Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Nach google Suche und Auswahl eines Suchergebnisses, Weiterleitung an nicht ausgewählte Internetseite

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 04.01.2013, 07:11   #1
RMSpanier
 
Nach google Suche und Auswahl eines Suchergebnisses, Weiterleitung an nicht ausgewählte Internetseite - Standard

Nach google Suche und Auswahl eines Suchergebnisses, Weiterleitung an nicht ausgewählte Internetseite



Hallo,
bin neu im Forum, daher bitte um Verständnis, falls ich mich unklar ausdrücke.
Habe seit gestern das Problem, dass ich beim anklicken eines Suchergebnisses in Google an irgendwelche Internetseiten weitergeleitet werde.
Der Aufbau der Seite dauert länger als üblich, man sieht, dass es erst über eine IP Adresse geht und dann an unterschiedliche Internetseiten.
Ich habe mit Antivir Premium alles gescannt, jedoch keinen Fehler gefunden.
Habe mich im Forum hier schlau gemacht und nach den Regeln des Forums folgende Infos gescannt:OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 04.01.2013 07:43:55 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\RMSpanier\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,98 Gb Total Physical Memory | 6,25 Gb Available Physical Memory | 78,28% Memory free
15,96 Gb Paging File | 13,93 Gb Available in Paging File | 87,26% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 100,56 Gb Total Space | 34,94 Gb Free Space | 34,74% Space Free | Partition Type: NTFS
Drive D: | 100,00 Mb Total Space | 76,24 Mb Free Space | 76,24% Space Free | Partition Type: NTFS
Drive E: | 372,60 Gb Total Space | 370,89 Gb Free Space | 99,54% Space Free | Partition Type: NTFS
Drive F: | 540,23 Gb Total Space | 70,23 Gb Free Space | 13,00% Space Free | Partition Type: NTFS
 
Computer Name: ARBEITSZIMMER | User Name: RMSpanier | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.01.04 07:43:31 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\RMSpanier\Downloads\OTL.exe
PRC - [2012.12.05 02:15:17 | 001,242,728 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2012.10.02 12:13:44 | 003,064,000 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2012.07.30 13:10:49 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.07.27 12:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.07.12 17:11:40 | 000,892,928 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe
PRC - [2012.06.28 17:31:12 | 000,692,432 | ---- | M] (Star Finanz - Software Entwicklung und Vertriebs GmbH) -- C:\Program Files (x86)\StarMoney 8.0\ouservice\StarMoneyOnlineUpdate.exe
PRC - [2012.05.14 14:47:36 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
PRC - [2012.05.14 14:47:36 | 000,375,760 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe
PRC - [2012.05.14 14:47:36 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.05.14 14:47:36 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2012.01.18 05:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
PRC - [2011.11.25 15:32:36 | 000,687,400 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\Update\NASvc.exe
PRC - [2011.09.01 01:22:18 | 000,169,624 | ---- | M] (Adobe Systems Incorporated) -- E:\Elements 10 Organizer\PhotoshopElementsFileAgent.exe
PRC - [2011.08.23 20:42:08 | 000,013,592 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2011.08.23 20:42:04 | 000,284,440 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2011.06.17 18:33:04 | 000,272,528 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee Security Scan\3.0.207\SSScheduler.exe
PRC - [2011.06.16 16:00:28 | 000,315,256 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
PRC - [2011.06.13 09:36:54 | 000,922,240 | ---- | M] () -- C:\Program Files (x86)\ASUS\AXSP\1.00.14\atkexComSvc.exe
PRC - [2011.05.25 05:54:46 | 001,426,048 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe
PRC - [2011.04.28 16:05:00 | 001,406,248 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe
PRC - [2011.02.01 22:20:48 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2011.02.01 22:20:46 | 000,326,168 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2011.01.12 01:21:14 | 001,214,080 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AI Suite II\EPU\EPUHelp.exe
PRC - [2010.12.23 10:41:36 | 003,304,768 | ---- | M] (devolo AG) -- C:\Program Files (x86)\devolo\dlan\devolonetsvc.exe
PRC - [2010.12.02 03:15:14 | 000,915,584 | ---- | M] () -- C:\Program Files (x86)\ASUS\AAHM\1.00.14\aaHMSvc.exe
PRC - [2010.11.27 06:50:04 | 002,931,328 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe
PRC - [2010.11.09 00:09:00 | 000,465,536 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe
PRC - [2010.10.21 10:52:26 | 000,586,880 | ---- | M] () -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe
PRC - [2010.09.25 06:29:32 | 001,115,776 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe
PRC - [2009.12.23 22:59:42 | 000,232,064 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AI Manager\AsShellApplication.exe
PRC - [2009.12.23 22:59:22 | 000,203,392 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Windows\SysWOW64\AsHookDevice.exe
PRC - [2009.07.20 03:00:00 | 000,077,824 | ---- | M] () -- C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
PRC - [2009.01.08 15:10:00 | 000,187,456 | ---- | M] (DATA BECKER GmbH & Co KG) -- C:\Program Files (x86)\Common Files\DATA BECKER Shared\DBService.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.12.05 02:15:15 | 000,460,904 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\ppGoogleNaClPluginChrome.dll
MOD - [2012.12.05 02:15:14 | 004,008,040 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\pdf.dll
MOD - [2012.12.05 02:14:29 | 000,587,880 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\libglesv2.dll
MOD - [2012.12.05 02:14:28 | 000,124,520 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\libegl.dll
MOD - [2012.12.05 02:14:21 | 000,157,304 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\avutil-51.dll
MOD - [2012.12.05 02:14:20 | 000,275,576 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\avformat-54.dll
MOD - [2012.12.05 02:14:19 | 002,168,952 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\avcodec-54.dll
MOD - [2012.11.15 03:27:32 | 000,492,032 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\a7af6a2b1a809662ad31c6bca114d88b\IAStorUtil.ni.dll
MOD - [2012.11.15 03:27:32 | 000,014,336 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\901d686db31834a2b3612d5060e24348\IAStorCommon.ni.dll
MOD - [2012.11.15 03:24:58 | 000,771,584 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\413288993ff690e8251d2dbe32bee01f\System.Runtime.Remoting.ni.dll
MOD - [2012.11.15 03:24:42 | 012,436,480 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d040079bc7148afeca03c5abb6fc3c61\System.Windows.Forms.ni.dll
MOD - [2012.11.15 03:24:38 | 001,591,808 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\4e80768a2d88c7a333e43cbb7a6c0705\System.Drawing.ni.dll
MOD - [2012.11.15 03:24:30 | 003,347,968 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\b311b783e1efaa9527f4c2c9680c44d1\WindowsBase.ni.dll
MOD - [2012.11.15 03:24:27 | 005,452,800 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\25e672ea505e50ab058258ac72a54f02\System.Xml.ni.dll
MOD - [2012.11.15 03:24:25 | 000,971,264 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c64ca3678261c8ffcd9e7efd1af6ed54\System.Configuration.ni.dll
MOD - [2012.11.15 03:24:24 | 007,988,736 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System\9dd758ac0bf7358ac6e4720610fcc63c\System.ni.dll
MOD - [2012.11.15 03:24:21 | 011,493,376 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\187d7c66735c533de851c76384f86912\mscorlib.ni.dll
MOD - [2012.07.12 17:12:16 | 000,880,640 | ---- | M] () -- C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\fsk.dll
MOD - [2012.07.12 17:11:40 | 000,143,360 | ---- | M] () -- C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\readerAppHelper.dll
MOD - [2012.07.12 17:11:06 | 000,172,032 | ---- | M] () -- C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\USBDetector.dll
MOD - [2012.07.12 17:10:48 | 000,018,432 | ---- | M] () -- C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskNetInterface.dll
MOD - [2012.07.12 17:10:46 | 000,009,728 | ---- | M] () -- C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskPower.dll
MOD - [2012.07.12 17:10:44 | 000,020,480 | ---- | M] () -- C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskinLocalize.dll
MOD - [2012.07.12 17:10:44 | 000,008,704 | ---- | M] () -- C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskTimeHardware.dll
MOD - [2012.07.12 17:10:42 | 000,028,160 | ---- | M] () -- C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ticket.dll
MOD - [2012.07.12 17:10:42 | 000,012,288 | ---- | M] () -- C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ebookDeviceNotifier.dll
MOD - [2012.07.12 17:09:54 | 000,118,784 | ---- | M] () -- C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskDocumentViewer.dll
MOD - [2012.07.12 17:09:52 | 000,010,752 | ---- | M] () -- C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskMobileMediaDevice.dll
MOD - [2012.07.12 17:09:50 | 000,233,472 | ---- | M] () -- C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\Fskin.dll
MOD - [2012.07.12 17:09:34 | 000,033,792 | ---- | M] () -- C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskMediaPlayers.dll
MOD - [2012.05.23 13:50:18 | 000,798,720 | ---- | M] () -- C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskSecurity.dll
MOD - [2012.05.23 13:09:32 | 000,086,016 | ---- | M] () -- C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ebookUsb.dll
MOD - [2011.12.06 00:27:37 | 000,315,392 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2011.05.20 18:12:18 | 000,881,152 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\Sensor\Sensor.dll
MOD - [2011.05.17 02:35:56 | 000,965,632 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\BarGadget\BarGadget.dll
MOD - [2011.05.11 23:01:40 | 001,264,640 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\MyLogo\MyLogo.dll
MOD - [2011.05.07 01:53:38 | 001,036,800 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\ASUS Update\Update.dll
MOD - [2011.04.08 02:33:18 | 001,607,168 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\Sensor Graph\SensorGraph.dll
MOD - [2011.02.24 19:19:36 | 000,143,360 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\AssistFunc.dll
MOD - [2011.02.09 18:02:28 | 000,873,472 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\AI Charger+\AIChargerPlus.dll
MOD - [2011.01.08 01:39:36 | 001,246,208 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\Settings\Settings.dll
MOD - [2011.01.06 19:38:48 | 001,027,072 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\Probe_II\ProbeII.dll
MOD - [2010.08.23 03:17:40 | 000,662,016 | ---- | M] () -- C:\Program Files (x86)\ASUS\AAHM\1.00.14\aaHMLib.dll
MOD - [2010.08.07 03:13:48 | 000,886,272 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\TabGadget\TabGadget.dll
MOD - [2010.08.07 03:11:20 | 000,850,944 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\Splitter\Splitter.dll
MOD - [2010.06.22 00:21:22 | 000,208,896 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\ImageHelper.dll
MOD - [2010.06.22 00:21:22 | 000,208,896 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\ImageHelper.dll
MOD - [2009.08.13 05:15:52 | 000,253,952 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\pngio.dll
MOD - [2009.07.20 03:00:00 | 000,077,824 | ---- | M] () -- C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
MOD - [2009.06.10 22:41:46 | 000,032,768 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2012.11.29 16:06:08 | 000,037,216 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysNative\uxtuneup.dll -- (UxTuneUp)
SRV:64bit: - [2011.03.11 07:50:42 | 000,203,776 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009.07.20 11:36:14 | 000,160,784 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV:64bit: - [2009.07.14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2012.12.12 17:52:33 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.11.29 16:06:12 | 002,401,632 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc)
SRV - [2012.11.29 16:06:08 | 000,029,536 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysWOW64\uxtuneup.dll -- (UxTuneUp)
SRV - [2012.11.09 11:21:24 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.10.02 12:13:44 | 003,064,000 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2012.07.27 12:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.06.28 17:31:12 | 000,692,432 | ---- | M] (Star Finanz - Software Entwicklung und Vertriebs GmbH) [Auto | Running] -- C:\Program Files (x86)\StarMoney 8.0\ouservice\StarMoneyOnlineUpdate.exe -- (StarMoney 8.0 OnlineUpdate)
SRV - [2012.05.23 13:52:58 | 000,073,728 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe -- (Sony SCSI Helper Service)
SRV - [2012.05.14 14:47:36 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService)
SRV - [2012.05.14 14:47:36 | 000,375,760 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe -- (AntiVirMailService)
SRV - [2012.05.14 14:47:36 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.05.14 14:47:36 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.01.18 05:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)
SRV - [2011.11.25 15:32:36 | 000,687,400 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2011.09.01 01:22:18 | 000,169,624 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- E:\Elements 10 Organizer\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor10.0)
SRV - [2011.08.23 20:42:08 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2011.06.17 18:33:04 | 000,237,008 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\3.0.207\McCHSvc.exe -- (McComponentHostService)
SRV - [2011.06.13 09:36:54 | 000,922,240 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\ASUS\AXSP\1.00.14\atkexComSvc.exe -- (asComSvc)
SRV - [2011.02.01 22:20:48 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2011.02.01 22:20:46 | 000,326,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010.12.23 10:41:36 | 003,304,768 | ---- | M] (devolo AG) [Auto | Running] -- C:\Program Files (x86)\devolo\dlan\devolonetsvc.exe -- (DevoloNetworkService)
SRV - [2010.12.02 03:15:14 | 000,915,584 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\ASUS\AAHM\1.00.14\aaHMSvc.exe -- (asHmComSvc)
SRV - [2010.10.21 10:52:26 | 000,586,880 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe -- (AsSysCtrlService)
SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.12.23 22:59:22 | 000,203,392 | ---- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Windows\SysWOW64\AsHookDevice.exe -- (Device Handle Service)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.01.08 15:10:00 | 000,187,456 | ---- | M] (DATA BECKER GmbH & Co KG) [Auto | Running] -- C:\Program Files (x86)\Common Files\DATA BECKER Shared\DBService.exe -- (DBService)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.08.21 12:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012.07.28 01:15:28 | 000,057,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2012.07.09 12:42:54 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012.05.14 14:47:36 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012.05.14 14:47:36 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012.04.29 16:51:22 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.01.18 05:44:36 | 004,865,568 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64)
DRV:64bit: - [2012.01.18 05:44:28 | 000,351,136 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)
DRV:64bit: - [2011.12.06 00:36:28 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.12.06 00:36:28 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.09.14 10:05:34 | 000,394,216 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmtxhci.sys -- (asmtxhci)
DRV:64bit: - [2011.09.14 10:05:34 | 000,129,000 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmthub3.sys -- (asmthub3)
DRV:64bit: - [2011.08.23 14:32:02 | 000,558,360 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011.05.23 11:17:06 | 012,259,712 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011.04.21 19:17:04 | 000,471,144 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011.04.19 04:32:50 | 001,488,448 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x)
DRV:64bit: - [2011.03.30 07:46:44 | 000,114,704 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2011.03.23 08:41:28 | 000,036,448 | ---- | M] (Asmedia Technology) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\asahci64.sys -- (asahci64)
DRV:64bit: - [2011.03.11 08:33:50 | 009,319,424 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011.03.11 07:15:20 | 000,303,616 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010.12.10 06:50:36 | 000,181,248 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2010.12.10 06:50:36 | 000,080,384 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2010.11.21 04:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.21 04:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010.11.08 23:57:58 | 000,014,464 | ---- | M] (ASUSTek Computer Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AiChargerPlus.sys -- (AiChargerPlus)
DRV:64bit: - [2010.10.20 01:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010.10.14 18:28:16 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2010.07.02 11:01:38 | 000,293,416 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mv91xx.sys -- (mv91xx)
DRV:64bit: - [2010.03.19 02:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2010.02.24 11:20:40 | 000,191,616 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\acedrv11.sys -- (acedrv11)
DRV:64bit: - [2010.01.14 13:27:46 | 000,032,544 | ---- | M] (Realtek                                            ) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\RtNdPt60.sys -- (RtNdPt60)
DRV:64bit: - [2010.01.14 13:27:30 | 000,048,416 | ---- | M] (Realtek Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtTeam60.sys -- (TEAM)
DRV:64bit: - [2010.01.14 13:27:30 | 000,048,416 | ---- | M] (Realtek Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtTeam60.sys -- (RTTEAMPT)
DRV:64bit: - [2010.01.14 13:27:18 | 000,029,472 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtVlan60.sys -- (VLAN)
DRV:64bit: - [2010.01.14 13:27:18 | 000,029,472 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtVlan60.sys -- (RTVLANPT)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 01:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009.07.14 01:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009.06.17 17:54:30 | 000,057,872 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2009.06.17 17:54:22 | 000,055,312 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2009.06.17 17:54:14 | 000,013,328 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidEqd.sys -- (LHidEqd)
DRV:64bit: - [2009.06.17 17:54:06 | 000,074,256 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LEqdUsb.sys -- (LEqdUsb)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2007.05.14 16:06:18 | 000,027,520 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV - [2012.08.28 14:22:34 | 000,011,880 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys -- (TuneUpUtilitiesDrv)
DRV - [2010.06.10 11:32:14 | 000,034,048 | ---- | M] (CACE Technologies) [Kernel | Auto | Running] -- C:\Windows\SysWOW64\drivers\npf_devolo.sys -- (NPF_devolo)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2008.01.04 22:34:48 | 000,011,832 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysWOW64\drivers\AsInsHelp64.sys -- (ASInsHelp)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.chatzum.com/
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.chatzum.com/?q={searchTerms}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\..\URLSearchHook: {213c8ed6-1d78-4d8f-8729-25006aa86a76} - No CLSID value found
IE - HKCU\..\URLSearchHook: {adca5064-9e30-43fe-9856-58b07a3149fe} - No CLSID value found
IE - HKCU\..\URLSearchHook: {ebd898f8-fcf6-4694-bc3b-eabc7271eeb1} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {96bd48dd-741b-41ae-ac4a-aff96ba00f7e}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.chatzum.com/?q={searchTerms}
IE - HKCU\..\SearchScopes\{57D278C4-2CCD-45D8-ACF0-3BEBF36FA132}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=&apn_dtid=OSJ000&apn_uid=20A2A3BB-56DD-4FAF-A27D-1A1856C6C0A9&apn_sauid=FFCC82E2-6AD2-4E41-945F-B70EDD6EB208
IE - HKCU\..\SearchScopes\{96bd48dd-741b-41ae-ac4a-aff96ba00f7e}: "URL" = hxxp://search.chatzum.com/?q={SearchTerms}
IE - HKCU\..\SearchScopes\{DB0ED2EF-88F0-40AE-B338-3CC910137C19}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3242337
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_5_502_135.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: E:\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Nero.com/KM: C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)
FF - HKLM\Software\MozillaPlugins\@rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5: C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll (RocketLife, LLP)
FF - HKLM\Software\MozillaPlugins\@sony.com/ReaderDesktop: C:\Program Files (x86)\Sony\ReaderDesktop\npreaderdetectmoz.dll (Sony Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@protectdisc.com/NPPDLicenseHelper: C:\Users\RMSpanier\AppData\Roaming\ProtectDisc\License Helper v2\NPPDLicenseHelper.dll ( )
 
 
 
========== Chrome  ==========
 
CHR - homepage: hxxp://www.google.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR - homepage: hxxp://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Nero Kwik Media Helper (Enabled) = C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
CHR - plugin: Reader Application Detector (Enabled) = C:\Program Files (x86)\Sony\ReaderDesktop\npreaderdetectmoz.dll
CHR - plugin: Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: RocketLife Secure Plug-In Layer (Enabled) = C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll
CHR - plugin: Protect Disc License Acquisition Plugin (Enabled) = C:\Users\RMSpanier\AppData\Roaming\ProtectDisc\License Helper v2\NPPDLicenseHelper.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll
CHR - plugin: Java Deployment Toolkit 7.0.70.11 (Enabled) = C:\windows\SysWOW64\npDeployJava1.dll
CHR - plugin: Java(TM) Platform SE 7 U7 (Enabled) = E:\bin\plugin2\npjp2.dll
CHR - Extension: Google Drive = C:\Users\RMSpanier\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\RMSpanier\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google-Suche = C:\Users\RMSpanier\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Google Mail = C:\Users\RMSpanier\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - E:\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {213C8ED6-1D78-4D8F-8729-25006AA86A76} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {ADCA5064-9E30-43FE-9856-58B07A3149FE} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EBD898F8-FCF6-4694-BC3B-EABC7271EEB1} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - No CLSID value found.
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\windows\KHALMNPR.Exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [Logitech Download Assistant] C:\windows\SysNative\LogiLDA.dll (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ASUS AiChargerPlus Execute] C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [ASUSWebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.104.216\AsusWSPanel.exe (ecareme)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [NBAgent] C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe (Nero AG)
O4 - HKLM..\Run: [Reader Application Helper] C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe (Sony Corporation)
O4 - HKLM..\Run: [RunAIShell] C:\Program Files (x86)\ASUS\AI Manager\AsShellApplication.exe (ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [NWZA] rundll32 ",Teul File not found
O4 - HKCU..\RunOnce: [Uninstall C:\Users\RMSpanier\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64] C:\windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\RMSpanier\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64" File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000015 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F6924DAA-24EA-426A-A941-772F6C63D57A}: DhcpNameServer = 192.168.2.1 192.168.2.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005.04.12 14:00:29 | 000,000,386 | ---- | M] () - E:\Auto.Nam -- [ NTFS ]
O33 - MountPoints2\J\Shell - "" = AutoRun
O33 - MountPoints2\J\Shell\AutoRun\command - "" = C:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL J:\index.htm
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.01.04 07:33:49 | 000,000,000 | ---D | C] -- C:\windows\temp
[2013.01.02 09:00:43 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1986-12.com.adobe
[2012.12.27 12:27:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012.12.27 12:27:06 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012.12.27 12:27:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2012.12.27 12:27:06 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012.12.27 12:27:06 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2012.12.25 16:48:13 | 000,000,000 | ---D | C] -- C:\windows\de
[2012.12.25 16:48:01 | 000,000,000 | ---D | C] -- C:\windows\en
[2012.12.25 16:48:00 | 000,000,000 | ---D | C] -- C:\windows\es
[2012.12.25 16:47:58 | 000,000,000 | ---D | C] -- C:\windows\fr
[2012.12.25 16:47:57 | 000,000,000 | ---D | C] -- C:\windows\nl
[2012.12.10 22:21:56 | 000,000,000 | R--D | C] -- C:\Users\RMSpanier\Documents\Scanned Documents
[2012.12.10 22:21:56 | 000,000,000 | ---D | C] -- C:\Users\RMSpanier\Documents\Fax
[2012.12.09 18:47:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012.12.09 18:47:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2012.12.08 19:26:07 | 000,000,000 | ---D | C] -- C:\Users\RMSpanier\AppData\Roaming\SaalDesignSoftware
 
========== Files - Modified Within 30 Days ==========
 
[2013.01.04 07:42:15 | 000,000,000 | ---- | M] () -- C:\Users\RMSpanier\defogger_reenable
[2013.01.04 07:41:02 | 000,016,752 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.01.04 07:41:02 | 000,016,752 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.01.04 07:40:29 | 001,529,266 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2013.01.04 07:40:29 | 000,665,340 | ---- | M] () -- C:\windows\SysNative\perfh007.dat
[2013.01.04 07:40:29 | 000,627,222 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2013.01.04 07:40:29 | 000,133,552 | ---- | M] () -- C:\windows\SysNative\perfc007.dat
[2013.01.04 07:40:29 | 000,109,942 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2013.01.04 07:33:55 | 000,001,112 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.01.04 07:33:49 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2013.01.04 07:33:47 | 2133,557,247 | -HS- | M] () -- C:\hiberfil.sys
[2013.01.03 21:52:00 | 000,000,884 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2013.01.03 21:24:00 | 000,001,116 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.01.03 21:19:00 | 000,000,346 | ---- | M] () -- C:\windows\tasks\HP Photo Creations Communicator.job
[2012.12.27 12:27:13 | 000,001,787 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012.12.26 18:40:38 | 000,000,000 | ---- | M] () -- C:\windows\SysNative\drivers\lvuvc.hs
[2012.12.22 03:16:06 | 000,423,176 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2012.12.21 10:44:54 | 000,002,113 | ---- | M] () -- C:\Users\Public\Desktop\Nero Kwik Media.lnk
[2012.12.20 08:09:28 | 000,003,133 | ---- | M] () -- C:\Users\Public\Desktop\Nero BackItUp 10.lnk
[2012.12.20 08:09:06 | 000,002,987 | ---- | M] () -- C:\Users\Public\Desktop\Nero Vision 10.lnk
[2012.12.20 08:08:50 | 000,002,923 | ---- | M] () -- C:\Users\Public\Desktop\Nero StartSmart 10.lnk
[2012.12.20 08:08:09 | 000,002,843 | ---- | M] () -- C:\Users\Public\Desktop\Nero Burning ROM 10.lnk
[2012.12.20 08:07:57 | 000,002,274 | ---- | M] () -- C:\Users\Public\Desktop\Nero Blu-ray Player.lnk
[2012.12.13 20:27:12 | 000,002,378 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012.12.09 18:47:38 | 000,002,517 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
 
========== Files Created - No Company Name ==========
 
[2013.01.04 07:42:15 | 000,000,000 | ---- | C] () -- C:\Users\RMSpanier\defogger_reenable
[2012.12.27 12:27:13 | 000,001,787 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012.12.25 16:47:56 | 000,001,309 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk
[2012.12.21 10:44:54 | 000,002,113 | ---- | C] () -- C:\Users\Public\Desktop\Nero Kwik Media.lnk
[2012.12.20 08:07:57 | 000,002,274 | ---- | C] () -- C:\Users\Public\Desktop\Nero Blu-ray Player.lnk
[2012.12.08 19:26:06 | 000,000,580 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SaalDesignSoftware.lnk
[2012.09.15 14:15:11 | 000,000,034 | ---- | C] () -- C:\windows\cdplayer.ini
[2012.07.01 20:23:11 | 000,003,584 | ---- | C] () -- C:\Users\RMSpanier\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.05.04 23:46:18 | 000,003,273 | ---- | C] () -- C:\windows\scenelib24.ini
[2012.04.25 08:15:43 | 000,000,000 | ---- | C] () -- C:\windows\ativpsrm.bin
[2012.01.18 05:44:00 | 010,920,984 | ---- | C] () -- C:\windows\SysWow64\LogiDPP.dll
[2012.01.18 05:44:00 | 000,336,408 | ---- | C] () -- C:\windows\SysWow64\DevManagerCore.dll
[2012.01.18 05:44:00 | 000,104,472 | ---- | C] () -- C:\windows\SysWow64\LogiDPPApp.exe
[2011.12.06 01:04:42 | 000,014,464 | ---- | C] () -- C:\windows\SysWow64\drivers\AsUpIO.sys
[2011.12.06 01:03:51 | 000,013,440 | ---- | C] () -- C:\windows\SysWow64\drivers\AsIO.sys
[2011.12.06 01:03:46 | 000,221,184 | ---- | C] () -- C:\windows\SysWow64\drivers\ServiceHelp.dll
[2011.12.06 01:03:46 | 000,011,832 | ---- | C] () -- C:\windows\SysWow64\drivers\AsInsHelp64.sys
[2011.12.06 01:03:46 | 000,010,216 | ---- | C] () -- C:\windows\SysWow64\drivers\AsInsHelp32.sys
[2011.12.06 00:52:24 | 000,014,223 | ---- | C] () -- C:\windows\Ascd_log.ini
[2011.12.06 00:52:18 | 000,001,769 | ---- | C] () -- C:\windows\Language_trs.ini
[2011.12.06 00:52:17 | 000,010,296 | ---- | C] () -- C:\windows\SysWow64\drivers\ASUSHWIO.SYS
[2011.12.06 00:52:17 | 000,008,437 | ---- | C] () -- C:\windows\Ascd_tmp.ini
[2011.12.06 00:23:37 | 000,963,116 | ---- | C] () -- C:\windows\SysWow64\igkrng600.bin
[2011.12.06 00:23:36 | 000,216,876 | ---- | C] () -- C:\windows\SysWow64\igfcg600m.bin
[2011.12.06 00:23:35 | 000,145,804 | ---- | C] () -- C:\windows\SysWow64\igcompkrng600.bin
[2011.11.22 21:54:30 | 000,003,949 | ---- | C] () -- C:\windows\SysWow64\atipblag.dat
[2011.03.09 21:59:14 | 000,059,904 | ---- | C] () -- C:\windows\SysWow64\OVDecode.dll
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012.04.24 22:24:11 | 000,000,000 | ---D | M] -- C:\Users\RMSpanier\AppData\Roaming\ASUS WebStorage
[2012.10.03 07:12:00 | 000,000,000 | ---D | M] -- C:\Users\RMSpanier\AppData\Roaming\DVDVideoSoft
[2012.05.05 14:22:20 | 000,000,000 | ---D | M] -- C:\Users\RMSpanier\AppData\Roaming\Leadertech
[2012.06.22 16:24:32 | 000,000,000 | ---D | M] -- C:\Users\RMSpanier\AppData\Roaming\ProtectDisc
[2012.12.08 19:26:07 | 000,000,000 | ---D | M] -- C:\Users\RMSpanier\AppData\Roaming\SaalDesignSoftware
[2012.09.18 03:22:03 | 000,000,000 | ---D | M] -- C:\Users\RMSpanier\AppData\Roaming\TuneUp Software
[2012.06.23 17:19:24 | 000,000,000 | ---D | M] -- C:\Users\RMSpanier\AppData\Roaming\Visan
[2012.11.04 17:49:34 | 000,000,000 | ---D | M] -- C:\Users\RMSpanier\AppData\Roaming\WinTrack
 
========== Purity Check ==========
 
 

< End of report >
         
--- --- ---
OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 04.01.2013 07:43:55 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\RMSpanier\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,98 Gb Total Physical Memory | 6,25 Gb Available Physical Memory | 78,28% Memory free
15,96 Gb Paging File | 13,93 Gb Available in Paging File | 87,26% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 100,56 Gb Total Space | 34,94 Gb Free Space | 34,74% Space Free | Partition Type: NTFS
Drive D: | 100,00 Mb Total Space | 76,24 Mb Free Space | 76,24% Space Free | Partition Type: NTFS
Drive E: | 372,60 Gb Total Space | 370,89 Gb Free Space | 99,54% Space Free | Partition Type: NTFS
Drive F: | 540,23 Gb Total Space | 70,23 Gb Free Space | 13,00% Space Free | Partition Type: NTFS
 
Computer Name: ARBEITSZIMMER | User Name: RMSpanier | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1247B09A-8B97-48B9-8F04-30030B6ABE68}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{1839F850-4FAF-4E3C-A90A-4FD06BEFEE32}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{19C1B9A3-B607-4676-939A-8D0B9516946F}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe | 
"{1DD3D4F2-52EB-4D90-80AD-116EA73707FE}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{2B69040E-0C7E-48D8-8B04-1ECBBC1162E5}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{314A1134-368D-40BB-A7A1-63EC6DB67353}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{3219DA46-0171-4E06-B483-D98F3399520D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{41207FEA-3D9C-48F5-AD54-3B57A3BD604C}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{438EE8AF-3F17-45CD-9A89-5B770975350D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{49B75245-A5DD-43CA-B9A3-70551A8FBFCA}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{5543D79A-079E-4E70-80C2-892F85AF2D21}" = rport=137 | protocol=17 | dir=out | app=system | 
"{56CA7C4B-FD50-4B18-8522-CAF00B23C4D4}" = rport=445 | protocol=6 | dir=out | app=system | 
"{5B230926-B6C2-42D9-A9FF-2239133A914D}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{62EDBEB3-E25B-401B-B3F1-231119889225}" = lport=137 | protocol=17 | dir=in | app=system | 
"{64CC71DC-4377-4560-B054-B0C02EE23680}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{6A793DD4-6ABD-4A8E-831C-AF39B88EB2C5}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{956B8147-23D9-4275-A090-01D6552496E9}" = lport=19376 | protocol=6 | dir=in | app=c:\program files (x86)\devolo\dlan\devolonetsvc.exe | 
"{A2C74BD4-A50F-4AB7-B1DE-59ACF2B5D05A}" = rport=139 | protocol=6 | dir=out | app=system | 
"{A88D7458-CEC7-4479-AA96-19359418F90A}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{B14A7B24-EEFF-40F5-B22F-D2CFF83FEF30}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{B646C40A-55F8-4EE3-8AE8-9F88AAA554E9}" = lport=139 | protocol=6 | dir=in | app=system | 
"{B76CD1E0-D9EC-43A1-BF71-76B1CCDEA15D}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{B807A593-A647-4588-BE9A-F036E7E31DA2}" = lport=445 | protocol=6 | dir=in | app=system | 
"{BA7E529B-8646-4C59-A2BF-5AEC1E390733}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{C9B014FD-7323-4921-A034-B20C2B88B675}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{CDC06B85-C9D0-4EF5-BF84-BD1CA42CEC03}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{CE0BDD86-653F-4A02-861E-901712A4B5CC}" = lport=138 | protocol=17 | dir=in | app=system | 
"{CE4B7FDC-88F2-4112-8E4C-E919931A04DE}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{D7EADEFE-60D3-470C-9B63-657F32F4CA06}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{DEE8FD0F-9E25-4E3B-B7D5-6458BE7B4762}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{E27CE50B-91CF-4D44-B35B-A7FEBEA21E90}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{E3FDFFAE-909F-4127-9FC6-BFC814040DCD}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{ECB3AF67-3703-4D9F-BD01-4EEC8CDE026F}" = rport=138 | protocol=17 | dir=out | app=system | 
"{F43926F7-C90E-4858-9F3F-48F9D99D59D7}" = lport=19375 | protocol=17 | dir=in | app=c:\program files (x86)\devolo\dlan\devolonetsvc.exe | 
"{FC9E87AF-2EC3-46A4-84A5-956A3DED5AAE}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{FF8D7E6C-11AA-4354-8C2F-B4A034CEF3B2}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{06537299-5441-4AC5-BEC8-52442E8D5E1A}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{0770953B-2DB2-4F11-A0BC-10E333820F18}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{110E19EF-71B6-4344-A64F-111547E4E394}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{14813EFC-FD4B-4BE9-A8C5-58BA3F009D26}" = protocol=17 | dir=in | app=c:\program files\hp\hp officejet pro 8500 a910\bin\hpnetworkcommunicator.exe | 
"{18744C00-E527-48EC-B369-BD90DA55F09B}" = protocol=17 | dir=in | app=c:\program files (x86)\nero\km\kwikmedia.exe | 
"{18A28282-BEB4-4E80-96B6-73780F1F03C1}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{243502A5-39F1-4133-A571-529BEAD4BFD8}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{2930DB65-0405-4B1D-8136-72A55B9452A5}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{2D38452E-3F34-42AD-99A3-1A25DC77CAA7}" = dir=in | app=c:\users\rmspanier\appdata\local\microsoft\skydrive\skydrive.exe | 
"{324147A9-A2FE-4049-A11F-F50C017EF807}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{397B3EA1-99F6-49D1-B8BD-1CA38B262714}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{3A047C33-69B1-4574-8E69-E2B7AB2D085E}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{3CFF58E7-5B4F-429D-BE6B-88B91F2AC1BF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{4045773F-940A-4800-8FAD-2A8E64A25748}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{40A9071B-D756-4D47-8790-CF82B6B6DEA7}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{5437D1B2-39A3-41BC-860F-E434E5620DD8}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{59566FFE-49B8-4E6A-9686-387A6E42A43F}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{671A3C6B-E8D8-4739-AC05-8147DC33DA04}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{68306621-A857-4547-95FE-621095F43967}" = protocol=6 | dir=in | app=c:\program files (x86)\nero\km\kwikmedia.exe | 
"{70F5159F-B4B1-4BC0-83FA-2A56189FB562}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{7A9B0D50-6C6B-43F4-8F99-D897506C2807}" = protocol=17 | dir=in | app=c:\program files\hp\hp officejet pro 8500 a910\bin\devicesetup.exe | 
"{7EE708A5-EB60-4C3A-9545-4F9B4564DE6E}" = protocol=6 | dir=in | app=c:\program files\hp\hp officejet pro 8500 a910\bin\devicesetup.exe | 
"{83724E08-8487-48C1-9BF1-F3518603D086}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{85FA8DE1-F326-4CB5-93FC-49705EC25494}" = protocol=17 | dir=in | app=c:\program files (x86)\starmoney 8.0\app\starmoney.exe | 
"{8CE3F2F1-C483-4166-9ECE-A9AA0B8091B7}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{9A179C5F-5F71-4DBD-A5AB-B1C27F901ED7}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{A562C441-F91B-440A-AFF2-E66BB9596B4B}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{A6D084CA-F613-443F-9F64-873A2E89B4E5}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{AB7D74B2-2476-4994-918D-4DF48815F32E}" = protocol=6 | dir=out | app=system | 
"{AD575A23-804F-4EDB-93BB-B3B1876B59FC}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{B547E208-D378-4758-A035-A0F53C101B8D}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{BC29D33F-162D-45E2-9513-27D84EB43B34}" = protocol=17 | dir=in | app=c:\program files (x86)\starmoney 8.0\ouservice\starmoneyonlineupdate.exe | 
"{C5AEB5D2-7BB2-46D6-BD02-6078FC88B94F}" = protocol=6 | dir=in | app=c:\program files (x86)\starmoney 8.0\app\starmoney.exe | 
"{C68B59C1-5692-474E-8178-F6CF7234C5F3}" = protocol=6 | dir=in | app=c:\program files (x86)\starmoney 8.0\ouservice\starmoneyonlineupdate.exe | 
"{CBBAAECD-8C4C-4D25-B85A-D35A6522FBFC}" = protocol=6 | dir=in | app=c:\program files\hp\hp officejet pro 8500 a910\bin\hpnetworkcommunicator.exe | 
"{D835FCCD-ACAB-4A0A-AC54-595FAD8792B1}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{E17FE8A8-B21A-4A5E-B68B-8A85612591CA}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{E5B70DD1-1181-4C76-8AAF-719F3A972EEF}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | 
"{F9B56816-8B55-4D89-82B1-680215F64FF4}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{FFAFD31E-D45F-4EF9-932E-3FF331492D22}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{0E5D76AD-A3FB-48D5-8400-8903B10317D3}" = iTunes
"{1364C748-A240-F0F3-490E-10C02357523E}" = ccc-utility64
"{363836F9-D52D-8976-EC20-8C6965A4D045}" = ATI Catalyst Install Manager
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5F611ADA-B98C-4DBB-ADDE-414F08457ECF}" = Windows Live Family Safety
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{9301985B-D116-4A93-A93D-94580084FF86}" = 64 Bit HP CIO Components Installer
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{968720F5-3D81-7A28-C902-0876A57B1523}" = ATI AVIVO64 Codecs
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{CE52672C-A0E9-4450-8875-88A221D5CD50}" = Windows Live ID Sign-in Assistant
"{D70884EA-E2CE-4539-91DB-4766CC1E5F5F}" = Apple Mobile Device Support
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
"{E0FE1E14-3A7A-4DB0-9FFA-0DD945AE84DB}" = HP Officejet Pro 8500 A910 - Grundlegende Software für das Gerät
"{E9FA781F-3E80-4399-825A-AD3E11C28C77}" = MSVCRT110_amd64
"{F3F18612-7B5D-4C05-86C9-AB50F6F71727}" = KhalInstallWrapper
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F6822EFD-3F7D-4B35-8845-757A26AEC8E2}" = Windows Live MIME IFilter
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{011E92F1-AF76-4983-8707-79F8F1956439}" = Nero Prerequisite Installer 1.0
"{01944037-D136-45EE-A007-403EAD929FC7}" = Windows Live Writer
"{01E9B2FF-DAF4-4529-9CC9-2101625517C7}" = nero.prerequisites.msi
"{02F29E25-2B7A-43BA-AF95-D0978593F399}" = Reader for PC
"{03CC9D58-B132-4CC0-A521-4F3660AA43C7}" = Movie Maker
"{0454BB9A-2A7A-4214-BDFF-937F7A711A44}" = Windows Live Communications Platform
"{052A1E34-A54B-458C-A4E3-24C3E054754A}" = Nero Kwik Media
"{061FF8F3-5226-4278-8AAB-282C1B024F58}" = Photo Common
"{06EED60F-7FFC-43A7-936E-AA4A8BD948B4}" = Windows Live Writer
"{08C8666B-C502-4AB3-B4CB-D74AC42D14FE}" = Nero BackItUp 10 Help (CHM)
"{0AD576A7-EDCE-469E-ADD7-1AC9DB200C6B}" = Windows Live Mail
"{0C702979-FB0E-9D78-DE61-6D90E384E55F}" = CCC Help Polish
"{0EDBEB2B-7C8D-42E6-8312-0F84394A3223}" = Windows Media Center Add-in for Silverlight
"{10F87409-10AD-8CEE-F879-EA7D57615607}" = CCC Help Turkish
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{11D08055-939C-432b-98C3-E072478A0CD7}" = PSE10 STI Installer
"{124C9BD0-8C52-40AB-8238-0605703B1C28}" = ASUS Backup Wizard
"{13F3CEA5-9E2C-4C4E-9F0F-D0DB389CF4A9}" = Movie Maker
"{14DC0059-00F1-4F62-BD1A-AB23CD51A95E}" = Adobe AIR
"{15F3A6F5-06AE-4332-AE3E-21CD0416827A}" = Windows Live Mail
"{16987E99-C95C-4513-9239-7B44A0A71DB5}" = Nero SoundTrax 10 Help (CHM)
"{18272881-CFC0-434D-A975-E5BE44206AA0}" = Windows Live UX Platform Language Pack
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1DF43EAC-B83D-BECB-F29B-76A7A353EC0C}" = CCC Help Norwegian
"{1EA7C505-E6DA-4B85-9432-EBD3C70D510D}" = Windows Live Messenger
"{1F16820E-D0E7-4636-939E-45CBFEFB06E1}" = Nero Kwik Media Help (CHM)
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FEE19BC-6F0C-42E4-82FF-FB597F6141DF}" = Windows Live Essentials
"{22D3A614-482C-444A-932C-9DA1B8ECDFD2}" = Elements 10 Organizer
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{23A3E560-069F-4CFC-8F6C-1B526EC735FC}" = Windows Live Writer Resources
"{2432E589-6256-4513-B0BF-EFA8E325D5F0}" = Nero SharedVideoCodecs
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7
"{277C1559-4CF7-44FF-8D07-98AA9C13AABD}" = Nero Multimedia Suite 10 Platinum HD
"{2AEAFC79-79E6-4784-9CF9-D9D82932BF88}" = Windows Live Family Safety
"{30F99474-EBE3-4134-A02B-F6CD38CFE243}" = Photo Gallery
"{329411A0-19F3-4740-874F-17400B126F27}" = Nero Vision 10 Help (CHM)
"{33643918-7957-4839-92C7-EA96CB621A98}" = Nero Express 10 Help (CHM)
"{34490F4E-48D0-492E-8249-B48BECF0537C}" = Nero DiscSpeed 10
"{3477DE8A-967D-507E-6520-FD540F49C116}" = CCC Help English
"{34D3688E-A737-44C5-9E2A-FF73618728E1}" = AI Suite II
"{36AA02C7-2E56-9A70-0B1D-380E5954292C}" = CCC Help Czech
"{395F632D-7874-48B2-CE13-AAFE059B18B8}" = CCC Help Japanese
"{398E4B12-9DF4-40E7-901C-494C6E99D2DC}" = StarMoney
"{3C3DCD2B-6FC7-41BF-BB80-40A936E1A785}" = Windows Live Writer
"{3C589A28-0DE4-5866-B9F1-C8E1BD6C3171}" = CCC Help Dutch
"{3C63F944-803E-49A7-B3A2-B8AB3313E883}" = Windows Live UX Platform Language Pack
"{3C646034-7392-2259-3EAF-E93AD1409DF8}" = CCC Help Danish
"{3CBD94C1-BA15-488C-888B-D8DD296CC6DC}" = Fotogalerie
"{3D44D783-D027-4135-AC39-81E320ED2D3A}" = Windows Live Family Safety
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{400C31E4-796F-4E86-8FDC-C3C4FACC6847}" = Junk Mail filter update
"{4019B8AB-DAFE-4CD0-E1E5-5ACD6E8E324F}" = CCC Help Hungarian
"{42C8B7DF-FEB0-4D51-B169-506B6BEC5797}" = Nero 10 Menu TemplatePack 1
"{43FBAB46-5969-4200-9958-1FF81FEE506F}" = Nero 10 Kwik Themes 1
"{446CC8CE-0E90-44F7-ADD0-774B243EF090}" = Galerie de photos
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AA2A466-8031-403A-8236-5301B4E391FB}" = Windows Live UX Platform Language Pack
"{4AF95DE2-B54D-4C3F-9494-FD3B558E2C2D}" = AI Manager
"{4CCBD1F4-CEEC-452A-9CB8-46564B501315}" = Windows Live UX Platform
"{509B0A6E-BFAA-DF35-9A64-1EC29857E513}" = CCC Help Swedish
"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
"{525072DA-059C-A596-ABBC-5D6877EBD5B5}" = Catalyst Control Center Localization All
"{555868C6-49FB-484F-BB43-8980651A1B00}" = Nero BurnRights 10 Help (CHM)
"{5834909F-948F-4D5A-A355-7C9AAA7C41FE}" = Catalyst Control Center - Branding
"{5BABDA39-61CF-41EE-992D-4054B6649A9B}" = Movie Maker
"{63AA3EAB-23BB-48B2-9AD0-44F878075604}" = Nero 10 Menu TemplatePack Basic
"{64D5702D-4D4F-4862-BF3D-DDE43D08D68A}" = StarMoney 8.0 
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{66049135-9659-4AAD-9169-9CCA269EBB3E}" = Nero InfoTool 10 Help (CHM)
"{6768754B-9A1B-3991-2A8C-B17991AA659D}" = CCC Help Italian
"{68AB6930-5BFF-4FF6-923B-516A91984FE6}" = Nero BackItUp 10
"{690F5BA3-5DEB-42CD-962B-F687EE59FAA7}" = Windows Live Essentials
"{6A8DB215-7BCD-4377-B015-2E4541A3E7C6}" = Windows Live PIMT Platform
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{70550193-1C22-445C-8FA4-564E155DB1A7}" = Nero Express 10
"{70854FE6-3BF1-4C69-94D0-BEB821102E34}" = Windows Live Mail
"{70F19404-B96C-4EBB-AD2B-3574F8736197}" = Nero 10 Kwik Themes 2
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7236672F-6430-439E-9B27-27EDEAF1D676}" = Realtek Ethernet Diagnostic Utility
"{743FD554-A73F-4FE8-BE7B-C283D16297F9}" = Photo Common
"{75AEE162-2DAF-C1F2-E1D8-A8F4ED04DA1A}" = CCC Help Greek
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7A295D8F-484B-4FFB-89AB-C1FD497591FE}" = Nero WaveEditor 10 Help (CHM)
"{7A5D731D-B4B3-490E-B339-75685712BAAB}" = Nero Burning ROM 10
"{7B0C5EF6-DE4C-4E20-8889-C17604FFE5CD}" = Windows Live Family Safety
"{7D09972F-4B4D-8A48-7C39-C16BDC4551ED}" = CCC Help French
"{8030AE22-7FA0-4880-A538-8906EDBF49F4}" = Windows Live Writer Resources
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C9377F-5ED1-4AD8-B113-7C876AEAF3AB}" = Windows Live Messenger
"{846E4C72-DF45-43ED-1680-EDF5F87F279E}" = dLAN Cockpit
"{8545F9B8-12CD-01A2-4739-F4D0012C80FD}" = CCC Help Thai
"{85BEC8F6-9AA3-43FF-B56B-8276277137B3}" = Nero 10 Video TransitionPack 1
"{85CE9026-C02A-46B4-B08C-4C77CCCC54FF}" = Windows Live Family Safety
"{86C40513-B5A4-476E-9EAB-EC118DCF4502}" = Windows Live Writer
"{871B2A9D-0F12-44B3-88C1-E0CB10A232E4}" = HP Officejet Pro 8500 A910 Hilfe
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8913AC02-67B8-4B52-91B2-BBA7B9C265B5}" = Windows Live Writer Resources
"{8A642ACD-CE3A-4A23-A8B1-A0F7EB12B214}" = Windows Live SOXE Definitions
"{8AAEB5A5-A397-46B6-8AF3-B6DC790C4E48}" = Windows Live Messenger
"{8D813AFF-D91D-4EE0-821F-B901FC2E89FA}" = Windows Live
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{8ECEC853-5C3D-4B10-B5C7-FF11FF724807}" = Nero Recode 10
"{8F7FECEC-088F-431D-A5FB-2B59E1E69943}" = Galería de fotos
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_PROR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_PROR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_PROR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_PROR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_PROR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_PROR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_PROR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_PROR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_PROR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_PROR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_PROR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90993BD9-C7D9-4C2F-B56C-2F7AFEBD4CD0}" = Windows Live UX Platform Language Pack
"{91120000-0014-0000-0000-0000000FF1CE}" = Microsoft Office Professional 2007
"{91120000-0014-0000-0000-0000000FF1CE}_PROR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{92146419-AE44-4C8B-A48B-0ABB1B5EC026}" = Nero 10 Menu TemplatePack 3
"{92429C8B-86E2-176F-FB06-8F3A3C847DD3}" = CCC Help German
"{92A10E9D-EA00-4A46-8F22-EEA660992D61}" = Nero 10 Sample Videos
"{92E25238-61A3-4ACD-A407-3C480EEF47A7}" = Nero RescueAgent 10 Help (CHM)
"{93E28602-B57A-4487-AA65-97BB5C97AD00}" = StarMoney
"{943CFD7D-5336-47AF-9418-E02473A5A517}" = Nero BurnRights 10
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{95140000-007A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{96914829-DF65-40AE-8A31-6F3E96BAEBBD}" = Windows Live Mail
"{96ED4B78-300E-4033-AE6C-C115CEB4DF07}" = Nero 10 ClipartPack
"{97C79BEC-43F7-4BD8-A6A7-85C0257E488A}" = Windows Live Writer
"{989B6566-DC9B-D79D-7C7A-688727165852}" = CCC Help Finnish
"{98C25937-BE36-D16A-F0F6-C66F6173CFA6}" = Saal Design Software
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A4297F3-2A51-4ED9-92CA-4BCB8380947E}" = Nero Vision 10
"{9A9FEC4E-8696-43B4-8C19-5BE4D9038B55}" = ASUS Easy Update
"{9B6B24BE-80E7-46C4-9FA5-B167D5E0F345}" = Nero BurningROM 10 Help (CHM)
"{9BACB89D-98DA-E204-F904-6776079F1382}" = Catalyst Control Center InstallProxy
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D318C86-AF4C-409F-A6AC-7183FF4CF424}" = Internet-TV für Windows Media Center
"{A127C3C0-055E-38CF-B38F-1E85F8BBBFFE}" = Adobe Community Help
"{A17946CA-18E5-4CF0-8D55-A56D804718F8}" = Movie Maker
"{A2FE691E-3F8E-4E30-AA7D-FF17AC77EA87}" = Nero Blu-ray Player
"{A498D9EB-927B-459B-85D6-DD6EF8C2C564}" = erLT
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A5DC64EE-2FC4-4C35-9975-639DD8499369}" = Windows Live Family Safety
"{A70B0C7B-3527-4D53-A694-E9492ECE9EE1}" = Nero 10 Kwik Themes 4
"{A7A0BF2E-31CC-49E3-9913-52C503EB969D}" = Nero Audio Pack 1
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X (10.1.4) MUI
"{ACD15FDF-FC42-4175-B477-576F92FF2256}" = Nero 10 Sample ImagePack
"{AE364ACC-B9DF-466B-B4EA-AEECD0CD581E}" = Windows Live Messenger
"{AE8044B5-FCA3-4EBE-AC78-0FB3A6E8DC76}" = Movie Maker
"{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}" = HP Update
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B727564C-47D3-473A-AC9E-F4BE7B1BD5D3}" = Windows Live UX Platform Language Pack
"{B77D2795-23C0-4DBD-B7B5-CFB542D1FA3F}" = Windows Live Writer Resources
"{B7F31B9C-8775-4500-8E9D-6ABE9AE17CF4}" = Windows Live Essentials
"{B80D3EA9-A252-4AE5-AC51-81729F5C586F}" = Windows Live Mail
"{BA3BE09C-22AD-4440-306F-6B5A7D7B5207}" = CCC Help Korean
"{BC9DBD2A-4E6A-BFCD-8476-58747501EA7A}" = CCC Help Chinese Standard
"{BEBEE34D-84A2-4EDD-8BEA-96CC54371263}" = Nero Core Components
"{BEF1CD9C-F502-BC2C-9561-7E14DA937AD5}" = CCC Help Portuguese
"{C034A6F9-6569-491B-B3BF-F5D15221A708}" = Windows Live Essentials
"{C18A0418-442A-4186-AF98-D08F5054A2FC}" = Nero DiscSpeed 10 Help (CHM)
"{C3273C55-E1E4-41FF-8D69-0158090DB8D8}" = Nero CoverDesigner 10 Help (CHM)
"{C424CD5E-EA05-4D3E-B5DA-F9F149E1D3AC}" = Windows Live Installer
"{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}" = TuneUp Utilities 2013
"{C595F480-788A-4F8F-8277-1A91F32CA879}" = Windows Live Writer
"{C9B6EFD0-4F01-4BBA-8374-39AD99A3ED72}" = Windows Live Photo Common
"{CA6BCA2F-EDEB-408F-850B-31404BE16A61}" = I.R.I.S. OCR
"{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support
"{CF474BB3-BD31-8C60-6938-6F5597A254EC}" = Catalyst Control Center
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D2C146B1-948D-47EF-8387-5D1C6B980F7C}" = Windows Live Writer
"{D49DBA4B-8ED1-E679-D000-BE301724FE6E}" = CCC Help Chinese Traditional
"{D888F114-7537-4D48-AF03-5DA9C82D7540}" = Photo Common
"{DB169E8F-5332-4DBF-B085-84AA2C373304}" = Windows Live Messenger
"{DB7C1D4A-08BA-4C7E-A8AA-B7F9BB372DCF}" = Nero Recode 10 Help (CHM)
"{DC0BE1EC-8CD8-267E-0FC5-82605ED0045F}" = CCC Help Spanish
"{DD238642-14C7-4D54-8BD7-FAD6DEA9999B}" = Nero 10 Kwik Themes 3
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E1203F8C-FF34-4968-A4A5-B4F1F8533DAB}" = Photo Common
"{E1EE5339-5D32-458F-BAAB-B19F6301BCE2}" = Nero SoundTrax 10
"{E337E787-CF61-4B7B-B84F-509202A54023}" = Nero RescueAgent 10
"{E712C273-7564-4C8E-AA59-0FA19BC35117}" = Nero 10 Menu TemplatePack 2
"{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype™ 6.0
"{EB9C342B-A71C-F09C-0066-9AA565724980}" = CCC Help Russian
"{ED6C77F9-4D7E-447C-9EC0-9A212D075535}" = Movie Maker
"{EDCDFAD5-DF80-4600-A493-E9DAD6810230}" = Nero WaveEditor 10
"{EE549AF9-8FAA-4584-83B2-ECF1BC9DC1FF}" = Adobe Photoshop Elements 10
"{EF3A4DAE-F16F-4AC1-87BB-FE00A784084F}" = Nero 10 PiP EffectPack 1
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2235E5E-7881-4293-9B6F-04B2609FBFF0}" = Windows Live Messenger
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F412B4AF-388C-4FF5-9B2F-33DB1C536953}" = Nero InfoTool 10
"{F4811919-F252-4B25-9AB2-8859A85810B5}" = TuneUp Utilities Language Pack (de-DE)
"{F54030F3-14B6-432D-9361-78DCB1473920}" = Photo Common
"{F5CB822F-B365-43D1-BCC0-4FDA1A2017A7}" = Nero 10 Movie ThemePack Basic
"{F6117F9C-ADB5-4590-9BE4-12C7BEC28702}" = Nero StartSmart 10 Help (CHM)
"{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}" = Nero StartSmart 10
"{F67CA22C-C11F-4573-8406-57F75BA06B51}" = Photo Gallery
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{FA75723A-BF4A-40A2-BFCB-BBC320C27DC9}" = Windows Live Mail
"{FC6C7107-7D72-41A1-A031-3CE751159BAB}" = Photo Gallery
"{FCF00A6E-FB58-477A-ABE9-232907105521}" = Nero CoverDesigner 10
"{FE7C0B3D-50B9-4951-BE78-A321CBF86552}" = Windows Live SOXE
"{FEFD91C5-A25D-48D9-89DA-0FB7BB8B3EF7}" = Windows Live Writer Resources
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop Elements 10" = Adobe Photoshop Elements 10
"Ahnenforscher 5.0_is1" = DATA BECKER Ahnenforscher 5.0
"Asus Vibe2.0" = AsusVibe2.0
"ASUS WebStorage" = ASUS WebStorage
"Audiograbber" = Audiograbber 1.83 SE 
"Audiograbber-Lame" = Audiograbber MP3-Plugin
"Avira AntiVir Desktop" = Avira Antivirus Premium 2012
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"Cockpit.92121A72F826FA9D0BD3A830E7F04987B31AFB22.1" = dLAN Cockpit
"dlancockpit" = devolo dLAN Cockpit
"FormatFactory" = FormatFactory 2.90
"Free Video Dub_is1" = Free Video Dub version
"Google Chrome" = Google Chrome
"Hobby Constructor plus_is1" = DATA BECKER Hobby Constructor plus
"HP Photo Creations" = HP Photo Creations
"McAfee Security Scan" = McAfee Security Scan Plus
"PROR" = Microsoft Office Professional 2007
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"SaalDesignSoftware" = Saal Design Software
"TuneUp Utilities 2013" = TuneUp Utilities 2013
"WinLiveSuite" = Windows Live Essentials
"wintrack11demo_is1" = WinTrack Demo Version 11.0 3D
"wintrack6_is1" = WinTrack V9.0 3D
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Protect Disc License Helper" = Protect Disc License Helper 1.0.125 (IE)
"SkyDriveSetup.exe" = Microsoft SkyDrive
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 21.12.2012 15:14:16 | Computer Name = Arbeitszimmer | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 3993
 
Error - 21.12.2012 15:14:16 | Computer Name = Arbeitszimmer | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 3993
 
Error - 21.12.2012 15:14:17 | Computer Name = Arbeitszimmer | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 21.12.2012 15:14:17 | Computer Name = Arbeitszimmer | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 4992
 
Error - 21.12.2012 15:14:17 | Computer Name = Arbeitszimmer | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 4992
 
Error - 21.12.2012 15:14:18 | Computer Name = Arbeitszimmer | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 21.12.2012 15:14:18 | Computer Name = Arbeitszimmer | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 5990
 
Error - 21.12.2012 15:14:18 | Computer Name = Arbeitszimmer | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 5990
 
Error - 21.12.2012 15:14:19 | Computer Name = Arbeitszimmer | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 21.12.2012 15:14:19 | Computer Name = Arbeitszimmer | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 6988
 
Error - 21.12.2012 15:14:19 | Computer Name = Arbeitszimmer | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 6988
 
Error - 21.12.2012 22:17:58 | Computer Name = Arbeitszimmer | Source = WinMgmt | ID = 10
Description = 
 
[ Media Center Events ]
Error - 21.06.2012 23:45:47 | Computer Name = Arbeitszimmer | Source = MCUpdate | ID = 0
Description = 05:45:46 - Fehler beim Herstellen der Internetverbindung.  05:45:46 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 13.08.2012 20:54:48 | Computer Name = Arbeitszimmer | Source = MCUpdate | ID = 0
Description = 02:54:48 - Fehler beim Herstellen der Internetverbindung.  02:54:48 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 13.08.2012 20:54:55 | Computer Name = Arbeitszimmer | Source = MCUpdate | ID = 0
Description = 02:54:53 - Fehler beim Herstellen der Internetverbindung.  02:54:53 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 13.08.2012 21:56:35 | Computer Name = Arbeitszimmer | Source = MCUpdate | ID = 0
Description = 03:56:35 - Fehler beim Herstellen der Internetverbindung.  03:56:35 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 13.08.2012 21:56:40 | Computer Name = Arbeitszimmer | Source = MCUpdate | ID = 0
Description = 03:56:40 - Fehler beim Herstellen der Internetverbindung.  03:56:40 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 13.08.2012 22:58:22 | Computer Name = Arbeitszimmer | Source = MCUpdate | ID = 0
Description = 04:58:22 - Fehler beim Herstellen der Internetverbindung.  04:58:22 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 13.08.2012 22:58:28 | Computer Name = Arbeitszimmer | Source = MCUpdate | ID = 0
Description = 04:58:27 - Fehler beim Herstellen der Internetverbindung.  04:58:27 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 14.08.2012 00:00:10 | Computer Name = Arbeitszimmer | Source = MCUpdate | ID = 0
Description = 06:00:10 - Fehler beim Herstellen der Internetverbindung.  06:00:10 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 14.08.2012 00:00:15 | Computer Name = Arbeitszimmer | Source = MCUpdate | ID = 0
Description = 06:00:15 - Fehler beim Herstellen der Internetverbindung.  06:00:15 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 30.08.2012 15:33:29 | Computer Name = Arbeitszimmer | Source = MCUpdate | ID = 0
Description = 21:33:29 - Fehler beim Herstellen der Internetverbindung.  21:33:29 
-     Serververbindung konnte nicht hergestellt werden..  
 
[ OSession Events ]
Error - 02.12.2012 13:13:20 | Computer Name = Arbeitszimmer | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6662.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 156
 seconds with 120 seconds of active time.  This session ended with a crash.
 
Error - 02.12.2012 13:13:30 | Computer Name = Arbeitszimmer | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6662.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 0
 seconds with 0 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 26.12.2012 09:02:40 | Computer Name = Arbeitszimmer | Source = DCOM | ID = 10016
Description = 
 
Error - 26.12.2012 14:27:47 | Computer Name = Arbeitszimmer | Source = DCOM | ID = 10010
Description = 
 
Error - 27.12.2012 06:50:02 | Computer Name = Arbeitszimmer | Source = DCOM | ID = 10016
Description = 
 
Error - 28.12.2012 02:01:10 | Computer Name = Arbeitszimmer | Source = DCOM | ID = 10010
Description = 
 
Error - 28.12.2012 02:34:27 | Computer Name = Arbeitszimmer | Source = DCOM | ID = 10010
Description = 
 
Error - 01.01.2013 10:19:55 | Computer Name = Arbeitszimmer | Source = DCOM | ID = 10016
Description = 
 
Error - 02.01.2013 07:44:37 | Computer Name = Arbeitszimmer | Source = DCOM | ID = 10010
Description = 
 
Error - 03.01.2013 02:57:52 | Computer Name = Arbeitszimmer | Source = DCOM | ID = 10010
Description = 
 
Error - 03.01.2013 06:23:39 | Computer Name = Arbeitszimmer | Source = DCOM | ID = 10016
Description = 
 
Error - 04.01.2013 02:34:51 | Computer Name = Arbeitszimmer | Source = DCOM | ID = 10016
Description = 
 
 
< End of report >
         
--- --- ---
Hallo,

habe bei GMER angezeigt bekommen, dass ich das besser nicht runterlade.

Vielen Dank im Vorraus für Eure Hilfe.

RMSpanier

Alt 04.01.2013, 12:18   #2
Larusso
/// Selecta Jahrusso
 
Nach google Suche und Auswahl eines Suchergebnisses, Weiterleitung an nicht ausgewählte Internetseite - Standard

Nach google Suche und Auswahl eines Suchergebnisses, Weiterleitung an nicht ausgewählte Internetseite





Mein Name ist Daniel und ich werde dir mit deinem Malware Relevanten Problemen helfen.

Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
  • Lies dir meine Anleitungen erst einmal durch. Sollte irgendetwas unklar sein, Frage bevor du beginnst.
  • Solltest du bei einem Schritt Probleme haben, stoppe dort und beschreib mir das Problem so gut du kannst. Manchmal erfordert ein Schritt den vorhergehenden.
  • Sollte ich auf diese, sowie allen weiteren Antworten, innerhalb von 3 Tagen keine Antwort von dir erhalten, werde ich das Thema aus meinen Abonnements löschen.
  • Nur Scanns durchführen zu denen Du von einem Helfer aufgefordert wirst und Installiere / Deinstalliere keine Software ohne Aufforderung.
  • Poste die Logfiles direkt in deinen Thread und nicht als Anhang, ausser du wurdest dazu aufgefordert. Erschwert mir das Auswerten.
Note: Sollte ich 48 Stunden nichts von mir hören lassen, schicke mir bitte eine PM. Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des PCs.


Ich sehe das Du sogenannte Registry Cleaner am System hast.
In deinem Fall TuneUp.

Wir empfehlen auf keinen Fall jegliche Art von Registry Cleaner.

Der Grund ist ganz einfach:

Die Registry ist das Hirn des Systems. Funktioniert das Hirn nicht, funktioniert der Rest nicht mehr wirklich.
Wir lesen oft genug von Hilfesuchenden, dass deren System nach der Nutzung von Registry Cleanern nicht mehr booted.
  • Wie soll der Cleaner zu 100% wissen ob der Eintrag benötigt wird oder nicht ?
  • Es ist vollkommen egal ob ein paar verwaiste Registry Einträge am System sind oder nicht.
  • Auch die dauernd angepriesene Beschleunigung des Systems ist nur bedingt wahr. Du würdest es nicht merken.
Ein sogenanntes False Positive von einem Cleaner kann auch dein System unbootbar machen.
Zerstörst Du die Registry, zerstörst Du Windows.

Ich empfehle Dir hiermit die oben genannte Software zu deinstallieren und in Zukunft auf solche Art von Software zu verzichten.



Wirst du mit dem IE und dem Firefox umgeleitet ?
__________________

__________________

Alt 04.01.2013, 16:40   #3
RMSpanier
 
Nach google Suche und Auswahl eines Suchergebnisses, Weiterleitung an nicht ausgewählte Internetseite - Standard

Nach google Suche und Auswahl eines Suchergebnisses, Weiterleitung an nicht ausgewählte Internetseite



Hallo Daniel,
erst einmal Danke dass Du so schnell geantwortet hast. Ich habe Deinen Tipp angenommen und I Tune deinstalliert.
Nach dem Runterladen des Systems arbeitet IE wieder normal.
Ich habe im Forum gelesen - was ich auch nachvollziehen kann - man sollte trotzdem den Fehler aufspüren.
Ich wurde immer mittels IE weitergeleitet.
Gruß
Mario
__________________

Alt 04.01.2013, 16:48   #4
Larusso
/// Selecta Jahrusso
 
Nach google Suche und Auswahl eines Suchergebnisses, Weiterleitung an nicht ausgewählte Internetseite - Standard

Nach google Suche und Auswahl eines Suchergebnisses, Weiterleitung an nicht ausgewählte Internetseite



Zitat:
Nach dem Runterladen des Systems arbeitet IE wieder normal.
Wie meinen ?
__________________
mfg, Daniel

ASAP & UNITE Member
Alliance of Security Analysis Professionals
Unified Network of Instructors and Trusted Eliminators

Lerne, zurück zu schlagen und unterstütze uns!
TB Akademie

Alt 04.01.2013, 16:52   #5
RMSpanier
 
Nach google Suche und Auswahl eines Suchergebnisses, Weiterleitung an nicht ausgewählte Internetseite - Standard

Nach google Suche und Auswahl eines Suchergebnisses, Weiterleitung an nicht ausgewählte Internetseite



Hallo,

Ich kann Suchbegriffe eingeben und die gefunden Seiten aufrufen ohne umgeleitet zu werden.
Aber warum das jetzt wieder geht ????
Ich habe nur das System runter- und wieder hochgefahren.

mfg

mario


Alt 04.01.2013, 17:23   #6
Larusso
/// Selecta Jahrusso
 
Nach google Suche und Auswahl eines Suchergebnisses, Weiterleitung an nicht ausgewählte Internetseite - Standard

Nach google Suche und Auswahl eines Suchergebnisses, Weiterleitung an nicht ausgewählte Internetseite



Schaun ma mal


Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop ( falls noch nicht vorhanden)
  • Doppelklick auf die OTL.exe
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in den Thread.
__________________
--> Nach google Suche und Auswahl eines Suchergebnisses, Weiterleitung an nicht ausgewählte Internetseite

Alt 06.01.2013, 09:09   #7
RMSpanier
 
Nach google Suche und Auswahl eines Suchergebnisses, Weiterleitung an nicht ausgewählte Internetseite - Standard

Nach google Suche und Auswahl eines Suchergebnisses, Weiterleitung an nicht ausgewählte Internetseite



Hallo Daniel,

hier die ScansOTL Logfile:
Code:
ATTFilter
OTL logfile created on: 06.01.2013 10:00:33 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\RMSpanier\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,98 Gb Total Physical Memory | 6,49 Gb Available Physical Memory | 81,25% Memory free
15,96 Gb Paging File | 13,35 Gb Available in Paging File | 83,63% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 100,56 Gb Total Space | 34,73 Gb Free Space | 34,53% Space Free | Partition Type: NTFS
Drive D: | 100,00 Mb Total Space | 76,24 Mb Free Space | 76,24% Space Free | Partition Type: NTFS
Drive E: | 372,60 Gb Total Space | 370,89 Gb Free Space | 99,54% Space Free | Partition Type: NTFS
Drive F: | 540,23 Gb Total Space | 70,23 Gb Free Space | 13,00% Space Free | Partition Type: NTFS
 
Computer Name: ARBEITSZIMMER | User Name: RMSpanier | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\RMSpanier\Downloads\OTL (1).exe (OldTimer Tools)
PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_135_ActiveX.exe (Adobe Systems Incorporated)
PRC - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe (Sony Corporation)
PRC - C:\Program Files (x86)\StarMoney 8.0\ouservice\StarMoneyOnlineUpdate.exe (Star Finanz - Software Entwicklung und Vertriebs GmbH)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.)
PRC - C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG)
PRC - E:\Elements 10 Organizer\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\McAfee Security Scan\3.0.207\SSScheduler.exe (McAfee, Inc.)
PRC - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\ASUS\AXSP\1.00.14\atkexComSvc.exe ()
PRC - C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe (ASUSTeK Computer Inc.)
PRC - C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe (Nero AG)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\ASUS\AI Suite II\EPU\EPUHelp.exe (ASUSTeK Computer Inc.)
PRC - C:\Program Files (x86)\devolo\dlan\devolonetsvc.exe (devolo AG)
PRC - C:\Program Files (x86)\ASUS\AAHM\1.00.14\aaHMSvc.exe ()
PRC - C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe (ASUSTeK Computer Inc.)
PRC - C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe (ASUSTek Computer Inc.)
PRC - C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe ()
PRC - C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe (ASUSTeK Computer Inc.)
PRC - C:\Program Files (x86)\ASUS\AI Manager\AsShellApplication.exe (ASUSTeK Computer Inc.)
PRC - C:\Windows\SysWOW64\AsHookDevice.exe (ASUSTeK Computer Inc.)
PRC - C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe ()
PRC - C:\Program Files (x86)\Common Files\DATA BECKER Shared\DBService.exe (DATA BECKER GmbH & Co KG)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\a7af6a2b1a809662ad31c6bca114d88b\IAStorUtil.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\901d686db31834a2b3612d5060e24348\IAStorCommon.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\413288993ff690e8251d2dbe32bee01f\System.Runtime.Remoting.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d040079bc7148afeca03c5abb6fc3c61\System.Windows.Forms.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\4e80768a2d88c7a333e43cbb7a6c0705\System.Drawing.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\b311b783e1efaa9527f4c2c9680c44d1\WindowsBase.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\25e672ea505e50ab058258ac72a54f02\System.Xml.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c64ca3678261c8ffcd9e7efd1af6ed54\System.Configuration.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System\9dd758ac0bf7358ac6e4720610fcc63c\System.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\187d7c66735c533de851c76384f86912\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\fsk.dll ()
MOD - C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\readerAppHelper.dll ()
MOD - C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\USBDetector.dll ()
MOD - C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskNetInterface.dll ()
MOD - C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskPower.dll ()
MOD - C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskinLocalize.dll ()
MOD - C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskTimeHardware.dll ()
MOD - C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ticket.dll ()
MOD - C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ebookDeviceNotifier.dll ()
MOD - C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskDocumentViewer.dll ()
MOD - C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskMobileMediaDevice.dll ()
MOD - C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\Fskin.dll ()
MOD - C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskMediaPlayers.dll ()
MOD - C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskSecurity.dll ()
MOD - C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ebookUsb.dll ()
MOD - C:\windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL ()
MOD - C:\PROGRA~2\MICROS~1\Office12\ADDINS\UMOUTL~1.DLL ()
MOD - C:\Program Files (x86)\ASUS\AI Suite II\Sensor\Sensor.dll ()
MOD - C:\Program Files (x86)\ASUS\AI Suite II\BarGadget\BarGadget.dll ()
MOD - C:\Program Files (x86)\ASUS\AI Suite II\MyLogo\MyLogo.dll ()
MOD - C:\Program Files (x86)\ASUS\AI Suite II\ASUS Update\Update.dll ()
MOD - C:\Program Files (x86)\ASUS\AI Suite II\Sensor Graph\SensorGraph.dll ()
MOD - C:\Program Files (x86)\ASUS\AI Suite II\AssistFunc.dll ()
MOD - C:\Program Files (x86)\ASUS\AI Suite II\AI Charger+\AIChargerPlus.dll ()
MOD - C:\Program Files (x86)\ASUS\AI Suite II\Settings\Settings.dll ()
MOD - C:\Program Files (x86)\ASUS\AI Suite II\Probe_II\ProbeII.dll ()
MOD - C:\Program Files (x86)\ASUS\AAHM\1.00.14\aaHMLib.dll ()
MOD - C:\Program Files (x86)\ASUS\AI Suite II\TabGadget\TabGadget.dll ()
MOD - C:\Program Files (x86)\ASUS\AI Suite II\Splitter\Splitter.dll ()
MOD - C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\ImageHelper.dll ()
MOD - C:\Program Files (x86)\ASUS\AI Suite II\ImageHelper.dll ()
MOD - C:\Program Files (x86)\ASUS\AI Suite II\pngio.dll ()
MOD - C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe ()
MOD - C:\windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll ()
MOD - C:\PROGRA~2\MICROS~1\Office12\ADDINS\COLLEA~1.DLL ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (LBTServ) -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (Skype C2C Service) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (StarMoney 8.0 OnlineUpdate) -- C:\Program Files (x86)\StarMoney 8.0\ouservice\StarMoneyOnlineUpdate.exe (Star Finanz - Software Entwicklung und Vertriebs GmbH)
SRV - (Sony SCSI Helper Service) -- C:\Program Files (x86)\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe (Sony Corporation)
SRV - (AntiVirWebService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira Operations GmbH & Co. KG)
SRV - (AntiVirMailService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (UMVPFSrv) -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.)
SRV - (NAUpdate) -- C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG)
SRV - (AdobeActiveFileMonitor10.0) -- E:\Elements 10 Organizer\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated)
SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (McComponentHostService) -- C:\Program Files (x86)\McAfee Security Scan\3.0.207\McCHSvc.exe (McAfee, Inc.)
SRV - (asComSvc) -- C:\Program Files (x86)\ASUS\AXSP\1.00.14\atkexComSvc.exe ()
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (DevoloNetworkService) -- C:\Program Files (x86)\devolo\dlan\devolonetsvc.exe (devolo AG)
SRV - (asHmComSvc) -- C:\Program Files (x86)\ASUS\AAHM\1.00.14\aaHMSvc.exe ()
SRV - (AsSysCtrlService) -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe ()
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (Device Handle Service) -- C:\Windows\SysWOW64\AsHookDevice.exe (ASUSTeK Computer Inc.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (DBService) -- C:\Program Files (x86)\Common Files\DATA BECKER Shared\DBService.exe (DATA BECKER GmbH & Co KG)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH)
DRV:64bit: - (Fs_Rec) -- C:\windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (LVUVC64) -- C:\Windows\SysNative\drivers\lvuvc64.sys (Logitech Inc.)
DRV:64bit: - (LVRS64) -- C:\Windows\SysNative\drivers\lvrs64.sys (Logitech Inc.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (asmtxhci) -- C:\Windows\SysNative\drivers\asmtxhci.sys (ASMedia Technology Inc)
DRV:64bit: - (asmthub3) -- C:\Windows\SysNative\drivers\asmthub3.sys (ASMedia Technology Inc)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (netr28x) -- C:\Windows\SysNative\drivers\netr28x.sys (Ralink Technology, Corp.)
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices)
DRV:64bit: - (asahci64) -- C:\Windows\SysNative\drivers\asahci64.sys (Asmedia Technology)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (Renesas Electronics Corporation)
DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (Renesas Electronics Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (AiChargerPlus) -- C:\Windows\SysNative\drivers\AiChargerPlus.sys (ASUSTek Computer Inc.)
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation)
DRV:64bit: - (mv91xx) -- C:\Windows\SysNative\drivers\mv91xx.sys (Marvell Semiconductor, Inc.)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (acedrv11) -- C:\Windows\SysNative\drivers\acedrv11.sys (Protect Software GmbH)
DRV:64bit: - (RtNdPt60) -- C:\Windows\SysNative\drivers\RtNdPt60.sys (Realtek                                            )
DRV:64bit: - (TEAM) -- C:\Windows\SysNative\drivers\RtTeam60.sys (Realtek Corporation)
DRV:64bit: - (RTTEAMPT) -- C:\Windows\SysNative\drivers\RtTeam60.sys (Realtek Corporation)
DRV:64bit: - (VLAN) -- C:\Windows\SysNative\drivers\RtVlan60.sys (Windows (R) Codename Longhorn DDK provider)
DRV:64bit: - (RTVLANPT) -- C:\Windows\SysNative\drivers\RtVlan60.sys (Windows (R) Codename Longhorn DDK provider)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (WSDPrintDevice) -- C:\Windows\SysNative\drivers\WSDPrint.sys (Microsoft Corporation)
DRV:64bit: - (StillCam) -- C:\Windows\SysNative\drivers\serscan.sys (Microsoft Corporation)
DRV:64bit: - (LMouFilt) -- C:\Windows\SysNative\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV:64bit: - (LHidFilt) -- C:\Windows\SysNative\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV:64bit: - (LHidEqd) -- C:\Windows\SysNative\drivers\LHidEqd.sys (Logitech, Inc.)
DRV:64bit: - (LEqdUsb) -- C:\Windows\SysNative\drivers\LEqdUsb.sys (Logitech, Inc.)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (RimUsb) -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys (Research In Motion Limited)
DRV - (NPF_devolo) -- C:\Windows\SysWOW64\drivers\npf_devolo.sys (CACE Technologies)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (ASInsHelp) -- C:\Windows\SysWOW64\drivers\AsInsHelp64.sys ()
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = ChatZum Search
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.chatzum.com/?q={searchTerms}
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-416205249-2969329114-3541441675-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN Deutschland: Hotmail, Skype Download und Messenger sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN
IE - HKU\S-1-5-21-416205249-2969329114-3541441675-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = 
IE - HKU\S-1-5-21-416205249-2969329114-3541441675-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = 
IE - HKU\S-1-5-21-416205249-2969329114-3541441675-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google
IE - HKU\S-1-5-21-416205249-2969329114-3541441675-1001\..\URLSearchHook: {213c8ed6-1d78-4d8f-8729-25006aa86a76} - No CLSID value found
IE - HKU\S-1-5-21-416205249-2969329114-3541441675-1001\..\URLSearchHook: {adca5064-9e30-43fe-9856-58b07a3149fe} - No CLSID value found
IE - HKU\S-1-5-21-416205249-2969329114-3541441675-1001\..\URLSearchHook: {ebd898f8-fcf6-4694-bc3b-eabc7271eeb1} - No CLSID value found
IE - HKU\S-1-5-21-416205249-2969329114-3541441675-1001\..\SearchScopes,DefaultScope = {96bd48dd-741b-41ae-ac4a-aff96ba00f7e}
IE - HKU\S-1-5-21-416205249-2969329114-3541441675-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.chatzum.com/?q={searchTerms}
IE - HKU\S-1-5-21-416205249-2969329114-3541441675-1001\..\SearchScopes\{57D278C4-2CCD-45D8-ACF0-3BEBF36FA132}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=&apn_dtid=OSJ000&apn_uid=20A2A3BB-56DD-4FAF-A27D-1A1856C6C0A9&apn_sauid=FFCC82E2-6AD2-4E41-945F-B70EDD6EB208
IE - HKU\S-1-5-21-416205249-2969329114-3541441675-1001\..\SearchScopes\{96bd48dd-741b-41ae-ac4a-aff96ba00f7e}: "URL" = hxxp://search.chatzum.com/?q={SearchTerms}
IE - HKU\S-1-5-21-416205249-2969329114-3541441675-1001\..\SearchScopes\{DB0ED2EF-88F0-40AE-B338-3CC910137C19}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3242337
IE - HKU\S-1-5-21-416205249-2969329114-3541441675-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-416205249-2969329114-3541441675-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_5_502_135.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: E:\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Nero.com/KM: C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)
FF - HKLM\Software\MozillaPlugins\@rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5: C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll (RocketLife, LLP)
FF - HKLM\Software\MozillaPlugins\@sony.com/ReaderDesktop: C:\Program Files (x86)\Sony\ReaderDesktop\npreaderdetectmoz.dll (Sony Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@protectdisc.com/NPPDLicenseHelper: C:\Users\RMSpanier\AppData\Roaming\ProtectDisc\License Helper v2\NPPDLicenseHelper.dll ( )
 
 
 
========== Chrome  ==========
 
CHR - homepage: Google
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR - homepage: Google
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Nero Kwik Media Helper (Enabled) = C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
CHR - plugin: Reader Application Detector (Enabled) = C:\Program Files (x86)\Sony\ReaderDesktop\npreaderdetectmoz.dll
CHR - plugin: Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: RocketLife Secure Plug-In Layer (Enabled) = C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll
CHR - plugin: Protect Disc License Acquisition Plugin (Enabled) = C:\Users\RMSpanier\AppData\Roaming\ProtectDisc\License Helper v2\NPPDLicenseHelper.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll
CHR - plugin: Java Deployment Toolkit 7.0.70.11 (Enabled) = C:\windows\SysWOW64\npDeployJava1.dll
CHR - plugin: Java(TM) Platform SE 7 U7 (Enabled) = E:\bin\plugin2\npjp2.dll
CHR - Extension: Google Drive = C:\Users\RMSpanier\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\RMSpanier\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google-Suche = C:\Users\RMSpanier\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Google Mail = C:\Users\RMSpanier\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - E:\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-416205249-2969329114-3541441675-1001\..\Toolbar\WebBrowser: (no name) - {213C8ED6-1D78-4D8F-8729-25006AA86A76} - No CLSID value found.
O3 - HKU\S-1-5-21-416205249-2969329114-3541441675-1001\..\Toolbar\WebBrowser: (no name) - {ADCA5064-9E30-43FE-9856-58B07A3149FE} - No CLSID value found.
O3 - HKU\S-1-5-21-416205249-2969329114-3541441675-1001\..\Toolbar\WebBrowser: (no name) - {EBD898F8-FCF6-4694-BC3B-EABC7271EEB1} - No CLSID value found.
O3 - HKU\S-1-5-21-416205249-2969329114-3541441675-1001\..\Toolbar\WebBrowser: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - No CLSID value found.
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\windows\KHALMNPR.Exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [Logitech Download Assistant] C:\windows\SysNative\LogiLDA.dll (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ASUS AiChargerPlus Execute] C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [ASUSWebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.104.216\AsusWSPanel.exe (ecareme)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [NBAgent] C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe (Nero AG)
O4 - HKLM..\Run: [Reader Application Helper] C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe (Sony Corporation)
O4 - HKLM..\Run: [RunAIShell] C:\Program Files (x86)\ASUS\AI Manager\AsShellApplication.exe (ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-416205249-2969329114-3541441675-1001..\Run: [NWZA] rundll32 ",Teul File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-416205249-2969329114-3541441675-1001..\RunOnce: [Uninstall C:\Users\RMSpanier\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64] C:\windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\RMSpanier\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64" File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000015 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F6924DAA-24EA-426A-A941-772F6C63D57A}: DhcpNameServer = 192.168.2.1 192.168.2.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005.04.12 14:00:29 | 000,000,386 | ---- | M] () - E:\Auto.Nam -- [ NTFS ]
O33 - MountPoints2\J\Shell - "" = AutoRun
O33 - MountPoints2\J\Shell\AutoRun\command - "" = C:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL J:\index.htm
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.01.04 07:33:49 | 000,000,000 | ---D | C] -- C:\windows\temp
[2013.01.02 09:00:43 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1986-12.com.adobe
[2012.12.27 12:27:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012.12.27 12:27:06 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012.12.27 12:27:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2012.12.27 12:27:06 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012.12.27 12:27:06 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2012.12.25 16:48:13 | 000,000,000 | ---D | C] -- C:\windows\de
[2012.12.25 16:48:01 | 000,000,000 | ---D | C] -- C:\windows\en
[2012.12.25 16:48:00 | 000,000,000 | ---D | C] -- C:\windows\es
[2012.12.25 16:47:58 | 000,000,000 | ---D | C] -- C:\windows\fr
[2012.12.25 16:47:57 | 000,000,000 | ---D | C] -- C:\windows\nl
[2012.12.25 16:47:12 | 002,526,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\D3DCompiler_43.dll
[2012.12.25 16:47:12 | 000,527,192 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\XAudio2_7.dll
[2012.12.25 16:47:12 | 000,518,488 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\XAudio2_7.dll
[2012.12.25 16:47:12 | 000,276,832 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3dx11_43.dll
[2012.12.25 16:47:12 | 000,077,656 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\XAPOFX1_5.dll
[2012.12.25 16:47:12 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\XAPOFX1_5.dll
[2012.12.22 03:00:23 | 000,367,616 | ---- | C] (Adobe Systems Incorporated) -- C:\windows\SysNative\atmfd.dll
[2012.12.22 03:00:23 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- C:\windows\SysWow64\atmfd.dll
[2012.12.22 03:00:23 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\windows\SysNative\atmlib.dll
[2012.12.22 03:00:23 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\windows\SysWow64\atmlib.dll
[2012.12.21 10:40:54 | 002,106,216 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\D3DCompiler_43.dll
[2012.12.21 10:40:54 | 001,998,168 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\D3DX9_43.dll
[2012.12.21 10:40:54 | 001,868,128 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3dcsx_43.dll
[2012.12.21 10:40:54 | 000,470,880 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3dx10_43.dll
[2012.12.21 10:40:54 | 000,248,672 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3dx11_43.dll
[2012.12.13 03:00:38 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieui.dll
[2012.12.13 03:00:38 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieui.dll
[2012.12.13 03:00:38 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieUnatt.exe
[2012.12.13 03:00:38 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mshtmled.dll
[2012.12.13 03:00:38 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmled.dll
[2012.12.13 03:00:37 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript9.dll
[2012.12.13 03:00:37 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\inetcpl.cpl
[2012.12.13 03:00:37 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\inetcpl.cpl
[2012.12.13 03:00:37 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msfeeds.dll
[2012.12.13 03:00:37 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\url.dll
[2012.12.13 03:00:37 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\url.dll
[2012.12.13 03:00:37 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieUnatt.exe
[2012.12.13 03:00:36 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript.dll
[2012.12.13 03:00:36 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\jscript.dll
[2012.12.13 03:00:36 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\vbscript.dll
[2012.12.12 16:57:34 | 000,424,960 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\KernelBase.dll
[2012.12.12 16:57:33 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\kernel32.dll
[2012.12.12 16:57:33 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\conhost.exe
[2012.12.12 16:57:33 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\winsrv.dll
[2012.12.12 16:57:32 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wow64win.dll
[2012.12.12 16:57:32 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wow64.dll
[2012.12.12 16:57:32 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\setup16.exe
[2012.12.12 16:57:32 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ntvdm64.dll
[2012.12.12 16:57:32 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntvdm64.dll
[2012.12.12 16:57:32 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wow64cpu.dll
[2012.12.12 16:57:32 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\instnm.exe
[2012.12.12 16:57:32 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2012.12.12 16:57:32 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2012.12.12 16:57:32 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2012.12.12 16:57:32 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wow32.dll
[2012.12.12 16:57:32 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2012.12.12 16:57:32 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2012.12.12 16:57:32 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2012.12.12 16:57:32 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2012.12.12 16:57:32 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2012.12.12 16:57:32 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2012.12.12 16:57:32 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012.12.12 16:57:32 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2012.12.12 16:57:32 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2012.12.12 16:57:32 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2012.12.12 16:57:32 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2012.12.12 16:57:32 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2012.12.12 16:57:32 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2012.12.12 16:57:32 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2012.12.12 16:57:32 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012.12.12 16:57:32 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2012.12.12 16:57:32 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2012.12.12 16:57:31 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2012.12.12 16:57:31 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2012.12.12 16:57:31 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2012.12.12 16:57:31 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2012.12.12 16:57:31 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2012.12.12 16:57:31 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2012.12.12 16:57:31 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2012.12.12 16:57:31 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2012.12.12 16:57:31 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2012.12.12 16:57:31 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2012.12.12 16:57:31 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2012.12.12 16:57:31 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2012.12.12 16:57:31 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2012.12.12 16:57:31 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2012.12.12 16:57:31 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.12.12 16:57:31 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.12.12 16:57:31 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2012.12.12 16:57:31 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2012.12.12 16:57:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2012.12.12 16:57:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2012.12.12 16:57:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2012.12.12 16:57:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2012.12.12 16:57:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2012.12.12 16:57:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2012.12.12 16:57:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2012.12.12 16:57:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2012.12.12 16:57:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2012.12.12 16:57:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2012.12.12 16:57:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2012.12.12 16:57:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2012.12.12 16:57:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2012.12.12 16:57:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2012.12.12 16:57:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2012.12.12 16:57:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2012.12.12 16:57:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2012.12.12 16:57:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2012.12.12 16:57:31 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\user.exe
[2012.12.12 16:57:28 | 000,478,208 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dpnet.dll
[2012.12.12 16:57:28 | 000,376,832 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\dpnet.dll
[2012.12.10 22:21:56 | 000,000,000 | R--D | C] -- C:\Users\RMSpanier\Documents\Scanned Documents
[2012.12.10 22:21:56 | 000,000,000 | ---D | C] -- C:\Users\RMSpanier\Documents\Fax
[2012.12.09 18:47:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012.12.09 18:47:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2012.12.08 19:26:07 | 000,000,000 | ---D | C] -- C:\Users\RMSpanier\AppData\Roaming\SaalDesignSoftware
[1 C:\windows\SysNative\*.tmp files -> C:\windows\SysNative\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.01.06 09:55:30 | 000,000,346 | ---- | M] () -- C:\windows\tasks\HP Photo Creations Communicator.job
[2013.01.06 09:52:00 | 000,000,884 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2013.01.06 09:41:23 | 000,001,116 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.01.06 09:41:20 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2013.01.05 19:06:13 | 000,001,112 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.01.04 17:31:31 | 000,016,752 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.01.04 17:31:31 | 000,016,752 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.01.04 17:31:15 | 001,529,266 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2013.01.04 17:31:15 | 000,665,340 | ---- | M] () -- C:\windows\SysNative\perfh007.dat
[2013.01.04 17:31:15 | 000,627,222 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2013.01.04 17:31:15 | 000,133,552 | ---- | M] () -- C:\windows\SysNative\perfc007.dat
[2013.01.04 17:31:15 | 000,109,942 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2013.01.04 17:24:16 | 2133,557,247 | -HS- | M] () -- C:\hiberfil.sys
[2013.01.04 07:42:15 | 000,000,000 | ---- | M] () -- C:\Users\RMSpanier\defogger_reenable
[2012.12.27 12:27:13 | 000,001,787 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012.12.26 18:40:38 | 000,000,000 | ---- | M] () -- C:\windows\SysNative\drivers\lvuvc.hs
[2012.12.22 03:16:06 | 000,423,176 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2012.12.21 10:44:54 | 000,002,113 | ---- | M] () -- C:\Users\Public\Desktop\Nero Kwik Media.lnk
[2012.12.20 08:09:28 | 000,003,133 | ---- | M] () -- C:\Users\Public\Desktop\Nero BackItUp 10.lnk
[2012.12.20 08:09:06 | 000,002,987 | ---- | M] () -- C:\Users\Public\Desktop\Nero Vision 10.lnk
[2012.12.20 08:08:50 | 000,002,923 | ---- | M] () -- C:\Users\Public\Desktop\Nero StartSmart 10.lnk
[2012.12.20 08:08:09 | 000,002,843 | ---- | M] () -- C:\Users\Public\Desktop\Nero Burning ROM 10.lnk
[2012.12.20 08:07:57 | 000,002,274 | ---- | M] () -- C:\Users\Public\Desktop\Nero Blu-ray Player.lnk
[2012.12.16 18:11:22 | 000,046,080 | ---- | M] (Adobe Systems) -- C:\windows\SysNative\atmlib.dll
[2012.12.16 15:45:03 | 000,367,616 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysNative\atmfd.dll
[2012.12.16 15:13:28 | 000,295,424 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\atmfd.dll
[2012.12.16 15:13:20 | 000,034,304 | ---- | M] (Adobe Systems) -- C:\windows\SysWow64\atmlib.dll
[2012.12.13 20:27:12 | 000,002,378 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012.12.12 17:52:32 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerApp.exe
[2012.12.12 17:52:32 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
[2012.12.09 18:47:38 | 000,002,517 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[1 C:\windows\SysNative\*.tmp files -> C:\windows\SysNative\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.01.04 07:42:15 | 000,000,000 | ---- | C] () -- C:\Users\RMSpanier\defogger_reenable
[2012.12.27 12:27:13 | 000,001,787 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012.12.25 16:47:56 | 000,001,309 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk
[2012.12.21 10:44:54 | 000,002,113 | ---- | C] () -- C:\Users\Public\Desktop\Nero Kwik Media.lnk
[2012.12.20 08:07:57 | 000,002,274 | ---- | C] () -- C:\Users\Public\Desktop\Nero Blu-ray Player.lnk
[2012.12.08 19:26:06 | 000,000,580 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SaalDesignSoftware.lnk
[2012.09.15 14:15:11 | 000,000,034 | ---- | C] () -- C:\windows\cdplayer.ini
[2012.07.01 20:23:11 | 000,003,584 | ---- | C] () -- C:\Users\RMSpanier\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.05.04 23:46:18 | 000,003,273 | ---- | C] () -- C:\windows\scenelib24.ini
[2012.04.25 08:15:43 | 000,000,000 | ---- | C] () -- C:\windows\ativpsrm.bin
[2012.01.18 05:44:00 | 010,920,984 | ---- | C] () -- C:\windows\SysWow64\LogiDPP.dll
[2012.01.18 05:44:00 | 000,336,408 | ---- | C] () -- C:\windows\SysWow64\DevManagerCore.dll
[2012.01.18 05:44:00 | 000,104,472 | ---- | C] () -- C:\windows\SysWow64\LogiDPPApp.exe
[2011.12.06 01:04:42 | 000,014,464 | ---- | C] () -- C:\windows\SysWow64\drivers\AsUpIO.sys
[2011.12.06 01:03:51 | 000,013,440 | ---- | C] () -- C:\windows\SysWow64\drivers\AsIO.sys
[2011.12.06 01:03:46 | 000,221,184 | ---- | C] () -- C:\windows\SysWow64\drivers\ServiceHelp.dll
[2011.12.06 01:03:46 | 000,011,832 | ---- | C] () -- C:\windows\SysWow64\drivers\AsInsHelp64.sys
[2011.12.06 01:03:46 | 000,010,216 | ---- | C] () -- C:\windows\SysWow64\drivers\AsInsHelp32.sys
[2011.12.06 00:52:24 | 000,014,223 | ---- | C] () -- C:\windows\Ascd_log.ini
[2011.12.06 00:52:18 | 000,001,769 | ---- | C] () -- C:\windows\Language_trs.ini
[2011.12.06 00:52:17 | 000,010,296 | ---- | C] () -- C:\windows\SysWow64\drivers\ASUSHWIO.SYS
[2011.12.06 00:52:17 | 000,008,437 | ---- | C] () -- C:\windows\Ascd_tmp.ini
[2011.12.06 00:23:37 | 000,963,116 | ---- | C] () -- C:\windows\SysWow64\igkrng600.bin
[2011.12.06 00:23:36 | 000,216,876 | ---- | C] () -- C:\windows\SysWow64\igfcg600m.bin
[2011.12.06 00:23:35 | 000,145,804 | ---- | C] () -- C:\windows\SysWow64\igcompkrng600.bin
[2011.11.22 21:54:30 | 000,003,949 | ---- | C] () -- C:\windows\SysWow64\atipblag.dat
[2011.03.09 21:59:14 | 000,059,904 | ---- | C] () -- C:\windows\SysWow64\OVDecode.dll
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >
         
--- --- ---


Es wurde nur ein Logfile angezeigt?

Gruß

Mario

Alt 06.01.2013, 12:30   #8
Larusso
/// Selecta Jahrusso
 
Nach google Suche und Auswahl eines Suchergebnisses, Weiterleitung an nicht ausgewählte Internetseite - Standard

Nach google Suche und Auswahl eines Suchergebnisses, Weiterleitung an nicht ausgewählte Internetseite



  • Starte bitte die OTL.exe.
  • Kopiere nun den Inhalt aus der Codebox in die Textbox.
Code:
ATTFilter
:otl
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = ChatZum Search
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.chatzum.com/?q={searchTerms}
IE - HKU\S-1-5-21-416205249-2969329114-3541441675-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.chatzum.com/?q={searchTerms}
IE - HKU\S-1-5-21-416205249-2969329114-3541441675-1001\..\SearchScopes\{57D278C4-2CCD-45D8-ACF0-3BEBF36FA132}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=&apn_dtid=OSJ000&apn_uid=20A2A3BB-56DD-4FAF-A27D-1A1856C6C0A9&apn_sauid=FFCC82E2-6AD2-4E41-945F-B70EDD6EB208
IE - HKU\S-1-5-21-416205249-2969329114-3541441675-1001\..\SearchScopes\{96bd48dd-741b-41ae-ac4a-aff96ba00f7e}: "URL" = hxxp://search.chatzum.com/?q={SearchTerms}
IE - HKU\S-1-5-21-416205249-2969329114-3541441675-1001\..\SearchScopes\{DB0ED2EF-88F0-40AE-B338-3CC910137C19}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3242337
IE - HKU\S-1-5-21-416205249-2969329114-3541441675-1001\..\SearchScopes,DefaultScope = {96bd48dd-741b-41ae-ac4a-aff96ba00f7e}
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-416205249-2969329114-3541441675-1001\..\Toolbar\WebBrowser: (no name) - {213C8ED6-1D78-4D8F-8729-25006AA86A76} - No CLSID value found.
O3 - HKU\S-1-5-21-416205249-2969329114-3541441675-1001\..\Toolbar\WebBrowser: (no name) - {ADCA5064-9E30-43FE-9856-58B07A3149FE} - No CLSID value found.
O3 - HKU\S-1-5-21-416205249-2969329114-3541441675-1001\..\Toolbar\WebBrowser: (no name) - {EBD898F8-FCF6-4694-BC3B-EABC7271EEB1} - No CLSID value found.
O3 - HKU\S-1-5-21-416205249-2969329114-3541441675-1001\..\Toolbar\WebBrowser: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - No CLSID value found.
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
:commands
[emptytemp]
         
  • Schliesse bitte nun alle Programme.
  • Klicke nun bitte auf den Fix Button.
  • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
  • Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
    ( Auch zu finden unter C:\_OTL\MovedFiles\<time_date>.txt )
    Kopiere nun den Inhalt hier in Deinen Thread




ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

__________________
mfg, Daniel

ASAP & UNITE Member
Alliance of Security Analysis Professionals
Unified Network of Instructors and Trusted Eliminators

Lerne, zurück zu schlagen und unterstütze uns!
TB Akademie

Alt 06.01.2013, 16:56   #9
RMSpanier
 
Nach google Suche und Auswahl eines Suchergebnisses, Weiterleitung an nicht ausgewählte Internetseite - Standard

Nach google Suche und Auswahl eines Suchergebnisses, Weiterleitung an nicht ausgewählte Internetseite



Hallo,
wie kann ich die Texte aus der Codebox in die Textbox kopieren? Ich rufe die Textbox auf, kopiere die Texte, kann aber weder ALT C noch über Einfügen den Text eingeben - Einfügen wird mir nicht angeboten.
MFG
Mario

Alt 06.01.2013, 17:08   #10
Larusso
/// Selecta Jahrusso
 
Nach google Suche und Auswahl eines Suchergebnisses, Weiterleitung an nicht ausgewählte Internetseite - Standard

Nach google Suche und Auswahl eines Suchergebnisses, Weiterleitung an nicht ausgewählte Internetseite



Strg + V ist einfügen.
__________________
mfg, Daniel

ASAP & UNITE Member
Alliance of Security Analysis Professionals
Unified Network of Instructors and Trusted Eliminators

Lerne, zurück zu schlagen und unterstütze uns!
TB Akademie

Alt 06.01.2013, 17:48   #11
RMSpanier
 
Nach google Suche und Auswahl eines Suchergebnisses, Weiterleitung an nicht ausgewählte Internetseite - Standard

Nach google Suche und Auswahl eines Suchergebnisses, Weiterleitung an nicht ausgewählte Internetseite



Habe ich auch gemacht
MFG

Alt 06.01.2013, 18:29   #12
Larusso
/// Selecta Jahrusso
 
Nach google Suche und Auswahl eines Suchergebnisses, Weiterleitung an nicht ausgewählte Internetseite - Standard

Nach google Suche und Auswahl eines Suchergebnisses, Weiterleitung an nicht ausgewählte Internetseite



Ja, wo ist die Logfile ?
__________________
mfg, Daniel

ASAP & UNITE Member
Alliance of Security Analysis Professionals
Unified Network of Instructors and Trusted Eliminators

Lerne, zurück zu schlagen und unterstütze uns!
TB Akademie

Alt 07.01.2013, 16:48   #13
RMSpanier
 
Nach google Suche und Auswahl eines Suchergebnisses, Weiterleitung an nicht ausgewählte Internetseite - Standard

Nach google Suche und Auswahl eines Suchergebnisses, Weiterleitung an nicht ausgewählte Internetseite



Hallo, wie geschrieben ich bekomme den Logfile nicht in das Feld copiert.
Deshalb hier OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 06.01.2013 10:00:33 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\RMSpanier\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,98 Gb Total Physical Memory | 6,49 Gb Available Physical Memory | 81,25% Memory free
15,96 Gb Paging File | 13,35 Gb Available in Paging File | 83,63% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 100,56 Gb Total Space | 34,73 Gb Free Space | 34,53% Space Free | Partition Type: NTFS
Drive D: | 100,00 Mb Total Space | 76,24 Mb Free Space | 76,24% Space Free | Partition Type: NTFS
Drive E: | 372,60 Gb Total Space | 370,89 Gb Free Space | 99,54% Space Free | Partition Type: NTFS
Drive F: | 540,23 Gb Total Space | 70,23 Gb Free Space | 13,00% Space Free | Partition Type: NTFS
 
Computer Name: ARBEITSZIMMER | User Name: RMSpanier | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\RMSpanier\Downloads\OTL (1).exe (OldTimer Tools)
PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_135_ActiveX.exe (Adobe Systems Incorporated)
PRC - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe (Sony Corporation)
PRC - C:\Program Files (x86)\StarMoney 8.0\ouservice\StarMoneyOnlineUpdate.exe (Star Finanz - Software Entwicklung und Vertriebs GmbH)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.)
PRC - C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG)
PRC - E:\Elements 10 Organizer\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\McAfee Security Scan\3.0.207\SSScheduler.exe (McAfee, Inc.)
PRC - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\ASUS\AXSP\1.00.14\atkexComSvc.exe ()
PRC - C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe (ASUSTeK Computer Inc.)
PRC - C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe (Nero AG)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\ASUS\AI Suite II\EPU\EPUHelp.exe (ASUSTeK Computer Inc.)
PRC - C:\Program Files (x86)\devolo\dlan\devolonetsvc.exe (devolo AG)
PRC - C:\Program Files (x86)\ASUS\AAHM\1.00.14\aaHMSvc.exe ()
PRC - C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe (ASUSTeK Computer Inc.)
PRC - C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe (ASUSTek Computer Inc.)
PRC - C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe ()
PRC - C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe (ASUSTeK Computer Inc.)
PRC - C:\Program Files (x86)\ASUS\AI Manager\AsShellApplication.exe (ASUSTeK Computer Inc.)
PRC - C:\Windows\SysWOW64\AsHookDevice.exe (ASUSTeK Computer Inc.)
PRC - C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe ()
PRC - C:\Program Files (x86)\Common Files\DATA BECKER Shared\DBService.exe (DATA BECKER GmbH & Co KG)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\a7af6a2b1a809662ad31c6bca114d88b\IAStorUtil.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\901d686db31834a2b3612d5060e24348\IAStorCommon.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\413288993ff690e8251d2dbe32bee01f\System.Runtime.Remoting.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d040079bc7148afeca03c5abb6fc3c61\System.Windows.Forms.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\4e80768a2d88c7a333e43cbb7a6c0705\System.Drawing.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\b311b783e1efaa9527f4c2c9680c44d1\WindowsBase.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\25e672ea505e50ab058258ac72a54f02\System.Xml.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c64ca3678261c8ffcd9e7efd1af6ed54\System.Configuration.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System\9dd758ac0bf7358ac6e4720610fcc63c\System.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\187d7c66735c533de851c76384f86912\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\fsk.dll ()
MOD - C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\readerAppHelper.dll ()
MOD - C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\USBDetector.dll ()
MOD - C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskNetInterface.dll ()
MOD - C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskPower.dll ()
MOD - C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskinLocalize.dll ()
MOD - C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskTimeHardware.dll ()
MOD - C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ticket.dll ()
MOD - C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ebookDeviceNotifier.dll ()
MOD - C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskDocumentViewer.dll ()
MOD - C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskMobileMediaDevice.dll ()
MOD - C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\Fskin.dll ()
MOD - C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskMediaPlayers.dll ()
MOD - C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskSecurity.dll ()
MOD - C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ebookUsb.dll ()
MOD - C:\windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL ()
MOD - C:\PROGRA~2\MICROS~1\Office12\ADDINS\UMOUTL~1.DLL ()
MOD - C:\Program Files (x86)\ASUS\AI Suite II\Sensor\Sensor.dll ()
MOD - C:\Program Files (x86)\ASUS\AI Suite II\BarGadget\BarGadget.dll ()
MOD - C:\Program Files (x86)\ASUS\AI Suite II\MyLogo\MyLogo.dll ()
MOD - C:\Program Files (x86)\ASUS\AI Suite II\ASUS Update\Update.dll ()
MOD - C:\Program Files (x86)\ASUS\AI Suite II\Sensor Graph\SensorGraph.dll ()
MOD - C:\Program Files (x86)\ASUS\AI Suite II\AssistFunc.dll ()
MOD - C:\Program Files (x86)\ASUS\AI Suite II\AI Charger+\AIChargerPlus.dll ()
MOD - C:\Program Files (x86)\ASUS\AI Suite II\Settings\Settings.dll ()
MOD - C:\Program Files (x86)\ASUS\AI Suite II\Probe_II\ProbeII.dll ()
MOD - C:\Program Files (x86)\ASUS\AAHM\1.00.14\aaHMLib.dll ()
MOD - C:\Program Files (x86)\ASUS\AI Suite II\TabGadget\TabGadget.dll ()
MOD - C:\Program Files (x86)\ASUS\AI Suite II\Splitter\Splitter.dll ()
MOD - C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\ImageHelper.dll ()
MOD - C:\Program Files (x86)\ASUS\AI Suite II\ImageHelper.dll ()
MOD - C:\Program Files (x86)\ASUS\AI Suite II\pngio.dll ()
MOD - C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe ()
MOD - C:\windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll ()
MOD - C:\PROGRA~2\MICROS~1\Office12\ADDINS\COLLEA~1.DLL ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (LBTServ) -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (Skype C2C Service) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (StarMoney 8.0 OnlineUpdate) -- C:\Program Files (x86)\StarMoney 8.0\ouservice\StarMoneyOnlineUpdate.exe (Star Finanz - Software Entwicklung und Vertriebs GmbH)
SRV - (Sony SCSI Helper Service) -- C:\Program Files (x86)\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe (Sony Corporation)
SRV - (AntiVirWebService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira Operations GmbH & Co. KG)
SRV - (AntiVirMailService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (UMVPFSrv) -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.)
SRV - (NAUpdate) -- C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG)
SRV - (AdobeActiveFileMonitor10.0) -- E:\Elements 10 Organizer\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated)
SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (McComponentHostService) -- C:\Program Files (x86)\McAfee Security Scan\3.0.207\McCHSvc.exe (McAfee, Inc.)
SRV - (asComSvc) -- C:\Program Files (x86)\ASUS\AXSP\1.00.14\atkexComSvc.exe ()
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (DevoloNetworkService) -- C:\Program Files (x86)\devolo\dlan\devolonetsvc.exe (devolo AG)
SRV - (asHmComSvc) -- C:\Program Files (x86)\ASUS\AAHM\1.00.14\aaHMSvc.exe ()
SRV - (AsSysCtrlService) -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe ()
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (Device Handle Service) -- C:\Windows\SysWOW64\AsHookDevice.exe (ASUSTeK Computer Inc.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (DBService) -- C:\Program Files (x86)\Common Files\DATA BECKER Shared\DBService.exe (DATA BECKER GmbH & Co KG)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH)
DRV:64bit: - (Fs_Rec) -- C:\windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (LVUVC64) -- C:\Windows\SysNative\drivers\lvuvc64.sys (Logitech Inc.)
DRV:64bit: - (LVRS64) -- C:\Windows\SysNative\drivers\lvrs64.sys (Logitech Inc.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (asmtxhci) -- C:\Windows\SysNative\drivers\asmtxhci.sys (ASMedia Technology Inc)
DRV:64bit: - (asmthub3) -- C:\Windows\SysNative\drivers\asmthub3.sys (ASMedia Technology Inc)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (netr28x) -- C:\Windows\SysNative\drivers\netr28x.sys (Ralink Technology, Corp.)
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices)
DRV:64bit: - (asahci64) -- C:\Windows\SysNative\drivers\asahci64.sys (Asmedia Technology)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (Renesas Electronics Corporation)
DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (Renesas Electronics Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (AiChargerPlus) -- C:\Windows\SysNative\drivers\AiChargerPlus.sys (ASUSTek Computer Inc.)
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation)
DRV:64bit: - (mv91xx) -- C:\Windows\SysNative\drivers\mv91xx.sys (Marvell Semiconductor, Inc.)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (acedrv11) -- C:\Windows\SysNative\drivers\acedrv11.sys (Protect Software GmbH)
DRV:64bit: - (RtNdPt60) -- C:\Windows\SysNative\drivers\RtNdPt60.sys (Realtek                                            )
DRV:64bit: - (TEAM) -- C:\Windows\SysNative\drivers\RtTeam60.sys (Realtek Corporation)
DRV:64bit: - (RTTEAMPT) -- C:\Windows\SysNative\drivers\RtTeam60.sys (Realtek Corporation)
DRV:64bit: - (VLAN) -- C:\Windows\SysNative\drivers\RtVlan60.sys (Windows (R) Codename Longhorn DDK provider)
DRV:64bit: - (RTVLANPT) -- C:\Windows\SysNative\drivers\RtVlan60.sys (Windows (R) Codename Longhorn DDK provider)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (WSDPrintDevice) -- C:\Windows\SysNative\drivers\WSDPrint.sys (Microsoft Corporation)
DRV:64bit: - (StillCam) -- C:\Windows\SysNative\drivers\serscan.sys (Microsoft Corporation)
DRV:64bit: - (LMouFilt) -- C:\Windows\SysNative\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV:64bit: - (LHidFilt) -- C:\Windows\SysNative\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV:64bit: - (LHidEqd) -- C:\Windows\SysNative\drivers\LHidEqd.sys (Logitech, Inc.)
DRV:64bit: - (LEqdUsb) -- C:\Windows\SysNative\drivers\LEqdUsb.sys (Logitech, Inc.)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (RimUsb) -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys (Research In Motion Limited)
DRV - (NPF_devolo) -- C:\Windows\SysWOW64\drivers\npf_devolo.sys (CACE Technologies)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (ASInsHelp) -- C:\Windows\SysWOW64\drivers\AsInsHelp64.sys ()
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = ChatZum Search
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.chatzum.com/?q={searchTerms}
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-416205249-2969329114-3541441675-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN Deutschland: Hotmail, Skype Download und Messenger sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN
IE - HKU\S-1-5-21-416205249-2969329114-3541441675-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = 
IE - HKU\S-1-5-21-416205249-2969329114-3541441675-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = 
IE - HKU\S-1-5-21-416205249-2969329114-3541441675-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google
IE - HKU\S-1-5-21-416205249-2969329114-3541441675-1001\..\URLSearchHook: {213c8ed6-1d78-4d8f-8729-25006aa86a76} - No CLSID value found
IE - HKU\S-1-5-21-416205249-2969329114-3541441675-1001\..\URLSearchHook: {adca5064-9e30-43fe-9856-58b07a3149fe} - No CLSID value found
IE - HKU\S-1-5-21-416205249-2969329114-3541441675-1001\..\URLSearchHook: {ebd898f8-fcf6-4694-bc3b-eabc7271eeb1} - No CLSID value found
IE - HKU\S-1-5-21-416205249-2969329114-3541441675-1001\..\SearchScopes,DefaultScope = {96bd48dd-741b-41ae-ac4a-aff96ba00f7e}
IE - HKU\S-1-5-21-416205249-2969329114-3541441675-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.chatzum.com/?q={searchTerms}
IE - HKU\S-1-5-21-416205249-2969329114-3541441675-1001\..\SearchScopes\{57D278C4-2CCD-45D8-ACF0-3BEBF36FA132}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=&apn_dtid=OSJ000&apn_uid=20A2A3BB-56DD-4FAF-A27D-1A1856C6C0A9&apn_sauid=FFCC82E2-6AD2-4E41-945F-B70EDD6EB208
IE - HKU\S-1-5-21-416205249-2969329114-3541441675-1001\..\SearchScopes\{96bd48dd-741b-41ae-ac4a-aff96ba00f7e}: "URL" = hxxp://search.chatzum.com/?q={SearchTerms}
IE - HKU\S-1-5-21-416205249-2969329114-3541441675-1001\..\SearchScopes\{DB0ED2EF-88F0-40AE-B338-3CC910137C19}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3242337
IE - HKU\S-1-5-21-416205249-2969329114-3541441675-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-416205249-2969329114-3541441675-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_5_502_135.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: E:\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Nero.com/KM: C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)
FF - HKLM\Software\MozillaPlugins\@rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5: C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll (RocketLife, LLP)
FF - HKLM\Software\MozillaPlugins\@sony.com/ReaderDesktop: C:\Program Files (x86)\Sony\ReaderDesktop\npreaderdetectmoz.dll (Sony Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@protectdisc.com/NPPDLicenseHelper: C:\Users\RMSpanier\AppData\Roaming\ProtectDisc\License Helper v2\NPPDLicenseHelper.dll ( )
 
 
 
========== Chrome  ==========
 
CHR - homepage: Google
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR - homepage: Google
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Nero Kwik Media Helper (Enabled) = C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
CHR - plugin: Reader Application Detector (Enabled) = C:\Program Files (x86)\Sony\ReaderDesktop\npreaderdetectmoz.dll
CHR - plugin: Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: RocketLife Secure Plug-In Layer (Enabled) = C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll
CHR - plugin: Protect Disc License Acquisition Plugin (Enabled) = C:\Users\RMSpanier\AppData\Roaming\ProtectDisc\License Helper v2\NPPDLicenseHelper.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll
CHR - plugin: Java Deployment Toolkit 7.0.70.11 (Enabled) = C:\windows\SysWOW64\npDeployJava1.dll
CHR - plugin: Java(TM) Platform SE 7 U7 (Enabled) = E:\bin\plugin2\npjp2.dll
CHR - Extension: Google Drive = C:\Users\RMSpanier\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\RMSpanier\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google-Suche = C:\Users\RMSpanier\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Google Mail = C:\Users\RMSpanier\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - E:\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-416205249-2969329114-3541441675-1001\..\Toolbar\WebBrowser: (no name) - {213C8ED6-1D78-4D8F-8729-25006AA86A76} - No CLSID value found.
O3 - HKU\S-1-5-21-416205249-2969329114-3541441675-1001\..\Toolbar\WebBrowser: (no name) - {ADCA5064-9E30-43FE-9856-58B07A3149FE} - No CLSID value found.
O3 - HKU\S-1-5-21-416205249-2969329114-3541441675-1001\..\Toolbar\WebBrowser: (no name) - {EBD898F8-FCF6-4694-BC3B-EABC7271EEB1} - No CLSID value found.
O3 - HKU\S-1-5-21-416205249-2969329114-3541441675-1001\..\Toolbar\WebBrowser: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - No CLSID value found.
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\windows\KHALMNPR.Exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [Logitech Download Assistant] C:\windows\SysNative\LogiLDA.dll (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ASUS AiChargerPlus Execute] C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [ASUSWebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.104.216\AsusWSPanel.exe (ecareme)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [NBAgent] C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe (Nero AG)
O4 - HKLM..\Run: [Reader Application Helper] C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe (Sony Corporation)
O4 - HKLM..\Run: [RunAIShell] C:\Program Files (x86)\ASUS\AI Manager\AsShellApplication.exe (ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-416205249-2969329114-3541441675-1001..\Run: [NWZA] rundll32 ",Teul File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-416205249-2969329114-3541441675-1001..\RunOnce: [Uninstall C:\Users\RMSpanier\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64] C:\windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\RMSpanier\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64" File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000015 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F6924DAA-24EA-426A-A941-772F6C63D57A}: DhcpNameServer = 192.168.2.1 192.168.2.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005.04.12 14:00:29 | 000,000,386 | ---- | M] () - E:\Auto.Nam -- [ NTFS ]
O33 - MountPoints2\J\Shell - "" = AutoRun
O33 - MountPoints2\J\Shell\AutoRun\command - "" = C:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL J:\index.htm
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.01.04 07:33:49 | 000,000,000 | ---D | C] -- C:\windows\temp
[2013.01.02 09:00:43 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1986-12.com.adobe
[2012.12.27 12:27:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012.12.27 12:27:06 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012.12.27 12:27:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2012.12.27 12:27:06 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012.12.27 12:27:06 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2012.12.25 16:48:13 | 000,000,000 | ---D | C] -- C:\windows\de
[2012.12.25 16:48:01 | 000,000,000 | ---D | C] -- C:\windows\en
[2012.12.25 16:48:00 | 000,000,000 | ---D | C] -- C:\windows\es
[2012.12.25 16:47:58 | 000,000,000 | ---D | C] -- C:\windows\fr
[2012.12.25 16:47:57 | 000,000,000 | ---D | C] -- C:\windows\nl
[2012.12.25 16:47:12 | 002,526,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\D3DCompiler_43.dll
[2012.12.25 16:47:12 | 000,527,192 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\XAudio2_7.dll
[2012.12.25 16:47:12 | 000,518,488 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\XAudio2_7.dll
[2012.12.25 16:47:12 | 000,276,832 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3dx11_43.dll
[2012.12.25 16:47:12 | 000,077,656 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\XAPOFX1_5.dll
[2012.12.25 16:47:12 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\XAPOFX1_5.dll
[2012.12.22 03:00:23 | 000,367,616 | ---- | C] (Adobe Systems Incorporated) -- C:\windows\SysNative\atmfd.dll
[2012.12.22 03:00:23 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- C:\windows\SysWow64\atmfd.dll
[2012.12.22 03:00:23 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\windows\SysNative\atmlib.dll
[2012.12.22 03:00:23 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\windows\SysWow64\atmlib.dll
[2012.12.21 10:40:54 | 002,106,216 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\D3DCompiler_43.dll
[2012.12.21 10:40:54 | 001,998,168 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\D3DX9_43.dll
[2012.12.21 10:40:54 | 001,868,128 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3dcsx_43.dll
[2012.12.21 10:40:54 | 000,470,880 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3dx10_43.dll
[2012.12.21 10:40:54 | 000,248,672 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3dx11_43.dll
[2012.12.13 03:00:38 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieui.dll
[2012.12.13 03:00:38 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieui.dll
[2012.12.13 03:00:38 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieUnatt.exe
[2012.12.13 03:00:38 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mshtmled.dll
[2012.12.13 03:00:38 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmled.dll
[2012.12.13 03:00:37 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript9.dll
[2012.12.13 03:00:37 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\inetcpl.cpl
[2012.12.13 03:00:37 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\inetcpl.cpl
[2012.12.13 03:00:37 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msfeeds.dll
[2012.12.13 03:00:37 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\url.dll
[2012.12.13 03:00:37 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\url.dll
[2012.12.13 03:00:37 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieUnatt.exe
[2012.12.13 03:00:36 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript.dll
[2012.12.13 03:00:36 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\jscript.dll
[2012.12.13 03:00:36 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\vbscript.dll
[2012.12.12 16:57:34 | 000,424,960 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\KernelBase.dll
[2012.12.12 16:57:33 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\kernel32.dll
[2012.12.12 16:57:33 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\conhost.exe
[2012.12.12 16:57:33 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\winsrv.dll
[2012.12.12 16:57:32 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wow64win.dll
[2012.12.12 16:57:32 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wow64.dll
[2012.12.12 16:57:32 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\setup16.exe
[2012.12.12 16:57:32 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ntvdm64.dll
[2012.12.12 16:57:32 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntvdm64.dll
[2012.12.12 16:57:32 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wow64cpu.dll
[2012.12.12 16:57:32 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\instnm.exe
[2012.12.12 16:57:32 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2012.12.12 16:57:32 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2012.12.12 16:57:32 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2012.12.12 16:57:32 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wow32.dll
[2012.12.12 16:57:32 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2012.12.12 16:57:32 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2012.12.12 16:57:32 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2012.12.12 16:57:32 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2012.12.12 16:57:32 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2012.12.12 16:57:32 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2012.12.12 16:57:32 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012.12.12 16:57:32 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2012.12.12 16:57:32 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2012.12.12 16:57:32 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2012.12.12 16:57:32 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2012.12.12 16:57:32 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2012.12.12 16:57:32 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2012.12.12 16:57:32 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2012.12.12 16:57:32 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012.12.12 16:57:32 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2012.12.12 16:57:32 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2012.12.12 16:57:31 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2012.12.12 16:57:31 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2012.12.12 16:57:31 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2012.12.12 16:57:31 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2012.12.12 16:57:31 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2012.12.12 16:57:31 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2012.12.12 16:57:31 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2012.12.12 16:57:31 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2012.12.12 16:57:31 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2012.12.12 16:57:31 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2012.12.12 16:57:31 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2012.12.12 16:57:31 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2012.12.12 16:57:31 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2012.12.12 16:57:31 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2012.12.12 16:57:31 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.12.12 16:57:31 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.12.12 16:57:31 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2012.12.12 16:57:31 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2012.12.12 16:57:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2012.12.12 16:57:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2012.12.12 16:57:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2012.12.12 16:57:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2012.12.12 16:57:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2012.12.12 16:57:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2012.12.12 16:57:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2012.12.12 16:57:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2012.12.12 16:57:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2012.12.12 16:57:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2012.12.12 16:57:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2012.12.12 16:57:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2012.12.12 16:57:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2012.12.12 16:57:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2012.12.12 16:57:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2012.12.12 16:57:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2012.12.12 16:57:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2012.12.12 16:57:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2012.12.12 16:57:31 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\user.exe
[2012.12.12 16:57:28 | 000,478,208 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dpnet.dll
[2012.12.12 16:57:28 | 000,376,832 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\dpnet.dll
[2012.12.10 22:21:56 | 000,000,000 | R--D | C] -- C:\Users\RMSpanier\Documents\Scanned Documents
[2012.12.10 22:21:56 | 000,000,000 | ---D | C] -- C:\Users\RMSpanier\Documents\Fax
[2012.12.09 18:47:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012.12.09 18:47:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2012.12.08 19:26:07 | 000,000,000 | ---D | C] -- C:\Users\RMSpanier\AppData\Roaming\SaalDesignSoftware
[1 C:\windows\SysNative\*.tmp files -> C:\windows\SysNative\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.01.06 09:55:30 | 000,000,346 | ---- | M] () -- C:\windows\tasks\HP Photo Creations Communicator.job
[2013.01.06 09:52:00 | 000,000,884 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2013.01.06 09:41:23 | 000,001,116 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.01.06 09:41:20 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2013.01.05 19:06:13 | 000,001,112 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.01.04 17:31:31 | 000,016,752 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.01.04 17:31:31 | 000,016,752 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.01.04 17:31:15 | 001,529,266 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2013.01.04 17:31:15 | 000,665,340 | ---- | M] () -- C:\windows\SysNative\perfh007.dat
[2013.01.04 17:31:15 | 000,627,222 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2013.01.04 17:31:15 | 000,133,552 | ---- | M] () -- C:\windows\SysNative\perfc007.dat
[2013.01.04 17:31:15 | 000,109,942 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2013.01.04 17:24:16 | 2133,557,247 | -HS- | M] () -- C:\hiberfil.sys
[2013.01.04 07:42:15 | 000,000,000 | ---- | M] () -- C:\Users\RMSpanier\defogger_reenable
[2012.12.27 12:27:13 | 000,001,787 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012.12.26 18:40:38 | 000,000,000 | ---- | M] () -- C:\windows\SysNative\drivers\lvuvc.hs
[2012.12.22 03:16:06 | 000,423,176 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2012.12.21 10:44:54 | 000,002,113 | ---- | M] () -- C:\Users\Public\Desktop\Nero Kwik Media.lnk
[2012.12.20 08:09:28 | 000,003,133 | ---- | M] () -- C:\Users\Public\Desktop\Nero BackItUp 10.lnk
[2012.12.20 08:09:06 | 000,002,987 | ---- | M] () -- C:\Users\Public\Desktop\Nero Vision 10.lnk
[2012.12.20 08:08:50 | 000,002,923 | ---- | M] () -- C:\Users\Public\Desktop\Nero StartSmart 10.lnk
[2012.12.20 08:08:09 | 000,002,843 | ---- | M] () -- C:\Users\Public\Desktop\Nero Burning ROM 10.lnk
[2012.12.20 08:07:57 | 000,002,274 | ---- | M] () -- C:\Users\Public\Desktop\Nero Blu-ray Player.lnk
[2012.12.16 18:11:22 | 000,046,080 | ---- | M] (Adobe Systems) -- C:\windows\SysNative\atmlib.dll
[2012.12.16 15:45:03 | 000,367,616 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysNative\atmfd.dll
[2012.12.16 15:13:28 | 000,295,424 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\atmfd.dll
[2012.12.16 15:13:20 | 000,034,304 | ---- | M] (Adobe Systems) -- C:\windows\SysWow64\atmlib.dll
[2012.12.13 20:27:12 | 000,002,378 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012.12.12 17:52:32 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerApp.exe
[2012.12.12 17:52:32 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
[2012.12.09 18:47:38 | 000,002,517 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[1 C:\windows\SysNative\*.tmp files -> C:\windows\SysNative\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.01.04 07:42:15 | 000,000,000 | ---- | C] () -- C:\Users\RMSpanier\defogger_reenable
[2012.12.27 12:27:13 | 000,001,787 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012.12.25 16:47:56 | 000,001,309 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk
[2012.12.21 10:44:54 | 000,002,113 | ---- | C] () -- C:\Users\Public\Desktop\Nero Kwik Media.lnk
[2012.12.20 08:07:57 | 000,002,274 | ---- | C] () -- C:\Users\Public\Desktop\Nero Blu-ray Player.lnk
[2012.12.08 19:26:06 | 000,000,580 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SaalDesignSoftware.lnk
[2012.09.15 14:15:11 | 000,000,034 | ---- | C] () -- C:\windows\cdplayer.ini
[2012.07.01 20:23:11 | 000,003,584 | ---- | C] () -- C:\Users\RMSpanier\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.05.04 23:46:18 | 000,003,273 | ---- | C] () -- C:\windows\scenelib24.ini
[2012.04.25 08:15:43 | 000,000,000 | ---- | C] () -- C:\windows\ativpsrm.bin
[2012.01.18 05:44:00 | 010,920,984 | ---- | C] () -- C:\windows\SysWow64\LogiDPP.dll
[2012.01.18 05:44:00 | 000,336,408 | ---- | C] () -- C:\windows\SysWow64\DevManagerCore.dll
[2012.01.18 05:44:00 | 000,104,472 | ---- | C] () -- C:\windows\SysWow64\LogiDPPApp.exe
[2011.12.06 01:04:42 | 000,014,464 | ---- | C] () -- C:\windows\SysWow64\drivers\AsUpIO.sys
[2011.12.06 01:03:51 | 000,013,440 | ---- | C] () -- C:\windows\SysWow64\drivers\AsIO.sys
[2011.12.06 01:03:46 | 000,221,184 | ---- | C] () -- C:\windows\SysWow64\drivers\ServiceHelp.dll
[2011.12.06 01:03:46 | 000,011,832 | ---- | C] () -- C:\windows\SysWow64\drivers\AsInsHelp64.sys
[2011.12.06 01:03:46 | 000,010,216 | ---- | C] () -- C:\windows\SysWow64\drivers\AsInsHelp32.sys
[2011.12.06 00:52:24 | 000,014,223 | ---- | C] () -- C:\windows\Ascd_log.ini
[2011.12.06 00:52:18 | 000,001,769 | ---- | C] () -- C:\windows\Language_trs.ini
[2011.12.06 00:52:17 | 000,010,296 | ---- | C] () -- C:\windows\SysWow64\drivers\ASUSHWIO.SYS
[2011.12.06 00:52:17 | 000,008,437 | ---- | C] () -- C:\windows\Ascd_tmp.ini
[2011.12.06 00:23:37 | 000,963,116 | ---- | C] () -- C:\windows\SysWow64\igkrng600.bin
[2011.12.06 00:23:36 | 000,216,876 | ---- | C] () -- C:\windows\SysWow64\igfcg600m.bin
[2011.12.06 00:23:35 | 000,145,804 | ---- | C] () -- C:\windows\SysWow64\igcompkrng600.bin
[2011.11.22 21:54:30 | 000,003,949 | ---- | C] () -- C:\windows\SysWow64\atipblag.dat
[2011.03.09 21:59:14 | 000,059,904 | ---- | C] () -- C:\windows\SysWow64\OVDecode.dll
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >
         
--- --- ---

Alt 07.01.2013, 16:49   #14
RMSpanier
 
Nach google Suche und Auswahl eines Suchergebnisses, Weiterleitung an nicht ausgewählte Internetseite - Standard

Nach google Suche und Auswahl eines Suchergebnisses, Weiterleitung an nicht ausgewählte Internetseite



OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 06.01.2013 17:41:09 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\RMSpanier\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,98 Gb Total Physical Memory | 6,58 Gb Available Physical Memory | 82,47% Memory free
15,96 Gb Paging File | 13,54 Gb Available in Paging File | 84,80% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 100,56 Gb Total Space | 34,75 Gb Free Space | 34,55% Space Free | Partition Type: NTFS
Drive D: | 100,00 Mb Total Space | 76,24 Mb Free Space | 76,24% Space Free | Partition Type: NTFS
Drive E: | 372,60 Gb Total Space | 370,89 Gb Free Space | 99,54% Space Free | Partition Type: NTFS
Drive F: | 540,23 Gb Total Space | 70,23 Gb Free Space | 13,00% Space Free | Partition Type: NTFS
 
Computer Name: ARBEITSZIMMER | User Name: RMSpanier | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\RMSpanier\Downloads\OTL (1).exe (OldTimer Tools)
PRC - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe (Sony Corporation)
PRC - C:\Program Files (x86)\StarMoney 8.0\ouservice\StarMoneyOnlineUpdate.exe (Star Finanz - Software Entwicklung und Vertriebs GmbH)
PRC - C:\ProgramData\HP Photo Creations\Communicator.exe ()
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.)
PRC - C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG)
PRC - E:\Elements 10 Organizer\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\McAfee Security Scan\3.0.207\SSScheduler.exe (McAfee, Inc.)
PRC - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\ASUS\AXSP\1.00.14\atkexComSvc.exe ()
PRC - C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe (ASUSTeK Computer Inc.)
PRC - C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe (Nero AG)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\ASUS\AI Suite II\EPU\EPUHelp.exe (ASUSTeK Computer Inc.)
PRC - C:\Program Files (x86)\devolo\dlan\devolonetsvc.exe (devolo AG)
PRC - C:\Program Files (x86)\ASUS\AAHM\1.00.14\aaHMSvc.exe ()
PRC - C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe (ASUSTeK Computer Inc.)
PRC - C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe (ASUSTek Computer Inc.)
PRC - C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe ()
PRC - C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe (ASUSTeK Computer Inc.)
PRC - C:\Program Files (x86)\ASUS\AI Manager\AsShellApplication.exe (ASUSTeK Computer Inc.)
PRC - C:\Windows\SysWOW64\AsHookDevice.exe (ASUSTeK Computer Inc.)
PRC - C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe ()
PRC - C:\Program Files (x86)\Common Files\DATA BECKER Shared\DBService.exe (DATA BECKER GmbH & Co KG)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\a7af6a2b1a809662ad31c6bca114d88b\IAStorUtil.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\901d686db31834a2b3612d5060e24348\IAStorCommon.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\413288993ff690e8251d2dbe32bee01f\System.Runtime.Remoting.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d040079bc7148afeca03c5abb6fc3c61\System.Windows.Forms.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\4e80768a2d88c7a333e43cbb7a6c0705\System.Drawing.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\b311b783e1efaa9527f4c2c9680c44d1\WindowsBase.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\25e672ea505e50ab058258ac72a54f02\System.Xml.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c64ca3678261c8ffcd9e7efd1af6ed54\System.Configuration.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System\9dd758ac0bf7358ac6e4720610fcc63c\System.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\187d7c66735c533de851c76384f86912\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\fsk.dll ()
MOD - C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\readerAppHelper.dll ()
MOD - C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\USBDetector.dll ()
MOD - C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskNetInterface.dll ()
MOD - C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskPower.dll ()
MOD - C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskinLocalize.dll ()
MOD - C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskTimeHardware.dll ()
MOD - C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ticket.dll ()
MOD - C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ebookDeviceNotifier.dll ()
MOD - C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskDocumentViewer.dll ()
MOD - C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskMobileMediaDevice.dll ()
MOD - C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\Fskin.dll ()
MOD - C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskMediaPlayers.dll ()
MOD - C:\ProgramData\HP Photo Creations\Communicator.exe ()
MOD - C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskSecurity.dll ()
MOD - C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ebookUsb.dll ()
MOD - C:\windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL ()
MOD - C:\PROGRA~2\MICROS~1\Office12\ADDINS\UMOUTL~1.DLL ()
MOD - C:\Program Files (x86)\ASUS\AI Suite II\Sensor\Sensor.dll ()
MOD - C:\Program Files (x86)\ASUS\AI Suite II\BarGadget\BarGadget.dll ()
MOD - C:\Program Files (x86)\ASUS\AI Suite II\MyLogo\MyLogo.dll ()
MOD - C:\Program Files (x86)\ASUS\AI Suite II\ASUS Update\Update.dll ()
MOD - C:\Program Files (x86)\ASUS\AI Suite II\Sensor Graph\SensorGraph.dll ()
MOD - C:\Program Files (x86)\ASUS\AI Suite II\AssistFunc.dll ()
MOD - C:\Program Files (x86)\ASUS\AI Suite II\AI Charger+\AIChargerPlus.dll ()
MOD - C:\Program Files (x86)\ASUS\AI Suite II\Settings\Settings.dll ()
MOD - C:\Program Files (x86)\ASUS\AI Suite II\Probe_II\ProbeII.dll ()
MOD - C:\Program Files (x86)\ASUS\AAHM\1.00.14\aaHMLib.dll ()
MOD - C:\Program Files (x86)\ASUS\AI Suite II\TabGadget\TabGadget.dll ()
MOD - C:\Program Files (x86)\ASUS\AI Suite II\Splitter\Splitter.dll ()
MOD - C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\ImageHelper.dll ()
MOD - C:\Program Files (x86)\ASUS\AI Suite II\ImageHelper.dll ()
MOD - C:\Program Files (x86)\ASUS\AI Suite II\pngio.dll ()
MOD - C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe ()
MOD - C:\windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll ()
MOD - C:\PROGRA~2\MICROS~1\Office12\ADDINS\COLLEA~1.DLL ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (LBTServ) -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (Skype C2C Service) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (StarMoney 8.0 OnlineUpdate) -- C:\Program Files (x86)\StarMoney 8.0\ouservice\StarMoneyOnlineUpdate.exe (Star Finanz - Software Entwicklung und Vertriebs GmbH)
SRV - (Sony SCSI Helper Service) -- C:\Program Files (x86)\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe (Sony Corporation)
SRV - (AntiVirWebService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira Operations GmbH & Co. KG)
SRV - (AntiVirMailService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (UMVPFSrv) -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.)
SRV - (NAUpdate) -- C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG)
SRV - (AdobeActiveFileMonitor10.0) -- E:\Elements 10 Organizer\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated)
SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (McComponentHostService) -- C:\Program Files (x86)\McAfee Security Scan\3.0.207\McCHSvc.exe (McAfee, Inc.)
SRV - (asComSvc) -- C:\Program Files (x86)\ASUS\AXSP\1.00.14\atkexComSvc.exe ()
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (DevoloNetworkService) -- C:\Program Files (x86)\devolo\dlan\devolonetsvc.exe (devolo AG)
SRV - (asHmComSvc) -- C:\Program Files (x86)\ASUS\AAHM\1.00.14\aaHMSvc.exe ()
SRV - (AsSysCtrlService) -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe ()
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (Device Handle Service) -- C:\Windows\SysWOW64\AsHookDevice.exe (ASUSTeK Computer Inc.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (DBService) -- C:\Program Files (x86)\Common Files\DATA BECKER Shared\DBService.exe (DATA BECKER GmbH & Co KG)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH)
DRV:64bit: - (Fs_Rec) -- C:\windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (LVUVC64) -- C:\Windows\SysNative\drivers\lvuvc64.sys (Logitech Inc.)
DRV:64bit: - (LVRS64) -- C:\Windows\SysNative\drivers\lvrs64.sys (Logitech Inc.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (asmtxhci) -- C:\Windows\SysNative\drivers\asmtxhci.sys (ASMedia Technology Inc)
DRV:64bit: - (asmthub3) -- C:\Windows\SysNative\drivers\asmthub3.sys (ASMedia Technology Inc)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (netr28x) -- C:\Windows\SysNative\drivers\netr28x.sys (Ralink Technology, Corp.)
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices)
DRV:64bit: - (asahci64) -- C:\Windows\SysNative\drivers\asahci64.sys (Asmedia Technology)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (Renesas Electronics Corporation)
DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (Renesas Electronics Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (AiChargerPlus) -- C:\Windows\SysNative\drivers\AiChargerPlus.sys (ASUSTek Computer Inc.)
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation)
DRV:64bit: - (mv91xx) -- C:\Windows\SysNative\drivers\mv91xx.sys (Marvell Semiconductor, Inc.)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (acedrv11) -- C:\Windows\SysNative\drivers\acedrv11.sys (Protect Software GmbH)
DRV:64bit: - (RtNdPt60) -- C:\Windows\SysNative\drivers\RtNdPt60.sys (Realtek                                            )
DRV:64bit: - (TEAM) -- C:\Windows\SysNative\drivers\RtTeam60.sys (Realtek Corporation)
DRV:64bit: - (RTTEAMPT) -- C:\Windows\SysNative\drivers\RtTeam60.sys (Realtek Corporation)
DRV:64bit: - (VLAN) -- C:\Windows\SysNative\drivers\RtVlan60.sys (Windows (R) Codename Longhorn DDK provider)
DRV:64bit: - (RTVLANPT) -- C:\Windows\SysNative\drivers\RtVlan60.sys (Windows (R) Codename Longhorn DDK provider)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (WSDPrintDevice) -- C:\Windows\SysNative\drivers\WSDPrint.sys (Microsoft Corporation)
DRV:64bit: - (StillCam) -- C:\Windows\SysNative\drivers\serscan.sys (Microsoft Corporation)
DRV:64bit: - (LMouFilt) -- C:\Windows\SysNative\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV:64bit: - (LHidFilt) -- C:\Windows\SysNative\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV:64bit: - (LHidEqd) -- C:\Windows\SysNative\drivers\LHidEqd.sys (Logitech, Inc.)
DRV:64bit: - (LEqdUsb) -- C:\Windows\SysNative\drivers\LEqdUsb.sys (Logitech, Inc.)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (RimUsb) -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys (Research In Motion Limited)
DRV - (NPF_devolo) -- C:\Windows\SysWOW64\drivers\npf_devolo.sys (CACE Technologies)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (ASInsHelp) -- C:\Windows\SysWOW64\drivers\AsInsHelp64.sys ()
 
 
========== Standard Registry (All) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN Deutschland: Hotmail, Skype Download und Messenger sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =  [binary data]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Bing
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = MSN Deutschland: Hotmail, Skype Download und Messenger sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN Deutschland: Hotmail, Skype Download und Messenger sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =  [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Bing
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = ChatZum Search
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.chatzum.com/?q={searchTerms}
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
 
IE - HKU\S-1-5-20\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
 
IE - HKU\S-1-5-21-416205249-2969329114-3541441675-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN Deutschland: Hotmail, Skype Download und Messenger sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN
IE - HKU\S-1-5-21-416205249-2969329114-3541441675-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
IE - HKU\S-1-5-21-416205249-2969329114-3541441675-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = 
IE - HKU\S-1-5-21-416205249-2969329114-3541441675-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = 
IE - HKU\S-1-5-21-416205249-2969329114-3541441675-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google
IE - HKU\S-1-5-21-416205249-2969329114-3541441675-1001\..\URLSearchHook: {213c8ed6-1d78-4d8f-8729-25006aa86a76} - No CLSID value found
IE - HKU\S-1-5-21-416205249-2969329114-3541441675-1001\..\URLSearchHook: {adca5064-9e30-43fe-9856-58b07a3149fe} - No CLSID value found
IE - HKU\S-1-5-21-416205249-2969329114-3541441675-1001\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
IE - HKU\S-1-5-21-416205249-2969329114-3541441675-1001\..\URLSearchHook: {ebd898f8-fcf6-4694-bc3b-eabc7271eeb1} - No CLSID value found
IE - HKU\S-1-5-21-416205249-2969329114-3541441675-1001\..\SearchScopes,DefaultScope = {96bd48dd-741b-41ae-ac4a-aff96ba00f7e}
IE - HKU\S-1-5-21-416205249-2969329114-3541441675-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.chatzum.com/?q={searchTerms}
IE - HKU\S-1-5-21-416205249-2969329114-3541441675-1001\..\SearchScopes\{57D278C4-2CCD-45D8-ACF0-3BEBF36FA132}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=&apn_dtid=OSJ000&apn_uid=20A2A3BB-56DD-4FAF-A27D-1A1856C6C0A9&apn_sauid=FFCC82E2-6AD2-4E41-945F-B70EDD6EB208
IE - HKU\S-1-5-21-416205249-2969329114-3541441675-1001\..\SearchScopes\{96bd48dd-741b-41ae-ac4a-aff96ba00f7e}: "URL" = hxxp://search.chatzum.com/?q={SearchTerms}
IE - HKU\S-1-5-21-416205249-2969329114-3541441675-1001\..\SearchScopes\{DB0ED2EF-88F0-40AE-B338-3CC910137C19}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3242337
IE - HKU\S-1-5-21-416205249-2969329114-3541441675-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-416205249-2969329114-3541441675-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_5_502_135.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: E:\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Nero.com/KM: C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)
FF - HKLM\Software\MozillaPlugins\@rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5: C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll (RocketLife, LLP)
FF - HKLM\Software\MozillaPlugins\@sony.com/ReaderDesktop: C:\Program Files (x86)\Sony\ReaderDesktop\npreaderdetectmoz.dll (Sony Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@protectdisc.com/NPPDLicenseHelper: C:\Users\RMSpanier\AppData\Roaming\ProtectDisc\License Helper v2\NPPDLicenseHelper.dll ( )
 
 
 
========== Chrome  ==========
 
CHR - homepage: Google
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR - homepage: Google
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Nero Kwik Media Helper (Enabled) = C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
CHR - plugin: Reader Application Detector (Enabled) = C:\Program Files (x86)\Sony\ReaderDesktop\npreaderdetectmoz.dll
CHR - plugin: Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: RocketLife Secure Plug-In Layer (Enabled) = C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll
CHR - plugin: Protect Disc License Acquisition Plugin (Enabled) = C:\Users\RMSpanier\AppData\Roaming\ProtectDisc\License Helper v2\NPPDLicenseHelper.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll
CHR - plugin: Java Deployment Toolkit 7.0.70.11 (Enabled) = C:\windows\SysWOW64\npDeployJava1.dll
CHR - plugin: Java(TM) Platform SE 7 U7 (Enabled) = E:\bin\plugin2\npjp2.dll
CHR - Extension: Google Drive = C:\Users\RMSpanier\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\RMSpanier\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google-Suche = C:\Users\RMSpanier\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Google Mail = C:\Users\RMSpanier\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Microsoft-Konto-Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - E:\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-416205249-2969329114-3541441675-1001\..\Toolbar\WebBrowser: (no name) - {213C8ED6-1D78-4D8F-8729-25006AA86A76} - No CLSID value found.
O3 - HKU\S-1-5-21-416205249-2969329114-3541441675-1001\..\Toolbar\WebBrowser: (no name) - {ADCA5064-9E30-43FE-9856-58B07A3149FE} - No CLSID value found.
O3 - HKU\S-1-5-21-416205249-2969329114-3541441675-1001\..\Toolbar\WebBrowser: (no name) - {EBD898F8-FCF6-4694-BC3B-EABC7271EEB1} - No CLSID value found.
O3 - HKU\S-1-5-21-416205249-2969329114-3541441675-1001\..\Toolbar\WebBrowser: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - No CLSID value found.
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\windows\KHALMNPR.Exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [Logitech Download Assistant] C:\windows\SysNative\LogiLDA.dll (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ASUS AiChargerPlus Execute] C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [ASUSWebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.104.216\AsusWSPanel.exe (ecareme)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [NBAgent] C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe (Nero AG)
O4 - HKLM..\Run: [Reader Application Helper] C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe (Sony Corporation)
O4 - HKLM..\Run: [RunAIShell] C:\Program Files (x86)\ASUS\AI Manager\AsShellApplication.exe (ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-416205249-2969329114-3541441675-1001..\Run: [NWZA] rundll32 ",Teul File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-416205249-2969329114-3541441675-1001..\RunOnce: [Uninstall C:\Users\RMSpanier\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64] C:\windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\RMSpanier\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64" File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceActiveDesktopOn = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000001 [] - C:\Windows\SysNative\nlaapi.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000002 [] - C:\Windows\SysNative\NapiNSP.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000003 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000004 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Windows\SysNative\winrnr.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000012 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000013 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000014 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000015 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysWOW64\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysWOW64\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\SysWOW64\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F6924DAA-24EA-426A-A941-772F6C63D57A}: DhcpNameServer = 192.168.2.1 192.168.2.1
O18:64bit: - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysNative\inetcomm.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysWOW64\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files (x86)\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O29:64bit: - HKLM SecurityProviders - (credssp.dll) - C:\windows\SysWow64\credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - C:\windows\SysWow64\credssp.dll (Microsoft Corporation)
O30:64bit: - LSA: Authentication Packages - (msv1_0) - C:\windows\SysNative\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (kerberos) - C:\windows\SysNative\kerberos.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (msv1_0) - C:\windows\SysNative\msv1_0.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (schannel) - C:\windows\SysNative\schannel.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (wdigest) - C:\windows\SysNative\wdigest.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (tspkg) - C:\windows\SysNative\tspkg.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (pku2u) - C:\windows\SysNative\pku2u.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (livessp) - C:\windows\SysNative\livessp.dll (Microsoft Corp.)
O30 - LSA: Security Packages - (kerberos) - C:\windows\SysWow64\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\windows\SysWow64\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\windows\SysWow64\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\windows\SysWow64\tspkg.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\windows\SysWow64\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (livessp) - C:\windows\SysWow64\livessp.dll (Microsoft Corp.)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005.04.12 14:00:29 | 000,000,386 | ---- | M] () - E:\Auto.Nam -- [ NTFS ]
O33 - MountPoints2\J\Shell - "" = AutoRun
O33 - MountPoints2\J\Shell\AutoRun\command - "" = C:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL J:\index.htm
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.01.04 07:33:49 | 000,000,000 | ---D | C] -- C:\windows\temp
[2013.01.02 09:00:43 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1986-12.com.adobe
[2012.12.27 12:27:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012.12.27 12:27:06 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012.12.27 12:27:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2012.12.27 12:27:06 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012.12.27 12:27:06 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2012.12.25 16:48:13 | 000,000,000 | ---D | C] -- C:\windows\de
[2012.12.25 16:48:01 | 000,000,000 | ---D | C] -- C:\windows\en
[2012.12.25 16:48:00 | 000,000,000 | ---D | C] -- C:\windows\es
[2012.12.25 16:47:58 | 000,000,000 | ---D | C] -- C:\windows\fr
[2012.12.25 16:47:57 | 000,000,000 | ---D | C] -- C:\windows\nl
[2012.12.25 16:47:12 | 002,526,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\D3DCompiler_43.dll
[2012.12.25 16:47:12 | 000,527,192 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\XAudio2_7.dll
[2012.12.25 16:47:12 | 000,518,488 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\XAudio2_7.dll
[2012.12.25 16:47:12 | 000,276,832 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3dx11_43.dll
[2012.12.25 16:47:12 | 000,077,656 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\XAPOFX1_5.dll
[2012.12.25 16:47:12 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\XAPOFX1_5.dll
[2012.12.22 03:00:23 | 000,367,616 | ---- | C] (Adobe Systems Incorporated) -- C:\windows\SysNative\atmfd.dll
[2012.12.22 03:00:23 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- C:\windows\SysWow64\atmfd.dll
[2012.12.22 03:00:23 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\windows\SysNative\atmlib.dll
[2012.12.22 03:00:23 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\windows\SysWow64\atmlib.dll
[2012.12.21 10:40:54 | 002,106,216 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\D3DCompiler_43.dll
[2012.12.21 10:40:54 | 001,998,168 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\D3DX9_43.dll
[2012.12.21 10:40:54 | 001,868,128 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3dcsx_43.dll
[2012.12.21 10:40:54 | 000,470,880 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3dx10_43.dll
[2012.12.21 10:40:54 | 000,248,672 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3dx11_43.dll
[2012.12.13 03:00:38 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieui.dll
[2012.12.13 03:00:38 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieui.dll
[2012.12.13 03:00:38 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieUnatt.exe
[2012.12.13 03:00:38 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mshtmled.dll
[2012.12.13 03:00:38 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmled.dll
[2012.12.13 03:00:37 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript9.dll
[2012.12.13 03:00:37 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\inetcpl.cpl
[2012.12.13 03:00:37 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\inetcpl.cpl
[2012.12.13 03:00:37 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msfeeds.dll
[2012.12.13 03:00:37 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\url.dll
[2012.12.13 03:00:37 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\url.dll
[2012.12.13 03:00:37 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieUnatt.exe
[2012.12.13 03:00:36 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript.dll
[2012.12.13 03:00:36 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\jscript.dll
[2012.12.13 03:00:36 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\vbscript.dll
[2012.12.12 16:57:34 | 000,424,960 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\KernelBase.dll
[2012.12.12 16:57:33 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\kernel32.dll
[2012.12.12 16:57:33 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\conhost.exe
[2012.12.12 16:57:33 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\winsrv.dll
[2012.12.12 16:57:32 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wow64win.dll
[2012.12.12 16:57:32 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wow64.dll
[2012.12.12 16:57:32 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\setup16.exe
[2012.12.12 16:57:32 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ntvdm64.dll
[2012.12.12 16:57:32 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntvdm64.dll
[2012.12.12 16:57:32 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wow64cpu.dll
[2012.12.12 16:57:32 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\instnm.exe
[2012.12.12 16:57:32 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2012.12.12 16:57:32 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2012.12.12 16:57:32 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2012.12.12 16:57:32 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wow32.dll
[2012.12.12 16:57:32 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2012.12.12 16:57:32 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2012.12.12 16:57:32 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2012.12.12 16:57:32 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2012.12.12 16:57:32 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2012.12.12 16:57:32 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2012.12.12 16:57:32 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012.12.12 16:57:32 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2012.12.12 16:57:32 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2012.12.12 16:57:32 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2012.12.12 16:57:32 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2012.12.12 16:57:32 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2012.12.12 16:57:32 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2012.12.12 16:57:32 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2012.12.12 16:57:32 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012.12.12 16:57:32 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2012.12.12 16:57:32 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2012.12.12 16:57:31 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2012.12.12 16:57:31 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2012.12.12 16:57:31 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2012.12.12 16:57:31 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2012.12.12 16:57:31 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2012.12.12 16:57:31 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2012.12.12 16:57:31 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2012.12.12 16:57:31 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2012.12.12 16:57:31 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2012.12.12 16:57:31 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2012.12.12 16:57:31 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2012.12.12 16:57:31 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2012.12.12 16:57:31 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2012.12.12 16:57:31 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2012.12.12 16:57:31 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.12.12 16:57:31 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.12.12 16:57:31 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2012.12.12 16:57:31 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2012.12.12 16:57:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2012.12.12 16:57:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2012.12.12 16:57:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2012.12.12 16:57:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2012.12.12 16:57:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2012.12.12 16:57:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2012.12.12 16:57:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2012.12.12 16:57:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2012.12.12 16:57:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2012.12.12 16:57:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2012.12.12 16:57:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2012.12.12 16:57:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2012.12.12 16:57:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2012.12.12 16:57:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2012.12.12 16:57:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2012.12.12 16:57:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2012.12.12 16:57:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2012.12.12 16:57:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2012.12.12 16:57:31 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\user.exe
[2012.12.12 16:57:28 | 000,478,208 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dpnet.dll
[2012.12.12 16:57:28 | 000,376,832 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\dpnet.dll
[2012.12.10 22:21:56 | 000,000,000 | R--D | C] -- C:\Users\RMSpanier\Documents\Scanned Documents
[2012.12.10 22:21:56 | 000,000,000 | ---D | C] -- C:\Users\RMSpanier\Documents\Fax
[2012.12.09 18:47:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012.12.09 18:47:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2012.12.08 19:26:07 | 000,000,000 | ---D | C] -- C:\Users\RMSpanier\AppData\Roaming\SaalDesignSoftware
[1 C:\windows\SysNative\*.tmp files -> C:\windows\SysNative\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.01.06 17:36:43 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2013.01.06 17:36:43 | 000,001,116 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.01.06 17:36:43 | 000,001,112 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.01.06 17:36:43 | 000,000,884 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2013.01.06 17:36:43 | 000,000,346 | ---- | M] () -- C:\windows\tasks\HP Photo Creations Communicator.job
[2013.01.04 17:31:31 | 000,016,752 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.01.04 17:31:31 | 000,016,752 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.01.04 17:31:15 | 001,529,266 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2013.01.04 17:31:15 | 000,665,340 | ---- | M] () -- C:\windows\SysNative\perfh007.dat
[2013.01.04 17:31:15 | 000,627,222 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2013.01.04 17:31:15 | 000,133,552 | ---- | M] () -- C:\windows\SysNative\perfc007.dat
[2013.01.04 17:31:15 | 000,109,942 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2013.01.04 17:24:16 | 2133,557,247 | -HS- | M] () -- C:\hiberfil.sys
[2013.01.04 07:42:15 | 000,000,000 | ---- | M] () -- C:\Users\RMSpanier\defogger_reenable
[2012.12.27 12:27:13 | 000,001,787 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012.12.26 18:40:38 | 000,000,000 | ---- | M] () -- C:\windows\SysNative\drivers\lvuvc.hs
[2012.12.22 03:16:06 | 000,423,176 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2012.12.21 10:44:54 | 000,002,113 | ---- | M] () -- C:\Users\Public\Desktop\Nero Kwik Media.lnk
[2012.12.20 08:09:28 | 000,003,133 | ---- | M] () -- C:\Users\Public\Desktop\Nero BackItUp 10.lnk
[2012.12.20 08:09:06 | 000,002,987 | ---- | M] () -- C:\Users\Public\Desktop\Nero Vision 10.lnk
[2012.12.20 08:08:50 | 000,002,923 | ---- | M] () -- C:\Users\Public\Desktop\Nero StartSmart 10.lnk
[2012.12.20 08:08:09 | 000,002,843 | ---- | M] () -- C:\Users\Public\Desktop\Nero Burning ROM 10.lnk
[2012.12.20 08:07:57 | 000,002,274 | ---- | M] () -- C:\Users\Public\Desktop\Nero Blu-ray Player.lnk
[2012.12.16 18:11:22 | 000,046,080 | ---- | M] (Adobe Systems) -- C:\windows\SysNative\atmlib.dll
[2012.12.16 15:45:03 | 000,367,616 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysNative\atmfd.dll
[2012.12.16 15:13:28 | 000,295,424 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\atmfd.dll
[2012.12.16 15:13:20 | 000,034,304 | ---- | M] (Adobe Systems) -- C:\windows\SysWow64\atmlib.dll
[2012.12.13 20:27:12 | 000,002,378 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012.12.12 17:52:32 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerApp.exe
[2012.12.12 17:52:32 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
[2012.12.09 18:47:38 | 000,002,517 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[1 C:\windows\SysNative\*.tmp files -> C:\windows\SysNative\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.01.04 07:42:15 | 000,000,000 | ---- | C] () -- C:\Users\RMSpanier\defogger_reenable
[2012.12.27 12:27:13 | 000,001,787 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012.12.25 16:47:56 | 000,001,309 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk
[2012.12.21 10:44:54 | 000,002,113 | ---- | C] () -- C:\Users\Public\Desktop\Nero Kwik Media.lnk
[2012.12.20 08:07:57 | 000,002,274 | ---- | C] () -- C:\Users\Public\Desktop\Nero Blu-ray Player.lnk
[2012.12.08 19:26:06 | 000,000,580 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SaalDesignSoftware.lnk
[2012.09.15 14:15:11 | 000,000,034 | ---- | C] () -- C:\windows\cdplayer.ini
[2012.07.01 20:23:11 | 000,003,584 | ---- | C] () -- C:\Users\RMSpanier\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.05.04 23:46:18 | 000,003,273 | ---- | C] () -- C:\windows\scenelib24.ini
[2012.04.25 08:15:43 | 000,000,000 | ---- | C] () -- C:\windows\ativpsrm.bin
[2012.01.18 05:44:00 | 010,920,984 | ---- | C] () -- C:\windows\SysWow64\LogiDPP.dll
[2012.01.18 05:44:00 | 000,336,408 | ---- | C] () -- C:\windows\SysWow64\DevManagerCore.dll
[2012.01.18 05:44:00 | 000,104,472 | ---- | C] () -- C:\windows\SysWow64\LogiDPPApp.exe
[2011.12.06 01:04:42 | 000,014,464 | ---- | C] () -- C:\windows\SysWow64\drivers\AsUpIO.sys
[2011.12.06 01:03:51 | 000,013,440 | ---- | C] () -- C:\windows\SysWow64\drivers\AsIO.sys
[2011.12.06 01:03:46 | 000,221,184 | ---- | C] () -- C:\windows\SysWow64\drivers\ServiceHelp.dll
[2011.12.06 01:03:46 | 000,011,832 | ---- | C] () -- C:\windows\SysWow64\drivers\AsInsHelp64.sys
[2011.12.06 01:03:46 | 000,010,216 | ---- | C] () -- C:\windows\SysWow64\drivers\AsInsHelp32.sys
[2011.12.06 00:52:24 | 000,014,223 | ---- | C] () -- C:\windows\Ascd_log.ini
[2011.12.06 00:52:18 | 000,001,769 | ---- | C] () -- C:\windows\Language_trs.ini
[2011.12.06 00:52:17 | 000,010,296 | ---- | C] () -- C:\windows\SysWow64\drivers\ASUSHWIO.SYS
[2011.12.06 00:52:17 | 000,008,437 | ---- | C] () -- C:\windows\Ascd_tmp.ini
[2011.12.06 00:23:37 | 000,963,116 | ---- | C] () -- C:\windows\SysWow64\igkrng600.bin
[2011.12.06 00:23:36 | 000,216,876 | ---- | C] () -- C:\windows\SysWow64\igfcg600m.bin
[2011.12.06 00:23:35 | 000,145,804 | ---- | C] () -- C:\windows\SysWow64\igcompkrng600.bin
[2011.11.22 21:54:30 | 000,003,949 | ---- | C] () -- C:\windows\SysWow64\atipblag.dat
[2011.03.09 21:59:14 | 000,059,904 | ---- | C] () -- C:\windows\SysWow64\OVDecode.dll
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >
         
--- --- ---

Alt 07.01.2013, 21:37   #15
Larusso
/// Selecta Jahrusso
 
Nach google Suche und Auswahl eines Suchergebnisses, Weiterleitung an nicht ausgewählte Internetseite - Standard

Nach google Suche und Auswahl eines Suchergebnisses, Weiterleitung an nicht ausgewählte Internetseite



Downloade dir die angehängte fix.txt an den selben Ort wie OTL.

Starte OTL und drücke den Fix Button. Ein Dialogbox wird sich öffnen. Wähle die fix.txt und drücke OK.
Wenn alles gut läuft, steht der Text in der Benutzerdefinierten Box von OTL. Schließe alle anderen Programme und drücke erneut auf Fix.

Nach dem Neustart brauche ich die Fixlog wie oben beschrieben.
__________________
mfg, Daniel

ASAP & UNITE Member
Alliance of Security Analysis Professionals
Unified Network of Instructors and Trusted Eliminators

Lerne, zurück zu schlagen und unterstütze uns!
TB Akademie

Antwort

Themen zu Nach google Suche und Auswahl eines Suchergebnisses, Weiterleitung an nicht ausgewählte Internetseite
antivir, audiograbber, autorun, avira, becker, bho, bonjour, browser, c:\windows\system32\cmd.exe, desktop, error, fehler, firefox, flash player, google, home, homepage, install.exe, installation, logfile, msvcrt, object, office 2007, officejet, problem, realtek, registry, security, software, starmoney, svchost.exe, updates, windows



Ähnliche Themen: Nach google Suche und Auswahl eines Suchergebnisses, Weiterleitung an nicht ausgewählte Internetseite


  1. Weiterleitung auf buydomains.com bei google-Suche
    Log-Analyse und Auswertung - 01.07.2014 (9)
  2. Weiterleitung bei Google-Suche
    Log-Analyse und Auswertung - 28.11.2013 (11)
  3. Weiterleitung nach google suche zu ihavenet.com
    Log-Analyse und Auswertung - 08.05.2013 (9)
  4. Unerwünschte Weiterleitung bei Google-Suche Firefox
    Plagegeister aller Art und deren Bekämpfung - 04.02.2013 (37)
  5. Unbeabsichtigte Weiterleitung bei Aktivieren eines Google-links
    Log-Analyse und Auswertung - 26.10.2012 (48)
  6. Fehlerhafte Weiterleitung bei Google-Suche
    Log-Analyse und Auswertung - 03.07.2012 (1)
  7. Weiterleitung nach google Suche + amazon Daten ausgepäht
    Log-Analyse und Auswertung - 02.04.2012 (30)
  8. Internetseite geht nicht auf>>Weiterleitung auf de.de??
    Plagegeister aller Art und deren Bekämpfung - 24.01.2012 (1)
  9. Google Suche: Weiterleitung auf falsche Seiten
    Log-Analyse und Auswertung - 15.12.2011 (28)
  10. Weiterleitung zu nicht gewünschten Webseiten nach Google-Suche (Firefox)
    Log-Analyse und Auswertung - 21.07.2011 (19)
  11. UncleDoc: Weiterleitung zu nicht gewünschten Webseiten nach Google-Suche (Firefox)
    Log-Analyse und Auswertung - 18.07.2011 (10)
  12. nach google Suche weiterleitung zur verkehrten Seite
    Plagegeister aller Art und deren Bekämpfung - 27.06.2011 (15)
  13. Unerwünschte Weiterleitung bei Google-Suche Firefox
    Plagegeister aller Art und deren Bekämpfung - 23.12.2010 (5)
  14. Werde umgeleitet von Google auf nicht ausgewählte Seiten
    Plagegeister aller Art und deren Bekämpfung - 13.12.2010 (25)
  15. Bei Google-Suche Weiterleitung auf andere Suchmaschinenseiten
    Plagegeister aller Art und deren Bekämpfung - 07.11.2010 (17)
  16. Unerwünschte Weiterleitung bei Google-Suche
    Plagegeister aller Art und deren Bekämpfung - 06.11.2010 (14)
  17. Unerwünschte Weiterleitung bei Google Suche (Ask.com)
    Plagegeister aller Art und deren Bekämpfung - 30.10.2010 (24)

Zum Thema Nach google Suche und Auswahl eines Suchergebnisses, Weiterleitung an nicht ausgewählte Internetseite - Hallo, bin neu im Forum, daher bitte um Verständnis, falls ich mich unklar ausdrücke. Habe seit gestern das Problem, dass ich beim anklicken eines Suchergebnisses in Google an irgendwelche Internetseiten - Nach google Suche und Auswahl eines Suchergebnisses, Weiterleitung an nicht ausgewählte Internetseite...
Archiv
Du betrachtest: Nach google Suche und Auswahl eines Suchergebnisses, Weiterleitung an nicht ausgewählte Internetseite auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.