.15 09:31:11 | 000,002,125 | ---- | M] () -- C:\Users\Hele\Desktop\Reflecta Scanner Reparatur 3 - Verknüpfung.lnk
[2012.11.15 09:31:11 | 000,002,125 | ---- | M] () -- C:\Users\Hele\Desktop\Reflecta Scanner Reparatur 2 - Verknüpfung.lnk
[2012.11.15 09:31:11 | 000,002,125 | ---- | M] () -- C:\Users\Hele\Desktop\Reflecta Scanner Reparatur 1 - Verknüpfung.lnk
[2012.11.14 22:12:15 | 000,008,434 | ---- | M] () -- C:\Users\Hele\Desktop\316 - Verknüpfung.lnk
[2012.11.14 22:12:11 | 000,008,434 | ---- | M] () -- C:\Users\Hele\Desktop\318 - Verknüpfung.lnk
[2012.11.14 22:12:02 | 000,008,434 | ---- | M] () -- C:\Users\Hele\Desktop\304 - Verknüpfung.lnk
[2012.11.14 22:11:34 | 000,008,434 | ---- | M] () -- C:\Users\Hele\Desktop\299 - Verknüpfung.lnk
[2012.11.14 22:11:03 | 000,008,434 | ---- | M] () -- C:\Users\Hele\Desktop\291 - Verknüpfung.lnk
[2012.11.14 22:10:41 | 000,008,434 | ---- | M] () -- C:\Users\Hele\Desktop\286 - Verknüpfung.lnk
[2012.11.14 17:53:01 | 001,079,825 | ---- | M] () -- C:\Users\Hele\Desktop\autostitch.zip
[2012.11.10 13:40:09 | 000,171,426 | ---- | M] () -- C:\Users\Hele\Desktop\Bild 3.jpg
[2012.11.10 13:14:04 | 000,059,867 | ---- | M] () -- C:\Users\Hele\Documents\Die besten 50 Mitarbeiter des Unternehmens 2011_12   20121105134048.pdf
[2012.11.09 12:59:03 | 000,030,568 | ---- | M] (AVG Technologies) -- C:\Windows\SysNative\drivers\avgtpx64.sys
[2012.11.04 12:42:01 | 000,009,922 | ---- | M] () -- C:\Users\Hele\Documents\Euro NCAP Test und ADAC Bericht.ods
[2012.10.29 23:48:58 | 000,000,205 | ---- | M] () -- C:\Users\Hele\AppData\Roaming\default.rss
 
========== Files Created - No Company Name ==========
 
[2012.11.27 23:01:39 | 000,000,102 | -H-- | C] () -- C:\Users\Hele\Desktop\.~lock.Malwarebytes Scan 27112012.odt#
[2012.11.27 22:54:44 | 000,021,698 | ---- | C] () -- C:\Users\Hele\Documents\TB anfrage.odt
[2012.11.27 22:23:37 | 000,017,319 | ---- | C] () -- C:\Users\Hele\Desktop\Malwarebytes Scan 27112012.odt
[2012.11.27 22:20:23 | 000,000,000 | ---- | C] () -- C:\Users\Hele\defogger_reenable
[2012.11.27 22:18:41 | 000,050,477 | ---- | C] () -- C:\Users\Hele\Desktop\Defogger.exe
[2012.11.27 21:34:44 | 000,148,755 | ---- | C] () -- C:\Users\Hele\Desktop\Bild 3.png
[2012.11.27 21:21:54 | 000,127,097 | ---- | C] () -- C:\Users\Hele\Desktop\Bild 2.png
[2012.11.27 21:19:36 | 000,248,701 | ---- | C] () -- C:\Users\Hele\Desktop\Bild 1.png
[2012.11.27 21:05:04 | 000,001,116 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.11.25 19:35:41 | 000,165,698 | ---- | C] () -- C:\Users\Hele\Desktop\Was guckst du.pdf
[2012.11.25 16:20:37 | 000,001,004 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help.lnk
[2012.11.25 16:16:37 | 000,001,912 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop Elements 10.lnk
[2012.11.25 15:28:09 | 010,058,285 | ---- | C] () -- C:\Users\Hele\Desktop\galileodesign_photoshop_elements_10_wolf.pdf
[2012.11.22 18:18:41 | 000,001,150 | ---- | C] () -- C:\Users\Hele\Desktop\EasyDownLight - Verknüpfung.lnk
[2012.11.22 18:18:03 | 000,001,123 | ---- | C] () -- C:\Users\Hele\Desktop\autostitch - Verknüpfung.lnk
[2012.11.19 08:32:32 | 000,011,119 | ---- | C] () -- C:\Users\Hele\Documents\Widerspruch **** Sparkasse.odt
[2012.11.16 20:08:47 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2012.11.16 19:58:02 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2012.11.14 22:12:15 | 000,008,434 | ---- | C] () -- C:\Users\Hele\Desktop\316 - Verknüpfung.lnk
[2012.11.14 22:12:11 | 000,008,434 | ---- | C] () -- C:\Users\Hele\Desktop\318 - Verknüpfung.lnk
[2012.11.14 22:12:02 | 000,008,434 | ---- | C] () -- C:\Users\Hele\Desktop\304 - Verknüpfung.lnk
[2012.11.14 22:11:34 | 000,008,434 | ---- | C] () -- C:\Users\Hele\Desktop\299 - Verknüpfung.lnk
[2012.11.14 22:11:03 | 000,008,434 | ---- | C] () -- C:\Users\Hele\Desktop\291 - Verknüpfung.lnk
[2012.11.14 22:10:41 | 000,008,434 | ---- | C] () -- C:\Users\Hele\Desktop\286 - Verknüpfung.lnk
[2012.11.14 21:52:43 | 000,002,125 | ---- | C] () -- C:\Users\Hele\Desktop\Reflecta Scanner Reparatur 3 - Verknüpfung.lnk
[2012.11.14 21:52:43 | 000,002,125 | ---- | C] () -- C:\Users\Hele\Desktop\Reflecta Scanner Reparatur 2 - Verknüpfung.lnk
[2012.11.14 21:52:43 | 000,002,125 | ---- | C] () -- C:\Users\Hele\Desktop\Reflecta Scanner Reparatur 1 - Verknüpfung.lnk
[2012.11.14 17:52:41 | 001,079,825 | ---- | C] () -- C:\Users\Hele\Desktop\autostitch.zip
[2012.11.10 15:45:26 | 000,178,688 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2012.11.10 13:14:04 | 000,059,867 | ---- | C] () -- C:\Users\Hele\Documents\Die besten 50 Mitarbeiter des Unternehmens 2011_12   20121105134048.pdf
[2012.11.04 11:31:52 | 000,009,922 | ---- | C] () -- C:\Users\Hele\Documents\Euro NCAP Test und ADAC Bericht.ods
[2012.11.01 12:49:31 | 000,171,426 | ---- | C] () -- C:\Users\Hele\Desktop\Bild 3.jpg
[2012.09.03 12:12:09 | 007,339,099 | ---- | C] () -- C:\Program Files\RouteConverterWindows64.exe
[2012.08.28 19:54:32 | 000,007,606 | ---- | C] () -- C:\Users\Hele\AppData\Local\Resmon.ResmonCfg
[2012.07.15 15:14:06 | 000,001,049 | ---- | C] () -- C:\Users\Hele\AppData\Roaming\.ptbt0
[2012.05.19 13:33:50 | 000,001,158 | ---- | C] () -- C:\Users\Hele\AppData\Roaming\ShiftN.ini
[2011.11.03 03:12:00 | 000,326,144 | ---- | C] () -- C:\Windows\SysWow64\ColorEfexPro4FC32.dll
[2011.07.06 13:21:42 | 000,311,296 | ---- | C] () -- C:\Windows\SysWow64\EMRegSys.dll
[2011.06.07 11:13:38 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2011.06.07 11:13:38 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2011.06.07 11:13:38 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2011.06.07 11:13:38 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2011.06.07 11:13:38 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2011.05.29 16:15:59 | 000,005,467 | ---- | C] () -- C:\Users\Hele\ESt2010_**********_********.elfo
[2010.12.05 16:49:22 | 000,039,626 | ---- | C] () -- C:\Users\Hele\.recently-used.xbel
[2010.09.18 18:46:19 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.09.12 16:04:16 | 000,021,062 | -H-- | C] () -- C:\ProgramData\M33KI
[2010.08.28 16:17:16 | 000,000,205 | ---- | C] () -- C:\Users\Hele\AppData\Roaming\default.rss
[2010.03.26 20:18:38 | 000,013,824 | ---- | C] () -- C:\Users\Hele\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012.11.10 15:50:01 | 000,000,000 | ---D | M] -- C:\Users\Hele\AppData\Roaming\Babylon
[2012.09.22 11:12:16 | 000,000,000 | ---D | M] -- C:\Users\Hele\AppData\Roaming\Canon
[2010.04.02 21:50:04 | 000,000,000 | ---D | M] -- C:\Users\Hele\AppData\Roaming\cerasus.media
[2010.12.14 18:43:22 | 000,000,000 | ---D | M] -- C:\Users\Hele\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012.11.10 15:52:09 | 000,000,000 | ---D | M] -- C:\Users\Hele\AppData\Roaming\Claro
[2012.08.29 20:40:16 | 000,000,000 | ---D | M] -- C:\Users\Hele\AppData\Roaming\Dropbox
[2012.11.10 15:03:50 | 000,000,000 | ---D | M] -- C:\Users\Hele\AppData\Roaming\DVDVideoSoft
[2012.05.29 17:53:58 | 000,000,000 | ---D | M] -- C:\Users\Hele\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.04.15 18:59:57 | 000,000,000 | ---D | M] -- C:\Users\Hele\AppData\Roaming\Engelmann Media
[2012.07.02 22:41:58 | 000,000,000 | ---D | M] -- C:\Users\Hele\AppData\Roaming\EssentialPIM
[2012.05.23 20:50:44 | 000,000,000 | ---D | M] -- C:\Users\Hele\AppData\Roaming\Flexrise.9F3FBFC56E7DF11606748B3513468A7A7FB809D1.1
[2010.08.08 17:35:08 | 000,000,000 | ---D | M] -- C:\Users\Hele\AppData\Roaming\FreeFLVConverter
[2012.05.23 20:55:07 | 000,000,000 | ---D | M] -- C:\Users\Hele\AppData\Roaming\GeoSetter
[2011.02.27 17:11:35 | 000,000,000 | ---D | M] -- C:\Users\Hele\AppData\Roaming\gnupg
[2010.12.05 16:37:21 | 000,000,000 | ---D | M] -- C:\Users\Hele\AppData\Roaming\gtk-2.0
[2012.07.19 11:20:17 | 000,000,000 | ---D | M] -- C:\Users\Hele\AppData\Roaming\IrfanView
[2012.11.10 17:45:58 | 000,000,000 | ---D | M] -- C:\Users\Hele\AppData\Roaming\KastorFreeVimeoDownloader
[2012.10.07 08:44:08 | 000,000,000 | ---D | M] -- C:\Users\Hele\AppData\Roaming\Lasersoft Imaging
[2012.11.10 13:58:03 | 000,000,000 | ---D | M] -- C:\Users\Hele\AppData\Roaming\Leadertech
[2010.03.26 21:43:39 | 000,000,000 | ---D | M] -- C:\Users\Hele\AppData\Roaming\OpenOffice.org
[2010.04.17 23:39:46 | 000,000,000 | ---D | M] -- C:\Users\Hele\AppData\Roaming\Opera
[2012.08.28 20:59:50 | 000,000,000 | ---D | M] -- C:\Users\Hele\AppData\Roaming\Panasonic
[2011.05.08 18:48:18 | 000,000,000 | ---D | M] -- C:\Users\Hele\AppData\Roaming\picpick
[2010.09.12 17:24:27 | 000,000,000 | ---D | M] -- C:\Users\Hele\AppData\Roaming\PIE
[2012.03.14 15:06:13 | 000,000,000 | ---D | M] -- C:\Users\Hele\AppData\Roaming\Samsung
[2010.03.27 12:28:53 | 000,000,000 | ---D | M] -- C:\Users\Hele\AppData\Roaming\streamripper
[2012.07.02 23:37:16 | 000,000,000 | ---D | M] -- C:\Users\Hele\AppData\Roaming\Temp
[2010.07.27 06:48:13 | 000,000,000 | ---D | M] -- C:\Users\Hele\AppData\Roaming\Thunderbird
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 160 bytes -> C:\ProgramData\TEMP:20087FC5

< End of report >
         
Code:
ATTFilter
 OTL Extras logfile created on: 27.11.2012 22:24:17 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Hele\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
6,00 Gb Total Physical Memory | 4,27 Gb Available Physical Memory | 71,11% Memory free
12,00 Gb Paging File | 9,89 Gb Available in Paging File | 82,47% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931,41 Gb Total Space | 228,56 Gb Free Space | 24,54% Space Free | Partition Type: NTFS
 
Computer Name: Hele-PC | User Name: Hele | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03B2F023-05A3-442B-8367-B86BBABDE918}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{09C579B9-4836-4086-B4B9-49901E8079A6}" = rport=445 | protocol=6 | dir=out | app=system | 
"{1735236F-5AEF-4D8C-93A2-3229D70D51D1}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{23AF7E0A-3951-4EFC-B7A8-5983DA7072D2}" = rport=138 | protocol=17 | dir=out | app=system | 
"{25458A2D-945E-436A-A7DD-2F646B6D3FEE}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{3404C93B-6990-4C4E-90D8-3A6ED3ECC333}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{3CF6E8FB-7024-4B5A-A8ED-7F1ADF5A79FE}" = lport=138 | protocol=17 | dir=in | app=system | 
"{4E726678-1C06-4BB8-8272-61598E2E92FD}" = rport=139 | protocol=6 | dir=out | app=system | 
"{53EB47AA-67F0-41E7-BA4D-C49D043722FA}" = rport=137 | protocol=17 | dir=out | app=system | 
"{6FF3C7D9-470F-4158-A4BA-EF695ECE76D0}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{72B9C408-FF8B-4166-9419-B79B9CD9A333}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe | 
"{75F6EFF6-BA0F-467E-BE0A-78F4B8C24A6C}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{7D88B7F6-5A71-4F3D-9C19-AF68567153D9}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{B8F58512-3689-46C4-AC3D-3FE0F2BF9C13}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{BA4159AA-01DB-4E16-9EC5-4D6F5BE44E96}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{BA60CF5A-B446-4A9A-B71B-A225F9722312}" = lport=445 | protocol=6 | dir=in | app=system | 
"{C2041BE8-A597-49BA-9C33-1C954B746093}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{C5B142E6-E797-4A55-A04E-2B40D8E101B4}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{CD6DB3DC-29BF-4394-ADE9-A9CBC27BE059}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{D5E1398A-D05C-4E78-8EEE-07838DD1D445}" = lport=139 | protocol=6 | dir=in | app=system | 
"{E774093B-CD29-439F-89E9-17E131CD0047}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{E80012FB-E37F-4837-B810-45AB355D348C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{F16A858B-7E06-4566-A13C-77D6A1BD11E4}" = lport=137 | protocol=17 | dir=in | app=system | 
"{F8DE3CD3-9090-412E-A9F7-D02F445FF6D0}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00B7B320-DDE1-4AFE-85D0-ACCD027350BD}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{0867FC36-E877-4C5E-8D64-8C10303D82D7}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{0C7470DD-BEA5-4432-AE17-53AABF248AC0}" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe | 
"{117A8FA1-FB22-4088-9E40-24AC1F65D228}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{124D93E9-D95E-4A31-AD5D-BFCD4241F931}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{13B179D0-58AA-4DED-82A1-0A3961A8C08A}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{4CCF2788-8CCB-4F00-8F70-EC21A5FB0F23}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe | 
"{53E86AED-C0D1-4E53-9FAD-733C48F45C47}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{61C8A993-BD72-4D6B-A09C-8376029EB92E}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{62018C13-C70C-4479-938D-5438764D6F98}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{7E694892-3631-486D-BDF7-7D7ACFA1BB77}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{82697B38-3236-4856-9CCA-7D82A2E75A65}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{833A9EE3-0B0F-4D20-B765-A9E1684DD108}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{847D36A3-BAAF-412F-807C-F61177E20E37}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{8ABCF4DC-1C7D-4172-B4C0-9E69FF9895BB}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{8B8D0749-E841-4D7A-B4EE-9768BF5DC02B}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{910F3D99-DDA2-40C6-9273-BB1C6E30CC31}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe | 
"{9551040C-CA6E-4393-A781-1669CE951ADE}" = protocol=6 | dir=in | app=c:\users\Hele\appdata\roaming\dropbox\bin\dropbox.exe | 
"{99BFB7E2-8EEA-4FAC-BF14-5EF102E93DA2}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe | 
"{9CD1694F-355D-4108-BA7F-B9391F226425}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{9D6B42FC-2D23-43A9-A1E8-3ABEC708619F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{A0235D82-768F-44B0-9BB0-3FF8D1BD890F}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\pluginwrapper\opera_plugin_wrapper.exe | 
"{A681CDD2-9089-4112-A886-95F8833E6DAE}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{B01F9E35-61CC-4554-81A4-319C445898DA}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\pluginwrapper\opera_plugin_wrapper.exe | 
"{B215A7D8-1371-4BE5-8FD7-48C125FC6E73}" = protocol=6 | dir=out | app=system | 
"{BCE949BA-8B7B-4430-B95D-A110ACF0C076}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe | 
"{C29EE8E3-42AE-4849-8674-CF5D84DFB5C0}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{CEB9C505-9963-4EDD-AD23-14EE2C1A5E8E}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{D7BE681E-DE3B-4893-9C6B-A430EA88A1F1}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | 
"{DB5CCB98-82AD-4335-A8C3-D6E667AC2803}" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe | 
"{DCC7A46F-6C66-4113-ABA1-13FD1F000700}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe | 
"{E32E3FF9-D8DA-48E0-875A-EBD6AB246833}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{E4A7880A-3684-4725-B46D-59CA0FAE8F1A}" = protocol=17 | dir=in | app=c:\users\hele\appdata\roaming\dropbox\bin\dropbox.exe | 
"{E90C132B-92B6-4399-92B0-37BE0FC28F3C}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{F0A2713B-A7B6-42A8-9BA1-81DDD74F2CF9}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{F25BD402-9C88-4F9D-8DC3-299462F035A8}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{FE64F2EF-B5B5-48CA-A2B8-0792BE05E887}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"TCP Query User{0BED86B5-269B-46C2-804E-4823354B0200}C:\program files (x86)\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\winamp\winamp.exe | 
"TCP Query User{3D440E17-C2F2-441B-9093-6F486C00E857}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe | 
"TCP Query User{94AC24C2-5BD9-493E-B054-1128253C38E4}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe | 
"TCP Query User{B6B2C7B4-35CC-4BE6-A30E-C9C8E9263F43}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe | 
"UDP Query User{7905536C-953E-49D2-81BF-EFBBA927EA1D}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe | 
"UDP Query User{8E2C9B09-5D35-4380-97C8-BC94010FE25A}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe | 
"UDP Query User{9A7A2E9B-6954-4820-A9DC-C042A2D08D61}C:\program files (x86)\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\winamp\winamp.exe | 
"UDP Query User{A2BE16CA-7686-491D-ACE6-333606099F3A}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5200_series" = Canon MG5200 series MP Drivers
"{1493B2AE-0261-47D2-B1AA-F4DAD0F6C48B}" = iTunes
"{15C6556B-7E19-1EB0-3DD2-EFBA6B89E988}" = ATI AVIVO64 Codecs
"{1FBEA8BA-D40B-48BC-85BC-EE2D5575F27C}" = Microsoft SQL Server VSS Writer
"{23170F69-40C1-2702-0912-000001000000}" = 7-Zip 9.12 (x64 edition)
"{26A24AE4-039D-4CA4-87B4-2F86416032FF}" = Java(TM) 6 Update 32 (64-bit)
"{26A24AE4-039D-4CA4-87B4-2F86417004FF}" = Java(TM) 7 Update 4 (64-bit)
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{64A3A4F4-B792-11D6-A78A-00B0D0160320}" = Java(TM) SE Development Kit 6 Update 32 (64-bit)
"{64A3A4F4-B792-11D6-A78A-00B0D0170040}" = Java SE Development Kit 7 Update 4 (64-bit)
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{7446FE8D-C1F9-4D42-AAAE-5DBCE58605A6}" = Apple Mobile Device Support
"{7C39E0D1-E138-42B1-B083-213EC2CF7692}" = Microsoft SQL Server Native Client
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{AEF6C676-D7A2-4487-BD4B-1BED17B229B5}" = Microsoft-Maus- und Tastatur-Center
"{AF5020D9-116A-46AC-A922-087592F37EC9}" = MobileMe Control Panel
"{B9C9B362-80B9-BE07-B0E7-7FEA1264612E}" = ATI Catalyst Install Manager
"{C78D3032-9DFD-41D0-9DE9-58EAE750CBA4}" = Microsoft Security Client
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{E89E99D4-5ADD-6618-7C77-64DE0FDF8DD1}" = ccc-utility64
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F7ADB493-B913-4D61-9A63-DA736C20C3F2}" = Adobe Photoshop Lightroom 4.1 64-bit
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Mouse and Keyboard Center" = Microsoft-Maus- und Tastatur-Center
"Microsoft Security Client" = Microsoft Security Essentials
"Wacom Tablet Driver" = Wacom Tablett
"Wacom WebTabletPlugin for Internet Explorer and Netscape" = WebTablet FB Plugin 64 bit
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{007F778D-F15C-4EAB-AE92-071D21FAF632}" = Adobe Photoshop Elements 9
"{02627ee5-eaca-4742-a9cc-e687631773e4}" = Nero ShowTime
"{028ED9C4-25EE-4DEE-9CF4-91034BC89B18}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{069B290F-5398-4629-A009-85B4BCB4B1B9}" = Claro Chrome Toolbar
"{06FEC0F9-D836-A627-C140-29D540A04F9B}" = CCC Help French
"{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{11D08055-939C-432b-98C3-E072478A0CD7}" = PSE10 STI Installer
"{15ABFF4D-9BA5-A152-4634-826B24407F2D}" = Catalyst Control Center Localization All
"{1D50AAF6-E33E-C5E1-944E-93EE577A6106}" = CCC Help English
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20400dbd-e6db-45b8-9b6b-1dd7033818ec}" = Nero InfoTool
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{22D3A614-482C-444A-932C-9DA1B8ECDFD2}" = Elements 10 Organizer
"{2348b586-c9ae-46ce-936c-a68e9426e214}" = Nero StartSmart Help
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{33cf58f5-48d8-4575-83d6-96f574e4d83a}" = Nero DriveSpeed
"{368ba326-73ad-4351-84ed-3c0a7a52cc53}" = Nero Rescue Agent
"{3C3A1CF5-A2A0-4D80-8808-609C87FB33FE}_is1" = Bildschutz Pro 3.01
"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker
"{3F88AADB-7B14-6ECF-29DD-A3373313CFFA}" = CCC Help Italian
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{433EACD8-4747-4A6A-826A-FFA9F39B0D40}" = Elements 9 Organizer
"{43e39830-1826-415d-8bae-86845787b54b}" = Nero Vision
"{497A1721-088F-41EF-8876-B43C9DA5528B}" = ArcSoft Software Suite
"{4C5E0D3E-C45A-4910-B359-719DCD1D80EC}_is1" = Mahjongg Dreams
"{4cb9f93c-9edc-4be9-ae61-af128ddbecfa}" = Business Contact Manager für Outlook 2007 SP2
"{4E1D8C96-522A-C779-8176-31722F317AF3}" = Catalyst Control Center Graphics Previews Common
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{524c838e-a4b2-4a83-b18f-c718beb046b9}" = Nero 9 Essentials
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{595a3116-40bb-4e0f-a2e8-d7951da56270}" = NeroExpress
"{5B4383F2-37EE-4E97-AD81-F5FF76F286DA}" = OutlookAddInNet3Setup
"{5d9be3c1-8ba4-4e7e-82fd-9f74fa6815d1}" = Nero Vision
"{5e08ecd1-c98e-4711-bf65-8fd736b3f969}" = Nero RescueAgent Help
"{62ac81f6-bdd3-4110-9d36-3e9eaab40999}" = Nero CoverDesigner
"{65CB4C08-C47B-4A7E-A6A4-50C06ADA5FC6}" = Adobe AIR
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6B4AD1A9-E73A-4184-9D6B-072F8A3C5EBA}" = VoiceOver Kit
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7748ac8c-18e3-43bb-959b-088faea16fb2}" = Nero StartSmart
"{7829db6f-a066-4e40-8912-cb07887c20bb}" = Nero BurnRights
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{83202942-84b3-4c50-8622-b8c0aa2d2885}" = Nero Express Help
"{869200db-287a-4dc0-b02b-2b6787fbcd4c}" = Nero DiscSpeed
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{8ACAF398-B948-6089-C27D-ED6028CD864E}" = CCC Help Swedish
"{8D1B1070-5CA9-9188-A14A-B59751493C3A}" = Catalyst Control Center Graphics Light
"{8E7165FC-5EF2-E3E0-25E9-ED4C650684F9}" = CCC Help Japanese
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_PROHYBRIDR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_PROHYBRIDR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_PROHYBRIDR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_PROHYBRIDR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_PROHYBRIDR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90A40407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{95120000-0122-0407-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{9624F676-62ED-D881-6004-2B76676A81A5}" = Catalyst Control Center Graphics Previews Vista
"{96FB6F2F-8CCA-D4BD-EC06-815A4476D89B}" = CCC Help Spanish
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A00F8237-F496-44D2-0001-E3CCF8CD58AE}" = Photomizer
"{A127C3C0-055E-38CF-B38F-1E85F8BBBFFE}" = Adobe Community Help
"{A142397C-14FE-9966-71A7-9F5DE2F211B0}" = Catalyst Control Center InstallProxy
"{A1748ECE-BFC9-42FF-026A-F983A606D2CC}" = Catalyst Control Center Graphics Full Existing
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{B0EC4494-075D-BBE3-930A-FFD1D40B89A7}" = Catalyst Control Center Core Implementation
"{b2ec4a38-b545-4a00-8214-13fe0e915e6d}" = Advertising Center
"{b78120a0-cf84-4366-a393-4d0a59bc546c}" = Menu Templates - Starter Kit
"{B79F9CEC-427E-E49D-DD14-63C19653CE67}" = CCC Help Danish
"{bd5ca0da-71ad-43da-b19e-6eee0c9adc9a}" = Nero ControlCenter
"{BEC5D22B-A966-1D1C-0223-8187C07AC024}" = ccc-core-static
"{C779648B-410E-4BBA-B75B-5815BCEFE71D}" = Safari
"{cc019e3f-59d2-4486-8d4b-878105b62a71}" = Nero DiscSpeed
"{ce96f5a5-584d-4f8f-aa3e-9baed413db72}" = Nero CoverDesigner Help
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D5D40461-E655-89A5-6273-BBBE9D1F291A}" = CCC Help Chinese Standard
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{d9dcf92e-72eb-412d-ac71-3b01276e5f8b}" = Nero ShowTime
"{dba84796-8503-4ff0-af57-1747dd9a166d}" = Nero Online Upgrade
"{DE470267-C671-2337-7D6F-15979539B9AE}" = CCC Help Norwegian
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E2401EA9-4EB4-74A3-4F87-1DB5D7BC7A3A}" = CCC Help Finnish
"{E2AE009D-37E5-4724-A6B8-0ED6A6BA4F68}" = Elements STI Installer
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{e498385e-1c51-459a-b45f-1721e37aa1a0}" = Movie Templates - Starter Kit
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{e5c7d048-f9b4-4219-b323-8bdb01a2563d}" = Nero DriveSpeed
"{e8a80433-302b-4ff1-815d-fcc8eac482ff}" = Nero Installer
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{EE549AF9-8FAA-4584-83B2-ECF1BC9DC1FF}" = Adobe Photoshop Elements 10
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F10E67C1-25FA-61A7-A25C-84AD96BF833F}" = CCC Help Dutch
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{f4041dce-3fe1-4e18-8a9e-9de65231ee36}" = Nero ControlCenter
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F5266D28-E0B2-4130-BFC5-EE155AD514DC}" = Apple Application Support
"{F5622E83-86B5-4C03-BA6B-26028F83D2B6}" = Catalyst Control Center - Branding
"{f6bdd7c5-89ed-4569-9318-469aa9732572}" = Nero BurnRights
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{F9299907-26DA-0237-159E-80BE4060400D}" = Catalyst Control Center Graphics Full New
"{FBBBCD0A-111B-3DE7-048B-A99C1C4FBCA2}" = CCC Help German
"{fbcdfd61-7dcf-4e71-9226-873ba0053139}" = Nero InfoTool
"{FBD7A67D-D700-4043-B54F-DD106D00F308}" = LameXP
"{FC55F354-E88F-0311-FA49-26AE81F89A80}" = CCC Help Chinese Traditional
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe InDesign 1.5" = Adobe InDesign 1.5
"Adobe Photoshop Elements 10" = Adobe Photoshop Elements 10
"Adobe Photoshop Elements 9" = Adobe Photoshop Elements 9
"AVG Secure Search" = AVG Security Toolbar
"Avira AntiVir Desktop" = Avira Free Antivirus
"Business Contact Manager" = Business Contact Manager für Outlook 2007 SP2
"Canon MG5200 series Benutzerregistrierung" = Canon MG5200 series Benutzerregistrierung
"CANONIJPLM100" = Canon Inkjet Printer/Scanner/Fax Extended Survey Program
"CanonMyPrinter" = Canon My Printer
"CanonSolutionMenuEX" = Canon Solution Menu EX
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"claro" = Claro LTD toolbar  
"Color Efex Pro 4" = Color Efex Pro 4
"Digital Editions" = Adobe Digital Editions
"Doro_is1" = Doro 1.64
"Easy-WebPrint EX" = Canon Easy-WebPrint EX
"EssentialPIM" = EssentialPIM
"Free M4a to MP3 Converter_is1" = Free M4a to MP3 Converter 6.1
"Free Studio_is1" = Free Studio version 5.7.7.1031
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"IrfanView" = IrfanView (remove only)
"Island-Forum Toolbar" = Island-Forum Toolbar
"Kastor Free Vimeo Downloader_is1" = Kastor Free Vimeo Downloader V 1.5
"KLiteCodecPack_is1" = K-Lite Codec Pack 9.4.0 (Full)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000
"MediaNavigation.CDLabelPrint" = CD-LabelPrint
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mozilla Firefox 17.0 (x86 de)" = Mozilla Firefox 17.0 (x86 de)
"Mozilla Thunderbird 13.0.1 (x86 de)" = Mozilla Thunderbird 13.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP Navigator EX 4.0" = Canon MP Navigator EX 4.0
"NAVIGON Fresh" = NAVIGON Fresh 3.4.1
"Opera 12.02.1578" = Opera 12.02
"PicPick" = PicPick
"PROHYBRIDR" = 2007 Microsoft Office system
"SilverFast AFL" = SilverFast AFL 6.6.2r5
"SilverFast Ai CD Dokumentation_is1" = SilverFast Ai CD Dokumentation 6.4.0
"Streamripper" = Streamripper (Remove only)
"Uninstall_is1" = Uninstall 1.0.0.1
"Wacom WebTabletPlugin for Internet Explorer and Netscape" = WebTablet FB Plugin 32 bit
"Winamp" = Winamp
"WinLiveSuite_Wave3" = Windows Live Essentials
"YTdetect" = Yahoo! Detect
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Avira SearchFree Toolbar plus Web Protection Updater
"Google Chrome" = Google Chrome
"Winamp Detect" = Winamp Erkennungs-Plug-in
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 19.01.2012 15:21:21 | Computer Name = Hele-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 20.01.2012 07:59:40 | Computer Name = Hele-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 20.01.2012 07:59:40 | Computer Name = Hele-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 20.01.2012 09:44:38 | Computer Name = Hele-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Photoshop Elements 9.0.exe, Version:
 9.0.0.0, Zeitstempel: 0x4c83dbdb  Name des fehlerhaften Moduls: unknown, Version:
 0.0.0.0, Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x25282064
ID
 des fehlerhaften Prozesses: 0x1190  Startzeit der fehlerhaften Anwendung: 0x01ccd7799c287e59
Pfad
 der fehlerhaften Anwendung: C:\Program Files (x86)\Adobe\Elements 9 Organizer\Photoshop
 Elements 9.0.exe  Pfad des fehlerhaften Moduls: unknown  Berichtskennung: e4d56bba-436c-11e1-8a2c-406186292efb
 
Error - 22.01.2012 10:11:49 | Computer Name = Hele-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 22.01.2012 10:11:49 | Computer Name = Hele-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 23.01.2012 03:41:35 | Computer Name = Hele-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 23.01.2012 03:41:35 | Computer Name = Hele-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 24.01.2012 03:42:14 | Computer Name = Hele-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 24.01.2012 03:42:14 | Computer Name = Hele-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
[ OSession Events ]
Error - 09.01.2011 14:05:16 | Computer Name = Hele-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6548.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 7
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 01.12.2011 04:32:23 | Computer Name = Hele-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6565.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 1667
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 27.05.2012 15:34:41 | Computer Name = Hele-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 29
 seconds with 0 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 26.11.2012 13:46:27 | Computer Name = Hele-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Adobe Active File Monitor" wurde aufgrund folgenden Fehlers
 nicht gestartet:   %%2
 
Error - 26.11.2012 13:46:31 | Computer Name = Hele-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Photoshop Elements Device Connect" wurde aufgrund folgenden
 Fehlers nicht gestartet:   %%2
 
Error - 27.11.2012 13:03:26 | Computer Name = Hele-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Adobe Active File Monitor" wurde aufgrund folgenden Fehlers
 nicht gestartet:   %%2
 
Error - 27.11.2012 13:03:32 | Computer Name = Hele-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Photoshop Elements Device Connect" wurde aufgrund folgenden
 Fehlers nicht gestartet:   %%2
 
Error - 27.11.2012 13:42:36 | Computer Name = Hele-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Adobe Active File Monitor" wurde aufgrund folgenden Fehlers
 nicht gestartet:   %%2
 
Error - 27.11.2012 13:42:41 | Computer Name = Hele-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Photoshop Elements Device Connect" wurde aufgrund folgenden
 Fehlers nicht gestartet:   %%2
 
Error - 27.11.2012 14:45:07 | Computer Name = Hele-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Adobe Active File Monitor" wurde aufgrund folgenden Fehlers
 nicht gestartet:   %%2
 
Error - 27.11.2012 14:45:11 | Computer Name = Hele-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Photoshop Elements Device Connect" wurde aufgrund folgenden
 Fehlers nicht gestartet:   %%2
 
Error - 27.11.2012 16:24:04 | Computer Name = Hele-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Adobe Active File Monitor" wurde aufgrund folgenden Fehlers
 nicht gestartet:   %%2
 
Error - 27.11.2012 16:24:18 | Computer Name = Hele-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Photoshop Elements Device Connect" wurde aufgrund folgenden
 Fehlers nicht gestartet:   %%2
 
 
< End of report >
         

Und jetzt raucht mir der Kopf.
Ich mag garnicht daran denken wieviel Arbeit ich dem jenigen mache, der sich meiner erbarmt.


Ganz liebe Grüße an meinen heldenhaften Retter

Hele

Alt 28.11.2012, 14:40   #2
ryder
/// TB-Ausbilder
 
click to continue by savings sidekick - Standard

click to continue by savings sidekick



So, dann bin ich jetzt dein Held



Ich werde dir bei deinem Problem helfen. Eine Bereinigung ist mitunter mit viel Arbeit für Dich (und mich) verbunden. Bevor es los geht, habe ich etwas Lesestoff für dich.
Zitat:
Lesestoff:
Regeln für die Bereinigung
Damit die Bereinigung funktioniert bitte ich dich, die folgenden Punkte aufmerksam zu lesen:
  • Bitte arbeite alle Schritte der Reihe nach ab. Gib mir bitte zu jedem Schritt Rückmeldung (Logfile oder Antwort) und zwar gesammelt, wenn du alles erledigt hast.
  • Nur Scanns durchführen zu denen Du von einem Helfer aufgefordert wirst.
  • Bitte kein Crossposting (posten in mehreren Foren).
  • Installiere oder Deinstalliere während der Bereinigung keine Software, ausser Du wurdest dazu aufgefordert.
  • Lese Dir die Anleitung zuerst vollständig durch. Sollte etwas unklar sein, frage bevor Du beginnst.
  • Poste die Logfiles direkt in deinen Thread (möglichst in Code-Tags). Nicht anhängen ausser ich fordere Dich dazu auf, oder das Logfile wäre zu gross. Erschwert mir nämlich das Auswerten.
  • Mache deinen Namen nur dann unkenntlich, wenn es unbedingt sein muss.
  • Beim ersten Anzeichen illegal genutzer Software (Cracks, Patches und Co) wird der Support ohne Diskussion eingestellt.
  • Sollte ich nicht nach 3 Tagen geantwortet haben, dann (und nur dann) schicke mir bitte eine PM.
  • Eine Bitte: Mache bitte solange mit, bis ich oder ein anderer Helfer dir mitteilt, dass du "sauber" bist. Das gebietet alleine schon die Höflichkeit und ein Verschwinden der Symptome bedeutet nicht, dass die Schädlinge auch wirklich alle entfernt wurden.
  • Hinweis: Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist meist der Schnellere und immer der sicherste Weg.
Wenn du das alles gelesen und verstanden hast, kannst du loslegen!
Schritt 1:
AdwCleaner: Werbeprogramme suchen und löschen

Downloade Dir bitte AdwCleaner auf deinen Desktop.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Löschen.
  • Bestätige jeweils mit Ok.
  • Dein Rechner wird neu gestartet. Schreibe mir nur ob der Schritt geklappt hat, das anfallende Logfile brauchen wir nicht.
Schritt 2:
Kontrollscan mit OTL
  • Starte bitte OTL.exe - falls noch nicht vorhanden: LINK
  • Stelle sicher, dass "Alle Benuzter Scannen" angehakt ist!
  • Drücke den Quick Scan Button.
  • Poste die OTL.txt hier in deinen Thread.
__________________

__________________

Alt 28.11.2012, 17:55   #3
Hele
 
click to continue by savings sidekick - Standard

click to continue by savings sidekick



Hallo Ryder,

vielen Dank für Deine Bereitschaft mir zu helfen!

AdwCleaner hat geklappt.

OTL Scan „Alle Benutzer“ auch.

Code:
ATTFilter
OTL logfile created on: 28.11.2012 17:28:07 - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Michi2\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
6,00 Gb Total Physical Memory | 3,82 Gb Available Physical Memory | 63,69% Memory free
12,00 Gb Paging File | 9,83 Gb Available in Paging File | 81,97% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931,41 Gb Total Space | 228,26 Gb Free Space | 24,51% Space Free | Partition Type: NTFS
 
Computer Name: MICHI2-PC | User Name: Michi2 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.11.27 22:22:10 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Michi2\Desktop\OTL.exe
PRC - [2012.11.20 07:16:04 | 000,916,960 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012.11.09 13:05:07 | 001,807,800 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe
PRC - [2012.11.09 12:59:02 | 000,711,112 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe
PRC - [2012.10.10 04:51:06 | 010,415,008 | ---- | M] (NTeWORKS) -- C:\Program Files (x86)\PicPick\picpick.exe
PRC - [2012.07.27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.07.18 17:04:33 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2012.07.18 17:04:24 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
PRC - [2012.07.18 17:04:23 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.07.18 17:04:22 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011.11.03 03:11:54 | 000,066,560 | ---- | M] (Nalpeiron Ltd.) -- C:\Windows\SysWOW64\nlssrv32.exe
PRC - [2011.09.14 22:06:38 | 000,169,624 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe
PRC - [2011.01.17 17:50:34 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
PRC - [2011.01.17 17:50:34 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
PRC - [2011.01.17 17:50:34 | 000,307,200 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\swriter.exe
PRC - [2010.09.06 02:19:58 | 000,169,408 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
PRC - [2010.04.05 11:55:01 | 000,116,104 | ---- | M] () -- C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
PRC - [2010.04.02 09:18:54 | 001,185,112 | ---- | M] (CANON INC.) -- C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE
PRC - [2010.03.18 10:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2009.04.17 10:09:46 | 000,935,208 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
PRC - [2009.02.23 11:48:50 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.11.20 07:16:18 | 002,400,224 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2012.11.09 13:05:06 | 014,586,808 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_110.dll
MOD - [2012.11.02 19:59:20 | 002,139,168 | ---- | M] () -- c:\ProgramData\Browser Manager\2.4.897.175\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\browsermngr.dll
MOD - [2011.09.27 06:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011.09.27 06:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011.04.24 16:05:19 | 000,985,088 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
MOD - [2011.04.24 16:05:19 | 000,170,496 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxslt.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2009.11.24 15:17:16 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2012.11.20 07:16:13 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.11.09 13:05:07 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.11.09 12:59:02 | 000,711,112 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe -- (vToolbarUpdater13.2.0)
SRV - [2012.09.12 20:21:48 | 000,368,896 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Programme\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2012.09.12 20:21:48 | 000,022,072 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2012.08.02 12:42:04 | 008,786,848 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Programme\Tablet\Wacom\Wacom_Tablet.exe -- (TabletServiceWacom)
SRV - [2012.08.02 12:42:04 | 000,565,152 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Programme\Tablet\Wacom\Wacom_TouchService.exe -- (TouchServiceWacom)
SRV - [2012.07.27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.07.18 17:04:33 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.07.18 17:04:24 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService)
SRV - [2012.07.18 17:04:23 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.07.13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011.11.03 03:11:54 | 000,066,560 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\Windows\SysWOW64\nlssrv32.exe -- (nlsX86cc)
SRV - [2011.09.14 22:06:38 | 000,169,624 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor10.0)
SRV - [2010.12.10 16:36:54 | 000,153,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
SRV - [2010.09.06 02:19:58 | 000,169,408 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor9.0)
SRV - [2010.04.05 11:55:01 | 000,116,104 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE -- (IJPLMSVC)
SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.03.18 10:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.04.17 10:09:46 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2009.02.23 11:48:50 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.11.09 12:59:03 | 000,030,568 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtpx64.sys -- (avgtp)
DRV:64bit: - [2012.08.30 21:03:48 | 000,128,456 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012.08.21 12:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012.07.18 17:04:42 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012.07.18 17:04:42 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2012.07.18 17:04:41 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012.06.21 14:12:00 | 000,068,512 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wachidrouter.sys -- (WacHidRouter)
DRV:64bit: - [2012.06.21 14:12:00 | 000,013,728 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hidkmdf.sys -- (hidkmdf)
DRV:64bit: - [2012.05.22 13:07:18 | 000,015,736 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wacomrouterfilter.sys -- (wacomrouterfilter)
DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.08.01 14:59:06 | 000,045,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2011.05.18 07:08:32 | 000,047,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)
DRV:64bit: - [2011.05.10 07:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.08.27 05:32:20 | 000,161,280 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ss_bmdm.sys -- (ss_bmdm)
DRV:64bit: - [2010.08.27 05:32:20 | 000,128,000 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ss_bserd.sys -- (ss_bserd)
DRV:64bit: - [2010.08.27 05:32:20 | 000,127,488 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ss_bbus.sys -- (ss_bbus)
DRV:64bit: - [2010.08.27 05:32:20 | 000,018,944 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ss_bmdfl.sys -- (ss_bmdfl)
DRV:64bit: - [2010.07.26 14:18:58 | 000,020,568 | ---- | M] (Devguru Co., Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dgderdrv.sys -- (dgderdrv)
DRV:64bit: - [2010.07.26 14:15:26 | 000,016,392 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TFsExDisk.sys -- (TFsExDisk)
DRV:64bit: - [2010.03.19 03:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009.11.24 15:52:14 | 006,174,720 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009.11.18 11:30:56 | 000,123,408 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 21:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.03.01 23:05:32 | 000,187,392 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV - [2010.07.26 14:15:26 | 000,016,392 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys -- (TFsExDisk)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [1999.10.13 14:19:20 | 000,012,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\usbscan.sys -- (usbscan)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-3320590840-971583442-1121360795-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-21-3320590840-971583442-1121360795-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-3320590840-971583442-1121360795-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-3320590840-971583442-1121360795-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 3A EF 97 98 72 FB CC 01  [binary data]
IE - HKU\S-1-5-21-3320590840-971583442-1121360795-1004\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
IE - HKU\S-1-5-21-3320590840-971583442-1121360795-1004\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-3320590840-971583442-1121360795-1004\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-3320590840-971583442-1121360795-1004\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://www.claro-search.com/?q={searchTerms}&affID=114508&tt=4512_3&babsrc=SP_clro&mntrId=88f18f94000000000000406186292efb
IE - HKU\S-1-5-21-3320590840-971583442-1121360795-1004\..\SearchScopes\{482D0F30-8F15-4196-B9CC-FE1D26521EEC}: "URL" = hxxp://www.google.com/search?q={searchTerms}&amp;sourceid=ie7&amp;rls=com.microsoft:{language}:{referrer:source}&amp;ie={inputEncoding?}&oe={outputEncoding?}
IE - HKU\S-1-5-21-3320590840-971583442-1121360795-1004\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = https://isearch.avg.com/search?cid={D74498D5-1FCC-4678-83DA-D662D8236DFB}&mid=a9eb25d8297147d092a49128c0cdc708-0f92206d30766c61a0e476dfd538e92fdc7dee00&lang=en&ds=bm013&pr=sa&d=2012-09-05 17:59:02&v=12.2.0.5&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-3320590840-971583442-1121360795-1004\..\SearchScopes\{E4DD147D-1147-48C2-A882-262B75A206A9}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-W1&o=100000080&src=kw&q={searchTerms}&locale=de_DE&apn_ptnrs=JM&apn_dtid=YYYYYYYYDE&apn_uid=76caf8f0-cb63-4079-9288-35200330b8e1&apn_sauid=F72F764F-A2CF-4767-A9E4-5D9761D99B7F
IE - HKU\S-1-5-21-3320590840-971583442-1121360795-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3320590840-971583442-1121360795-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.bing.com/?cc=de"
FF - prefs.js..extensions.enabledAddons: ich%40maltegoetz.de:1.4.3
FF - prefs.js..extensions.enabledAddons: %7B1018e4d6-728f-4b20-ad56-37578a4de76b%7D:4.2.3
FF - prefs.js..extensions.enabledAddons: %7B20cc25e2-48c9-45e1-9a1f-1ccc1882b81b%7D:1.9
FF - prefs.js..extensions.enabledAddons: %7B64161300-e22b-11db-8314-0800200c9a66%7D:0.9.6.10
FF - prefs.js..extensions.enabledAddons: %7BACAA314B-EEBA-48e4-AD47-84E31C44796C%7D:4.2.1.7
FF - prefs.js..extensions.enabledAddons: %7Bc36177c0-224a-11da-8cd6-0800200c9a91%7D:3.9.81
FF - prefs.js..extensions.enabledAddons: %7Bef4e370e-d9f0-4e00-b93e-a4f274cfdd5a%7D:1.4.5
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.8
FF - prefs.js..extensions.enabledItems: {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}:1.4.2b
FF - prefs.js..extensions.enabledItems: {64161300-e22b-11db-8314-0800200c9a66}:0.9.5.8
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:2.7.0.14
FF - prefs.js..extensions.enabledItems: {699d7c86-b4fb-477b-b738-3d7a16439036}:3.4.1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_110.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.0: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@wacom.com/wtPlugin,version=2.1.0.2: C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_110.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@wacom.com/wtPlugin,version=2.1.0.2: C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Michi2\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Michi2\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\wacom.com/WacomTabletPlugin: C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.11.27 18:26:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.11.17 19:49:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.11.17 19:49:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{dfefbe51-ca52-484b-adf0-6b158b05262d}: C:\ProgramData\Browser Manager\2.4.897.175\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\FirefoxExtension
 
[2010.07.28 18:29:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Michi2\AppData\Roaming\mozilla\Extensions
[2010.07.27 06:48:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Michi2\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012.11.28 17:17:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Michi2\AppData\Roaming\mozilla\Firefox\Profiles\0z7dx9gw.default\extensions
[2012.11.10 15:51:01 | 000,000,000 | ---D | M] (Flagfox) -- C:\Users\Michi2\AppData\Roaming\mozilla\Firefox\Profiles\0z7dx9gw.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
[2012.11.22 19:36:08 | 000,000,000 | ---D | M] ("DVDVideoSoft YouTube MP3 and Video Download") -- C:\Users\Michi2\AppData\Roaming\mozilla\Firefox\Profiles\0z7dx9gw.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.09.16 18:09:08 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\Michi2\AppData\Roaming\mozilla\Firefox\Profiles\0z7dx9gw.default\extensions\ich@maltegoetz.de
[2012.11.20 18:53:43 | 000,000,000 | ---D | M] (Icelandic Dictionary) -- C:\Users\Michi2\AppData\Roaming\mozilla\Firefox\Profiles\0z7dx9gw.default\extensions\is@dictionaries.addons.mozilla.org
[2011.06.02 13:42:44 | 000,010,285 | ---- | M] () (No name found) -- C:\Users\Michi2\AppData\Roaming\mozilla\firefox\profiles\0z7dx9gw.default\extensions\{20cc25e2-48c9-45e1-9a1f-1ccc1882b81b}.xpi
[2012.10.11 08:11:03 | 000,281,285 | ---- | M] () (No name found) -- C:\Users\Michi2\AppData\Roaming\mozilla\firefox\profiles\0z7dx9gw.default\extensions\{64161300-e22b-11db-8314-0800200c9a66}.xpi
[2012.11.22 19:13:18 | 000,035,614 | ---- | M] () (No name found) -- C:\Users\Michi2\AppData\Roaming\mozilla\firefox\profiles\0z7dx9gw.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi
[2012.07.15 11:32:28 | 000,177,357 | ---- | M] () (No name found) -- C:\Users\Michi2\AppData\Roaming\mozilla\firefox\profiles\0z7dx9gw.default\extensions\{c36177c0-224a-11da-8cd6-0800200c9a91}.xpi
[2012.11.24 19:08:52 | 000,804,627 | ---- | M] () (No name found) -- C:\Users\Michi2\AppData\Roaming\mozilla\firefox\profiles\0z7dx9gw.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012.04.01 11:32:31 | 000,685,019 | ---- | M] () (No name found) -- C:\Users\Michi2\AppData\Roaming\mozilla\firefox\profiles\0z7dx9gw.default\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}.xpi
[2012.11.26 19:39:22 | 000,001,610 | ---- | M] () -- C:\Users\Michi2\AppData\Roaming\mozilla\firefox\profiles\0z7dx9gw.default\searchplugins\ixquick-https---deutsch.xml
[2010.11.03 16:32:08 | 000,000,834 | ---- | M] () -- C:\Users\Michi2\AppData\Roaming\mozilla\firefox\profiles\0z7dx9gw.default\searchplugins\lonely-planet-online.xml
[2012.11.27 18:26:28 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.11.20 07:17:00 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.10.26 19:49:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2012.11.20 08:13:26 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.11.20 08:13:26 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.11.20 08:13:26 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.11.20 08:13:26 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.11.20 08:13:26 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.11.20 08:13:26 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider:  ()
CHR - default_search_provider: search_url = 
CHR - default_search_provider: suggest_url = 
CHR - homepage: hxxp://www.claro-search.com/?affID=114508&tt=4512_3&babsrc=HP_clro&mntrId=88f18f94000000000000406186292efb
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll File not found
O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll File not found
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll File not found
O3 - HKLM\..\Toolbar: (Claro LTD Toolbar) - {9E131A93-EED7-4BEB-B015-A0ADB30B5646} - C:\Program Files (x86)\Claro LTD\claro\1.8.3.10\claroTlbr.dll File not found
O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll File not found
O3 - HKU\S-1-5-21-3320590840-971583442-1121360795-1004\..\Toolbar\WebBrowser: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll File not found
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft Device Center\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [IntelliType Pro] c:\Program Files\Microsoft Device Center\itype.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Programme\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.)
O4 - HKLM..\Run: [ROC_roc_ssl_v12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12 File not found
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe" File not found
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3320590840-971583442-1121360795-1004..\Run: [PicPick Start] C:\Program Files (x86)\PicPick\picpick.exe (NTeWORKS)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Michi 1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Michi2\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm ()
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Michi2\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://c:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Free YouTube Download - C:\Users\Michi2\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Michi2\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://c:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000019 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab (Java Plug-in 10.4.0)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.7.0_04)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{236FDCB1-0D63-4919-8875-5408D003D4F9}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (c:\progra~3\browse~1\24897~1.175\{61d8b~1\browse~1.dll) - c:\ProgramData\Browser Manager\2.4.897.175\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\browsermngr.dll ()
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{2df44f93-f587-11df-9530-406186292efb}\Shell - "" = AutoRun
O33 - MountPoints2\{2df44f93-f587-11df-9530-406186292efb}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.11.27 22:22:08 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Michi2\Desktop\OTL.exe
[2012.11.27 21:05:42 | 000,000,000 | ---D | C] -- C:\Users\Michi2\AppData\Roaming\Malwarebytes
[2012.11.27 21:05:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.11.27 21:04:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.11.27 21:04:57 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.11.27 21:04:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.11.17 19:49:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2012.11.14 17:54:51 | 000,000,000 | ---D | C] -- C:\Program Files\autostitch
[2012.11.12 12:45:04 | 000,000,000 | ---D | C] -- C:\Users\Michi2\AppData\Roaming\Media Player Classic
[2012.11.10 17:46:00 | 000,000,000 | ---D | C] -- C:\Users\Michi2\Documents\Videos
[2012.11.10 16:14:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kastor Free Vimeo Downloader
[2012.11.10 16:14:05 | 000,000,000 | ---D | C] -- C:\Users\Michi2\AppData\Roaming\KastorFreeVimeoDownloader
[2012.11.10 16:14:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Kastor Free Vimeo Downloader
[2012.11.10 15:49:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Browser Manager
[2012.11.10 15:45:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack
[2012.11.10 15:45:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\K-Lite Codec Pack
[2012.11.10 14:59:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DVDVideoSoft
[2012.11.10 13:58:03 | 000,000,000 | ---D | C] -- C:\Users\Michi2\AppData\Roaming\Leadertech
[2012.10.29 23:10:29 | 000,000,000 | ---D | C] -- C:\Program Files\EasyDownLight
 
========== Files - Modified Within 30 Days ==========
 
[2012.11.28 17:26:57 | 000,014,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.11.28 17:26:57 | 000,014,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.11.28 17:19:58 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.11.28 17:19:19 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.11.28 17:19:14 | 536,223,743 | -HS- | M] () -- C:\hiberfil.sys
[2012.11.28 17:16:32 | 000,480,125 | ---- | M] () -- C:\Users\Michi2\Desktop\adwcleaner.exe
[2012.11.28 17:09:00 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3320590840-971583442-1121360795-1004UA.job
[2012.11.28 08:57:00 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.11.28 08:47:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.11.28 08:45:28 | 001,657,310 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.11.28 08:45:28 | 000,715,260 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.11.28 08:45:28 | 000,666,274 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.11.28 08:45:28 | 000,155,188 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.11.28 08:45:28 | 000,125,408 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.11.28 00:08:53 | 000,048,551 | ---- | M] () -- C:\Users\Michi2\Desktop\TB anfrage.odt
[2012.11.27 23:02:24 | 000,017,330 | ---- | M] () -- C:\Users\Michi2\Desktop\Malwarebytes Scan 27112012.odt
[2012.11.27 22:22:10 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Michi2\Desktop\OTL.exe
[2012.11.27 22:20:23 | 000,000,000 | ---- | M] () -- C:\Users\Michi2\defogger_reenable
[2012.11.27 22:18:42 | 000,050,477 | ---- | M] () -- C:\Users\Michi2\Desktop\Defogger.exe
[2012.11.27 21:34:44 | 000,148,755 | ---- | M] () -- C:\Users\Michi2\Desktop\Bild 3.png
[2012.11.27 21:21:54 | 000,127,097 | ---- | M] () -- C:\Users\Michi2\Desktop\Bild 2.png
[2012.11.27 21:19:36 | 000,248,701 | ---- | M] () -- C:\Users\Michi2\Desktop\Bild 1.png
[2012.11.27 21:05:04 | 000,001,116 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.11.26 18:46:08 | 000,615,920 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.11.25 19:35:41 | 000,165,698 | ---- | M] () -- C:\Users\Michi2\Desktop\Was guckst du.pdf
[2012.11.25 15:28:10 | 010,058,285 | ---- | M] () -- C:\Users\Michi2\Desktop\galileodesign_photoshop_elements_10_wolf.pdf
[2012.11.25 15:09:01 | 000,001,072 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3320590840-971583442-1121360795-1004Core.job
[2012.11.22 18:20:14 | 000,001,331 | ---- | M] () -- C:\Users\Michi2\Desktop\RouteConverterWindows64 - Verknüpfung.lnk
[2012.11.22 18:18:41 | 000,001,150 | ---- | M] () -- C:\Users\Michi2\Desktop\EasyDownLight - Verknüpfung.lnk
[2012.11.22 18:18:03 | 000,001,123 | ---- | M] () -- C:\Users\Michi2\Desktop\autostitch - Verknüpfung.lnk
[2012.11.19 08:32:34 | 000,011,119 | ---- | M] () -- C:\Users\Michi2\Documents\Widerspruch **** Sparkasse.odt
[2012.11.15 09:31:11 | 000,002,125 | ---- | M] () -- C:\Users\Michi2\Desktop\Reflecta Scanner Reparatur 3 - Verknüpfung.lnk
[2012.11.15 09:31:11 | 000,002,125 | ---- | M] () -- C:\Users\Michi2\Desktop\Reflecta Scanner Reparatur 2 - Verknüpfung.lnk
[2012.11.15 09:31:11 | 000,002,125 | ---- | M] () -- C:\Users\Michi2\Desktop\Reflecta Scanner Reparatur 1 - Verknüpfung.lnk
[2012.11.14 22:12:15 | 000,008,434 | ---- | M] () -- C:\Users\Michi2\Desktop\316 - Verknüpfung.lnk
[2012.11.14 22:12:11 | 000,008,434 | ---- | M] () -- C:\Users\Michi2\Desktop\318 - Verknüpfung.lnk
[2012.11.14 22:12:02 | 000,008,434 | ---- | M] () -- C:\Users\Michi2\Desktop\304 - Verknüpfung.lnk
[2012.11.14 22:11:34 | 000,008,434 | ---- | M] () -- C:\Users\Michi2\Desktop\299 - Verknüpfung.lnk
[2012.11.14 22:11:03 | 000,008,434 | ---- | M] () -- C:\Users\Michi2\Desktop\291 - Verknüpfung.lnk
[2012.11.14 22:10:41 | 000,008,434 | ---- | M] () -- C:\Users\Michi2\Desktop\286 - Verknüpfung.lnk
[2012.11.14 17:53:01 | 001,079,825 | ---- | M] () -- C:\Users\Michi2\Desktop\autostitch.zip
[2012.11.10 13:40:09 | 000,171,426 | ---- | M] () -- C:\Users\Michi2\Desktop\D L.jpg
[2012.11.10 13:14:04 | 000,059,867 | ---- | M] () -- C:\Users\Michi2\Documents\Die besten 50 Mitarbeiter des Unternehmens 2011_12   20121105134048.pdf
[2012.11.09 12:59:03 | 000,030,568 | ---- | M] (AVG Technologies) -- C:\Windows\SysNative\drivers\avgtpx64.sys
[2012.11.04 12:42:01 | 000,009,922 | ---- | M] () -- C:\Users\Michi2\Documents\Euro NCAP Test und ADAC Bericht.ods
[2012.10.29 23:48:58 | 000,000,205 | ---- | M] () -- C:\Users\Michi2\AppData\Roaming\default.rss
 
========== Files Created - No Company Name ==========
 
[2012.11.28 17:16:26 | 000,480,125 | ---- | C] () -- C:\Users\Michi2\Desktop\adwcleaner.exe
[2012.11.27 22:54:44 | 000,048,551 | ---- | C] () -- C:\Users\Michi2\Desktop\TB anfrage.odt
[2012.11.27 22:23:37 | 000,017,330 | ---- | C] () -- C:\Users\Michi2\Desktop\Malwarebytes Scan 27112012.odt
[2012.11.27 22:20:23 | 000,000,000 | ---- | C] () -- C:\Users\Michi2\defogger_reenable
[2012.11.27 22:18:41 | 000,050,477 | ---- | C] () -- C:\Users\Michi2\Desktop\Defogger.exe
[2012.11.27 21:34:44 | 000,148,755 | ---- | C] () -- C:\Users\Michi2\Desktop\Bild 3.png
[2012.11.27 21:21:54 | 000,127,097 | ---- | C] () -- C:\Users\Michi2\Desktop\Bild 2.png
[2012.11.27 21:19:36 | 000,248,701 | ---- | C] () -- C:\Users\Michi2\Desktop\Bild 1.png
[2012.11.27 21:05:04 | 000,001,116 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.11.25 19:35:41 | 000,165,698 | ---- | C] () -- C:\Users\Michi2\Desktop\Was guckst du.pdf
[2012.11.25 16:20:37 | 000,001,004 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help.lnk
[2012.11.25 16:16:37 | 000,001,912 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop Elements 10.lnk
[2012.11.25 15:28:09 | 010,058,285 | ---- | C] () -- C:\Users\Michi2\Desktop\galileodesign_photoshop_elements_10_wolf.pdf
[2012.11.22 18:18:41 | 000,001,150 | ---- | C] () -- C:\Users\Michi2\Desktop\EasyDownLight - Verknüpfung.lnk
[2012.11.22 18:18:03 | 000,001,123 | ---- | C] () -- C:\Users\Michi2\Desktop\autostitch - Verknüpfung.lnk
[2012.11.19 08:32:32 | 000,011,119 | ---- | C] () -- C:\Users\Michi2\Documents\Widerspruch **** Sparkasse.odt
[2012.11.16 20:08:47 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2012.11.16 19:58:02 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2012.11.14 22:12:15 | 000,008,434 | ---- | C] () -- C:\Users\Michi2\Desktop\316 - Verknüpfung.lnk
[2012.11.14 22:12:11 | 000,008,434 | ---- | C] () -- C:\Users\Michi2\Desktop\318 - Verknüpfung.lnk
[2012.11.14 22:12:02 | 000,008,434 | ---- | C] () -- C:\Users\Michi2\Desktop\304 - Verknüpfung.lnk
[2012.11.14 22:11:34 | 000,008,434 | ---- | C] () -- C:\Users\Michi2\Desktop\299 - Verknüpfung.lnk
[2012.11.14 22:11:03 | 000,008,434 | ---- | C] () -- C:\Users\Michi2\Desktop\291 - Verknüpfung.lnk
[2012.11.14 22:10:41 | 000,008,434 | ---- | C] () -- C:\Users\Michi2\Desktop\286 - Verknüpfung.lnk
[2012.11.14 21:52:43 | 000,002,125 | ---- | C] () -- C:\Users\Michi2\Desktop\Reflecta Scanner Reparatur 3 - Verknüpfung.lnk
[2012.11.14 21:52:43 | 000,002,125 | ---- | C] () -- C:\Users\Michi2\Desktop\Reflecta Scanner Reparatur 2 - Verknüpfung.lnk
[2012.11.14 21:52:43 | 000,002,125 | ---- | C] () -- C:\Users\Michi2\Desktop\Reflecta Scanner Reparatur 1 - Verknüpfung.lnk
[2012.11.14 17:52:41 | 001,079,825 | ---- | C] () -- C:\Users\Michi2\Desktop\autostitch.zip
[2012.11.10 15:45:26 | 000,178,688 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2012.11.10 13:14:04 | 000,059,867 | ---- | C] () -- C:\Users\Michi2\Documents\Die besten 50 Mitarbeiter des Unternehmens 2011_12   20121105134048.pdf
[2012.11.04 11:31:52 | 000,009,922 | ---- | C] () -- C:\Users\Michi2\Documents\Euro NCAP Test und ADAC Bericht.ods
[2012.11.01 12:49:31 | 000,171,426 | ---- | C] () -- C:\Users\Michi2\Desktop\D L.jpg
[2012.09.03 12:12:09 | 007,339,099 | ---- | C] () -- C:\Program Files\RouteConverterWindows64.exe
[2012.08.28 19:54:32 | 000,007,606 | ---- | C] () -- C:\Users\Michi2\AppData\Local\Resmon.ResmonCfg
[2012.07.15 15:14:06 | 000,001,049 | ---- | C] () -- C:\Users\Michi2\AppData\Roaming\.ptbt0
[2012.05.19 13:33:50 | 000,001,158 | ---- | C] () -- C:\Users\Michi2\AppData\Roaming\ShiftN.ini
[2011.11.03 03:12:00 | 000,326,144 | ---- | C] () -- C:\Windows\SysWow64\ColorEfexPro4FC32.dll
[2011.07.06 13:21:42 | 000,311,296 | ---- | C] () -- C:\Windows\SysWow64\EMRegSys.dll
[2011.06.07 11:13:38 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2011.06.07 11:13:38 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2011.06.07 11:13:38 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2011.06.07 11:13:38 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2011.06.07 11:13:38 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2011.05.29 16:15:59 | 000,005,467 | ---- | C] () -- C:\Users\Michi2\ESt2010_****_****.elfo
[2010.12.05 16:49:22 | 000,039,626 | ---- | C] () -- C:\Users\Michi2\.recently-used.xbel
[2010.09.18 18:46:19 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.09.12 16:04:16 | 000,021,062 | -H-- | C] () -- C:\ProgramData\M33KI
[2010.08.28 16:17:16 | 000,000,205 | ---- | C] () -- C:\Users\Michi2\AppData\Roaming\default.rss
[2010.03.26 20:18:38 | 000,013,824 | ---- | C] () -- C:\Users\Michi2\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2010.08.11 18:33:32 | 000,000,000 | ---D | M] -- C:\Users\Gast\AppData\Roaming\OpenOffice.org
[2010.08.12 18:21:11 | 000,000,000 | ---D | M] -- C:\Users\Gast\AppData\Roaming\Opera
[2010.08.08 17:35:17 | 000,000,000 | ---D | M] -- C:\Users\Michi 1\AppData\Roaming\FreeFLVConverter
[2010.08.08 19:02:24 | 000,000,000 | ---D | M] -- C:\Users\Michi 1\AppData\Roaming\OpenOffice.org
[2010.07.21 18:47:32 | 000,000,000 | ---D | M] -- C:\Users\Michi 1\AppData\Roaming\Opera
[2010.07.26 20:46:17 | 000,000,000 | ---D | M] -- C:\Users\Michi 1\AppData\Roaming\Thunderbird
[2012.09.22 11:12:16 | 000,000,000 | ---D | M] -- C:\Users\Michi2\AppData\Roaming\Canon
[2010.04.02 21:50:04 | 000,000,000 | ---D | M] -- C:\Users\Michi2\AppData\Roaming\cerasus.media
[2010.12.14 18:43:22 | 000,000,000 | ---D | M] -- C:\Users\Michi2\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012.08.29 20:40:16 | 000,000,000 | ---D | M] -- C:\Users\Michi2\AppData\Roaming\Dropbox
[2012.11.10 15:03:50 | 000,000,000 | ---D | M] -- C:\Users\Michi2\AppData\Roaming\DVDVideoSoft
[2012.05.29 17:53:58 | 000,000,000 | ---D | M] -- C:\Users\Michi2\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.04.15 18:59:57 | 000,000,000 | ---D | M] -- C:\Users\Michi2\AppData\Roaming\Engelmann Media
[2012.07.02 22:41:58 | 000,000,000 | ---D | M] -- C:\Users\Michi2\AppData\Roaming\EssentialPIM
[2012.05.23 20:50:44 | 000,000,000 | ---D | M] -- C:\Users\Michi2\AppData\Roaming\Flexrise.9F3FBFC56E7DF11606748B3513468A7A7FB809D1.1
[2010.08.08 17:35:08 | 000,000,000 | ---D | M] -- C:\Users\Michi2\AppData\Roaming\FreeFLVConverter
[2012.05.23 20:55:07 | 000,000,000 | ---D | M] -- C:\Users\Michi2\AppData\Roaming\GeoSetter
[2011.02.27 17:11:35 | 000,000,000 | ---D | M] -- C:\Users\Michi2\AppData\Roaming\gnupg
[2010.12.05 16:37:21 | 000,000,000 | ---D | M] -- C:\Users\Michi2\AppData\Roaming\gtk-2.0
[2012.07.19 11:20:17 | 000,000,000 | ---D | M] -- C:\Users\Michi2\AppData\Roaming\IrfanView
[2012.11.10 17:45:58 | 000,000,000 | ---D | M] -- C:\Users\Michi2\AppData\Roaming\KastorFreeVimeoDownloader
[2012.10.07 08:44:08 | 000,000,000 | ---D | M] -- C:\Users\Michi2\AppData\Roaming\Lasersoft Imaging
[2012.11.10 13:58:03 | 000,000,000 | ---D | M] -- C:\Users\Michi2\AppData\Roaming\Leadertech
[2010.03.26 21:43:39 | 000,000,000 | ---D | M] -- C:\Users\Michi2\AppData\Roaming\OpenOffice.org
[2010.04.17 23:39:46 | 000,000,000 | ---D | M] -- C:\Users\Michi2\AppData\Roaming\Opera
[2012.08.28 20:59:50 | 000,000,000 | ---D | M] -- C:\Users\Michi2\AppData\Roaming\Panasonic
[2011.05.08 18:48:18 | 000,000,000 | ---D | M] -- C:\Users\Michi2\AppData\Roaming\picpick
[2010.09.12 17:24:27 | 000,000,000 | ---D | M] -- C:\Users\Michi2\AppData\Roaming\PIE
[2012.03.14 15:06:13 | 000,000,000 | ---D | M] -- C:\Users\Michi2\AppData\Roaming\Samsung
[2010.03.27 12:28:53 | 000,000,000 | ---D | M] -- C:\Users\Michi2\AppData\Roaming\streamripper
[2012.07.02 23:37:16 | 000,000,000 | ---D | M] -- C:\Users\Michi2\AppData\Roaming\Temp
[2010.07.27 06:48:13 | 000,000,000 | ---D | M] -- C:\Users\Michi2\AppData\Roaming\Thunderbird
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 160 bytes -> C:\ProgramData\TEMP:20087FC5

< End of report >
         
__________________

Alt 28.11.2012, 18:10   #4
ryder
/// TB-Ausbilder
 
click to continue by savings sidekick - Standard

click to continue by savings sidekick



Bei den ganzen Müll-Add-Ons die du dir so installierst a la "Downloader" brauchst du dich über unerwünschte Werbung natürlich nicht zu wundern.

Schritt 1:
Fix mit OTL

Zitat:
Warnung: Dieses Skript wurde nur für diesen User und diese spezielle Situation geschrieben. Auf anderen Computern ausgeführt kann es nachhaltige Schäden anrichten!
Hinweis: Wenn du deinen Benutzernamen unkenntlich gemacht hast, musst du wieder deinen richtigen Namen einsetzen, ansonsten wird das Skript nicht funktionieren.
  • Starte bitte die OTL.exe.
  • Kopiere nun den Inhalt aus der Codebox in die Textbox.
Code:
ATTFilter
:OTL
O3 - HKLM\..\Toolbar: (Claro LTD Toolbar) - {9E131A93-EED7-4BEB-B015-A0ADB30B5646} - C:\Program Files (x86)\Claro LTD\claro\1.8.3.10\claroTlbr.dll File not found
O20 - AppInit_DLLs: (c:\progra~3\browse~1\24897~1.175\{61d8b~1\browse~1.dll) - c:\ProgramData\Browser Manager\2.4.897.175\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\browsermngr.dll ()
@Alternate Data Stream - 160 bytes -> C:\ProgramData\TEMP:20087FC5

:files
C:\Program Files (x86)\Claro LTD
c:\ProgramData\Browser Manager


:commands
[Emptytemp]
         
  • Schliesse bitte nun alle Programme.
  • Klicke nun bitte auf den Fix Button.
  • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
  • Nach dem Neustart findest Du ein Textdokument auf deinem Desktop. ( Auch zu finden unter C:\_OTL\MovedFiles\<time_date>.txt)
  • Kopiere nun den Inhalt hier in deinen Thread, möglichst in Code-Tags.

Hinweis: Die Ausführung des Kommandos kann einige Minuten dauern und OTL scheint in dieser Zeit nicht zu reagieren. Bitte geduldig sein!

Schritt 2:
Kontrollscan mit OTL
  • Starte bitte OTL.exe - falls noch nicht vorhanden: LINK
  • Stelle sicher, dass "Alle Benuzter Scannen" angehakt ist!
  • Drücke den Quick Scan Button.
  • Poste die OTL.txt hier in deinen Thread.
Schritt 3:
Hast du noch Probleme mit den Sidekicks?
__________________
Digitale Freibeuter gegen Malware!
Keine Hilfe per PM!

Alt 28.11.2012, 18:58   #5
Hele
 
click to continue by savings sidekick - Standard

click to continue by savings sidekick



Nicht schimpfen, ich zeige mich einsichtig und gelobe Besserung.

Schritt 1:
OTL Scan mit Fix

Code:
ATTFilter
All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{9E131A93-EED7-4BEB-B015-A0ADB30B5646} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9E131A93-EED7-4BEB-B015-A0ADB30B5646}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:c:\progra~3\browse~1\24897~1.175\{61d8b~1\browse~1.dll deleted successfully.
c:\ProgramData\Browser Manager\2.4.897.175\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\browsermngr.dll moved successfully.
ADS C:\ProgramData\TEMP:20087FC5 deleted successfully.
========== FILES ==========
File\Folder C:\Program Files (x86)\Claro LTD not found.
Folder move failed. c:\ProgramData\Browser Manager\2.4.897.175\{61d8b74e-8d89-46ff-afa6-33382c54ac73} scheduled to be moved on reboot.
Folder move failed. c:\ProgramData\Browser Manager\2.4.897.175 scheduled to be moved on reboot.
Folder move failed. c:\ProgramData\Browser Manager scheduled to be moved on reboot.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56478 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Gast
->Temp folder emptied: 168655 bytes
->Temporary Internet Files folder emptied: 688716 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 54160593 bytes
->Opera cache emptied: 240 bytes
->Flash cache emptied: 434 bytes
 
User: Michi 1
->Temp folder emptied: 2446997 bytes
->Temporary Internet Files folder emptied: 737868 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 100941905 bytes
->Opera cache emptied: 20100392 bytes
->Flash cache emptied: 4204 bytes
 
User: Michi2
->Temp folder emptied: 9202 bytes
->Temporary Internet Files folder emptied: 190460665 bytes
->Java cache emptied: 7700233 bytes
->FireFox cache emptied: 85048028 bytes
->Google Chrome cache emptied: 16825741 bytes
->Apple Safari cache emptied: 4037632 bytes
->Opera cache emptied: 13296410 bytes
->Flash cache emptied: 177470 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 89137938 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67832 bytes
RecycleBin emptied: 1951558275 bytes
 
Total Files Cleaned = 2.420,00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 11282012_182741

Files\Folders moved on Reboot...
c:\ProgramData\Browser Manager\2.4.897.175\{61d8b74e-8d89-46ff-afa6-33382c54ac73} folder moved successfully.
c:\ProgramData\Browser Manager\2.4.897.175 folder moved successfully.
c:\ProgramData\Browser Manager folder moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
         
Schritt 2:
OTL Scan alle Benutzer
Code:
ATTFilter
OTL logfile created on: 28.11.2012 18:37:16 - Run 4
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Michi2\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
6,00 Gb Total Physical Memory | 4,17 Gb Available Physical Memory | 69,46% Memory free
12,00 Gb Paging File | 10,10 Gb Available in Paging File | 84,16% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931,41 Gb Total Space | 230,45 Gb Free Space | 24,74% Space Free | Partition Type: NTFS
 
Computer Name: MICHI2-PC | User Name: Michi2 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.11.27 22:22:10 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Michi2\Desktop\OTL.exe
PRC - [2012.11.20 07:16:04 | 000,916,960 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012.11.09 13:05:07 | 001,807,800 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe
PRC - [2012.11.09 12:59:02 | 000,711,112 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe
PRC - [2012.10.10 04:51:06 | 010,415,008 | ---- | M] (NTeWORKS) -- C:\Program Files (x86)\PicPick\picpick.exe
PRC - [2012.07.27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.07.18 17:04:33 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2012.07.18 17:04:24 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
PRC - [2012.07.18 17:04:23 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.07.18 17:04:22 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011.11.03 03:11:54 | 000,066,560 | ---- | M] (Nalpeiron Ltd.) -- C:\Windows\SysWOW64\nlssrv32.exe
PRC - [2011.09.14 22:06:38 | 000,169,624 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe
PRC - [2011.01.17 17:50:34 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
PRC - [2011.01.17 17:50:34 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
PRC - [2011.01.17 17:50:34 | 000,307,200 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\swriter.exe
PRC - [2010.09.06 02:19:58 | 000,169,408 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
PRC - [2010.04.05 11:55:01 | 000,116,104 | ---- | M] () -- C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
PRC - [2010.04.02 09:18:54 | 001,185,112 | ---- | M] (CANON INC.) -- C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE
PRC - [2010.03.18 10:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2009.04.17 10:09:46 | 000,935,208 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
PRC - [2009.02.23 11:48:50 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.11.20 07:16:18 | 002,400,224 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2012.11.09 13:05:06 | 014,586,808 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_110.dll
MOD - [2011.09.27 06:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011.09.27 06:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011.04.24 16:05:19 | 000,985,088 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
MOD - [2011.04.24 16:05:19 | 000,170,496 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxslt.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2009.11.24 15:17:16 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2012.11.20 07:16:13 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.11.09 13:05:07 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.11.09 12:59:02 | 000,711,112 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe -- (vToolbarUpdater13.2.0)
SRV - [2012.09.12 20:21:48 | 000,368,896 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Programme\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2012.09.12 20:21:48 | 000,022,072 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2012.08.02 12:42:04 | 008,786,848 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Programme\Tablet\Wacom\Wacom_Tablet.exe -- (TabletServiceWacom)
SRV - [2012.08.02 12:42:04 | 000,565,152 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Programme\Tablet\Wacom\Wacom_TouchService.exe -- (TouchServiceWacom)
SRV - [2012.07.27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.07.18 17:04:33 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.07.18 17:04:24 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService)
SRV - [2012.07.18 17:04:23 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.07.13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011.11.03 03:11:54 | 000,066,560 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\Windows\SysWOW64\nlssrv32.exe -- (nlsX86cc)
SRV - [2011.09.14 22:06:38 | 000,169,624 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor10.0)
SRV - [2010.12.10 16:36:54 | 000,153,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
SRV - [2010.09.06 02:19:58 | 000,169,408 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor9.0)
SRV - [2010.04.05 11:55:01 | 000,116,104 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE -- (IJPLMSVC)
SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.03.18 10:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.04.17 10:09:46 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2009.02.23 11:48:50 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.11.09 12:59:03 | 000,030,568 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtpx64.sys -- (avgtp)
DRV:64bit: - [2012.08.30 21:03:48 | 000,128,456 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012.08.21 12:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012.07.18 17:04:42 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012.07.18 17:04:42 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2012.07.18 17:04:41 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012.06.21 14:12:00 | 000,068,512 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wachidrouter.sys -- (WacHidRouter)
DRV:64bit: - [2012.06.21 14:12:00 | 000,013,728 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hidkmdf.sys -- (hidkmdf)
DRV:64bit: - [2012.05.22 13:07:18 | 000,015,736 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wacomrouterfilter.sys -- (wacomrouterfilter)
DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.08.01 14:59:06 | 000,045,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2011.05.18 07:08:32 | 000,047,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)
DRV:64bit: - [2011.05.10 07:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.08.27 05:32:20 | 000,161,280 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ss_bmdm.sys -- (ss_bmdm)
DRV:64bit: - [2010.08.27 05:32:20 | 000,128,000 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ss_bserd.sys -- (ss_bserd)
DRV:64bit: - [2010.08.27 05:32:20 | 000,127,488 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ss_bbus.sys -- (ss_bbus)
DRV:64bit: - [2010.08.27 05:32:20 | 000,018,944 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ss_bmdfl.sys -- (ss_bmdfl)
DRV:64bit: - [2010.07.26 14:18:58 | 000,020,568 | ---- | M] (Devguru Co., Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dgderdrv.sys -- (dgderdrv)
DRV:64bit: - [2010.07.26 14:15:26 | 000,016,392 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TFsExDisk.sys -- (TFsExDisk)
DRV:64bit: - [2010.03.19 03:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009.11.24 15:52:14 | 006,174,720 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009.11.18 11:30:56 | 000,123,408 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 21:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.03.01 23:05:32 | 000,187,392 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV - [2010.07.26 14:15:26 | 000,016,392 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys -- (TFsExDisk)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [1999.10.13 14:19:20 | 000,012,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\usbscan.sys -- (usbscan)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-3320590840-971583442-1121360795-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-21-3320590840-971583442-1121360795-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-3320590840-971583442-1121360795-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-3320590840-971583442-1121360795-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 3A EF 97 98 72 FB CC 01  [binary data]
IE - HKU\S-1-5-21-3320590840-971583442-1121360795-1004\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
IE - HKU\S-1-5-21-3320590840-971583442-1121360795-1004\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-3320590840-971583442-1121360795-1004\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-3320590840-971583442-1121360795-1004\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://www.claro-search.com/?q={searchTerms}&affID=114508&tt=4512_3&babsrc=SP_clro&mntrId=88f18f94000000000000406186292efb
IE - HKU\S-1-5-21-3320590840-971583442-1121360795-1004\..\SearchScopes\{482D0F30-8F15-4196-B9CC-FE1D26521EEC}: "URL" = hxxp://www.google.com/search?q={searchTerms}&amp;sourceid=ie7&amp;rls=com.microsoft:{language}:{referrer:source}&amp;ie={inputEncoding?}&oe={outputEncoding?}
IE - HKU\S-1-5-21-3320590840-971583442-1121360795-1004\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = https://isearch.avg.com/search?cid={D74498D5-1FCC-4678-83DA-D662D8236DFB}&mid=a9eb25d8297147d092a49128c0cdc708-0f92206d30766c61a0e476dfd538e92fdc7dee00&lang=en&ds=bm013&pr=sa&d=2012-09-05 17:59:02&v=12.2.0.5&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-3320590840-971583442-1121360795-1004\..\SearchScopes\{E4DD147D-1147-48C2-A882-262B75A206A9}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-W1&o=100000080&src=kw&q={searchTerms}&locale=de_DE&apn_ptnrs=JM&apn_dtid=YYYYYYYYDE&apn_uid=76caf8f0-cb63-4079-9288-35200330b8e1&apn_sauid=F72F764F-A2CF-4767-A9E4-5D9761D99B7F
IE - HKU\S-1-5-21-3320590840-971583442-1121360795-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3320590840-971583442-1121360795-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.bing.com/?cc=de"
FF - prefs.js..extensions.enabledAddons: ich%40maltegoetz.de:1.4.3
FF - prefs.js..extensions.enabledAddons: %7B1018e4d6-728f-4b20-ad56-37578a4de76b%7D:4.2.3
FF - prefs.js..extensions.enabledAddons: %7B20cc25e2-48c9-45e1-9a1f-1ccc1882b81b%7D:1.9
FF - prefs.js..extensions.enabledAddons: %7B64161300-e22b-11db-8314-0800200c9a66%7D:0.9.6.10
FF - prefs.js..extensions.enabledAddons: %7BACAA314B-EEBA-48e4-AD47-84E31C44796C%7D:4.2.1.7
FF - prefs.js..extensions.enabledAddons: %7Bc36177c0-224a-11da-8cd6-0800200c9a91%7D:3.9.81
FF - prefs.js..extensions.enabledAddons: %7Bef4e370e-d9f0-4e00-b93e-a4f274cfdd5a%7D:1.4.5
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.8
FF - prefs.js..extensions.enabledItems: {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}:1.4.2b
FF - prefs.js..extensions.enabledItems: {64161300-e22b-11db-8314-0800200c9a66}:0.9.5.8
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:2.7.0.14
FF - prefs.js..extensions.enabledItems: {699d7c86-b4fb-477b-b738-3d7a16439036}:3.4.1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_110.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.0: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@wacom.com/wtPlugin,version=2.1.0.2: C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_110.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@wacom.com/wtPlugin,version=2.1.0.2: C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Michi2\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Michi2\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\wacom.com/WacomTabletPlugin: C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.11.27 18:26:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.11.17 19:49:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.11.17 19:49:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{dfefbe51-ca52-484b-adf0-6b158b05262d}: C:\ProgramData\Browser Manager\2.4.897.175\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\FirefoxExtension
 
[2010.07.28 18:29:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Michi2\AppData\Roaming\mozilla\Extensions
[2010.07.27 06:48:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Michi2\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012.11.28 17:17:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Michi2\AppData\Roaming\mozilla\Firefox\Profiles\0z7dx9gw.default\extensions
[2012.11.10 15:51:01 | 000,000,000 | ---D | M] (Flagfox) -- C:\Users\Michi2\AppData\Roaming\mozilla\Firefox\Profiles\0z7dx9gw.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
[2012.11.22 19:36:08 | 000,000,000 | ---D | M] ("DVDVideoSoft YouTube MP3 and Video Download") -- C:\Users\Michi2\AppData\Roaming\mozilla\Firefox\Profiles\0z7dx9gw.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.09.16 18:09:08 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\Michi2\AppData\Roaming\mozilla\Firefox\Profiles\0z7dx9gw.default\extensions\ich@maltegoetz.de
[2012.11.20 18:53:43 | 000,000,000 | ---D | M] (Icelandic Dictionary) -- C:\Users\Michi2\AppData\Roaming\mozilla\Firefox\Profiles\0z7dx9gw.default\extensions\is@dictionaries.addons.mozilla.org
[2011.06.02 13:42:44 | 000,010,285 | ---- | M] () (No name found) -- C:\Users\Michi2\AppData\Roaming\mozilla\firefox\profiles\0z7dx9gw.default\extensions\{20cc25e2-48c9-45e1-9a1f-1ccc1882b81b}.xpi
[2012.10.11 08:11:03 | 000,281,285 | ---- | M] () (No name found) -- C:\Users\Michi2\AppData\Roaming\mozilla\firefox\profiles\0z7dx9gw.default\extensions\{64161300-e22b-11db-8314-0800200c9a66}.xpi
[2012.11.22 19:13:18 | 000,035,614 | ---- | M] () (No name found) -- C:\Users\Michi2\AppData\Roaming\mozilla\firefox\profiles\0z7dx9gw.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi
[2012.07.15 11:32:28 | 000,177,357 | ---- | M] () (No name found) -- C:\Users\Michi2\AppData\Roaming\mozilla\firefox\profiles\0z7dx9gw.default\extensions\{c36177c0-224a-11da-8cd6-0800200c9a91}.xpi
[2012.11.24 19:08:52 | 000,804,627 | ---- | M] () (No name found) -- C:\Users\Michi2\AppData\Roaming\mozilla\firefox\profiles\0z7dx9gw.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012.04.01 11:32:31 | 000,685,019 | ---- | M] () (No name found) -- C:\Users\Michi2\AppData\Roaming\mozilla\firefox\profiles\0z7dx9gw.default\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}.xpi
[2012.11.26 19:39:22 | 000,001,610 | ---- | M] () -- C:\Users\Michi2\AppData\Roaming\mozilla\firefox\profiles\0z7dx9gw.default\searchplugins\ixquick-https---deutsch.xml
[2010.11.03 16:32:08 | 000,000,834 | ---- | M] () -- C:\Users\Michi2\AppData\Roaming\mozilla\firefox\profiles\0z7dx9gw.default\searchplugins\lonely-planet-online.xml
[2012.11.27 18:26:28 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.11.20 07:17:00 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.10.26 19:49:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2012.11.20 08:13:26 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.11.20 08:13:26 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.11.20 08:13:26 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.11.20 08:13:26 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.11.20 08:13:26 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.11.20 08:13:26 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider:  ()
CHR - default_search_provider: search_url = 
CHR - default_search_provider: suggest_url = 
CHR - homepage: hxxp://www.claro-search.com/?affID=114508&tt=4512_3&babsrc=HP_clro&mntrId=88f18f94000000000000406186292efb
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll File not found
O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll File not found
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll File not found
O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll File not found
O3 - HKU\S-1-5-21-3320590840-971583442-1121360795-1004\..\Toolbar\WebBrowser: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll File not found
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft Device Center\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [IntelliType Pro] c:\Program Files\Microsoft Device Center\itype.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Programme\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.)
O4 - HKLM..\Run: [ROC_roc_ssl_v12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12 File not found
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe" File not found
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3320590840-971583442-1121360795-1004..\Run: [PicPick Start] C:\Program Files (x86)\PicPick\picpick.exe (NTeWORKS)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Michi 1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Michi2\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm ()
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Michi2\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://c:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Free YouTube Download - C:\Users\Michi2\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Michi2\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://c:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000019 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab (Java Plug-in 10.4.0)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.7.0_04)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{236FDCB1-0D63-4919-8875-5408D003D4F9}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{2df44f93-f587-11df-9530-406186292efb}\Shell - "" = AutoRun
O33 - MountPoints2\{2df44f93-f587-11df-9530-406186292efb}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.11.28 18:27:41 | 000,000,000 | ---D | C] -- C:\_OTL
[2012.11.27 22:22:08 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Michi2\Desktop\OTL.exe
[2012.11.27 21:05:42 | 000,000,000 | ---D | C] -- C:\Users\Michi2\AppData\Roaming\Malwarebytes
[2012.11.27 21:05:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.11.27 21:04:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.11.27 21:04:57 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.11.27 21:04:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.11.17 19:49:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2012.11.14 17:54:51 | 000,000,000 | ---D | C] -- C:\Program Files\autostitch
[2012.11.12 12:45:04 | 000,000,000 | ---D | C] -- C:\Users\Michi2\AppData\Roaming\Media Player Classic
[2012.11.10 17:46:00 | 000,000,000 | ---D | C] -- C:\Users\Michi2\Documents\Videos
[2012.11.10 16:14:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kastor Free Vimeo Downloader
[2012.11.10 16:14:05 | 000,000,000 | ---D | C] -- C:\Users\Michi2\AppData\Roaming\KastorFreeVimeoDownloader
[2012.11.10 16:14:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Kastor Free Vimeo Downloader
[2012.11.10 15:45:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack
[2012.11.10 15:45:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\K-Lite Codec Pack
[2012.11.10 14:59:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DVDVideoSoft
[2012.11.10 13:58:03 | 000,000,000 | ---D | C] -- C:\Users\Michi2\AppData\Roaming\Leadertech
[2012.10.29 23:10:29 | 000,000,000 | ---D | C] -- C:\Program Files\EasyDownLight
 
========== Files - Modified Within 30 Days ==========
 
[2012.11.28 18:39:30 | 000,014,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.11.28 18:39:30 | 000,014,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.11.28 18:30:57 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.11.28 18:30:31 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.11.28 18:30:26 | 536,223,743 | -HS- | M] () -- C:\hiberfil.sys
[2012.11.28 18:09:00 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3320590840-971583442-1121360795-1004UA.job
[2012.11.28 17:57:00 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.11.28 17:54:29 | 000,036,435 | ---- | M] () -- C:\Users\Michi2\Desktop\TB Antwort 28.11.2012.odt
[2012.11.28 17:51:49 | 000,037,158 | ---- | M] () -- C:\Users\Michi2\Desktop\OTL 28.11.2012.odt
[2012.11.28 17:47:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.11.28 17:16:32 | 000,480,125 | ---- | M] () -- C:\Users\Michi2\Desktop\adwcleaner.exe
[2012.11.28 08:45:28 | 001,657,310 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.11.28 08:45:28 | 000,715,260 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.11.28 08:45:28 | 000,666,274 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.11.28 08:45:28 | 000,155,188 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.11.28 08:45:28 | 000,125,408 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.11.28 00:08:53 | 000,048,551 | ---- | M] () -- C:\Users\Michi2\Desktop\TB anfrage.odt
[2012.11.27 23:02:24 | 000,017,330 | ---- | M] () -- C:\Users\Michi2\Desktop\Malwarebytes Scan 27112012.odt
[2012.11.27 22:22:10 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Michi2\Desktop\OTL.exe
[2012.11.27 22:20:23 | 000,000,000 | ---- | M] () -- C:\Users\Michi2\defogger_reenable
[2012.11.27 22:18:42 | 000,050,477 | ---- | M] () -- C:\Users\Michi2\Desktop\Defogger.exe
[2012.11.27 21:34:44 | 000,148,755 | ---- | M] () -- C:\Users\Michi2\Desktop\Bild 3.png
[2012.11.27 21:21:54 | 000,127,097 | ---- | M] () -- C:\Users\Michi2\Desktop\Bild 2.png
[2012.11.27 21:19:36 | 000,248,701 | ---- | M] () -- C:\Users\Michi2\Desktop\Bild 1.png
[2012.11.27 21:05:04 | 000,001,116 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.11.26 18:46:08 | 000,615,920 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.11.25 19:35:41 | 000,165,698 | ---- | M] () -- C:\Users\Michi2\Desktop\Was guckst du.pdf
[2012.11.25 15:28:10 | 010,058,285 | ---- | M] () -- C:\Users\Michi2\Desktop\galileodesign_photoshop_elements_10_wolf.pdf
[2012.11.25 15:09:01 | 000,001,072 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3320590840-971583442-1121360795-1004Core.job
[2012.11.22 18:20:14 | 000,001,331 | ---- | M] () -- C:\Users\Michi2\Desktop\RouteConverterWindows64 - Verknüpfung.lnk
[2012.11.22 18:18:41 | 000,001,150 | ---- | M] () -- C:\Users\Michi2\Desktop\EasyDownLight - Verknüpfung.lnk
[2012.11.22 18:18:03 | 000,001,123 | ---- | M] () -- C:\Users\Michi2\Desktop\autostitch - Verknüpfung.lnk
[2012.11.19 08:32:34 | 000,011,119 | ---- | M] () -- C:\Users\Michi2\Documents\Widerspruch **** Sparkasse.odt
[2012.11.15 09:31:11 | 000,002,125 | ---- | M] () -- C:\Users\Michi2\Desktop\Reflecta Scanner Reparatur 3 - Verknüpfung.lnk
[2012.11.15 09:31:11 | 000,002,125 | ---- | M] () -- C:\Users\Michi2\Desktop\Reflecta Scanner Reparatur 2 - Verknüpfung.lnk
[2012.11.15 09:31:11 | 000,002,125 | ---- | M] () -- C:\Users\Michi2\Desktop\Reflecta Scanner Reparatur 1 - Verknüpfung.lnk
[2012.11.14 22:12:15 | 000,008,434 | ---- | M] () -- C:\Users\Michi2\Desktop\316 - Verknüpfung.lnk
[2012.11.14 22:12:11 | 000,008,434 | ---- | M] () -- C:\Users\Michi2\Desktop\318 - Verknüpfung.lnk
[2012.11.14 22:12:02 | 000,008,434 | ---- | M] () -- C:\Users\Michi2\Desktop\304 - Verknüpfung.lnk
[2012.11.14 22:11:34 | 000,008,434 | ---- | M] () -- C:\Users\Michi2\Desktop\299 - Verknüpfung.lnk
[2012.11.14 22:11:03 | 000,008,434 | ---- | M] () -- C:\Users\Michi2\Desktop\291 - Verknüpfung.lnk
[2012.11.14 22:10:41 | 000,008,434 | ---- | M] () -- C:\Users\Michi2\Desktop\286 - Verknüpfung.lnk
[2012.11.14 17:53:01 | 001,079,825 | ---- | M] () -- C:\Users\Michi2\Desktop\autostitch.zip
[2012.11.10 13:40:09 | 000,171,426 | ---- | M] () -- C:\Users\Michi2\Desktop\D L.jpg
[2012.11.10 13:14:04 | 000,059,867 | ---- | M] () -- C:\Users\Michi2\Documents\Die besten 50 Mitarbeiter des Unternehmens 2011_12   20121105134048.pdf
[2012.11.09 12:59:03 | 000,030,568 | ---- | M] (AVG Technologies) -- C:\Windows\SysNative\drivers\avgtpx64.sys
[2012.11.04 12:42:01 | 000,009,922 | ---- | M] () -- C:\Users\Michi2\Documents\Euro NCAP Test und ADAC Bericht.ods
[2012.10.29 23:48:58 | 000,000,205 | ---- | M] () -- C:\Users\Michi2\AppData\Roaming\default.rss
 
========== Files Created - No Company Name ==========
 
[2012.11.28 17:51:47 | 000,037,158 | ---- | C] () -- C:\Users\Michi2\Desktop\OTL 28.11.2012.odt
[2012.11.28 17:49:47 | 000,036,435 | ---- | C] () -- C:\Users\Michi2\Desktop\TB Antwort 28.11.2012.odt
[2012.11.28 17:16:26 | 000,480,125 | ---- | C] () -- C:\Users\Michi2\Desktop\adwcleaner.exe
[2012.11.27 22:54:44 | 000,048,551 | ---- | C] () -- C:\Users\Michi2\Desktop\TB anfrage.odt
[2012.11.27 22:23:37 | 000,017,330 | ---- | C] () -- C:\Users\Michi2\Desktop\Malwarebytes Scan 27112012.odt
[2012.11.27 22:20:23 | 000,000,000 | ---- | C] () -- C:\Users\Michi2\defogger_reenable
[2012.11.27 22:18:41 | 000,050,477 | ---- | C] () -- C:\Users\Michi2\Desktop\Defogger.exe
[2012.11.27 21:34:44 | 000,148,755 | ---- | C] () -- C:\Users\Michi2\Desktop\Bild 3.png
[2012.11.27 21:21:54 | 000,127,097 | ---- | C] () -- C:\Users\Michi2\Desktop\Bild 2.png
[2012.11.27 21:19:36 | 000,248,701 | ---- | C] () -- C:\Users\Michi2\Desktop\Bild 1.png
[2012.11.27 21:05:04 | 000,001,116 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.11.25 19:35:41 | 000,165,698 | ---- | C] () -- C:\Users\Michi2\Desktop\Was guckst du.pdf
[2012.11.25 16:20:37 | 000,001,004 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help.lnk
[2012.11.25 16:16:37 | 000,001,912 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop Elements 10.lnk
[2012.11.25 15:28:09 | 010,058,285 | ---- | C] () -- C:\Users\Michi2\Desktop\galileodesign_photoshop_elements_10_wolf.pdf
[2012.11.22 18:18:41 | 000,001,150 | ---- | C] () -- C:\Users\Michi2\Desktop\EasyDownLight - Verknüpfung.lnk
[2012.11.22 18:18:03 | 000,001,123 | ---- | C] () -- C:\Users\Michi2\Desktop\autostitch - Verknüpfung.lnk
[2012.11.19 08:32:32 | 000,011,119 | ---- | C] () -- C:\Users\Michi2\Documents\Widerspruch **** Sparkasse.odt
[2012.11.16 20:08:47 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2012.11.16 19:58:02 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2012.11.14 22:12:15 | 000,008,434 | ---- | C] () -- C:\Users\Michi2\Desktop\316 - Verknüpfung.lnk
[2012.11.14 22:12:11 | 000,008,434 | ---- | C] () -- C:\Users\Michi2\Desktop\318 - Verknüpfung.lnk
[2012.11.14 22:12:02 | 000,008,434 | ---- | C] () -- C:\Users\Michi2\Desktop\304 - Verknüpfung.lnk
[2012.11.14 22:11:34 | 000,008,434 | ---- | C] () -- C:\Users\Michi2\Desktop\299 - Verknüpfung.lnk
[2012.11.14 22:11:03 | 000,008,434 | ---- | C] () -- C:\Users\Michi2\Desktop\291 - Verknüpfung.lnk
[2012.11.14 22:10:41 | 000,008,434 | ---- | C] () -- C:\Users\Michi2\Desktop\286 - Verknüpfung.lnk
[2012.11.14 21:52:43 | 000,002,125 | ---- | C] () -- C:\Users\Michi2\Desktop\Reflecta Scanner Reparatur 3 - Verknüpfung.lnk
[2012.11.14 21:52:43 | 000,002,125 | ---- | C] () -- C:\Users\Michi2\Desktop\Reflecta Scanner Reparatur 2 - Verknüpfung.lnk
[2012.11.14 21:52:43 | 000,002,125 | ---- | C] () -- C:\Users\Michi2\Desktop\Reflecta Scanner Reparatur 1 - Verknüpfung.lnk
[2012.11.14 17:52:41 | 001,079,825 | ---- | C] () -- C:\Users\Michi2\Desktop\autostitch.zip
[2012.11.10 15:45:26 | 000,178,688 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2012.11.10 13:14:04 | 000,059,867 | ---- | C] () -- C:\Users\Michi2\Documents\Die besten 50 Mitarbeiter des Unternehmens 2011_12   20121105134048.pdf
[2012.11.04 11:31:52 | 000,009,922 | ---- | C] () -- C:\Users\Michi2\Documents\Euro NCAP Test und ADAC Bericht.ods
[2012.11.01 12:49:31 | 000,171,426 | ---- | C] () -- C:\Users\Michi2\Desktop\D L.jpg
[2012.09.03 12:12:09 | 007,339,099 | ---- | C] () -- C:\Program Files\RouteConverterWindows64.exe
[2012.08.28 19:54:32 | 000,007,606 | ---- | C] () -- C:\Users\Michi2\AppData\Local\Resmon.ResmonCfg
[2012.07.15 15:14:06 | 000,001,049 | ---- | C] () -- C:\Users\Michi2\AppData\Roaming\.ptbt0
[2012.05.19 13:33:50 | 000,001,158 | ---- | C] () -- C:\Users\Michi2\AppData\Roaming\ShiftN.ini
[2011.11.03 03:12:00 | 000,326,144 | ---- | C] () -- C:\Windows\SysWow64\ColorEfexPro4FC32.dll
[2011.07.06 13:21:42 | 000,311,296 | ---- | C] () -- C:\Windows\SysWow64\EMRegSys.dll
[2011.06.07 11:13:38 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2011.06.07 11:13:38 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2011.06.07 11:13:38 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2011.06.07 11:13:38 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2011.06.07 11:13:38 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2011.05.29 16:15:59 | 000,005,467 | ---- | C] () -- C:\Users\Michi2\ESt2010_****_****.elfo
[2010.12.05 16:49:22 | 000,039,626 | ---- | C] () -- C:\Users\Michi2\.recently-used.xbel
[2010.09.18 18:46:19 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.09.12 16:04:16 | 000,021,062 | -H-- | C] () -- C:\ProgramData\M33KI
[2010.08.28 16:17:16 | 000,000,205 | ---- | C] () -- C:\Users\Michi2\AppData\Roaming\default.rss
[2010.03.26 20:18:38 | 000,013,824 | ---- | C] () -- C:\Users\Michi2\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2010.08.11 18:33:32 | 000,000,000 | ---D | M] -- C:\Users\Gast\AppData\Roaming\OpenOffice.org
[2010.08.12 18:21:11 | 000,000,000 | ---D | M] -- C:\Users\Gast\AppData\Roaming\Opera
[2010.08.08 17:35:17 | 000,000,000 | ---D | M] -- C:\Users\Michi 1\AppData\Roaming\FreeFLVConverter
[2010.08.08 19:02:24 | 000,000,000 | ---D | M] -- C:\Users\Michi 1\AppData\Roaming\OpenOffice.org
[2010.07.21 18:47:32 | 000,000,000 | ---D | M] -- C:\Users\Michi 1\AppData\Roaming\Opera
[2010.07.26 20:46:17 | 000,000,000 | ---D | M] -- C:\Users\Michi 1\AppData\Roaming\Thunderbird
[2012.09.22 11:12:16 | 000,000,000 | ---D | M] -- C:\Users\Michi2\AppData\Roaming\Canon
[2010.04.02 21:50:04 | 000,000,000 | ---D | M] -- C:\Users\Michi2\AppData\Roaming\cerasus.media
[2010.12.14 18:43:22 | 000,000,000 | ---D | M] -- C:\Users\Michi2\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012.08.29 20:40:16 | 000,000,000 | ---D | M] -- C:\Users\Michi2\AppData\Roaming\Dropbox
[2012.11.10 15:03:50 | 000,000,000 | ---D | M] -- C:\Users\Michi2\AppData\Roaming\DVDVideoSoft
[2012.05.29 17:53:58 | 000,000,000 | ---D | M] -- C:\Users\Michi2\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.04.15 18:59:57 | 000,000,000 | ---D | M] -- C:\Users\Michi2\AppData\Roaming\Engelmann Media
[2012.07.02 22:41:58 | 000,000,000 | ---D | M] -- C:\Users\Michi2\AppData\Roaming\EssentialPIM
[2012.05.23 20:50:44 | 000,000,000 | ---D | M] -- C:\Users\Michi2\AppData\Roaming\Flexrise.9F3FBFC56E7DF11606748B3513468A7A7FB809D1.1
[2010.08.08 17:35:08 | 000,000,000 | ---D | M] -- C:\Users\Michi2\AppData\Roaming\FreeFLVConverter
[2012.05.23 20:55:07 | 000,000,000 | ---D | M] -- C:\Users\Michi2\AppData\Roaming\GeoSetter
[2011.02.27 17:11:35 | 000,000,000 | ---D | M] -- C:\Users\Michi2\AppData\Roaming\gnupg
[2010.12.05 16:37:21 | 000,000,000 | ---D | M] -- C:\Users\Michi2\AppData\Roaming\gtk-2.0
[2012.07.19 11:20:17 | 000,000,000 | ---D | M] -- C:\Users\Michi2\AppData\Roaming\IrfanView
[2012.11.10 17:45:58 | 000,000,000 | ---D | M] -- C:\Users\Michi2\AppData\Roaming\KastorFreeVimeoDownloader
[2012.10.07 08:44:08 | 000,000,000 | ---D | M] -- C:\Users\Michi2\AppData\Roaming\Lasersoft Imaging
[2012.11.10 13:58:03 | 000,000,000 | ---D | M] -- C:\Users\Michi2\AppData\Roaming\Leadertech
[2010.03.26 21:43:39 | 000,000,000 | ---D | M] -- C:\Users\Michi2\AppData\Roaming\OpenOffice.org
[2010.04.17 23:39:46 | 000,000,000 | ---D | M] -- C:\Users\Michi2\AppData\Roaming\Opera
[2012.08.28 20:59:50 | 000,000,000 | ---D | M] -- C:\Users\Michi2\AppData\Roaming\Panasonic
[2011.05.08 18:48:18 | 000,000,000 | ---D | M] -- C:\Users\Michi2\AppData\Roaming\picpick
[2010.09.12 17:24:27 | 000,000,000 | ---D | M] -- C:\Users\Michi2\AppData\Roaming\PIE
[2012.03.14 15:06:13 | 000,000,000 | ---D | M] -- C:\Users\Michi2\AppData\Roaming\Samsung
[2010.03.27 12:28:53 | 000,000,000 | ---D | M] -- C:\Users\Michi2\AppData\Roaming\streamripper
[2012.07.02 23:37:16 | 000,000,000 | ---D | M] -- C:\Users\Michi2\AppData\Roaming\Temp
[2010.07.27 06:48:13 | 000,000,000 | ---D | M] -- C:\Users\Michi2\AppData\Roaming\Thunderbird
 
========== Purity Check ==========
 
 

< End of report >
         
Schritt 3: Probleme mit den Sidekicks 'a la' unerwünschter unterstichener Wörter habe ich schon seit dem entfernen des Add-Ons nicht mehr.

Schon mal ein herzliches für deinen Gleichmut.


Alt 28.11.2012, 19:02   #6
ryder
/// TB-Ausbilder
 
click to continue by savings sidekick - Standard

click to continue by savings sidekick



Gut!

Wir müssen jetzt noch ein paar Kontrollen machen.

Schritt 1:
Quick-Scan mit Malwarebytes

Downloade Dir bitte Malwarebytes
  • Installiere das Programm in den vorgegebenen Pfad.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Starte Malwarebytes, klicke auf Aktualisierung --> Suche nach Aktualisierung
  • Wenn das Update beendet wurde, aktiviere Quickscan durchführen und drücke auf Scannen.
  • Wenn der Scan beendet ist, klicke auf Ergebnisse anzeigen.
  • Versichere Dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
  • Poste das Logfile, welches sich in Notepad öffnet, hier in den Thread.
  • Nachträglich kannst du den Bericht unter "Log Dateien" finden.
Schritt 2:
ESET Online Scanner

Zitat:
Wichtig:
Bitte während der Online-Scans evtl. vorhandene externe Festplatten einschalten!
Bitte während der Scans alle Hintergrundwächter (Anti-Virus-Programm, Firewall, Skriptblocking und ähnliches) abstellen und nicht vergessen, alles hinterher wieder einzuschalten.
  • Bitte hier klicken --->
    • Firefox-User: Bitte esetsmartinstaller_enu.exe downloaden, installieren und starten.
    • IE-User müssen das Installieren eines ActiveX Elements erlauben.
  • Setze den einen Haken bei Yes, i accept the Terms of Use/Ja, ich stimme ... zu und drücke den Button.
  • Warte bis die Komponenten herunter geladen wurden.
  • Setze einen Haken bei "Scan archives/Archive prüfen" und entferne den Haken bei Remove Found Threads/Entdeckte Bedrohungen entfernen.
  • drücken. Die Signaturen werden herunter geladen und der Scan beginnt automatisch und kann sehr lange dauern!
Wenn der Scan beendet wurde
  • Klicke und dann
  • Speichere das Logfile als ESET.txt auf dem Desktop.
  • Klicke Back und Finish
Bitte poste die ESET.txt hier oder teile mir mit, dass nichts gefunden wurde.
Schritt 3:
Java Update (Windows XP, Vista, 7)
Dein Java ist nicht mehr aktuell. Ältere Versionen enthalten Sicherheitslücken, die von Malware missbraucht werden können.
  • Downloade dir bitte die neueste Java-Version und speichere die jxpiinstall.exe
  • Schließe alle laufenden Programme. Speziell deinen Browser.
  • Starte die jxpiinstall.exe. Diese wird den Installer für die neueste Java Version (Java 7 Update 9) herunter laden.
  • Während der Installation entferne den Haken bei:
Wenn die Installation beendet wurde:
  • Start > Systemsteuerung > Programme und deinstalliere alle älteren Java Versionen, falls vorhanden, und starte deinen Rechner neu.
Nach dem Neustart:
  • Öffne erneut die Systemsteuerung > Programme und klicke auf das Java Symbol.
  • Im Reiter Allgemein, klicke unter Temporäre Internetdateien auf Einstellungen.
  • Klicke auf Dateien löschen...
  • Gehe sicher, dass überall ein Haken gesetzt ist und klicke zweimal OK.
Schritt 4:
Scan mit SecurityCheck
Downloade Dir bitte SecurityCheck
  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS- Box.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.
__________________
--> click to continue by savings sidekick

Alt 28.11.2012, 21:14   #7
Hele
 
click to continue by savings sidekick - Standard

click to continue by savings sidekick



Schritt 1:
Der Suchlauf wurde erfolgreich abgeschlossen. Es wurden keine infizierten Objekte gefunden.

Code:
ATTFilter
Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Datenbank Version: v2012.11.28.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Michi2 :: MICHI2-PC [Administrator]

28.11.2012 19:07:59
mbam-log-2012-11-28 (19-07-59).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 255320
Laufzeit: 3 Minute(n), 54 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         

Schritt 2:
Dauert wirklich sehr lange!!!
Läuft bei mir schon fast 2 Std. und hat gerade mal 21% erreicht.
Ich weiss nicht ob ich heute noch das Ergebnis posten kann.

Alt 28.11.2012, 21:15   #8
ryder
/// TB-Ausbilder
 
click to continue by savings sidekick - Standard

click to continue by savings sidekick



Das dauert auch lange ... einfach laufen lassen.
__________________
Digitale Freibeuter gegen Malware!
Keine Hilfe per PM!

Alt 29.11.2012, 07:44   #9
Hele
 
click to continue by savings sidekick - Standard

click to continue by savings sidekick



Fortsetzung Schritt 2: Nach 10:39 Std. war der Scan fertig, es dauert wirklich sehr lange.

Code:
ATTFilter
C:\Users\Michi2\AppData\Local\Temp\13F62CEB-BAB0-7891-8DCB-136BF6F78E14\Latest\BrowserManagerSetup.exe	multiple threats
C:\Users\Michi2\AppData\Local\Temp\13F62CEB-BAB0-7891-8DCB-136BF6F78E14\Latest\MyBabylonTB.exe	Win32/Toolbar.Funmoods application
C:\Users\Michi2\Documents\Computer Fotografie Technik\Winamp\Winamp_Streamripper Info\ps_radio2014.exe	a variant of Win32/Adware.ADON application
C:\Users\Michi2\Downloads\SoftonicDownloader_fuer_inkscape.exe	a variant of Win32/SoftonicDownloader.E application
C:\_OTL\MovedFiles\11282012_182741\c_ProgramData\Browser Manager\2.4.897.175\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\browsermngr.dll	a variant of Win32/bProtector.A application
K:\Eigene Dateien\Winamp\Winamp_Streamripper Info\ps_radio2014.exe	a variant of Win32/Adware.ADON application
         
Schritt 3: Java erledigt.

Schritt 4: SecurityCheck

Code:
ATTFilter
 Results of screen317's Security Check version 0.99.56  
 Windows 7 Service Pack 1 x64   
 Internet Explorer 9  
``````````````Antivirus/Firewall Check:`````````````` 
Microsoft Security Essentials   
Avira Desktop                   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
 Malwarebytes Anti-Malware Version 1.65.1.1000  
 Java 7 Update 9  
 Adobe Flash Player 11.5.502.110  
 Adobe Reader 10.1.4 Adobe Reader out of Date!  
 Mozilla Firefox (17.0) 
 Mozilla Thunderbird 13.0.1 Thunderbird out of Date!  
 Google Chrome 21.0.1180.83  
 Google Chrome 21.0.1180.89  
 Google Chrome 22.0.1229.79  
 Google Chrome 22.0.1229.94  
 Google Chrome 23.0.1271.64  
 Google Chrome 23.0.1271.91  
````````Process Check: objlist.exe by Laurent````````  
 Microsoft Security Essentials MSMpEng.exe 
 Microsoft Security Essentials msseces.exe 
 Avira Antivir avgnt.exe 
 Avira Antivir avguard.exe 
 Microsoft Small Business Business Contact Manager BcmSqlStartupSvc.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````
         
Jetzt weiss ich was Du meintest mit viel Arbeit.
Zwischendurch mal wieder ein
Gehe gleich zur Arbeit, bis später (ca. 20:30Uhr)

Alt 29.11.2012, 09:38   #10
ryder
/// TB-Ausbilder
 
click to continue by savings sidekick - Standard

click to continue by savings sidekick



Zitat:
C:\Users\Michi2\Downloads\SoftonicDownloader_fuer_inkscape.exe a variant of Win32/SoftonicDownloader.E application
K:\Eigene Dateien\Winamp\Winamp_Streamripper Info\ps_radio2014.exe a variant of Win32/Adware.ADON application
Warum lädst du dir auch so einen Schrott runter?
Zitat:
Lesestoff:
Softwaredownloader
Es gibt im Internet Downloadportale, die statt die Datei selbst anzubieten, dem User einen Downloader unterjubelt. Startet man diesen, dann wird erst das gewünschte Programm von der Webseite des Anbieters geladen. Üblicherweise installiert dieser Downloader auch Werbeprogramme auf deinem Rechner. Besonders bekannt dafür ist z.B. Softonic. Daber merke dir bitte für die Zukunft:
Schritt 1:
Warnung: Mehrere Anti-Virus-Programme
Zitat:
Lesestoff:
Mehrere Anti-Virus-Programme
Auch wenn dieser Zustand besser ist als keine solche Software installiert zu haben, so ist er dennoch schlecht. Diese Programme haben einen Hintergrundwächter, der Dateizugriffe überwacht. Zwei solche Hintergrundwächter können und werden sich gegenseitig behindern, dein System ausbremsen und mit hoher Wahrscheinlichkeit im entscheidenen Moment eine Infektion eben nicht verhindern. Eine gute Absicherung besteht aus:
  • Einem Virenscanner mit Hintergrundwächter. Ich persönlich empfehle derzeit: Avast Free Antivirus
  • Einem Malwarescanner wie Malwarebytes
  • ggf. einem Browserschutz (ist bei Avast dabei)
Entscheide dich bitte für eines der folgenden Programme und deinstalliere den Rest über die Systemsteuerung => Software bzw. Programme & Funktionen:
Code:
ATTFilter
Avira
MSE
         
Um die Überreste des alten Virenscanner zu entfernen gibt es auf dieser Webseite passende Tools.
Schritt 2:
Thunderbird update machen

Schritt 3:
Update: Adobe Reader
  • Deinstalliere deine alte Version von Adobe Reader (Systemsteuerung > Programme > Deinstallieren).
  • Lade dir die aktuelle Version hier herunter: get.adobe.com/de/reader/
  • Entferne dabei den Haken:
- oder -

Probiere einen alternativen Viewer für pdf-Dokumente aus. Diese sind meist schlanker, schneller und schleusen sehr viel seltener Schädlinge ein. Mein Vorschlag:
Schritt 4:
Scan mit SecurityCheck
Downloade Dir bitte SecurityCheck
  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS- Box.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.
__________________
Digitale Freibeuter gegen Malware!
Keine Hilfe per PM!

Alt 29.11.2012, 22:46   #11
Hele
 
click to continue by savings sidekick - Standard

click to continue by savings sidekick



Ich war unwissend
Danke für den Hinweis zu den Softwaredownloadern .


Schritt 1:
Avira entfernt.
MSE entfernt.

Zitat:
->„Um die Überreste des alten Virenscanner zu entfernen
gibt es auf dieser Webseite passende Tools.“
Ich bin mir nicht sicher ob dass der richtige Link ist?
Windows Security Essentials
hxxp://support.microsoft.com/kb/2435760


Avast installiert.
Bekomme im Firefox die Meldung:
Code:
ATTFilter
Ein anderes Program auf Ihrem Computer möchte Firefox durch folgendes Add-on modifizieren: 
avast! WebRep 7.0.1474
Von AVAST Software
Ort:C:\Program Files\AVAST Software\Avast\WebPep\FF
u.s.w.
Diese Installation erlauben
Weiter
         
Ich habe es nicht zugelassen und den Reiter weggeklickt.


Schritt 2:
Thunderbird update erledigt.

Schritt 3:
Adobe Reader entfernt.
Foxit Reader installiert.

Schritt4:
Scan mit SecurityCheck

Code:
ATTFilter
 Results of screen317's Security Check version 0.99.56  
 Windows 7 Service Pack 1 x64   
 Internet Explorer 9  
``````````````Antivirus/Firewall Check:`````````````` 
avast! Antivirus   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
 Malwarebytes Anti-Malware Version 1.65.1.1000  
 Java 7 Update 9  
 Adobe Flash Player 11.5.502.110  
 Mozilla Firefox (17.0) 
 Mozilla Thunderbird (17.0.) 
 Google Chrome 21.0.1180.83  
 Google Chrome 21.0.1180.89  
 Google Chrome 22.0.1229.79  
 Google Chrome 22.0.1229.94  
 Google Chrome 23.0.1271.64  
 Google Chrome 23.0.1271.91  
````````Process Check: objlist.exe by Laurent````````  
 Microsoft Small Business Business Contact Manager BcmSqlStartupSvc.exe  
 AVAST Software Avast AvastSvc.exe  
 AVAST Software Avast AvastUI.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````
         

Alt 29.11.2012, 22:53   #12
ryder
/// TB-Ausbilder
 
click to continue by savings sidekick - Standard

click to continue by savings sidekick



Wirklich gut mitgemacht!

Prima!

Damit wären wir fertig. Wir räumen jetzt noch ein wenig auf und dann habe ich am Ende etwas Lesestoff für dich.

Schritt 1:
Tools deinstallieren
  • Falls Defogger benutzt wurde: jetzt auf re-enable klicken.
  • Falls Combofix benutzt wurde: Windowstaste + R > Combofix /Uninstall (eingeben) > OK
  • Downloade Dir bitte auf jeden Fall delfix auf deinen Desktop:
    • Starte Delfix und klicke auf Löschen.
    • Das anfallende Logfile benötigen wir nicht.
    • Klicke dann auf Deinstallation und dann OK.

Schritt 2:
ESET deinstallieren (Optional)

Ich empfehle dir dein System einmal pro Woche mit ESET zu scannen. Möchtest du ESET aber entfernen:
Drücke bitte die + R Taste und kopiere folgenden Text in das Ausführen-Fenster und klicke OK.
Code:
ATTFilter
"%ProgramFiles%\Eset\Eset Online Scanner\OnlineScannerUninstaller.exe"
         
Abschließend noch Tipps zu folgenden Themen:
  • Systemupdates
  • Softwareupdates
  • Sicherheitssoftware
  • Sicheres Surfen

Zitat:
Lesestoff:
Systemupdates
Man kann es gar nicht oft genug erwähnen, wie wichtig es ist, sein System aktuell zu halten. Dein Auto bringst du ja auch regelmässig zur Inspektion in die Werkstatt. Stelle also bitte sicher, dass die Systemupdates aktiviert sind:
  • Bitte überprüfe, ob dein System Windows Updates automatisch herunter lädt:
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.

Zitat:
Lesestoff:
Softwareupdates
Ebenso wichtig wie die Systemprogramme ist auch die Software, die du täglich nutzt. Die folgende Liste gibt dir einen kleinen Überblick mit Links zu den Updates, welche Programme dringend aktuell gehalten werden müssen (falls du sie überhaupt installiert hast und nutzt), weil durch deren Sicherheitslücken oft Malware auf die Computer gelangen kann:Auch nicht gelistete Programme sind natürlich wichtig. Ob es für diese eine neue Version gibt, kannst du auf deren Herstellerwebseite oder ganz bequem mit diesen Tools überprüfen:

Zitat:
Lesestoff:
Sicherheitssoftware
Würde dich jemand nackt auf dem Motorrad auf der Autobahn überholen würdest du auch den Kopf schütteln. Dein Computer braucht auch einen Schutz vor den täglichen kleinen Angriffen durch Schädlinge. Neben hervorragenden kommerziellen Anti-Viren-Lösungen gibt es auch durchaus gute Schutzprogramme, die kostenfrei mit reduziertem Funktionsumfang erhältlich sind. Aber vorsicht, hier gilt nicht "je mehr desto besser". Was du brauchst ist genau einen Virenscanner mit Hintergrundwächter. Nicht mehr und nicht weniger. Es gibt hier viele Produkte auf dem Markt, die einem gute Dienste leisten. Ich persönlich empfehle dir Avast Free Antivirus. Es bietet relativ guten Schutz, bei wenig nerviger Werbung und installiert dir ein Browserplugin, das dich vor gefährlichen Webseiten warnt.
  • Wenn du deine Antivirenlösung wechseln solltest, findest du hier Tools mit denen du die Überreste nach der Deinstallation deines alten Scanners entfernen kannst.
  • Installiere niemals mehr als einen Virenscanner. Deren Hintergrundwächter würden sich gegenseitig behindern und dein System ausbremsen.
  • Ein Browserplugin, das dich vor betrügerischen Webseiten schützt, kann dir gute Dienste leisten, wenn du dich nicht gut auskennst (siehe oben).
  • Sorge dafür, dass deine Sicherheitslösung ständig up-to-date ist und sich automatisch Updates besorgt. Wenn du auf manuelle Updates setzt bist du meistens zu spät, da die Virendatenbanken oft täglich sogar mehrfach erneuert werden.
  • Einen zusätzlichen Schutz (und dieser wäre auch erlaubt) bietet ein spezieller Malwarescanner. Hier empfehle ich dir dringend Malwarebytes und einmal wöchentlich damit zu scannen. In der kostenpflichtigen Version hat es sogar einen Hintergrundwächter. Hierfür haben wir eine Anleitung für dich.
Zuletzt empfehle ich dir deine Daten regelmässig (am besten automatisch) zu sichern. Dies kann eine professionelle Backuplösung, externe Festplatten, Brennen auf DVDs oder Überspielen auf ein Online-Laufwerk wie z.B. Dropbox sein. Erzeuge so viele Kopien wie möglich und halte sie aktuell. Nur so bist du auf den schlimmsten Fall vorbereitet, wenn dein Computer - wodurch auch immer - unbrauchbar werden sollte. Leider passiert das ja immer unangekündigt und immer dann wenn man ihn am Nötigsten braucht. Also sorge vor!

Zitat:
Lesestoff:
Sicheres Surfen
Zunächst muss man sagen, dass es üblicherweise immer der menschliche Faktor ist, der es Malware ermöglicht auf einen Computer zu gelangen. Kaufst du Leuten, die an deiner Haustür klingeln, auch sofort ohne nachzudenken irgendwelches Zeug ab? Gewöhne dir daher zunächst einige Verhaltensregeln beim Surfen im Internet an:
  • Klicke nicht irgendwo hin, nur weil es bunt ist und leuchtet, in einer Ecke aufpoppt oder so aussieht, als wäre es eine Systemmeldung.
  • Lade dir keine illegale Software, keine Cracks, keine Keygens, keine Gametrainer usw ... die Webseiten, die so etwas anbieten, sind meist nicht seriös und die angeblichen Helfer sind meist verseuchter als du es dir ausmalen würdest. Es spielt dabei keine Rolle, ob du diese Dateien über einen Browser oder Filesharingprogramme beziehst.
  • Öffne keine Emailanhänge von Leuten, die du nicht kennst, Emails mit seltsamen Rechtschreibfehlern oder starte Dateien, die dir eine Webseite anbietet, ohne dass du sie wolltest.
  • Lasse niemand an deinem Computer surfen, der diese Regeln nicht auch befolgt.
  • Verlasse dich nicht darauf, dass dein Virenscanner schon alles findet. Keine Sicherheitslösung ist 100% sicher!

Aber selbst bei der peinlichen Einhaltung dieser Regeln kann es dennoch zu einer sogenannten Drive-By-Infektion kommen, bei der ein Schädling aus dem Schutzmechanismus des Webbrowsers ausbricht. Um die Sicherheit noch weiter zu erhöhen gibt es spezielle Schutzsoftware, die deinen Browser noch weiter absichert.
  • WOT (Web of trust) Dieses Add-On warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst. Hinweis: Avast enthält ein solches Plugin bereits.
  • Sandboxie schafft eine zusätzliche isolierte Programmumgebung, damit dein Browser wie ein Kleinkind im Sandkasten sicher ist. (Anleitung: Sandboxie)
  • Securebanking ist ein Software, die Verbindungen untersucht und dir meldet, wenn jemand "mithört". Wie der Name sagt, wurde es entwickelt, damit Onlinebanking wirklich sicher ist. Mehr Infos auf der Homepage: Secure Banking

Zuletzt denke bitte über die Benutzung eines alternativen Browsers nach. Programme, die nicht so oft verwendet werden, sind auch nicht so sehr im Focus der "bösen Jungs". D.h. du bist mit einem exotischen Browser eher auf der sicheren Seite. Grundsätzlich bist du erst einmal deutlich sicherer, wenn du nicht den Internet Explorer benutzt.

Damit wünsche ich dir noch viel Spaß beim Surfen im Internet

... und vielleicht möchtest du ja das Trojaner-Board unterstützen?

Eine Bitte: Gib mir eine kurze Rückmeldung, wenn alles erledigt ist und keine Fragen mehr vorhanden sind, damit ich diesen Thread aus meinen Abos löschen kann.
__________________
Digitale Freibeuter gegen Malware!
Keine Hilfe per PM!

Alt 29.11.2012, 23:20   #13
Hele
 
click to continue by savings sidekick - Standard

click to continue by savings sidekick



Schritt1:
erledigt.


Schritt 2:
ESET würde ich gerne behalten, finde aber nur den OnlineScannerUninstaller
unter C:\Program Files (x86)\ESET\ESET Online Scanner\Online


Systemupdates (Automatische Updates aktivieren) war aktiviert.
Danke für den restlichen Lesestoff, ich werde Deine Ratschläge beherzigen.



Habe gerade bei den installierten Programmen noch eine Claro Chrome Toolbar entdeckt.
Es ist sicher sinnvoll diese zu deinstallieren.

Browser Check:
Habe Schwierigkeiten mit Java.
Im Firefox bei den Add-ons

Java Deployment Toolkit 7.0.70.10
10.7.2.10 (deaktiviert)

Java (TM) Platform SE 7 U9
10.9.2.5 (deaktiviert)

habe beides aktiviert, war das richtig?
Folgende Fehlermeldung kommt sowohl im aktivierten als auch deaktivierten Zustand.

Zitat:
PluginCheck

Der PluginCheck hilft die größten Sicherheitslücken beim Surfen im Internet zu schliessen.
Überprüft wird: Browser, Flash, Java und Adobe Reader Version.

Firefox 17.0 ist aktuell

Flash (11,5,502,110) ist aktuell.

Java ist nicht Installiert oder nicht aktiviert.

Adobe Reader ist nicht installiert oder aktiviert.
Adobe Reader habe ich ja deinstalliert, somit ist das klar.

Unter Start --> Systemsteuerung --> Programme --> finde ich nur Java (32-Bit) ist das richtig so?

Im "Java Control Panel" ist unter "Erweitert" eine Haken bei "Standard-Java für Browser" im Kästchen "Mozilla-Familie".


Alt 30.11.2012, 15:44   #14
ryder
/// TB-Ausbilder
 
click to continue by savings sidekick - Standard

click to continue by savings sidekick



Systemsteuerung > Java (oft unterhalb von Programme)
__________________
Digitale Freibeuter gegen Malware!
Keine Hilfe per PM!

Alt 30.11.2012, 21:16   #15
Hele
 
click to continue by savings sidekick - Standard

click to continue by savings sidekick



Ja, hatte ich schon gefunden.

Ich habe ja diese Version installiert:
Windows 7 Service Pack 1 x64 NTFS

Es befindet sich nur die Java (32-Bit) Version unter Start --> Systemsteuerung --> Programme -->

Geändert von Hele (30.11.2012 um 22:15 Uhr)

Antwort

Themen zu click to continue by savings sidekick
7-zip, antivir, avg secure search, avg security toolbar, avira, avira searchfree toolbar, bonjour, browser, browser manager, cid, continue, converter, error, euro, fehler, firefox, flash player, format, helper, home, ibupdaterservice, install.exe, logfile, microsoft office 2003, mozilla, mp3, office 2007, realtek, registry, rundll, savings, scan, secure search, security, server, sidekick, software, svchost.exe, tablet, vtoolbarupdater



Ähnliche Themen: click to continue by savings sidekick


  1. Probleme mit Click to save Deal Finder & Click to Continue
    Plagegeister aller Art und deren Bekämpfung - 06.08.2013 (9)
  2. Savings Sidekick (und evtl. noch mehr) auf meinem PC!
    Log-Analyse und Auswertung - 27.07.2013 (11)
  3. Click to Continue entfernen
    Log-Analyse und Auswertung - 16.07.2013 (9)
  4. Savings Sidekick und Babylon object installer gefunden, Rechner verlangsamt, bluescreens
    Log-Analyse und Auswertung - 05.04.2013 (16)
  5. Trojaner Savings Sidekick und Incredibar auf meinem Laptop
    Log-Analyse und Auswertung - 01.04.2013 (16)
  6. click to continue by savings sidekick
    Plagegeister aller Art und deren Bekämpfung - 04.03.2013 (3)
  7. Savings Sidekick auf PC unter Software gefunden, läßt sich nicht restlos entfernen
    Log-Analyse und Auswertung - 12.02.2013 (21)
  8. click and continue zum Zweiten
    Plagegeister aller Art und deren Bekämpfung - 10.02.2013 (15)
  9. Savings Sidekick
    Plagegeister aller Art und deren Bekämpfung - 28.01.2013 (1)
  10. click and continue
    Plagegeister aller Art und deren Bekämpfung - 23.01.2013 (28)
  11. Savings Sidekick wie los werden?
    Plagegeister aller Art und deren Bekämpfung - 13.01.2013 (23)
  12. hilfe savings sidekick
    Log-Analyse und Auswertung - 23.12.2012 (19)
  13. Savings Sidekick entfernen
    Plagegeister aller Art und deren Bekämpfung - 10.12.2012 (1)
  14. Savings Sidekick und ungewollte Links
    Plagegeister aller Art und deren Bekämpfung - 05.12.2012 (13)
  15. Savings Sidekick entfernen?
    Plagegeister aller Art und deren Bekämpfung - 04.12.2012 (7)
  16. Wie entferne ich Savings Sidekick von meinem Rechner?
    Plagegeister aller Art und deren Bekämpfung - 16.11.2012 (5)
  17. Hilfe! Savings Sidekick entfernen..aber wie?
    Plagegeister aller Art und deren Bekämpfung - 05.11.2012 (12)

Zum Thema click to continue by savings sidekick - Hallo liebe Moderatoren, wie so viele habe auch ich immer gehofft Euch nicht zu benötigen. Leider war diese Vermutung ein Trugschluss. Ich habe vor wenigen Tagen im Firefox ein Add-On - click to continue by savings sidekick...
Archiv
Du betrachtest: click to continue by savings sidekick auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.