Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   System eingefroren, abgestürtzt, Bluescreens und Viren/Trojaner (https://www.trojaner-board.de/125384-system-eingefroren-abgestuertzt-bluescreens-viren-trojaner.html)

bastelmarc 08.10.2012 21:32
System eingefroren, abgestürtzt, Bluescreens und Viren/Trojaner
 
Anhang 44720

Anhang 44721

Anhang 44722

Anhang 44723
Seit mitte Sep. habe ich massive Problemme mit dem gemeinsam genutzen PC unserer Familie!
Der Bildschirm war eingefroren null Reaktion, nicht hochgefahren (hängengeblieben oder Piepstönne), Bluescreen mit verschiedene Fehlermeldungen ( Kernel is missing or corupt, System-Stop usw.)
Habe dann Malwarebytes Pro installiert dies fand einen "Backdoor Agent" und "Trojaner" das habe ich dann auch entfernt.
Die Probleme haben aber nicht nachgelassen. Habe dann mit msconfig den Systemstart etwas bereinigt und SOHPOS Endpoint Controll entfernt soweit mögl.
Habe dann wegen wieder holter Abbrüche auf ein Hardware-Problemm getippt und darauf hin die Grafikkarte NVIDA 8600GT gegen RADEON HD6450 getauscht.
Danach lief das System etwas besser und konnte auch wieder im normal Modus starten (bisher nur abgesicherter Modus)
PC fror noch gelegentl ein. Daraufhin habe ich zwei Arbeitsspeicher Riegel entfernt, habe jetzt noch 1,5 GB von 3 GB. Seitdem läuft das System wieder recht stabil seltene Ausfälle. Habe einige Programme deinstalliert und dansch defrag durchgeführt.
Habe dann mir Malwarebytes auf meine USB-Stick einen Worm.Dorkbot festgestellt.
Nach googeln und lesen in versch. Foren bin ich mir nicht mehr sicher wie ich weiter vorgehen soll/muss
Wäre sehr dankbar wenn sich jemand der Probleme annehmen würde.

schrauber 09.10.2012 06:24
Hi,

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
%windir%\installer\*. /5
%localappdata%\*. /5
CREATERESTOREPOINT
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Kopiere nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread

bastelmarc 09.10.2012 16:01
Hatte ich schon gemacht aber er hatte sie nicht eingefügt, hier der Inhalt:OTL Logfile:
Code:
OTL logfile created on: 07.10.2012 17:46:36 - Run 1
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\Marcel\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,50 Gb Total Physical Memory | 0,57 Gb Available Physical Memory | 37,82% Memory free
3,24 Gb Paging File | 1,94 Gb Available in Paging File | 59,98% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 445,76 Gb Total Space | 366,91 Gb Free Space | 82,31% Space Free | Partition Type: NTFS
Drive D: | 19,99 Gb Total Space | 9,50 Gb Free Space | 47,52% Space Free | Partition Type: FAT32
Drive H: | 2,41 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive I: | 1862,56 Gb Total Space | 1855,45 Gb Free Space | 99,62% Space Free | Partition Type: FAT32
Drive J: | 7,52 Gb Total Space | 5,46 Gb Free Space | 72,63% Space Free | Partition Type: FAT32
 
Computer Name: MARCEL-PC | User Name: Marcel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.10.07 17:42:31 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Marcel\Desktop\OTL.exe
PRC - [2012.09.07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.09.07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012.09.07 17:04:44 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.08.31 10:42:59 | 001,380,504 | ---- | M] () -- C:\Programme\WISO\Steuersoftware 2012\mshaktuell.exe
PRC - [2012.07.16 17:24:28 | 001,114,112 | ---- | M] (1&1 Internet AG) -- C:\Programme\1&1\1&1 EasyLogin\EasyLogin.exe
PRC - [2012.01.18 07:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) -- C:\Programme\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe
PRC - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011.11.08 21:29:38 | 001,053,848 | ---- | M] () -- C:\Windows\System32\ieconfig_1und1_svc.exe
PRC - [2011.10.21 16:23:42 | 000,196,176 | ---- | M] (Microsoft Corporation.) -- C:\Programme\Microsoft\BingBar\BBSvc.EXE
PRC - [2011.10.13 18:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft\BingBar\SeaPort.EXE
PRC - [2011.08.12 13:19:40 | 000,680,984 | ---- | M] () -- C:\Programme\Common Files\LogiShrd\LQCVFX\COCIManager.exe
PRC - [2011.08.12 13:18:42 | 000,205,336 | ---- | M] (Logitech Inc.) -- C:\Programme\Logitech\LWS\Webcam Software\LWS.exe
PRC - [2011.08.12 13:18:30 | 000,265,240 | ---- | M] () -- C:\Programme\Logitech\LWS\Webcam Software\CameraHelperShell.exe
PRC - [2011.03.10 04:50:56 | 000,393,216 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2011.03.10 04:50:30 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2010.03.18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2009.12.03 10:12:12 | 000,976,320 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Programme\Epson Software\Event Manager\EEventManager.exe
PRC - [2009.05.25 13:28:56 | 000,045,056 | ---- | M] () -- C:\Users\Marcel\AppData\Local\Apps\2.0\6O82PC5V.NHM\JZ78GHY3.P0A\msso..tion_7caa8f838276e237_0001.0000_8a474ae96788d5b3\mssoft.exe
PRC - [2009.05.14 17:07:14 | 000,759,048 | ---- | M] (ABBYY) -- C:\Programme\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
PRC - [2009.04.11 08:28:15 | 000,117,248 | ---- | M] () -- \\?\C:\Windows\System32\wbem\WMIADAP.EXE
PRC - [2009.04.11 08:28:03 | 001,233,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe
PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.04.11 08:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2009.03.30 16:28:36 | 001,533,808 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
PRC - [2009.03.30 16:28:36 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
PRC - [2007.12.07 17:08:26 | 000,778,240 | ---- | M] (AVM Berlin) -- C:\Programme\1&1\Stcenter.exe
PRC - [2007.11.14 16:50:42 | 004,706,304 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007.10.25 17:09:18 | 000,087,344 | ---- | M] (AVM Berlin) -- C:\Programme\1&1\IGDCTRL.EXE
PRC - [2007.10.19 18:42:38 | 000,290,909 | ---- | M] () -- C:\Programme\HomeCinema\TV Enhance\Kernel\TV\TVECapSvc.exe
PRC - [2007.10.19 18:42:38 | 000,114,779 | ---- | M] () -- C:\Programme\HomeCinema\TV Enhance\Kernel\TV\TVESched.exe
PRC - [2007.10.19 18:42:02 | 000,155,648 | ---- | M] (CyberLink Corp.) -- C:\Programme\HomeCinema\TV Enhance\TVEService.exe
PRC - [2007.10.15 10:15:08 | 001,410,344 | ---- | M] (Nero AG) -- C:\Programme\Common Files\Nero\Lib\NMIndexStoreSvr.exe
PRC - [2007.10.15 10:14:48 | 000,202,024 | ---- | M] (Nero AG) -- C:\Programme\Common Files\Nero\Lib\NMBgMonitor.exe
PRC - [2007.10.09 00:19:22 | 000,358,936 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2007.10.09 00:19:20 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2007.08.16 10:31:40 | 001,681,408 | ---- | M] (Buhl Data Service GmbH) -- C:\Programme\Sceneo\AbsolutTV\Services\PVR\pvrservice.exe
PRC - [2007.08.08 00:12:10 | 000,797,696 | ---- | M] (ODSoft multimedia) -- C:\Programme\Sceneo\AbsolutTV\Services\ODSBC\ODSBCApp.exe
PRC - [2007.06.27 10:18:08 | 000,223,448 | ---- | M] (Intel(R) Corporation) -- C:\Programme\Intel\IntelDH\CCU\AlertService.exe
PRC - [2007.06.27 10:17:26 | 000,272,600 | ---- | M] (Intel(R) Corporation) -- C:\Programme\Intel\IntelDH\Intel Media Server\Media Server\bin\QualityManager.exe
PRC - [2007.06.27 10:17:12 | 000,446,680 | ---- | M] (Intel(R) Corporation) -- C:\Programme\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
PRC - [2007.06.27 10:16:02 | 000,157,912 | ---- | M] (Intel(R) Corporation) -- C:\Programme\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
PRC - [2007.06.27 10:15:14 | 000,059,096 | ---- | M] (Intel(R) Corporation) -- C:\Programme\Intel\IntelDH\Intel Media Server\Media Server\bin\issm.exe
PRC - [2007.06.27 10:14:46 | 000,317,656 | ---- | M] (Intel(R) Corporation) -- C:\Programme\Common Files\Intel\IntelDH\NMS\NMSCore\NMSCore.exe
PRC - [2007.06.27 10:14:40 | 000,439,512 | ---- | M] (Intel Corporation) -- C:\Programme\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe
PRC - [2007.06.27 10:13:56 | 000,268,504 | ---- | M] () -- C:\Programme\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
PRC - [2007.04.13 18:14:28 | 000,016,384 | ---- | M] (Empolis GmbH) -- C:\Programme\Medion\MEDIONbox\Program\GCS.exe
PRC - [2007.04.13 18:14:26 | 000,036,864 | ---- | M] (Empolis GmbH) -- c:\Programme\Common Files\Gnab\Service\ServiceController.exe
PRC - [2007.02.12 11:46:34 | 000,208,896 | ---- | M] () -- C:\Programme\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
PRC - [2007.01.11 06:02:00 | 000,113,664 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE
PRC - [2006.11.02 14:35:35 | 000,176,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wpcumi.exe
PRC - [2001.11.12 13:31:48 | 000,020,480 | ---- | M] (X10) -- C:\Programme\Common Files\X10\Common\X10nets.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.08.31 10:44:07 | 007,952,536 | ---- | M] () -- C:\Programme\WISO\Steuersoftware 2012\wgui12.dll
MOD - [2012.08.31 10:43:47 | 003,002,008 | ---- | M] () -- C:\Programme\WISO\Steuersoftware 2012\wcore12.dll
MOD - [2012.08.31 10:43:37 | 004,454,040 | ---- | M] () -- C:\Programme\WISO\Steuersoftware 2012\wauff12.dll
MOD - [2012.08.31 10:43:34 | 002,016,408 | ---- | M] () -- C:\Programme\WISO\Steuersoftware 2012\wfvie12.dll
MOD - [2012.08.31 10:43:12 | 001,649,816 | ---- | M] () -- C:\Programme\WISO\Steuersoftware 2012\wreli12.dll
MOD - [2012.08.31 10:43:11 | 001,550,488 | ---- | M] () -- C:\Programme\WISO\Steuersoftware 2012\wsteu12.dll
MOD - [2012.08.31 10:43:08 | 000,319,640 | ---- | M] () -- C:\Programme\WISO\Steuersoftware 2012\rsguiwinapi47.dll
MOD - [2012.08.31 10:43:06 | 000,275,096 | ---- | M] () -- C:\Programme\WISO\Steuersoftware 2012\rscorewinapi47.dll
MOD - [2012.08.31 10:42:59 | 001,380,504 | ---- | M] () -- C:\Programme\WISO\Steuersoftware 2012\mshaktuell.exe
MOD - [2012.08.31 10:42:52 | 000,135,832 | ---- | M] () -- C:\Programme\WISO\Steuersoftware 2012\rsodbc47.dll
MOD - [2012.08.31 10:42:49 | 000,028,672 | ---- | M] () -- C:\Programme\WISO\Steuersoftware 2012\rsdcom47.dll
MOD - [2012.06.14 14:40:43 | 000,240,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\9104e78d8897df008eed3a2af3bda6a2\WindowsFormsIntegration.ni.dll
MOD - [2012.06.14 14:39:56 | 001,711,616 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\2467a133aee73396c830b9b0a9c7ec0d\Microsoft.VisualBasic.ni.dll
MOD - [2012.06.14 14:38:45 | 011,820,032 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\508b444db523c5cf20ff12c7f440837b\System.Web.ni.dll
MOD - [2012.06.14 14:35:39 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\f2691cfa7671cdc58179e56ba9227591\System.Windows.Forms.ni.dll
MOD - [2012.06.14 14:35:29 | 001,592,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\18f9789aa214c657113e676b3a9015aa\System.Drawing.ni.dll
MOD - [2012.06.14 14:35:16 | 014,329,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\7343fbab1ba137db2f8b284047ef3f3c\PresentationFramework.ni.dll
MOD - [2012.06.14 14:34:51 | 012,219,392 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\7b6293b0c23321c255c2530aea8e32bb\PresentationCore.ni.dll
MOD - [2012.05.10 20:04:44 | 000,060,928 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\5fd0071c259b92078ced7cd752a14730\UIAutomationProvider.ni.dll
MOD - [2012.05.10 20:04:34 | 000,998,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\f3d4d5fe5ab848fbfcf91a49960dc8ae\System.Management.ni.dll
MOD - [2012.05.10 20:02:45 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\846b9cf2756fdd15f704c9bab9c70b6f\System.Runtime.Remoting.ni.dll
MOD - [2012.05.10 20:02:16 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\bd76aaaa03ddc15d1840207b5a480644\System.Configuration.ni.dll
MOD - [2012.05.10 19:59:37 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d2630342a066a7cb9056d9eb6157687a\System.Xml.ni.dll
MOD - [2012.05.10 19:58:57 | 002,295,296 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\0f2b877ed16daa577f95be735a63d19c\System.Core.ni.dll
MOD - [2012.05.10 19:58:54 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\c8c3ab08933fef9fb6657da871395c46\PresentationFramework.Aero.ni.dll
MOD - [2012.05.10 19:58:26 | 003,325,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\54426ee1881b42af5b090e223f43823c\WindowsBase.ni.dll
MOD - [2012.05.10 19:58:22 | 007,953,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\28d633338fc8d29f8af31935ef7d001b\System.ni.dll
MOD - [2012.05.10 19:58:11 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\af9c9e9d7e0523cd444f8b551baa9cbf\mscorlib.ni.dll
MOD - [2012.02.07 12:37:06 | 000,865,280 | ---- | M] () -- C:\Programme\WISO\Steuersoftware 2012\qtcluceners47.dll
MOD - [2012.02.07 12:37:06 | 000,271,872 | ---- | M] () -- C:\Programme\WISO\Steuersoftware 2012\phononrs47.dll
MOD - [2012.02.07 12:37:04 | 011,163,648 | ---- | M] () -- C:\Programme\WISO\Steuersoftware 2012\qtwebkitrs47.dll
MOD - [2012.02.07 12:37:02 | 000,108,544 | ---- | M] () -- C:\Programme\WISO\Steuersoftware 2012\qttestrs47.dll
MOD - [2012.02.07 12:37:00 | 001,340,416 | ---- | M] () -- C:\Programme\WISO\Steuersoftware 2012\qtscriptrs47.dll
MOD - [2012.02.07 12:36:58 | 002,395,648 | ---- | M] () -- C:\Programme\WISO\Steuersoftware 2012\qt3supportrs47.dll
MOD - [2012.02.07 12:36:58 | 000,720,896 | ---- | M] () -- C:\Programme\WISO\Steuersoftware 2012\qtsqlrs47.dll
MOD - [2012.02.07 12:36:58 | 000,281,088 | ---- | M] () -- C:\Programme\WISO\Steuersoftware 2012\qtsvgrs47.dll
MOD - [2012.02.07 12:36:56 | 000,358,400 | ---- | M] () -- C:\Programme\WISO\Steuersoftware 2012\qtxmlrs47.dll
MOD - [2012.02.07 12:36:54 | 008,934,400 | ---- | M] () -- C:\Programme\WISO\Steuersoftware 2012\qtguirs47.dll
MOD - [2012.02.07 12:36:54 | 002,356,736 | ---- | M] () -- C:\Programme\WISO\Steuersoftware 2012\qtcorers47.dll
MOD - [2012.02.07 12:36:54 | 000,990,208 | ---- | M] () -- C:\Programme\WISO\Steuersoftware 2012\qtnetworkrs47.dll
MOD - [2011.08.22 16:47:44 | 000,336,408 | ---- | M] () -- C:\Programme\Common Files\LogiShrd\LWSPlugins\LWS\Applets\CameraHelper\DevManagerCore.dll
MOD - [2011.08.12 13:19:40 | 000,680,984 | ---- | M] () -- C:\Programme\Common Files\LogiShrd\LQCVFX\COCIManager.exe
MOD - [2011.08.12 13:18:30 | 000,265,240 | ---- | M] () -- C:\Programme\Logitech\LWS\Webcam Software\CameraHelperShell.exe
MOD - [2011.03.10 04:14:02 | 000,037,376 | ---- | M] () -- C:\Windows\System32\atitmpxx.dll
MOD - [2011.03.09 23:05:10 | 000,243,712 | ---- | M] () -- C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
MOD - [2010.06.02 11:38:54 | 000,128,512 | ---- | M] () -- C:\Programme\1&1\1&1 EasyLogin\EasyLoginCrypt.dll
MOD - [2010.05.07 19:37:40 | 000,126,808 | ---- | M] () -- C:\Programme\Logitech\LWS\Webcam Software\ImageFormats\QJpeg4.dll
MOD - [2010.05.07 19:37:40 | 000,027,480 | ---- | M] () -- C:\Programme\Logitech\LWS\Webcam Software\ImageFormats\QGif4.dll
MOD - [2010.05.07 19:36:54 | 000,340,824 | ---- | M] () -- C:\Programme\Logitech\LWS\Webcam Software\QTXml4.dll
MOD - [2010.05.07 19:35:56 | 007,954,776 | ---- | M] () -- C:\Programme\Logitech\LWS\Webcam Software\QTGui4.dll
MOD - [2010.05.07 19:35:44 | 002,143,576 | ---- | M] () -- C:\Programme\Logitech\LWS\Webcam Software\QTCore4.dll
MOD - [2009.05.25 13:28:56 | 000,045,056 | ---- | M] () -- C:\Users\Marcel\AppData\Local\Apps\2.0\6O82PC5V.NHM\JZ78GHY3.P0A\msso..tion_7caa8f838276e237_0001.0000_8a474ae96788d5b3\mssoft.exe
MOD - [2009.03.30 06:42:12 | 000,434,176 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll
MOD - [2009.03.30 06:42:12 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll
MOD - [2009.03.30 06:42:12 | 000,167,936 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Xml.resources\2.0.0.0_de_b77a5c561934e089\System.Xml.resources.dll
MOD - [2009.03.30 06:42:11 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2009.02.25 03:16:56 | 000,249,856 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\PresentationFramework.resources\3.0.0.0_de_31bf3856ad364e35\PresentationFramework.resources.dll
MOD - [2007.12.12 12:21:40 | 000,245,858 | ---- | M] () -- C:\Programme\HomeCinema\TV Enhance\Kernel\TV\CLCapEngine.dll
MOD - [2007.10.19 18:42:34 | 000,339,968 | ---- | M] () -- C:\Programme\HomeCinema\TV Enhance\Kernel\TV\CLTinyDB.dll
MOD - [2007.10.19 18:42:20 | 000,114,780 | ---- | M] () -- C:\Programme\HomeCinema\TV Enhance\Kernel\TV\CLSchMgr.dll
MOD - [2007.10.19 18:42:20 | 000,032,768 | ---- | M] () -- C:\Programme\HomeCinema\TV Enhance\Kernel\TV\CLCapSvcps.dll
 
 
========== Services (SafeList) ==========
 
SRV - File not found [Disabled | Stopped] -- C:\Program Files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe -- (swi_service)
SRV - [2012.10.07 17:15:04 | 000,250,288 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.09.07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.09.07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012.08.05 19:18:32 | 000,216,600 | ---- | M] (Sophos Limited) [On_Demand | Stopped] -- C:\Programme\Sophos\Sophos Anti-Virus\SAVAdminService.exe -- (SAVAdminService)
SRV - [2012.08.05 19:18:19 | 000,139,840 | ---- | M] (Sophos Limited) [On_Demand | Stopped] -- C:\Programme\Sophos\Sophos Anti-Virus\SavService.exe -- (SAVService)
SRV - [2012.01.18 07:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Programme\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)
SRV - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.11.08 21:29:38 | 001,053,848 | ---- | M] () [Auto | Running] -- C:\Windows\System32\ieconfig_1und1_svc.exe -- (serviceIEConfig)
SRV - [2011.10.21 16:23:42 | 000,196,176 | ---- | M] (Microsoft Corporation.) [Auto | Running] -- C:\Programme\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011.10.13 18:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate)
SRV - [2011.07.20 06:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2011.03.10 04:50:30 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2010.03.18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2009.05.14 17:07:14 | 000,759,048 | ---- | M] (ABBYY) [Auto | Running] -- C:\Programme\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe -- (ABBYY.Licensing.FineReader.Sprint.9.0)
SRV - [2009.03.30 16:28:36 | 001,533,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2009.02.06 18:08:58 | 000,533,360 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2008.01.19 00:38:26 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008.01.19 00:36:50 | 000,365,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2008.01.19 00:36:16 | 000,167,936 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2008.01.19 00:33:40 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2007.10.25 17:09:18 | 000,087,344 | ---- | M] (AVM Berlin) [Auto | Running] -- C:\Programme\1&1\IGDCTRL.EXE -- (IGDCTRL)
SRV - [2007.10.19 18:42:38 | 000,290,909 | ---- | M] () [Auto | Running] -- C:\Programme\HomeCinema\TV Enhance\Kernel\TV\TVECapSvc.exe -- (TVECapSvc)
SRV - [2007.10.19 18:42:38 | 000,114,779 | ---- | M] () [Auto | Running] -- C:\Programme\HomeCinema\TV Enhance\Kernel\TV\TVESched.exe -- (TVESched)
SRV - [2007.10.09 00:19:22 | 000,358,936 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
SRV - [2007.09.07 04:17:48 | 000,071,208 | ---- | M] () [On_Demand | Stopped] -- C:\Programme\Haufe\iDesk\iDeskService\ideskservice.exe -- (HRService)
SRV - [2007.08.16 10:31:40 | 001,681,408 | ---- | M] (Buhl Data Service GmbH) [Auto | Running] -- C:\Programme\Sceneo\AbsolutTV\Services\PVR\pvrservice.exe -- (srvcPVR)
SRV - [2007.06.27 10:18:08 | 000,223,448 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\IntelDH\CCU\AlertService.exe -- (AlertService)
SRV - [2007.06.27 10:17:26 | 000,272,600 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\IntelDH\Intel Media Server\Media Server\bin\QualityManager.exe -- (QualityManager)
SRV - [2007.06.27 10:17:12 | 000,446,680 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe -- (Remote UI Service)
SRV - [2007.06.27 10:16:02 | 000,157,912 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe -- (MCLServiceATL)
SRV - [2007.06.27 10:15:28 | 000,039,640 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Intel\IntelDH\bin\DHTraceController.exe -- (DHTRACE)
SRV - [2007.06.27 10:15:14 | 000,059,096 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\IntelDH\Intel Media Server\Media Server\bin\issm.exe -- (ISSM)
SRV - [2007.06.27 10:14:46 | 000,317,656 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Common Files\Intel\IntelDH\NMS\NMSCore\NMSCore.exe -- (NMSCore)
SRV - [2007.06.27 10:13:56 | 000,268,504 | ---- | M] () [Auto | Running] -- C:\Programme\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe -- (M1 Server)
SRV - [2007.04.13 18:14:26 | 000,036,864 | ---- | M] (Empolis GmbH) [Auto | Running] -- c:\Programme\Common Files\Gnab\Service\ServiceController.exe -- (GnabService)
SRV - [2007.02.12 11:46:34 | 000,208,896 | ---- | M] () [Auto | Running] -- C:\Programme\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe -- (DQLWinService)
SRV - [2007.01.11 06:02:00 | 000,113,664 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE -- (EPSON_PM_RPCV4_01)
SRV - [2006.10.26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
SRV - [2005.11.17 16:18:52 | 001,527,900 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Programme\ALDI Sued Foto Service\Common\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
SRV - [2001.11.12 13:31:48 | 000,020,480 | ---- | M] (X10) [Auto | Running] -- C:\Programme\Common Files\X10\Common\X10nets.exe -- (x10nets)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2012.09.07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012.08.05 19:19:37 | 000,033,696 | ---- | M] (Sophos Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sdcfilter.sys -- (sdcfilter)
DRV - [2012.08.05 19:19:26 | 000,123,680 | ---- | M] (Sophos Limited) [File_System | System | Running] -- C:\Windows\System32\drivers\savonaccess.sys -- (SAVOnAccess)
DRV - [2012.04.09 15:02:24 | 000,031,736 | ---- | M] (Sophos Plc) [Kernel | System | Running] -- C:\Windows\System32\drivers\skmscan.sys -- (SKMScan)
DRV - [2012.04.09 15:01:08 | 000,022,536 | ---- | M] (Sophos Plc) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\SophosBootDriver.sys -- (SophosBootDriver)
DRV - [2012.01.18 07:44:52 | 004,332,960 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvuvc.sys -- (LVUVC)
DRV - [2012.01.18 07:44:28 | 000,312,096 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvrs.sys -- (LVRS)
DRV - [2011.03.10 05:32:38 | 007,770,624 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2011.03.10 05:32:38 | 007,770,624 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV - [2011.03.10 04:14:58 | 000,242,176 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2010.11.17 14:04:12 | 000,097,296 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AtihdLH3.sys -- (AtiHDAudioService)
DRV - [2010.05.07 19:43:30 | 000,025,824 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2010.01.21 01:59:58 | 000,020,864 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbdiag.sys -- (UsbDiag)
DRV - [2010.01.21 01:59:56 | 000,024,960 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbmodem.sys -- (USBModem)
DRV - [2010.01.21 01:59:56 | 000,013,056 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbbus.sys -- (usbbus)
DRV - [2009.09.29 08:11:22 | 000,012,160 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\lgbtport.sys -- (LgBttPort)
DRV - [2009.09.29 08:11:20 | 000,012,928 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\lgvmodem.sys -- (LGVMODEM)
DRV - [2009.09.29 08:11:20 | 000,010,496 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\lgbtbus.sys -- (lgbusenum)
DRV - [2009.04.11 06:42:52 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (winusb)
DRV - [2008.01.08 09:17:08 | 001,302,368 | ---- | M] (NXP Semiconductors Germany GmbH) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\3xHybrid.sys -- (3xHybrid)
DRV - [2007.10.15 18:13:27 | 000,005,632 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntelDH.sys -- (IntelDH)
DRV - [2007.09.21 10:38:22 | 000,554,496 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netr28u.sys -- (netr28u)
DRV - [2007.06.27 10:17:46 | 000,014,552 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Programme\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.sys -- (TSHWMDTCP)
DRV - [2007.06.19 11:37:58 | 000,229,248 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express)
DRV - [2007.02.18 20:34:50 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\nmsunidr.sys -- (nmsunidr)
DRV - [2006.11.30 15:18:18 | 000,027,416 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\x10ufx2.sys -- (XUIF)
DRV - [2006.11.17 10:31:04 | 000,013,976 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\x10hid.sys -- (X10Hid)
DRV - [2006.11.10 15:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\afc.sys -- (Afc)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = Welcome to ALDI
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDA
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Upgrade to Google Chrome
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDA
IE - HKLM\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsoft.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDA
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2528046
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = Welcome to ALDI
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = Yahoo! Deutschland [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = 1&1 - Telefon-Internet-Flatrates und mobiles Internet
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {79a2b609-bbc0-4d16-9925-70cb98a6490d} - No CLSID value found
IE - HKCU\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsoft.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IEFM1&src=IE-SearchBox
IE - HKCU\..\SearchScopes\{528E6CA1-57D6-4DAE-8B80-1C83C74D6542}: "URL" = hxxp://go.web.de/suchbox/ebay?query={searchTerms}
IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://go.web.de/suchbox/google?q={searchTerms}&rlz=1I7MEDA_de
IE - HKCU\..\SearchScopes\{73A1DCF5-99D7-4C03-B6AE-C225AB842EBF}: "URL" = hxxp://go.1und1.de/suchbox/amazon?tag=1und1icon-21&field-keywords={searchTerms}
IE - HKCU\..\SearchScopes\{E08A9998-D98F-476f-8F5C-37C80FE0A4DA}: "URL" = Suche
IE - HKCU\..\SearchScopes\{E57BF21B-23A5-4E45-8D21-7B4D48A065FA}: "URL" = hxxp://go.1und1.de/suchbox/1und1suche?su={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8064.0206: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.3088: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.3146: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.11.3006: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2008.01.23 14:42:45 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Thunderbird\Extensions\\{0E810812-F4BB-4309-942A-755587587A5E}: C:\Program Files\BullGuard Software\BullGuard\antispam\tbspamfilter
 
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: ::1            localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Programme\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (no name) - {39EA7695-B3F2-4C44-A4BC-297ADA8FD235} - No CLSID value found.
O2 - BHO: (Windows Live ID-Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Programme\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsoft.dll (Conduit Ltd.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (1&&1 Internet AG Browser Configuration by mquadr.at) - {D48FF4B4-E68F-47D1-8E25-81A0F0EEB341} - C:\Windows\System32\ieconfig_1und1.dll (mquadr.at software engineering und consulting GmbH)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Programme\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Programme\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O3 - HKLM\..\Toolbar: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsoft.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {79A2B609-BBC0-4D16-9925-70CB98A6490D} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (softonic-de3 Toolbar) - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - C:\Programme\softonic-de3\tbsoft.dll (Conduit Ltd.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [CCUTRAYICON] C:\Programme\Intel\IntelDH\CCU\CCU_TrayIcon.exe (Intel(R) Corporation)
O4 - HKLM..\Run: [EEventManager] C:\Program Files\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [LWS] C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Programme\Common Files\Nero\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [NMSSupport] C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe (Intel Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TVBroadcast] C:\Programme\Sceneo\AbsolutTV\Services\ODSBC\ODSBCApp.exe (ODSoft multimedia)
O4 - HKLM..\Run: [TVEService] C:\Program Files\HomeCinema\TV Enhance\TVEService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [WPCUMI] C:\Windows\System32\wpcumi.exe (Microsoft Corporation)
O4 - HKCU..\Run: [1&1 EasyLogin] C:\Programme\1&1\1&1 EasyLogin\EasyLogin.exe (1&1 Internet AG)
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKCU..\Run: [EPSON Stylus DX7400 Series] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATICDE.EXE (SEIKO EPSON CORPORATION)
O4 - HKCU..\Run: [EPSON SX125 Series] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIGGE.EXE (SEIKO EPSON CORPORATION)
O4 - HKCU..\Run: [mssoft] C:\Users\Marcel\AppData\Local\Apps\2.0\6O82PC5V.NHM\JZ78GHY3.P0A\msso..tion_7caa8f838276e237_0001.0000_8a474ae96788d5b3\mssoft.exe ()
O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Marcel\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm ()
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - eBay - eine der größten deutschen Shopping-Websites File not found
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - eBay - eine der größten deutschen Shopping-Websites File not found
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\1&1\\sarah.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\1&1\sarah.dll (AVM Berlin)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\1&1\sarah.dll (AVM Berlin)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\1&1\sarah.dll (AVM Berlin)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000037 - C:\Program Files\1&1\sarah.dll (AVM Berlin)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: fritz.box ([]* in Lokales Intranet)
O15 - HKCU\..Trusted Ranges: Range1 ([*] in Lokales Intranet)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/5/b/0/5b0d4654-aa20-495c-b89f-c1c34c691085/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {7527E129-A524-434A-A337-8C19F6F25C91} https://shop.aldisued-fotos-druck.de/shop/activex/aldi_sued_express_upload.cab (AldiSuedActiveFormX Element)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} hxxp://game.zylom.com/activex/zylomgamesplayer.cab (Zylom Games Player)
O16 - DPF: {CAC677B6-4963-4305-9066-0BD135CD9233} hxxp://as.photoprintit.de/ips-opdata/layout/default01/activex/IPSUploader4.cab (IPSUploader4 Control)
O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab (Java Plug-in 1.6.0_04)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DB635D00-411D-4383-B27A-33B7FDFB8462}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\GOOGLE\GOOGLE~1\GOEC62~1.DLL) -  File not found
O20 - AppInit_DLLs: (C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL) - C:\Programme\Sophos\Sophos Anti-Virus\sophos_detoured.dll (Sophos Limited)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img20.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img20.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006.11.02 22:00:00 | 000,000,043 | R--- | M] () - H:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{a2e9dbc1-7080-11df-8202-001d92755c8a}\Shell - "" = AutoRun
O33 - MountPoints2\{a2e9dbc1-7080-11df-8202-001d92755c8a}\Shell\AutoRun\command - "" = I:\USBAutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.10.07 17:42:30 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Marcel\Desktop\OTL.exe
[2012.10.06 12:41:58 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012.10.04 20:28:12 | 000,000,000 | ---D | C] -- C:\Users\Marcel\AppData\Roaming\ATI
[2012.10.04 20:28:12 | 000,000,000 | ---D | C] -- C:\Users\Marcel\AppData\Local\ATI
[2012.10.04 20:28:12 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2012.10.04 20:28:10 | 000,000,000 | ---D | C] -- C:\Program Files\AMD APP
[2012.10.04 20:27:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center
[2012.10.04 20:10:42 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ATI Technologies
[2012.10.04 19:53:17 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies
[2012.10.04 19:53:13 | 000,000,000 | ---D | C] -- C:\Program Files\ATI
[2012.10.04 19:51:50 | 000,000,000 | ---D | C] -- C:\AMD
[2012.09.30 12:28:54 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2012.09.25 20:26:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.09.25 20:26:29 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.09.23 13:40:22 | 000,000,000 | ---D | C] -- C:\Users\Marcel\AppData\Roaming\Malwarebytes
[2012.09.23 13:40:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.09.23 13:40:13 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[1 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.10.07 17:47:41 | 000,638,510 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.10.07 17:47:41 | 000,604,126 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.10.07 17:47:41 | 000,130,462 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.10.07 17:47:41 | 000,107,562 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.10.07 17:42:31 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Marcel\Desktop\OTL.exe
[2012.10.07 17:40:16 | 000,003,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.10.07 17:40:16 | 000,003,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.10.07 17:40:11 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.10.07 17:40:10 | 1608,699,904 | -HS- | M] () -- C:\hiberfil.sys
[2012.10.07 17:39:35 | 229,563,204 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012.10.07 17:36:50 | 000,050,477 | ---- | M] () -- C:\Users\Marcel\Desktop\Defogger.exe
[2012.10.07 17:23:22 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.10.07 14:44:31 | 000,000,000 | ---- | M] () -- C:\Users\Marcel\defogger_reenable
[2012.10.07 10:46:57 | 000,000,300 | ---- | M] () -- C:\Users\Marcel\Documents\cc_20121007_104654.reg
[2012.10.06 13:12:33 | 000,007,298 | ---- | M] () -- C:\Users\Marcel\Documents\cc_20121006_131225_2.reg
[2012.10.06 12:31:11 | 000,017,624 | ---- | M] () -- C:\Users\Marcel\Documents\cc_20121006_123106.reg
[2012.10.04 20:21:15 | 000,000,000 | ---- | M] () -- C:\Windows\ativpsrm.bin
[2012.10.04 19:59:21 | 000,008,592 | ---- | M] () -- C:\Users\Marcel\AppData\Local\d3d9caps.dat
[2012.10.01 18:21:28 | 000,000,392 | ---- | M] () -- C:\Users\Marcel\Documents\cc_20121001_182120.reg
[2012.09.30 20:54:42 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2012.09.30 20:54:35 | 000,001,355 | ---- | M] () -- C:\Windows\WISO.INI
[2012.09.30 11:58:19 | 000,000,432 | ---- | M] () -- C:\Users\Marcel\Documents\cc_20120930_115812.reg
[2012.09.28 23:09:35 | 000,000,836 | ---- | M] () -- C:\Users\Marcel\Documents\cc_20120928_230927_2.reg
[2012.09.28 21:05:11 | 000,001,182 | ---- | M] () -- C:\Users\Marcel\Documents\cc_20120928_210506.reg
[2012.09.28 17:46:36 | 000,383,616 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.09.28 17:02:03 | 000,004,884 | ---- | M] () -- C:\Users\Marcel\Documents\cc_20120928_170146.reg
[2012.09.28 17:01:21 | 000,237,094 | ---- | M] () -- C:\Users\Marcel\Documents\cc_20120928_170045.reg
[2012.09.25 20:26:32 | 000,000,957 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[1 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.10.07 17:36:50 | 000,050,477 | ---- | C] () -- C:\Users\Marcel\Desktop\Defogger.exe
[2012.10.07 17:15:05 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.10.07 14:44:31 | 000,000,000 | ---- | C] () -- C:\Users\Marcel\defogger_reenable
[2012.10.07 12:26:14 | 1608,699,904 | -HS- | C] () -- C:\hiberfil.sys
[2012.10.07 10:46:56 | 000,000,300 | ---- | C] () -- C:\Users\Marcel\Documents\cc_20121007_104654.reg
[2012.10.06 14:18:26 | 000,000,966 | ---- | C] () -- C:\Users\Marcel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk
[2012.10.06 14:06:24 | 229,563,204 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012.10.06 13:12:32 | 000,007,298 | ---- | C] () -- C:\Users\Marcel\Documents\cc_20121006_131225_2.reg
[2012.10.06 12:31:09 | 000,017,624 | ---- | C] () -- C:\Users\Marcel\Documents\cc_20121006_123106.reg
[2012.10.04 20:21:15 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012.10.01 18:21:24 | 000,000,392 | ---- | C] () -- C:\Users\Marcel\Documents\cc_20121001_182120.reg
[2012.09.30 15:29:08 | 000,001,957 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WISO Mein Steuer-Sparbuch heute.lnk
[2012.09.30 11:58:17 | 000,000,432 | ---- | C] () -- C:\Users\Marcel\Documents\cc_20120930_115812.reg
[2012.09.28 23:09:33 | 000,000,836 | ---- | C] () -- C:\Users\Marcel\Documents\cc_20120928_230927_2.reg
[2012.09.28 21:05:08 | 000,001,182 | ---- | C] () -- C:\Users\Marcel\Documents\cc_20120928_210506.reg
[2012.09.28 17:01:51 | 000,004,884 | ---- | C] () -- C:\Users\Marcel\Documents\cc_20120928_170146.reg
[2012.09.28 17:00:52 | 000,237,094 | ---- | C] () -- C:\Users\Marcel\Documents\cc_20120928_170045.reg
[2012.09.25 20:26:32 | 000,000,957 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.04.09 14:12:53 | 000,166,400 | --S- | C] () -- C:\ProgramData\wi124quije.dat
[2012.01.18 07:44:00 | 010,920,984 | ---- | C] () -- C:\Windows\System32\LogiDPP.dll
[2012.01.18 07:44:00 | 000,336,408 | ---- | C] () -- C:\Windows\System32\DevManagerCore.dll
[2012.01.18 07:44:00 | 000,104,472 | ---- | C] () -- C:\Windows\System32\LogiDPPApp.exe
[2011.11.08 21:29:38 | 001,053,848 | ---- | C] () -- C:\Windows\System32\ieconfig_1und1_svc.exe
[2011.09.15 20:27:43 | 000,082,823 | ---- | C] () -- C:\Users\Marcel\phase-6-backpack-all-2011-09-15.p6a
[2011.08.12 13:20:14 | 000,015,896 | ---- | C] () -- C:\Windows\System32\drivers\iKeyLFT2.dll
[2011.07.26 07:48:54 | 000,028,418 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2011.04.13 18:37:54 | 000,046,416 | ---- | C] () -- C:\Users\Marcel\Sophos_Installation.pdf
[2011.03.10 04:14:02 | 000,037,376 | ---- | C] () -- C:\Windows\System32\atitmpxx.dll
[2011.03.09 22:59:14 | 000,059,904 | ---- | C] () -- C:\Windows\System32\OVDecode.dll
[2011.03.01 20:07:08 | 000,003,949 | ---- | C] () -- C:\Windows\System32\atipblag.dat
[2011.03.01 00:30:06 | 000,233,012 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2010.05.23 14:33:29 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2008.07.20 13:56:07 | 000,041,984 | ---- | C] () -- C:\Users\Marcel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.03.11 18:39:37 | 000,008,592 | ---- | C] () -- C:\Users\Marcel\AppData\Local\d3d9caps.dat
[2008.03.07 19:22:33 | 000,000,680 | RHS- | C] () -- C:\Users\Marcel\ntuser.pol
[2008.03.06 19:11:02 | 000,000,094 | ---- | C] () -- C:\Users\Marcel\AppData\Local\fusioncache.dat
 
========== ZeroAccess Check ==========
 
[2006.11.02 14:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 19:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 08:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 08:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2010.05.27 21:05:33 | 000,000,000 | ---D | M] -- C:\Users\Marcel\AppData\Roaming\1&1
[2009.02.15 13:39:20 | 000,000,000 | ---D | M] -- C:\Users\Marcel\AppData\Roaming\Buhl Data Service
[2008.03.06 22:17:39 | 000,000,000 | ---D | M] -- C:\Users\Marcel\AppData\Roaming\Buhl Data Service GmbH
[2010.10.18 10:41:53 | 000,000,000 | ---D | M] -- C:\Users\Marcel\AppData\Roaming\DVDVideoSoft
[2010.10.18 11:12:57 | 000,000,000 | ---D | M] -- C:\Users\Marcel\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.12.29 17:16:37 | 000,000,000 | ---D | M] -- C:\Users\Marcel\AppData\Roaming\Epson
[2010.05.19 19:18:08 | 000,000,000 | ---D | M] -- C:\Users\Marcel\AppData\Roaming\Farm Mania
[2012.04.01 22:01:58 | 000,000,000 | ---D | M] -- C:\Users\Marcel\AppData\Roaming\FRITZ!
[2008.05.19 20:58:50 | 000,000,000 | ---D | M] -- C:\Users\Marcel\AppData\Roaming\Haufe
[2011.12.27 20:56:53 | 000,000,000 | ---D | M] -- C:\Users\Marcel\AppData\Roaming\Leadertech
[2010.06.05 11:32:22 | 000,000,000 | ---D | M] -- C:\Users\Marcel\AppData\Roaming\LG Electronics
[2011.09.15 19:40:17 | 000,000,000 | ---D | M] -- C:\Users\Marcel\AppData\Roaming\Phase6
[2011.04.19 15:46:20 | 000,000,000 | ---D | M] -- C:\Users\Marcel\AppData\Roaming\TuneUp Software
[2012.04.11 08:02:31 | 000,000,000 | ---D | M] -- C:\Users\Marcel\AppData\Roaming\wargaming.net
[2010.05.19 19:17:47 | 000,000,000 | ---D | M] -- C:\Users\Marcel\AppData\Roaming\Zylom
[2010.06.05 11:32:22 | 000,000,000 | -H-D | M] -- C:\Users\Marcel\AppData\Roaming\{D94BA408-F110-488B-A65E-3AE7945F79E6}
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 147 bytes -> C:\ProgramData\TEMP:E1F04E8D
@Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:4CF61E54
@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:99AC3203
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:063969F8

< End of report >
--- --- ---

schrauber 09.10.2012 17:34
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!
Downloade dir bitte Combofix vom folgenden Downloadspiegel

Link 1


WICHTIG - Speichere Combofix auf deinem Desktop
  • Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.


Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

bastelmarc 10.10.2012 19:32
weiss nicht wei ich bei antworten eine Datei anhangen kann deswegen hier der InHalt von ComboFix12-10-10.02

Combofix Logfile:
Code:
ComboFix 12-10-10.02 - Marcel 10.10.2012  19:38:50.1.4 - x86
Microsoft® Windows Vista™ Home Premium  6.0.6002.2.1252.49.1031.18.1533.565 [GMT 2:00]
ausgeführt von:: c:\users\Marcel\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\wi124quije.dat
c:\users\Marcel\AppData\Local\Apps\2.0\6O82PC5V.NHM\JZ78GHY3.P0A\msso..tion_7caa8f838276e237_0001.0000_8a474ae96788d5b3\mssoft.exe
c:\users\Marcel\AppData\Roaming\1&1
c:\users\Marcel\AppData\Roaming\1&1\1&1 EasyLogin\customer.xml
c:\users\Marcel\AppData\Roaming\1&1\1&1 EasyLogin\EasyLogin.log
c:\users\Marcel\AppData\Roaming\1&1\1&1 EasyLogin\update\EasyLogin_setup_DE.exe
c:\windows\IsUn0407.exe
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\regtlib.exe
c:\windows\unin0407.exe
.
.
(((((((((((((((((((((((  Dateien erstellt von 2012-09-10 bis 2012-10-10  ))))))))))))))))))))))))))))))
.
.
2012-10-10 18:02 . 2012-10-10 18:02        --------        d-----w-        c:\users\Melina\AppData\Local\temp
2012-10-10 18:00 . 2012-10-10 18:00        --------        d-----w-        c:\users\Default\AppData\Local\temp
2012-10-10 18:00 . 2012-10-10 18:00        --------        d-----w-        c:\users\Andrea\AppData\Local\temp
2012-10-10 17:55 . 2012-10-10 17:55        --------        d-----w-        c:\users\IUSR_NMPR\AppData\Local\temp
2012-10-10 17:55 . 2012-10-10 17:55        --------        d-----w-        c:\users\Elisa\AppData\Local\temp
2012-10-08 20:35 . 2012-10-08 20:35        --------        d-----w-        c:\program files\7-Zip
2012-10-07 15:15 . 2012-10-08 20:38        696760        ----a-w-        c:\windows\system32\FlashPlayerApp.exe
2012-10-07 15:15 . 2012-10-08 20:38        73656        ----a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl
2012-10-04 18:28 . 2012-10-04 18:28        --------        d-----w-        c:\users\Marcel\AppData\Roaming\ATI
2012-10-04 18:28 . 2012-10-04 18:28        --------        d-----w-        c:\users\Marcel\AppData\Local\ATI
2012-10-04 18:28 . 2012-10-04 18:28        --------        d-----w-        c:\programdata\ATI
2012-10-04 18:28 . 2012-10-04 18:28        --------        d-----w-        c:\program files\AMD APP
2012-10-04 18:21 . 2012-10-04 18:21        0        ----a-w-        c:\windows\ativpsrm.bin
2012-10-04 18:10 . 2012-10-04 18:10        --------        d-----w-        c:\program files\Common Files\ATI Technologies
2012-10-04 17:53 . 2012-10-04 18:28        --------        d-----w-        c:\program files\ATI Technologies
2012-10-04 17:53 . 2012-10-04 17:53        --------        d-----w-        c:\program files\ATI
2012-10-04 17:51 . 2012-10-04 17:51        --------        d-----w-        C:\AMD
2012-10-04 17:35 . 2008-01-18 20:52        26112        ----a-w-        c:\windows\system32\drivers\SETFD24.tmp
2012-09-25 18:26 . 2012-09-07 15:04        22856        ----a-w-        c:\windows\system32\drivers\mbam.sys
2012-09-24 19:31 . 2012-06-29 08:44        6891424        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{BF34737A-5A6F-4035-B706-BFFD508CD352}\mpengine.dll
2012-09-23 11:40 . 2012-09-23 11:40        --------        d-----w-        c:\users\Marcel\AppData\Roaming\Malwarebytes
2012-09-23 11:40 . 2012-09-23 11:40        --------        d-----w-        c:\programdata\Malwarebytes
2012-09-23 11:40 . 2012-09-25 18:26        --------        d-----w-        c:\program files\Malwarebytes' Anti-Malware
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-05 17:19 . 2012-08-05 17:19        33696        ----a-w-        c:\windows\system32\drivers\sdcfilter.sys
2012-08-05 17:19 . 2012-08-06 16:53        30744        ----a-w-        c:\windows\system32\SophosBootTasks.exe
2012-08-05 17:19 . 2012-08-05 17:19        123680        ----a-w-        c:\windows\system32\drivers\savonaccess.sys
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}"= "c:\program files\softonic-de3\tbsoft.dll" [2010-06-03 2736736]
.
[HKEY_CLASSES_ROOT\clsid\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}]
2010-06-03 16:24        2736736        ----a-w-        c:\program files\softonic-de3\tbsoft.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}"= "c:\program files\softonic-de3\tbsoft.dll" [2010-06-03 2736736]
.
[HKEY_CLASSES_ROOT\clsid\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065}"= "c:\program files\softonic-de3\tbsoft.dll" [2010-06-03 2736736]
.
[HKEY_CLASSES_ROOT\clsid\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-18 125952]
"1&1 EasyLogin"="c:\program files\1&1\1&1 EasyLogin\EasyLogin.exe" [2012-07-16 1114112]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-18 202240]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-03-05 39408]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-10-15 202024]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NMSSupport"="c:\program files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe" [2007-06-27 439512]
"CCUTRAYICON"="c:\program files\Intel\IntelDH\CCU\CCU_TrayIcon.exe" [2007-06-27 215256]
"RtHDVCpl"="RtHDVCpl.exe" [2007-11-14 4706304]
"Skytel"="Skytel.exe" [2007-10-11 1826816]
"WPCUMI"="c:\windows\system32\WpcUmi.exe" [2006-11-02 176128]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2006-11-02 215552]
"TVEService"="c:\program files\HomeCinema\TV Enhance\TVEService.exe" [2007-10-19 155648]
"TVBroadcast"="c:\program files\Sceneo\AbsolutTV\SERVICES\ODSBC\ODSBCApp.exe" [2007-08-07 797696]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-05 421888]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]
"LWS"="c:\program files\Logitech\LWS\Webcam Software\LWS.exe" [2011-08-12 205336]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-10-09 421736]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-10-08 178712]
"EEventManager"="c:\program files\Epson Software\Event Manager\EEventManager.exe" [2009-12-03 976320]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-03-09 336384]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
1&1 FRITZ!Box starter.lnk - c:\windows\Installer\{4E9F7AD8-E3EC-4636-BD25-A5AD97E73C64}\Icon2457326B4.exe [2010-8-1 29184]
phase-6 Reminder.lnk - c:\program files\phase-6\phase-6\reminder\reminder.exe [2011-8-10 1032192]
WISO Mein Steuer-Sparbuch heute.lnk - c:\program files\WISO\Steuersoftware 2012\mshaktuell.exe [2012-6-14 1380504]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Sophos\SOPHOS~1\sophos_detoured.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SAVService]
@="service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"ArcSoft Connection Service"=c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SophosAntiVirus]
"DisableMonitoring"=dword:00000001
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
S2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;c:\program files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
S3 3xHybrid;Philips SAA713x PCI Card;c:\windows\system32\DRIVERS\3xHybrid.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile        REG_MULTI_SZ          wcescomm rapimgr
LocalServiceRestricted        REG_MULTI_SZ          WcesComm RapiMgr
LocalServiceAndNoImpersonation        REG_MULTI_SZ          FontCache
.
Inhalt des "geplante Tasks" Ordners
.
2012-10-10 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-07 20:38]
.
2012-08-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-05 12:29]
.
2012-08-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-05 12:29]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://home.1und1.de/
mSearch Bar = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://go.1und1.de/suchbox/1und1suche?su=%s
IE: Free YouTube to Mp3 Converter - c:\users\Marcel\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: {{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - eBay - eine der größten deutschen Shopping-Websites
LSP: c:\windows\system32\wpclsp.dll
LSP: c:\program files\1&1\\sarah.dll
TCP: DhcpNameServer = 192.168.178.1
DPF: {7527E129-A524-434A-A337-8C19F6F25C91} - hxxps://shop.aldisued-fotos-druck.de/shop/activex/aldi_sued_express_upload.cab
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game.zylom.com/activex/zylomgamesplayer.cab
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
URLSearchHooks-{79a2b609-bbc0-4d16-9925-70cb98a6490d} - (no file)
WebBrowser-{79A2B609-BBC0-4D16-9925-70CB98A6490D} - (no file)
HKCU-Run-mssoft - c:\users\Marcel\AppData\Local\Apps\2.0\6O82PC5V.NHM\JZ78GHY3.P0A\msso..tion_7caa8f838276e237_0001.0000_8a474ae96788d5b3\mssoft.exe
.
.
.
**************************************************************************
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien:
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\serviceIEConfig]
"ImagePath"="c:\windows\System32\ieconfig_1und1_svc.exe /startedbyscm:016FE01B-40E31F2D-serviceIEConfig"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-1371352164-2838243007-3737389472-1004\Software\SecuROM\License information*]
"datasecu"=hex:8c,6f,87,6d,ad,58,90,44,4d,5d,9b,42,e2,46,57,45,ab,87,76,17,8a,
  c7,8b,dc,94,51,2c,c2,59,be,fb,2b,70,f0,f8,00,84,f5,96,33,ea,9f,a6,41,cb,f5,\
"rkeysecu"=hex:9f,85,41,39,7a,28,ff,48,b1,96,ba,49,57,ea,2e,d9
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\atiesrxx.exe
c:\program files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
c:\windows\system32\atieclxx.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files\Intel\IntelDH\CCU\AlertService.exe
c:\program files\Microsoft\BingBar\BBSvc.EXE
c:\program files\Microsoft\BingBar\SeaPort.EXE
c:\program files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
c:\programdata\EPSON\EPW!3 SSRP\E_S40RP7.EXE
c:\program files\common files\gnab\service\servicecontroller.exe
c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
c:\program files\1&1\IGDCTRL.EXE
c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe
c:\program files\Medion\MEDIONbox\Program\GCS.exe
c:\program files\Common Files\Intel\IntelDH\NMS\NMSCore\NMSCore.exe
c:\program files\Intel\IntelDH\Intel Media Server\Media Server\bin\qualitymanager.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\windows\System32\ieconfig_1und1_svc.exe
c:\program files\Sceneo\AbsolutTV\Services\PVR\PVRService.exe
c:\program files\HomeCinema\TV Enhance\Kernel\TV\TVECapSvc.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\progra~1\COMMON~1\X10\Common\x10nets.exe
c:\program files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
c:\program files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
c:\program files\HomeCinema\TV Enhance\Kernel\TV\TVESched.exe
c:\windows\system32\WUDFHost.exe
c:\program files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
c:\program files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\conime.exe
c:\windows\RtHDVCpl.exe
c:\program files\1&1\Stcenter.exe
c:\windows\ehome\ehmsas.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
c:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe
c:\program files\Common Files\Nero\Lib\NMIndexingService.exe
c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
c:\windows\system32\msiexec.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-10-10  20:16:01 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-10-10 18:15
.
Vor Suchlauf: 10 Verzeichnis(se), 394.145.701.888 Bytes frei
Nach Suchlauf: 17 Verzeichnis(se), 396.678.922.240 Bytes frei
.
- - End Of File - - C58669A99D285E69268487A239D418C6
--- --- ---

schrauber 11.10.2012 07:01
Hi,

Malwarebytes updaten, Quick Scan, Funde löschen, Log posten.




ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset






Und ein frisches OTL log bitte. Noch Probleme?

bastelmarc 11.10.2012 19:40
Habe Laufwerk J (USB_Stick) vollständig gescannt und dann noch mal alles im Quick-Scann:
Malwarebytes Anti-Malware (PRO) 1.65.0.1400
Malwarebytes : Free anti-malware download

Datenbank Version: v2012.10.11.09

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Marcel :: MARCEL-PC [Administrator]

Schutz: Deaktiviert

11.10.2012 16:44:06
mbam-log-2012-10-11 (16-44-06).txt

Art des Suchlaufs: Vollständiger Suchlauf (J:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 294242
Laufzeit: 2 Minute(n), 35 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
J:\RECYCLER\e621ca05.exe (Worm.Dorkbot) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)


Malwarebytes Anti-Malware (PRO) 1.65.0.1400
Malwarebytes : Free anti-malware download

Datenbank Version: v2012.10.11.09

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Marcel :: MARCEL-PC [Administrator]

Schutz: Deaktiviert

11.10.2012 18:09:14
mbam-log-2012-10-11 (18-09-14).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 28
Laufzeit: 7 Sekunde(n) [Abgebrochen]

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

Ist es möglich das ein "Win32\Kryptik.ACLA Trojaner" hatte, "ESET online Scanner" gefunnden, den PC während des Scanns zum abstürtzen bringt (Bluescreen)?

Danke für die bisherige Hilfe

schrauber 12.10.2012 06:12
Eigentlich eher unwarscheinlich. Versuch den Scan nochmal.

bastelmarc 13.10.2012 09:47
Da es im normalen Modus ein paarmal abgeschmiert ist habe ich es jetzt im abgesicherten Modus mit Netzwerktreiberen gestartet (ESET online scanner) reicht das?

schrauber 13.10.2012 09:48
wenn er durchläuft ja :)

bastelmarc 13.10.2012 11:56
Hallo das ist das Ergebnis von ESET online scanner:

C:\Users\Andrea\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25\6e9f4719-2bd1a83a Variante von Java/Exploit.CVE-2011-3544.AO Trojaner
C:\Users\Andrea\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27\6ef8d55b-2f638848 Mehrere Bedrohungen
C:\Users\Marcel\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0\3fdc84c0-2a28f733 Mehrere Bedrohungen
C:\Users\Marcel\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18\60cf46d2-11b409a8 Mehrere Bedrohungen
C:\Users\Marcel\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35\743b57a3-688c1e0f Mehrere Bedrohungen
C:\Users\Marcel\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\729f0aab-6796153c Java/Exploit.Blacole.DW Trojaner
C:\Users\Marcel\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50\19b6ba72-7fad1533 Mehrere Bedrohungen
C:\Users\Marcel\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59\7041c2bb-2ad18e53 Variante von Java/TrojanDownloader.OpenConnection.MU Trojaner

Wie geht es jetzt weiter?

Danke schon mal !!!

schrauber 13.10.2012 12:21
Dann bitte ein frisches OTL logfile. Noch Probleme? :)

bastelmarc 13.10.2012 13:17
Hier der Inhalt von OTL:OTL Logfile:
Code:
OTL logfile created on: 13.10.2012 14:04:19 - Run 3
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\Marcel\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,50 Gb Total Physical Memory | 0,57 Gb Available Physical Memory | 38,35% Memory free
3,24 Gb Paging File | 2,05 Gb Available in Paging File | 63,14% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 445,76 Gb Total Space | 368,57 Gb Free Space | 82,68% Space Free | Partition Type: NTFS
Drive D: | 19,99 Gb Total Space | 9,50 Gb Free Space | 47,52% Space Free | Partition Type: FAT32
Drive H: | 2,41 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive I: | 1862,56 Gb Total Space | 1855,45 Gb Free Space | 99,62% Space Free | Partition Type: FAT32
Drive J: | 7,52 Gb Total Space | 5,46 Gb Free Space | 72,64% Space Free | Partition Type: FAT32
 
Computer Name: MARCEL-PC | User Name: Marcel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.10.07 17:42:31 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Marcel\Desktop\OTL.exe
PRC - [2012.09.07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012.08.31 10:42:59 | 001,380,504 | ---- | M] () -- C:\Programme\WISO\Steuersoftware 2012\mshaktuell.exe
PRC - [2012.07.16 17:24:28 | 001,114,112 | ---- | M] (1&1 Internet AG) -- C:\Programme\1&1\1&1 EasyLogin\EasyLogin.exe
PRC - [2012.06.02 11:08:27 | 000,748,664 | ---- | M] (Microsoft Corporation) -- C:\Programme\Internet Explorer\iexplore.exe
PRC - [2012.01.18 07:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) -- C:\Programme\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe
PRC - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011.11.08 21:29:38 | 001,053,848 | ---- | M] () -- C:\Windows\System32\ieconfig_1und1_svc.exe
PRC - [2011.10.21 16:23:42 | 000,196,176 | ---- | M] (Microsoft Corporation.) -- C:\Programme\Microsoft\BingBar\BBSvc.EXE
PRC - [2011.10.13 18:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft\BingBar\SeaPort.EXE
PRC - [2011.08.12 13:19:40 | 000,680,984 | ---- | M] () -- C:\Programme\Common Files\LogiShrd\LQCVFX\COCIManager.exe
PRC - [2011.08.12 13:18:42 | 000,205,336 | ---- | M] (Logitech Inc.) -- C:\Programme\Logitech\LWS\Webcam Software\LWS.exe
PRC - [2011.08.12 13:18:30 | 000,265,240 | ---- | M] () -- C:\Programme\Logitech\LWS\Webcam Software\CameraHelperShell.exe
PRC - [2011.03.10 04:50:56 | 000,393,216 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2011.03.10 04:50:30 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2010.03.18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2009.12.03 10:12:12 | 000,976,320 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Programme\Epson Software\Event Manager\EEventManager.exe
PRC - [2009.09.14 09:00:00 | 000,200,704 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Windows\System32\spool\drivers\w32x86\3\E_FATIGGE.EXE
PRC - [2009.05.14 17:07:14 | 000,759,048 | ---- | M] (ABBYY) -- C:\Programme\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
PRC - [2009.04.11 08:28:03 | 001,233,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe
PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.04.11 08:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2009.03.30 16:28:36 | 001,533,808 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
PRC - [2009.03.30 16:28:36 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
PRC - [2007.12.07 17:08:26 | 000,778,240 | ---- | M] (AVM Berlin) -- C:\Programme\1&1\Stcenter.exe
PRC - [2007.11.14 16:50:42 | 004,706,304 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007.10.25 17:09:18 | 000,087,344 | ---- | M] (AVM Berlin) -- C:\Programme\1&1\IGDCTRL.EXE
PRC - [2007.10.19 18:42:38 | 000,290,909 | ---- | M] () -- C:\Programme\HomeCinema\TV Enhance\Kernel\TV\TVECapSvc.exe
PRC - [2007.10.19 18:42:38 | 000,114,779 | ---- | M] () -- C:\Programme\HomeCinema\TV Enhance\Kernel\TV\TVESched.exe
PRC - [2007.10.19 18:42:02 | 000,155,648 | ---- | M] (CyberLink Corp.) -- C:\Programme\HomeCinema\TV Enhance\TVEService.exe
PRC - [2007.10.15 10:15:08 | 001,410,344 | ---- | M] (Nero AG) -- C:\Programme\Common Files\Nero\Lib\NMIndexStoreSvr.exe
PRC - [2007.10.15 10:14:48 | 000,202,024 | ---- | M] (Nero AG) -- C:\Programme\Common Files\Nero\Lib\NMBgMonitor.exe
PRC - [2007.10.09 00:19:22 | 000,358,936 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2007.10.09 00:19:20 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2007.08.16 10:31:40 | 001,681,408 | ---- | M] (Buhl Data Service GmbH) -- C:\Programme\Sceneo\AbsolutTV\Services\PVR\pvrservice.exe
PRC - [2007.08.08 00:12:10 | 000,797,696 | ---- | M] (ODSoft multimedia) -- C:\Programme\Sceneo\AbsolutTV\Services\ODSBC\ODSBCApp.exe
PRC - [2007.06.27 10:18:08 | 000,223,448 | ---- | M] (Intel(R) Corporation) -- C:\Programme\Intel\IntelDH\CCU\AlertService.exe
PRC - [2007.06.27 10:17:26 | 000,272,600 | ---- | M] (Intel(R) Corporation) -- C:\Programme\Intel\IntelDH\Intel Media Server\Media Server\bin\QualityManager.exe
PRC - [2007.06.27 10:17:12 | 000,446,680 | ---- | M] (Intel(R) Corporation) -- C:\Programme\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
PRC - [2007.06.27 10:16:02 | 000,157,912 | ---- | M] (Intel(R) Corporation) -- C:\Programme\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
PRC - [2007.06.27 10:15:14 | 000,059,096 | ---- | M] (Intel(R) Corporation) -- C:\Programme\Intel\IntelDH\Intel Media Server\Media Server\bin\issm.exe
PRC - [2007.06.27 10:14:46 | 000,317,656 | ---- | M] (Intel(R) Corporation) -- C:\Programme\Common Files\Intel\IntelDH\NMS\NMSCore\NMSCore.exe
PRC - [2007.06.27 10:14:40 | 000,439,512 | ---- | M] (Intel Corporation) -- C:\Programme\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe
PRC - [2007.06.27 10:13:56 | 000,268,504 | ---- | M] () -- C:\Programme\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
PRC - [2007.04.13 18:14:28 | 000,016,384 | ---- | M] (Empolis GmbH) -- C:\Programme\Medion\MEDIONbox\Program\GCS.exe
PRC - [2007.04.13 18:14:26 | 000,036,864 | ---- | M] (Empolis GmbH) -- c:\Programme\Common Files\Gnab\Service\ServiceController.exe
PRC - [2007.02.12 11:46:34 | 000,208,896 | ---- | M] () -- C:\Programme\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
PRC - [2007.01.11 06:02:00 | 000,113,664 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE
PRC - [2006.11.02 14:35:35 | 000,176,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wpcumi.exe
PRC - [2001.11.12 13:31:48 | 000,020,480 | ---- | M] (X10) -- C:\Programme\Common Files\X10\Common\X10nets.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.08.31 10:44:07 | 007,952,536 | ---- | M] () -- C:\Programme\WISO\Steuersoftware 2012\wgui12.dll
MOD - [2012.08.31 10:43:47 | 003,002,008 | ---- | M] () -- C:\Programme\WISO\Steuersoftware 2012\wcore12.dll
MOD - [2012.08.31 10:43:37 | 004,454,040 | ---- | M] () -- C:\Programme\WISO\Steuersoftware 2012\wauff12.dll
MOD - [2012.08.31 10:43:34 | 002,016,408 | ---- | M] () -- C:\Programme\WISO\Steuersoftware 2012\wfvie12.dll
MOD - [2012.08.31 10:43:12 | 001,649,816 | ---- | M] () -- C:\Programme\WISO\Steuersoftware 2012\wreli12.dll
MOD - [2012.08.31 10:43:11 | 001,550,488 | ---- | M] () -- C:\Programme\WISO\Steuersoftware 2012\wsteu12.dll
MOD - [2012.08.31 10:43:08 | 000,319,640 | ---- | M] () -- C:\Programme\WISO\Steuersoftware 2012\rsguiwinapi47.dll
MOD - [2012.08.31 10:43:06 | 000,275,096 | ---- | M] () -- C:\Programme\WISO\Steuersoftware 2012\rscorewinapi47.dll
MOD - [2012.08.31 10:42:59 | 001,380,504 | ---- | M] () -- C:\Programme\WISO\Steuersoftware 2012\mshaktuell.exe
MOD - [2012.08.31 10:42:52 | 000,135,832 | ---- | M] () -- C:\Programme\WISO\Steuersoftware 2012\rsodbc47.dll
MOD - [2012.08.31 10:42:49 | 000,028,672 | ---- | M] () -- C:\Programme\WISO\Steuersoftware 2012\rsdcom47.dll
MOD - [2012.06.14 14:40:43 | 000,240,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\9104e78d8897df008eed3a2af3bda6a2\WindowsFormsIntegration.ni.dll
MOD - [2012.06.14 14:38:45 | 011,820,032 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\508b444db523c5cf20ff12c7f440837b\System.Web.ni.dll
MOD - [2012.06.14 14:35:39 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\f2691cfa7671cdc58179e56ba9227591\System.Windows.Forms.ni.dll
MOD - [2012.06.14 14:35:29 | 001,592,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\18f9789aa214c657113e676b3a9015aa\System.Drawing.ni.dll
MOD - [2012.06.14 14:35:16 | 014,329,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\7343fbab1ba137db2f8b284047ef3f3c\PresentationFramework.ni.dll
MOD - [2012.06.14 14:34:51 | 012,219,392 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\7b6293b0c23321c255c2530aea8e32bb\PresentationCore.ni.dll
MOD - [2012.05.10 20:04:44 | 000,060,928 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\5fd0071c259b92078ced7cd752a14730\UIAutomationProvider.ni.dll
MOD - [2012.05.10 20:02:45 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\846b9cf2756fdd15f704c9bab9c70b6f\System.Runtime.Remoting.ni.dll
MOD - [2012.05.10 20:02:16 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\bd76aaaa03ddc15d1840207b5a480644\System.Configuration.ni.dll
MOD - [2012.05.10 19:59:37 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d2630342a066a7cb9056d9eb6157687a\System.Xml.ni.dll
MOD - [2012.05.10 19:58:57 | 002,295,296 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\0f2b877ed16daa577f95be735a63d19c\System.Core.ni.dll
MOD - [2012.05.10 19:58:54 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\c8c3ab08933fef9fb6657da871395c46\PresentationFramework.Aero.ni.dll
MOD - [2012.05.10 19:58:26 | 003,325,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\54426ee1881b42af5b090e223f43823c\WindowsBase.ni.dll
MOD - [2012.05.10 19:58:22 | 007,953,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\28d633338fc8d29f8af31935ef7d001b\System.ni.dll
MOD - [2012.05.10 19:58:11 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\af9c9e9d7e0523cd444f8b551baa9cbf\mscorlib.ni.dll
MOD - [2012.02.07 12:37:06 | 000,865,280 | ---- | M] () -- C:\Programme\WISO\Steuersoftware 2012\qtcluceners47.dll
MOD - [2012.02.07 12:37:06 | 000,271,872 | ---- | M] () -- C:\Programme\WISO\Steuersoftware 2012\phononrs47.dll
MOD - [2012.02.07 12:37:04 | 011,163,648 | ---- | M] () -- C:\Programme\WISO\Steuersoftware 2012\qtwebkitrs47.dll
MOD - [2012.02.07 12:37:02 | 000,108,544 | ---- | M] () -- C:\Programme\WISO\Steuersoftware 2012\qttestrs47.dll
MOD - [2012.02.07 12:37:00 | 001,340,416 | ---- | M] () -- C:\Programme\WISO\Steuersoftware 2012\qtscriptrs47.dll
MOD - [2012.02.07 12:36:58 | 002,395,648 | ---- | M] () -- C:\Programme\WISO\Steuersoftware 2012\qt3supportrs47.dll
MOD - [2012.02.07 12:36:58 | 000,720,896 | ---- | M] () -- C:\Programme\WISO\Steuersoftware 2012\qtsqlrs47.dll
MOD - [2012.02.07 12:36:58 | 000,281,088 | ---- | M] () -- C:\Programme\WISO\Steuersoftware 2012\qtsvgrs47.dll
MOD - [2012.02.07 12:36:56 | 000,358,400 | ---- | M] () -- C:\Programme\WISO\Steuersoftware 2012\qtxmlrs47.dll
MOD - [2012.02.07 12:36:54 | 008,934,400 | ---- | M] () -- C:\Programme\WISO\Steuersoftware 2012\qtguirs47.dll
MOD - [2012.02.07 12:36:54 | 002,356,736 | ---- | M] () -- C:\Programme\WISO\Steuersoftware 2012\qtcorers47.dll
MOD - [2012.02.07 12:36:54 | 000,990,208 | ---- | M] () -- C:\Programme\WISO\Steuersoftware 2012\qtnetworkrs47.dll
MOD - [2011.08.22 16:47:44 | 000,336,408 | ---- | M] () -- C:\Programme\Common Files\LogiShrd\LWSPlugins\LWS\Applets\CameraHelper\DevManagerCore.dll
MOD - [2011.08.12 13:19:40 | 000,680,984 | ---- | M] () -- C:\Programme\Common Files\LogiShrd\LQCVFX\COCIManager.exe
MOD - [2011.08.12 13:18:30 | 000,265,240 | ---- | M] () -- C:\Programme\Logitech\LWS\Webcam Software\CameraHelperShell.exe
MOD - [2011.03.10 04:14:02 | 000,037,376 | ---- | M] () -- C:\Windows\System32\atitmpxx.dll
MOD - [2011.03.09 23:05:10 | 000,243,712 | ---- | M] () -- C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
MOD - [2010.06.02 11:38:54 | 000,128,512 | ---- | M] () -- C:\Programme\1&1\1&1 EasyLogin\EasyLoginCrypt.dll
MOD - [2010.05.07 19:37:40 | 000,126,808 | ---- | M] () -- C:\Programme\Logitech\LWS\Webcam Software\ImageFormats\QJpeg4.dll
MOD - [2010.05.07 19:37:40 | 000,027,480 | ---- | M] () -- C:\Programme\Logitech\LWS\Webcam Software\ImageFormats\QGif4.dll
MOD - [2010.05.07 19:36:54 | 000,340,824 | ---- | M] () -- C:\Programme\Logitech\LWS\Webcam Software\QTXml4.dll
MOD - [2010.05.07 19:35:56 | 007,954,776 | ---- | M] () -- C:\Programme\Logitech\LWS\Webcam Software\QTGui4.dll
MOD - [2010.05.07 19:35:44 | 002,143,576 | ---- | M] () -- C:\Programme\Logitech\LWS\Webcam Software\QTCore4.dll
MOD - [2009.03.30 06:42:12 | 000,434,176 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll
MOD - [2009.03.30 06:42:12 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll
MOD - [2009.03.30 06:42:12 | 000,167,936 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Xml.resources\2.0.0.0_de_b77a5c561934e089\System.Xml.resources.dll
MOD - [2009.03.30 06:42:11 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2009.02.25 03:16:56 | 000,249,856 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\PresentationFramework.resources\3.0.0.0_de_31bf3856ad364e35\PresentationFramework.resources.dll
MOD - [2007.12.12 12:21:40 | 000,245,858 | ---- | M] () -- C:\Programme\HomeCinema\TV Enhance\Kernel\TV\CLCapEngine.dll
MOD - [2007.10.19 18:42:34 | 000,339,968 | ---- | M] () -- C:\Programme\HomeCinema\TV Enhance\Kernel\TV\CLTinyDB.dll
MOD - [2007.10.19 18:42:20 | 000,114,780 | ---- | M] () -- C:\Programme\HomeCinema\TV Enhance\Kernel\TV\CLSchMgr.dll
MOD - [2007.10.19 18:42:20 | 000,032,768 | ---- | M] () -- C:\Programme\HomeCinema\TV Enhance\Kernel\TV\CLCapSvcps.dll
 
 
========== Services (SafeList) ==========
 
SRV - File not found [Disabled | Stopped] -- C:\Program Files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe -- (swi_service)
SRV - [2012.10.08 22:38:17 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.09.07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.09.07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012.08.05 19:18:32 | 000,216,600 | ---- | M] (Sophos Limited) [On_Demand | Stopped] -- C:\Programme\Sophos\Sophos Anti-Virus\SAVAdminService.exe -- (SAVAdminService)
SRV - [2012.08.05 19:18:19 | 000,139,840 | ---- | M] (Sophos Limited) [On_Demand | Stopped] -- C:\Programme\Sophos\Sophos Anti-Virus\SavService.exe -- (SAVService)
SRV - [2012.01.18 07:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Programme\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)
SRV - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.11.08 21:29:38 | 001,053,848 | ---- | M] () [Auto | Running] -- C:\Windows\System32\ieconfig_1und1_svc.exe -- (serviceIEConfig)
SRV - [2011.10.21 16:23:42 | 000,196,176 | ---- | M] (Microsoft Corporation.) [Auto | Running] -- C:\Programme\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011.10.13 18:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate)
SRV - [2011.07.20 06:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2011.03.10 04:50:30 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2010.03.18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2009.05.14 17:07:14 | 000,759,048 | ---- | M] (ABBYY) [Auto | Running] -- C:\Programme\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe -- (ABBYY.Licensing.FineReader.Sprint.9.0)
SRV - [2009.03.30 16:28:36 | 001,533,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2009.02.06 18:08:58 | 000,533,360 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2008.01.19 00:38:26 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008.01.19 00:36:50 | 000,365,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2008.01.19 00:36:16 | 000,167,936 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2008.01.19 00:33:40 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2007.10.25 17:09:18 | 000,087,344 | ---- | M] (AVM Berlin) [Auto | Running] -- C:\Programme\1&1\IGDCTRL.EXE -- (IGDCTRL)
SRV - [2007.10.19 18:42:38 | 000,290,909 | ---- | M] () [Auto | Running] -- C:\Programme\HomeCinema\TV Enhance\Kernel\TV\TVECapSvc.exe -- (TVECapSvc)
SRV - [2007.10.19 18:42:38 | 000,114,779 | ---- | M] () [Auto | Running] -- C:\Programme\HomeCinema\TV Enhance\Kernel\TV\TVESched.exe -- (TVESched)
SRV - [2007.10.09 00:19:22 | 000,358,936 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
SRV - [2007.09.07 04:17:48 | 000,071,208 | ---- | M] () [On_Demand | Stopped] -- C:\Programme\Haufe\iDesk\iDeskService\ideskservice.exe -- (HRService)
SRV - [2007.08.16 10:31:40 | 001,681,408 | ---- | M] (Buhl Data Service GmbH) [Auto | Running] -- C:\Programme\Sceneo\AbsolutTV\Services\PVR\pvrservice.exe -- (srvcPVR)
SRV - [2007.06.27 10:18:08 | 000,223,448 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\IntelDH\CCU\AlertService.exe -- (AlertService)
SRV - [2007.06.27 10:17:26 | 000,272,600 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\IntelDH\Intel Media Server\Media Server\bin\QualityManager.exe -- (QualityManager)
SRV - [2007.06.27 10:17:12 | 000,446,680 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe -- (Remote UI Service)
SRV - [2007.06.27 10:16:02 | 000,157,912 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe -- (MCLServiceATL)
SRV - [2007.06.27 10:15:28 | 000,039,640 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Intel\IntelDH\bin\DHTraceController.exe -- (DHTRACE)
SRV - [2007.06.27 10:15:14 | 000,059,096 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\IntelDH\Intel Media Server\Media Server\bin\issm.exe -- (ISSM)
SRV - [2007.06.27 10:14:46 | 000,317,656 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Common Files\Intel\IntelDH\NMS\NMSCore\NMSCore.exe -- (NMSCore)
SRV - [2007.06.27 10:13:56 | 000,268,504 | ---- | M] () [Auto | Running] -- C:\Programme\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe -- (M1 Server)
SRV - [2007.04.13 18:14:26 | 000,036,864 | ---- | M] (Empolis GmbH) [Auto | Running] -- c:\Programme\Common Files\Gnab\Service\ServiceController.exe -- (GnabService)
SRV - [2007.02.12 11:46:34 | 000,208,896 | ---- | M] () [Auto | Running] -- C:\Programme\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe -- (DQLWinService)
SRV - [2007.01.11 06:02:00 | 000,113,664 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE -- (EPSON_PM_RPCV4_01)
SRV - [2006.10.26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
SRV - [2005.11.17 16:18:52 | 001,527,900 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Programme\ALDI Sued Foto Service\Common\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
SRV - [2001.11.12 13:31:48 | 000,020,480 | ---- | M] (X10) [Auto | Running] -- C:\Programme\Common Files\X10\Common\X10nets.exe -- (x10nets)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - File not found [Kernel | Boot | Stopped] -- System32\drivers\injiojnj.sys -- (brdfnw)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2012.09.07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012.08.05 19:19:37 | 000,033,696 | ---- | M] (Sophos Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sdcfilter.sys -- (sdcfilter)
DRV - [2012.08.05 19:19:26 | 000,123,680 | ---- | M] (Sophos Limited) [File_System | System | Running] -- C:\Windows\System32\drivers\savonaccess.sys -- (SAVOnAccess)
DRV - [2012.04.09 15:02:24 | 000,031,736 | ---- | M] (Sophos Plc) [Kernel | System | Running] -- C:\Windows\System32\drivers\skmscan.sys -- (SKMScan)
DRV - [2012.04.09 15:01:08 | 000,022,536 | ---- | M] (Sophos Plc) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\SophosBootDriver.sys -- (SophosBootDriver)
DRV - [2012.01.18 07:44:52 | 004,332,960 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvuvc.sys -- (LVUVC)
DRV - [2012.01.18 07:44:28 | 000,312,096 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvrs.sys -- (LVRS)
DRV - [2011.03.10 05:32:38 | 007,770,624 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2011.03.10 05:32:38 | 007,770,624 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV - [2011.03.10 04:14:58 | 000,242,176 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2010.11.17 14:04:12 | 000,097,296 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AtihdLH3.sys -- (AtiHDAudioService)
DRV - [2010.05.07 19:43:30 | 000,025,824 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2010.01.21 01:59:58 | 000,020,864 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbdiag.sys -- (UsbDiag)
DRV - [2010.01.21 01:59:56 | 000,024,960 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbmodem.sys -- (USBModem)
DRV - [2010.01.21 01:59:56 | 000,013,056 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbbus.sys -- (usbbus)
DRV - [2009.09.29 08:11:22 | 000,012,160 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\lgbtport.sys -- (LgBttPort)
DRV - [2009.09.29 08:11:20 | 000,012,928 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\lgvmodem.sys -- (LGVMODEM)
DRV - [2009.09.29 08:11:20 | 000,010,496 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\lgbtbus.sys -- (lgbusenum)
DRV - [2009.04.11 06:42:52 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (winusb)
DRV - [2008.01.08 09:17:08 | 001,302,368 | ---- | M] (NXP Semiconductors Germany GmbH) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\3xHybrid.sys -- (3xHybrid)
DRV - [2007.10.15 18:13:27 | 000,005,632 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntelDH.sys -- (IntelDH)
DRV - [2007.09.21 10:38:22 | 000,554,496 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netr28u.sys -- (netr28u)
DRV - [2007.06.27 10:17:46 | 000,014,552 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Programme\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.sys -- (TSHWMDTCP)
DRV - [2007.06.19 11:37:58 | 000,229,248 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express)
DRV - [2007.02.18 20:34:50 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\nmsunidr.sys -- (nmsunidr)
DRV - [2006.11.30 15:18:18 | 000,027,416 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\x10ufx2.sys -- (XUIF)
DRV - [2006.11.17 10:31:04 | 000,013,976 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\x10hid.sys -- (X10Hid)
DRV - [2006.11.10 15:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\afc.sys -- (Afc)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Upgrade to Google Chrome
IE - HKLM\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsoft.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDA
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2528046
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-1371352164-2838243007-3737389472-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = Welcome to ALDI
IE - HKU\S-1-5-21-1371352164-2838243007-3737389472-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDA
IE - HKU\S-1-5-21-1371352164-2838243007-3737389472-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Upgrade to Google Chrome
IE - HKU\S-1-5-21-1371352164-2838243007-3737389472-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDA
IE - HKU\S-1-5-21-1371352164-2838243007-3737389472-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = Yahoo! Deutschland [binary data]
IE - HKU\S-1-5-21-1371352164-2838243007-3737389472-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Welcome to ALDI
IE - HKU\S-1-5-21-1371352164-2838243007-3737389472-1003\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-1371352164-2838243007-3737389472-1003\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsoft.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-1371352164-2838243007-3737389472-1003\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-1371352164-2838243007-3737389472-1003\..\URLSearchHook: {fc01c2be-850b-4115-9b6b-9a427ddecc34} - No CLSID value found
IE - HKU\S-1-5-21-1371352164-2838243007-3737389472-1003\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKU\S-1-5-21-1371352164-2838243007-3737389472-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IEFM1&src=IE-SearchBox
IE - HKU\S-1-5-21-1371352164-2838243007-3737389472-1003\..\SearchScopes\{528E6CA1-57D6-4DAE-8B80-1C83C74D6542}: "URL" = hxxp://go.web.de/suchbox/ebay?query={searchTerms}
IE - HKU\S-1-5-21-1371352164-2838243007-3737389472-1003\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDA
IE - HKU\S-1-5-21-1371352164-2838243007-3737389472-1003\..\SearchScopes\{73A1DCF5-99D7-4C03-B6AE-C225AB842EBF}: "URL" = hxxp://go.1und1.de/suchbox/amazon?tag=1und1icon-21&field-keywords={searchTerms}
IE - HKU\S-1-5-21-1371352164-2838243007-3737389472-1003\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2528046
IE - HKU\S-1-5-21-1371352164-2838243007-3737389472-1003\..\SearchScopes\{E08A9998-D98F-476f-8F5C-37C80FE0A4DA}: "URL" = Suche
IE - HKU\S-1-5-21-1371352164-2838243007-3737389472-1003\..\SearchScopes\{E57BF21B-23A5-4E45-8D21-7B4D48A065FA}: "URL" = hxxp://go.1und1.de/suchbox/1und1suche?su={searchTerms}
IE - HKU\S-1-5-21-1371352164-2838243007-3737389472-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1371352164-2838243007-3737389472-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
IE - HKU\S-1-5-21-1371352164-2838243007-3737389472-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = 1&1 - Telefon-Internet-Flatrates und mobiles Internet
IE - HKU\S-1-5-21-1371352164-2838243007-3737389472-1004\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-1371352164-2838243007-3737389472-1004\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsoft.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-1371352164-2838243007-3737389472-1004\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-1371352164-2838243007-3737389472-1004\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKU\S-1-5-21-1371352164-2838243007-3737389472-1004\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IEFM1&src=IE-SearchBox
IE - HKU\S-1-5-21-1371352164-2838243007-3737389472-1004\..\SearchScopes\{528E6CA1-57D6-4DAE-8B80-1C83C74D6542}: "URL" = hxxp://go.web.de/suchbox/ebay?query={searchTerms}
IE - HKU\S-1-5-21-1371352164-2838243007-3737389472-1004\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://go.web.de/suchbox/google?q={searchTerms}&rlz=1I7MEDA_de
IE - HKU\S-1-5-21-1371352164-2838243007-3737389472-1004\..\SearchScopes\{73A1DCF5-99D7-4C03-B6AE-C225AB842EBF}: "URL" = hxxp://go.1und1.de/suchbox/amazon?tag=1und1icon-21&field-keywords={searchTerms}
IE - HKU\S-1-5-21-1371352164-2838243007-3737389472-1004\..\SearchScopes\{E08A9998-D98F-476f-8F5C-37C80FE0A4DA}: "URL" = Suche
IE - HKU\S-1-5-21-1371352164-2838243007-3737389472-1004\..\SearchScopes\{E57BF21B-23A5-4E45-8D21-7B4D48A065FA}: "URL" = hxxp://go.1und1.de/suchbox/1und1suche?su={searchTerms}
IE - HKU\S-1-5-21-1371352164-2838243007-3737389472-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1371352164-2838243007-3737389472-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8064.0206: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.3088: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.3146: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.11.3006: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2008.01.23 14:42:45 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Thunderbird\Extensions\\{0E810812-F4BB-4309-942A-755587587A5E}: C:\Program Files\BullGuard Software\BullGuard\antispam\tbspamfilter
 
 
O1 HOSTS File: ([2012.10.10 20:09:43 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Programme\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (no name) - {39EA7695-B3F2-4C44-A4BC-297ADA8FD235} - No CLSID value found.
O2 - BHO: (Windows Live ID-Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Programme\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsoft.dll (Conduit Ltd.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (1&&1 Internet AG Browser Configuration by mquadr.at) - {D48FF4B4-E68F-47D1-8E25-81A0F0EEB341} - C:\Windows\System32\ieconfig_1und1.dll (mquadr.at software engineering und consulting GmbH)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Programme\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Programme\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O3 - HKLM\..\Toolbar: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsoft.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-1371352164-2838243007-3737389472-1003\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-1371352164-2838243007-3737389472-1003\..\Toolbar\WebBrowser: (softonic-de3 Toolbar) - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - C:\Programme\softonic-de3\tbsoft.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-1371352164-2838243007-3737389472-1004\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-1371352164-2838243007-3737389472-1004\..\Toolbar\WebBrowser: (softonic-de3 Toolbar) - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - C:\Programme\softonic-de3\tbsoft.dll (Conduit Ltd.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [CCUTRAYICON] C:\Programme\Intel\IntelDH\CCU\CCU_TrayIcon.exe (Intel(R) Corporation)
O4 - HKLM..\Run: [EEventManager] C:\Program Files\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [LWS] C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Programme\Common Files\Nero\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [NMSSupport] C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe (Intel Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TVBroadcast] C:\Programme\Sceneo\AbsolutTV\Services\ODSBC\ODSBCApp.exe (ODSoft multimedia)
O4 - HKLM..\Run: [TVEService] C:\Program Files\HomeCinema\TV Enhance\TVEService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [WPCUMI] C:\Windows\System32\wpcumi.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1371352164-2838243007-3737389472-1003..\Run: [1&1 EasyLogin] C:\Programme\1&1\1&1 EasyLogin\EasyLogin.exe (1&1 Internet AG)
O4 - HKU\S-1-5-21-1371352164-2838243007-3737389472-1003..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKU\S-1-5-21-1371352164-2838243007-3737389472-1003..\Run: [BullGuard] "C:\Program Files\BullGuard Software\BullGuard\BullGuard.exe" File not found
O4 - HKU\S-1-5-21-1371352164-2838243007-3737389472-1003..\Run: [EPSON Stylus DX7400 Series] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATICDE.EXE (SEIKO EPSON CORPORATION)
O4 - HKU\S-1-5-21-1371352164-2838243007-3737389472-1003..\Run: [EPSON SX125 Series] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIGGE.EXE (SEIKO EPSON CORPORATION)
O4 - HKU\S-1-5-21-1371352164-2838243007-3737389472-1003..\Run: [Exetender] "C:\Program Files\Free Ride Games\GPlayer.exe" /runonstartup File not found
O4 - HKU\S-1-5-21-1371352164-2838243007-3737389472-1003..\Run: [mssoft] C:\Users\IUSR_NMPR\AppData\Local\Apps\2.0\6O82PC5V.NHM\JZ78GHY3.P0A\msso..tion_7caa8f838276e237_0001.0000_8a474ae96788d5b3\mssoft.exe File not found
O4 - HKU\S-1-5-21-1371352164-2838243007-3737389472-1003..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-1371352164-2838243007-3737389472-1003..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1371352164-2838243007-3737389472-1004..\Run: [1&1 EasyLogin] C:\Programme\1&1\1&1 EasyLogin\EasyLogin.exe (1&1 Internet AG)
O4 - HKU\S-1-5-21-1371352164-2838243007-3737389472-1004..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKU\S-1-5-21-1371352164-2838243007-3737389472-1004..\Run: [EPSON SX125 Series] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIGGE.EXE (SEIKO EPSON CORPORATION)
O4 - HKU\S-1-5-21-1371352164-2838243007-3737389472-1004..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Andrea\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe ()
O4 - Startup: C:\Users\Melina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1371352164-2838243007-3737389472-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1371352164-2838243007-3737389472-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1371352164-2838243007-3737389472-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-1371352164-2838243007-3737389472-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O7 - HKU\S-1-5-21-1371352164-2838243007-3737389472-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1371352164-2838243007-3737389472-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1371352164-2838243007-3737389472-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-1371352164-2838243007-3737389472-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-1371352164-2838243007-3737389472-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Marcel\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm ()
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - eBay - eine der größten deutschen Shopping-Websites File not found
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - eBay - eine der größten deutschen Shopping-Websites File not found
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\1&1\\sarah.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\1&1\sarah.dll (AVM Berlin)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\1&1\sarah.dll (AVM Berlin)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\1&1\sarah.dll (AVM Berlin)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000037 - C:\Program Files\1&1\sarah.dll (AVM Berlin)
O15 - HKU\S-1-5-21-1371352164-2838243007-3737389472-1003\..Trusted Domains: fritz.box ([]* in Local intranet)
O15 - HKU\S-1-5-21-1371352164-2838243007-3737389472-1003\..Trusted Ranges: Range1 ([*] in Local intranet)
O15 - HKU\S-1-5-21-1371352164-2838243007-3737389472-1004\..Trusted Domains: fritz.box ([]* in Lokales Intranet)
O15 - HKU\S-1-5-21-1371352164-2838243007-3737389472-1004\..Trusted Ranges: Range1 ([*] in Lokales Intranet)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/5/b/0/5b0d4654-aa20-495c-b89f-c1c34c691085/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {7527E129-A524-434A-A337-8C19F6F25C91} https://shop.aldisued-fotos-druck.de/shop/activex/aldi_sued_express_upload.cab (AldiSuedActiveFormX Element)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} hxxp://game.zylom.com/activex/zylomgamesplayer.cab (Zylom Games Player)
O16 - DPF: {CAC677B6-4963-4305-9066-0BD135CD9233} hxxp://as.photoprintit.de/ips-opdata/layout/default01/activex/IPSUploader4.cab (IPSUploader4 Control)
O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab (Java Plug-in 1.6.0_04)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DB635D00-411D-4383-B27A-33B7FDFB8462}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Sophos\SOPHOS~1\sophos_detoured.dll) - C:\Programme\Sophos\Sophos Anti-Virus\sophos_detoured.dll (Sophos Limited)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img20.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img20.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006.11.02 22:00:00 | 000,000,043 | R--- | M] () - H:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.10.13 13:44:48 | 000,000,000 | -HSD | C] -- C:\ProgramData\{32364CEA-7855-4A3C-B674-53D8E9B97936}
[2012.10.13 13:44:48 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2012.10.11 18:26:34 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012.10.10 20:09:49 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012.10.10 19:34:11 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012.10.10 19:34:11 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012.10.10 19:34:11 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012.10.10 19:33:34 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012.10.10 19:32:37 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012.10.10 19:30:49 | 004,766,088 | R--- | C] (Swearware) -- C:\Users\Marcel\Desktop\ComboFix.exe
[2012.10.08 22:35:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2012.10.08 22:35:06 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2012.10.07 17:42:30 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Marcel\Desktop\OTL.exe
[2012.10.06 12:41:58 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2012.10.04 20:28:12 | 000,000,000 | ---D | C] -- C:\Users\Marcel\AppData\Roaming\ATI
[2012.10.04 20:28:12 | 000,000,000 | ---D | C] -- C:\Users\Marcel\AppData\Local\ATI
[2012.10.04 20:28:12 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2012.10.04 20:28:10 | 000,000,000 | ---D | C] -- C:\Program Files\AMD APP
[2012.10.04 20:27:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center
[2012.10.04 20:10:42 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ATI Technologies
[2012.10.04 19:53:17 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies
[2012.10.04 19:53:13 | 000,000,000 | ---D | C] -- C:\Program Files\ATI
[2012.10.04 19:51:50 | 000,000,000 | ---D | C] -- C:\AMD
[2012.09.30 12:28:54 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2012.09.25 20:26:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.09.25 20:26:29 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.09.23 13:40:22 | 000,000,000 | ---D | C] -- C:\Users\Marcel\AppData\Roaming\Malwarebytes
[2012.09.23 13:40:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.09.23 13:40:13 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[1 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.10.13 13:58:26 | 000,638,510 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.10.13 13:58:26 | 000,604,126 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.10.13 13:58:26 | 000,130,462 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.10.13 13:58:26 | 000,107,562 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.10.13 13:51:04 | 000,003,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.10.13 13:51:04 | 000,003,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.10.13 13:51:01 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.10.13 13:50:59 | 1608,699,904 | -HS- | M] () -- C:\hiberfil.sys
[2012.10.12 18:58:28 | 224,451,204 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012.10.11 20:38:15 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.10.10 20:09:43 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012.10.10 19:30:51 | 004,766,088 | R--- | M] (Swearware) -- C:\Users\Marcel\Desktop\ComboFix.exe
[2012.10.08 22:42:13 | 000,009,305 | ---- | M] () -- C:\Users\Marcel\Desktop\Logs.zip
[2012.10.07 18:35:01 | 000,302,592 | ---- | M] () -- C:\Users\Marcel\Desktop\mvlqyosl.exe
[2012.10.07 17:42:31 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Marcel\Desktop\OTL.exe
[2012.10.07 17:36:50 | 000,050,477 | ---- | M] () -- C:\Users\Marcel\Desktop\Defogger.exe
[2012.10.07 14:44:31 | 000,000,000 | ---- | M] () -- C:\Users\Marcel\defogger_reenable
[2012.10.07 10:46:57 | 000,000,300 | ---- | M] () -- C:\Users\Marcel\Documents\cc_20121007_104654.reg
[2012.10.06 13:12:33 | 000,007,298 | ---- | M] () -- C:\Users\Marcel\Documents\cc_20121006_131225_2.reg
[2012.10.06 12:31:11 | 000,017,624 | ---- | M] () -- C:\Users\Marcel\Documents\cc_20121006_123106.reg
[2012.10.04 20:21:15 | 000,000,000 | ---- | M] () -- C:\Windows\ativpsrm.bin
[2012.10.04 19:59:21 | 000,008,592 | ---- | M] () -- C:\Users\Marcel\AppData\Local\d3d9caps.dat
[2012.10.01 18:21:28 | 000,000,392 | ---- | M] () -- C:\Users\Marcel\Documents\cc_20121001_182120.reg
[2012.09.30 20:54:42 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2012.09.30 20:54:35 | 000,001,355 | ---- | M] () -- C:\Windows\WISO.INI
[2012.09.30 11:58:19 | 000,000,432 | ---- | M] () -- C:\Users\Marcel\Documents\cc_20120930_115812.reg
[2012.09.28 23:09:35 | 000,000,836 | ---- | M] () -- C:\Users\Marcel\Documents\cc_20120928_230927_2.reg
[2012.09.28 21:05:11 | 000,001,182 | ---- | M] () -- C:\Users\Marcel\Documents\cc_20120928_210506.reg
[2012.09.28 17:46:36 | 000,383,616 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.09.28 17:02:03 | 000,004,884 | ---- | M] () -- C:\Users\Marcel\Documents\cc_20120928_170146.reg
[2012.09.28 17:01:21 | 000,237,094 | ---- | M] () -- C:\Users\Marcel\Documents\cc_20120928_170045.reg
[2012.09.25 20:26:32 | 000,000,957 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[1 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.10.13 13:50:59 | 1608,699,904 | -HS- | C] () -- C:\hiberfil.sys
[2012.10.10 19:34:11 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012.10.10 19:34:11 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012.10.10 19:34:11 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012.10.10 19:34:11 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012.10.10 19:34:11 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012.10.08 22:42:13 | 000,009,305 | ---- | C] () -- C:\Users\Marcel\Desktop\Logs.zip
[2012.10.07 18:35:01 | 000,302,592 | ---- | C] () -- C:\Users\Marcel\Desktop\mvlqyosl.exe
[2012.10.07 17:36:50 | 000,050,477 | ---- | C] () -- C:\Users\Marcel\Desktop\Defogger.exe
[2012.10.07 17:15:05 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.10.07 14:44:31 | 000,000,000 | ---- | C] () -- C:\Users\Marcel\defogger_reenable
[2012.10.07 10:46:56 | 000,000,300 | ---- | C] () -- C:\Users\Marcel\Documents\cc_20121007_104654.reg
[2012.10.06 14:18:26 | 000,000,966 | ---- | C] () -- C:\Users\Marcel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk
[2012.10.06 14:06:24 | 224,451,204 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012.10.06 13:12:32 | 000,007,298 | ---- | C] () -- C:\Users\Marcel\Documents\cc_20121006_131225_2.reg
[2012.10.06 12:31:09 | 000,017,624 | ---- | C] () -- C:\Users\Marcel\Documents\cc_20121006_123106.reg
[2012.10.04 20:21:15 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012.10.01 18:21:24 | 000,000,392 | ---- | C] () -- C:\Users\Marcel\Documents\cc_20121001_182120.reg
[2012.09.30 15:29:08 | 000,001,957 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WISO Mein Steuer-Sparbuch heute.lnk
[2012.09.30 11:58:17 | 000,000,432 | ---- | C] () -- C:\Users\Marcel\Documents\cc_20120930_115812.reg
[2012.09.28 23:09:33 | 000,000,836 | ---- | C] () -- C:\Users\Marcel\Documents\cc_20120928_230927_2.reg
[2012.09.28 21:05:08 | 000,001,182 | ---- | C] () -- C:\Users\Marcel\Documents\cc_20120928_210506.reg
[2012.09.28 17:01:51 | 000,004,884 | ---- | C] () -- C:\Users\Marcel\Documents\cc_20120928_170146.reg
[2012.09.28 17:00:52 | 000,237,094 | ---- | C] () -- C:\Users\Marcel\Documents\cc_20120928_170045.reg
[2012.09.25 20:26:32 | 000,000,957 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.01.18 07:44:00 | 010,920,984 | ---- | C] () -- C:\Windows\System32\LogiDPP.dll
[2012.01.18 07:44:00 | 000,336,408 | ---- | C] () -- C:\Windows\System32\DevManagerCore.dll
[2012.01.18 07:44:00 | 000,104,472 | ---- | C] () -- C:\Windows\System32\LogiDPPApp.exe
[2011.11.08 21:29:38 | 001,053,848 | ---- | C] () -- C:\Windows\System32\ieconfig_1und1_svc.exe
[2011.09.15 20:27:43 | 000,082,823 | ---- | C] () -- C:\Users\Marcel\phase-6-backpack-all-2011-09-15.p6a
[2011.08.12 13:20:14 | 000,015,896 | ---- | C] () -- C:\Windows\System32\drivers\iKeyLFT2.dll
[2011.07.26 07:48:54 | 000,028,418 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2011.04.13 18:37:54 | 000,046,416 | ---- | C] () -- C:\Users\Marcel\Sophos_Installation.pdf
[2011.03.10 04:14:02 | 000,037,376 | ---- | C] () -- C:\Windows\System32\atitmpxx.dll
[2011.03.09 22:59:14 | 000,059,904 | ---- | C] () -- C:\Windows\System32\OVDecode.dll
[2011.03.01 20:07:08 | 000,003,949 | ---- | C] () -- C:\Windows\System32\atipblag.dat
[2011.03.01 00:30:06 | 000,233,012 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2010.05.23 14:33:29 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2008.07.20 13:56:07 | 000,041,984 | ---- | C] () -- C:\Users\Marcel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.03.11 18:39:37 | 000,008,592 | ---- | C] () -- C:\Users\Marcel\AppData\Local\d3d9caps.dat
[2008.03.07 19:22:33 | 000,000,680 | RHS- | C] () -- C:\Users\Marcel\ntuser.pol
[2008.03.06 19:11:02 | 000,000,094 | ---- | C] () -- C:\Users\Marcel\AppData\Local\fusioncache.dat
 
========== ZeroAccess Check ==========
 
[2006.11.02 14:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 19:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 08:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 08:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2008.08.20 15:54:37 | 000,000,000 | ---D | M] -- C:\Users\Andrea\AppData\Roaming\BullGuard
[2010.11.16 21:28:26 | 000,000,000 | ---D | M] -- C:\Users\Andrea\AppData\Roaming\Cornelsen
[2011.06.02 12:09:45 | 000,000,000 | ---D | M] -- C:\Users\Andrea\AppData\Roaming\EPSON
[2012.03.12 18:33:49 | 000,000,000 | ---D | M] -- C:\Users\Andrea\AppData\Roaming\Exent Technologies
[2010.05.24 17:25:07 | 000,000,000 | ---D | M] -- C:\Users\Andrea\AppData\Roaming\Farm Mania
[2012.04.09 14:39:49 | 000,000,000 | ---D | M] -- C:\Users\Andrea\AppData\Roaming\FRITZ!
[2008.08.20 15:44:18 | 000,000,000 | ---D | M] -- C:\Users\Andrea\AppData\Roaming\Haufe
[2008.03.15 20:46:35 | 000,000,000 | ---D | M] -- C:\Users\Andrea\AppData\Roaming\MAGIX
[2008.09.26 11:47:35 | 000,000,000 | ---D | M] -- C:\Users\Andrea\AppData\Roaming\OpenOffice.org
[2011.09.15 20:28:10 | 000,000,000 | ---D | M] -- C:\Users\Andrea\AppData\Roaming\Phase6
[2012.08.31 22:02:54 | 000,000,000 | ---D | M] -- C:\Users\Andrea\AppData\Roaming\Serif
[2011.04.19 19:21:21 | 000,000,000 | ---D | M] -- C:\Users\Andrea\AppData\Roaming\TuneUp Software
[2010.05.24 17:24:56 | 000,000,000 | ---D | M] -- C:\Users\Andrea\AppData\Roaming\Zylom
[2008.03.24 12:08:05 | 000,000,000 | ---D | M] -- C:\Users\Elisa\AppData\Roaming\BullGuard
[2011.08.18 19:48:41 | 000,000,000 | ---D | M] -- C:\Users\Elisa\AppData\Roaming\Epson
[2009.02.15 13:39:20 | 000,000,000 | ---D | M] -- C:\Users\Marcel\AppData\Roaming\Buhl Data Service
[2008.03.06 22:17:39 | 000,000,000 | ---D | M] -- C:\Users\Marcel\AppData\Roaming\Buhl Data Service GmbH
[2010.10.18 10:41:53 | 000,000,000 | ---D | M] -- C:\Users\Marcel\AppData\Roaming\DVDVideoSoft
[2010.10.18 11:12:57 | 000,000,000 | ---D | M] -- C:\Users\Marcel\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.12.29 17:16:37 | 000,000,000 | ---D | M] -- C:\Users\Marcel\AppData\Roaming\Epson
[2010.05.19 19:18:08 | 000,000,000 | ---D | M] -- C:\Users\Marcel\AppData\Roaming\Farm Mania
[2012.04.01 22:01:58 | 000,000,000 | ---D | M] -- C:\Users\Marcel\AppData\Roaming\FRITZ!
[2008.05.19 20:58:50 | 000,000,000 | ---D | M] -- C:\Users\Marcel\AppData\Roaming\Haufe
[2011.12.27 20:56:53 | 000,000,000 | ---D | M] -- C:\Users\Marcel\AppData\Roaming\Leadertech
[2010.06.05 11:32:22 | 000,000,000 | ---D | M] -- C:\Users\Marcel\AppData\Roaming\LG Electronics
[2011.09.15 19:40:17 | 000,000,000 | ---D | M] -- C:\Users\Marcel\AppData\Roaming\Phase6
[2011.04.19 15:46:20 | 000,000,000 | ---D | M] -- C:\Users\Marcel\AppData\Roaming\TuneUp Software
[2012.04.11 08:02:31 | 000,000,000 | ---D | M] -- C:\Users\Marcel\AppData\Roaming\wargaming.net
[2010.05.19 19:17:47 | 000,000,000 | ---D | M] -- C:\Users\Marcel\AppData\Roaming\Zylom
[2010.06.05 11:32:22 | 000,000,000 | -H-D | M] -- C:\Users\Marcel\AppData\Roaming\{D94BA408-F110-488B-A65E-3AE7945F79E6}
[2010.05.05 16:46:41 | 000,000,000 | ---D | M] -- C:\Users\Melina\AppData\Roaming\Buhl Data Service GmbH
[2008.08.11 20:00:04 | 000,000,000 | ---D | M] -- C:\Users\Melina\AppData\Roaming\BullGuard
[2010.11.02 19:15:44 | 000,000,000 | ---D | M] -- C:\Users\Melina\AppData\Roaming\Cornelsen
[2011.05.14 20:18:43 | 000,000,000 | ---D | M] -- C:\Users\Melina\AppData\Roaming\Epson
[2008.12.08 19:26:06 | 000,000,000 | ---D | M] -- C:\Users\Melina\AppData\Roaming\OpenOffice.org
[2011.09.16 14:36:53 | 000,000,000 | ---D | M] -- C:\Users\Melina\AppData\Roaming\Phase6
[2012.08.16 18:42:46 | 000,000,000 | ---D | M] -- C:\Users\Melina\AppData\Roaming\Serif
[2011.04.19 16:52:25 | 000,000,000 | ---D | M] -- C:\Users\Melina\AppData\Roaming\TuneUp Software
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 147 bytes -> C:\ProgramData\TEMP:E1F04E8D
@Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:4CF61E54
@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:99AC3203
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:063969F8

< End of report >
--- --- ---


EIne Frage zu den endeckten Bedrohungen von ESET online scanner:

Ich hatte das Feld "Funde entfernen" nicht angehackt!
Was ist mit denen?

Werde das System wohl neu aufsetzen müssen, wollte nur erst eine Sicherung machen!?

was muss bis dahin noch gemacht werden ?

vielen Dank!!! wäre nie allein weiter gekommen

danke

schrauber 13.10.2012 16:15
Die sind im Java Cache, den leeren wir mit dem nächsten Fix, doch bevor ich mir die Arbeit mache, eines:

Warum willst du neuaufsetzen? :wtf:

bastelmarc 14.10.2012 07:44
Habe in einigen Foren gelesen das dies notwendig wäre, um ein 100% ig sauberes System zu haben.
Wenn du allerdings der Meinung bist es geht auch ohne wäre mir dsas sehr recht!

Wenn ja sag mir wie es weiter geht.

schrauber 14.10.2012 07:50
Hast Du denn noch irgendwelche Probleme mit dem System die ich adressieren soll, ausser das was ich noch im Log finde?

bastelmarc 14.10.2012 08:20
Ja der Bildschirm eingefroren keine Reaktion mehr! Könnte das an der Hardware liegen?

schrauber 14.10.2012 08:52
IS das immer noch so? Öffne bitte OTL, in der Box Extra Registrierung auf benutze safe list stellen und scan drücken. Poste beide Logfiles, damit ich mal in die Eventlogs schauen kann.

bastelmarc 14.10.2012 14:38
Ja das ist immer noch so.

Hier der Inhalt von OTL:OTL Logfile:
OTL EXTRAS Logfile:
Code:
OTL logfile created on: 14.10.2012 14:43:27 - Run 4
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\Marcel\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,50 Gb Total Physical Memory | 1,12 Gb Available Physical Memory | 74,98% Memory free
3,24 Gb Paging File | 3,01 Gb Available in Paging File | 92,84% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 445,76 Gb Total Space | 365,02 Gb Free Space | 81,89% Space Free | Partition Type: NTFS
Drive D: | 19,99 Gb Total Space | 9,50 Gb Free Space | 47,52% Space Free | Partition Type: FAT32
Drive H: | 2,41 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive I: | 1862,56 Gb Total Space | 1855,45 Gb Free Space | 99,62% Space Free | Partition Type: FAT32
Drive J: | 7,52 Gb Total Space | 5,46 Gb Free Space | 72,64% Space Free | Partition Type: FAT32
 
Computer Name: MARCEL-PC | User Name: Marcel | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.10.07 17:42:31 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Marcel\Desktop\OTL.exe
PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
 
 
========== Modules (No Company Name) ==========
 
 
========== Services (SafeList) ==========
 
SRV - File not found [Disabled | Stopped] -- C:\Program Files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe -- (swi_service)
SRV - [2012.10.08 22:38:17 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.09.07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.09.07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012.08.05 19:18:32 | 000,216,600 | ---- | M] (Sophos Limited) [On_Demand | Stopped] -- C:\Programme\Sophos\Sophos Anti-Virus\SAVAdminService.exe -- (SAVAdminService)
SRV - [2012.08.05 19:18:19 | 000,139,840 | ---- | M] (Sophos Limited) [On_Demand | Stopped] -- C:\Programme\Sophos\Sophos Anti-Virus\SavService.exe -- (SAVService)
SRV - [2012.01.18 07:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) [Auto | Stopped] -- C:\Programme\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)
SRV - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.11.08 21:29:38 | 001,053,848 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\ieconfig_1und1_svc.exe -- (serviceIEConfig)
SRV - [2011.10.21 16:23:42 | 000,196,176 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Programme\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011.10.13 18:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate)
SRV - [2011.07.20 06:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2011.03.10 04:50:30 | 000,176,128 | ---- | M] (AMD) [Auto | Stopped] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2010.03.18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Stopped] -- C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2009.05.14 17:07:14 | 000,759,048 | ---- | M] (ABBYY) [Auto | Stopped] -- C:\Programme\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe -- (ABBYY.Licensing.FineReader.Sprint.9.0)
SRV - [2009.03.30 16:28:36 | 001,533,808 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2009.02.06 18:08:58 | 000,533,360 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2008.01.19 00:38:26 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008.01.19 00:36:50 | 000,365,568 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2008.01.19 00:36:16 | 000,167,936 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2008.01.19 00:33:40 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2007.10.25 17:09:18 | 000,087,344 | ---- | M] (AVM Berlin) [Auto | Stopped] -- C:\Programme\1&1\IGDCTRL.EXE -- (IGDCTRL)
SRV - [2007.10.19 18:42:38 | 000,290,909 | ---- | M] () [Auto | Stopped] -- C:\Programme\HomeCinema\TV Enhance\Kernel\TV\TVECapSvc.exe -- (TVECapSvc)
SRV - [2007.10.19 18:42:38 | 000,114,779 | ---- | M] () [Auto | Stopped] -- C:\Programme\HomeCinema\TV Enhance\Kernel\TV\TVESched.exe -- (TVESched)
SRV - [2007.10.09 00:19:22 | 000,358,936 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
SRV - [2007.09.07 04:17:48 | 000,071,208 | ---- | M] () [On_Demand | Stopped] -- C:\Programme\Haufe\iDesk\iDeskService\ideskservice.exe -- (HRService)
SRV - [2007.08.16 10:31:40 | 001,681,408 | ---- | M] (Buhl Data Service GmbH) [Auto | Stopped] -- C:\Programme\Sceneo\AbsolutTV\Services\PVR\pvrservice.exe -- (srvcPVR)
SRV - [2007.06.27 10:18:08 | 000,223,448 | ---- | M] (Intel(R) Corporation) [Auto | Stopped] -- C:\Programme\Intel\IntelDH\CCU\AlertService.exe -- (AlertService)
SRV - [2007.06.27 10:17:26 | 000,272,600 | ---- | M] (Intel(R) Corporation) [Auto | Stopped] -- C:\Programme\Intel\IntelDH\Intel Media Server\Media Server\bin\QualityManager.exe -- (QualityManager)
SRV - [2007.06.27 10:17:12 | 000,446,680 | ---- | M] (Intel(R) Corporation) [Auto | Stopped] -- C:\Programme\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe -- (Remote UI Service)
SRV - [2007.06.27 10:16:02 | 000,157,912 | ---- | M] (Intel(R) Corporation) [Auto | Stopped] -- C:\Programme\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe -- (MCLServiceATL)
SRV - [2007.06.27 10:15:28 | 000,039,640 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Intel\IntelDH\bin\DHTraceController.exe -- (DHTRACE)
SRV - [2007.06.27 10:15:14 | 000,059,096 | ---- | M] (Intel(R) Corporation) [Auto | Stopped] -- C:\Programme\Intel\IntelDH\Intel Media Server\Media Server\bin\issm.exe -- (ISSM)
SRV - [2007.06.27 10:14:46 | 000,317,656 | ---- | M] (Intel(R) Corporation) [Auto | Stopped] -- C:\Programme\Common Files\Intel\IntelDH\NMS\NMSCore\NMSCore.exe -- (NMSCore)
SRV - [2007.06.27 10:13:56 | 000,268,504 | ---- | M] () [Auto | Stopped] -- C:\Programme\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe -- (M1 Server)
SRV - [2007.04.13 18:14:26 | 000,036,864 | ---- | M] (Empolis GmbH) [Auto | Stopped] -- c:\Programme\Common Files\Gnab\Service\ServiceController.exe -- (GnabService)
SRV - [2007.02.12 11:46:34 | 000,208,896 | ---- | M] () [Auto | Stopped] -- C:\Programme\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe -- (DQLWinService)
SRV - [2007.01.11 06:02:00 | 000,113,664 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Stopped] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE -- (EPSON_PM_RPCV4_01)
SRV - [2006.10.26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
SRV - [2005.11.17 16:18:52 | 001,527,900 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Programme\ALDI Sued Foto Service\Common\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
SRV - [2001.11.12 13:31:48 | 000,020,480 | ---- | M] (X10) [Auto | Stopped] -- C:\Programme\Common Files\X10\Common\X10nets.exe -- (x10nets)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - File not found [Kernel | Boot | Stopped] -- System32\drivers\injiojnj.sys -- (brdfnw)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2012.09.07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012.08.05 19:19:37 | 000,033,696 | ---- | M] (Sophos Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sdcfilter.sys -- (sdcfilter)
DRV - [2012.08.05 19:19:26 | 000,123,680 | ---- | M] (Sophos Limited) [File_System | System | Stopped] -- C:\Windows\System32\drivers\savonaccess.sys -- (SAVOnAccess)
DRV - [2012.04.09 15:02:24 | 000,031,736 | ---- | M] (Sophos Plc) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\skmscan.sys -- (SKMScan)
DRV - [2012.04.09 15:01:08 | 000,022,536 | ---- | M] (Sophos Plc) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\SophosBootDriver.sys -- (SophosBootDriver)
DRV - [2012.01.18 07:44:52 | 004,332,960 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvuvc.sys -- (LVUVC)
DRV - [2012.01.18 07:44:28 | 000,312,096 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvrs.sys -- (LVRS)
DRV - [2011.03.10 05:32:38 | 007,770,624 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2011.03.10 05:32:38 | 007,770,624 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV - [2011.03.10 04:14:58 | 000,242,176 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2010.11.17 14:04:12 | 000,097,296 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AtihdLH3.sys -- (AtiHDAudioService)
DRV - [2010.05.07 19:43:30 | 000,025,824 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2010.01.21 01:59:58 | 000,020,864 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbdiag.sys -- (UsbDiag)
DRV - [2010.01.21 01:59:56 | 000,024,960 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbmodem.sys -- (USBModem)
DRV - [2010.01.21 01:59:56 | 000,013,056 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbbus.sys -- (usbbus)
DRV - [2009.09.29 08:11:22 | 000,012,160 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgbtport.sys -- (LgBttPort)
DRV - [2009.09.29 08:11:20 | 000,012,928 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgvmodem.sys -- (LGVMODEM)
DRV - [2009.09.29 08:11:20 | 000,010,496 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\lgbtbus.sys -- (lgbusenum)
DRV - [2009.04.11 06:42:52 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (winusb)
DRV - [2008.01.08 09:17:08 | 001,302,368 | ---- | M] (NXP Semiconductors Germany GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\3xHybrid.sys -- (3xHybrid)
DRV - [2007.10.15 18:13:27 | 000,005,632 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntelDH.sys -- (IntelDH)
DRV - [2007.09.21 10:38:22 | 000,554,496 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netr28u.sys -- (netr28u)
DRV - [2007.06.27 10:17:46 | 000,014,552 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Programme\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.sys -- (TSHWMDTCP)
DRV - [2007.06.19 11:37:58 | 000,229,248 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express)
DRV - [2007.02.18 20:34:50 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\nmsunidr.sys -- (nmsunidr)
DRV - [2006.11.30 15:18:18 | 000,027,416 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\x10ufx2.sys -- (XUIF)
DRV - [2006.11.17 10:31:04 | 000,013,976 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\x10hid.sys -- (X10Hid)
DRV - [2006.11.10 15:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\afc.sys -- (Afc)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Upgrade to Google Chrome
IE - HKLM\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsoft.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDA
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2528046
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = 1&1 - Telefon-Internet-Flatrates und mobiles Internet
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsoft.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IEFM1&src=IE-SearchBox
IE - HKCU\..\SearchScopes\{528E6CA1-57D6-4DAE-8B80-1C83C74D6542}: "URL" = hxxp://go.web.de/suchbox/ebay?query={searchTerms}
IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://go.web.de/suchbox/google?q={searchTerms}&rlz=1I7MEDA_de
IE - HKCU\..\SearchScopes\{73A1DCF5-99D7-4C03-B6AE-C225AB842EBF}: "URL" = hxxp://go.1und1.de/suchbox/amazon?tag=1und1icon-21&field-keywords={searchTerms}
IE - HKCU\..\SearchScopes\{E08A9998-D98F-476f-8F5C-37C80FE0A4DA}: "URL" = Suche
IE - HKCU\..\SearchScopes\{E57BF21B-23A5-4E45-8D21-7B4D48A065FA}: "URL" = hxxp://go.1und1.de/suchbox/1und1suche?su={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8064.0206: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.3088: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.3146: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.11.3006: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2008.01.23 14:42:45 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Thunderbird\Extensions\\{0E810812-F4BB-4309-942A-755587587A5E}: C:\Program Files\BullGuard Software\BullGuard\antispam\tbspamfilter
 
 
O1 HOSTS File: ([2012.10.10 20:09:43 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Programme\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (no name) - {39EA7695-B3F2-4C44-A4BC-297ADA8FD235} - No CLSID value found.
O2 - BHO: (Windows Live ID-Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Programme\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsoft.dll (Conduit Ltd.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (1&&1 Internet AG Browser Configuration by mquadr.at) - {D48FF4B4-E68F-47D1-8E25-81A0F0EEB341} - C:\Windows\System32\ieconfig_1und1.dll (mquadr.at software engineering und consulting GmbH)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Programme\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Programme\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O3 - HKLM\..\Toolbar: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsoft.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (softonic-de3 Toolbar) - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - C:\Programme\softonic-de3\tbsoft.dll (Conduit Ltd.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [CCUTRAYICON] C:\Programme\Intel\IntelDH\CCU\CCU_TrayIcon.exe (Intel(R) Corporation)
O4 - HKLM..\Run: [EEventManager] C:\Program Files\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [LWS] C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Programme\Common Files\Nero\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [NMSSupport] C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe (Intel Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TVBroadcast] C:\Programme\Sceneo\AbsolutTV\Services\ODSBC\ODSBCApp.exe (ODSoft multimedia)
O4 - HKLM..\Run: [TVEService] C:\Program Files\HomeCinema\TV Enhance\TVEService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [WPCUMI] C:\Windows\System32\wpcumi.exe (Microsoft Corporation)
O4 - HKCU..\Run: [1&1 EasyLogin] C:\Programme\1&1\1&1 EasyLogin\EasyLogin.exe (1&1 Internet AG)
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKCU..\Run: [EPSON SX125 Series] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIGGE.EXE (SEIKO EPSON CORPORATION)
O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Marcel\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm ()
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - eBay - eine der größten deutschen Shopping-Websites File not found
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - eBay - eine der größten deutschen Shopping-Websites File not found
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\1&1\\sarah.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\1&1\sarah.dll (AVM Berlin)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\1&1\sarah.dll (AVM Berlin)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\1&1\sarah.dll (AVM Berlin)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000037 - C:\Program Files\1&1\sarah.dll (AVM Berlin)
O15 - HKCU\..Trusted Domains: fritz.box ([]* in Lokales Intranet)
O15 - HKCU\..Trusted Ranges: Range1 ([*] in Lokales Intranet)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/5/b/0/5b0d4654-aa20-495c-b89f-c1c34c691085/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {7527E129-A524-434A-A337-8C19F6F25C91} https://shop.aldisued-fotos-druck.de/shop/activex/aldi_sued_express_upload.cab (AldiSuedActiveFormX Element)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} hxxp://game.zylom.com/activex/zylomgamesplayer.cab (Zylom Games Player)
O16 - DPF: {CAC677B6-4963-4305-9066-0BD135CD9233} hxxp://as.photoprintit.de/ips-opdata/layout/default01/activex/IPSUploader4.cab (IPSUploader4 Control)
O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab (Java Plug-in 1.6.0_04)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DB635D00-411D-4383-B27A-33B7FDFB8462}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Sophos\SOPHOS~1\sophos_detoured.dll) - C:\Programme\Sophos\Sophos Anti-Virus\sophos_detoured.dll (Sophos Limited)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img20.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img20.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006.11.02 22:00:00 | 000,000,043 | R--- | M] () - H:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.10.13 13:44:48 | 000,000,000 | -HSD | C] -- C:\ProgramData\{32364CEA-7855-4A3C-B674-53D8E9B97936}
[2012.10.13 13:44:48 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2012.10.11 18:26:34 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012.10.10 20:09:49 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012.10.10 19:34:11 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012.10.10 19:34:11 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012.10.10 19:34:11 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012.10.10 19:33:34 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012.10.10 19:32:37 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012.10.10 19:30:49 | 004,766,088 | R--- | C] (Swearware) -- C:\Users\Marcel\Desktop\ComboFix.exe
[2012.10.08 22:35:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2012.10.08 22:35:06 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2012.10.07 17:42:30 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Marcel\Desktop\OTL.exe
[2012.10.07 17:15:04 | 000,696,760 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012.10.07 17:15:04 | 000,073,656 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012.10.06 12:41:58 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2012.10.04 20:28:12 | 000,000,000 | ---D | C] -- C:\Users\Marcel\AppData\Roaming\ATI
[2012.10.04 20:28:12 | 000,000,000 | ---D | C] -- C:\Users\Marcel\AppData\Local\ATI
[2012.10.04 20:28:12 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2012.10.04 20:28:10 | 000,000,000 | ---D | C] -- C:\Program Files\AMD APP
[2012.10.04 20:27:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center
[2012.10.04 20:10:42 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ATI Technologies
[2012.10.04 19:53:17 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies
[2012.10.04 19:53:13 | 000,000,000 | ---D | C] -- C:\Program Files\ATI
[2012.10.04 19:51:50 | 000,000,000 | ---D | C] -- C:\AMD
[2012.09.30 12:28:54 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2012.09.25 20:26:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.09.25 20:26:29 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.09.23 13:40:22 | 000,000,000 | ---D | C] -- C:\Users\Marcel\AppData\Roaming\Malwarebytes
[2012.09.23 13:40:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.09.23 13:40:13 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[1 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.10.14 14:38:54 | 000,637,762 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.10.14 14:38:54 | 000,603,714 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.10.14 14:38:54 | 000,130,084 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.10.14 14:38:54 | 000,107,150 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.10.14 14:34:33 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.10.14 13:38:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.10.14 12:31:42 | 000,003,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.10.14 12:31:42 | 000,003,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.10.12 18:58:28 | 224,451,204 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012.10.10 20:09:43 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012.10.10 19:30:51 | 004,766,088 | R--- | M] (Swearware) -- C:\Users\Marcel\Desktop\ComboFix.exe
[2012.10.08 22:42:13 | 000,009,305 | ---- | M] () -- C:\Users\Marcel\Desktop\Logs.zip
[2012.10.08 22:38:17 | 000,696,760 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012.10.08 22:38:16 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012.10.07 18:35:01 | 000,302,592 | ---- | M] () -- C:\Users\Marcel\Desktop\mvlqyosl.exe
[2012.10.07 17:42:31 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Marcel\Desktop\OTL.exe
[2012.10.07 17:36:50 | 000,050,477 | ---- | M] () -- C:\Users\Marcel\Desktop\Defogger.exe
[2012.10.07 14:44:31 | 000,000,000 | ---- | M] () -- C:\Users\Marcel\defogger_reenable
[2012.10.07 10:46:57 | 000,000,300 | ---- | M] () -- C:\Users\Marcel\Documents\cc_20121007_104654.reg
[2012.10.06 13:12:33 | 000,007,298 | ---- | M] () -- C:\Users\Marcel\Documents\cc_20121006_131225_2.reg
[2012.10.06 12:31:11 | 000,017,624 | ---- | M] () -- C:\Users\Marcel\Documents\cc_20121006_123106.reg
[2012.10.04 20:21:15 | 000,000,000 | ---- | M] () -- C:\Windows\ativpsrm.bin
[2012.10.04 19:59:21 | 000,008,592 | ---- | M] () -- C:\Users\Marcel\AppData\Local\d3d9caps.dat
[2012.10.01 18:21:28 | 000,000,392 | ---- | M] () -- C:\Users\Marcel\Documents\cc_20121001_182120.reg
[2012.09.30 20:54:42 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2012.09.30 20:54:35 | 000,001,355 | ---- | M] () -- C:\Windows\WISO.INI
[2012.09.30 11:58:19 | 000,000,432 | ---- | M] () -- C:\Users\Marcel\Documents\cc_20120930_115812.reg
[2012.09.28 23:09:35 | 000,000,836 | ---- | M] () -- C:\Users\Marcel\Documents\cc_20120928_230927_2.reg
[2012.09.28 21:05:11 | 000,001,182 | ---- | M] () -- C:\Users\Marcel\Documents\cc_20120928_210506.reg
[2012.09.28 17:46:36 | 000,383,616 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.09.28 17:02:03 | 000,004,884 | ---- | M] () -- C:\Users\Marcel\Documents\cc_20120928_170146.reg
[2012.09.28 17:01:21 | 000,237,094 | ---- | M] () -- C:\Users\Marcel\Documents\cc_20120928_170045.reg
[2012.09.25 20:26:32 | 000,000,957 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[1 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.10.10 19:34:11 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012.10.10 19:34:11 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012.10.10 19:34:11 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012.10.10 19:34:11 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012.10.10 19:34:11 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012.10.08 22:42:13 | 000,009,305 | ---- | C] () -- C:\Users\Marcel\Desktop\Logs.zip
[2012.10.07 18:35:01 | 000,302,592 | ---- | C] () -- C:\Users\Marcel\Desktop\mvlqyosl.exe
[2012.10.07 17:36:50 | 000,050,477 | ---- | C] () -- C:\Users\Marcel\Desktop\Defogger.exe
[2012.10.07 17:15:05 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.10.07 14:44:31 | 000,000,000 | ---- | C] () -- C:\Users\Marcel\defogger_reenable
[2012.10.07 10:46:56 | 000,000,300 | ---- | C] () -- C:\Users\Marcel\Documents\cc_20121007_104654.reg
[2012.10.06 14:18:26 | 000,000,966 | ---- | C] () -- C:\Users\Marcel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk
[2012.10.06 14:06:24 | 224,451,204 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012.10.06 13:12:32 | 000,007,298 | ---- | C] () -- C:\Users\Marcel\Documents\cc_20121006_131225_2.reg
[2012.10.06 12:31:09 | 000,017,624 | ---- | C] () -- C:\Users\Marcel\Documents\cc_20121006_123106.reg
[2012.10.04 20:21:15 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012.10.01 18:21:24 | 000,000,392 | ---- | C] () -- C:\Users\Marcel\Documents\cc_20121001_182120.reg
[2012.09.30 15:29:08 | 000,001,957 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WISO Mein Steuer-Sparbuch heute.lnk
[2012.09.30 11:58:17 | 000,000,432 | ---- | C] () -- C:\Users\Marcel\Documents\cc_20120930_115812.reg
[2012.09.28 23:09:33 | 000,000,836 | ---- | C] () -- C:\Users\Marcel\Documents\cc_20120928_230927_2.reg
[2012.09.28 21:05:08 | 000,001,182 | ---- | C] () -- C:\Users\Marcel\Documents\cc_20120928_210506.reg
[2012.09.28 17:01:51 | 000,004,884 | ---- | C] () -- C:\Users\Marcel\Documents\cc_20120928_170146.reg
[2012.09.28 17:00:52 | 000,237,094 | ---- | C] () -- C:\Users\Marcel\Documents\cc_20120928_170045.reg
[2012.09.25 20:26:32 | 000,000,957 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.01.18 07:44:00 | 010,920,984 | ---- | C] () -- C:\Windows\System32\LogiDPP.dll
[2012.01.18 07:44:00 | 000,336,408 | ---- | C] () -- C:\Windows\System32\DevManagerCore.dll
[2012.01.18 07:44:00 | 000,104,472 | ---- | C] () -- C:\Windows\System32\LogiDPPApp.exe
[2011.11.08 21:29:38 | 001,053,848 | ---- | C] () -- C:\Windows\System32\ieconfig_1und1_svc.exe
[2011.09.15 20:27:43 | 000,082,823 | ---- | C] () -- C:\Users\Marcel\phase-6-backpack-all-2011-09-15.p6a
[2011.08.12 13:20:14 | 000,015,896 | ---- | C] () -- C:\Windows\System32\drivers\iKeyLFT2.dll
[2011.07.26 07:48:54 | 000,028,418 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2011.04.13 18:37:54 | 000,046,416 | ---- | C] () -- C:\Users\Marcel\Sophos_Installation.pdf
[2011.03.10 04:14:02 | 000,037,376 | ---- | C] () -- C:\Windows\System32\atitmpxx.dll
[2011.03.09 22:59:14 | 000,059,904 | ---- | C] () -- C:\Windows\System32\OVDecode.dll
[2011.03.01 20:07:08 | 000,003,949 | ---- | C] () -- C:\Windows\System32\atipblag.dat
[2011.03.01 00:30:06 | 000,233,012 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2010.05.23 14:33:29 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2008.07.20 13:56:07 | 000,041,984 | ---- | C] () -- C:\Users\Marcel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.03.11 18:39:37 | 000,008,592 | ---- | C] () -- C:\Users\Marcel\AppData\Local\d3d9caps.dat
[2008.03.07 19:22:33 | 000,000,680 | RHS- | C] () -- C:\Users\Marcel\ntuser.pol
[2008.03.06 19:11:02 | 000,000,094 | ---- | C] () -- C:\Users\Marcel\AppData\Local\fusioncache.dat
 
========== ZeroAccess Check ==========
 
[2006.11.02 14:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 19:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 08:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 08:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 147 bytes -> C:\ProgramData\TEMP:E1F04E8D
@Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:4CF61E54
@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:99AC3203
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:063969F8

< End of report >
--- --- ---

--- --- ---

und hier der Inhalt von OTL.ExtraOTL Logfile:OTL EXTRAS Logfile:
Code:
OTL Extras logfile created on: 14.10.2012 14:43:27 - Run 4
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\Marcel\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,50 Gb Total Physical Memory | 1,12 Gb Available Physical Memory | 74,98% Memory free
3,24 Gb Paging File | 3,01 Gb Available in Paging File | 92,84% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 445,76 Gb Total Space | 365,02 Gb Free Space | 81,89% Space Free | Partition Type: NTFS
Drive D: | 19,99 Gb Total Space | 9,50 Gb Free Space | 47,52% Space Free | Partition Type: FAT32
Drive H: | 2,41 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive I: | 1862,56 Gb Total Space | 1855,45 Gb Free Space | 99,62% Space Free | Partition Type: FAT32
Drive J: | 7,52 Gb Total Space | 5,46 Gb Free Space | 72,64% Space Free | Partition Type: FAT32
 
Computer Name: MARCEL-PC | User Name: Marcel | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [CEWE FOTOSCHAU] -- "C:\Program Files\dm\dm-Fotowelt\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [dm-Fotowelt] -- "C:\Program Files\dm\dm-Fotowelt\dm-Fotowelt.exe" "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
"" =
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0294BB2F-6178-459D-8C46-8D1C40D6AD6B}" = rport=445 | protocol=6 | dir=out | app=system |
"{057550CC-1C7E-4C7B-A2F8-3A8DDC978C8C}" = lport=138 | protocol=17 | dir=in | app=system |
"{08E024BB-596A-4DFF-A430-159062EB67CE}" = lport=10243 | protocol=6 | dir=in | app=system |
"{09A0479D-6FEC-44EC-AE35-A11F3555DF76}" = lport=9442 | protocol=17 | dir=in | name=intel(r) viiv(tm) media server discovery |
"{19A5737B-0BEE-43C8-BCD3-3CC714AA4FD3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{25B9D31D-64EC-44F5-900B-17177C3E5D3C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{295EF879-34FC-4A05-A484-51AA1443280E}" = lport=445 | protocol=6 | dir=in | app=system |
"{2FA65B31-3A9D-4C20-AFC6-469495F0EF44}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{322E51A0-10F3-450C-93B5-9DD0396DBD55}" = rport=138 | protocol=17 | dir=out | app=system |
"{4084E937-EAAA-47EE-9520-7BE7CE434C09}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{4BF5EB07-06A2-40E2-B5B6-244EF5C49A0F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{4E0A7419-B129-4287-A27F-2E1E5726A5D2}" = lport=139 | protocol=6 | dir=in | app=system |
"{5456EA1E-AF45-48BD-9C96-AB99A6CCF1D9}" = lport=139 | protocol=6 | dir=in | app=system |
"{61D83676-E102-4F3C-8E78-4C9286974FF7}" = lport=445 | protocol=6 | dir=in | app=system |
"{61DB2FC2-9BE4-4981-83A3-DB5C74DCB9FA}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{6364B77A-8796-4078-B3CC-5963A3E70B4F}" = rport=139 | protocol=6 | dir=out | app=system |
"{6EFD3216-D4DB-448C-81DA-E8838C66FFD2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{6FE754F2-52C7-4FBF-96F3-678553F8D52B}" = lport=137 | protocol=17 | dir=in | app=system |
"{769EEBF4-D87F-40D9-AB62-F6416984AC0B}" = lport=1900 | protocol=17 | dir=in | name=intel(r) viiv(tm) media server upnp discovery |
"{7C7BD74E-D59D-40F9-8481-A74C4729E9DD}" = rport=138 | protocol=17 | dir=out | app=system |
"{86444BB3-291D-4D31-A046-BB4AA3243C28}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{95866EEE-4401-43FD-8CF3-D54CF9E4CE03}" = rport=445 | protocol=6 | dir=out | app=system |
"{A1EE12DC-BEBB-4437-B0FB-A4B7EBB2F3E0}" = rport=137 | protocol=17 | dir=out | app=system |
"{A3AFB056-C1C9-4FC1-B3F8-3338A6EA7BC1}" = lport=138 | protocol=17 | dir=in | app=system |
"{AF8150A9-8B4A-4262-900E-D368942052B3}" = lport=2869 | protocol=6 | dir=in | app=system |
"{BE10AB93-C4A6-464B-BE93-069E778BFF99}" = rport=10243 | protocol=6 | dir=out | app=system |
"{C232D951-55E7-4D04-9346-F88A07FC0B22}" = lport=137 | protocol=17 | dir=in | app=system |
"{C428A183-FD79-40B5-990D-895328F43AC8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{CF0676E6-E2EC-438A-9741-7029DEBD00CE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{DCF7BE07-B9C5-4493-A8F8-38FEE6205650}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{F4D0E2F8-4284-4440-B48B-D4FDF160C64E}" = rport=139 | protocol=6 | dir=out | app=system |
"{F534D21D-02A4-4E48-A237-A3745ED5E6D3}" = rport=137 | protocol=17 | dir=out | app=system |
"{F9C1EEE5-72B7-40C6-BC7C-64E9DF7DEB39}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{003C7A18-60D9-4C89-94D8-DE42C1AA1D76}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{02A4D600-582A-4C14-ADFE-C125CF0CB18F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{0C346788-421B-44B7-81A9-1F7973A9456E}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{11A0AE7E-F2EB-42C8-9D13-DC2C76618033}" = protocol=17 | dir=in | app=c:\program files\intel\inteldh\intel media server\media server\bin\tshwmdtcp.exe |
"{13AD2E8B-1AD6-47CD-975D-FB6A7EF6B8B1}" = protocol=6 | dir=in | app=c:\program files\intel\inteldh\intel media server\media server\bin\mediaserver.exe |
"{1473D86F-6F04-46A3-9153-CD04272511DC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{1DCEA844-D992-4FE2-8312-8540CE4D2A9A}" = dir=in | app=c:\program files\homecinema\tv enhance\tveservice.exe |
"{26EA734F-2015-42B9-872C-12B2C8E66F8A}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{2A7D534A-8223-41EC-8C7B-3C401FC2698B}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{2E3EB76D-112D-4A1F-91A7-D7A13B4FA2A0}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{3370C3A2-A23A-4FEA-9D69-0200C24A2971}" = dir=in | app=c:\program files\homecinema\powerdirector\pdr.exe |
"{3F65BD85-2B6A-47FC-A27D-1C6A3AC7B70E}" = protocol=17 | dir=in | app=c:\program files\1&1\webwaigd.exe |
"{4476559C-A05F-42CF-BDC8-E6D7F9F44CD0}" = dir=in | app=c:\program files\homecinema\powerdvd\powerdvd.exe |
"{449E8AA4-26BF-495F-9604-0BCE9B76CF26}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{4849799C-D8E9-4360-8F9A-6B5F2BCC7EA4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{4BBAB83A-F15F-4A5A-8065-0FEA691F756B}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{528773B3-F9C5-42B3-B101-E0447E3CD334}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{56E808A1-BFD0-4B79-B567-B9FA848D697F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{61FB8AD2-C831-45AB-9DFB-D685C3A8300D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{62F27534-2769-4D2F-B42F-E96E62F64F44}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{64DCE4E0-BE06-4BB5-8602-7760B09F65F3}" = protocol=6 | dir=in | app=c:\program files\intel\inteldh\intel media server\shells\remote ui service.exe |
"{65901CFC-D156-4C8F-90EA-C26D256CA195}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{68F6992D-6E9D-4F14-88EC-3E0B8BEC7EFF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{6B38C43C-14D6-43C3-B896-F038B0B1203D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{6BEC0D4C-61EF-44C4-9A57-4E569F4BA5E3}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{734AC65E-2775-468E-A6CE-979122036A08}" = protocol=17 | dir=in | app=h:\fsetup.exe |
"{74AE3881-A08F-4D6C-92F5-BA82438DC2B4}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{76082DA0-6E46-4F75-A565-F9CFB551C225}" = protocol=17 | dir=in | app=c:\program files\1&1\igdctrl.exe |
"{7D3CF706-04B0-4A39-84FC-3B34E4017780}" = protocol=17 | dir=in | app=c:\program files\intel\inteldh\intel media server\shells\remote ui service.exe |
"{8629C8B0-DBE6-4B8D-B923-2C905AF1DD79}" = protocol=17 | dir=in | app=c:\program files\1&1\fboxupd.exe |
"{8642AF85-31DC-4BB3-8E9D-1E478C224084}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{8A1E2924-E398-44DB-87DF-58D64099B0DD}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{9B3530A5-683A-421A-A3C7-F67F3402E6B3}" = dir=in | app=c:\program files\homecinema\makedisc\makedisc.exe |
"{A5589677-56C4-46C1-A86B-1F0B5425786F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A58A2856-F35E-4AAC-B2DE-8C258BE37DF6}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{A5DBEF80-9F91-48E1-8C1A-56E48A5C0AD3}" = dir=in | app=c:\program files\homecinema\tv enhance\tvenhance.exe |
"{AB3FBA72-52C3-4476-9A38-230DBE05659B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{AD172DD0-8A75-475F-859A-EE2207CD67E9}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{AF93AF02-04B8-46AA-8D3F-23B2ACCA0FF2}" = protocol=6 | dir=in | app=c:\program files\1&1\fboxupd.exe |
"{B3C788DD-79AF-4194-9904-45B4CE6A02B8}" = protocol=6 | dir=in | app=c:\program files\1&1\webwaigd.exe |
"{BC7833D1-AE4B-4CAB-BDD5-6EA587E5C763}" = protocol=6 | dir=out | app=system |
"{C0A5AFEC-6312-42ED-8713-34CAAAA77A0C}" = protocol=6 | dir=in | app=c:\program files\1&1\igdctrl.exe |
"{CE504808-152F-4073-8BB9-0F8E7C4D30C6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{D3648D1D-2BA3-4973-9B7E-EDC907B6E342}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D383F04C-5757-4FE6-90E7-B48D22CB8919}" = protocol=17 | dir=in | app=c:\program files\intel\inteldh\intel media server\media server\bin\mediaserver.exe |
"{D6521828-1E8E-41AF-8429-878FDB0E1826}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{DB063FDC-3DF9-4103-9B9B-8CD9AB3360B7}" = protocol=6 | dir=in | app=h:\fsetup.exe |
"{E8715BB0-E132-4617-B344-62E03BFE2C1C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{E926E57D-011D-4F63-BCC5-FFCFDC28D091}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{EFA98652-B437-42AA-B7D3-EFFD71ED4ECD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F7DCF881-DB9D-4779-8D1C-CCCBAC7C73FF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{FAE57EDA-E71F-4905-976F-FF8091FB39CD}" = protocol=6 | dir=in | app=c:\program files\intel\inteldh\intel media server\media server\bin\tshwmdtcp.exe |
"{FCBC9D99-3A70-4489-977E-07839FCAB27F}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"TCP Query User{0C0A775F-A069-401F-99CA-8ADF1CFA9399}C:\games\world_of_tanks\wotlauncher.exe" = protocol=6 | dir=in | app=c:\games\world_of_tanks\wotlauncher.exe |
"TCP Query User{0F37A178-31A2-4673-81B6-618A61CFC4B6}C:\users\andrea\appdata\local\temp\temp1_fritz.box_wlan_7390_84.04.83.recoverimage.zip\fritz.box_wlan_7390_84.04.83.recoverimage.exe" = protocol=6 | dir=in | app=c:\users\andrea\appdata\local\temp\temp1_fritz.box_wlan_7390_84.04.83.recoverimage.zip\fritz.box_wlan_7390_84.04.83.recoverimage.exe |
"TCP Query User{16422206-99F4-487A-8C07-172B0F213324}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe |
"TCP Query User{1DE2DC97-93AD-4B87-87ED-C72FCA8068B4}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe |
"TCP Query User{2AE5099C-EE31-470C-B7B1-D53B2CC3746D}C:\program files\java\jre1.6.0_04\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre1.6.0_04\bin\javaw.exe |
"TCP Query User{323AAD4B-3F27-4B22-A0B3-762A5D9E0F8E}C:\users\andrea\appdata\local\temp\temp1_fritz.box_wlan_7390_84.04.83.recoverimage.zip\fritz.box_wlan_7390_84.04.83.recoverimage.exe" = protocol=6 | dir=in | app=c:\users\andrea\appdata\local\temp\temp1_fritz.box_wlan_7390_84.04.83.recoverimage.zip\fritz.box_wlan_7390_84.04.83.recoverimage.exe |
"TCP Query User{46E17AA6-B9F3-420A-AEA5-36587E1F8FB0}C:\users\marcel\appdata\local\temp\temp1_fritz.box_wlan_7390_84.04.83.recoverimage.zip\fritz.box_wlan_7390_84.04.83.recoverimage.exe" = protocol=6 | dir=in | app=c:\users\marcel\appdata\local\temp\temp1_fritz.box_wlan_7390_84.04.83.recoverimage.zip\fritz.box_wlan_7390_84.04.83.recoverimage.exe |
"TCP Query User{8037CC3B-E185-47FB-8A89-FD3379CDD4A8}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{B67FD5AF-D3C8-4144-87F2-75359D277707}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{F75F887A-A8F0-4BAA-A5DA-24DE61D703C8}C:\games\world_of_tanks\worldoftanks.exe" = protocol=6 | dir=in | app=c:\games\world_of_tanks\worldoftanks.exe |
"UDP Query User{0F277BE9-6581-4236-9025-F57221EC3122}C:\users\andrea\appdata\local\temp\temp1_fritz.box_wlan_7390_84.04.83.recoverimage.zip\fritz.box_wlan_7390_84.04.83.recoverimage.exe" = protocol=17 | dir=in | app=c:\users\andrea\appdata\local\temp\temp1_fritz.box_wlan_7390_84.04.83.recoverimage.zip\fritz.box_wlan_7390_84.04.83.recoverimage.exe |
"UDP Query User{2FB06911-6D87-4D52-A9DF-31F0E0D79AFB}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe |
"UDP Query User{35BBD58B-74BE-409B-A963-675F42597BC7}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{72CFE1D7-B883-4724-BC08-93A429CB827D}C:\games\world_of_tanks\wotlauncher.exe" = protocol=17 | dir=in | app=c:\games\world_of_tanks\wotlauncher.exe |
"UDP Query User{72D61F70-8AC8-40AE-BAD9-DE43B8D4CBB8}C:\users\andrea\appdata\local\temp\temp1_fritz.box_wlan_7390_84.04.83.recoverimage.zip\fritz.box_wlan_7390_84.04.83.recoverimage.exe" = protocol=17 | dir=in | app=c:\users\andrea\appdata\local\temp\temp1_fritz.box_wlan_7390_84.04.83.recoverimage.zip\fritz.box_wlan_7390_84.04.83.recoverimage.exe |
"UDP Query User{75B30160-B70B-4E99-8BC9-58ADA4DC8D24}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe |
"UDP Query User{85F6561C-0121-42F3-8D5F-2D504510E08B}C:\program files\java\jre1.6.0_04\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre1.6.0_04\bin\javaw.exe |
"UDP Query User{900BE098-E275-4366-8215-2B768142901C}C:\users\marcel\appdata\local\temp\temp1_fritz.box_wlan_7390_84.04.83.recoverimage.zip\fritz.box_wlan_7390_84.04.83.recoverimage.exe" = protocol=17 | dir=in | app=c:\users\marcel\appdata\local\temp\temp1_fritz.box_wlan_7390_84.04.83.recoverimage.zip\fritz.box_wlan_7390_84.04.83.recoverimage.exe |
"UDP Query User{AE5B0358-4B06-4515-B37F-F59C77497F28}C:\games\world_of_tanks\worldoftanks.exe" = protocol=17 | dir=in | app=c:\games\world_of_tanks\worldoftanks.exe |
"UDP Query User{E7A69C73-6DF4-46D4-B71C-977B71283700}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00B3F965-1344-C16B-D865-7600B8A6B26E}" = CCC Help English
"{02F0B8AE-7501-4333-AFBE-6BAABFEC7637}" = WISO Steuer-Sparbuch 2011
"{03B8AA32-F23C-4178-B8E6-09ECD07EAA47}" = Epson Event Manager
"{03B8CE84-7338-472A-18D7-2E63E7E925DE}" = CCC Help French
"{043671DC-DE3A-4A5B-B7A2-34F7DF6F5523}" = Haufe iDesk-Browser
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video
"{0CC1DAFB-40C8-4903-953D-471E541477C7}" = WISO Steuer-Sparbuch 2012
"{10798AE3-DCBB-43C3-9C93-C23512427E25}" = Die Sims Deluxe
"{10A44844-4465-456E-8C97-80BDD4F68845}" = Windows Live ID-Anmelde-Assistent
"{119B7481-0216-40D2-A5CC-C3E1F461ECC1}" = Windows Live Fotogalerie
"{11AFE21E-B193-430D-B57A-DFF7815BB962}" = Ulead PhotoImpact 12
"{138A4072-9E64-46BD-B5F9-DB2BB395391F}" = LWS VideoEffects
"{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi
"{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main
"{174A3B31-4C43-43DD-866F-73C9DB887B48}" = LWS Twitter
"{1767EB45-F1E9-2444-2433-A1A94F626026}" = CCC Help Italian
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18B59625-5EEE-11D7-94C8-00E0988C417C}" = Skillies Demoversion
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
"{19A492A0-888F-44A0-9B21-D91700763F62}" = Catalyst Control Center - Branding
"{1BB0E97A-1371-6B9D-E1CB-D5CACF3668C8}" = CCC Help German
"{1DB7D9D1-CC2D-D8BB-4F8A-1FC0BF98DC2C}" = CCC Help Chinese Standard
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 24
"{27FDF949-69CE-435A-8372-339F72336AC5}" = MEDIONbox
"{29ED20C9-5E15-4969-9279-25BF3727A3DA}" = iTunes
"{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}" = EPSON Scan Assistant
"{2E636AA0-43EB-D218-79D4-BD3B0847545C}" = CCC Help Czech
"{2EB81825-E9EE-44F4-8F51-1240C3898DC6}" = EPSON File Manager
"{2EF095CE-24AF-4AAA-BB82-85F988EC51C0}" = 1und1 Internet Explorer Add-On
"{3248F0A8-6813-11D6-A77B-00B0D0160040}" = Java(TM) 6 Update 4
"{355FBF6C-31EB-C660-F07A-1CC93975A5CA}" = HydraVision
"{38B7F5C6-53F4-D852-9C0F-534C1F9492A7}" = ccc-utility
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{39F58DDB-B2B8-4B86-AF20-4706A80EB30D}" = Epson Easy Photo Print 2
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3B7458C7-3F03-4415-AC39-D51EDEACDCCC}" = Steuer 2007
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D1654FA-58EF-6DF0-8B70-E16B7B6C445C}" = Catalyst Control Center InstallProxy
"{3D78F2A2-C893-4ABD-B5FE-AD7011837755}" = EPSON Easy Photo Print
"{3E8DE1A6-B365-4FF6-B917-2892A34990E8}" = LG USB Modem Drivers
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{46471745-D135-ADF9-D313-ED5AA9F8B8B4}" = CCC Help Chinese Traditional
"{46B70DEB-97B3-4E38-B746-EC16905E6A8F}" = WISO Steuer 2010
"{485841AB-3FA9-AC9A-FAD8-95113AF834A3}" = CCC Help Thai
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B4C3560-6D96-F947-D7FF-F42A60631554}" = CCC Help Norwegian
"{4C73B683-B15D-4B94-AC7A-520B70C4FFE9}" = Sceneo AbsolutTV
"{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}" = Junk Mail filter update
"{4E9F7AD8-E3EC-4636-BD25-A5AD97E73C64}" = FRITZ!Box starter
"{504D471B-E518-EE37-703F-2E35E72D08A7}" = CCC Help Dutch
"{54B1E5A3-1B29-4582-A226-172A1FC7BA6C}" = Windows Live Family Safety
"{554EE7DA-4993-49B7-A579-3969608E5ADF}" = Das grosse Power-Druckstudio
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5775DD65-B236-44B0-B8ED-B930B8E6670F}" = TinyGrab
"{588D9F5F-8C62-4421-BAE9-CCAA57D4E4EE}" = TVsweeper 3
"{592ED299-14EF-4C0F-92B4-B62E7CD5A2BE}_is1" = everpixx 5.3
"{5A166C0B-9557-4364-A057-F946D674E6AC}" = Windows Live Mail
"{5BB977A4-E843-4E31-9859-745F442B1031}" = Nero 8 Essentials
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{653C2740-4688-6E67-F57D-4D99C573613D}" = CCC Help Portuguese
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{67EDD823-135A-4D59-87BD-950616D6E857}" = EPSON Copy Utility 3
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection
"{724D1F61-D823-48E2-8DB6-BD07AE03D6E3}" = CCC Help Greek
"{74A40B26-5B56-4D5D-944C-7D82D1F3555D}" = ArcSoft MediaImpression
"{74B96512-231D-415B-AFA9-BCA52076A48B}" = OpenOffice.org 3.0
"{7638AC61-8AEE-9983-D681-BA48EE41A8FE}" = ATI Catalyst Install Manager
"{7655E113-C306-11D9-A373-0050BAE317E1}" = MCE Software Encoder 1.1
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7BE95C72-3470-4367-C030-DE66B8887E37}" = CCC Help Japanese
"{7E05DB3E-6CDD-4116-962F-16BC3DE41A68}" = Steuer Update 14.01
"{81821BF8-DA20-4F8C-AA87-F70A274828D4}" = Windows Live Writer
"{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher
"{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90024193-9F13-4877-89D5-A1CDF0CBBF28}" = Feedback Tool
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91E04CA7-0B13-4F8C-AA4D-2A573AC96D19}" = Windows Live Essentials
"{93EA9C3E-BDFD-4309-A605-9B5BBC0CCEFD}" = Camera RAW Plug-In for EPSON Creativity Suite
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9ACB414D-9347-40B6-A453-5EFB2DB59DFA}" = Sophos Anti-Virus
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9CA899EE-D9D1-1BEA-861A-85715F6BB06C}" = Catalyst Control Center Localization All
"{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin
"{A190B778-588E-33EF-4408-CC0F9674C7B3}" = CCC Help Turkish
"{A25FF1C0-80B6-4B8B-A551-DC525697A408}" = AMD APP SDK Runtime
"{A4E86B6A-6EEC-41FD-8960-26947F0E3353}" = Haufe iDesk-Service
"{A57CBC93-A964-3549-7C8F-43EF4C0C4077}" = ATI AVIVO Codecs
"{A7472CEE-6E85-4D43-9C71-BDFC0D471F70}" = Intel® Viiv™ Software
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A8D8547C-7679-DA67-09F9-EC282B8F3649}" = CCC Help Finnish
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{ABD7DBE3-E344-4BCA-B8AD-4360494DD1D9}" = LG MC USB U330 driver
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.2) - Deutsch
"{AC76BA86-7AD7-5464-3428-800000000004}" = Spelling Dictionaries Support For Adobe Reader 8
"{AC7EE5F1-0DE4-4256-8E43-92B73C8E6019}" = LG Bluetooth Drivers
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{B145EC69-66F5-11D8-9D75-000129760D75}" = MakeDisc
"{B2D55EB8-32C5-4B43-9006-9E97DECBA178}" = Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser)
"{B4089055-D468-45A4-A6BA-5A138DD715FC}" = Bing Bar
"{B5483174-C4FC-D248-1B3F-3848DD2606C8}" = CCC Help Polish
"{B6D61395-20E7-1682-A56B-D5759D6A6135}" = CCC Help Russian
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{B8B61C0D-6DE8-6B79-11AA-6745FE2D30AE}" = CCC Help Swedish
"{BBBF4CFE-9D26-4D93-A869-B2B021B3CA85}" = Intel(R) PRO Network Connections 12.2.41.0
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BD9233C7-8D5C-8A4F-F979-44653BE36972}" = CCC Help Danish
"{C648A7DE-A784-6D55-2655-28E4B28B75C5}" = CCC Help Korean
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
"{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam-Software
"{D5A9B7C0-8751-11D8-9D75-000129760D75}" = MediaShow
"{D8D22773-14BF-4178-A683-3DBA515C2A26}" = WISO Mein Geld 2008 Professional
"{D94BA408-F110-488B-A65E-3AE7945F79E6}_is1" = LG PC Suite III deinstallieren
"{DD8C5170-C98D-0FAB-083B-122F7BEFCCB9}" = Catalyst Control Center
"{E0091C29-DEE8-4B24-BF65-8C35B5940D77}" = Letstrade
"{E4C891D6-6844-41B8-86E8-633CACCC644F}" = TV Enhance
"{ED636101-1959-4360-8BF7-209436E7DEE4}" = Windows Live Sync
"{EE5A5FC0-FCBF-BDD4-F96A-D1DACC4B1210}" = Catalyst Control Center Graphics Previews Common
"{EE9BD325-3BCC-D3E7-D5AC-85ED719004FF}" = CCC Help Spanish
"{EED027B7-0DB6-404B-8F45-6DFEE34A0441}" = LWS Video Mask Maker
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F554C262-F87E-183C-1765-3F2F8B27EAC5}" = CCC Help Hungarian
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F9000000-0018-0000-0000-074957833700}" = ABBYY FineReader 9.0 Sprint
"{FA54AFB1-5745-4389-B8C1-9F7509672ED1}" = iPhone-Konfigurationsprogramm
"{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook
"1&1 EasyLogin" = 1&1 EasyLogin
"1und1 Internet Explorer Add-On" = 1und1 Internet Explorer Add-On
"7-Zip" = 7-Zip 9.20
"ABBYY FineReader 9.0 Sprint" = ABBYY FineReader 9.0 Sprint
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"ALDI Foto Manager Free Sued D" = ALDI Foto Manager Free Sued
"ALDI Online Druck Service (Sued)" = ALDI Online Druck Service (Sued)
"ALDI Sued Foto Service D" = ALDI Sued Foto Service
"Aldi Süd Fotoservice_is1" = Aldi Süd Fotoservice
"Audiograbber" = Audiograbber 1.83 SE
"Audiograbber-Lame" = Audiograbber MP3-Plugin
"AVMFBox" = AVM FRITZ!Box Dokumentation
"AVMFBoxPrinter" = AVM FRITZ!Box Druckeranschluss
"CCleaner" = CCleaner
"dm-Fotowelt" = dm-Fotowelt
"EPSON Printer and Utilities" = EPSON-Drucker-Software
"EPSON Scanner" = EPSON Scan
"EPSON Stylus CX7300_CX8300_DX7400_DX8400 Benutzerhandbuch" = EPSON Stylus CX7300_CX8300_DX7400_DX8400 Handbuch
"EPSON SX125 Series" = EPSON SX125 Series Printer Uninstall
"EPSON SX125 Series Manual" = EPSON SX125 Series Handbuch
"ESET Online Scanner" = ESET Online Scanner v3
"Firebird SQL Server D" = Firebird SQL Server - MAGIX Edition
"freddyDeutsch12" = Freddy:Deutsch1/Deutsch2
"freddyMathe12" = Freddy:Mathe1/Mathe2
"freddyMathe7" = Freddy:Mathe7
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4
"Free Video to MP3 Converter_is1" = Free Video to MP3 Converter version 4.2.12
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.9
"Gute_Vorsaetze_Abnehmen" = Gute_Vorsaetze_Abnehmen Screen Saver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"Intel(R) Configuration Center" = Intel® Viiv™ Software
"LetsTrade" = LetsTrade Komponenten
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.0.1400
"MEDION Fotos auf CD Sued D" = MEDION Fotos auf CD Sued
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"NVIDIA Drivers" = NVIDIA Drivers
"PC-Kids Deutsch 3_is1" = PC-Kids Deutsch 3
"phase-6" = phase-6 2.1.2.3a
"phase-6 Feeding Tool" = phase-6 Feeding Tool 1.1.4
"PROSetDX" = Intel(R) PRO Network Connections 12.2.41.0
"RealPlayer 6.0" = RealPlayer
"softonic-de3 Toolbar" = softonic-de3 Toolbar
"Uninstall_is1" = Uninstall 1.0.0.1
"WinLiveSuite_Wave3" = Windows Live Essentials
"X10Hardware" = X10 Hardware(TM)
"Yahoo! Companion" = Yahoo! Toolbar
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00C58EBE-223E-4AB6-8AE9-38F27F4420BD}" = WISO Steuer 2009
"3e74fe69fc3c1e1d" = Install
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 13.10.2012 04:26:25 | Computer Name = Marcel-PC | Source = AlertSource | ID = 1
Description =
 
Error - 13.10.2012 04:42:54 | Computer Name = Marcel-PC | Source = EventSystem | ID = 4609
Description =
 
Error - 13.10.2012 07:54:59 | Computer Name = Marcel-PC | Source = AlertSource | ID = 1
Description =
 
Error - 13.10.2012 08:02:39 | Computer Name = Marcel-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung CCU_Engine.exe, Version 1.7.548.0, Zeitstempel
 0x46803fc5, fehlerhaftes Modul CCU_Engine.exe, Version 1.7.548.0, Zeitstempel 0x46803fc5,
 Ausnahmecode 0xc0000005, Fehleroffset 0x00013190,  Prozess-ID 0x161c, Anwendungsstartzeit
 01cda93aa4489570.
 
Error - 13.10.2012 09:47:10 | Computer Name = Marcel-PC | Source = EventSystem | ID = 4609
Description =
 
Error - 13.10.2012 11:06:55 | Computer Name = Marcel-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung CCU_Engine.exe, Version 1.7.548.0, Zeitstempel
 0x46803fc5, fehlerhaftes Modul CCU_Engine.exe, Version 1.7.548.0, Zeitstempel 0x46803fc5,
 Ausnahmecode 0xc0000005, Fehleroffset 0x00013190,  Prozess-ID 0x1560, Anwendungsstartzeit
 01cda95460929aa0.
 
Error - 13.10.2012 11:10:10 | Computer Name = Marcel-PC | Source = AlertSource | ID = 1
Description =
 
Error - 14.10.2012 04:29:03 | Computer Name = Marcel-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung CCU_Engine.exe, Version 1.7.548.0, Zeitstempel
 0x46803fc5, fehlerhaftes Modul CCU_Engine.exe, Version 1.7.548.0, Zeitstempel 0x46803fc5,
 Ausnahmecode 0xc0000005, Fehleroffset 0x00013190,  Prozess-ID 0x125c, Anwendungsstartzeit
 01cda9e5f7702050.
 
Error - 14.10.2012 06:35:45 | Computer Name = Marcel-PC | Source = AlertSource | ID = 1
Description =
 
Error - 14.10.2012 08:41:00 | Computer Name = Marcel-PC | Source = EventSystem | ID = 4609
Description =
 
[ IntelDH Events ]
Error - 13.10.2012 08:02:39 | Computer Name = Marcel-PC | Source = CCU_Engine | ID = 15
Description = A CCU internal function detected an error: CCUEngine failed to hook
 to the DataManager for events.
 
Error - 13.10.2012 08:02:43 | Computer Name = Marcel-PC | Source = TrayIcon | ID = 15
Description = A CCU internal function detected an error: CCU_TrayIcon::Could not
 create ICCUEngine interface pointer
 
Error - 13.10.2012 11:06:54 | Computer Name = Marcel-PC | Source = AlertService | ID = 15
Description = A CCU internal function detected an error: XMLDoc::Save failed
 
Error - 13.10.2012 11:06:54 | Computer Name = Marcel-PC | Source = AlertService | ID = 16
Description = The DataManager failed to create the XML data store.  Function = ICS
 Log failed
 
Error - 13.10.2012 11:06:54 | Computer Name = Marcel-PC | Source = CCU_Engine | ID = 15
Description = A CCU internal function detected an error: CCUEngine failed to hook
 to the DataManager for events.
 
Error - 13.10.2012 11:07:02 | Computer Name = Marcel-PC | Source = TrayIcon | ID = 15
Description = A CCU internal function detected an error: CCU_TrayIcon::Could not
 create ICCUEngine interface pointer
 
Error - 13.10.2012 11:10:09 | Computer Name = Marcel-PC | Source = AlertService | ID = 22
Description = A CCU internal function returned an error: CAlertSrvc::Failed to create
 DataManager with error: 
 
Error - 14.10.2012 06:35:45 | Computer Name = Marcel-PC | Source = AlertService | ID = 15
Description = A CCU internal function detected an error: XMLDoc::Save failed
 
Error - 14.10.2012 06:35:45 | Computer Name = Marcel-PC | Source = AlertService | ID = 16
Description = The DataManager failed to create the XML data store.  Function = ICS
 Log failed
 
Error - 14.10.2012 06:35:45 | Computer Name = Marcel-PC | Source = AlertService | ID = 22
Description = A CCU internal function returned an error: CAlertSrvc::Failed to create
 DataManager with error: 
 
[ System Events ]
Error - 14.10.2012 04:27:46 | Computer Name = Marcel-PC | Source = Service Control Manager | ID = 7026
Description =
 
Error - 14.10.2012 06:32:00 | Computer Name = Marcel-PC | Source = Service Control Manager | ID = 7026
Description =
 
Error - 14.10.2012 06:34:01 | Computer Name = Marcel-PC | Source = Service Control Manager | ID = 7009
Description =
 
Error - 14.10.2012 06:34:01 | Computer Name = Marcel-PC | Source = Service Control Manager | ID = 7000
Description =
 
Error - 14.10.2012 06:35:23 | Computer Name = Marcel-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description =
 
Error - 14.10.2012 08:36:05 | Computer Name = Marcel-PC | Source = Service Control Manager | ID = 7001
Description =
 
Error - 14.10.2012 08:36:05 | Computer Name = Marcel-PC | Source = Service Control Manager | ID = 7026
Description =
 
Error - 14.10.2012 08:40:54 | Computer Name = Marcel-PC | Source = DCOM | ID = 10005
Description =
 
Error - 14.10.2012 08:40:52 | Computer Name = Marcel-PC | Source = Microsoft-Windows-Kernel-General | ID = 5
Description =
 
Error - 14.10.2012 08:41:00 | Computer Name = Marcel-PC | Source = DCOM | ID = 10005
Description =
 
 
< End of report >
--- --- ---

Danke für die Sonderschichten (Sa.+So.)

schrauber 14.10.2012 17:18
Da sind noch etliche Einträge, die wir fixen müssen, aber nix schlimmes, kümmern wir uns erstmal um die treiber/hardware.

Poste mal infos zum System.


Zitat:
Danke für die Sonderschichten (Sa.+So.)
Rechnung kommt :p

bastelmarc 14.10.2012 19:34
Betriebssystemname Microsoft® Windows Vista™ Home Premium
Version 6.0.6002 Service Pack 2 Build 6002
Zusätzliche Betriebssystembeschreibung Nicht verfügbar
Betriebssystemhersteller Microsoft Corporation
Systemname MARCEL-PC
Systemhersteller MEDIONPC
Systemmodell MS-7502
Systemtyp X86-basierter PC
Prozessor Intel(R) Core(TM)2 Quad CPU Q6600 @ 2.40GHz, 2400 MHz, 4 Kern(e), 4 logische(r) Prozessor(en)
BIOS-Version/-Datum Phoenix Technologies, LTD 6.00 PG, 26.12.2007
SMBIOS-Version 2.5
Windows-Verzeichnis C:\Windows
Systemverzeichnis C:\Windows\system32
Startgerät \Device\HarddiskVolume1
Gebietsschema Deutschland
Hardwareabstraktionsebene Version = "6.0.6002.18005"
Benutzername Marcel-PC\Marcel
Zeitzone Mitteleuropäische Sommerzeit
Installierter physikalischer Speicher (RAM) 1,50 GB
Gesamter realer Speicher 1,50 GB
Verfügbarer realer Speicher 599 MB
Gesamter virtueller Speicher 3,24 GB
Verfügbarer virtueller Speicher 1,72 GB
Größe der Auslagerungsdatei 1,79 GB
Auslagerungsdatei C:\pagefile.sys

ich hoffe das reicht ansonsten muss du sagen was noch benötigt wird

schrauber 14.10.2012 20:27
MEDION Deutschland - Downloads

Hierhin gehen, MSN nummer eingeben, alle Treiber für Grafik und Netzwerk laden die angeboten werden für Dein System.

Installieren, Reboot, neues OTL Logfile mit obigen Einstellungen, damit Du beide Logs bekommst, Und Monitor checken :)

bastelmarc 14.10.2012 21:31
Hallo

habe das BIOS runtergeladen geöffnet und bestätigt, dann kam die Meldung Finised and tested
war es das?

werde mir noch den Chipsatz Treiber Intel runterladen und installieren

Hier das OTL Log:OTL Logfile:
Code:
OTL logfile created on: 14.10.2012 23:02:10 - Run 5
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\Marcel\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,50 Gb Total Physical Memory | 0,43 Gb Available Physical Memory | 28,48% Memory free
3,25 Gb Paging File | 1,86 Gb Available in Paging File | 57,11% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 445,76 Gb Total Space | 363,37 Gb Free Space | 81,52% Space Free | Partition Type: NTFS
Drive D: | 19,99 Gb Total Space | 9,50 Gb Free Space | 47,52% Space Free | Partition Type: FAT32
Drive H: | 2,41 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive I: | 1862,56 Gb Total Space | 1855,45 Gb Free Space | 99,62% Space Free | Partition Type: FAT32
Drive J: | 7,52 Gb Total Space | 5,46 Gb Free Space | 72,64% Space Free | Partition Type: FAT32
 
Computer Name: MARCEL-PC | User Name: Marcel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.10.07 17:42:31 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Marcel\Desktop\OTL.exe
PRC - [2012.09.07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.09.07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012.09.07 17:04:44 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.08.31 10:42:59 | 001,380,504 | ---- | M] () -- C:\Programme\WISO\Steuersoftware 2012\mshaktuell.exe
PRC - [2012.07.16 17:24:28 | 001,114,112 | ---- | M] (1&1 Internet AG) -- C:\Programme\1&1\1&1 EasyLogin\EasyLogin.exe
PRC - [2012.06.02 11:08:27 | 000,748,664 | ---- | M] (Microsoft Corporation) -- C:\Programme\Internet Explorer\iexplore.exe
PRC - [2012.01.18 07:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) -- C:\Programme\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe
PRC - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011.11.08 21:29:38 | 001,053,848 | ---- | M] () -- C:\Windows\System32\ieconfig_1und1_svc.exe
PRC - [2011.10.13 18:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft\BingBar\SeaPort.EXE
PRC - [2011.08.12 13:19:40 | 000,680,984 | ---- | M] () -- C:\Programme\Common Files\LogiShrd\LQCVFX\COCIManager.exe
PRC - [2011.08.12 13:18:42 | 000,205,336 | ---- | M] (Logitech Inc.) -- C:\Programme\Logitech\LWS\Webcam Software\LWS.exe
PRC - [2011.08.12 13:18:30 | 000,265,240 | ---- | M] () -- C:\Programme\Logitech\LWS\Webcam Software\CameraHelperShell.exe
PRC - [2011.03.10 04:50:56 | 000,393,216 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2011.03.10 04:50:30 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2010.03.18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2009.12.03 10:12:12 | 000,976,320 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Programme\Epson Software\Event Manager\EEventManager.exe
PRC - [2009.09.14 09:00:00 | 000,200,704 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Windows\System32\spool\drivers\w32x86\3\E_FATIGGE.EXE
PRC - [2009.05.14 17:07:14 | 000,759,048 | ---- | M] (ABBYY) -- C:\Programme\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
PRC - [2009.04.11 08:28:03 | 001,233,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe
PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.04.11 08:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2009.03.30 16:28:36 | 001,533,808 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
PRC - [2009.03.30 16:28:36 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
PRC - [2007.12.07 17:08:26 | 000,778,240 | ---- | M] (AVM Berlin) -- C:\Programme\1&1\Stcenter.exe
PRC - [2007.11.14 16:50:42 | 004,706,304 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007.10.25 17:09:18 | 000,087,344 | ---- | M] (AVM Berlin) -- C:\Programme\1&1\IGDCTRL.EXE
PRC - [2007.10.19 18:42:38 | 000,290,909 | ---- | M] () -- C:\Programme\HomeCinema\TV Enhance\Kernel\TV\TVECapSvc.exe
PRC - [2007.10.19 18:42:38 | 000,114,779 | ---- | M] () -- C:\Programme\HomeCinema\TV Enhance\Kernel\TV\TVESched.exe
PRC - [2007.10.19 18:42:02 | 000,155,648 | ---- | M] (CyberLink Corp.) -- C:\Programme\HomeCinema\TV Enhance\TVEService.exe
PRC - [2007.10.15 10:15:08 | 001,410,344 | ---- | M] (Nero AG) -- C:\Programme\Common Files\Nero\Lib\NMIndexStoreSvr.exe
PRC - [2007.10.15 10:14:48 | 000,202,024 | ---- | M] (Nero AG) -- C:\Programme\Common Files\Nero\Lib\NMBgMonitor.exe
PRC - [2007.10.09 00:19:22 | 000,358,936 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2007.10.09 00:19:20 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2007.08.16 10:31:40 | 001,681,408 | ---- | M] (Buhl Data Service GmbH) -- C:\Programme\Sceneo\AbsolutTV\Services\PVR\pvrservice.exe
PRC - [2007.08.08 00:12:10 | 000,797,696 | ---- | M] (ODSoft multimedia) -- C:\Programme\Sceneo\AbsolutTV\Services\ODSBC\ODSBCApp.exe
PRC - [2007.06.27 10:18:08 | 000,223,448 | ---- | M] (Intel(R) Corporation) -- C:\Programme\Intel\IntelDH\CCU\AlertService.exe
PRC - [2007.06.27 10:17:26 | 000,272,600 | ---- | M] (Intel(R) Corporation) -- C:\Programme\Intel\IntelDH\Intel Media Server\Media Server\bin\QualityManager.exe
PRC - [2007.06.27 10:17:12 | 000,446,680 | ---- | M] (Intel(R) Corporation) -- C:\Programme\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
PRC - [2007.06.27 10:16:02 | 000,157,912 | ---- | M] (Intel(R) Corporation) -- C:\Programme\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
PRC - [2007.06.27 10:15:14 | 000,059,096 | ---- | M] (Intel(R) Corporation) -- C:\Programme\Intel\IntelDH\Intel Media Server\Media Server\bin\issm.exe
PRC - [2007.06.27 10:14:46 | 000,317,656 | ---- | M] (Intel(R) Corporation) -- C:\Programme\Common Files\Intel\IntelDH\NMS\NMSCore\NMSCore.exe
PRC - [2007.06.27 10:14:40 | 000,439,512 | ---- | M] (Intel Corporation) -- C:\Programme\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe
PRC - [2007.06.27 10:13:56 | 000,268,504 | ---- | M] () -- C:\Programme\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
PRC - [2007.04.13 18:14:28 | 000,016,384 | ---- | M] (Empolis GmbH) -- C:\Programme\Medion\MEDIONbox\Program\GCS.exe
PRC - [2007.04.13 18:14:26 | 000,036,864 | ---- | M] (Empolis GmbH) -- c:\Programme\Common Files\Gnab\Service\ServiceController.exe
PRC - [2007.02.12 11:46:34 | 000,208,896 | ---- | M] () -- C:\Programme\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
PRC - [2007.01.11 06:02:00 | 000,113,664 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE
PRC - [2006.11.02 14:35:35 | 000,176,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wpcumi.exe
PRC - [2001.11.12 13:31:48 | 000,020,480 | ---- | M] (X10) -- C:\Programme\Common Files\X10\Common\X10nets.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.08.31 10:44:07 | 007,952,536 | ---- | M] () -- C:\Programme\WISO\Steuersoftware 2012\wgui12.dll
MOD - [2012.08.31 10:43:47 | 003,002,008 | ---- | M] () -- C:\Programme\WISO\Steuersoftware 2012\wcore12.dll
MOD - [2012.08.31 10:43:37 | 004,454,040 | ---- | M] () -- C:\Programme\WISO\Steuersoftware 2012\wauff12.dll
MOD - [2012.08.31 10:43:34 | 002,016,408 | ---- | M] () -- C:\Programme\WISO\Steuersoftware 2012\wfvie12.dll
MOD - [2012.08.31 10:43:12 | 001,649,816 | ---- | M] () -- C:\Programme\WISO\Steuersoftware 2012\wreli12.dll
MOD - [2012.08.31 10:43:11 | 001,550,488 | ---- | M] () -- C:\Programme\WISO\Steuersoftware 2012\wsteu12.dll
MOD - [2012.08.31 10:43:08 | 000,319,640 | ---- | M] () -- C:\Programme\WISO\Steuersoftware 2012\rsguiwinapi47.dll
MOD - [2012.08.31 10:43:06 | 000,275,096 | ---- | M] () -- C:\Programme\WISO\Steuersoftware 2012\rscorewinapi47.dll
MOD - [2012.08.31 10:42:59 | 001,380,504 | ---- | M] () -- C:\Programme\WISO\Steuersoftware 2012\mshaktuell.exe
MOD - [2012.08.31 10:42:52 | 000,135,832 | ---- | M] () -- C:\Programme\WISO\Steuersoftware 2012\rsodbc47.dll
MOD - [2012.08.31 10:42:49 | 000,028,672 | ---- | M] () -- C:\Programme\WISO\Steuersoftware 2012\rsdcom47.dll
MOD - [2012.06.14 14:40:43 | 000,240,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\9104e78d8897df008eed3a2af3bda6a2\WindowsFormsIntegration.ni.dll
MOD - [2012.06.14 14:38:45 | 011,820,032 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\508b444db523c5cf20ff12c7f440837b\System.Web.ni.dll
MOD - [2012.06.14 14:35:39 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\f2691cfa7671cdc58179e56ba9227591\System.Windows.Forms.ni.dll
MOD - [2012.06.14 14:35:29 | 001,592,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\18f9789aa214c657113e676b3a9015aa\System.Drawing.ni.dll
MOD - [2012.06.14 14:35:16 | 014,329,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\7343fbab1ba137db2f8b284047ef3f3c\PresentationFramework.ni.dll
MOD - [2012.06.14 14:34:51 | 012,219,392 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\7b6293b0c23321c255c2530aea8e32bb\PresentationCore.ni.dll
MOD - [2012.05.10 20:04:44 | 000,060,928 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\5fd0071c259b92078ced7cd752a14730\UIAutomationProvider.ni.dll
MOD - [2012.05.10 20:02:45 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\846b9cf2756fdd15f704c9bab9c70b6f\System.Runtime.Remoting.ni.dll
MOD - [2012.05.10 20:02:16 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\bd76aaaa03ddc15d1840207b5a480644\System.Configuration.ni.dll
MOD - [2012.05.10 19:59:37 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d2630342a066a7cb9056d9eb6157687a\System.Xml.ni.dll
MOD - [2012.05.10 19:58:57 | 002,295,296 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\0f2b877ed16daa577f95be735a63d19c\System.Core.ni.dll
MOD - [2012.05.10 19:58:54 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\c8c3ab08933fef9fb6657da871395c46\PresentationFramework.Aero.ni.dll
MOD - [2012.05.10 19:58:26 | 003,325,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\54426ee1881b42af5b090e223f43823c\WindowsBase.ni.dll
MOD - [2012.05.10 19:58:22 | 007,953,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\28d633338fc8d29f8af31935ef7d001b\System.ni.dll
MOD - [2012.05.10 19:58:11 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\af9c9e9d7e0523cd444f8b551baa9cbf\mscorlib.ni.dll
MOD - [2012.02.07 12:37:06 | 000,865,280 | ---- | M] () -- C:\Programme\WISO\Steuersoftware 2012\qtcluceners47.dll
MOD - [2012.02.07 12:37:06 | 000,271,872 | ---- | M] () -- C:\Programme\WISO\Steuersoftware 2012\phononrs47.dll
MOD - [2012.02.07 12:37:04 | 011,163,648 | ---- | M] () -- C:\Programme\WISO\Steuersoftware 2012\qtwebkitrs47.dll
MOD - [2012.02.07 12:37:02 | 000,108,544 | ---- | M] () -- C:\Programme\WISO\Steuersoftware 2012\qttestrs47.dll
MOD - [2012.02.07 12:37:00 | 001,340,416 | ---- | M] () -- C:\Programme\WISO\Steuersoftware 2012\qtscriptrs47.dll
MOD - [2012.02.07 12:36:58 | 002,395,648 | ---- | M] () -- C:\Programme\WISO\Steuersoftware 2012\qt3supportrs47.dll
MOD - [2012.02.07 12:36:58 | 000,720,896 | ---- | M] () -- C:\Programme\WISO\Steuersoftware 2012\qtsqlrs47.dll
MOD - [2012.02.07 12:36:58 | 000,281,088 | ---- | M] () -- C:\Programme\WISO\Steuersoftware 2012\qtsvgrs47.dll
MOD - [2012.02.07 12:36:56 | 000,358,400 | ---- | M] () -- C:\Programme\WISO\Steuersoftware 2012\qtxmlrs47.dll
MOD - [2012.02.07 12:36:54 | 008,934,400 | ---- | M] () -- C:\Programme\WISO\Steuersoftware 2012\qtguirs47.dll
MOD - [2012.02.07 12:36:54 | 002,356,736 | ---- | M] () -- C:\Programme\WISO\Steuersoftware 2012\qtcorers47.dll
MOD - [2012.02.07 12:36:54 | 000,990,208 | ---- | M] () -- C:\Programme\WISO\Steuersoftware 2012\qtnetworkrs47.dll
MOD - [2011.08.22 16:47:44 | 000,336,408 | ---- | M] () -- C:\Programme\Common Files\LogiShrd\LWSPlugins\LWS\Applets\CameraHelper\DevManagerCore.dll
MOD - [2011.08.12 13:19:40 | 000,680,984 | ---- | M] () -- C:\Programme\Common Files\LogiShrd\LQCVFX\COCIManager.exe
MOD - [2011.08.12 13:18:30 | 000,265,240 | ---- | M] () -- C:\Programme\Logitech\LWS\Webcam Software\CameraHelperShell.exe
MOD - [2011.03.10 04:14:02 | 000,037,376 | ---- | M] () -- C:\Windows\System32\atitmpxx.dll
MOD - [2011.03.09 23:05:10 | 000,243,712 | ---- | M] () -- C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
MOD - [2010.06.02 11:38:54 | 000,128,512 | ---- | M] () -- C:\Programme\1&1\1&1 EasyLogin\EasyLoginCrypt.dll
MOD - [2010.05.07 19:37:40 | 000,126,808 | ---- | M] () -- C:\Programme\Logitech\LWS\Webcam Software\ImageFormats\QJpeg4.dll
MOD - [2010.05.07 19:37:40 | 000,027,480 | ---- | M] () -- C:\Programme\Logitech\LWS\Webcam Software\ImageFormats\QGif4.dll
MOD - [2010.05.07 19:36:54 | 000,340,824 | ---- | M] () -- C:\Programme\Logitech\LWS\Webcam Software\QTXml4.dll
MOD - [2010.05.07 19:35:56 | 007,954,776 | ---- | M] () -- C:\Programme\Logitech\LWS\Webcam Software\QTGui4.dll
MOD - [2010.05.07 19:35:44 | 002,143,576 | ---- | M] () -- C:\Programme\Logitech\LWS\Webcam Software\QTCore4.dll
MOD - [2009.03.30 06:42:12 | 000,434,176 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll
MOD - [2009.03.30 06:42:12 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll
MOD - [2009.03.30 06:42:12 | 000,167,936 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Xml.resources\2.0.0.0_de_b77a5c561934e089\System.Xml.resources.dll
MOD - [2009.03.30 06:42:11 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2009.02.25 03:16:56 | 000,249,856 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\PresentationFramework.resources\3.0.0.0_de_31bf3856ad364e35\PresentationFramework.resources.dll
MOD - [2007.12.12 12:21:40 | 000,245,858 | ---- | M] () -- C:\Programme\HomeCinema\TV Enhance\Kernel\TV\CLCapEngine.dll
MOD - [2007.10.19 18:42:34 | 000,339,968 | ---- | M] () -- C:\Programme\HomeCinema\TV Enhance\Kernel\TV\CLTinyDB.dll
MOD - [2007.10.19 18:42:20 | 000,114,780 | ---- | M] () -- C:\Programme\HomeCinema\TV Enhance\Kernel\TV\CLSchMgr.dll
MOD - [2007.10.19 18:42:20 | 000,032,768 | ---- | M] () -- C:\Programme\HomeCinema\TV Enhance\Kernel\TV\CLCapSvcps.dll
 
 
========== Services (SafeList) ==========
 
SRV - File not found [Disabled | Stopped] -- C:\Program Files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe -- (swi_service)
SRV - [2012.10.08 22:38:17 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.09.07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.09.07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012.08.05 19:18:32 | 000,216,600 | ---- | M] (Sophos Limited) [On_Demand | Stopped] -- C:\Programme\Sophos\Sophos Anti-Virus\SAVAdminService.exe -- (SAVAdminService)
SRV - [2012.08.05 19:18:19 | 000,139,840 | ---- | M] (Sophos Limited) [On_Demand | Stopped] -- C:\Programme\Sophos\Sophos Anti-Virus\SavService.exe -- (SAVService)
SRV - [2012.01.18 07:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Programme\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)
SRV - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.11.08 21:29:38 | 001,053,848 | ---- | M] () [Auto | Running] -- C:\Windows\System32\ieconfig_1und1_svc.exe -- (serviceIEConfig)
SRV - [2011.10.21 16:23:42 | 000,196,176 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Programme\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011.10.13 18:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate)
SRV - [2011.07.20 06:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2011.03.10 04:50:30 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2010.03.18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2009.05.14 17:07:14 | 000,759,048 | ---- | M] (ABBYY) [Auto | Running] -- C:\Programme\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe -- (ABBYY.Licensing.FineReader.Sprint.9.0)
SRV - [2009.03.30 16:28:36 | 001,533,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2009.02.06 18:08:58 | 000,533,360 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2008.01.19 00:38:26 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008.01.19 00:36:50 | 000,365,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2008.01.19 00:36:16 | 000,167,936 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2008.01.19 00:33:40 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2007.10.25 17:09:18 | 000,087,344 | ---- | M] (AVM Berlin) [Auto | Running] -- C:\Programme\1&1\IGDCTRL.EXE -- (IGDCTRL)
SRV - [2007.10.19 18:42:38 | 000,290,909 | ---- | M] () [Auto | Running] -- C:\Programme\HomeCinema\TV Enhance\Kernel\TV\TVECapSvc.exe -- (TVECapSvc)
SRV - [2007.10.19 18:42:38 | 000,114,779 | ---- | M] () [Auto | Running] -- C:\Programme\HomeCinema\TV Enhance\Kernel\TV\TVESched.exe -- (TVESched)
SRV - [2007.10.09 00:19:22 | 000,358,936 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
SRV - [2007.09.07 04:17:48 | 000,071,208 | ---- | M] () [On_Demand | Stopped] -- C:\Programme\Haufe\iDesk\iDeskService\ideskservice.exe -- (HRService)
SRV - [2007.08.16 10:31:40 | 001,681,408 | ---- | M] (Buhl Data Service GmbH) [Auto | Running] -- C:\Programme\Sceneo\AbsolutTV\Services\PVR\pvrservice.exe -- (srvcPVR)
SRV - [2007.06.27 10:18:08 | 000,223,448 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\IntelDH\CCU\AlertService.exe -- (AlertService)
SRV - [2007.06.27 10:17:26 | 000,272,600 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\IntelDH\Intel Media Server\Media Server\bin\QualityManager.exe -- (QualityManager)
SRV - [2007.06.27 10:17:12 | 000,446,680 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe -- (Remote UI Service)
SRV - [2007.06.27 10:16:02 | 000,157,912 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe -- (MCLServiceATL)
SRV - [2007.06.27 10:15:28 | 000,039,640 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Intel\IntelDH\bin\DHTraceController.exe -- (DHTRACE)
SRV - [2007.06.27 10:15:14 | 000,059,096 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\IntelDH\Intel Media Server\Media Server\bin\issm.exe -- (ISSM)
SRV - [2007.06.27 10:14:46 | 000,317,656 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Common Files\Intel\IntelDH\NMS\NMSCore\NMSCore.exe -- (NMSCore)
SRV - [2007.06.27 10:13:56 | 000,268,504 | ---- | M] () [Auto | Running] -- C:\Programme\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe -- (M1 Server)
SRV - [2007.04.13 18:14:26 | 000,036,864 | ---- | M] (Empolis GmbH) [Auto | Running] -- c:\Programme\Common Files\Gnab\Service\ServiceController.exe -- (GnabService)
SRV - [2007.02.12 11:46:34 | 000,208,896 | ---- | M] () [Auto | Running] -- C:\Programme\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe -- (DQLWinService)
SRV - [2007.01.11 06:02:00 | 000,113,664 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE -- (EPSON_PM_RPCV4_01)
SRV - [2006.10.26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
SRV - [2005.11.17 16:18:52 | 001,527,900 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Programme\ALDI Sued Foto Service\Common\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
SRV - [2001.11.12 13:31:48 | 000,020,480 | ---- | M] (X10) [Auto | Running] -- C:\Programme\Common Files\X10\Common\X10nets.exe -- (x10nets)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - File not found [Kernel | Boot | Stopped] -- System32\drivers\injiojnj.sys -- (brdfnw)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2012.09.07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012.08.05 19:19:37 | 000,033,696 | ---- | M] (Sophos Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sdcfilter.sys -- (sdcfilter)
DRV - [2012.08.05 19:19:26 | 000,123,680 | ---- | M] (Sophos Limited) [File_System | System | Running] -- C:\Windows\System32\drivers\savonaccess.sys -- (SAVOnAccess)
DRV - [2012.04.09 15:02:24 | 000,031,736 | ---- | M] (Sophos Plc) [Kernel | System | Running] -- C:\Windows\System32\drivers\skmscan.sys -- (SKMScan)
DRV - [2012.04.09 15:01:08 | 000,022,536 | ---- | M] (Sophos Plc) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\SophosBootDriver.sys -- (SophosBootDriver)
DRV - [2012.01.18 07:44:52 | 004,332,960 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvuvc.sys -- (LVUVC)
DRV - [2012.01.18 07:44:28 | 000,312,096 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvrs.sys -- (LVRS)
DRV - [2011.03.10 05:32:38 | 007,770,624 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2011.03.10 05:32:38 | 007,770,624 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV - [2011.03.10 04:14:58 | 000,242,176 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2010.11.17 14:04:12 | 000,097,296 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AtihdLH3.sys -- (AtiHDAudioService)
DRV - [2010.05.07 19:43:30 | 000,025,824 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2010.01.21 01:59:58 | 000,020,864 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbdiag.sys -- (UsbDiag)
DRV - [2010.01.21 01:59:56 | 000,024,960 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbmodem.sys -- (USBModem)
DRV - [2010.01.21 01:59:56 | 000,013,056 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbbus.sys -- (usbbus)
DRV - [2009.09.29 08:11:22 | 000,012,160 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\lgbtport.sys -- (LgBttPort)
DRV - [2009.09.29 08:11:20 | 000,012,928 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\lgvmodem.sys -- (LGVMODEM)
DRV - [2009.09.29 08:11:20 | 000,010,496 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\lgbtbus.sys -- (lgbusenum)
DRV - [2009.04.11 06:42:52 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (winusb)
DRV - [2008.01.08 09:17:08 | 001,302,368 | ---- | M] (NXP Semiconductors Germany GmbH) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\3xHybrid.sys -- (3xHybrid)
DRV - [2007.10.15 18:13:27 | 000,005,632 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntelDH.sys -- (IntelDH)
DRV - [2007.09.21 10:38:22 | 000,554,496 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netr28u.sys -- (netr28u)
DRV - [2007.06.27 10:17:46 | 000,014,552 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Programme\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.sys -- (TSHWMDTCP)
DRV - [2007.06.19 11:37:58 | 000,229,248 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express)
DRV - [2007.02.18 20:34:50 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\nmsunidr.sys -- (nmsunidr)
DRV - [2006.11.30 15:18:18 | 000,027,416 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\x10ufx2.sys -- (XUIF)
DRV - [2006.11.17 10:31:04 | 000,013,976 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\x10hid.sys -- (X10Hid)
DRV - [2006.11.10 15:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\afc.sys -- (Afc)
 
 
========== Standard Registry (All) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =  [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = hxxp://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
IE - HKLM\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsoft.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDA
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2528046
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://home.1und1.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsoft.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IEFM1&src=IE-SearchBox
IE - HKCU\..\SearchScopes\{528E6CA1-57D6-4DAE-8B80-1C83C74D6542}: "URL" = hxxp://go.web.de/suchbox/ebay?query={searchTerms}
IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://go.web.de/suchbox/google?q={searchTerms}&rlz=1I7MEDA_de
IE - HKCU\..\SearchScopes\{73A1DCF5-99D7-4C03-B6AE-C225AB842EBF}: "URL" = hxxp://go.1und1.de/suchbox/amazon?tag=1und1icon-21&field-keywords={searchTerms}
IE - HKCU\..\SearchScopes\{E08A9998-D98F-476f-8F5C-37C80FE0A4DA}: "URL" = hxxp://search.conduit.com/?SearchSource=10&ctid=CT2528046
IE - HKCU\..\SearchScopes\{E57BF21B-23A5-4E45-8D21-7B4D48A065FA}: "URL" = hxxp://go.1und1.de/suchbox/1und1suche?su={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8064.0206: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.3088: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.3146: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.11.3006: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2008.01.23 14:42:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009.06.25 20:28:39 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Thunderbird\Extensions\\{0E810812-F4BB-4309-942A-755587587A5E}: C:\Program Files\BullGuard Software\BullGuard\antispam\tbspamfilter
 
 
O1 HOSTS File: ([2012.10.10 20:09:43 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Programme\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (no name) - {39EA7695-B3F2-4C44-A4BC-297ADA8FD235} - No CLSID value found.
O2 - BHO: (Windows Live ID-Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Programme\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsoft.dll (Conduit Ltd.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (1&&1 Internet AG Browser Configuration by mquadr.at) - {D48FF4B4-E68F-47D1-8E25-81A0F0EEB341} - C:\Windows\System32\ieconfig_1und1.dll (mquadr.at software engineering und consulting GmbH)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Programme\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Programme\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O3 - HKLM\..\Toolbar: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsoft.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (softonic-de3 Toolbar) - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - C:\Programme\softonic-de3\tbsoft.dll (Conduit Ltd.)
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [CCUTRAYICON] C:\Programme\Intel\IntelDH\CCU\CCU_TrayIcon.exe (Intel(R) Corporation)
O4 - HKLM..\Run: [EEventManager] C:\Program Files\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [LWS] C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Programme\Common Files\Nero\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [NMSSupport] C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe (Intel Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Skytel] C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TVBroadcast] C:\Programme\Sceneo\AbsolutTV\Services\ODSBC\ODSBCApp.exe (ODSoft multimedia)
O4 - HKLM..\Run: [TVEService] C:\Program Files\HomeCinema\TV Enhance\TVEService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [WPCUMI] C:\Windows\System32\wpcumi.exe (Microsoft Corporation)
O4 - HKCU..\Run: [1&1 EasyLogin] C:\Programme\1&1\1&1 EasyLogin\EasyLogin.exe (1&1 Internet AG)
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKCU..\Run: [ehTray.exe] C:\Windows\ehome\ehtray.exe (Microsoft Corporation)
O4 - HKCU..\Run: [EPSON SX125 Series] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIGGE.EXE (SEIKO EPSON CORPORATION)
O4 - HKCU..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: BindDirectlyToPropertySetStorage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Marcel\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm ()
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4 File not found
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4 File not found
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\System32\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\System32\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\System32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\1&1\\sarah.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\1&1\sarah.dll (AVM Berlin)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\1&1\sarah.dll (AVM Berlin)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\1&1\sarah.dll (AVM Berlin)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000032 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000033 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000034 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000035 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000036 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000037 - C:\Program Files\1&1\sarah.dll (AVM Berlin)
O15 - HKCU\..Trusted Domains: fritz.box ([]* in Lokales Intranet)
O15 - HKCU\..Trusted Ranges: Range1 ([*] in Lokales Intranet)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/5/b/0/5b0d4654-aa20-495c-b89f-c1c34c691085/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {7527E129-A524-434A-A337-8C19F6F25C91} https://shop.aldisued-fotos-druck.de/shop/activex/aldi_sued_express_upload.cab (AldiSuedActiveFormX Element)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} hxxp://game.zylom.com/activex/zylomgamesplayer.cab (Zylom Games Player)
O16 - DPF: {CAC677B6-4963-4305-9066-0BD135CD9233} hxxp://as.photoprintit.de/ips-opdata/layout/default01/activex/IPSUploader4.cab (IPSUploader4 Control)
O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab (Java Plug-in 1.6.0_04)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DB635D00-411D-4383-B27A-33B7FDFB8462}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\System32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Sophos\SOPHOS~1\sophos_detoured.dll) - C:\Programme\Sophos\Sophos Anti-Virus\sophos_detoured.dll (Sophos Limited)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\Windows\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\Windows\System32\sysdm.cpl (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\System32\webcheck.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\Windows\System32\browseui.dll (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img20.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img20.jpg
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\System32\credssp.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\Windows\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\System32\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\System32\tspkg.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006.11.02 22:00:00 | 000,000,043 | R--- | M] () - H:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.10.14 22:13:18 | 000,000,000 | ---D | C] -- C:\Medion
[2012.10.13 13:44:48 | 000,000,000 | -HSD | C] -- C:\ProgramData\{32364CEA-7855-4A3C-B674-53D8E9B97936}
[2012.10.13 13:44:48 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2012.10.11 18:26:34 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012.10.10 20:09:49 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012.10.10 19:34:11 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012.10.10 19:34:11 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012.10.10 19:34:11 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012.10.10 19:33:34 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012.10.10 19:32:37 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012.10.10 19:30:49 | 004,766,088 | R--- | C] (Swearware) -- C:\Users\Marcel\Desktop\ComboFix.exe
[2012.10.08 22:35:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2012.10.08 22:35:06 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2012.10.07 17:42:30 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Marcel\Desktop\OTL.exe
[2012.10.07 17:15:04 | 000,696,760 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012.10.07 17:15:04 | 000,073,656 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012.10.06 12:41:58 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2012.10.04 20:28:12 | 000,000,000 | ---D | C] -- C:\Users\Marcel\AppData\Roaming\ATI
[2012.10.04 20:28:12 | 000,000,000 | ---D | C] -- C:\Users\Marcel\AppData\Local\ATI
[2012.10.04 20:28:12 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2012.10.04 20:28:10 | 000,000,000 | ---D | C] -- C:\Program Files\AMD APP
[2012.10.04 20:27:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center
[2012.10.04 20:10:42 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ATI Technologies
[2012.10.04 19:53:17 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies
[2012.10.04 19:53:13 | 000,000,000 | ---D | C] -- C:\Program Files\ATI
[2012.10.04 19:51:50 | 000,000,000 | ---D | C] -- C:\AMD
[2012.09.30 12:28:54 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2012.09.25 20:26:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.09.25 20:26:29 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.09.23 13:40:22 | 000,000,000 | ---D | C] -- C:\Users\Marcel\AppData\Roaming\Malwarebytes
[2012.09.23 13:40:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.09.23 13:40:13 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[1 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.10.14 22:44:01 | 000,638,510 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.10.14 22:44:01 | 000,604,126 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.10.14 22:44:01 | 000,130,462 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.10.14 22:44:01 | 000,107,562 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.10.14 22:38:35 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.10.14 22:36:36 | 000,003,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.10.14 22:36:35 | 000,003,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.10.14 22:36:32 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.10.14 22:36:30 | 1608,699,904 | -HS- | M] () -- C:\hiberfil.sys
[2012.10.14 22:32:14 | 000,000,362 | ---- | M] () -- C:\Users\Marcel\Desktop\Download - Verknüpfung.lnk
[2012.10.14 20:43:01 | 000,008,592 | ---- | M] () -- C:\Users\Marcel\AppData\Local\d3d9caps.dat
[2012.10.12 18:58:28 | 224,451,204 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012.10.10 20:09:43 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012.10.10 19:30:51 | 004,766,088 | R--- | M] (Swearware) -- C:\Users\Marcel\Desktop\ComboFix.exe
[2012.10.08 22:42:13 | 000,009,305 | ---- | M] () -- C:\Users\Marcel\Desktop\Logs.zip
[2012.10.08 22:38:17 | 000,696,760 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012.10.08 22:38:16 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012.10.07 18:35:01 | 000,302,592 | ---- | M] () -- C:\Users\Marcel\Desktop\mvlqyosl.exe
[2012.10.07 17:42:31 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Marcel\Desktop\OTL.exe
[2012.10.07 17:36:50 | 000,050,477 | ---- | M] () -- C:\Users\Marcel\Desktop\Defogger.exe
[2012.10.07 14:44:31 | 000,000,000 | ---- | M] () -- C:\Users\Marcel\defogger_reenable
[2012.10.07 10:46:57 | 000,000,300 | ---- | M] () -- C:\Users\Marcel\Documents\cc_20121007_104654.reg
[2012.10.06 13:12:33 | 000,007,298 | ---- | M] () -- C:\Users\Marcel\Documents\cc_20121006_131225_2.reg
[2012.10.06 12:31:11 | 000,017,624 | ---- | M] () -- C:\Users\Marcel\Documents\cc_20121006_123106.reg
[2012.10.04 20:21:15 | 000,000,000 | ---- | M] () -- C:\Windows\ativpsrm.bin
[2012.10.01 18:21:28 | 000,000,392 | ---- | M] () -- C:\Users\Marcel\Documents\cc_20121001_182120.reg
[2012.09.30 20:54:42 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2012.09.30 20:54:35 | 000,001,355 | ---- | M] () -- C:\Windows\WISO.INI
[2012.09.30 11:58:19 | 000,000,432 | ---- | M] () -- C:\Users\Marcel\Documents\cc_20120930_115812.reg
[2012.09.28 23:09:35 | 000,000,836 | ---- | M] () -- C:\Users\Marcel\Documents\cc_20120928_230927_2.reg
[2012.09.28 21:05:11 | 000,001,182 | ---- | M] () -- C:\Users\Marcel\Documents\cc_20120928_210506.reg
[2012.09.28 17:46:36 | 000,383,616 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.09.28 17:02:03 | 000,004,884 | ---- | M] () -- C:\Users\Marcel\Documents\cc_20120928_170146.reg
[2012.09.28 17:01:21 | 000,237,094 | ---- | M] () -- C:\Users\Marcel\Documents\cc_20120928_170045.reg
[2012.09.25 20:26:32 | 000,000,957 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[1 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.10.14 22:32:14 | 000,000,362 | ---- | C] () -- C:\Users\Marcel\Desktop\Download - Verknüpfung.lnk
[2012.10.14 22:22:44 | 1608,699,904 | -HS- | C] () -- C:\hiberfil.sys
[2012.10.10 19:34:11 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012.10.10 19:34:11 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012.10.10 19:34:11 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012.10.10 19:34:11 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012.10.10 19:34:11 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012.10.08 22:42:13 | 000,009,305 | ---- | C] () -- C:\Users\Marcel\Desktop\Logs.zip
[2012.10.07 18:35:01 | 000,302,592 | ---- | C] () -- C:\Users\Marcel\Desktop\mvlqyosl.exe
[2012.10.07 17:36:50 | 000,050,477 | ---- | C] () -- C:\Users\Marcel\Desktop\Defogger.exe
[2012.10.07 17:15:05 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.10.07 14:44:31 | 000,000,000 | ---- | C] () -- C:\Users\Marcel\defogger_reenable
[2012.10.07 10:46:56 | 000,000,300 | ---- | C] () -- C:\Users\Marcel\Documents\cc_20121007_104654.reg
[2012.10.06 14:18:26 | 000,000,966 | ---- | C] () -- C:\Users\Marcel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk
[2012.10.06 14:06:24 | 224,451,204 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012.10.06 13:12:32 | 000,007,298 | ---- | C] () -- C:\Users\Marcel\Documents\cc_20121006_131225_2.reg
[2012.10.06 12:31:09 | 000,017,624 | ---- | C] () -- C:\Users\Marcel\Documents\cc_20121006_123106.reg
[2012.10.04 20:21:15 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012.10.01 18:21:24 | 000,000,392 | ---- | C] () -- C:\Users\Marcel\Documents\cc_20121001_182120.reg
[2012.09.30 15:29:08 | 000,001,957 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WISO Mein Steuer-Sparbuch heute.lnk
[2012.09.30 11:58:17 | 000,000,432 | ---- | C] () -- C:\Users\Marcel\Documents\cc_20120930_115812.reg
[2012.09.28 23:09:33 | 000,000,836 | ---- | C] () -- C:\Users\Marcel\Documents\cc_20120928_230927_2.reg
[2012.09.28 21:05:08 | 000,001,182 | ---- | C] () -- C:\Users\Marcel\Documents\cc_20120928_210506.reg
[2012.09.28 17:01:51 | 000,004,884 | ---- | C] () -- C:\Users\Marcel\Documents\cc_20120928_170146.reg
[2012.09.28 17:00:52 | 000,237,094 | ---- | C] () -- C:\Users\Marcel\Documents\cc_20120928_170045.reg
[2012.09.25 20:26:32 | 000,000,957 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.01.18 07:44:00 | 010,920,984 | ---- | C] () -- C:\Windows\System32\LogiDPP.dll
[2012.01.18 07:44:00 | 000,336,408 | ---- | C] () -- C:\Windows\System32\DevManagerCore.dll
[2012.01.18 07:44:00 | 000,104,472 | ---- | C] () -- C:\Windows\System32\LogiDPPApp.exe
[2011.11.08 21:29:38 | 001,053,848 | ---- | C] () -- C:\Windows\System32\ieconfig_1und1_svc.exe
[2011.09.15 20:27:43 | 000,082,823 | ---- | C] () -- C:\Users\Marcel\phase-6-backpack-all-2011-09-15.p6a
[2011.08.12 13:20:14 | 000,015,896 | ---- | C] () -- C:\Windows\System32\drivers\iKeyLFT2.dll
[2011.07.26 07:48:54 | 000,028,418 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2011.04.13 18:37:54 | 000,046,416 | ---- | C] () -- C:\Users\Marcel\Sophos_Installation.pdf
[2011.03.10 04:14:02 | 000,037,376 | ---- | C] () -- C:\Windows\System32\atitmpxx.dll
[2011.03.09 22:59:14 | 000,059,904 | ---- | C] () -- C:\Windows\System32\OVDecode.dll
[2011.03.01 20:07:08 | 000,003,949 | ---- | C] () -- C:\Windows\System32\atipblag.dat
[2011.03.01 00:30:06 | 000,233,012 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2010.05.23 14:33:29 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2008.07.20 13:56:07 | 000,041,984 | ---- | C] () -- C:\Users\Marcel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.03.11 18:39:37 | 000,008,592 | ---- | C] () -- C:\Users\Marcel\AppData\Local\d3d9caps.dat
[2008.03.07 19:22:33 | 000,000,680 | RHS- | C] () -- C:\Users\Marcel\ntuser.pol
[2008.03.06 19:11:02 | 000,000,094 | ---- | C] () -- C:\Users\Marcel\AppData\Local\fusioncache.dat
 
========== ZeroAccess Check ==========
 
[2006.11.02 14:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 19:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 08:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 08:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 147 bytes -> C:\ProgramData\TEMP:E1F04E8D
@Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:4CF61E54
@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:99AC3203
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:063969F8

< End of report >
--- --- ---


Hier OTL.Extra Log:OTL Logfile:
Code:
OTL Extras logfile created on: 14.10.2012 23:02:10 - Run 5
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\Marcel\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,50 Gb Total Physical Memory | 0,43 Gb Available Physical Memory | 28,48% Memory free
3,25 Gb Paging File | 1,86 Gb Available in Paging File | 57,11% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 445,76 Gb Total Space | 363,37 Gb Free Space | 81,52% Space Free | Partition Type: NTFS
Drive D: | 19,99 Gb Total Space | 9,50 Gb Free Space | 47,52% Space Free | Partition Type: FAT32
Drive H: | 2,41 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive I: | 1862,56 Gb Total Space | 1855,45 Gb Free Space | 99,62% Space Free | Partition Type: FAT32
Drive J: | 7,52 Gb Total Space | 5,46 Gb Free Space | 72,64% Space Free | Partition Type: FAT32
 
Computer Name: MARCEL-PC | User Name: Marcel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [CEWE FOTOSCHAU] -- "C:\Program Files\dm\dm-Fotowelt\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [dm-Fotowelt] -- "C:\Program Files\dm\dm-Fotowelt\dm-Fotowelt.exe" "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
"" =
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0294BB2F-6178-459D-8C46-8D1C40D6AD6B}" = rport=445 | protocol=6 | dir=out | app=system |
"{057550CC-1C7E-4C7B-A2F8-3A8DDC978C8C}" = lport=138 | protocol=17 | dir=in | app=system |
"{08E024BB-596A-4DFF-A430-159062EB67CE}" = lport=10243 | protocol=6 | dir=in | app=system |
"{09A0479D-6FEC-44EC-AE35-A11F3555DF76}" = lport=9442 | protocol=17 | dir=in | name=intel(r) viiv(tm) media server discovery |
"{19A5737B-0BEE-43C8-BCD3-3CC714AA4FD3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{25B9D31D-64EC-44F5-900B-17177C3E5D3C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{295EF879-34FC-4A05-A484-51AA1443280E}" = lport=445 | protocol=6 | dir=in | app=system |
"{2FA65B31-3A9D-4C20-AFC6-469495F0EF44}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{322E51A0-10F3-450C-93B5-9DD0396DBD55}" = rport=138 | protocol=17 | dir=out | app=system |
"{4084E937-EAAA-47EE-9520-7BE7CE434C09}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{4BF5EB07-06A2-40E2-B5B6-244EF5C49A0F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{4E0A7419-B129-4287-A27F-2E1E5726A5D2}" = lport=139 | protocol=6 | dir=in | app=system |
"{5456EA1E-AF45-48BD-9C96-AB99A6CCF1D9}" = lport=139 | protocol=6 | dir=in | app=system |
"{61D83676-E102-4F3C-8E78-4C9286974FF7}" = lport=445 | protocol=6 | dir=in | app=system |
"{61DB2FC2-9BE4-4981-83A3-DB5C74DCB9FA}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{6364B77A-8796-4078-B3CC-5963A3E70B4F}" = rport=139 | protocol=6 | dir=out | app=system |
"{6EFD3216-D4DB-448C-81DA-E8838C66FFD2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{6FE754F2-52C7-4FBF-96F3-678553F8D52B}" = lport=137 | protocol=17 | dir=in | app=system |
"{769EEBF4-D87F-40D9-AB62-F6416984AC0B}" = lport=1900 | protocol=17 | dir=in | name=intel(r) viiv(tm) media server upnp discovery |
"{7C7BD74E-D59D-40F9-8481-A74C4729E9DD}" = rport=138 | protocol=17 | dir=out | app=system |
"{86444BB3-291D-4D31-A046-BB4AA3243C28}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{95866EEE-4401-43FD-8CF3-D54CF9E4CE03}" = rport=445 | protocol=6 | dir=out | app=system |
"{A1EE12DC-BEBB-4437-B0FB-A4B7EBB2F3E0}" = rport=137 | protocol=17 | dir=out | app=system |
"{A3AFB056-C1C9-4FC1-B3F8-3338A6EA7BC1}" = lport=138 | protocol=17 | dir=in | app=system |
"{AF8150A9-8B4A-4262-900E-D368942052B3}" = lport=2869 | protocol=6 | dir=in | app=system |
"{BE10AB93-C4A6-464B-BE93-069E778BFF99}" = rport=10243 | protocol=6 | dir=out | app=system |
"{C232D951-55E7-4D04-9346-F88A07FC0B22}" = lport=137 | protocol=17 | dir=in | app=system |
"{C428A183-FD79-40B5-990D-895328F43AC8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{CF0676E6-E2EC-438A-9741-7029DEBD00CE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{DCF7BE07-B9C5-4493-A8F8-38FEE6205650}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{F4D0E2F8-4284-4440-B48B-D4FDF160C64E}" = rport=139 | protocol=6 | dir=out | app=system |
"{F534D21D-02A4-4E48-A237-A3745ED5E6D3}" = rport=137 | protocol=17 | dir=out | app=system |
"{F9C1EEE5-72B7-40C6-BC7C-64E9DF7DEB39}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{003C7A18-60D9-4C89-94D8-DE42C1AA1D76}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{02A4D600-582A-4C14-ADFE-C125CF0CB18F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{0C346788-421B-44B7-81A9-1F7973A9456E}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{11A0AE7E-F2EB-42C8-9D13-DC2C76618033}" = protocol=17 | dir=in | app=c:\program files\intel\inteldh\intel media server\media server\bin\tshwmdtcp.exe |
"{13AD2E8B-1AD6-47CD-975D-FB6A7EF6B8B1}" = protocol=6 | dir=in | app=c:\program files\intel\inteldh\intel media server\media server\bin\mediaserver.exe |
"{1473D86F-6F04-46A3-9153-CD04272511DC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{1DCEA844-D992-4FE2-8312-8540CE4D2A9A}" = dir=in | app=c:\program files\homecinema\tv enhance\tveservice.exe |
"{26EA734F-2015-42B9-872C-12B2C8E66F8A}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{2A7D534A-8223-41EC-8C7B-3C401FC2698B}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{2E3EB76D-112D-4A1F-91A7-D7A13B4FA2A0}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{3370C3A2-A23A-4FEA-9D69-0200C24A2971}" = dir=in | app=c:\program files\homecinema\powerdirector\pdr.exe |
"{3F65BD85-2B6A-47FC-A27D-1C6A3AC7B70E}" = protocol=17 | dir=in | app=c:\program files\1&1\webwaigd.exe |
"{4476559C-A05F-42CF-BDC8-E6D7F9F44CD0}" = dir=in | app=c:\program files\homecinema\powerdvd\powerdvd.exe |
"{449E8AA4-26BF-495F-9604-0BCE9B76CF26}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{4849799C-D8E9-4360-8F9A-6B5F2BCC7EA4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{4BBAB83A-F15F-4A5A-8065-0FEA691F756B}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{528773B3-F9C5-42B3-B101-E0447E3CD334}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{56E808A1-BFD0-4B79-B567-B9FA848D697F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{61FB8AD2-C831-45AB-9DFB-D685C3A8300D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{62F27534-2769-4D2F-B42F-E96E62F64F44}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{64DCE4E0-BE06-4BB5-8602-7760B09F65F3}" = protocol=6 | dir=in | app=c:\program files\intel\inteldh\intel media server\shells\remote ui service.exe |
"{65901CFC-D156-4C8F-90EA-C26D256CA195}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{68F6992D-6E9D-4F14-88EC-3E0B8BEC7EFF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{6B38C43C-14D6-43C3-B896-F038B0B1203D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{6BEC0D4C-61EF-44C4-9A57-4E569F4BA5E3}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{734AC65E-2775-468E-A6CE-979122036A08}" = protocol=17 | dir=in | app=h:\fsetup.exe |
"{74AE3881-A08F-4D6C-92F5-BA82438DC2B4}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{76082DA0-6E46-4F75-A565-F9CFB551C225}" = protocol=17 | dir=in | app=c:\program files\1&1\igdctrl.exe |
"{7D3CF706-04B0-4A39-84FC-3B34E4017780}" = protocol=17 | dir=in | app=c:\program files\intel\inteldh\intel media server\shells\remote ui service.exe |
"{8629C8B0-DBE6-4B8D-B923-2C905AF1DD79}" = protocol=17 | dir=in | app=c:\program files\1&1\fboxupd.exe |
"{8642AF85-31DC-4BB3-8E9D-1E478C224084}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{8A1E2924-E398-44DB-87DF-58D64099B0DD}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{9B3530A5-683A-421A-A3C7-F67F3402E6B3}" = dir=in | app=c:\program files\homecinema\makedisc\makedisc.exe |
"{A5589677-56C4-46C1-A86B-1F0B5425786F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A58A2856-F35E-4AAC-B2DE-8C258BE37DF6}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{A5DBEF80-9F91-48E1-8C1A-56E48A5C0AD3}" = dir=in | app=c:\program files\homecinema\tv enhance\tvenhance.exe |
"{AB3FBA72-52C3-4476-9A38-230DBE05659B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{AD172DD0-8A75-475F-859A-EE2207CD67E9}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{AF93AF02-04B8-46AA-8D3F-23B2ACCA0FF2}" = protocol=6 | dir=in | app=c:\program files\1&1\fboxupd.exe |
"{B3C788DD-79AF-4194-9904-45B4CE6A02B8}" = protocol=6 | dir=in | app=c:\program files\1&1\webwaigd.exe |
"{BC7833D1-AE4B-4CAB-BDD5-6EA587E5C763}" = protocol=6 | dir=out | app=system |
"{C0A5AFEC-6312-42ED-8713-34CAAAA77A0C}" = protocol=6 | dir=in | app=c:\program files\1&1\igdctrl.exe |
"{CE504808-152F-4073-8BB9-0F8E7C4D30C6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{D3648D1D-2BA3-4973-9B7E-EDC907B6E342}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D383F04C-5757-4FE6-90E7-B48D22CB8919}" = protocol=17 | dir=in | app=c:\program files\intel\inteldh\intel media server\media server\bin\mediaserver.exe |
"{D6521828-1E8E-41AF-8429-878FDB0E1826}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{DB063FDC-3DF9-4103-9B9B-8CD9AB3360B7}" = protocol=6 | dir=in | app=h:\fsetup.exe |
"{E8715BB0-E132-4617-B344-62E03BFE2C1C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{E926E57D-011D-4F63-BCC5-FFCFDC28D091}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{EFA98652-B437-42AA-B7D3-EFFD71ED4ECD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F7DCF881-DB9D-4779-8D1C-CCCBAC7C73FF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{FAE57EDA-E71F-4905-976F-FF8091FB39CD}" = protocol=6 | dir=in | app=c:\program files\intel\inteldh\intel media server\media server\bin\tshwmdtcp.exe |
"{FCBC9D99-3A70-4489-977E-07839FCAB27F}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"TCP Query User{0C0A775F-A069-401F-99CA-8ADF1CFA9399}C:\games\world_of_tanks\wotlauncher.exe" = protocol=6 | dir=in | app=c:\games\world_of_tanks\wotlauncher.exe |
"TCP Query User{0F37A178-31A2-4673-81B6-618A61CFC4B6}C:\users\andrea\appdata\local\temp\temp1_fritz.box_wlan_7390_84.04.83.recoverimage.zip\fritz.box_wlan_7390_84.04.83.recoverimage.exe" = protocol=6 | dir=in | app=c:\users\andrea\appdata\local\temp\temp1_fritz.box_wlan_7390_84.04.83.recoverimage.zip\fritz.box_wlan_7390_84.04.83.recoverimage.exe |
"TCP Query User{16422206-99F4-487A-8C07-172B0F213324}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe |
"TCP Query User{1DE2DC97-93AD-4B87-87ED-C72FCA8068B4}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe |
"TCP Query User{2AE5099C-EE31-470C-B7B1-D53B2CC3746D}C:\program files\java\jre1.6.0_04\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre1.6.0_04\bin\javaw.exe |
"TCP Query User{323AAD4B-3F27-4B22-A0B3-762A5D9E0F8E}C:\users\andrea\appdata\local\temp\temp1_fritz.box_wlan_7390_84.04.83.recoverimage.zip\fritz.box_wlan_7390_84.04.83.recoverimage.exe" = protocol=6 | dir=in | app=c:\users\andrea\appdata\local\temp\temp1_fritz.box_wlan_7390_84.04.83.recoverimage.zip\fritz.box_wlan_7390_84.04.83.recoverimage.exe |
"TCP Query User{46E17AA6-B9F3-420A-AEA5-36587E1F8FB0}C:\users\marcel\appdata\local\temp\temp1_fritz.box_wlan_7390_84.04.83.recoverimage.zip\fritz.box_wlan_7390_84.04.83.recoverimage.exe" = protocol=6 | dir=in | app=c:\users\marcel\appdata\local\temp\temp1_fritz.box_wlan_7390_84.04.83.recoverimage.zip\fritz.box_wlan_7390_84.04.83.recoverimage.exe |
"TCP Query User{8037CC3B-E185-47FB-8A89-FD3379CDD4A8}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{B67FD5AF-D3C8-4144-87F2-75359D277707}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{F75F887A-A8F0-4BAA-A5DA-24DE61D703C8}C:\games\world_of_tanks\worldoftanks.exe" = protocol=6 | dir=in | app=c:\games\world_of_tanks\worldoftanks.exe |
"UDP Query User{0F277BE9-6581-4236-9025-F57221EC3122}C:\users\andrea\appdata\local\temp\temp1_fritz.box_wlan_7390_84.04.83.recoverimage.zip\fritz.box_wlan_7390_84.04.83.recoverimage.exe" = protocol=17 | dir=in | app=c:\users\andrea\appdata\local\temp\temp1_fritz.box_wlan_7390_84.04.83.recoverimage.zip\fritz.box_wlan_7390_84.04.83.recoverimage.exe |
"UDP Query User{2FB06911-6D87-4D52-A9DF-31F0E0D79AFB}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe |
"UDP Query User{35BBD58B-74BE-409B-A963-675F42597BC7}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{72CFE1D7-B883-4724-BC08-93A429CB827D}C:\games\world_of_tanks\wotlauncher.exe" = protocol=17 | dir=in | app=c:\games\world_of_tanks\wotlauncher.exe |
"UDP Query User{72D61F70-8AC8-40AE-BAD9-DE43B8D4CBB8}C:\users\andrea\appdata\local\temp\temp1_fritz.box_wlan_7390_84.04.83.recoverimage.zip\fritz.box_wlan_7390_84.04.83.recoverimage.exe" = protocol=17 | dir=in | app=c:\users\andrea\appdata\local\temp\temp1_fritz.box_wlan_7390_84.04.83.recoverimage.zip\fritz.box_wlan_7390_84.04.83.recoverimage.exe |
"UDP Query User{75B30160-B70B-4E99-8BC9-58ADA4DC8D24}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe |
"UDP Query User{85F6561C-0121-42F3-8D5F-2D504510E08B}C:\program files\java\jre1.6.0_04\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre1.6.0_04\bin\javaw.exe |
"UDP Query User{900BE098-E275-4366-8215-2B768142901C}C:\users\marcel\appdata\local\temp\temp1_fritz.box_wlan_7390_84.04.83.recoverimage.zip\fritz.box_wlan_7390_84.04.83.recoverimage.exe" = protocol=17 | dir=in | app=c:\users\marcel\appdata\local\temp\temp1_fritz.box_wlan_7390_84.04.83.recoverimage.zip\fritz.box_wlan_7390_84.04.83.recoverimage.exe |
"UDP Query User{AE5B0358-4B06-4515-B37F-F59C77497F28}C:\games\world_of_tanks\worldoftanks.exe" = protocol=17 | dir=in | app=c:\games\world_of_tanks\worldoftanks.exe |
"UDP Query User{E7A69C73-6DF4-46D4-B71C-977B71283700}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00B3F965-1344-C16B-D865-7600B8A6B26E}" = CCC Help English
"{02F0B8AE-7501-4333-AFBE-6BAABFEC7637}" = WISO Steuer-Sparbuch 2011
"{03B8AA32-F23C-4178-B8E6-09ECD07EAA47}" = Epson Event Manager
"{03B8CE84-7338-472A-18D7-2E63E7E925DE}" = CCC Help French
"{043671DC-DE3A-4A5B-B7A2-34F7DF6F5523}" = Haufe iDesk-Browser
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video
"{0CC1DAFB-40C8-4903-953D-471E541477C7}" = WISO Steuer-Sparbuch 2012
"{10798AE3-DCBB-43C3-9C93-C23512427E25}" = Die Sims Deluxe
"{10A44844-4465-456E-8C97-80BDD4F68845}" = Windows Live ID-Anmelde-Assistent
"{119B7481-0216-40D2-A5CC-C3E1F461ECC1}" = Windows Live Fotogalerie
"{11AFE21E-B193-430D-B57A-DFF7815BB962}" = Ulead PhotoImpact 12
"{138A4072-9E64-46BD-B5F9-DB2BB395391F}" = LWS VideoEffects
"{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi
"{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main
"{174A3B31-4C43-43DD-866F-73C9DB887B48}" = LWS Twitter
"{1767EB45-F1E9-2444-2433-A1A94F626026}" = CCC Help Italian
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18B59625-5EEE-11D7-94C8-00E0988C417C}" = Skillies Demoversion
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
"{19A492A0-888F-44A0-9B21-D91700763F62}" = Catalyst Control Center - Branding
"{1BB0E97A-1371-6B9D-E1CB-D5CACF3668C8}" = CCC Help German
"{1DB7D9D1-CC2D-D8BB-4F8A-1FC0BF98DC2C}" = CCC Help Chinese Standard
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 24
"{27FDF949-69CE-435A-8372-339F72336AC5}" = MEDIONbox
"{29ED20C9-5E15-4969-9279-25BF3727A3DA}" = iTunes
"{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}" = EPSON Scan Assistant
"{2E636AA0-43EB-D218-79D4-BD3B0847545C}" = CCC Help Czech
"{2EB81825-E9EE-44F4-8F51-1240C3898DC6}" = EPSON File Manager
"{2EF095CE-24AF-4AAA-BB82-85F988EC51C0}" = 1und1 Internet Explorer Add-On
"{3248F0A8-6813-11D6-A77B-00B0D0160040}" = Java(TM) 6 Update 4
"{355FBF6C-31EB-C660-F07A-1CC93975A5CA}" = HydraVision
"{38B7F5C6-53F4-D852-9C0F-534C1F9492A7}" = ccc-utility
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{39F58DDB-B2B8-4B86-AF20-4706A80EB30D}" = Epson Easy Photo Print 2
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3B7458C7-3F03-4415-AC39-D51EDEACDCCC}" = Steuer 2007
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D1654FA-58EF-6DF0-8B70-E16B7B6C445C}" = Catalyst Control Center InstallProxy
"{3D78F2A2-C893-4ABD-B5FE-AD7011837755}" = EPSON Easy Photo Print
"{3E8DE1A6-B365-4FF6-B917-2892A34990E8}" = LG USB Modem Drivers
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{46471745-D135-ADF9-D313-ED5AA9F8B8B4}" = CCC Help Chinese Traditional
"{46B70DEB-97B3-4E38-B746-EC16905E6A8F}" = WISO Steuer 2010
"{485841AB-3FA9-AC9A-FAD8-95113AF834A3}" = CCC Help Thai
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B4C3560-6D96-F947-D7FF-F42A60631554}" = CCC Help Norwegian
"{4C73B683-B15D-4B94-AC7A-520B70C4FFE9}" = Sceneo AbsolutTV
"{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}" = Junk Mail filter update
"{4E9F7AD8-E3EC-4636-BD25-A5AD97E73C64}" = FRITZ!Box starter
"{504D471B-E518-EE37-703F-2E35E72D08A7}" = CCC Help Dutch
"{54B1E5A3-1B29-4582-A226-172A1FC7BA6C}" = Windows Live Family Safety
"{554EE7DA-4993-49B7-A579-3969608E5ADF}" = Das grosse Power-Druckstudio
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5775DD65-B236-44B0-B8ED-B930B8E6670F}" = TinyGrab
"{588D9F5F-8C62-4421-BAE9-CCAA57D4E4EE}" = TVsweeper 3
"{592ED299-14EF-4C0F-92B4-B62E7CD5A2BE}_is1" = everpixx 5.3
"{5A166C0B-9557-4364-A057-F946D674E6AC}" = Windows Live Mail
"{5BB977A4-E843-4E31-9859-745F442B1031}" = Nero 8 Essentials
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{653C2740-4688-6E67-F57D-4D99C573613D}" = CCC Help Portuguese
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{67EDD823-135A-4D59-87BD-950616D6E857}" = EPSON Copy Utility 3
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection
"{724D1F61-D823-48E2-8DB6-BD07AE03D6E3}" = CCC Help Greek
"{74A40B26-5B56-4D5D-944C-7D82D1F3555D}" = ArcSoft MediaImpression
"{74B96512-231D-415B-AFA9-BCA52076A48B}" = OpenOffice.org 3.0
"{7638AC61-8AEE-9983-D681-BA48EE41A8FE}" = ATI Catalyst Install Manager
"{7655E113-C306-11D9-A373-0050BAE317E1}" = MCE Software Encoder 1.1
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7BE95C72-3470-4367-C030-DE66B8887E37}" = CCC Help Japanese
"{7E05DB3E-6CDD-4116-962F-16BC3DE41A68}" = Steuer Update 14.01
"{81821BF8-DA20-4F8C-AA87-F70A274828D4}" = Windows Live Writer
"{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher
"{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90024193-9F13-4877-89D5-A1CDF0CBBF28}" = Feedback Tool
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91E04CA7-0B13-4F8C-AA4D-2A573AC96D19}" = Windows Live Essentials
"{93EA9C3E-BDFD-4309-A605-9B5BBC0CCEFD}" = Camera RAW Plug-In for EPSON Creativity Suite
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9ACB414D-9347-40B6-A453-5EFB2DB59DFA}" = Sophos Anti-Virus
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9CA899EE-D9D1-1BEA-861A-85715F6BB06C}" = Catalyst Control Center Localization All
"{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin
"{A190B778-588E-33EF-4408-CC0F9674C7B3}" = CCC Help Turkish
"{A25FF1C0-80B6-4B8B-A551-DC525697A408}" = AMD APP SDK Runtime
"{A4E86B6A-6EEC-41FD-8960-26947F0E3353}" = Haufe iDesk-Service
"{A57CBC93-A964-3549-7C8F-43EF4C0C4077}" = ATI AVIVO Codecs
"{A7472CEE-6E85-4D43-9C71-BDFC0D471F70}" = Intel® Viiv™ Software
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A8D8547C-7679-DA67-09F9-EC282B8F3649}" = CCC Help Finnish
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{ABD7DBE3-E344-4BCA-B8AD-4360494DD1D9}" = LG MC USB U330 driver
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.2) - Deutsch
"{AC76BA86-7AD7-5464-3428-800000000004}" = Spelling Dictionaries Support For Adobe Reader 8
"{AC7EE5F1-0DE4-4256-8E43-92B73C8E6019}" = LG Bluetooth Drivers
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{B145EC69-66F5-11D8-9D75-000129760D75}" = MakeDisc
"{B2D55EB8-32C5-4B43-9006-9E97DECBA178}" = Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser)
"{B4089055-D468-45A4-A6BA-5A138DD715FC}" = Bing Bar
"{B5483174-C4FC-D248-1B3F-3848DD2606C8}" = CCC Help Polish
"{B6D61395-20E7-1682-A56B-D5759D6A6135}" = CCC Help Russian
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{B8B61C0D-6DE8-6B79-11AA-6745FE2D30AE}" = CCC Help Swedish
"{BBBF4CFE-9D26-4D93-A869-B2B021B3CA85}" = Intel(R) PRO Network Connections 12.2.41.0
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BD9233C7-8D5C-8A4F-F979-44653BE36972}" = CCC Help Danish
"{C648A7DE-A784-6D55-2655-28E4B28B75C5}" = CCC Help Korean
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
"{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam-Software
"{D5A9B7C0-8751-11D8-9D75-000129760D75}" = MediaShow
"{D8D22773-14BF-4178-A683-3DBA515C2A26}" = WISO Mein Geld 2008 Professional
"{D94BA408-F110-488B-A65E-3AE7945F79E6}_is1" = LG PC Suite III deinstallieren
"{DD8C5170-C98D-0FAB-083B-122F7BEFCCB9}" = Catalyst Control Center
"{E0091C29-DEE8-4B24-BF65-8C35B5940D77}" = Letstrade
"{E4C891D6-6844-41B8-86E8-633CACCC644F}" = TV Enhance
"{ED636101-1959-4360-8BF7-209436E7DEE4}" = Windows Live Sync
"{EE5A5FC0-FCBF-BDD4-F96A-D1DACC4B1210}" = Catalyst Control Center Graphics Previews Common
"{EE9BD325-3BCC-D3E7-D5AC-85ED719004FF}" = CCC Help Spanish
"{EED027B7-0DB6-404B-8F45-6DFEE34A0441}" = LWS Video Mask Maker
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F554C262-F87E-183C-1765-3F2F8B27EAC5}" = CCC Help Hungarian
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F9000000-0018-0000-0000-074957833700}" = ABBYY FineReader 9.0 Sprint
"{FA54AFB1-5745-4389-B8C1-9F7509672ED1}" = iPhone-Konfigurationsprogramm
"{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook
"1&1 EasyLogin" = 1&1 EasyLogin
"1und1 Internet Explorer Add-On" = 1und1 Internet Explorer Add-On
"7-Zip" = 7-Zip 9.20
"ABBYY FineReader 9.0 Sprint" = ABBYY FineReader 9.0 Sprint
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"ALDI Foto Manager Free Sued D" = ALDI Foto Manager Free Sued
"ALDI Online Druck Service (Sued)" = ALDI Online Druck Service (Sued)
"ALDI Sued Foto Service D" = ALDI Sued Foto Service
"Aldi Süd Fotoservice_is1" = Aldi Süd Fotoservice
"Audiograbber" = Audiograbber 1.83 SE
"Audiograbber-Lame" = Audiograbber MP3-Plugin
"AVMFBox" = AVM FRITZ!Box Dokumentation
"AVMFBoxPrinter" = AVM FRITZ!Box Druckeranschluss
"CCleaner" = CCleaner
"dm-Fotowelt" = dm-Fotowelt
"EPSON Printer and Utilities" = EPSON-Drucker-Software
"EPSON Scanner" = EPSON Scan
"EPSON Stylus CX7300_CX8300_DX7400_DX8400 Benutzerhandbuch" = EPSON Stylus CX7300_CX8300_DX7400_DX8400 Handbuch
"EPSON SX125 Series" = EPSON SX125 Series Printer Uninstall
"EPSON SX125 Series Manual" = EPSON SX125 Series Handbuch
"ESET Online Scanner" = ESET Online Scanner v3
"Firebird SQL Server D" = Firebird SQL Server - MAGIX Edition
"freddyDeutsch12" = Freddy:Deutsch1/Deutsch2
"freddyMathe12" = Freddy:Mathe1/Mathe2
"freddyMathe7" = Freddy:Mathe7
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4
"Free Video to MP3 Converter_is1" = Free Video to MP3 Converter version 4.2.12
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.9
"Gute_Vorsaetze_Abnehmen" = Gute_Vorsaetze_Abnehmen Screen Saver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"Intel(R) Configuration Center" = Intel® Viiv™ Software
"LetsTrade" = LetsTrade Komponenten
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.0.1400
"MEDION Fotos auf CD Sued D" = MEDION Fotos auf CD Sued
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"NVIDIA Drivers" = NVIDIA Drivers
"PC-Kids Deutsch 3_is1" = PC-Kids Deutsch 3
"phase-6" = phase-6 2.1.2.3a
"phase-6 Feeding Tool" = phase-6 Feeding Tool 1.1.4
"PROSetDX" = Intel(R) PRO Network Connections 12.2.41.0
"RealPlayer 6.0" = RealPlayer
"softonic-de3 Toolbar" = softonic-de3 Toolbar
"Uninstall_is1" = Uninstall 1.0.0.1
"WinLiveSuite_Wave3" = Windows Live Essentials
"X10Hardware" = X10 Hardware(TM)
"Yahoo! Companion" = Yahoo! Toolbar
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00C58EBE-223E-4AB6-8AE9-38F27F4420BD}" = WISO Steuer 2009
"3e74fe69fc3c1e1d" = Install
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 14.10.2012 08:41:00 | Computer Name = Marcel-PC | Source = EventSystem | ID = 4609
Description =
 
Error - 14.10.2012 10:27:20 | Computer Name = Marcel-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung CCU_Engine.exe, Version 1.7.548.0, Zeitstempel
 0x46803fc5, fehlerhaftes Modul CCU_Engine.exe, Version 1.7.548.0, Zeitstempel 0x46803fc5,
 Ausnahmecode 0xc0000005, Fehleroffset 0x00013190,  Prozess-ID 0x10b8, Anwendungsstartzeit
 01cdaa17fc4b4e49.
 
Error - 14.10.2012 10:30:50 | Computer Name = Marcel-PC | Source = AlertSource | ID = 1
Description =
 
Error - 14.10.2012 11:07:16 | Computer Name = Marcel-PC | Source = AlertSource | ID = 1
Description =
 
Error - 14.10.2012 11:35:41 | Computer Name = Marcel-PC | Source = EventSystem | ID = 4609
Description =
 
Error - 14.10.2012 14:30:06 | Computer Name = Marcel-PC | Source = EventSystem | ID = 4609
Description =
 
Error - 14.10.2012 16:24:41 | Computer Name = Marcel-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung CCU_Engine.exe, Version 1.7.548.0, Zeitstempel
 0x46803fc5, fehlerhaftes Modul CCU_Engine.exe, Version 1.7.548.0, Zeitstempel 0x46803fc5,
 Ausnahmecode 0xc0000005, Fehleroffset 0x00013190,  Prozess-ID 0x15d8, Anwendungsstartzeit
 01cdaa49ec166e80.
 
Error - 14.10.2012 16:28:19 | Computer Name = Marcel-PC | Source = AlertSource | ID = 1
Description =
 
Error - 14.10.2012 16:38:05 | Computer Name = Marcel-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung CCU_Engine.exe, Version 1.7.548.0, Zeitstempel
 0x46803fc5, fehlerhaftes Modul CCU_Engine.exe, Version 1.7.548.0, Zeitstempel 0x46803fc5,
 Ausnahmecode 0xc0000005, Fehleroffset 0x00013190,  Prozess-ID 0xafc, Anwendungsstartzeit
 01cdaa4bcde37f00.
 
Error - 14.10.2012 16:42:04 | Computer Name = Marcel-PC | Source = AlertSource | ID = 1
Description =
 
[ IntelDH Events ]
Error - 14.10.2012 16:24:36 | Computer Name = Marcel-PC | Source = AlertService | ID = 15
Description = A CCU internal function detected an error: XMLDoc::Save failed
 
Error - 14.10.2012 16:24:36 | Computer Name = Marcel-PC | Source = AlertService | ID = 16
Description = The DataManager failed to create the XML data store.  Function = ICS
 Log failed
 
Error - 14.10.2012 16:24:36 | Computer Name = Marcel-PC | Source = CCU_Engine | ID = 15
Description = A CCU internal function detected an error: CCUEngine failed to hook
 to the DataManager for events.
 
Error - 14.10.2012 16:24:48 | Computer Name = Marcel-PC | Source = TrayIcon | ID = 15
Description = A CCU internal function detected an error: CCU_TrayIcon::Could not
 create ICCUEngine interface pointer
 
Error - 14.10.2012 16:28:18 | Computer Name = Marcel-PC | Source = AlertService | ID = 22
Description = A CCU internal function returned an error: CAlertSrvc::Failed to create
 DataManager with error: 
 
Error - 14.10.2012 16:38:02 | Computer Name = Marcel-PC | Source = AlertService | ID = 15
Description = A CCU internal function detected an error: XMLDoc::Save failed
 
Error - 14.10.2012 16:38:02 | Computer Name = Marcel-PC | Source = AlertService | ID = 16
Description = The DataManager failed to create the XML data store.  Function = ICS
 Log failed
 
Error - 14.10.2012 16:38:02 | Computer Name = Marcel-PC | Source = CCU_Engine | ID = 15
Description = A CCU internal function detected an error: CCUEngine failed to hook
 to the DataManager for events.
 
Error - 14.10.2012 16:38:12 | Computer Name = Marcel-PC | Source = TrayIcon | ID = 15
Description = A CCU internal function detected an error: CCU_TrayIcon::Could not
 create ICCUEngine interface pointer
 
Error - 14.10.2012 16:42:02 | Computer Name = Marcel-PC | Source = AlertService | ID = 22
Description = A CCU internal function returned an error: CAlertSrvc::Failed to create
 DataManager with error: 
 
[ System Events ]
Error - 14.10.2012 14:29:58 | Computer Name = Marcel-PC | Source = DCOM | ID = 10005
Description =
 
Error - 14.10.2012 14:30:06 | Computer Name = Marcel-PC | Source = DCOM | ID = 10005
Description =
 
Error - 14.10.2012 16:23:53 | Computer Name = Marcel-PC | Source = Service Control Manager | ID = 7026
Description =
 
Error - 14.10.2012 16:25:59 | Computer Name = Marcel-PC | Source = Service Control Manager | ID = 7009
Description =
 
Error - 14.10.2012 16:25:59 | Computer Name = Marcel-PC | Source = Service Control Manager | ID = 7000
Description =
 
Error - 14.10.2012 16:27:36 | Computer Name = Marcel-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description =
 
Error - 14.10.2012 16:34:12 | Computer Name = Marcel-PC | Source = DCOM | ID = 10010
Description =
 
Error - 14.10.2012 16:37:19 | Computer Name = Marcel-PC | Source = Service Control Manager | ID = 7026
Description =
 
Error - 14.10.2012 16:39:20 | Computer Name = Marcel-PC | Source = Service Control Manager | ID = 7009
Description =
 
Error - 14.10.2012 16:39:20 | Computer Name = Marcel-PC | Source = Service Control Manager | ID = 7000
Description =
 
 
< End of report >
--- --- ---

im übrigen läuft das System seit dem BIOS und CHIP-satz update sauber!

vielen Dank

der Bildschirm war gestern abend alles total verschwommen wie aüfgelöst verpixelt!

was meinst du mit Monitor cheken habe für die Grafikkarte RADEON HD 6450 den neuesten Treiber!

schrauber 15.10.2012 06:37
Na eben den Bildschirm, ob es noch Probleme gibt. Kannste nen andern Bildschirm testen?

bastelmarc 15.10.2012 10:13
Ja hab nochen Röhrenmonitor.

Neues Problem BIOS update abgebrochen System startet/Bootet nicht mehr.

ist der jetzt hin???

schrauber 15.10.2012 10:22
Joah, das is schlecht.

Kiste aufmachen, Bios-Batterie vorhanden?

bastelmarc 15.10.2012 10:30
das ist echt bescheiden!
ja, das ist eine zelle drin!

schrauber 15.10.2012 10:36
Stromkabel ab vom Rechner, Netzschalter hinten auf 0. Batterie raus, eine rauchen gehen, Batterie rein, Kabel dran und wieder versuchen.

bastelmarc 15.10.2012 10:49
so getan ist aber wie vorher, fährt an und nach 1-2 sek. wieder aus

PC läuft aber es tut sich nichts, habe die Application&Support DISC eingelegt.
auf dieser steht folgender Text:
Auf diesem Datenträger finden sie alle notwendigen Treiber&Tools für ihren Computer, weiterhin dient ihnen diese Disc zur Systemweiderherstellung
kann die weiter helfen?

schrauber 15.10.2012 12:56
Kann, aber bitte versuch noch folgendes:

Rechner ausmachen
Netzschalter hinten auf 0
Einschalt-Knopf am Rechner drücken und gedrückt halten
10 sec warten
Netzschalter hinten auf 1, dabei ist der Power-Button immer noch gedrückt
Jetzt den Knopf los lassen
wenn der Rechner nicht startet nochmal kurz Einschaltknopf drücken.

Gehts jetzt?

bastelmarc 15.10.2012 16:08
bringt auch nichts!

schrauber 15.10.2012 17:39
Dann die Cd benutzen und alle treiber installieren.

bastelmarc 15.10.2012 17:44
nur wie starte ich das CD Laufwerk?

schrauber 15.10.2012 17:45
Bis wohin bootet denn der Rechner? Leg einfach mal die CD ein, vielleicht bootet er direkt davon.

bastelmarc 15.10.2012 18:31
läuft 1-2 sek. dann ist er wieder aus. Habe die CD reingelegt und probiert und das ganze mit sämtlichen F-Tatsten F1-F12, hat aber nichts gebracht!!

kann man über USB-Stick booten (mit Treibern aus dem Net)?

ansonsten glaube ich das hat sich das erledigt hat!?

schrauber 15.10.2012 18:34
Wenn er nit von CD bootet bootet er auch nicht von USB. Versuchs.

bastelmarc 15.10.2012 20:29
habe jetzt in Internetforen.de gelesen das man das BIOS wieder neu programmieren/schreiben kann!
das werde ich jetzt noch probieren!

vielen Dank für deine Hilfe!

schrauber 16.10.2012 13:12
Halt mich mal auf dem Laufenden bitte :)

bastelmarc 16.10.2012 14:17
Ja werde ich tun!
trotz allem vielen Dank für deine Hilfe!

schrauber 16.10.2012 14:25
Kein Problem :)

bastelmarc 27.10.2012 14:28
Also es folgender Maßen BIOS-Chip hätte neu Programmiert werden können, hätte aber das ganze Board hinschicken müssen weil bei mir der Chip aufgelötet ist.
Das ganze wird sich bei mir aber nicht mehr lohen da mir Herr Prause glücklicher Weise vorher die Kondensatoren geprüft hat (per Digi-Foto).

Hätte noch eine Frage:
kann ich die Hardware (Grafikkarte, Arbeitsspeicher, Festplatte, TV-Karte) aus dem PC in anderen verwenden (wenn sie kompatibel sind) ?

Falls jemand etwas mit dem BIOS hat bitte auf den folgenden Seiten reinschauen:

www.bios-info.de
www.bios-kompendium.de
www.bios-info.de/burning/bwelcome.htm

Das Forum dazu:
Internetforen.de

vielen Dank noch mals für deine Hilfe!

schrauber 27.10.2012 18:00
KLar, wenn sie kompatibel sind geht das :)

bastelmarc 05.11.2012 21:59
kann ich die Daten von der Festplatte auf einen anderen PC ziehen oder ist das zu gefährlich wegen der Malware?

schrauber 06.11.2012 08:40
Normale Sachen wie Bilder, Texte, Videos, Musik gehen, würd aber dann zur Sicherheit nen Onlinescan machen.


Alle Zeitangaben in WEZ +1. Es ist jetzt 04:49 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131