Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Browser können keine Verbindung anzeigen aber ping und andere Dienste ins Netz funktionieren

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 19.02.2013, 07:17   #1
fisherman
 
Browser können keine Verbindung anzeigen aber ping und andere Dienste ins Netz funktionieren - Daumen runter

Browser können keine Verbindung anzeigen aber ping und andere Dienste ins Netz funktionieren



Hallo!
Hab den Rechner eines Freundes zur Reperatur und musste feststellen dass es darauf nur so von Viren gewimmelt hat. Konnte einiges über Viren Programmen und Spybot Search & Destroy entfernen (hab mir leider nichts notiert) jedoch werden momentan keine Internetseiten angezeigt. Ping (auch ins Internet) oder andere Dienste wie Sambsa funktionieren jedoch.

Die Browser geben folgende Fehler aus:
Firefox:Verbindung fehlgeschlagen - Firefox kann keine Verbindung zu dem server heise.de aufbauen (ping auf heise.de funtioniert!)
Chrome: Diese Webseite ist nicht verfübar
IE: Die Webseite kann nicht angezeigt werden

Hier die OTL.txt:
=============
OTL logfile created on: 18.02.2013 17:33:45 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Thomas\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

3,25 Gb Total Physical Memory | 2,06 Gb Available Physical Memory | 63,53% Memory free
6,69 Gb Paging File | 5,63 Gb Available in Paging File | 84,19% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232,88 Gb Total Space | 132,39 Gb Free Space | 56,85% Space Free | Partition Type: NTFS
Drive D: | 217,50 Gb Total Space | 216,89 Gb Free Space | 99,72% Space Free | Partition Type: NTFS

Computer Name: THOMAS-PC | User Name: Thomas | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013.02.18 17:26:24 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Thomas\Desktop\OTL.exe
PRC - [2013.01.26 03:35:08 | 001,248,208 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
PRC - [2012.12.14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012.11.13 14:08:12 | 003,487,240 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe
PRC - [2012.10.30 23:50:59 | 004,297,136 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2012.10.30 23:50:59 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2012.07.27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.05.29 12:09:52 | 001,528,672 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe
PRC - [2012.05.29 12:09:52 | 001,220,960 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesApp32.exe
PRC - [2011.10.13 17:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE
PRC - [2010.01.03 17:07:48 | 000,246,520 | ---- | M] () -- C:\Program Files\ICQ6Toolbar\ICQ Service.exe
PRC - [2009.04.11 07:28:15 | 000,117,248 | ---- | M] () -- \\?\C:\Windows\System32\wbem\WMIADAP.EXE
PRC - [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.04.11 07:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2009.02.09 08:14:38 | 000,033,136 | ---- | M] () -- C:\Windows\ASScrPro.exe
PRC - [2008.10.21 18:57:30 | 000,307,200 | -H-- | M] (DeviceVM) -- C:\ASUS.SYS\DVMExportService.exe
PRC - [2008.10.21 03:08:30 | 000,166,456 | ---- | M] (ASUS) -- C:\Program Files\ASUS\ATK Hotkey\HControl.exe
PRC - [2008.10.18 02:10:54 | 000,211,512 | ---- | M] (ATK) -- C:\Program files\P4G\BatteryLife.exe
PRC - [2008.10.15 01:58:32 | 000,158,264 | ---- | M] (ASUS) -- C:\Program Files\ASUS\ASUS CopyProtect\aspg.exe
PRC - [2008.09.18 12:00:09 | 006,294,048 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2008.09.03 02:11:04 | 008,105,984 | ---- | M] (ASUS) -- C:\Program Files\ASUS\ATKOSD2\ATKOSD2.exe
PRC - [2008.09.01 23:25:34 | 000,851,968 | ---- | M] (ATK) -- C:\Program Files\ASUS\Splendid\ACMON.exe
PRC - [2008.08.19 19:34:04 | 000,159,744 | ---- | M] (ASUS) -- C:\Program Files\ASUS\ATK Media\DMedia.exe
PRC - [2008.08.18 20:27:32 | 000,117,304 | ---- | M] (ASUS) -- C:\Program Files\ASUS\ATK Hotkey\MsgTranAgt.exe
PRC - [2008.08.18 19:56:22 | 000,098,304 | ---- | M] (ASUS) -- C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe
PRC - [2008.08.14 06:00:16 | 000,158,264 | ---- | M] (ASUS) -- C:\Program Files\ASUS\ATK Hotkey\WDC.exe
PRC - [2008.08.14 06:00:08 | 000,113,208 | ---- | M] (ASUS) -- C:\Program Files\ASUS\ATK Hotkey\KBFiltr.exe
PRC - [2008.08.14 05:59:52 | 000,100,920 | ---- | M] () -- C:\Program Files\ASUS\ATK Hotkey\ASLDRSrv.exe
PRC - [2008.08.14 01:21:56 | 002,482,176 | ---- | M] (ASUS) -- C:\Program Files\ASUS\ATK Hotkey\ATKOSD.exe
PRC - [2008.07.18 18:52:16 | 000,104,936 | ---- | M] (CyberLink) -- C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe
PRC - [2008.06.18 07:10:24 | 000,297,528 | ---- | M] (ASUS) -- C:\Program Files\ASUS\SmartLogon\sensorsrv.exe
PRC - [2008.02.09 18:05:59 | 000,238,968 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
PRC - [2008.01.21 03:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2007.11.30 20:20:44 | 000,051,768 | ---- | M] () -- C:\Program Files\ASUS\ASUS Live Update\ALU.exe
PRC - [2007.10.12 06:44:28 | 000,106,496 | ---- | M] (ASUS) -- C:\Windows\System32\ASUSTPE.exe
PRC - [2007.08.08 09:08:40 | 000,094,208 | ---- | M] () -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe
PRC - [2007.07.06 01:53:44 | 001,040,384 | ---- | M] () -- C:\Program Files\Wireless Console 2\wcourier.exe
PRC - [2007.05.18 11:31:16 | 000,073,728 | ---- | M] () -- C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe
PRC - [2005.07.07 00:43:42 | 000,155,648 | ---- | M] (ASUSTeK) -- C:\Windows\System32\ACEngSvr.exe


========== Modules (No Company Name) ==========

MOD - [2012.12.12 06:34:13 | 005,025,792 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
MOD - [2012.11.13 14:06:32 | 000,158,624 | ---- | M] () -- C:\Program Files\Spybot - Search & Destroy 2\snlFileFormats150.bpl
MOD - [2012.11.13 14:06:30 | 000,108,960 | ---- | M] () -- C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl
MOD - [2012.11.13 14:06:28 | 000,554,400 | ---- | M] () -- C:\Program Files\Spybot - Search & Destroy 2\VirtualTreesDXE150.bpl
MOD - [2012.11.13 14:06:28 | 000,528,288 | ---- | M] () -- C:\Program Files\Spybot - Search & Destroy 2\JSDialogPack150.bpl
MOD - [2012.11.13 14:06:28 | 000,416,160 | ---- | M] () -- C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl
MOD - [2012.10.05 11:59:03 | 003,194,880 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
MOD - [2012.10.05 11:59:03 | 000,630,784 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
MOD - [2012.08.31 12:01:10 | 004,550,656 | ---- | M] () -- C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
MOD - [2011.12.27 03:51:23 | 005,251,072 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
MOD - [2009.03.30 05:42:20 | 002,048,000 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll
MOD - [2009.03.30 05:42:19 | 000,303,104 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
MOD - [2009.03.30 05:42:17 | 000,425,984 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll
MOD - [2009.03.30 05:42:12 | 000,434,176 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll
MOD - [2009.03.30 05:42:12 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll
MOD - [2009.03.30 05:42:11 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2009.03.30 05:42:10 | 000,010,752 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
MOD - [2009.02.09 08:14:38 | 000,033,136 | ---- | M] () -- C:\Windows\ASScrPro.exe
MOD - [2009.02.09 03:19:50 | 001,691,648 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.3175.36946__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dl l
MOD - [2009.02.09 03:19:50 | 000,266,240 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3175.36923__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll
MOD - [2009.02.09 03:19:50 | 000,204,800 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3175.36949__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll
MOD - [2009.02.09 03:19:50 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3175.36941__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll
MOD - [2009.02.09 03:19:50 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3175.36934__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime. dll
MOD - [2009.02.09 03:19:49 | 000,483,328 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.3175.37089__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll
MOD - [2009.02.09 03:19:49 | 000,077,824 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.3175.37057__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll
MOD - [2009.02.09 03:19:49 | 000,069,632 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.3175.37026__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll
MOD - [2009.02.09 03:19:49 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.3175.37000__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dl l
MOD - [2009.02.09 03:19:33 | 000,356,352 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.3175.37035__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll
MOD - [2009.02.09 03:19:33 | 000,135,168 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3175.37090__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll
MOD - [2009.02.09 03:19:33 | 000,090,112 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3175.37036__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll
MOD - [2009.02.09 03:19:33 | 000,073,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3175.36933__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll
MOD - [2009.02.09 03:19:32 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.3175.37034__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll
MOD - [2009.02.09 03:19:32 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime\2.0.3175.37087__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime.dll
MOD - [2009.02.09 03:19:31 | 000,811,008 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.3175.37004__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll
MOD - [2009.02.09 03:19:31 | 000,589,824 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.3175.36951__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashbo ard.dll
MOD - [2009.02.09 03:19:31 | 000,442,368 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.3175.36936__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashbo ard.dll
MOD - [2009.02.09 03:19:31 | 000,405,504 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.3175.37048__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll
MOD - [2009.02.09 03:19:31 | 000,401,408 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Dashboard\2.0.3175.37024__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Dashboard.dll
MOD - [2009.02.09 03:19:31 | 000,307,200 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Wizard\2.0.3175.36956__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Wizard.dll
MOD - [2009.02.09 03:19:31 | 000,225,280 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3175.36950__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll
MOD - [2009.02.09 03:19:31 | 000,122,880 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.3175.37020__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashbo ard.dll
MOD - [2009.02.09 03:19:31 | 000,077,824 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.3175.37003__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll
MOD - [2009.02.09 03:19:31 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.3175.36955__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime. dll
MOD - [2009.02.09 03:19:31 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.3175.37019__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime. dll
MOD - [2009.02.09 03:19:30 | 000,450,560 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Dashboard\2.0.3175.36995__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll
MOD - [2009.02.09 03:19:30 | 000,438,272 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.3175.37002__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll
MOD - [2009.02.09 03:19:30 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3175.37000__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll
MOD - [2009.02.09 03:19:30 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.3175.37002__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll
MOD - [2009.02.09 03:19:30 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.3175.37023__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll
MOD - [2009.02.09 03:19:30 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.3156.17694__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll
MOD - [2009.02.09 03:19:30 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.3156.17689__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll
MOD - [2009.02.09 03:19:30 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.WinMessages.Shared\2.0.3156.17698__90ba9c70f846762e\AEM.Plugin.WinMessages.Shared.dll
MOD - [2009.02.09 03:19:30 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.3156.17722__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll
MOD - [2009.02.09 03:19:30 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.3156.17701__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll
MOD - [2009.02.09 03:19:30 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.3156.17721__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll
MOD - [2009.02.09 03:19:29 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation\2.0.3156.17681__90ba9c70f846762e\LOG.Foundation.dll
MOD - [2009.02.09 03:19:29 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.3156.17682__90ba9c70f846762e\NEWAEM.Foundation.dll
MOD - [2009.02.09 03:19:29 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.OS.I0602\2.0.3156.17703__90ba9c70f846762e\DEM.OS.I0602.dll
MOD - [2009.02.09 03:19:29 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Foundation\2.0.3156.17699__90ba9c70f846762e\MOM.Foundation.dll
MOD - [2009.02.09 03:19:29 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.OS\2.0.3156.17703__90ba9c70f846762e\DEM.OS.dll
MOD - [2009.02.09 03:19:29 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll
MOD - [2009.02.09 03:19:29 | 000,006,656 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll
MOD - [2009.02.09 03:19:28 | 000,057,344 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation\2.0.3156.17682__90ba9c70f846762e\CLI.Foundation.dll
MOD - [2009.02.09 03:19:28 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.3156.17695__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll
MOD - [2009.02.09 03:19:28 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.3156.17710__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll
MOD - [2009.02.09 03:19:28 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll
MOD - [2009.02.09 03:19:28 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.3156.17718__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll
MOD - [2009.02.09 03:19:28 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.3156.17747__90ba9c70f846762e\CLI.Foundation.XManifest.dll
MOD - [2009.02.09 03:19:28 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.3156.17697__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll
MOD - [2009.02.09 03:19:28 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.3156.17695__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll
MOD - [2009.02.09 03:19:28 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.3156.17689__90ba9c70f846762e\CLI.Component.Client.Shared.dll
MOD - [2009.02.09 03:19:28 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics\2.0.3156.17703__90ba9c70f846762e\DEM.Graphics.dll
MOD - [2009.02.09 03:19:28 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll
MOD - [2009.02.09 03:19:28 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.3156.17694__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll
MOD - [2009.02.09 03:19:28 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.3156.17706__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll
MOD - [2009.02.09 03:19:28 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.3156.17704__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll
MOD - [2009.02.09 03:19:27 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.3156.17708__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll
MOD - [2009.02.09 03:19:27 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Shared\2.0.3156.17718__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Shared.dll
MOD - [2009.02.09 03:19:27 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.3156.17709__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dl l
MOD - [2009.02.09 03:19:27 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.3156.17704__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dl l
MOD - [2009.02.09 03:19:26 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.3156.17710__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll
MOD - [2009.02.09 03:19:26 | 000,049,152 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.3156.17707__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll
MOD - [2009.02.09 03:19:26 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.3156.17710__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll
MOD - [2009.02.09 03:19:26 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.3156.17701__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll
MOD - [2009.02.09 03:19:26 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.3156.17706__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dl l
MOD - [2009.02.09 03:19:26 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.3156.17704__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll
MOD - [2009.02.09 03:19:25 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.3156.17708__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll
MOD - [2009.02.09 03:19:25 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.3156.17702__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll
MOD - [2009.02.09 03:19:25 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ACE.Graphics.DisplaysManager.Shared\2.0.2573.17685__90ba9c70f846762e\ACE.Graphics.DisplaysManager.Shared.dll
MOD - [2009.02.09 03:19:25 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\APM.Foundation\2.0.3156.17700__90ba9c70f846762e\APM.Foundation.dll
MOD - [2009.02.09 03:19:25 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server.Shared\2.0.3156.17695__90ba9c70f846762e\AEM.Server.Shared.dll
MOD - [2009.02.09 03:19:22 | 000,004,608 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.resources\2.0.3175.36928_de_90ba9c70f846762e\CLI.Component.Dashboard.resources.dll
MOD - [2009.02.09 03:19:21 | 000,005,120 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Systemtray.resources\2.0.3175.37069_de_90ba9c70f846762e\CLI.Component.Systemtray.resources.dll
MOD - [2009.02.09 03:19:20 | 000,106,496 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Implementation\2.0.3175.37078__90ba9c70f846762e\MOM.Implementation.dll
MOD - [2009.02.09 03:19:20 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3175.37075__90ba9c70f846762e\LOG.Foundation.Implementation.dll
MOD - [2009.02.09 03:19:20 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3175.37106__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll
MOD - [2009.02.09 03:19:20 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.3156.17689__90ba9c70f846762e\LOG.Foundation.Private.dll
MOD - [2009.02.09 03:19:20 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.3156.17702__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll
MOD - [2009.02.09 03:19:20 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOCALIZATION.Foundation.Private\2.0.3156.17686__90ba9c70f846762e\LOCALIZATION.Foundation.Private.dll
MOD - [2009.02.09 03:19:20 | 000,014,848 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AxInterop.WBOCXLib\1.0.0.0__90ba9c70f846762e\AxInterop.WBOCXLib.dll
MOD - [2009.02.09 03:19:20 | 000,013,312 | ---- | M] () -- C:\Windows\assembly\GAC\Interop.WBOCXLib\1.0.0.0__90ba9c70f846762e\Interop.WBOCXLib.dll
MOD - [2009.02.09 03:19:20 | 000,011,264 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOCALIZATION.Foundation.Implementation\2.0.3175.37120__90ba9c70f846762e\LOCALIZATION.Foundation.Implementation.dll
MOD - [2009.02.09 03:19:20 | 000,007,168 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3175.36917__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll
MOD - [2009.02.09 03:19:19 | 001,032,192 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3175.36928__90ba9c70f846762e\CLI.Component.Dashboard.dll
MOD - [2009.02.09 03:19:19 | 000,483,328 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Systemtray\2.0.3175.37069__90ba9c70f846762e\CLI.Component.Systemtray.dll
MOD - [2009.02.09 03:19:19 | 000,397,312 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3175.36940__90ba9c70f846762e\CLI.Component.Wizard.dll
MOD - [2009.02.09 03:19:19 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3175.36920__90ba9c70f846762e\CLI.Component.Runtime.dll
MOD - [2009.02.09 03:19:19 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.SkinFactory\2.0.3175.36922__90ba9c70f846762e\CLI.Component.SkinFactory.dll
MOD - [2009.02.09 03:19:19 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.3156.17698__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll
MOD - [2009.02.09 03:19:19 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.3156.17686__90ba9c70f846762e\CLI.Foundation.Private.dll
MOD - [2009.02.09 03:19:19 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.3156.17698__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll
MOD - [2009.02.09 03:19:19 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.3156.17702__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll
MOD - [2009.02.09 03:19:18 | 000,069,632 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ATIDEMOS\2.0.3175.36921__90ba9c70f846762e\ATIDEMOS.dll
MOD - [2009.02.09 03:19:18 | 000,057,344 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\APM.Server\2.0.3175.36919__90ba9c70f846762e\APM.Server.dll
MOD - [2009.02.09 03:19:18 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server\2.0.3175.36917__90ba9c70f846762e\AEM.Server.dll
MOD - [2009.02.09 03:19:18 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.3156.17692__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll
MOD - [2009.02.09 03:19:18 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll
MOD - [2009.02.09 03:19:18 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CCC.Implementation\2.0.3175.37077__90ba9c70f846762e\CCC.Implementation.dll
MOD - [2009.02.09 03:19:18 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.3156.17711__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll
MOD - [2008.10.17 01:45:20 | 000,014,848 | ---- | M] () -- C:\Program files\P4G\OvrClk.dll
MOD - [2008.09.11 03:18:47 | 000,159,744 | ---- | M] () -- C:\Windows\System32\atitmmxx.dll
MOD - [2008.08.21 00:49:56 | 000,016,384 | ---- | M] () -- C:\Program files\P4G\DevMng.dll
MOD - [2008.07.18 18:52:08 | 000,649,704 | ---- | M] () -- C:\Program Files\CyberLink\Power2Go\CLMediaLibrary.dll
MOD - [2008.06.09 08:55:08 | 000,013,096 | ---- | M] () -- C:\Program Files\CyberLink\Power2Go\CLMLSvcPS.dll
MOD - [2007.11.30 20:20:44 | 000,051,768 | ---- | M] () -- C:\Program Files\ASUS\ASUS Live Update\ALU.exe
MOD - [2007.11.13 00:41:50 | 000,106,496 | ---- | M] () -- C:\Program Files\ASUS\ATK Hotkey\MsgTran.dll
MOD - [2007.08.08 11:52:08 | 000,331,776 | ---- | M] () -- C:\Program Files\ASUS\ASUS Data Security Manager\AdsmendecExt.dll
MOD - [2007.06.15 19:28:36 | 000,147,456 | ---- | M] () -- C:\Program Files\ASUS\ASUS Data Security Manager\OverlayIconShlExt.dll
MOD - [2007.06.02 02:08:18 | 000,143,360 | ---- | M] () -- C:\Program Files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll
MOD - [2007.03.10 01:16:52 | 000,106,496 | ---- | M] () -- C:\Program Files\ATKGFNEX\AGFNEX.dll


========== Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\Program Files\Spybot -- (SDWSCService)
SRV - File not found [Disabled | Stopped] -- C:\Program Files\Spybot -- (SDUpdateService)
SRV - File not found [Disabled | Stopped] -- C:\Program Files\Spybot -- (SDScannerService)
SRV - [2012.12.14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.12.14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012.10.30 23:50:59 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2012.07.27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.07.13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.05.29 12:09:52 | 001,528,672 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc)
SRV - [2011.10.21 15:23:42 | 000,196,176 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011.10.13 17:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate)
SRV - [2010.01.03 17:07:48 | 000,246,520 | ---- | M] () [Auto | Running] -- C:\Program Files\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service)
SRV - [2008.10.21 18:57:30 | 000,307,200 | -H-- | M] (DeviceVM) [Auto | Running] -- C:\ASUS.SYS\DVMExportService.exe -- (MDES)
SRV - [2008.09.05 10:52:32 | 003,220,856 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE -- (LiveUpdate)
SRV - [2008.08.14 05:59:52 | 000,100,920 | ---- | M] () [Auto | Running] -- C:\Program Files\ASUS\ATK Hotkey\ASLDRSrv.exe -- (ASLDRService)
SRV - [2008.02.09 18:05:59 | 000,238,968 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)
SRV - [2008.01.21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2007.08.08 09:08:40 | 000,094,208 | ---- | M] () [Auto | Running] -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)
SRV - [2007.05.18 11:31:16 | 000,073,728 | ---- | M] () [Auto | Running] -- C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe -- (ADSMService)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\ASUS\ASUS Live Update\SYS\lvupdtio.sys -- (lvupdtio)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2012.12.14 16:49:28 | 000,021,104 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012.10.30 23:51:58 | 000,738,504 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012.10.30 23:51:58 | 000,361,032 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012.10.30 23:51:58 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012.10.30 23:51:58 | 000,035,928 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2012.10.30 23:51:57 | 000,058,680 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2012.10.30 23:51:56 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2012.10.30 23:51:56 | 000,020,624 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswKbd.sys -- (aswKbd)
DRV - [2012.05.08 14:21:42 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv)
DRV - [2009.09.05 14:25:36 | 001,183,744 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009.07.14 00:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (winusb)
DRV - [2009.04.15 09:45:24 | 000,124,464 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2009.02.19 12:31:18 | 000,041,008 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\symndisv.sys -- (SYMNDISV)
DRV - [2009.02.19 12:31:16 | 000,184,496 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\symtdi.sys -- (SYMTDI)
DRV - [2009.02.19 12:31:16 | 000,096,560 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\symfw.sys -- (SYMFW)
DRV - [2009.02.19 12:31:16 | 000,022,320 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\symredrv.sys -- (SYMREDRV)
DRV - [2009.02.19 12:31:16 | 000,013,616 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\symdns.sys -- (SYMDNS)
DRV - [2008.09.11 04:09:05 | 003,976,192 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2008.08.06 09:26:07 | 000,124,928 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2008.08.04 19:29:59 | 001,772,544 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC)
DRV - [2008.06.03 07:41:51 | 000,015,928 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\kbfiltr.sys -- (kbfiltr)
DRV - [2008.05.29 18:21:04 | 000,015,416 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [File_System | Boot | Running] -- C:\Windows\System32\drivers\lullaby.sys -- (lullaby)
DRV - [2008.05.29 02:54:20 | 000,022,072 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\usbfilter.sys -- (usbfilter)
DRV - [2008.05.27 06:55:53 | 000,173,576 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\ahcix86s.sys -- (ahcix86s)
DRV - [2008.04.28 14:26:41 | 000,014,352 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\AtiPcie.sys -- (AtiPcie)
DRV - [2008.04.07 07:00:45 | 000,006,656 | ---- | M] (Generic) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CRFILTER.sys -- (CRFILTER)
DRV - [2007.08.11 05:19:26 | 000,029,752 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [File_System | Boot | Running] -- C:\Windows\System32\drivers\AsDsm.sys -- (AsDsm)
DRV - [2007.07.24 20:09:04 | 000,013,880 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\ATKGFNEX\ASMMAP.sys -- (ASMMAP)
DRV - [2006.12.14 08:11:57 | 000,007,680 | ---- | M] (ATK0100) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ATKACPI.sys -- (MTsensor)
DRV - [2006.11.02 08:41:49 | 001,010,560 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\smserial.sys -- (smserial)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=ASUS&bmod=ASUS
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://home.sweetim.com
IE - HKLM\..\URLSearchHook: - No CLSID value found
IE - HKLM\..\URLSearchHook: {64577f6f-8a9d-413a-b4c8-d080d6aeaf88} - C:\Program Files\Softonic_VLC_DE\tbSof1.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\20101005194838\ICQToolBar.dll (ICQ)
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUS
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2365318
IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=ASUS&bmod=ASUS
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {6552C7DD-90A4-4387-B795-F8F96747DE19}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?FORM=IEFM1&q={searchTerms}
IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://www.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUS_deDE322
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rlz=1I7ASUS_deDE322&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKCU\..\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}: "URL" = hxxp://127.0.0.1:4664/search&s=I5if7zM0SkKkz8ldSgBCJi9uDDI?q={searchTerms}
IE - HKCU\..\SearchScopes\{8ED8D48B-9A36-4234-9115-313C92F8946D}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000027&src=crm&q={searchTerms}&locale=de_DE&apn_ptnrs=^U3&apn_dtid=^OSJ000^YY^DE&apn_uid=FEB7F343-0711-4543-AAD9-D95EE7F7B688&apn_sauid=FEA0C788-34B4-47E8-84C8-597344C68CB0
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2365318
IE - HKCU\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa2,version=2.0.0: C:\Program Files\Picasa2\npPicasa2.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Picasa2\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Musicnotes.com/Musicnotes Viewer,version=1.18.9: C:\Program Files\Musicnotes\npmusicn.dll (Musicnotes, Inc.)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=13: C:\Program Files\Google\Google Updater\2.4.1698.5652\npCIDetect13.dll (Google)
FF - HKLM\Software\MozillaPlugins\@Sibelius.com/Scorch Plugin,version=6.2.0.88: C:\Program Files\Musicnotes\npsibelius.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)


[2013.01.28 21:02:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Thomas\AppData\Roaming\mozilla\Extensions

========== Chrome ==========

CHR - homepage: hxxp://www.google.com/
CHR - default_search_provider: Ask (Enabled)
CHR - default_search_provider: search_url = hxxp://websearch.ask.com/redirect?client=cr&src=kw&tb=ORJ&o=&locale=&apn_uid=FEB7F343-0711-4543-AAD9-D95EE7F7B688&apn_ptnrs=U3&apn_sauid=FEA0C788-34B4-47E8-84C8-597344C68CB0&apn_dtid=OSJ000YYDE&q={searchTerms}
CHR - default_search_provider: suggest_url = hxxp://ss.websearch.ask.com/query?qsrc=2922&li=ff&sstype=prefix&q={searchTerms}
CHR - homepage: hxxp://www.google.com/
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\24.0.1312.57\pdf.dll
CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Program Files\Google\Chrome\Application\24.0.1312.57\gears.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\24.0.1312.57\gcswf32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.200.2 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U20 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Updater (Enabled) = C:\Program Files\Google\Google Updater\2.4.1698.5652\npCIDetect13.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.0.50917.0\npctrl.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Picasa2\npPicasa2.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Picasa2\npPicasa3.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Ask Toolbar = C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaojmikegpiepcfdkkjaplodkpfmlo\7.15.9.33308_0\
CHR - Extension: avast! WebRep = C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1474_1\
CHR - Extension: DVDVideoSoft Browser Extension = C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.0_0\

O1 HOSTS File: ([2013.01.30 11:18:26 | 000,444,736 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 15276 more lines...
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Softonic VLC DE Toolbar) - {64577f6f-8a9d-413a-b4c8-d080d6aeaf88} - C:\Program Files\Softonic_VLC_DE\tbSof1.dll (Conduit Ltd.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (no name) - AutorunsDisabled - No CLSID value found.
O3 - HKLM\..\Toolbar: (Softonic VLC DE Toolbar) - {64577f6f-8a9d-413a-b4c8-d080d6aeaf88} - C:\Program Files\Softonic_VLC_DE\tbSof1.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\20101005194838\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Softonic VLC DE Toolbar) - {64577F6F-8A9D-413A-B4C8-D080D6AEAF88} - C:\Program Files\Softonic_VLC_DE\tbSof1.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ASUS Camera ScreenSaver] C:\Windows\ASScrProlog.exe ()
O4 - HKLM..\Run: [ASUS Screen Saver Protector] C:\Windows\ASScrPro.exe ()
O4 - HKLM..\Run: [ASUSTPE] C:\Windows\System32\ASUSTPE.exe (ASUS)
O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMedia.exe (ASUS)
O4 - HKLM..\Run: [ATKOSD2] C:\Program Files\ASUS\ATKOSD2\ATKOSD2.exe (ASUS)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [EPSON Stylus DX4200 Series] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIAEE.EXE (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [HControlUser] C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe (ASUS)
O4 - HKLM..\Run: [P2Go_Menu] C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [StartCCC] c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [GoogleChromeAutoLaunch_D1D0AD69A13928375769191006ADC5F6] C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
O4 - HKCU..\Run: [Spybot-S&D Cleaning] C:\Program Files\Spybot - Search & Destroy 2\SDCleaner.exe (Safer-Networking Ltd.)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Thomas\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 File not found
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 10.9.2)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A6148CC0-738A-4B11-9CB3-6B57CF94D136}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D2966084-0C14-4F8D-92CE-0D98098BB223}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found
O24 - Desktop WallPaper: C:\Users\Public\Pictures\Sample Pictures\Green Sea Turtle.jpg
O24 - Desktop BackupWallPaper: C:\Users\Public\Pictures\Sample Pictures\Green Sea Turtle.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013.02.18 17:31:13 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Thomas\Desktop\OTL.exe
[2013.02.18 17:02:42 | 000,000,000 | -H-D | C] -- C:\dvmexp
[2013.02.15 03:02:05 | 000,000,000 | -HSD | C] -- C:\Windows\System32\%APPDATA%
[2013.02.04 20:39:51 | 000,000,000 | ---D | C] -- C:\Users\Thomas\Desktop\Finanzen
[2013.01.30 13:07:24 | 000,000,000 | ---D | C] -- C:\Users\Thomas\AppData\Local\Mozilla
[2013.01.30 08:54:45 | 000,000,000 | ---D | C] -- C:\Users\Thomas\AppData\Roaming\LavasoftStatistics
[2013.01.30 08:53:41 | 000,000,000 | ---D | C] -- C:\Users\Thomas\AppData\Roaming\Ad-Aware Antivirus
[2013.01.30 08:41:36 | 000,000,000 | ---D | C] -- C:\Users\Thomas\AppData\Roaming\Malwarebytes
[2013.01.30 08:40:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.01.30 08:40:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.01.30 08:40:33 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013.01.30 08:40:33 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013.01.28 20:47:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2013.01.28 20:47:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
[2013.01.28 20:47:15 | 000,015,224 | ---- | C] (Safer Networking Limited) -- C:\Windows\System32\sdnclean.exe
[2013.01.28 20:47:10 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy 2
[2013.01.22 08:55:54 | 000,020,624 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswKbd.sys
[10 C:\Users\Thomas\Desktop\*.tmp files -> C:\Users\Thomas\Desktop\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Thomas\AppData\Roaming\*.tmp files -> C:\Users\Thomas\AppData\Roaming\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013.02.18 17:35:13 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.02.18 17:35:13 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.02.18 17:35:13 | 000,126,454 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.02.18 17:35:13 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.02.18 17:32:19 | 000,000,000 | ---- | M] () -- C:\Users\Thomas\defogger_reenable
[2013.02.18 17:28:00 | 000,374,784 | ---- | M] () -- C:\Users\Thomas\Desktop\GMER_2.1.18952.exe
[2013.02.18 17:26:24 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Thomas\Desktop\OTL.exe
[2013.02.18 17:04:02 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.02.18 17:03:39 | 000,045,056 | ---- | M] () -- C:\Windows\System32\acovcnt.exe
[2013.02.18 17:03:28 | 000,000,620 | ---- | M] () -- C:\Windows\tasks\Check for updates (Spybot - Search & Destroy).job
[2013.02.18 17:02:33 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013.02.18 17:02:33 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013.02.18 17:02:26 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.02.18 17:02:21 | 3488,735,232 | -HS- | M] () -- C:\hiberfil.sys
[2013.02.18 16:40:14 | 000,050,477 | ---- | M] () -- C:\Users\Thomas\Desktop\Defogger.exe
[2013.02.17 15:00:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.02.17 10:51:50 | 000,002,637 | ---- | M] () -- C:\Users\Thomas\Desktop\Microsoft Office Word 2003.lnk
[2013.02.15 12:24:02 | 000,471,064 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013.02.14 10:43:06 | 000,002,665 | ---- | M] () -- C:\Users\Thomas\Desktop\Microsoft Office Excel 2003.lnk
[2013.02.04 20:16:59 | 000,006,836 | ---- | M] () -- C:\Users\Thomas\AppData\Local\d3d9caps.dat
[2013.01.30 12:54:49 | 000,000,744 | ---- | M] () -- C:\Users\Thomas\Desktop\FirefoxPortable - Verknüpfung.lnk
[2013.01.30 11:18:26 | 000,444,736 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2013.01.30 11:06:16 | 000,000,902 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20130130-111826.backup
[2013.01.30 09:29:12 | 006,705,911 | ---- | M] () -- C:\Users\Thomas\Documents\AutoRuns.arn
[2013.01.30 08:40:36 | 000,000,913 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.01.28 21:44:24 | 000,000,616 | ---- | M] () -- C:\Windows\tasks\Refresh immunization (Spybot - Search & Destroy).job
[2013.01.28 21:44:24 | 000,000,446 | ---- | M] () -- C:\Windows\tasks\Scan the system (Spybot - Search & Destroy).job
[2013.01.28 21:38:32 | 000,020,852 | ---- | M] () -- C:\Windows\wininit.ini
[2013.01.28 20:47:21 | 000,001,965 | ---- | M] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
[2013.01.28 18:54:27 | 000,000,024 | ---- | M] () -- C:\Windows\ATKPF.ini
[2013.01.22 20:46:13 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[10 C:\Users\Thomas\Desktop\*.tmp files -> C:\Users\Thomas\Desktop\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Thomas\AppData\Roaming\*.tmp files -> C:\Users\Thomas\AppData\Roaming\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013.02.18 17:32:19 | 000,000,000 | ---- | C] () -- C:\Users\Thomas\defogger_reenable
[2013.02.18 17:31:13 | 000,374,784 | ---- | C] () -- C:\Users\Thomas\Desktop\GMER_2.1.18952.exe
[2013.02.18 17:31:13 | 000,050,477 | ---- | C] () -- C:\Users\Thomas\Desktop\Defogger.exe
[2013.01.30 12:54:59 | 000,000,744 | ---- | C] () -- C:\Users\Thomas\Desktop\FirefoxPortable - Verknüpfung.lnk
[2013.01.30 09:29:11 | 006,705,911 | ---- | C] () -- C:\Users\Thomas\Documents\AutoRuns.arn
[2013.01.30 08:40:36 | 000,000,913 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.01.28 21:40:58 | 000,000,761 | ---- | C] () -- C:\Users\Thomas\Desktop\hosts.20130128-214058.backup
[2013.01.28 21:34:42 | 000,020,852 | ---- | C] () -- C:\Windows\wininit.ini
[2013.01.28 20:47:31 | 000,000,446 | ---- | C] () -- C:\Windows\tasks\Scan the system (Spybot - Search & Destroy).job
[2013.01.28 20:47:30 | 000,000,616 | ---- | C] () -- C:\Windows\tasks\Refresh immunization (Spybot - Search & Destroy).job
[2013.01.28 20:47:29 | 000,000,620 | ---- | C] () -- C:\Windows\tasks\Check for updates (Spybot - Search & Destroy).job
[2013.01.28 20:47:21 | 000,001,977 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
[2013.01.28 20:47:21 | 000,001,965 | ---- | C] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
[2013.01.24 20:23:09 | 000,000,024 | ---- | C] () -- C:\Windows\ATKPF.ini
[2012.03.12 21:26:14 | 000,000,034 | ---- | C] () -- C:\Users\Thomas\AppData\Roaming\blckdom.res
[2011.08.06 19:00:31 | 000,000,000 | ---- | C] () -- C:\Users\Thomas\AppData\Local\{9895F436-6A5B-458B-A8D1-211BE989DF82}
[2010.10.17 13:46:03 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009.11.18 10:38:18 | 000,006,836 | ---- | C] () -- C:\Users\Thomas\AppData\Local\d3d9caps.dat
[2009.04.25 12:22:31 | 000,054,784 | ---- | C] () -- C:\Users\Thomas\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.10.14 23:57:58 | 000,106,496 | ---- | C] () -- C:\Program Files\Common Files\CPInstallAction.dll
[2008.05.22 17:35:54 | 000,051,962 | ---- | C] () -- C:\Program Files\Common Files\banner.jpg

========== ZeroAccess Check ==========

[2006.11.02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 07:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2013.01.30 08:54:03 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\Ad-Aware Antivirus
[2012.09.07 15:46:06 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\DVDVideoSoft
[2012.09.07 15:42:47 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\DVDVideoSoftIEHelpers
[2009.05.02 13:55:10 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\EPSON
[2012.03.12 21:26:00 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\kock
[2012.09.07 15:46:00 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\OpenCandy
[2012.09.07 15:47:10 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\TuneUp Software
[2012.03.15 20:27:55 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\UAs
[2012.03.15 20:28:03 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\xmldm

========== Purity Check ==========



< End of report >

Und die Extras.txt
===========================

OTL Extras logfile created on: 18.02.2013 17:33:45 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Thomas\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

3,25 Gb Total Physical Memory | 2,06 Gb Available Physical Memory | 63,53% Memory free
6,69 Gb Paging File | 5,63 Gb Available in Paging File | 84,19% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232,88 Gb Total Space | 132,39 Gb Free Space | 56,85% Space Free | Partition Type: NTFS
Drive D: | 217,50 Gb Total Space | 216,89 Gb Free Space | 99,72% Space Free | Partition Type: NTFS

Computer Name: THOMAS-PC | User Name: Thomas | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"TCP Query User{012CB2B0-CFEB-4F43-B2EC-D6642158717B}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{3B870475-EEAB-4DEE-B12D-5EC13F0358CF}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{695B0D4C-308B-4617-A2C9-2B3E6869E7B1}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"TCP Query User{DC56EDE4-480B-4523-8791-8D76A2FDBCC4}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{08D44926-D43B-4727-8949-9C6CEAF0F453}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{4D28B9DE-ED4D-4FD3-9AFC-0AB199568597}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{64B8D86A-B2D9-4FA5-8A75-3BD2AA6EED2E}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{D9C9D236-1F51-443D-9326-03B4CA910442}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{023EC958-023C-42D1-B2A4-E9E4BEF599FC}" = SweetIM for Messenger 2.6
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{066C2D90-AA61-B006-A2AD-CA8F99CFAD90}" = CCC Help Korean
"{0969AF05-4FF6-4C00-9406-43599238DE0D}" = ASUS Splendid Video Enhancement Technology
"{0A93E6BB-E69C-BE82-DAC4-1841DEE6B100}" = CCC Help Japanese
"{0CC2B083-565E-5D8A-7772-A24F3E4E5FD8}" = Catalyst Control Center InstallProxy
"{0E7DBD52-B097-4F2B-A7C7-F105B0D20FDB}" = LightScribe System Software 1.14.17.1
"{17F17F21-DA3D-F139-81E0-035B8E391E8F}" = Catalyst Control Center Localization Italian
"{1837A726-8EEA-DAB9-CD25-35B87DF37A85}" = ccc-utility
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{19D2B63E-C1F1-4803-BA8B-4AB8FE216952}" = EPSON PRINT Image Framer Tool
"{1C8521E5-5A7B-4A4E-A9CD-AD53116EAEE0}" = ASUS Data Security Manager
"{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = ASUS LifeFrame3
"{1DDC892D-584F-99CB-7933-3891660E6303}" = Skins
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{266C7330-C0F4-49E5-8F20-A56F9F822875}" = SweetIM Toolbar for Internet Explorer 3.3
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 20
"{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 9
"{27852A2B-5550-DBFE-E7E0-B1AB2B6F239D}" = Catalyst Control Center Localization Japanese
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Client Installation Program
"{2BE5ED17-1785-300D-F0BC-9A7F95443DD6}" = Catalyst Control Center Localization Greek
"{2DA85B02-13C0-4E6D-9A76-22E6B3DD0CB2}" = SymNet
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{32364CEA-7855-4A3C-B674-53D8E9B97936}" = TuneUp Utilities 2012
"{34E2F6FB-181A-7154-F90A-711F1E60E5D3}" = Catalyst Control Center Localization Norwegian
"{35EB7CF5-513B-65A6-E951-C22E9F3DCDBF}" = Catalyst Control Center Localization French
"{3938EBD6-1244-02EA-5FB1-923A6C9E56D0}" = CCC Help Norwegian
"{3A9455EB-0426-47F6-A21F-AAFB8D5F271F}" = AutoSketch Release 10
"{3B05F2FB-745B-4012-ADF2-439F36B2E70B}" = ATKOSD2
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{415B2719-AD3A-4944-B404-C472DB6085B3}" = Cisco EAP-FAST Module
"{45C03E9C-FF55-CF72-2250-586F5B05BEAF}" = Catalyst Control Center Localization Turkish
"{46225569-F497-E971-E246-A83B8CBAA5BF}" = Catalyst Control Center Localization Korean
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B0C330A-9821-33F0-BE85-911925215785}" = CCC Help Spanish
"{4EC29BC6-B0EE-B63E-A283-1C49EEEADBEF}" = CCC Help English
"{4FEBA1E1-B7B9-7EE4-02B2-E00CC33DA1B5}" = CCC Help Hungarian
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{54A1C4DC-3C1D-36B4-2B87-96F232E44395}" = Catalyst Control Center Localization Polish
"{5783F2D7-0101-0407-0002-0060B0CE6BBA}" = AutoCAD 2002 - Deutsch
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{6107B02A-09A7-7BE8-CE03-9B3F6B2AA833}" = Catalyst Control Center Graphics Light
"{62CF8923-31DC-4285-A23C-17CE5AA6A679}" = Express Gate
"{64452561-169F-4A36-A2FF-B5E118EC65F5}" = ASUS SmartLogon
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module
"{6B77A7F6-DD63-4F13-A6FF-83137A5AC354}" = ASUS CopyProtect
"{6B81D615-DDEF-3F82-5F6F-7FB9AE7D7793}" = Catalyst Control Center Graphics Previews Vista
"{6C4D812D-E406-4F63-29D4-8AD2F1E83F49}" = Catalyst Control Center Localization Portuguese
"{6DA5DE70-2816-82B6-230A-4FB885F3F965}" = Catalyst Control Center Localization Thai
"{70161478-A310-F2B0-705B-20AF4B28CCEC}" = CCC Help Chinese Traditional
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{723CF822-3C2E-092E-348F-266DAE4FFACA}" = Catalyst Control Center Core Implementation
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{741D9899-62D1-45E1-E0EC-DA971B0B33F6}" = Catalyst Control Center Localization Finnish
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{784C45F5-E069-8468-08E9-23D80D582685}" = CCC Help Polish
"{7B56DF5D-35A2-2C45-A0D3-5DF22DB191AB}" = ATI Catalyst Install Manager
"{7C05592D-424B-46CB-B505-E0013E8E75C9}" = ATK Hotkey
"{7FB99D3F-5AFC-A5DA-F3C3-4ECA52D1680A}" = CCC Help Chinese Standard
"{8182A880-F759-7838-4F1C-6E0E91FC5B39}" = CCC Help Portuguese
"{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module
"{83F73CB1-7705-49D1-9852-84D839CA2A45}" = Wireless Console 2
"{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8A8F8391-4C2C-4BE1-A984-CD4A5A546467}" = EPSON Easy Photo Print
"{8C347B83-BD6E-7AEE-7D7C-3691DC8C0AF6}" = CCC Help French
"{8DD02597-A2E0-6F91-6EAF-294AEB868DE6}" = Catalyst Control Center Localization Swedish
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0015-040C-0000-0000000FF1CE}" = Microsoft Office Access MUI (French) 2007
"{90120000-0015-040C-0000-0000000FF1CE}_PROHYBRIDR_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0015-0410-0000-0000000FF1CE}" = Microsoft Office Access MUI (Italian) 2007
"{90120000-0015-0410-0000-0000000FF1CE}_PROHYBRIDR_{7F40286D-09A7-4DC0-A2A4-AA18D026D369}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0015-0413-0000-0000000FF1CE}" = Microsoft Office Access MUI (Dutch) 2007
"{90120000-0015-0413-0000-0000000FF1CE}_PROHYBRIDR_{26257879-B20D-4D30-A429-B387A4890929}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-040C-0000-0000000FF1CE}" = Microsoft Office Excel MUI (French) 2007
"{90120000-0016-040C-0000-0000000FF1CE}_PROHYBRIDR_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0410-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Italian) 2007
"{90120000-0016-0410-0000-0000000FF1CE}_PROHYBRIDR_{7F40286D-09A7-4DC0-A2A4-AA18D026D369}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0413-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Dutch) 2007
"{90120000-0016-0413-0000-0000000FF1CE}_PROHYBRIDR_{26257879-B20D-4D30-A429-B387A4890929}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-040C-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (French) 2007
"{90120000-0018-040C-0000-0000000FF1CE}_PROHYBRIDR_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0410-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Italian) 2007
"{90120000-0018-0410-0000-0000000FF1CE}_PROHYBRIDR_{7F40286D-09A7-4DC0-A2A4-AA18D026D369}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0413-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Dutch) 2007
"{90120000-0018-0413-0000-0000000FF1CE}_PROHYBRIDR_{26257879-B20D-4D30-A429-B387A4890929}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-040C-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (French) 2007
"{90120000-0019-040C-0000-0000000FF1CE}_PROHYBRIDR_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0410-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Italian) 2007
"{90120000-0019-0410-0000-0000000FF1CE}_PROHYBRIDR_{7F40286D-09A7-4DC0-A2A4-AA18D026D369}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0413-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Dutch) 2007
"{90120000-0019-0413-0000-0000000FF1CE}_PROHYBRIDR_{26257879-B20D-4D30-A429-B387A4890929}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-040C-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (French) 2007
"{90120000-001A-040C-0000-0000000FF1CE}_PROHYBRIDR_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0410-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Italian) 2007
"{90120000-001A-0410-0000-0000000FF1CE}_PROHYBRIDR_{7F40286D-09A7-4DC0-A2A4-AA18D026D369}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0413-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Dutch) 2007
"{90120000-001A-0413-0000-0000000FF1CE}_PROHYBRIDR_{26257879-B20D-4D30-A429-B387A4890929}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-040C-0000-0000000FF1CE}" = Microsoft Office Word MUI (French) 2007
"{90120000-001B-040C-0000-0000000FF1CE}_PROHYBRIDR_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0410-0000-0000000FF1CE}" = Microsoft Office Word MUI (Italian) 2007
"{90120000-001B-0410-0000-0000000FF1CE}_PROHYBRIDR_{7F40286D-09A7-4DC0-A2A4-AA18D026D369}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0413-0000-0000000FF1CE}" = Microsoft Office Word MUI (Dutch) 2007
"{90120000-001B-0413-0000-0000000FF1CE}_PROHYBRIDR_{26257879-B20D-4D30-A429-B387A4890929}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0401-0000-0000000FF1CE}" = Microsoft Office Proof (Arabic) 2007
"{90120000-001F-0401-0000-0000000FF1CE}_PROHYBRIDR_{3E8EA473-ECCE-405F-A9CA-59446AEADD3A}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_PROHYBRIDR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_PROHYBRIDR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0413-0000-0000000FF1CE}" = Microsoft Office Proof (Dutch) 2007
"{90120000-001F-0413-0000-0000000FF1CE}_PROHYBRIDR_{2C95E7EE-FEA7-4B3A-A6E5-DF90A88B816A}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-002C-040C-0000-0000000FF1CE}" = Microsoft Office Proofing (French) 2007
"{90120000-002C-0410-0000-0000000FF1CE}" = Microsoft Office Proofing (Italian) 2007
"{90120000-002C-0413-0000-0000000FF1CE}" = Microsoft Office Proofing (Dutch) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_PROHYBRIDR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROHYBRIDR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-040C-0000-0000000FF1CE}" = Microsoft Office Shared MUI (French) 2007
"{90120000-006E-040C-0000-0000000FF1CE}_PROHYBRIDR_{8283FD64-6A3B-4104-9E12-7CA25EF29A1A}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0410-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Italian) 2007
"{90120000-006E-0410-0000-0000000FF1CE}_PROHYBRIDR_{C0C7E58F-D0A1-4102-855B-0B7AA2E8F1C1}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0413-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Dutch) 2007
"{90120000-006E-0413-0000-0000000FF1CE}_PROHYBRIDR_{1D12BC91-360E-424C-97C4-813651313660}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROHYBRIDR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{92C94E1B-0E55-AAFF-9210-FEC2AE4AF6CD}" = CCC Help Thai
"{9303A22F-866A-A0BB-CB86-46CCF6D9932D}" = CCC Help Finnish
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95120000-0122-0407-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{960B6D76-6ADD-C060-04A3-D58E7FDC4A0E}" = Catalyst Control Center Localization Russian
"{99419735-DAE2-676B-74CA-549F1D1E61F8}" = CCC Help Swedish
"{99CD0DDC-79DD-26D0-1FCD-2B8104316A8A}" = CCC Help Russian
"{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}" = ASUS Power4Gear Hybrid
"{9B7B1D09-FC95-FD5C-3A86-C985A6AA12A2}" = CCC Help Danish
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A3AB35FA-943E-4799-99DC-46EFD59E998F}" = AMD USB Audio Driver Filter
"{A728A529-1DEF-FBD1-B00F-1DB107B73B79}" = Catalyst Control Center Localization Chinese Standard
"{A7496F46-78AE-4DB2-BCF5-95F210FA6F96}" = Windows Live Movie Maker
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{ADA6708D-1B77-AA2E-9DE9-F1304675CFC4}" = Catalyst Control Center Localization Spanish
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{B2D4C00E-3E8C-5F2D-3B46-49A906E29CE1}" = Catalyst Control Center Localization Hungarian
"{B4089055-D468-45A4-A6BA-5A138DD715FC}" = Bing Bar
"{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1" = Spybot - Search & Destroy
"{B771F3AC-97FF-90A5-363B-6988291A8466}" = Catalyst Control Center Localization German
"{B99E9F15-72AB-40EC-BFC7-450EAE7CB63C}" = Catalyst Control Center Localization Danish
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C0B3D4BD-E441-385B-2B1D-8B141CA2A054}" = ccc-core-static
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
"{CE026CFE-73FE-4FED-9D5F-2C8D4DB512B0}" = TuneUp Utilities Language Pack (de-DE)
"{CE091273-482F-F4AF-8035-928798556DC4}" = Catalyst Control Center Graphics Full Existing
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D1E5870E-E3E5-4475-98A6-ADD614524ADF}" = ATK Media
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D3D54F3E-C5C3-443D-978F-87A72E5616E8}" = ATK Generic Function Service
"{D43604DC-486E-DB25-385C-53371144F77F}" = CCC Help Italian
"{D99B6818-793D-E40B-2FA9-7962E130D1F4}" = Catalyst Control Center Graphics Full New
"{DA41F9E9-B878-467F-95E7-27E4D1943533}" = Multimedia Card Reader
"{DB891739-2EB3-45A8-9CBD-941C255CECD4}" = ASUS Touch Pad Extra
"{DE10AB76-4756-4913-BE25-55D1C1051F9A}" = WinFlash
"{E0784911-3EB3-6C31-289A-F1FCFF3A9F4E}" = Catalyst Control Center Localization Dutch
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}" = ASUS Live Update
"{E80F62FF-5D3C-4A19-8409-9721F2928206}" = LiveUpdate (Symantec Corporation)
"{EB041636-9CD5-4D65-9604-37432FCAED91}" = Camera RAW Plug-In for EPSON Creativity Suite
"{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}" = ASUS Virtual Camera
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{EF4DDEEE-3470-2C15-CF3F-808E1C4BFA16}" = CCC Help Czech
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1F82785-BF2F-18E8-349E-071188C615A1}" = CCC Help Dutch
"{F2532D8D-9039-B19F-B12C-515B4724DB3D}" = Catalyst Control Center Localization Chinese Traditional
"{F253D684-BB75-8AD3-AC0C-DF78C3392936}" = CCC Help Turkish
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F4A3DBA7-A8EC-4EF8-BD88-63B6E10F692C}" = Catalyst Control Center Localization Czech
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FB4B213A-CEAA-00CA-10BE-6C90A318B5F1}" = CCC Help German
"{FD11A612-3B8E-0D72-8525-BB01339BF036}" = CCC Help Greek
"1280x1024" = 1280x1024 Screen Saver
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Asus_Camera_ScreenSaver" = Asus_Camera_ScreenSaver
"avast" = avast! Pro Antivirus
"capella2002-v4.0" = capella 2002, Version 4.0
"EPSON Printer and Utilities" = EPSON-Drucker-Software
"EPSON Scanner" = EPSON Scan
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.30.903
"Google Chrome" = Google Chrome
"Google Desktop" = Google Desktop
"Google Updater" = Google Updater
"Haushaltsbuch4" = Softwarenetz Haushaltsbuch4
"ICQToolbar" = ICQ Toolbar
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Musicnotes Combined Installer_is1" = Musicnotes Software Suite 1.5.3
"Picasa 3" = Picasa 3
"PROHYBRIDR" = 2007 Microsoft Office system
"PsuedoLiveUpdate" = LiveUpdate (Symantec Corporation)
"Softonic_VLC_DE Toolbar" = Softonic_VLC_DE Toolbar
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TuneUp Utilities 2012" = TuneUp Utilities 2012
"USB 2.0 UVC 1.3M WebCam" = USB 2.0 UVC 1.3M WebCam
"USB Mass Storage Filter Driver" = Multimedia Card Reader
"VLC media player" = VLC media player 1.0.1
"WinLiveSuite_Wave3" = Windows Live Essentials

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Ask Toolbar Updater

========== Last 20 Event Log Errors ==========

[ Antivirus Events ]
Error - 13.08.2010 04:18:15 | Computer Name = Thomas-PC | Source = avast! | ID = 33554522
Description =

Error - 18.08.2010 07:56:19 | Computer Name = Thomas-PC | Source = avast! | ID = 33554522
Description =

Error - 05.09.2010 18:32:30 | Computer Name = Thomas-PC | Source = avast! | ID = 33554522
Description =

Error - 01.10.2010 07:49:39 | Computer Name = Thomas-PC | Source = avast! | ID = 33554522
Description =

Error - 06.10.2010 05:31:32 | Computer Name = Thomas-PC | Source = avast! | ID = 33554522
Description =

Error - 09.10.2010 05:18:17 | Computer Name = Thomas-PC | Source = avast! | ID = 33554522
Description =

Error - 17.10.2010 15:24:37 | Computer Name = Thomas-PC | Source = avast! | ID = 33554522
Description =

Error - 27.10.2010 06:59:02 | Computer Name = Thomas-PC | Source = avast! | ID = 33554522
Description =

Error - 27.10.2010 07:04:32 | Computer Name = Thomas-PC | Source = avast! | ID = 33554522
Description =

Error - 28.10.2010 11:47:03 | Computer Name = Thomas-PC | Source = avast! | ID = 33554522
Description =

[ Application Events ]
Error - 15.02.2013 07:24:25 | Computer Name = Thomas-PC | Source = .NET Runtime Optimization Service | ID = 1107
Description =

Error - 15.02.2013 07:24:25 | Computer Name = Thomas-PC | Source = .NET Runtime Optimization Service | ID = 1107
Description =

Error - 15.02.2013 07:24:26 | Computer Name = Thomas-PC | Source = .NET Runtime Optimization Service | ID = 1111
Description =

Error - 15.02.2013 07:26:25 | Computer Name = Thomas-PC | Source = .NET Runtime Optimization Service | ID = 1111
Description =

Error - 15.02.2013 07:37:21 | Computer Name = Thomas-PC | Source = System Restore | ID = 8193
Description =

Error - 17.02.2013 04:35:26 | Computer Name = Thomas-PC | Source = WinMgmt | ID = 10
Description =

Error - 17.02.2013 04:37:33 | Computer Name = Thomas-PC | Source = .NET Runtime Optimization Service | ID = 1111
Description =

Error - 17.02.2013 05:31:59 | Computer Name = Thomas-PC | Source = System Restore | ID = 8193
Description =

Error - 18.02.2013 12:04:06 | Computer Name = Thomas-PC | Source = WinMgmt | ID = 10
Description =

Error - 18.02.2013 12:04:52 | Computer Name = Thomas-PC | Source = .NET Runtime Optimization Service | ID = 1111
Description =

[ Spybot - Search and Destroy Events ]
Error - 28.01.2013 16:35:32 | Computer Name = Thomas-PC | Source = SDCleaner | ID = 100
Description = LoadCleaningInstructions

Error - 28.01.2013 16:37:05 | Computer Name = Thomas-PC | Source = SDCleaner | ID = 100
Description = LoadCleaningInstructions

Error - 28.01.2013 16:38:38 | Computer Name = Thomas-PC | Source = SDCleaner | ID = 100
Description = LoadCleaningInstructions

Error - 30.01.2013 07:08:37 | Computer Name = Thomas-PC | Source = SDCleaner | ID = 100
Description = LoadCleaningInstructions

[ System Events ]
Error - 12.05.2009 13:03:44 | Computer Name = Thomas-PC | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 192.168.2.32 für die Netzwerkkarte mit der Netzwerkadresse
0015AFDF854F wurde durch den DHCP-Server 192.168.2.1 abgelehnt (der DHCP-Server
hat eine DHCPNACK-Meldung gesendet).

Error - 12.05.2009 13:03:43 | Computer Name = Thomas-PC | Source = HTTP | ID = 15016
Description =

Error - 12.05.2009 13:04:16 | Computer Name = Thomas-PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description =

Error - 12.05.2009 21:02:04 | Computer Name = Thomas-PC | Source = DCOM | ID = 10010
Description =

Error - 12.05.2009 21:02:04 | Computer Name = Thomas-PC | Source = DCOM | ID = 10010
Description =

Error - 13.05.2009 02:46:35 | Computer Name = Thomas-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 13.05.2009 um 03:02:59 unerwartet heruntergefahren.

Error - 13.05.2009 02:46:48 | Computer Name = Thomas-PC | Source = HTTP | ID = 15016
Description =

Error - 13.05.2009 02:48:17 | Computer Name = Thomas-PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description =

Error - 13.05.2009 16:36:30 | Computer Name = Thomas-PC | Source = HTTP | ID = 15016
Description =

Error - 13.05.2009 16:37:03 | Computer Name = Thomas-PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description =


< End of report >

Und hier dir gmer.txt:
============================
GMER 2.1.18952 - hxxp://www.gmer.net
Rootkit scan 2013-02-19 07:54:55
Windows 6.0.6002 Service Pack 2 \Device\Harddisk0\DR0 -> \Device\00000061 Seagate_ rev.TD27 465,76GB
Running: GMER_2.1.18952.exe; Driver: C:\Users\Thomas\AppData\Local\Temp\kxliipoc.sys


---- System - GMER 2.1 ----

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0x924304BA]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0x93017C22]
SSDT 888728D0 ZwAlpcConnectPort
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAssignProcessToJobObject [0x92430ED6]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0x9243BFA8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0x9243BFF4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0x9243C176]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0x9243BF16]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateSection [0x93017FA6]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0x9243BF5E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateThread [0x9243111C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0x9243C130]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDebugActiveProcess [0x9243193E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0x92430508]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0x93017CEA]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwLoadDriver [0x930163EC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0x92430556]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0x92435534]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0x924323A6]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0x9243BFD2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0x9243C016]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0x9243C19A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0x9243BF3C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0x9243C0BA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0x9243BF86]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0x9243C154]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0x93017E4A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0x92432272]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueueApcThread [0x92431DD4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0x924305A4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0x924305F2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetContextThread [0x924317BE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0x924301FA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0x924303AA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0x92430350]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSuspendProcess [0x92431AF8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSuspendThread [0x92431C54]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0x9243041A]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwTerminateProcess [0x93017EFE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwTerminateThread [0x92431636]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwUnloadDriver [0x9301641C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0x92430640]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwWriteVirtualMemory [0x93017D96]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateThreadEx [0x924312F4]

---- Kernel code sections - GMER 2.1 ----

.text ntkrnlpa.exe!KeSetEvent + 10D 82CB17D0 4 Bytes [BA, 04, 43, 92]
.text ntkrnlpa.exe!KeSetEvent + 131 82CB17F4 4 Bytes [22, 7C, 01, 93] {AND BH, [ECX+EAX-0x6d]}
.text ntkrnlpa.exe!KeSetEvent + 13D 82CB1800 4 Bytes [D0, 28, 87, 88]
.text ntkrnlpa.exe!KeSetEvent + 191 82CB1854 4 Bytes CALL C5D9EEDB
.text ntkrnlpa.exe!KeSetEvent + 1D1 82CB1894 8 Bytes [A8, BF, 43, 92, F4, BF, 43, ...]
.text ...
PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 110 82E3EDEF 4 Bytes CALL 92432A8D \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE ntkrnlpa.exe!ZwAlpcSendWaitReceivePort + 121 82E42A63 4 Bytes CALL 92432AA3 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x91209000, 0x217477, 0xE8000020]

---- User code sections - GMER 2.1 ----

.text C:\Windows\System32\spoolsv.exe[184] kernel32.dll!GetBinaryTypeW + 70 774F2447 1 Byte [62]
.text C:\Windows\system32\taskeng.exe[244] kernel32.dll!GetBinaryTypeW + 70 774F2447 1 Byte [62]
.text C:\Windows\system32\svchost.exe[292] kernel32.dll!GetBinaryTypeW + 70 774F2447 1 Byte [62]
.text C:\Windows\system32\csrss.exe[532] KERNEL32.dll!GetBinaryTypeW + 70 774F2447 1 Byte [62]
.text C:\Windows\system32\wininit.exe[592] kernel32.dll!GetBinaryTypeW + 70 774F2447 1 Byte [62]
.text ...
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1880] kernel32.dll!SetUnhandledExceptionFilter 774CA8B5 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1880] kernel32.dll!GetBinaryTypeW + 70 774F2447 1 Byte [62]
.text C:\Windows\system32\WLANExt.exe[1888] kernel32.dll!GetBinaryTypeW + 70 774F2447 1 Byte [62]
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2064] kernel32.dll!GetBinaryTypeW + 70 774F2447 1 Byte [62]
.text C:\Program Files\Microsoft\BingBar\BBSvc.EXE[2088] kernel32.dll!GetBinaryTypeW + 70 774F2447 1 Byte [62]
.text C:\Program Files\Microsoft\BingBar\SeaPort.EXE[2108] kernel32.dll!GetBinaryTypeW + 70 774F2447 1 Byte [62]
.text ...
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2616] ntdll.dll!LdrLoadDll 77809378 5 Bytes JMP 001601F8
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2616] ntdll.dll!LdrUnloadDll 7781B680 5 Bytes JMP 001603FC
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2616] KERNEL32.dll!GetBinaryTypeW + 70 774F2447 1 Byte [62]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2616] USER32.dll!SetWindowsHookExA 77056322 5 Bytes JMP 00170600
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2616] USER32.dll!SetWindowsHookExW 770587AD 5 Bytes JMP 00170804
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2616] USER32.dll!UnhookWindowsHookEx 770598DB 5 Bytes JMP 00170A08
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2616] USER32.dll!SetWinEventHook 77059F3A 5 Bytes JMP 001701F8
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2616] USER32.dll!UnhookWinEvent 7705C06F 5 Bytes JMP 001703FC
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2616] ADVAPI32.dll!CreateServiceW 775C9EB4 5 Bytes JMP 001803FC
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2616] ADVAPI32.dll!DeleteService 775CA07E 5 Bytes JMP 00180600
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2616] ADVAPI32.dll!SetServiceObjectSecurity 77606CD9 5 Bytes JMP 00181014
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2616] ADVAPI32.dll!ChangeServiceConfigA 77606DD9 5 Bytes JMP 00180804
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2616] ADVAPI32.dll!ChangeServiceConfigW 77606F81 5 Bytes JMP 00180A08
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2616] ADVAPI32.dll!ChangeServiceConfig2A 77607099 5 Bytes JMP 00180C0C
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2616] ADVAPI32.dll!ChangeServiceConfig2W 776071E1 5 Bytes JMP 00180E10
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2616] ADVAPI32.dll!CreateServiceA 776072A1 5 Bytes JMP 001801F8
.text C:\Windows\servicing\TrustedInstaller.exe[2784] kernel32.dll!GetBinaryTypeW + 70 774F2447 1 Byte [62]
.text C:\Program Files\Alwil Software\Avast5\AvastUI.exe[2988] kernel32.dll!GetBinaryTypeW + 70 774F2447 1 Byte [62]
.text C:\Program Files\ASUS\ATK Hotkey\WDC.exe[3324] kernel32.dll!GetBinaryTypeW + 70 774F2447 1 Byte [62]
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3372] kernel32.dll!GetBinaryTypeW + 70 774F2447 1 Byte [62]
.text C:\Windows\system32\Dwm.exe[3416] kernel32.dll!GetBinaryTypeW + 70 774F2447 1 Byte [62]
.text ...

---- Devices - GMER 2.1 ----

AttachedDevice \FileSystem\Ntfs \Ntfs AsDsm.sys (Data Security Manager Driver/Windows (R) Codename Longhorn DDK provider)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernelmodustreiber-Frameworklaufzeit/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (Kernelmodustreiber-Frameworklaufzeit/Microsoft Corporation)

Device \Driver\ACPI_HAL \Device\00000046 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)

---- Files - GMER 2.1 ----

File C:\ADSM_PData_0150 0 bytes
File C:\ADSM_PData_0150\DB 0 bytes
File C:\ADSM_PData_0150\DB\SI.db 624 bytes
File C:\ADSM_PData_0150\DB\UL.db 16 bytes
File C:\ADSM_PData_0150\DB\VL.db 16 bytes
File C:\ADSM_PData_0150\DB\_avt 512 bytes
File C:\ADSM_PData_0150\DragWait.exe 253952 bytes executable
File C:\ADSM_PData_0150\_avt 512 bytes
File C:\Program Files\ASUS\ASUS Data Security Manager\driver\x86 0 bytes
File C:\Program Files\ASUS\ASUS Data Security Manager\driver\x86\AsDsm.sys 29752 bytes executable
File C:\Program Files\ASUS\ASUS Data Security Manager\driver\x86\_avt 512 bytes

---- EOF - GMER 2.1 ----


Schon mal besten dank für eure Analyse!

Alt 19.02.2013, 11:22   #2
markusg
/// Malware-holic
 
Browser können keine Verbindung anzeigen aber ping und andere Dienste ins Netz funktionieren - Standard

Browser können keine Verbindung anzeigen aber ping und andere Dienste ins Netz funktionieren



Hi
öffne diese Programme, schaue nach Logfiles und poste diese
http://www.trojaner-board.de/125889-...en-posten.html
hier schon mal n HInweis, wo das Malwarebytes Log findest
__________________

__________________

Alt 19.02.2013, 19:32   #3
fisherman
 
Browser können keine Verbindung anzeigen aber ping und andere Dienste ins Netz funktionieren - Standard

Browser können keine Verbindung anzeigen aber ping und andere Dienste ins Netz funktionieren



Hab soweit alle möglichen logfiles.
Leider konnte ich kein Avira installieren da auch keine Verbindung von Avira ins Netz aufgebaut werden konnte. Deshalb konnte ich bei MBam und AntiMalware auch kein Update machen.

MBam hab ich zwei mal von heute und vom 30.1 an dem das Problem auch schon da war.

Emsisoft Anti-Malware - Version 7.0
Letztes Update: N/A

Scan Einstellungen:

Scan Methode: Detail Scan
Objekte: Rootkits, Speicher, Traces, C:\, D:\

Riskware-Erkennung: Aus
Archiv Scan: An
ADS Scan: An
Dateitypen-Filter: Aus
Erweitertes Caching: An
Direkter Festplattenzugriff: Aus

Scan Beginn: 19.02.2013 15:53:56


Gescannt 559668
Gefunden 0

Scan Ende: 19.02.2013 17:22:30
Scan Zeit: 1:28:34


Malwarebytes Anti-Malware (Test) 1.70.0.1100
www.malwarebytes.org

Datenbank Version: v2012.12.14.11

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Thomas :: THOMAS-PC [Administrator]

Schutz: Aktiviert

30.01.2013 08:42:38
mbam-log-2013-01-30 (08-42-38).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 472820
Laufzeit: 1 Stunde(n), 38 Minute(n), 26 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Userinit (Backdoor.Agent) -> Daten: C:\Users\Thomas\AppData\Roaming\appconf32.exe -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 3
C:\Users\Thomas\Documents\MV Jungingen\youtube\PDFCreatorSetup.exe (PUP.AdBundle) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Thomas\Documents\ThomasBrolde\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\autodeskdm_services\e0099c1b\5a32fac3\App_global.asax.k9tlux38.dll (Trojan.Downloader) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Thomas\AppData\Roaming\appconf32.exe (Backdoor.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Datenbank Version: v2012.12.14.11

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Thomas :: THOMAS-PC [Administrator]

19.02.2013 13:47:27
mbam-log-2013-02-19 (13-47-27).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 472320
Laufzeit: 1 Stunde(n), 48 Minute(n), 58 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
__________________

Alt 19.02.2013, 20:24   #4
markusg
/// Malware-holic
 
Browser können keine Verbindung anzeigen aber ping und andere Dienste ins Netz funktionieren - Standard

Browser können keine Verbindung anzeigen aber ping und andere Dienste ins Netz funktionieren



Hi
nutzt du dieses Gerät für Onlinebanking, zum einkaufen, für sonstige Zahlungsabwicklungen oder ähnlich wichtigem, wie beruflichem?
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 19.02.2013, 20:42   #5
fisherman
 
Browser können keine Verbindung anzeigen aber ping und andere Dienste ins Netz funktionieren - Standard

Browser können keine Verbindung anzeigen aber ping und andere Dienste ins Netz funktionieren



Ich denke schon dass er zu allen Punkten genutzt wird - es ist nicht meiner.

Ich denke du fragst deshalb weil das Ding ziemlich verseucht ist und neu Aufgesetzt werden sollte, oder?


Alt 20.02.2013, 17:53   #6
markusg
/// Malware-holic
 
Browser können keine Verbindung anzeigen aber ping und andere Dienste ins Netz funktionieren - Standard

Browser können keine Verbindung anzeigen aber ping und andere Dienste ins Netz funktionieren



ja und wenn dus nicht weist, gibts ne einfache Lösung, frag den besitzer, denn ich kann das ja wohl kaum tun..
__________________
--> Browser können keine Verbindung anzeigen aber ping und andere Dienste ins Netz funktionieren

Alt 21.02.2013, 10:09   #7
fisherman
 
Browser können keine Verbindung anzeigen aber ping und andere Dienste ins Netz funktionieren - Standard

Browser können keine Verbindung anzeigen aber ping und andere Dienste ins Netz funktionieren



Das Notebook wird nicht für Online Banking benutzt, in erster Linie zum Offline Arbeiten (Office) und ab und dazu etwas zu googeln, seltener wird damit Online eingekauft, amazon.

Alt 21.02.2013, 16:51   #8
markusg
/// Malware-holic
 
Browser können keine Verbindung anzeigen aber ping und andere Dienste ins Netz funktionieren - Standard

Browser können keine Verbindung anzeigen aber ping und andere Dienste ins Netz funktionieren



ok,
der Schnellere und der sicherste Weg, zumal du deinen PC
fürs einkaufen, verwendest
Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass Du clean bist.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 21.02.2013, 22:11   #9
fisherman
 
Browser können keine Verbindung anzeigen aber ping und andere Dienste ins Netz funktionieren - Standard

Browser können keine Verbindung anzeigen aber ping und andere Dienste ins Netz funktionieren



Bereinigung: Was sind die nächsten Schritte?

Alt 25.02.2013, 17:29   #10
markusg
/// Malware-holic
 
Browser können keine Verbindung anzeigen aber ping und andere Dienste ins Netz funktionieren - Standard

Browser können keine Verbindung anzeigen aber ping und andere Dienste ins Netz funktionieren



Ok
dir muss aber bewusst sein, dass du über das Gerät dann nicht mehr einkaufen solltest, da wir es nicht 100 %ig sicher bereinigen können.
wenn du das willst:
Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Antwort

Themen zu Browser können keine Verbindung anzeigen aber ping und andere Dienste ins Netz funktionieren
ad-aware, antivirus, bho, bingbar, browser, browser keine verbindung, converter, entfernen, error, excel, flash player, google, home, homepage, iexplore.exe, install.exe, intranet, logfile, mp3, ntdll.dll, object, office 2007, realtek, refresh, safer networking, scan, security, server, software, svchost.exe, symantec, thomas, verbindung fehlgeschlagen, viren, vista



Ähnliche Themen: Browser können keine Verbindung anzeigen aber ping und andere Dienste ins Netz funktionieren


  1. Bestimmte Programme können keine Verbindung zum Internet herstellen
    Plagegeister aller Art und deren Bekämpfung - 27.01.2015 (13)
  2. Browser keine Internetverbindung, andere Programme sind verbunden und funktionieren
    Plagegeister aller Art und deren Bekämpfung - 26.11.2014 (7)
  3. Browser keine Internetverbindung, andere Programme sind verbunden und funktionieren (Windows 7)
    Alles rund um Windows - 23.11.2014 (3)
  4. Browser verliert Verbindung zum Netz
    Plagegeister aller Art und deren Bekämpfung - 06.09.2014 (32)
  5. Wlan Verbindung. Ping Einbrüche sobald ich Browser|LoL|Steam|multiplayer öffne
    Netzwerk und Hardware - 11.05.2014 (1)
  6. Browser funktionieren nicht (Chrome/Firefox/IE) keine Verbindung, Outlook funktionert - Internet Einstellungen fehlerhaft?
    Plagegeister aller Art und deren Bekämpfung - 15.08.2013 (9)
  7. Superantispyware und Antimalware funktionieren nicht mehr, keine Verbindung
    Antiviren-, Firewall- und andere Schutzprogramme - 16.10.2010 (7)
  8. Windows Dienste funktionieren nicht, keine Internetverbindung möglich
    Plagegeister aller Art und deren Bekämpfung - 01.10.2010 (19)
  9. Nach Malwarebytes Scan und Entfernung ->div. Programme können keine Inet Verbindung mehr herstellen
    Antiviren-, Firewall- und andere Schutzprogramme - 23.08.2010 (1)
  10. Mozilla Firefox und ICQ können keine Verbindung zum Internet herstellen
    Log-Analyse und Auswertung - 23.06.2010 (26)
  11. ICQ funktioniert aber keine browser verbindung
    Alles rund um Windows - 03.04.2010 (9)
  12. Browser funktionieren nicht - aber Verbindung steht
    Log-Analyse und Auswertung - 14.07.2009 (1)
  13. Anti viren programme können keine Verbindung mehr zum Updaten herstellen!
    Log-Analyse und Auswertung - 23.02.2009 (31)
  14. Internet hat Verbindung aber Browser öffnen keine Seiten
    Plagegeister aller Art und deren Bekämpfung - 17.11.2008 (0)
  15. WLAN-Netz zwar verbunden, aber trotzdem keine wirkliche Verbindung
    Netzwerk und Hardware - 29.07.2008 (1)
  16. windows dienste abgeschaltet -> keine verbindung zu ISDN-Anlage mehr möglich
    Antiviren-, Firewall- und andere Schutzprogramme - 24.02.2005 (1)
  17. Browser können keine Internetseiten anzeigen
    Alles rund um Windows - 05.01.2005 (1)

Zum Thema Browser können keine Verbindung anzeigen aber ping und andere Dienste ins Netz funktionieren - Hallo! Hab den Rechner eines Freundes zur Reperatur und musste feststellen dass es darauf nur so von Viren gewimmelt hat. Konnte einiges über Viren Programmen und Spybot Search & Destroy - Browser können keine Verbindung anzeigen aber ping und andere Dienste ins Netz funktionieren...
Archiv
Du betrachtest: Browser können keine Verbindung anzeigen aber ping und andere Dienste ins Netz funktionieren auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.