Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: vlc player änderte browser startseite zu startfenster.com

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 25.12.2012, 14:14   #1
Sbidi
 
vlc player änderte browser startseite zu startfenster.com - Icon27

vlc player änderte browser startseite zu startfenster.com



Hallo zusammen,
hatte Probleme beim Updaten vom VLC Player.
Danach habe ich ihn deinstalliert und mir die Version 2.0.4 heruntergeladen und installiert, leider von www.vlc.de/.
Nun habe ich keine Ahnung ob jetzt Startfenster.com ein Trojaner ist oder nicht.
Ich habe OTL.exe ausgeführt und stelle nun die zwei Logfiles in mein Thread:

OTL logfile created on: 12/25/2012 1:47:15 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Toni Zbinden\Desktop
Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Schweiz | Language: DES | Date Format: dd.MM.yyyy

1.99 Gb Total Physical Memory | 1.09 Gb Available Physical Memory | 54.67% Memory free
3.98 Gb Paging File | 2.77 Gb Available in Paging File | 69.50% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 85.00 Gb Total Space | 46.27 Gb Free Space | 54.43% Space Free | Partition Type: NTFS
Drive D: | 127.79 Gb Total Space | 126.10 Gb Free Space | 98.68% Space Free | Partition Type: NTFS

Computer Name: TONIS-NETBOOK | User Name: Toni Zbinden | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/12/25 13:43:52 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Toni Zbinden\Desktop\OTL.exe
PRC - [2012/12/25 10:40:27 | 000,916,960 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012/12/17 17:14:14 | 000,059,872 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
PRC - [2012/12/17 17:14:10 | 000,059,872 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Internet Services\BookmarkDAV_client.exe
PRC - [2012/12/17 16:48:14 | 000,059,872 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
PRC - [2012/12/14 10:17:04 | 003,467,768 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
PRC - [2012/12/14 10:17:03 | 009,876,472 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version8\TeamViewer.exe
PRC - [2012/12/14 10:08:24 | 000,190,968 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version8\tv_w32.exe
PRC - [2012/11/28 14:13:16 | 000,059,280 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
PRC - [2012/10/11 04:29:14 | 000,143,928 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Identity Safe\Engine\2013.2.0.18\ccSvcHst.exe
PRC - [2012/10/10 19:29:14 | 000,143,928 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton AntiVirus\Engine\20.2.0.19\ccSvcHst.exe
PRC - [2012/10/04 15:57:58 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2012/07/27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/02/25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/11/20 13:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010/10/26 22:25:10 | 000,319,568 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SolarApp\L4301_Solar.exe
PRC - [2010/07/30 11:40:54 | 000,090,112 | ---- | M] (Clarus, Inc.) -- C:\Program Files\Clarus\Samsung SecretZone\SZAssistSVC.exe
PRC - [2010/06/22 13:29:28 | 000,098,304 | ---- | M] () -- C:\Program Files\Sunrise T@KE AWAY\ModemListener.exe
PRC - [2010/06/17 15:09:02 | 000,040,960 | ---- | M] () -- C:\Program Files\Common Files\DeviceHelper\DeviceManager.exe
PRC - [2010/06/08 08:39:00 | 000,847,360 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
PRC - [2010/06/03 03:42:28 | 002,203,136 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\SFB\SmartRestarter.exe
PRC - [2010/05/06 07:44:44 | 001,749,504 | ---- | M] (SAMSUNG Electronics) -- C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe
PRC - [2010/04/07 19:30:32 | 000,636,192 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
PRC - [2010/03/25 20:44:26 | 001,891,720 | ---- | M] (ELAN Microelectronics Corp.) -- C:\Program Files\Elantech\ETDCtrl.exe
PRC - [2010/02/10 15:29:52 | 000,719,360 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe
PRC - [2010/01/19 03:34:48 | 002,201,192 | ---- | M] (SEC) -- C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe


========== Modules (No Company Name) ==========

MOD - [2012/12/25 10:40:26 | 002,397,152 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2012/05/30 16:51:08 | 000,699,280 | R--- | M] () -- C:\Program Files\Norton Identity Safe\Engine\2013.2.0.18\wincfi39.dll
MOD - [2011/09/27 06:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 06:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/03/16 23:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010/06/22 13:29:28 | 000,098,304 | ---- | M] () -- C:\Program Files\Sunrise T@KE AWAY\ModemListener.exe
MOD - [2006/08/12 04:48:40 | 000,049,152 | ---- | M] () -- C:\Program Files\Samsung\Easy Display Manager\HookDllPS2.dll


========== Services (SafeList) ==========

SRV - [2012/12/25 11:32:27 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/12/25 10:40:26 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/12/14 10:17:04 | 003,467,768 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe -- (TeamViewer8)
SRV - [2012/10/11 04:29:14 | 000,143,928 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton Identity Safe\Engine\2013.2.0.18\ccSvcHst.exe -- (NCO)
SRV - [2012/10/10 19:29:14 | 000,143,928 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton AntiVirus\Engine\20.2.0.19\ccSvcHst.exe -- (NAV)
SRV - [2012/09/20 13:28:48 | 030,785,672 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2012/08/23 13:59:56 | 000,701,288 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Users\Toni Zbinden\AppData\Local\Temp\7zS3571\hpslpsvc32.dll -- (HPSLPSVC)
SRV - [2012/07/27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/06/08 12:02:00 | 000,633,856 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2010/10/26 22:25:10 | 000,319,568 | ---- | M] (Logitech, Inc.) [Auto | Running] -- C:\Program Files\Logitech\SolarApp\L4301_Solar.exe -- (L4301_Solar)
SRV - [2010/07/30 11:40:54 | 000,090,112 | ---- | M] (Clarus, Inc.) [Auto | Running] -- C:\Program Files\Clarus\Samsung SecretZone\SZAssistSVC.exe -- (SZASSIST)
SRV - [2010/06/17 15:09:02 | 000,040,960 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\DeviceHelper\DeviceManager.exe -- (DeviceManager)
SRV - [2010/04/07 19:30:32 | 000,636,192 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2009/07/14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\sxuptp.sys -- (sxuptp)
DRV - [2012/11/09 16:44:06 | 000,386,720 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.2.0.19\Definitions\IPSDefs\20121222.001\IDSvix86.sys -- (IDSVix86)
DRV - [2012/11/01 23:45:29 | 000,142,496 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2012/11/01 01:00:00 | 001,601,184 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.2.0.19\Definitions\VirusDefs\20121224.025\NAVEX15.SYS -- (NAVEX15)
DRV - [2012/11/01 01:00:00 | 000,092,704 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.2.0.19\Definitions\VirusDefs\20121224.025\NAVENG.SYS -- (NAVENG)
DRV - [2012/10/24 00:34:24 | 000,995,488 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.2.0.19\Definitions\BASHDefs\20121130.005\BHDrvx86.sys -- (BHDrvx86)
DRV - [2012/10/08 18:00:02 | 000,586,400 | R--- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\NAV\1402000.013\srtsp.sys -- (SRTSP)
DRV - [2012/10/04 03:19:14 | 000,134,304 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NST\7DD02000.012\ccSetx86.sys -- (ccSet_NST)
DRV - [2012/10/03 18:40:36 | 000,927,904 | R--- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\System32\drivers\NAV\1402000.013\SymEFA.sys -- (SymEFA)
DRV - [2012/10/03 18:40:20 | 000,368,288 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\NAV\1402000.013\SymDS.sys -- (SymDS)
DRV - [2012/10/03 18:19:14 | 000,134,304 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NAV\1402000.013\ccSetx86.sys -- (ccSet_NAV)
DRV - [2012/09/06 19:05:14 | 000,338,592 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NAV\1402000.013\symnets.sys -- (SymNetS)
DRV - [2012/09/06 18:48:08 | 000,175,264 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NAV\1402000.013\Ironx86.sys -- (SymIRON)
DRV - [2012/09/06 18:40:52 | 000,032,888 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NAV\1402000.013\srtspx.sys -- (SRTSPX)
DRV - [2012/08/23 15:44:32 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2012/08/23 15:40:25 | 000,049,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2012/08/19 12:20:27 | 000,376,480 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2012/08/19 12:20:27 | 000,106,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/09/28 17:03:06 | 000,061,312 | ---- | M] (Silicon Laboratories) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\silabser.sys -- (silabser)
DRV - [2011/05/18 09:12:38 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2011/05/18 09:12:36 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2011/05/18 09:12:32 | 000,023,168 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2011/05/18 09:12:28 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2011/05/18 09:09:48 | 000,137,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdnsu.sys -- (nmwcdnsu)
DRV - [2011/05/18 09:09:48 | 000,008,576 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdnsuc.sys -- (nmwcdnsuc)
DRV - [2011/01/27 19:18:32 | 000,047,176 | ---- | M] (Silicon Laboratories) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\silabenm.sys -- (silabenm)
DRV - [2010/11/20 10:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/05 23:03:48 | 000,015,656 | ---- | M] (Windows (R) 2003 DDK 3790 provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rtport.sys -- (rtport)
DRV - [2010/07/08 09:28:46 | 000,322,336 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7)
DRV - [2010/06/17 16:09:04 | 000,105,344 | ---- | M] (TCT International Mobile Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\jrdusbser.sys -- (jrdusbser)
DRV - [2010/06/14 14:14:48 | 000,064,512 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files\Clarus\Samsung SecretZone\mvd21.sys -- (mvd21)
DRV - [2010/03/18 16:24:34 | 000,012,288 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files\Clarus\Samsung SecretZone\mdf15.sys -- (mdf15)
DRV - [2009/07/14 01:18:07 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV - [2009/07/14 00:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/06/17 17:56:16 | 000,037,392 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2009/06/17 17:56:06 | 000,035,472 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2009/06/17 17:55:58 | 000,010,384 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidEqd.sys -- (LHidEqd)
DRV - [2009/06/17 17:55:50 | 000,040,720 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LEqdUsb.sys -- (LEqdUsb)
DRV - [2008/08/26 09:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008/04/08 14:41:32 | 000,140,832 | R--- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\USB_0064.sys -- (DVBUSB_0064_Sevice)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=SMSTDF&pc=MASM&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2117678


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1076387279-2608573375-2991349267-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://samsung.msn.com
IE - HKU\S-1-5-21-1076387279-2608573375-2991349267-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bluewin.ch/
IE - HKU\S-1-5-21-1076387279-2608573375-2991349267-1000\..\URLSearchHook: {c2db4fe6-8409-45ce-8010-189a7b5cce86} - No CLSID value found
IE - HKU\S-1-5-21-1076387279-2608573375-2991349267-1000\..\SearchScopes,DefaultScope = {E7D23707-11E5-4A4E-83AD-EFE288C0B30E}
IE - HKU\S-1-5-21-1076387279-2608573375-2991349267-1000\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2117678
IE - HKU\S-1-5-21-1076387279-2608573375-2991349267-1000\..\SearchScopes\{E7D23707-11E5-4A4E-83AD-EFE288C0B30E}: "URL" = hxxp://www.google.de/search?q={searchTerms}
IE - HKU\S-1-5-21-1076387279-2608573375-2991349267-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1076387279-2608573375-2991349267-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-21-1076387279-2608573375-2991349267-501\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://samsung.msn.com
IE - HKU\S-1-5-21-1076387279-2608573375-2991349267-501\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://samsung.msn.com
IE - HKU\S-1-5-21-1076387279-2608573375-2991349267-501\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultthis.engineName: "NCH Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2117678&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.startup.homepage: "hxxp://www.startfenster.com"
FF - prefs.js..extensions.enabledAddons: %7B9AA46F4F-4DC7-4c06-97AF-5035170634FE%7D:5.0.3
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1
FF - prefs.js..extensions.enabledItems: {c2db4fe6-8409-45ce-8010-189a7b5cce86}:2.7.2.0
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2117678&q="
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32_11_5_502_135.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Program Files\TVUPlayer\npTVUAx.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.2.0.19\IPSFFPlgn\ [2012/11/11 06:49:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F04D2D30-776C-4d02-8627-8E4385ECA58D}: C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2013.2.0.18\coFFPlgn\ [2012/12/25 11:44:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/12/25 10:40:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/12/02 19:25:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2011/09/30 09:32:48 | 000,000,000 | ---D | M]

[2011/01/03 00:29:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Toni Zbinden\AppData\Roaming\mozilla\Extensions
[2012/12/25 10:38:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Toni Zbinden\AppData\Roaming\mozilla\Firefox\Profiles\eywv22kj.default\extensions
[2011/06/05 11:24:36 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Toni Zbinden\AppData\Roaming\mozilla\Firefox\Profiles\eywv22kj.default\extensions\engine@conduit.com
[2012/12/25 10:38:44 | 000,109,804 | ---- | M] () (No name found) -- C:\Users\Toni Zbinden\AppData\Roaming\mozilla\firefox\profiles\eywv22kj.default\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}.xpi
[2011/01/17 14:40:58 | 000,000,909 | ---- | M] () -- C:\Users\Toni Zbinden\AppData\Roaming\mozilla\firefox\profiles\eywv22kj.default\searchplugins\conduit.xml
[2012/04/09 16:33:24 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/12/25 10:40:28 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/03/12 14:47:55 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012/12/25 10:40:20 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012/12/25 10:40:20 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/12/25 10:40:20 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012/12/25 10:40:20 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012/12/25 10:40:20 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012/12/25 10:40:20 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2009/06/10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\20.2.0.19\IPS\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Norton Identity Protection) - {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} - C:\Program Files\Norton Identity Safe\Engine\2013.2.0.18\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Norton Identity Safe Toolbar) - {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files\Norton Identity Safe\Engine\2013.2.0.18\CoIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\windows\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [Logitech Download Assistant] C:\windows\System32\LogiLDA.dll (Logitech, Inc.)
O4 - HKLM..\Run: [ModemListener] C:\Program Files\Sunrise T@KE AWAY\ModemListener.exe ()
O4 - HKU\.DEFAULT..\Run: [Duden Korrektor SysTray] C:\Program Files\Duden\Duden Korrektor\DKTray.exe (Expert System S.p.A.)
O4 - HKU\S-1-5-18..\Run: [Duden Korrektor SysTray] C:\Program Files\Duden\Duden Korrektor\DKTray.exe (Expert System S.p.A.)
O4 - HKU\S-1-5-21-1076387279-2608573375-2991349267-1000..\Run: [] File not found
O4 - HKU\S-1-5-21-1076387279-2608573375-2991349267-1000..\Run: [ApplePhotoStreams] C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.)
O4 - HKU\S-1-5-21-1076387279-2608573375-2991349267-1000..\Run: [com.apple.dav.bookmarks.daemon] C:\Program Files\Common Files\Apple\Internet Services\BookmarkDAV_client.exe (Apple Inc.)
O4 - HKU\S-1-5-21-1076387279-2608573375-2991349267-1000..\Run: [iCloudServices] C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)
O4 - HKU\S-1-5-21-1076387279-2608573375-2991349267-1000..\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe File not found
O4 - HKU\S-1-5-21-1076387279-2608573375-2991349267-1000..\Run: [Remote Control Editor] "C:\Program Files\Common Files\TerraTec\Remote\TTTvRc.exe" File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: An OneNote s&enden - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} hxxp://www.koch.ch/Katalog/smsx.cab (MeadCo ScriptX)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.60.61.246 212.60.63.246
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{468F1D40-86A8-462E-91C0-6F7815098840}: DhcpNameServer = 212.60.61.246 212.60.63.246
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9C0654CE-56F1-4980-B57C-8D7BDE734E0A}: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{48f594b6-f414-11e0-854e-002454ea03f6}\Shell - "" = AutoRun
O33 - MountPoints2\{48f594b6-f414-11e0-854e-002454ea03f6}\Shell\AutoRun\command - "" = E:\setup.exe /AUTORUN
O33 - MountPoints2\{48f594b6-f414-11e0-854e-002454ea03f6}\Shell\configure\command - "" = E:\setup.exe
O33 - MountPoints2\{48f594b6-f414-11e0-854e-002454ea03f6}\Shell\install\command - "" = E:\setup.exe
O33 - MountPoints2\{ba8be99b-0dd7-11e0-8ee1-001bb166b6a2}\Shell - "" = AutoRun
O33 - MountPoints2\{ba8be99b-0dd7-11e0-8ee1-001bb166b6a2}\Shell\AutoRun\command - "" = E:\autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe - (Broadcom Corporation.)
MsConfig - StartUpReg: BCSSync - hkey= - key= - C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
MsConfig - StartUpReg: ModemListener - hkey= - key= - C:\Program Files\Sunrise T@KE AWAY\ModemListener.exe ()
MsConfig - StartUpReg: NokiaMServer - hkey= - key= - C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe (Nokia)
MsConfig - StartUpReg: NokiaOviSuite2 - hkey= - key= - C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe (Nokia)
MsConfig - StartUpReg: start_sunrise volumecounter - hkey= - key= - File not found

SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS - File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5A604D2C-E968-429B-8327-62B5CE52126D} - .NET Framework
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\windows\System32\iccvid.dll (Radius Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/12/25 13:43:47 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Toni Zbinden\Desktop\OTL.exe
[2012/12/25 12:36:22 | 000,000,000 | ---D | C] -- C:\Users\Toni Zbinden\Doctor Web
[2012/12/25 10:48:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/12/25 10:47:25 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/12/25 10:47:23 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012/12/25 10:47:23 | 000,000,000 | ---D | C] -- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2012/12/25 10:40:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012/12/25 10:40:34 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2012/12/02 19:25:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2012/12/02 19:24:50 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime

========== Files - Modified Within 30 Days ==========

[2012/12/25 13:49:01 | 000,001,110 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/12/25 13:49:01 | 000,001,106 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/12/25 13:43:52 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Toni Zbinden\Desktop\OTL.exe
[2012/12/25 13:32:18 | 000,000,884 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2012/12/25 12:33:15 | 107,296,720 | ---- | M] () -- C:\Users\Toni Zbinden\Desktop\zgb5zjh2.exe
[2012/12/25 11:55:11 | 000,001,198 | ---- | M] () -- C:\Users\Toni Zbinden\Desktop\Startfenster.lnk
[2012/12/25 11:52:09 | 000,010,272 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/12/25 11:52:09 | 000,010,272 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/12/25 11:44:22 | 000,065,536 | ---- | M] () -- C:\windows\System32\Ikeext.etl
[2012/12/25 11:43:58 | 000,453,352 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT
[2012/12/25 11:43:49 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012/12/25 11:43:00 | 2136,260,608 | -HS- | M] () -- C:\hiberfil.sys
[2012/12/25 10:48:34 | 000,001,713 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/12/02 19:25:12 | 000,001,775 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2012/11/28 05:33:40 | 000,699,566 | ---- | M] () -- C:\windows\System32\perfh010.dat
[2012/11/28 05:33:40 | 000,674,544 | ---- | M] () -- C:\windows\System32\perfh007.dat
[2012/11/28 05:33:40 | 000,633,294 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2012/11/28 05:33:40 | 000,140,076 | ---- | M] () -- C:\windows\System32\perfc007.dat
[2012/11/28 05:33:40 | 000,132,426 | ---- | M] () -- C:\windows\System32\perfc010.dat
[2012/11/28 05:33:40 | 000,114,536 | ---- | M] () -- C:\windows\System32\perfc009.dat

========== Files Created - No Company Name ==========

[2012/12/25 12:31:53 | 107,296,720 | ---- | C] () -- C:\Users\Toni Zbinden\Desktop\zgb5zjh2.exe
[2012/12/25 11:55:11 | 000,001,198 | ---- | C] () -- C:\Users\Toni Zbinden\Desktop\Startfenster.lnk
[2012/12/25 11:28:49 | 000,001,020 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 8.lnk
[2012/12/25 10:48:34 | 000,001,713 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/12/02 19:25:12 | 000,001,775 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2012/11/11 20:59:18 | 000,009,042 | ---- | C] () -- C:\Users\Toni Zbinden\SunriseTVKonfiguration.pdf
[2012/09/29 15:57:27 | 000,008,704 | ---- | C] () -- C:\windows\System32\CNMVS79.DLL
[2012/09/08 07:58:54 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2012/08/19 13:52:00 | 000,335,478 | ---- | C] () -- C:\windows\System32\perfi010.dat
[2012/08/19 13:51:59 | 000,699,566 | ---- | C] () -- C:\windows\System32\perfh010.dat
[2012/08/19 13:51:59 | 000,132,426 | ---- | C] () -- C:\windows\System32\perfc010.dat
[2012/08/19 13:51:59 | 000,037,534 | ---- | C] () -- C:\windows\System32\perfd010.dat
[2012/01/18 21:43:44 | 000,007,605 | ---- | C] () -- C:\Users\Toni Zbinden\AppData\Local\Resmon.ResmonCfg
[2011/10/11 20:04:22 | 000,000,100 | ---- | C] () -- C:\Users\Toni Zbinden\AppData\Local\fusioncache.dat
[2011/07/29 05:06:24 | 000,140,832 | R--- | C] () -- C:\windows\System32\drivers\USB_0064.sys
[2011/01/07 12:11:46 | 000,038,912 | ---- | C] () -- C:\windows\System32\FirmwareRecovery.exe
[2011/01/04 13:17:12 | 000,237,637 | ---- | C] () -- C:\windows\System32\nbt.exe
[2010/12/24 01:20:35 | 000,003,584 | ---- | C] () -- C:\Users\Toni Zbinden\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/12/23 09:48:04 | 000,001,024 | ---- | C] () -- C:\Users\Toni Zbinden\.rnd
[2010/12/22 07:32:33 | 000,015,428 | ---- | C] () -- C:\Users\Toni Zbinden\RefEdit.exd
[2010/12/21 00:31:06 | 000,131,368 | ---- | C] () -- C:\ProgramData\FullRemove.exe

========== ZeroAccess Check ==========

[2009/07/14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2011/03/23 12:06:48 | 000,000,000 | ---D | M] -- C:\Users\Toni Zbinden\AppData\Roaming\Canneverbe Limited
[2011/03/23 11:42:53 | 000,000,000 | ---D | M] -- C:\Users\Toni Zbinden\AppData\Roaming\DeepBurner
[2011/03/14 10:34:00 | 000,000,000 | ---D | M] -- C:\Users\Toni Zbinden\AppData\Roaming\Duden
[2011/03/28 10:33:36 | 000,000,000 | ---D | M] -- C:\Users\Toni Zbinden\AppData\Roaming\DVDVideoSoft
[2011/05/01 12:51:33 | 000,000,000 | ---D | M] -- C:\Users\Toni Zbinden\AppData\Roaming\GetRightToGo
[2010/12/30 09:23:04 | 000,000,000 | ---D | M] -- C:\Users\Toni Zbinden\AppData\Roaming\Leadertech
[2011/09/30 15:15:04 | 000,000,000 | ---D | M] -- C:\Users\Toni Zbinden\AppData\Roaming\Nokia
[2011/09/30 15:15:08 | 000,000,000 | ---D | M] -- C:\Users\Toni Zbinden\AppData\Roaming\Nokia Ovi Suite
[2011/11/01 12:46:51 | 000,000,000 | ---D | M] -- C:\Users\Toni Zbinden\AppData\Roaming\PC Suite
[2012/09/27 09:12:14 | 000,000,000 | ---D | M] -- C:\Users\Toni Zbinden\AppData\Roaming\TeamViewer
[2011/11/19 11:25:18 | 000,000,000 | ---D | M] -- C:\Users\Toni Zbinden\AppData\Roaming\TerraTec
[2011/01/13 21:49:29 | 000,000,000 | ---D | M] -- C:\Users\Toni Zbinden\AppData\Roaming\Tific

========== Purity Check ==========



========== Custom Scans ==========

< %ALLUSERSPROFILE%\Application Data\*. >

< %ALLUSERSPROFILE%\Application Data\*.exe /s >

< %APPDATA%\*. >
[2011/05/12 12:57:29 | 000,000,000 | ---D | M] -- C:\Users\Toni Zbinden\AppData\Roaming\Adobe
[2012/03/12 12:47:07 | 000,000,000 | ---D | M] -- C:\Users\Toni Zbinden\AppData\Roaming\Apple Computer
[2011/03/14 08:41:57 | 000,000,000 | ---D | M] -- C:\Users\Toni Zbinden\AppData\Roaming\Brother
[2011/03/23 12:06:48 | 000,000,000 | ---D | M] -- C:\Users\Toni Zbinden\AppData\Roaming\Canneverbe Limited
[2011/03/23 11:42:53 | 000,000,000 | ---D | M] -- C:\Users\Toni Zbinden\AppData\Roaming\DeepBurner
[2011/03/14 10:34:00 | 000,000,000 | ---D | M] -- C:\Users\Toni Zbinden\AppData\Roaming\Duden
[2011/10/25 20:59:59 | 000,000,000 | ---D | M] -- C:\Users\Toni Zbinden\AppData\Roaming\dvdcss
[2011/03/28 10:33:36 | 000,000,000 | ---D | M] -- C:\Users\Toni Zbinden\AppData\Roaming\DVDVideoSoft
[2011/05/01 12:51:33 | 000,000,000 | ---D | M] -- C:\Users\Toni Zbinden\AppData\Roaming\GetRightToGo
[2012/09/08 08:18:18 | 000,000,000 | ---D | M] -- C:\Users\Toni Zbinden\AppData\Roaming\HpUpdate
[2010/12/21 00:49:25 | 000,000,000 | ---D | M] -- C:\Users\Toni Zbinden\AppData\Roaming\Identities
[2011/06/24 18:48:35 | 000,000,000 | ---D | M] -- C:\Users\Toni Zbinden\AppData\Roaming\InstallShield
[2010/12/30 09:23:04 | 000,000,000 | ---D | M] -- C:\Users\Toni Zbinden\AppData\Roaming\Leadertech
[2011/12/27 17:34:52 | 000,000,000 | ---D | M] -- C:\Users\Toni Zbinden\AppData\Roaming\Logishrd
[2011/12/27 17:34:52 | 000,000,000 | ---D | M] -- C:\Users\Toni Zbinden\AppData\Roaming\Logitech
[2010/12/20 21:13:54 | 000,000,000 | ---D | M] -- C:\Users\Toni Zbinden\AppData\Roaming\Macromedia
[2012/12/10 18:21:48 | 000,000,000 | --SD | M] -- C:\Users\Toni Zbinden\AppData\Roaming\Microsoft
[2011/01/03 00:29:05 | 000,000,000 | ---D | M] -- C:\Users\Toni Zbinden\AppData\Roaming\Mozilla
[2011/02/15 13:45:56 | 000,000,000 | ---D | M] -- C:\Users\Toni Zbinden\AppData\Roaming\NCH Software
[2010/12/31 07:54:45 | 000,000,000 | ---D | M] -- C:\Users\Toni Zbinden\AppData\Roaming\Nero
[2011/09/30 15:15:04 | 000,000,000 | ---D | M] -- C:\Users\Toni Zbinden\AppData\Roaming\Nokia
[2011/09/30 15:15:08 | 000,000,000 | ---D | M] -- C:\Users\Toni Zbinden\AppData\Roaming\Nokia Ovi Suite
[2011/11/01 12:46:51 | 000,000,000 | ---D | M] -- C:\Users\Toni Zbinden\AppData\Roaming\PC Suite
[2011/02/16 22:20:18 | 000,000,000 | ---D | M] -- C:\Users\Toni Zbinden\AppData\Roaming\Real
[2010/12/23 10:56:25 | 000,000,000 | ---D | M] -- C:\Users\Toni Zbinden\AppData\Roaming\Skype
[2012/09/27 09:12:14 | 000,000,000 | ---D | M] -- C:\Users\Toni Zbinden\AppData\Roaming\TeamViewer
[2011/11/19 11:25:18 | 000,000,000 | ---D | M] -- C:\Users\Toni Zbinden\AppData\Roaming\TerraTec
[2011/01/13 21:49:29 | 000,000,000 | ---D | M] -- C:\Users\Toni Zbinden\AppData\Roaming\Tific

< %APPDATA%\*.exe /s >
[2011/03/14 10:47:51 | 000,065,536 | R--- | M] (InstallShield Software Corp.) -- C:\Users\Toni Zbinden\AppData\Roaming\Microsoft\Installer\{3DAE6568-A917-4CE5-A26A-73CDBFC50A24}\ARPPRODUCTICON.exe
[2011/03/14 10:47:51 | 000,065,536 | R--- | M] (InstallShield Software Corp.) -- C:\Users\Toni Zbinden\AppData\Roaming\Microsoft\Installer\{3DAE6568-A917-4CE5-A26A-73CDBFC50A24}\NewShortcut1_D216F3B2761946D6B253BD0528BFB287.exe
[2011/03/14 10:47:51 | 000,335,872 | R--- | M] (InstallShield Software Corp.) -- C:\Users\Toni Zbinden\AppData\Roaming\Microsoft\Installer\{3DAE6568-A917-4CE5-A26A-73CDBFC50A24}\NewShortcut2_D216F3B2761946D6B253BD0528BFB287.exe
[2011/03/14 10:47:51 | 000,073,728 | R--- | M] (InstallShield Software Corp.) -- C:\Users\Toni Zbinden\AppData\Roaming\Microsoft\Installer\{3DAE6568-A917-4CE5-A26A-73CDBFC50A24}\NewShortcut5_D216F3B2761946D6B253BD0528BFB287.exe
[2011/03/14 10:47:51 | 000,069,632 | R--- | M] (InstallShield Software Corp.) -- C:\Users\Toni Zbinden\AppData\Roaming\Microsoft\Installer\{3DAE6568-A917-4CE5-A26A-73CDBFC50A24}\NewShortcut7_D216F3B2761946D6B253BD0528BFB287.exe
[2010/12/30 10:27:18 | 000,053,248 | R--- | M] (Acresso Software Inc.) -- C:\Users\Toni Zbinden\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe

< %SYSTEMDRIVE%\*.exe >

< MD5 for: AGP440.SYS >
[2009/07/14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009/07/14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\AGP440.sys
[2009/07/14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009/07/14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009/07/14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys
[2009/07/14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2009/07/14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009/07/14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll

< MD5 for: IASTOR.SYS >
[2009/06/04 10:54:36 | 000,408,600 | ---- | M] (Intel Corporation) MD5=1D004CB1DA6323B1F55CAEF7F94B61D9 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys
[2009/06/04 10:43:16 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver\IaStor.sys
[2009/06/04 10:43:16 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- C:\Windows\System32\drivers\iaStor.sys
[2009/06/04 10:43:16 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_x86_neutral_c1f15fc3e546800a\iaStor.sys

< MD5 for: IASTORV.SYS >
[2011/03/11 06:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\drivers\iaStorV.sys
[2011/03/11 06:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0bcee2057afcc090\iaStorV.sys
[2011/03/11 06:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys
[2011/03/11 06:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys
[2010/11/20 13:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_668286aa35d55928\iaStorV.sys
[2010/11/20 13:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2010/11/20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\System32\netlogon.dll
[2010/11/20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2011/03/11 06:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\drivers\nvstor.sys
[2011/03/11 06:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_0276fc3b3ea60d41\nvstor.sys
[2011/03/11 06:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys
[2011/03/11 06:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys
[2010/11/20 13:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_dd659ed032d28a14\nvstor.sys
[2010/11/20 13:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys

< MD5 for: SCECLI.DLL >
[2010/11/20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\System32\scecli.dll
[2010/11/20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll

< MD5 for: USER32.DLL >
[2010/11/20 13:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\System32\user32.dll
[2010/11/20 13:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll

< MD5 for: USERINIT.EXE >
[2010/11/20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010/11/20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe

< MD5 for: WININIT.EXE >
[2009/07/14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe
[2009/07/14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe

< MD5 for: WINLOGON.EXE >
[2010/11/20 13:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010/11/20 13:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe

< MD5 for: WS2IFSL.SYS >
[2009/07/14 00:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2009/07/14 00:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\*.* >
[2012/07/30 19:04:48 | 000,000,174 | -HS- | M] () -- C:\Users\Toni Zbinden\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini

< %APPDATA%\*AcroIEH*.* >

< %APPDATA%\*.exe >

< %APPDATA%\*.tmp >

========== Alternate Data Streams ==========

@Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:798A3728
@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:8530A643

< End of report >

OTL Extras:
OTL Extras logfile created on: 12/25/2012 1:47:15 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Toni Zbinden\Desktop
Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Schweiz | Language: DES | Date Format: dd.MM.yyyy

1.99 Gb Total Physical Memory | 1.09 Gb Available Physical Memory | 54.67% Memory free
3.98 Gb Paging File | 2.77 Gb Available in Paging File | 69.50% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 85.00 Gb Total Space | 46.27 Gb Free Space | 54.43% Space Free | Partition Type: NTFS
Drive D: | 127.79 Gb Total Space | 126.10 Gb Free Space | 98.68% Space Free | Partition Type: NTFS

Computer Name: TONIS-NETBOOK | User Name: Toni Zbinden | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1076387279-2608573375-2991349267-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{047B0AD2-A48B-4D84-93D5-4FF7BE84A240}" = lport=2869 | protocol=6 | dir=in | app=system |
"{057598F0-6C5A-479A-AC7A-6F3D83E75D4A}" = lport=1935 | protocol=6 | dir=in | name=broadcam video streaming server flash video server |
"{08565CA5-9CD5-424A-9329-D166D8427913}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{0B89A19F-C725-4E6D-B813-47C8DEF354A3}" = lport=86 | protocol=6 | dir=in | name=broadcam video streaming server web server |
"{0CD5C8AD-DA1D-48A3-B724-575D6D9F1B5A}" = rport=139 | protocol=6 | dir=out | app=system |
"{0F61BC04-2FAC-4BA0-BD6D-FC4F3E740B6F}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{13700F95-BE6C-45C9-A868-7A9A893B9EC2}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{14500E3C-D231-4D38-A638-11C871D93497}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{1A5FCDA0-549E-484A-BD5B-210445C69C5E}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{1D6C7136-5263-4021-A002-1D82BDF8D9ED}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{21753F0C-F803-49FE-9F1F-3F98366A1843}" = lport=10245 | protocol=6 | dir=in | app=system |
"{30421562-4F55-45C6-9A4D-45B0D4C9F737}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe |
"{31498937-D600-4D35-BBC7-0ED82376F7F5}" = rport=137 | protocol=17 | dir=out | app=system |
"{34796AD9-1F6F-49B6-B853-EB8CBF18CBD8}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{347A73A9-C19B-40E5-9A8D-4A1C7CD3DEEC}" = rport=10243 | protocol=6 | dir=out | app=system |
"{35EF45CB-8C84-4849-BA4B-16429A79EBBD}" = lport=137 | protocol=17 | dir=in | app=system |
"{413C9DB5-61FB-46B1-97EA-F5F3FA673663}" = lport=445 | protocol=6 | dir=in | app=system |
"{4888D39D-A45B-484C-8DD6-54F714EBE14C}" = lport=10243 | protocol=6 | dir=in | app=system |
"{4A009D76-EF86-4688-8F16-31A66197EFFD}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{68D51BAE-831D-415B-95B2-6B26D04EF5F5}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{77EEBFA0-D3E5-4B6A-85B4-F5564692D20D}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{7ABFF406-BDE0-41EA-9DF3-E09B96013688}" = lport=138 | protocol=17 | dir=in | app=system |
"{7EBEE42C-8C98-42FB-A4FB-C721AB0C2100}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7EF7CD88-83B4-4B9F-B5B8-897F7E77D2EA}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{8C02292B-3204-44A9-B679-93134EC06038}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{9343ED7C-4281-4163-9FC4-B4BB798C2368}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{AAD695AC-96D8-4A2A-8AB3-196F45D9D55B}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B010A2F4-9818-45F4-BE51-615BC91163A4}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{B0497EF0-A857-4118-B3FE-C8B4DDD86640}" = lport=2869 | protocol=6 | dir=in | app=system |
"{B70B4F02-2ED4-4668-9962-E1F843E2770C}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{BAF8AA0F-B981-4CFC-9B7F-35DA9AAE2657}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{C9F04C83-F503-4E13-B655-E074DABDECD0}" = lport=139 | protocol=6 | dir=in | app=system |
"{CA071383-CF05-4918-AEA4-0D2FC3B8C404}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{DBBA8526-E7AD-4E59-8E26-B7106E1CEB46}" = rport=445 | protocol=6 | dir=out | app=system |
"{DD84F9F0-A0CE-419A-BBDB-CEBA43B4965D}" = rport=138 | protocol=17 | dir=out | app=system |
"{ED03AB94-C85E-401E-8439-86CD32EAA850}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{EDDC7D86-20C9-48A3-90B2-8C40ECA91385}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F2F8A029-FCB2-4EF7-B7A3-4ED1A1A36663}" = lport=4100 | protocol=17 | dir=in | name=upnp router control port |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{06739A64-8701-460A-A8E5-79E45B96E549}" = protocol=17 | dir=in | app=c:\program files\terratec\terratec home cinema\cinergydvr.exe |
"{09C6964C-CB6A-4FF6-9E5E-90E9E29B42E0}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{12F1B3DF-67C0-49AD-82A4-A8F9C509F5D7}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{1FD0279D-6F48-4E09-AD58-F60191BF15D2}" = protocol=6 | dir=in | app=c:\program files\terratec\terratec home cinema\tvtvsetup\tvtv_wizard.exe |
"{22D4ABDE-279D-4DF2-99CA-B58CECD66682}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{31E4D458-2285-476B-BB07-0F27135FEA81}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{35F07505-37D4-4D41-AA26-0E5B2316FBB8}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{363C1C03-8060-46D8-B729-2C30DF52A223}" = protocol=17 | dir=in | app=c:\users\toni zbinden\appdata\local\temp\{ffd8adc8-5124-416e-9844-86e94f4a9e18}\{63b9bab5-f36a-4a3b-9e5c-68a7f212bfb9}\insttool.exe |
"{40DB92CD-5FD3-4BD4-A1F5-C0D6F3339B80}" = protocol=17 | dir=in | app=c:\program files\terratec\terratec home cinema\versioncheck\versioncheck.exe |
"{53B36D63-ABD3-4EB0-ABAC-54E2BDFFE4B7}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{548FA224-A262-4D5C-BC92-45A8C4954F57}" = protocol=17 | dir=in | app=c:\users\toni zbinden\appdata\local\temp\7zs3571\hppiw.exe |
"{5B9EDE68-49D7-4ABE-B478-32BF6BC710CA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{5BEE99F6-DF6E-4E4A-9D67-8D8CED42762E}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{61EDF81C-F3FC-42C0-ADB0-F8DA2E425167}" = dir=in | app=c:\program files\nokia\nokia ovi suite\nokiaovisuite.exe |
"{620B79EE-A500-4815-81E8-860DE3D8B1EA}" = protocol=6 | dir=in | app=c:\users\toni zbinden\appdata\local\temp\7zs3571\hppiw.exe |
"{6BA153D5-514A-4FE7-8BF6-70CC7398AC3D}" = protocol=6 | dir=in | app=c:\users\toni zbinden\appdata\local\temp\{ffd8adc8-5124-416e-9844-86e94f4a9e18}\{63b9bab5-f36a-4a3b-9e5c-68a7f212bfb9}\insttool.exe |
"{6EE14AF7-5E22-4CDA-9DAA-3584A0CE44BC}" = protocol=17 | dir=in | app=c:\program files\terratec\terratec home cinema\tvtvsetup\tvtv_wizard.exe |
"{72A7220C-7FFD-4316-93AD-FF11CDEF5EB3}" = protocol=6 | dir=in | app=c:\program files\terratec\terratec home cinema\versioncheck\versioncheck.exe |
"{79ED4177-1EDF-4379-85D2-C2427A0EBB4D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7BC967D6-E07A-4B5B-B300-06064D890ACE}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{7CB301A5-37E7-49B1-B371-32FE3690F97E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{80E48D56-AD76-49BD-86B2-03F1A8511F62}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{83C2BDE3-B941-4629-8555-0ADA2CA5306C}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version8\teamviewer.exe |
"{845609F9-D225-41E9-96C2-C56DAE09F413}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8D225D75-A503-42DA-9B4D-6BF36F2B7109}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{91BF415E-4EE1-432B-A107-64C5AC3EDCC2}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{933B4D28-1C75-42FB-AC99-B9B4622A7E08}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{9779569A-040E-4AA2-8C18-84DFABDBFF03}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{9D87A9D8-D9C1-4045-9A21-8536888C73E1}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A0DE668D-6E91-4E1E-8232-7C75C570FEBF}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version8\teamviewer_service.exe |
"{A5CD4449-E50F-4F78-8597-F2B829FB414F}" = protocol=6 | dir=in | app=c:\program files\terratec\terratec home cinema\cinergydvr.exe |
"{AB7770BD-753E-42B2-BB2C-105513820BC8}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{B0730F7B-4E1D-4BB1-A03A-DB81BA477532}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{B2283929-C8E9-4258-A93F-2504796DD383}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B7C07006-CE68-4173-99B3-DC88B8FF737E}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version8\teamviewer.exe |
"{BC08911F-A3B1-4D26-97A6-8C867C732366}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C6F292D6-5A3A-4830-B3FE-C10B8C26274C}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{C7C73888-BC98-4672-B749-E541AEDB8808}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{CD48EE54-B652-407D-AFE4-2D843D6A703B}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{D28C0AA0-F9E1-455B-9441-9477A6D0F01A}" = dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe |
"{D51EB619-D472-4933-9AA3-A51A371DE2EB}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version8\teamviewer_service.exe |
"{DC5FDFF3-BC67-44E1-A3BD-D99CEAC15DD3}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{DF313FA4-7A88-4665-B9D0-461E3475A38E}" = protocol=6 | dir=out | app=system |
"{EC5CAD1A-3B00-44AC-BFF5-AD4329A14282}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"TCP Query User{0E57C7EB-D99E-47BB-9C22-0429CD87B5CD}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"TCP Query User{1DD55E29-D566-402D-90BC-9082FFB2C9DD}C:\program files\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"TCP Query User{496A1F10-5B3F-4626-AE5C-E800A69AF01C}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"TCP Query User{5822B4E9-8AB2-4DAF-9366-354C08D08516}C:\program files\belkin\home base control center\connect.exe" = protocol=6 | dir=in | app=c:\program files\belkin\home base control center\connect.exe |
"TCP Query User{C5FA58B0-18D5-4F45-9667-AF91032EB957}C:\program files\enigma2tool\enigma2tool.exe" = protocol=6 | dir=in | app=c:\program files\enigma2tool\enigma2tool.exe |
"UDP Query User{1AE47685-AB15-48DF-8294-CAF1FA0F48BD}C:\program files\enigma2tool\enigma2tool.exe" = protocol=17 | dir=in | app=c:\program files\enigma2tool\enigma2tool.exe |
"UDP Query User{3C4BBB31-73E1-475B-B507-C5A3C2880B6C}C:\program files\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"UDP Query User{9B387B5E-DCE2-4448-A2D4-365A144E1852}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"UDP Query User{EC6BAD15-8A1D-4274-95C0-CB38DD54F2B4}C:\program files\belkin\home base control center\connect.exe" = protocol=17 | dir=in | app=c:\program files\belkin\home base control center\connect.exe |
"UDP Query User{F5E2A703-96FD-466A-ACC6-628841FB3B15}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{07D77970-B205-460C-84E4-263F30455597}" = Nokia Ovi Suite
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{12451AF7-EFF8-4B5B-8255-282D7CC7CAEE}" = OviMPlatform
"{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Samsung Recovery Solution 4
"{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Display Manager
"{18AA278D-E0B9-4F99-ACCC-070978A38453}" = Easy Resolution Manager
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{2CC53A53-44F4-4667-8584-2FFC9ACB2242}" = Ovi Desktop Sync Engine
"{2D99A593-C841-43A7-B7C9-D6F3AE70B756}" = Nokia Connectivity Cable Driver
"{2DDC70C1-C77A-4D08-89D2-9AB648504533}" = Easy Content Share
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3DAE6568-A917-4CE5-A26A-73CDBFC50A24}" = Duden Korrektor PLUS Update
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}" = WIDCOMM Bluetooth Software
"{459699C3-9430-4381-964B-4248D87B49F9}" = Apple Mobile Device Support
"{556ADFBF-8CEA-4B4C-BD1B-E276F968E75B}" = Silicon Laboratories CP210x VCP Drivers for Windows XP/2003 Server/Vista/7_3 (c:\SiLabs\MCU\CP210x\Windows_XP_S2K3_Vista_7_3)
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5C6F884D-680C-448B-B4C9-22296EE1B206}" = Logitech Harmony Remote Software 7
"{5DDB3393-E08B-447E-925F-6C00B95D0FE7}" = iCloud
"{607DA1C8-34EC-4D7A-AD83-F8E5C70736DF}" = EasyBatteryManager
"{66491E5A-7899-4863-A2E9-057E10BCB578}" = Samsung SecretZone
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6E554A6F-7BA1-4FCE-ABFA-430A24631111}" = Duden Korrektor Patch 022010
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{74A579FB-EB06-497D-B194-01590D6FE51A}" = BatteryLifeExtender
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77F45ECD-FAFC-45A8-8896-CFFB139DAAA3}" = Fast Booting SW
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{79877D91-91C3-487F-9CD8-5262F2E4FB29}" = Silicon Laboratories CP210x VCP Drivers for Windows XP/2003 Server/Vista/7_2 (c:\SiLabs\MCU\CP210x\Windows_XP_S2K3_Vista_7_2)
"{80F19EAA-44C4-47C2-AE87-1C7628E858D6}" = Logitech Harmony Remote Software 7
"{8471021C-F529-43DE-84DF-3612E10F58C4}" = Remote Control USB Driver
"{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.PROPLUSR_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{92D50865-FC60-4EA8-BA7A-5581B0D13EFB}" = ChargeableUSB
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{99A17B9E-3901-400B-BCD7-2ACD8FFE328B}" = System Requirements Lab for Intel
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A498D9EB-927B-459B-85D6-DD6EF8C2C564}" = erLT
"{A5C8BFF2-0044-4500-8BB5-BEB0D2335885}" = REALTEK PCIE Wireless LAN Software
"{A7496F46-78AE-4DB2-BCF5-95F210FA6F96}" = Windows Live Movie Maker
"{A8F7FCEF-3CA6-4CE9-8FEA-8BB18F8686F0}" = Nokia Ovi Suite Software Updater
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B0261E53-B6F1-474A-864B-E7C3CBF468E0}" = iTunes
"{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}" = User Guide
"{C373F7C4-05D2-4047-96D1-6AF30661C6AA}" = PC Connectivity Solution
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C6799E87-8D43-4058-BC5F-F03D6346789C}" = Silicon Laboratories CP210x VCP Drivers for Windows XP/2003 Server/Vista/7
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support
"{D1434266-0486-4469-B338-A60082CC04E1}" = Atheros Client Installation Program
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D3F2FAA5-FEC4-42AA-9ABA-1F763919A2B5}" = Samsung Update Plus
"{DDF38EE7-3A53-4B4C-8924-CFFDF906091A}" = EasyFileShare
"{DF9A6075-9308-4572-8932-A4316243C4D9}" = Brother P-touch Editor 5.0
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{EF367AA4-070B-493C-9575-85BE59D789C9}" = Easy SpeedUp Manager
"{EFCEF949-9821-4759-A573-3EB8C857DF46}" = Windows Live Family Safety
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F687E657-F636-44DF-8125-9FEEA2C362F5}" = Samsung Support Center
"{FA4C2D53-205F-4245-9717-F3761154824D}" = Safari
"504244733D18C8F63FF584AEB290E3904E791693" = Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Broadcom 802.11 Network Adapter" = Broadcom 802.11 Network Adapter
"CCleaner" = CCleaner
"DreamBoxEdit" = dreamboxEDIT -- The one and only settings editor for your Dreambox
"Elantech" = ETDWare PS/2-x86 7.0.7.0_WHQL
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{DF9A6075-9308-4572-8932-A4316243C4D9}" = Brother P-touch Editor 5.0
"Marvell Miniport Driver" = Marvell Miniport Driver
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 17.0.1 (x86 de)" = Mozilla Firefox 17.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NAV" = Norton AntiVirus
"Nokia Ovi Suite" = Nokia Ovi Suite
"NST" = Norton Identity Safe
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"SLABCOMM&10C4&EA60" = Silicon Laboratories CP210x USB to UART Bridge (Driver Removal)
"SolarApp" = Logitech Solar App 1.0
"sp6" = Logitech SetPoint 6.20
"Sunrise T@KE AWAY ALCATEL_is1" = Sunrise T@KE AWAY
"TeamViewer 8" = TeamViewer 8
"WinLiveSuite_Wave3" = Windows Live Essentials

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 12/2/2012 2:11:29 PM | Computer Name = Tonis-Netbook | Source = Bonjour Service | ID = 100
Description = ERROR: handle_resolve_request bad interfaceIndex 18

Error - 12/2/2012 2:11:29 PM | Computer Name = Tonis-Netbook | Source = Bonjour Service | ID = 100
Description = ERROR: handle_resolve_request bad interfaceIndex 19

Error - 12/2/2012 2:11:30 PM | Computer Name = Tonis-Netbook | Source = Bonjour Service | ID = 100
Description = ERROR: handle_resolve_request bad interfaceIndex 20

Error - 12/2/2012 2:11:32 PM | Computer Name = Tonis-Netbook | Source = Bonjour Service | ID = 100
Description = ERROR: handle_resolve_request bad interfaceIndex 21

Error - 12/2/2012 2:11:32 PM | Computer Name = Tonis-Netbook | Source = Bonjour Service | ID = 100
Description = ERROR: handle_resolve_request bad interfaceIndex 22

Error - 12/2/2012 2:11:32 PM | Computer Name = Tonis-Netbook | Source = Bonjour Service | ID = 100
Description = ERROR: handle_resolve_request bad interfaceIndex 23

Error - 12/2/2012 2:11:32 PM | Computer Name = Tonis-Netbook | Source = Bonjour Service | ID = 100
Description = ERROR: handle_resolve_request bad interfaceIndex 24

Error - 12/2/2012 3:17:05 PM | Computer Name = Tonis-Netbook | Source = Bonjour Service | ID = 100
Description = ERROR: handle_resolve_request bad interfaceIndex 1

Error - 12/2/2012 3:17:05 PM | Computer Name = Tonis-Netbook | Source = Bonjour Service | ID = 100
Description = ERROR: handle_resolve_request bad interfaceIndex 2

Error - 12/2/2012 3:17:05 PM | Computer Name = Tonis-Netbook | Source = Bonjour Service | ID = 100
Description = ERROR: handle_resolve_request bad interfaceIndex 3

[ System Events ]
Error - 12/25/2012 6:15:44 AM | Computer Name = Tonis-Netbook | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
Fehler 0x800706ba fehlgeschlagen: Sicherheitsupdate für Windows 7 (KB2758857)

Error - 12/25/2012 6:15:44 AM | Computer Name = Tonis-Netbook | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
Fehler 0x800706ba fehlgeschlagen: Sicherheitsupdate für Windows 7 (KB2753842)

Error - 12/25/2012 6:15:44 AM | Computer Name = Tonis-Netbook | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
Fehler 0x800706ba fehlgeschlagen: Sicherheitsupdate für Windows 7 (KB2779030)

Error - 12/25/2012 6:17:15 AM | Computer Name = Tonis-Netbook | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom

Error - 12/25/2012 6:18:15 AM | Computer Name = Tonis-Netbook | Source = DCOM | ID = 10016
Description =

Error - 12/25/2012 6:23:35 AM | Computer Name = Tonis-Netbook | Source = Service Control Manager | ID = 7043
Description = Der Dienst Windows Update konnte nach dem Empfang eines Preshutdown-Steuerelements
nicht richtig heruntergefahren werden.

Error - 12/25/2012 6:24:53 AM | Computer Name = Tonis-Netbook | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom

Error - 12/25/2012 6:25:51 AM | Computer Name = Tonis-Netbook | Source = DCOM | ID = 10016
Description =

Error - 12/25/2012 6:44:32 AM | Computer Name = Tonis-Netbook | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom

Error - 12/25/2012 6:45:31 AM | Computer Name = Tonis-Netbook | Source = DCOM | ID = 10016
Description =


< End of report >

Besten Dank im Voraus.

Gruss Sbidi

Alt 26.12.2012, 11:31   #2
M-K-D-B
/// TB-Ausbilder
 
vlc player änderte browser startseite zu startfenster.com - Standard

vlc player änderte browser startseite zu startfenster.com



Servus,




Schritt 1
Ich sehe, dass du sog. Registry Cleaner auf dem System hast.
In deinem Fall CCleaner.

Wir empfehlen auf keinen Fall jegliche Art von Registry Cleaner.

Der Grund ist ganz einfach:

Die Registry ist das Hirn des Systems. Funktioniert das Hirn nicht, funktioniert der Rest nicht mehr wirklich.
Wir lesen oft genug von Hilfesuchenden, dass deren System nach der Nutzung von Registry Cleanern nicht mehr booted.
  • Wie soll der Cleaner zu 100% wissen ob der Eintrag benötigt wird oder nicht ?
  • Es ist vollkommen egal ob ein paar verwaiste Registry Einträge am System sind oder nicht.
  • Auch die dauernd angepriesene Beschleunigung des Systems ist nur bedingt wahr. Du würdest es nicht merken.
Ein sogenanntes False Positive von einem Cleaner kann auch dein System unbootbar machen.
Zerstörst Du die Registry, zerstörst Du Windows.

Ich empfehle dir hiermit die oben genannte Software zu deinstallieren und in Zukunft auf solche Art von Software zu verzichten.
Am Ende empfehle ich dir ein anderes Tool, mit dem du deine temporären Dateien entfernen kannst.





Schritt 2
Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).






Schritt 3
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop.
  • Starte das Tool mit Doppelklick. Vista und 7 Nutzer bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Das Tool wird sich öffnen und mit dem Scan beginnen.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.





Schritt 4
Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.







Bitte poste mit deiner nächsten Antwort
  • die Logdatei von AdwCleaner,
  • die Logdatei von JRT,
  • die Logdatei von ComboFix.
__________________

__________________

Alt 28.12.2012, 21:14   #3
Sbidi
 
vlc player änderte browser startseite zu startfenster.com - Standard

vlc player änderte browser startseite zu startfenster.com



Guten Tag

Ich habe die Schritte 1-4 ausgeführt und im Anhang habe ich die drei Logdateien.

Besten Dank.

Freundliche Grüsse

Sbidi
__________________
Angehängte Dateien
Dateityp: txt AdwCleaner[S1].txt (13,1 KB, 175x aufgerufen)
Dateityp: txt ComboFix.txt (18,9 KB, 180x aufgerufen)
Dateityp: txt JRT.txt (811 Bytes, 157x aufgerufen)

Alt 29.12.2012, 09:47   #4
M-K-D-B
/// TB-Ausbilder
 
vlc player änderte browser startseite zu startfenster.com - Standard

vlc player änderte browser startseite zu startfenster.com



Servus,



Starte bitte OTL.exe.
Wähle unter
Extra Registrierung: Benutze Safe List und klicke auf den Scan Button.
Poste die OTL.txt und die Extras.txt hier in deinen Thread.

Alt 30.12.2012, 11:56   #5
Sbidi
 
vlc player änderte browser startseite zu startfenster.com - Standard

vlc player änderte browser startseite zu startfenster.com



Hallo M-K-D-B

Habe den Scan mit OTL.exe ausgeführt.

Besten Dank.

Freundliche Grüsse

Sbidi

Angehängte Dateien
Dateityp: txt OTL.Txt (75,5 KB, 181x aufgerufen)
Dateityp: txt Extras.Txt (63,4 KB, 182x aufgerufen)

Alt 30.12.2012, 12:02   #6
M-K-D-B
/// TB-Ausbilder
 
vlc player änderte browser startseite zu startfenster.com - Standard

vlc player änderte browser startseite zu startfenster.com



Servus,



Fixen mit OTL

  • Starte bitte die OTL.exe.
  • Kopiere nun den Inhalt aus der Codebox in die Textbox.

Code:
ATTFilter
:OTL
@Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:798A3728
@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:8530A643

:Commands
[emptytemp]
         
  • Solltest du deinen Benutzernamen z. B. durch "*****" unkenntlich gemacht haben, so füge an entsprechender Stelle deinen richtigen Benutzernamen ein. Andernfalls wird der Fix nicht funktionieren.
  • Schließe bitte nun alle Programme.
  • Klicke nun bitte auf den Fix Button.
  • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
  • Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
    ( Auch zu finden unter C:\_OTL\MovedFiles\<Uhrzeit_Datum>.txt)
    Kopiere nun den Inhalt hier in Deinen Thread





Gibt es noch Probleme mit einer veränderten Startseite? Wenn ja, in welchem Browser?
__________________
--> vlc player änderte browser startseite zu startfenster.com

Alt 02.01.2013, 16:58   #7
M-K-D-B
/// TB-Ausbilder
 
vlc player änderte browser startseite zu startfenster.com - Standard

vlc player änderte browser startseite zu startfenster.com



Fehlende Rückmeldung
Dieses Thema wurde aus den Abos gelöscht. Somit bekomme ich keine Benachrichtigung über neue Antworten.
PM an mich falls Du denoch weiter machen willst.

Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner schon sauber ist.

Jeder andere bitte hier klicken und einen eigenen Thread erstellen!

Antwort

Themen zu vlc player änderte browser startseite zu startfenster.com
4d36e972-e325-11ce-bfc1-08002be10318, adobe, alcatel, antivirus, autorun, bho, bonjour, browser, defender, enigma, error, excel, explorer, firefox, format, install.exe, installation, mozilla, realtek, registry, remote control, rundll, scan, software, svchost.exe, symantec, temp, trojaner, udp, windows



Ähnliche Themen: vlc player änderte browser startseite zu startfenster.com


  1. Nach VLC Player Instalation, habe ich startseite.de und SM.de
    Log-Analyse und Auswertung - 02.03.2015 (9)
  2. startfenster.de durch vlc Player heruntergeladen
    Log-Analyse und Auswertung - 01.03.2015 (13)
  3. Beim Herunterladen vom VLC Player "Startfenster" eingefangen
    Log-Analyse und Auswertung - 12.01.2015 (15)
  4. startfenster.de durch vlc Player heruntergeladen- Wie werde ich es wieder los?
    Log-Analyse und Auswertung - 10.12.2014 (3)
  5. Windows 8.1: Browserstartseite wird durch Startfenster.de umgeleitet nach VLC Player download
    Log-Analyse und Auswertung - 03.01.2014 (16)
  6. startfenster.com Windows 8 vcl player download
    Plagegeister aller Art und deren Bekämpfung - 06.03.2013 (17)
  7. Startfenster.com nach vlc.player download
    Plagegeister aller Art und deren Bekämpfung - 24.01.2013 (2)
  8. Startfenster.com durch vlc player!
    Log-Analyse und Auswertung - 20.01.2013 (23)
  9. Nach VLC-Player Installation von Vlc.de Problem mit www.startfenster.com
    Log-Analyse und Auswertung - 22.10.2012 (14)
  10. startfenster.de nach vlc-player installation von vlc.de
    Log-Analyse und Auswertung - 05.10.2012 (9)
  11. Nach Download VLC-Player erscheint startfenster.com
    Log-Analyse und Auswertung - 28.09.2012 (7)
  12. startfenster.com nach VLC-Player Download
    Log-Analyse und Auswertung - 27.09.2012 (18)
  13. Startfenster.com nach VLC-Player Download
    Plagegeister aller Art und deren Bekämpfung - 27.09.2012 (29)
  14. startfenster.de Virus durch VLC Player
    Plagegeister aller Art und deren Bekämpfung - 21.09.2012 (16)
  15. "Startfenster.de Virus" bei VLC Player Installation
    Plagegeister aller Art und deren Bekämpfung - 03.09.2012 (8)
  16. Startseite in Google Chrome in startfenster.com geändert!
    Log-Analyse und Auswertung - 03.09.2012 (3)
  17. vlc player änderte browser startseite zu startfenster.com
    Plagegeister aller Art und deren Bekämpfung - 29.08.2012 (15)

Zum Thema vlc player änderte browser startseite zu startfenster.com - Hallo zusammen, hatte Probleme beim Updaten vom VLC Player. Danach habe ich ihn deinstalliert und mir die Version 2.0.4 heruntergeladen und installiert, leider von www.vlc.de/. Nun habe ich keine Ahnung - vlc player änderte browser startseite zu startfenster.com...
Archiv
Du betrachtest: vlc player änderte browser startseite zu startfenster.com auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.