Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: "50 Euro Virus" Schwarzer Bildschirm Zahlung

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML

Antwort
Alt 11.02.2012, 23:59   #1
mo99
 
"50 Euro Virus" Schwarzer Bildschirm Zahlung - Ausrufezeichen

"50 Euro Virus" Schwarzer Bildschirm Zahlung



Auch ich habe mir den "50 Euro Virus" eingefangen.
Für die Wenigen, die ihn nicht kennen:
Bei mir wird ein schwarzer Bildschirm angezeigt mit der Nachricht, dass mein Windowssystem blockiert wurde. Ich werde zur Zahlung von 50 Euro aufgefordert.
Mein Virenprogramm hat keine Viren gefunden.
Da ich ein absoluter PC-Laie bin und mich nicht sehr mit dem Thema auskenne, wäre mir mehr geholfen, wenn mir genau gesagt wird, was ich tuen muss, da ich mit den Tipps ansonsten nichts anzufangen weiß!
Vielen Dank schonmal im Vorraus
mo99

Alt 12.02.2012, 14:45   #2
Swisstreasure
/// Malwareteam
 
"50 Euro Virus" Schwarzer Bildschirm Zahlung - Standard

"50 Euro Virus" Schwarzer Bildschirm Zahlung





Eine Bereinigung ist mitunter mit viel Arbeit für Dich verbunden.
  • Bitte arbeite alle Schritte der Reihe nach ab.
  • Lese die Anleitungen sorgfältig. Sollte es Probleme geben, bitte stoppen und hier so gut es geht beschreiben.
  • Nur Scanns durchführen zu denen Du von einem Helfer aufgefordert wirst.
  • Bitte kein Crossposting ( posten in mehreren Foren).
  • Installiere oder Deinstalliere während der Bereinigung keine Software ausser Du wurdest dazu aufgefordert.
  • Lese Dir die Anleitung zuerst vollständig durch. Sollte etwas unklar sein, frage bevor Du beginnst.
  • Poste die Logfiles direkt in deinen Thread. Nicht anhängen ausser ich fordere Dich dazu auf. Erschwert mir nämlich das auswerten.

Hinweis: Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist meist der Schnellere und immer der sicherste Weg.
Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass Du clean bist.

Vista und Win7 User
Alle Tools mit Rechtsklick "als Administrator ausführen" starten.

Schritt 1

Downloade Dir bitte Malwarebytes
  • Installiere das Programm in den vorgegebenen Pfad.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Starte Malwarebytes, klicke auf Aktualisierung --> Suche nach Aktualisierung
  • Wenn das Update beendet wurde, aktiviere Quick-Scan durchführen und drücke auf Scannen.
  • Wenn der Scan beendet ist, klicke auf Ergebnisse anzeigen.
  • Versichere Dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
  • Poste das Logfile, welches sich in Notepad öffnet, hier in den Thread.
  • Nachträglich kannst du den Bericht unter "Log Dateien" finden.

Schritt 2

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die OTL.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Kopiere nun den Inhalt in die Textbox.
Code:
ATTFilter
activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
/md5start
explorer.exe
regedit.exe
winlogon.exe
wininit.exe
userinit.exe
/md5stop
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
CREATERESTOREPOINT
         
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Kopiere nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread
__________________


Alt 12.02.2012, 19:24   #3
mo99
 
"50 Euro Virus" Schwarzer Bildschirm Zahlung - Standard

"50 Euro Virus" Schwarzer Bildschirm Zahlung



Malwarebytes Anti-Malware 1.60.1.1000
Malwarebytes : Free anti-malware, anti-virus and spyware removal download

Datenbank Version: v2012.02.12.04

Windows 7 x64 NTFS (Abgesichertenmodus/Netzwerkfähig)
Internet Explorer 8.0.7600.16385
moritz :: MORITZ-HP [Administrator]

12.02.2012 19:14:07
mbam-log-2012-02-12 (19-14-07).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 191619
Laufzeit: 5 Minute(n), 22 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|ffdwnd (Trojan.VUPX.MTS1) -> Daten: C:\Users\moritz\AppData\Local\Mozilla\Firefox\firefox.exe -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 3
C:\Users\moritz\AppData\Local\Mozilla\Firefox\firefox.exe (Trojan.VUPX.MTS1) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\moritz\AppData\Local\Temp\ms0cfg32.exe (Trojan.VUPX.MTS1) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\moritz\AppData\Local\Temp\0.6812980801048182.exe (Exploit.Drop.2) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
__________________

Alt 12.02.2012, 19:25   #4
Swisstreasure
/// Malwareteam
 
"50 Euro Virus" Schwarzer Bildschirm Zahlung - Standard

"50 Euro Virus" Schwarzer Bildschirm Zahlung



Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die OTL.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Kopiere nun den Inhalt in die Textbox.
Code:
ATTFilter
activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
/md5start
explorer.exe
regedit.exe
winlogon.exe
wininit.exe
userinit.exe
/md5stop
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
CREATERESTOREPOINT
         
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Kopiere nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread

Alt 12.02.2012, 19:44   #5
mo99
 
"50 Euro Virus" Schwarzer Bildschirm Zahlung - Standard

"50 Euro Virus" Schwarzer Bildschirm Zahlung



OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 12.02.2012 19:32:56 - Run 1
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\moritz\Desktop
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,80 Gb Total Physical Memory | 3,20 Gb Available Physical Memory | 84,22% Memory free
7,60 Gb Paging File | 7,03 Gb Available in Paging File | 92,50% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 281,98 Gb Total Space | 176,79 Gb Free Space | 62,69% Space Free | Partition Type: NTFS
Drive D: | 15,82 Gb Total Space | 2,28 Gb Free Space | 14,42% Space Free | Partition Type: NTFS
Drive E: | 6,42 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: MORITZ-HP | User Name: moritz | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.02.12 19:30:36 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\moritz\Desktop\OTL.exe
PRC - [2009.07.14 02:14:47 | 000,254,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
 
 
========== Modules (No Company Name) ==========
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2010.09.22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010.06.22 06:57:44 | 000,203,264 | ---- | M] (AMD) [Auto | Stopped] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010.06.18 15:26:18 | 000,103,992 | ---- | M] (Hewlett-Packard Company) [Auto | Stopped] -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe -- (HP Wireless Assistant Service)
SRV:64bit: - [2010.06.17 14:54:20 | 000,315,392 | ---- | M] (Realtek Semiconductor Corp.) [Auto | Stopped] -- C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe -- (RtVOsdService)
SRV - [2011.08.30 17:18:30 | 002,358,656 | ---- | M] (TeamViewer GmbH) [Auto | Stopped] -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2011.07.01 11:03:16 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.05.01 11:43:18 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.02.04 16:32:02 | 000,092,216 | ---- | M] (Hewlett-Packard Company) [Auto | Stopped] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2010.10.12 18:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010.07.02 10:51:16 | 000,027,192 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)
SRV - [2010.04.13 08:57:58 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R)
SRV - [2010.03.18 20:57:02 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2010.03.18 20:56:56 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.11.18 03:14:26 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Stopped] -- C:\Programme\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008.11.09 21:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2011.07.01 11:03:17 | 000,123,784 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2011.07.01 11:03:17 | 000,088,288 | ---- | M] (Avira GmbH) [File_System | Auto | Stopped] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2011.03.11 07:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 07:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.10.12 19:46:13 | 003,063,360 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2010.06.22 08:17:52 | 006,856,704 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2010.06.22 06:28:32 | 010,342,240 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdpmd64.sys -- (intelkmd)
DRV:64bit: - [2010.06.22 06:28:32 | 010,342,240 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010.06.22 06:24:12 | 000,264,192 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010.05.31 20:46:50 | 000,333,928 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010.05.06 14:21:46 | 000,125,456 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2010.04.16 04:26:28 | 000,319,536 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010.04.13 08:44:22 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010.02.27 01:32:12 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2009.09.17 21:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel(R)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 00:31:10 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2009.06.10 22:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009.06.10 22:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009.06.10 22:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009.06.10 22:01:06 | 001,146,880 | ---- | M] (LSI Corp) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2009.06.10 21:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009.06.10 21:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) Intel(R)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2009.09.23 02:39:56 | 000,225,280 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = HP | MSN
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = HP | MSN
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = HP | MSN
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = HP | MSN
IE - HKLM\..\URLSearchHook: {0f369707-379f-46df-a5c5-d04390f3459b} - C:\Program Files (x86)\Funload.de\tbFunl.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files (x86)\Winload\prxtbWinl.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - C:\Program Files (x86)\IncrediMail_MediaBar_2\tbIncr.dll (Conduit Ltd.)
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = HP | MSN
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google
IE - HKCU\..\URLSearchHook: {0f369707-379f-46df-a5c5-d04390f3459b} - C:\Program Files (x86)\Funload.de\tbFunl.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files (x86)\Winload\prxtbWinl.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - C:\Program Files (x86)\IncrediMail_MediaBar_2\tbIncr.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {E38FA08E-F56A-4169-ABF5-5C71E3C153A1} - No CLSID value found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 10.128.9.30:80
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpWinExt,version=5.0: C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1438.0\npwinext.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll ()
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\moritz\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\moritz\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\moritz\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\moritz\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\msntoolbar@msn.com: C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1438.0\Firefox [2010.10.12 20:09:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\support@predictad.com: C:\Program Files (x86)\AutocompletePro\support@predictad.com [2011.05.08 20:48:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2011.08.22 20:06:04 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}: C:\Program Files (x86)\PriceGong\2.1.0\FF [2011.03.09 12:59:21 | 000,000,000 | ---D | M]
 
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\11.0.696.68\pdf.dll
CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\11.0.696.68\gears.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\11.0.696.68\gcswf32.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.200.2 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U20 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll
CHR - plugin: Bing Bar (Enabled) = C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1438.0\npwinext.dll
CHR - plugin: WildTangent Games App Presence Detector (Enabled) = C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Babylon Chrome OCR = C:\Users\moritz\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.0_0\
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.7.7227.1100\swg64.dll (Google Inc.)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Funload.de Toolbar) - {0f369707-379f-46df-a5c5-d04390f3459b} - C:\Program Files (x86)\Funload.de\tbFunl.dll (Conduit Ltd.)
O2 - BHO: (AC-Pro) - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Program Files (x86)\AutocompletePro\AutocompletePro.dll (SimplyGen)
O2 - BHO: (PriceGongBHO Class) - {1631550F-191D-4826-B069-D9439253D926} - C:\Program Files (x86)\PriceGong\2.1.0\PriceGongIE.dll (PriceGong)
O2 - BHO: (CescrtHlpr Object) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.4.19.19\bh\BabylonToolbar.dll (Babylon BHO)
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (Winload Toolbar) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files (x86)\Winload\prxtbWinl.dll (Conduit Ltd.)
O2 - BHO: (Surf Canyon Search Engine Assistant) - {5AB7104A-B71F-49AD-9154-F7F8806AE848} - C:\Program Files (x86)\Surf Canyon\surfcanyon.dll (Surf Canyon Incorporated)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1438.0\npwinext.dll (Microsoft Corporation)
O2 - BHO: (IncrediMail MediaBar 2 Toolbar) - {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - C:\Program Files (x86)\IncrediMail_MediaBar_2\tbIncr.dll (Conduit Ltd.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Funload.de Toolbar) - {0f369707-379f-46df-a5c5-d04390f3459b} - C:\Program Files (x86)\Funload.de\tbFunl.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Winload Toolbar) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files (x86)\Winload\prxtbWinl.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (@C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1438.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1438.0\npwinext.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbarTlbr.dll (Babylon Ltd.)
O3 - HKLM\..\Toolbar: (IncrediMail MediaBar 2 Toolbar) - {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - C:\Program Files (x86)\IncrediMail_MediaBar_2\tbIncr.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Funload.de Toolbar) - {0F369707-379F-46DF-A5C5-D04390F3459B} - C:\Program Files (x86)\Funload.de\tbFunl.dll (Conduit Ltd.)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Winload Toolbar) - {40C3CC16-7269-4B32-9531-17F2950FB06F} - C:\Program Files (x86)\Winload\prxtbWinl.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (IncrediMail MediaBar 2 Toolbar) - {D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0} - C:\Program Files (x86)\IncrediMail_MediaBar_2\tbIncr.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe ()
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [BabylonToolbar] C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbarsrv.exe (Babylon Ltd.)
O4 - HKLM..\Run: [Bing Bar] C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1438.0\mswinext.exe (Microsoft Corp.)
O4 - HKLM..\Run: [CommonToolkitTray] C:\Program Files (x86)\Fighters\Tray\FightersTray.exe (SPAMfighter ApS)
O4 - HKLM..\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe (EasyBits Software AS)
O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe ()
O4 - HKCU..\Run: [Spiele Post] C:\Program Files (x86)\OXXOGames\GPlayer\GameCenterNotifier.exe (Intenium)
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware  (cleanup)] C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\moritz\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\moritz\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Free YouTube Download - C:\Users\moritz\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\moritz\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} hxxp://incredimailintl.oberon-media.com/online/online2/luxor_amun_rising/mjolauncher.cab (MJLauncherCtrl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {924B4927-D3BA-41EA-9F7E-8A89194AB3AC} hxxp://panda-plugin.disney.go.com/plugin/win32/p3dactivex.cab (P3DActiveX Control)
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} hxxp://game.zylom.com/activex/zylomgamesplayer.cab (Zylom Games Player)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/JuniperSetupClient.cab (JuniperSetupClientControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9B192037-315D-4CE9-A2A6-D1C910021E25}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll (EasyBits Software Corp.)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
ActiveX: {166B1BCA-3F9C-11CF-8075-444553540000} - Macromedia Shockwave Director 10.1
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Macromedia Shockwave Director 10.1
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
 
 
CREATERESTOREPOINT
Error creating restore point.
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.02.12 19:30:35 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\moritz\Desktop\OTL.exe
[2012.02.12 19:18:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Recovery
[2012.02.12 19:11:11 | 000,000,000 | ---D | C] -- C:\Users\moritz\AppData\Roaming\Malwarebytes
[2012.02.12 19:10:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.02.12 19:10:58 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.02.12 19:10:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.02.12 19:10:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.02.12 19:06:54 | 009,502,424 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\moritz\Desktop\mbam-setup-1.60.1.1000.exe
[2012.02.12 16:41:35 | 000,000,000 | ---D | C] -- C:\Users\moritz\AppData\Local\{9CE2835F-9B82-4A5A-B3AB-4FE4F0934152}
[2012.02.12 16:41:13 | 000,000,000 | ---D | C] -- C:\Users\moritz\AppData\Local\{359B0BC5-52EB-4E7E-9612-D5004CD7D7AF}
[2012.02.12 10:33:26 | 000,000,000 | ---D | C] -- C:\Users\moritz\AppData\Local\ElevatedDiagnostics
[2012.02.12 00:04:21 | 000,000,000 | ---D | C] -- C:\Users\moritz\Desktop\PyWright_0.986.win
[2012.02.11 23:20:11 | 000,000,000 | ---D | C] -- C:\Users\moritz\AppData\Local\Mozilla
[2012.02.11 23:18:36 | 000,000,000 | ---D | C] -- C:\Users\moritz\AppData\Local\{A032FD51-3724-40F5-8A1D-3785815E51FB}
[2012.02.11 23:18:12 | 000,000,000 | ---D | C] -- C:\Users\moritz\AppData\Local\{803653D4-CF67-40DE-B72E-953C2E278FC0}
[2012.02.11 20:06:29 | 000,000,000 | ---D | C] -- C:\Users\moritz\AppData\Local\{6716659C-81F1-47DC-8589-085AD52B5664}
[2012.02.11 19:07:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Enterbrain
[2012.02.11 18:26:32 | 000,000,000 | ---D | C] -- C:\Users\moritz\AppData\Local\{03C46F58-8CA4-42D9-B1DB-33C42AF73972}
[2012.02.06 17:02:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Enterbrain
[2012.02.04 21:51:26 | 000,000,000 | ---D | C] -- C:\Users\moritz\AppData\Local\{8983BE32-CC1F-4048-A38E-8EECA4DB1088}
[2012.02.04 21:51:14 | 000,000,000 | ---D | C] -- C:\Users\moritz\AppData\Local\{D76FC037-34F6-4D27-8CA9-A90F395B61D2}
[2012.02.04 11:31:53 | 000,000,000 | ---D | C] -- C:\Users\moritz\AppData\Local\{EE99C28F-93ED-4408-95E2-73BC549271B6}
[2012.01.30 11:23:32 | 000,000,000 | ---D | C] -- C:\Users\moritz\AppData\Local\{725671C7-FBBF-45CC-BF76-CE20ADD176D6}
[2012.01.29 23:22:17 | 000,000,000 | ---D | C] -- C:\Users\moritz\AppData\Local\{A3496F47-01DF-4B2F-98C9-12B6FB4DD6F9}
[2012.01.29 23:21:54 | 000,000,000 | ---D | C] -- C:\Users\moritz\AppData\Local\{0A8D56F4-5E5E-49CA-85B2-80C8D6EEAA25}
[2012.01.29 11:21:27 | 000,000,000 | ---D | C] -- C:\Users\moritz\AppData\Local\{9BFFD57F-9B89-4120-9C3F-6E393BF8442B}
[2012.01.28 23:20:49 | 000,000,000 | ---D | C] -- C:\Users\moritz\AppData\Local\{40533603-6C53-44A6-8485-4BDDBB94A69A}
[2012.01.28 23:20:23 | 000,000,000 | ---D | C] -- C:\Users\moritz\AppData\Local\{D7FEED8B-8AAD-469D-B4CA-1D22DC52D0E7}
[2012.01.28 11:19:24 | 000,000,000 | ---D | C] -- C:\Users\moritz\AppData\Local\{49790156-85A2-4154-9660-C1D019208EE9}
[2012.01.27 15:29:50 | 000,000,000 | ---D | C] -- C:\Users\moritz\AppData\Local\{25B24589-7240-4B6C-AD6D-077C33772588}
[2012.01.27 15:29:28 | 000,000,000 | ---D | C] -- C:\Users\moritz\AppData\Local\{68E20E58-7D4D-4F03-BE8C-714594917AC8}
[2012.01.26 13:36:15 | 000,000,000 | ---D | C] -- C:\Users\moritz\AppData\Local\{421817B3-2BCF-4387-AE15-2F425920D1B5}
[2012.01.26 13:35:57 | 000,000,000 | ---D | C] -- C:\Users\moritz\AppData\Local\{74830445-3211-47CE-89B5-EE15FD0E59FD}
[2012.01.25 15:23:49 | 000,000,000 | ---D | C] -- C:\Users\moritz\AppData\Local\{4D0CD956-49AE-429E-B8F9-83BDEFB3900A}
[2012.01.25 15:23:38 | 000,000,000 | ---D | C] -- C:\Users\moritz\AppData\Local\{AF84EBA6-20CD-4172-B0A2-BD86B05E2DD3}
[2012.01.24 15:27:20 | 000,000,000 | ---D | C] -- C:\Users\moritz\AppData\Local\{46B4FB9B-DED8-49B3-B4D0-C99D60FD5CA9}
[2012.01.24 15:27:00 | 000,000,000 | ---D | C] -- C:\Users\moritz\AppData\Local\{0A69F867-1825-4FD6-8AB0-524BE4B000DC}
[2012.01.23 12:11:09 | 000,000,000 | ---D | C] -- C:\Users\moritz\AppData\Local\{FB674CB2-491B-4D4B-A8BE-328CCC142766}
[2012.01.23 12:10:58 | 000,000,000 | ---D | C] -- C:\Users\moritz\AppData\Roaming\Mozilla
[2012.01.22 20:35:57 | 000,000,000 | ---D | C] -- C:\Users\moritz\AppData\Local\{A366B1CE-6F0C-4E09-B241-B62700021D25}
[2012.01.22 20:35:45 | 000,000,000 | ---D | C] -- C:\Users\moritz\AppData\Local\{A7C614B7-21BC-4D55-96FF-DEAA95206CDD}
[2012.01.19 17:03:31 | 000,000,000 | ---D | C] -- C:\Users\moritz\AppData\Local\{CF50EDDD-68FF-4031-8DDE-CE18376566B7}
[2012.01.19 17:03:16 | 000,000,000 | ---D | C] -- C:\Users\moritz\AppData\Local\{DEB49F17-9034-4D36-A475-8CE02CC03BFF}
[2012.01.18 14:16:25 | 000,000,000 | ---D | C] -- C:\Users\moritz\AppData\Local\{2799C4C7-23C0-40A1-B92E-48D4EDA406AA}
[2012.01.18 14:16:13 | 000,000,000 | ---D | C] -- C:\Users\moritz\AppData\Local\{2FB1CE89-51A8-4244-AEA5-98A6DA433652}
[2012.01.17 20:03:51 | 000,000,000 | ---D | C] -- C:\Users\moritz\AppData\Local\{F422E473-2BF8-4012-9D50-C4525C521F74}
[2012.01.17 20:03:38 | 000,000,000 | ---D | C] -- C:\Users\moritz\AppData\Local\{A6EF8286-1B80-4AF9-A326-2F9851ACCFEE}
[2012.01.16 15:26:29 | 000,000,000 | ---D | C] -- C:\Users\moritz\AppData\Local\{9ECA4EF5-61A4-4CE0-AC53-68FDAA6A4ABF}
[2012.01.16 15:26:18 | 000,000,000 | ---D | C] -- C:\Users\moritz\AppData\Local\{3B9C5363-956C-4A36-8437-A19EC8A1EA57}
[2012.01.15 11:33:14 | 000,000,000 | ---D | C] -- C:\Users\moritz\AppData\Local\{FEE2A7AA-69ED-4AD4-93FE-ADF38078423A}
[2012.01.15 11:33:01 | 000,000,000 | ---D | C] -- C:\Users\moritz\AppData\Local\{49030311-06C3-4159-B56D-5B5FF46EB1E6}
[2012.01.14 11:30:56 | 000,000,000 | ---D | C] -- C:\Users\moritz\AppData\Local\{47A2C6B2-61CD-429A-BF03-3FF189A86DA6}
[2012.01.14 11:30:44 | 000,000,000 | ---D | C] -- C:\Users\moritz\AppData\Local\{E28D3113-8587-4245-83DC-538D0BB03002}
[1 C:\Users\moritz\*.tmp files -> C:\Users\moritz\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.02.12 19:30:36 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\moritz\Desktop\OTL.exe
[2012.02.12 19:26:44 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.02.12 19:26:36 | 3062,255,616 | -HS- | M] () -- C:\hiberfil.sys
[2012.02.12 19:10:59 | 000,001,073 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.02.12 19:06:56 | 009,502,424 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\moritz\Desktop\mbam-setup-1.60.1.1000.exe
[2012.02.12 17:48:04 | 163,736,236 | ---- | M] () -- C:\Users\moritz\Desktop\PyWright_0.986.win.zip
[2012.02.12 17:37:56 | 000,000,355 | ---- | M] () -- C:\Users\moritz\Desktop\Netzwerk - Verknüpfung.lnk
[2012.02.12 11:25:52 | 000,000,386 | ---- | M] () -- C:\Windows\tasks\SLOW-PCfighter64-moritz-Notification.job
[2012.02.12 11:25:48 | 000,000,404 | ---- | M] () -- C:\Windows\tasks\Free File Viewer Update Checker.job
[2012.02.12 11:25:47 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.02.12 11:25:45 | 000,000,362 | ---- | M] () -- C:\Windows\tasks\SLOW-PCfighter64-moritz-Startup.job
[2012.02.12 00:09:37 | 023,946,962 | ---- | M] () -- C:\Users\moritz\Desktop\desmume-0.9.7-win32.zip
[2012.02.11 23:22:06 | 000,023,024 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.02.11 23:22:06 | 000,023,024 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.02.11 22:46:34 | 000,002,683 | ---- | M] () -- C:\Users\moritz\Desktop\vba.ini
[2012.02.11 22:08:10 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3444801107-2841172036-1618320042-1001UA.job
[2012.02.11 22:08:10 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.02.11 19:31:12 | 000,065,536 | ---- | M] () -- C:\Users\moritz\Desktop\r_Layton_and_the_Last_Specter__PATCHED___USA_.sav
[2012.02.11 18:46:14 | 000,314,421 | ---- | M] () -- C:\Users\moritz\Desktop\ideas1038.zip
[2012.02.11 18:08:01 | 000,001,072 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3444801107-2841172036-1618320042-1001Core.job
[2012.01.29 22:32:06 | 000,000,336 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleFormoritz.job
[2012.01.26 20:39:11 | 000,001,854 | ---- | M] () -- C:\Users\moritz\AppData\Roaming\GhostObjGAFix.xml
[1 C:\Users\moritz\*.tmp files -> C:\Users\moritz\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.02.12 19:10:59 | 000,001,073 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.02.12 17:37:56 | 000,000,355 | ---- | C] () -- C:\Users\moritz\Desktop\Netzwerk - Verknüpfung.lnk
[2012.02.12 00:02:30 | 163,736,236 | ---- | C] () -- C:\Users\moritz\Desktop\PyWright_0.986.win.zip
[2012.02.11 19:07:06 | 000,002,523 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RPG Maker XP.lnk
[2011.09.15 12:20:59 | 000,149,504 | ---- | C] () -- C:\Windows\UNWISE.EXE
[2011.09.15 12:20:59 | 000,006,067 | ---- | C] () -- C:\Windows\UNWISE.INI
[2011.08.11 15:07:05 | 000,001,854 | ---- | C] () -- C:\Users\moritz\AppData\Roaming\GhostObjGAFix.xml
[2011.05.28 13:53:21 | 000,197,120 | ---- | C] () -- C:\Windows\patchw32.dll
[2011.05.25 15:25:36 | 000,262,144 | ---- | C] () -- C:\Windows\SysWow64\lame_enc.dll
[2011.05.20 16:41:03 | 000,000,000 | ---- | C] () -- C:\Users\moritz\AppData\Local\{C31F3BBD-F31B-47D0-BA2E-17FA1C9EF689}
[2011.03.23 16:45:45 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2010.10.12 19:55:34 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010.10.12 19:54:07 | 000,002,189 | ---- | C] () -- C:\Windows\SysWow64\atipblup.dat
[2010.10.12 19:45:40 | 000,000,268 | ---- | C] () -- C:\Windows\SysWow64\RStoneLog2.ini
[2010.10.12 19:45:40 | 000,000,209 | ---- | C] () -- C:\Windows\SysWow64\RStoneLog.ini
[2010.10.12 19:43:42 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2010.07.20 16:11:18 | 000,000,202 | ---- | C] () -- C:\Windows\SysWow64\HPWA.ini
[2010.07.20 15:21:56 | 000,009,988 | ---- | C] () -- C:\Windows\SysWow64\ezdigsgn.dat
[2010.07.20 13:42:49 | 000,000,186 | ---- | C] () -- C:\Windows\SysWow64\HP Documentation.ini
[2010.06.22 06:28:32 | 000,870,560 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin
[2010.06.22 06:28:32 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll
[2010.06.22 06:28:32 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll
[2010.06.22 06:28:32 | 000,127,868 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin
[2010.06.22 06:28:32 | 000,104,636 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin
[2010.06.10 03:35:06 | 000,002,189 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2010.02.09 17:58:12 | 000,012,800 | ---- | C] () -- C:\Windows\LPRES.DLL
[2009.07.14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009.07.14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009.07.14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 22:59:36 | 001,498,564 | ---- | C] () -- C:\Windows\SysWow64\igkrng400.bin
[2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2005.08.30 00:00:00 | 000,781,312 | ---- | C] () -- C:\Windows\SysWow64\RGSS102J.dll
[2005.08.30 00:00:00 | 000,778,752 | ---- | C] () -- C:\Windows\SysWow64\RGSS102E.dll
[2005.08.30 00:00:00 | 000,771,584 | ---- | C] () -- C:\Windows\SysWow64\RGSS100J.dll
[2003.02.20 17:53:42 | 000,005,702 | ---- | C] () -- C:\Windows\SysWow64\OUTLPERF.INI
 
========== LOP Check ==========
 
[2011.05.28 13:53:49 | 000,000,000 | ---D | M] -- C:\Users\moritz\AppData\Roaming\Atari
[2011.10.24 16:13:12 | 000,000,000 | ---D | M] -- C:\Users\moritz\AppData\Roaming\ChessBase
[2011.12.22 18:43:57 | 000,000,000 | ---D | M] -- C:\Users\moritz\AppData\Roaming\dingogames
[2011.06.17 19:35:39 | 000,000,000 | ---D | M] -- C:\Users\moritz\AppData\Roaming\DisneyInteractiveStudios
[2011.05.09 15:57:42 | 000,000,000 | ---D | M] -- C:\Users\moritz\AppData\Roaming\DVDVideoSoft
[2011.05.09 15:51:43 | 000,000,000 | ---D | M] -- C:\Users\moritz\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.04.14 11:37:16 | 000,000,000 | ---D | M] -- C:\Users\moritz\AppData\Roaming\EscapeTheMuseum2
[2011.12.12 16:07:21 | 000,000,000 | ---D | M] -- C:\Users\moritz\AppData\Roaming\Fighters
[2011.04.20 10:16:15 | 000,000,000 | ---D | M] -- C:\Users\moritz\AppData\Roaming\FloodLightGames
[2012.02.12 19:08:24 | 000,000,000 | ---D | M] -- C:\Users\moritz\AppData\Roaming\FreeFileViewer
[2011.04.01 15:49:45 | 000,000,000 | ---D | M] -- C:\Users\moritz\AppData\Roaming\FriendsGamesNetwork
[2011.02.05 13:15:51 | 000,000,000 | ---D | M] -- C:\Users\moritz\AppData\Roaming\funkitron
[2011.05.08 20:50:20 | 000,000,000 | ---D | M] -- C:\Users\moritz\AppData\Roaming\Get from YouTube
[2011.02.22 19:22:13 | 000,000,000 | ---D | M] -- C:\Users\moritz\AppData\Roaming\GetRightToGo
[2012.02.12 10:24:33 | 000,000,000 | ---D | M] -- C:\Users\moritz\AppData\Roaming\go
[2011.05.10 19:30:36 | 000,000,000 | ---D | M] -- C:\Users\moritz\AppData\Roaming\Import Audio from Video
[2011.02.22 19:22:42 | 000,000,000 | ---D | M] -- C:\Users\moritz\AppData\Roaming\iWin
[2011.01.29 12:20:18 | 000,000,000 | ---D | M] -- C:\Users\moritz\AppData\Roaming\Juniper Networks
[2011.04.14 16:25:36 | 000,000,000 | ---D | M] -- C:\Users\moritz\AppData\Roaming\MumboJumbo
[2011.05.10 19:36:43 | 000,000,000 | ---D | M] -- C:\Users\moritz\AppData\Roaming\Music Editor Free
[2011.12.23 13:55:41 | 000,000,000 | ---D | M] -- C:\Users\moritz\AppData\Roaming\PlayFirst
[2011.02.22 16:51:37 | 000,000,000 | ---D | M] -- C:\Users\moritz\AppData\Roaming\Playrix Entertainment
[2011.02.26 15:25:20 | 000,000,000 | ---D | M] -- C:\Users\moritz\AppData\Roaming\ScreenSeven
[2011.09.14 14:07:48 | 000,000,000 | ---D | M] -- C:\Users\moritz\AppData\Roaming\TeamViewer
[2011.01.09 17:10:45 | 000,000,000 | ---D | M] -- C:\Users\moritz\AppData\Roaming\Tific
[2011.09.26 14:53:48 | 000,000,000 | ---D | M] -- C:\Users\moritz\AppData\Roaming\YoudaGames
[2011.03.21 12:42:47 | 000,000,000 | ---D | M] -- C:\Users\moritz\AppData\Roaming\_MDLogs
[2012.02.12 11:25:48 | 000,000,404 | ---- | M] () -- C:\Windows\Tasks\Free File Viewer Update Checker.job
[2011.11.25 15:23:28 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012.02.12 11:25:52 | 000,000,386 | ---- | M] () -- C:\Windows\Tasks\SLOW-PCfighter64-moritz-Notification.job
[2012.02.12 11:25:45 | 000,000,362 | ---- | M] () -- C:\Windows\Tasks\SLOW-PCfighter64-moritz-Startup.job
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*. >
[2011.03.27 18:47:53 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2011.08.27 19:53:38 | 000,000,000 | ---D | M] -- C:\.jagex_cache_32
[2011.01.21 23:24:53 | 000,000,000 | ---D | M] -- C:\05b8f1a8208571fc5c0c220f3153
[2011.01.22 08:03:26 | 000,000,000 | ---D | M] -- C:\66af2071bba1b029aedf0004b1ab74
[2011.12.23 10:34:24 | 000,000,000 | ---D | M] -- C:\BigFishGamesCache
[2011.12.24 13:50:02 | 000,000,000 | ---D | M] -- C:\Boonty
[2010.07.21 02:27:46 | 000,000,000 | -HSD | M] -- C:\boot
[2012.02.11 19:07:06 | 000,000,000 | -HSD | M] -- C:\Config.Msi
[2009.07.14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2011.01.09 14:28:14 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2011.03.23 16:32:42 | 000,000,000 | ---D | M] -- C:\dst
[2011.06.18 14:37:49 | 000,000,000 | ---D | M] -- C:\e08d751d7977cc3bf3
[2011.12.23 16:36:14 | 000,000,000 | ---D | M] -- C:\GameHouse Games
[2010.10.12 20:10:30 | 000,000,000 | -H-D | M] -- C:\HP
[2010.10.12 20:20:24 | 000,000,000 | ---D | M] -- C:\Intel
[2011.06.22 14:21:47 | 000,000,000 | ---D | M] -- C:\midi
[2009.07.14 04:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2011.11.06 21:16:25 | 000,000,000 | R--D | M] -- C:\Program Files
[2012.02.12 19:10:58 | 000,000,000 | ---D | M] -- C:\Program Files (x86)
[2012.02.12 19:10:58 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2011.01.09 14:28:14 | 000,000,000 | -HSD | M] -- C:\Programme
[2011.01.09 14:29:42 | 000,000,000 | -HSD | M] -- C:\Recovery
[2011.03.17 19:59:56 | 000,000,000 | ---D | M] -- C:\SwSetup
[2012.02.12 19:08:32 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2011.01.09 14:29:46 | 000,000,000 | -H-D | M] -- C:\SYSTEM.SAV
[2011.05.08 20:54:30 | 000,000,000 | ---D | M] -- C:\temp
[2011.02.26 16:43:59 | 000,000,000 | ---D | M] -- C:\Terzio
[2011.01.09 14:28:20 | 000,000,000 | R--D | M] -- C:\Users
[2012.02.12 19:08:24 | 000,000,000 | ---D | M] -- C:\Windows
[2011.04.22 14:30:44 | 000,000,000 | ---D | M] -- C:\Zylom Games
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
 
< MD5 for: EXPLORER.EXE  >
[2011.02.26 07:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\explorer.exe
[2011.02.26 07:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011.02.26 06:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009.07.14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011.02.26 06:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2010.07.20 22:54:35 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011.02.26 06:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\SysWOW64\explorer.exe
[2011.02.26 06:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011.02.25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011.02.26 07:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010.07.20 22:50:18 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010.07.20 22:54:35 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2010.07.20 22:50:18 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010.07.20 22:54:35 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2010.07.20 22:50:18 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009.07.14 02:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2010.07.20 22:54:35 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2011.02.26 07:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2010.07.20 22:50:18 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
 
< MD5 for: REGEDIT.EXE  >
[2009.07.14 02:39:29 | 000,427,008 | ---- | M] (Microsoft Corporation) MD5=2E2C937846A0B8789E5E91739284D17A -- C:\Windows\winsxs\amd64_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_5023a70bf589ad3e\regedit.exe
[2009.07.14 02:39:29 | 000,427,008 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\regedit.exe
[2009.07.14 02:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\SysWOW64\regedit.exe
[2009.07.14 02:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\winsxs\wow64_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_5a78515e29ea6f39\regedit.exe
 
< MD5 for: USERINIT.EXE  >
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\SysNative\userinit.exe
[2009.07.14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.07.14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2012.01.13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2010.07.20 22:54:35 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2010.07.20 22:54:35 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\SysNative\winlogon.exe
[2010.07.20 22:54:35 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
 
<           >
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 142 bytes -> C:\ProgramData\Temp:DB77E2C4
@Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:1DEE6B65
@Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:6493C4DC
@Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:052E15C3

< End of report >
         
--- --- ---


Alt 12.02.2012, 19:48   #6
mo99
 
"50 Euro Virus" Schwarzer Bildschirm Zahlung - Standard

"50 Euro Virus" Schwarzer Bildschirm Zahlung



OTL EXTRAS Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 12.02.2012 19:32:56 - Run 1
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\moritz\Desktop
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,80 Gb Total Physical Memory | 3,20 Gb Available Physical Memory | 84,22% Memory free
7,60 Gb Paging File | 7,03 Gb Available in Paging File | 92,50% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 281,98 Gb Total Space | 176,79 Gb Free Space | 62,69% Space Free | Partition Type: NTFS
Drive D: | 15,82 Gb Total Space | 2,28 Gb Free Space | 14,42% Space Free | Partition Type: NTFS
Drive E: | 6,42 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: MORITZ-HP | User Name: moritz | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- "C:\Program Files (x86)\File Type Assistant\tsassist.exe" "%1" (Trusted Software ApS)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- "C:\Program Files (x86)\File Type Assistant\tsassist.exe" "%1" (Trusted Software ApS)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1795BAA8-65EC-66D0-9DA4-D4B1FBE7700E}" = ATI Catalyst Install Manager
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{26A24AE4-039D-4CA4-87B4-2F86416020FF}" = Java(TM) 6 Update 20 (64-bit)
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{8F473675-D702-45F9-8EBC-342B40C17BF5}" = Apple Mobile Device Support
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9545E9DB-6F4C-4404-BF25-E221BE8B44C5}" = iTunes
"{B601929F-3A47-4F37-8D1E-EAD1481BE5EA}" = ccc-utility64
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{E342EC6B-5F25-47FE-B92C-DE616149B430}" = HP Wireless Assistant
"{E4F5E48E-7155-4CF9-88CD-7F377EC9AC54}" = Bonjour
"{F3D7AC17-1FF4-41A8-BB18-3FC39C65AEB9}" = RtVOsd
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F6FCC591-A21B-47C7-BCB3-F535FBA210E2}" = SLOW-PCfighter
"Broadcom 802.11 Wireless LAN Adapter" = Broadcom 802.11 Wireless LAN Adapter
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"SLOW-PCfighter" = SLOW-PCfighter
"SynTPDeinstKey" = Synaptics Pointing Device Driver
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01E73CF7-3B8E-49F6-B09C-3FB122B3938A}" = HP Software Framework
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{02FC8489-58FB-2628-768A-2CE172A37D7D}" = Catalyst Control Center Graphics Previews Common
"{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion
"{06E6E30D-B498-442F-A943-07DE41D7F785}" = Microsoft Search Enhancement Pack
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = Bing Bar
"{08DB3902-2CE0-474D-BCE3-0177766CE9F1}" = HP Support Assistant
"{08F1513E-2113-06C5-583A-FB1DE0E64AE6}" = CCC Help Chinese Standard
"{09801D34-8DE8-406A-BFD7-747AF74F5E6E}" = WhiteBoardMeeting
"{0AB910A1-042A-D781-3779-2A4DC383BF0F}" = CCC Help Czech
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D619D56-854C-F5D1-A134-4EB72974E09E}" = CCC Help Thai
"{144AAC2E-410C-6F23-5EC4-CB96049DD1D4}" = CCC Help Finnish
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1AF5A6D6-266D-9A24-D13A-5A50B2182645}" = CCC Help Norwegian
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20EA84D4-6CB0-4FEA-8B6C-DC816CA7385F}" = Harry Potter und der Halbblut-Prinz™ Demo
"{222A544B-E6B7-496F-B4D7-6FE74FF0E616}" = Bing Bar Platform
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 20
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2A54B824-C32C-A931-17CB-A74B54E28AAE}" = CCC Help Spanish
"{2BED1172-6F40-1090-C681-26FEEF383E14}" = ccc-core-static
"{2DC94AFD-A6E2-4AB4-9132-4A3F8E07B386}" = Apple Application Support
"{2F1E1F4D-B5CC-CA5D-2035-3A464BB053C3}" = CCC Help English
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{3234355B-963B-99FE-EECA-8A034781AF15}" = CCC Help Polish
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Windows 7
"{3C302D80-4540-BA36-7167-8B59EC0BB9F4}" = CCC Help Korean
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}" = HP Advisor
"{41136F4A-3C71-7F9F-7ECA-4E2C2D6C216F}" = CCC Help Dutch
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager
"{46BA053F-57B3-4153-BDB6-D37EEC8B12D7}" = LightScribe System Software
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B156358-CE9C-4E9F-8CAD-79AE86A68C60}" = HP Power Manager
"{4D66BBCA-8E0A-5FF3-4206-3BEA432FB1E9}" = CCC Help Turkish
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{52D59644-B08F-492E-BB68-1F0AE25ADFBB}" = Ich sehe was ... die große Schatzsuche
"{543F949F-2B95-448F-9F2E-56F0C5FF8E2C}" = Catalyst Control Center - Branding
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5A9FE525-8B8F-4701-A937-7F6745A4E9C7}" = RGSS-RTP Standard
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{668B80AF-D98F-42FC-8EE1-36252B03C5C9}_is1" = MIDI4all
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{66E2396F-1392-BECA-37D7-6C4AECED9668}" = CCC Help Russian
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6E7DD182-9FC6-4651-0095-2E666CC6AF35}" = Die Sims 2
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp" = WildTangent Games App (HP Games)
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-wildgames" = WildTangent Games App
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72D90DB3-A16A-4545-B555-868471101833}" = HP Setup
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7E918D75-2600-0674-ADC2-4722D7F37018}" = CCC Help Italian
"{82414541-9562-5992-5955-399710303544}" = Gardenscapes
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{907B4640-266B-4A21-92FB-CD1A86CD0F63}" = RollerCoaster Tycoon 3
"{917C79E9-9E4E-11D6-B27C-0003FFFFFFFC}" = Fritz und Fertig
"{95140000-007A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{95140000-007A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B34CAC6-738F-4A20-B428-A115C3E3474C}" = RPGXP
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C632E6D-C984-75B8-DE46-8E495E179314}" = CCC Help Portuguese
"{9D318C86-AF4C-409F-A6AC-7183FF4CF424}" = Internet-TV für Windows Media Center
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9ECF7817-DB11-4FBA-9DF1-296A578D513A}" = Adobe Shockwave Player 11.5
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A1A5DA17-C6A6-897E-2EBB-8BACE074FA10}" = CCC Help Swedish
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A5EFB5BD-5B8C-813B-711E-4C068721281F}" = CCC Help Danish
"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"{A85568D7-A01E-4E05-AFEE-4A1852D70281}" = LEGO® Pirates of the Caribbean Das Videospiel DEMO
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.3 MUI
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{B0B3A2CE-C337-E33B-F24E-A8BDCA644D03}" = Catalyst Control Center Localization All
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B360E24A-BF25-4353-AA79-1B54F509024A}" = HP Documentation
"{B635B0A0-8C8B-4492-E54A-85CA5DC5CAC2}" = CCC Help Japanese
"{B95B1BA9-F887-4B3C-8D3A-CCD4C4675120}" = Microsoft Default Manager
"{BAB3C6F6-8C54-BFE0-A570-1E471ACE00B5}" = Catalyst Control Center Graphics Previews Vista
"{BB9344E4-C629-7E36-6248-EAF3F7AFCB95}" = CCC Help Chinese Traditional
"{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}" = Energy Star Digital Logo
"{BFF2D920-80F2-46E9-8246-79A20BB9D8B2}" = Crazy Machines - Neues aus dem Labor
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CCF13D13-A87B-34E8-B689-1896D0C2DBA2}" = Google Talk Plugin
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240BD}" = WinZip 14.5
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D45DB0E4-E813-1584-9670-ADF85214596E}" = CCC Help French
"{D642E38E-0D24-486C-9A2D-E316DD696F4B}" = Microsoft XML Parser
"{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}" = Intel(R) Turbo Boost Technology Driver
"{D952A9F5-E24D-4264-86B7-79160E361EE8}" = Fritz7
"{DB15EA7D-B263-1B9B-0C3E-25BE7D15C551}" = PX Profile Update
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E342D296-DB9D-4FC7-ACB0-39926C0BFA16}" = HP Quick Launch
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E9AF8776-5533-47A0-B75C-6AF391285EEB}" = Youda Legend 2
"{EE07C46F-278A-412C-4687-54963CBC5862}" = CCC Help Hungarian
"{EFD35B3A-0296-864F-C78F-910CD41B1C32}" = CCC Help Greek
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F3E31016-0901-40D7-820C-D178A4C583AA}" = Youda Legend - The Curseof the Amsterdam Diamond
"{F8504F00-2C61-0FA1-8E17-AADA786A164F}" = CCC Help German
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{F972403C-BFE4-49EB-82B8-10D0FDBD1BB1}" = VirtualDJ Home FREE
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FE363238-928A-113D-0318-4F7CEBB88715}" = Catalyst Control Center InstallProxy
"00e1b559ced624f1a3ef930630c2d865" = Farmscapes(TM) Premium Edition
"02f682c9e4e43365877ea59acf3d6da7" = Royal Trouble
"12389d0863a0588ade0a083ab5270573" = Plants vs. Zombies(TM)
"7 Wonders II" = 7 Wonders II
"8ba0281c26cce311ea8876194c2cca4b" = LUXOR 5th Passage
"94a888f0cc14f46f31dbe64760d265e3" = Gardenscapes(TM)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"am-tastyplanetbackforseconds" = Tasty Planet - Back for Seconds
"AutocompletePro2_is1" = AutocompletePro
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"BabylonToolbar" = Babylon toolbar
"Beetle Ju 2 VOLLVERSION" = Beetle Ju 2 VOLLVERSION
"BFGC" = Big Fish Games: Game Manager
"BFG-Tasty Planet" = Tasty Planet
"BFG-Youda Legend - Der goldene Paradiesvogel" = Youda Legend: Der goldene Paradiesvogel
"BFG-Youda Legend - The Curse of the Amsterdam Diamond" = Youda Legend: The Curse of the Amsterdam Diamond
"Bird’s Town" = Bird’s Town
"Click MusicalKEYS_is1" = Click MusicalKEYS 3.0.214
"conduitEngine" = Conduit Engine
"d98f52976e41632129699108bd8e3418" = Escape the Museum 2
"DEUTSCHLAND SPIELT Spiele Post" = DEUTSCHLAND SPIELT Spiele Post
"Die Garten-Attacke" = Die Garten-Attacke
"DSGPlayer" = DEUTSCHLAND SPIELT GAME CENTER
"EasyBits Magic Desktop" = Magic Desktop
"Forte Standard" = Forte Standard 2.0
"Free Studio_is1" = Free Studio version 5.0.9
"FreeFileViewer_is1" = Free File Viewer 2011
"Funload.de Toolbar" = Funload.de Toolbar
"Gardenscapes_is1" = Gardenscapes
"Garten-Glück" = Garten-Glück
"GeoGebra" = GeoGebra
"Gold Miner Vegas" = Gold Miner Vegas (remove only)
"Google Chrome" = Google Chrome
"IncrediMail_MediaBar_2 Toolbar" = IncrediMail MediaBar 2 Toolbar
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
"Juniper_Setup_Client Activex Control" = Juniper Networks Setup Client Activex Control
"Luxor 3" = Luxor 3
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.60.1.1000
"Music Editor Free" = Music Editor Free
"Peggle Deluxe 1.03" = Peggle Deluxe 1.03
"Peggle Nights Deluxe 1.0.3.5802" = Peggle Nights Deluxe 1.0.3.5802
"Pflanzen gegen Zombies" = Pflanzen gegen Zombies
"Plants vs. Zombies" = Plants vs. Zombies
"PriceGong" = PriceGong 2.1.0
"Royal Trouble" = Royal Trouble
"Siebenstein 2" = Siebenstein 2
"Surf Canyon" = Surf Canyon Search Engine Assistant
"Tasty Planet" = Tasty Planet
"Tasty Planet - Back for Seconds" = Tasty Planet - Back for Seconds
"Tasty Planet Free Trial_is1" = Tasty Planet Free Trial
"Tasty Planet_is1" = Tasty Planet de
"TeamViewer 6" = TeamViewer 6
"Trusted Software Assistant_is1" = File Type Assistant
"Uninstall_is1" = Uninstall 1.0.0.1
"Vampirjagd" = Vampirjagd
"WildTangent hp Master Uninstall" = HP Games
"WinLiveSuite" = Windows Live Essentials
"Winload Toolbar" = Winload Toolbar
"WinRAR archiver" = WinRAR 4.00 (32-Bit)
"WT087361" = FATE
"WT087380" = John Deere Drive Green
"WT087394" = Penguins!
"WT087396" = Polar Bowler
"WT087420" = Agatha Christie - Death on the Nile
"WT087428" = Bejeweled 2 Deluxe
"WT087453" = Chuzzle Deluxe
"WT087480" = Insaniquarium Deluxe
"WT087485" = Jewel Quest II
"WT087490" = Jewel Quest Solitaire
"WT087501" = Plants vs. Zombies
"WT087510" = Slingo Deluxe
"WT087513" = Virtual Villagers - The Secret City
"WT087519" = Wedding Dash
"WT087533" = Zuma Deluxe
"WT087536" = Diner Dash 2 Restaurant Rescue
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Software Update" = Yahoo! Software Update
"Youda Legend" = Youda Legend
"Youda Legend the Golden Bird of Paradise_is1" = Youda Legend the Golden Bird of Paradise de
"Youda Legend: Der Goldene Paradiesvogel" = Youda Legend: Der Goldene Paradiesvogel
"Youda Survivor" = Youda Survivor
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Game Organizer" = EasyBits GO
"Juniper_Setup_Client" = Juniper Networks Setup Client
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 06.02.2012 15:18:33 | Computer Name = moritz-HP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 72213
 
Error - 06.02.2012 15:18:34 | Computer Name = moritz-HP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 06.02.2012 15:18:34 | Computer Name = moritz-HP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 73227
 
Error - 06.02.2012 15:18:34 | Computer Name = moritz-HP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 73227
 
Error - 06.02.2012 15:18:35 | Computer Name = moritz-HP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 06.02.2012 15:18:35 | Computer Name = moritz-HP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 74225
 
Error - 06.02.2012 15:18:35 | Computer Name = moritz-HP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 74225
 
Error - 06.02.2012 15:18:36 | Computer Name = moritz-HP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 06.02.2012 15:18:36 | Computer Name = moritz-HP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 75239
 
Error - 06.02.2012 15:18:36 | Computer Name = moritz-HP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 75239
 
[ Hewlett-Packard Events ]
Error - 03.05.2011 13:25:44 | Computer Name = moritz-HP | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\051103072526.xml
 File not created by asset agent
 
Error - 11.08.2011 10:07:04 | Computer Name = moritz-HP | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\081111040646.xml
 File not created by asset agent
 
Error - 17.10.2011 13:04:52 | Computer Name = moritz-HP | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\101117070434.xml
 File not created by asset agent
 
Error - 08.11.2011 10:44:40 | Computer Name = moritz-HP | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\111108100732.xml
 File not created by asset agent
 
Error - 02.01.2012 12:22:35 | Computer Name = moritz-HP | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\011202052215.xml
 File not created by asset agent
 
Error - 09.01.2012 12:56:15 | Computer Name = moritz-HP | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\011209055612.xml
 File not created by asset agent
 
Error - 16.01.2012 12:48:23 | Computer Name = moritz-HP | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\011216054819.xml
 File not created by asset agent
 
Error - 26.01.2012 15:39:05 | Computer Name = moritz-HP | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\011226083858.xml
 File not created by asset agent
 
[ HP Wireless Assistant Events ]
Error - 09.01.2011 12:03:50 | Computer Name = moritz-HP | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException Der RPC-Server ist nicht
 verfügbar. (Ausnahme von HRESULT: 0x800706BA)    bei System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
 errorCode, IntPtr errorInfo)     bei System.Management.ManagementScope.InitializeGuts(Object
 o)     bei System.Management.ManagementScope.Initialize()     bei System.Management.ManagementObject.Initialize(Boolean
 getObject)     bei System.Management.ManagementBaseObject.get_Properties()     bei 
System.Management.ManagementBaseObject.GetPropertyValue(String propertyName)     bei
 HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()
 
Error - 09.01.2011 12:04:58 | Computer Name = moritz-HP | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException Der RPC-Server ist nicht
 verfügbar. (Ausnahme von HRESULT: 0x800706BA)    bei System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
 errorCode, IntPtr errorInfo)     bei System.Management.ManagementScope.InitializeGuts(Object
 o)     bei System.Management.ManagementScope.Initialize()     bei System.Management.ManagementObject.Initialize(Boolean
 getObject)     bei System.Management.ManagementBaseObject.get_Properties()     bei 
System.Management.ManagementBaseObject.GetPropertyValue(String propertyName)     bei
 HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()
 
Error - 09.01.2011 12:06:06 | Computer Name = moritz-HP | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException Der RPC-Server ist nicht
 verfügbar. (Ausnahme von HRESULT: 0x800706BA)    bei System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
 errorCode, IntPtr errorInfo)     bei System.Management.ManagementScope.InitializeGuts(Object
 o)     bei System.Management.ManagementScope.Initialize()     bei System.Management.ManagementObject.Initialize(Boolean
 getObject)     bei System.Management.ManagementBaseObject.get_Properties()     bei 
System.Management.ManagementBaseObject.GetPropertyValue(String propertyName)     bei
 HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()
 
Error - 09.01.2011 12:07:13 | Computer Name = moritz-HP | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException Der RPC-Server ist nicht
 verfügbar. (Ausnahme von HRESULT: 0x800706BA)    bei System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
 errorCode, IntPtr errorInfo)     bei System.Management.ManagementScope.InitializeGuts(Object
 o)     bei System.Management.ManagementScope.Initialize()     bei System.Management.ManagementObject.Initialize(Boolean
 getObject)     bei System.Management.ManagementBaseObject.get_Properties()     bei 
System.Management.ManagementBaseObject.GetPropertyValue(String propertyName)     bei
 HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()
 
Error - 09.01.2011 12:08:21 | Computer Name = moritz-HP | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException Der RPC-Server ist nicht
 verfügbar. (Ausnahme von HRESULT: 0x800706BA)    bei System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
 errorCode, IntPtr errorInfo)     bei System.Management.ManagementScope.InitializeGuts(Object
 o)     bei System.Management.ManagementScope.Initialize()     bei System.Management.ManagementObject.Initialize(Boolean
 getObject)     bei System.Management.ManagementBaseObject.get_Properties()     bei 
System.Management.ManagementBaseObject.GetPropertyValue(String propertyName)     bei
 HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()
 
Error - 09.01.2011 12:09:26 | Computer Name = moritz-HP | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException Der RPC-Server ist nicht
 verfügbar. (Ausnahme von HRESULT: 0x800706BA)    bei System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
 errorCode, IntPtr errorInfo)     bei System.Management.ManagementScope.InitializeGuts(Object
 o)     bei System.Management.ManagementScope.Initialize()     bei System.Management.ManagementObject.Initialize(Boolean
 getObject)     bei System.Management.ManagementBaseObject.get_Properties()     bei 
System.Management.ManagementBaseObject.GetPropertyValue(String propertyName)     bei
 HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()
 
Error - 09.01.2011 12:10:34 | Computer Name = moritz-HP | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException Der RPC-Server ist nicht
 verfügbar. (Ausnahme von HRESULT: 0x800706BA)    bei System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
 errorCode, IntPtr errorInfo)     bei System.Management.ManagementScope.InitializeGuts(Object
 o)     bei System.Management.ManagementScope.Initialize()     bei System.Management.ManagementObject.Initialize(Boolean
 getObject)     bei System.Management.ManagementBaseObject.get_Properties()     bei 
System.Management.ManagementBaseObject.GetPropertyValue(String propertyName)     bei
 HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()
 
Error - 09.01.2011 12:11:42 | Computer Name = moritz-HP | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException Der RPC-Server ist nicht
 verfügbar. (Ausnahme von HRESULT: 0x800706BA)    bei System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
 errorCode, IntPtr errorInfo)     bei System.Management.ManagementScope.InitializeGuts(Object
 o)     bei System.Management.ManagementScope.Initialize()     bei System.Management.ManagementObject.Initialize(Boolean
 getObject)     bei System.Management.ManagementBaseObject.get_Properties()     bei 
System.Management.ManagementBaseObject.GetPropertyValue(String propertyName)     bei
 HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()
 
Error - 19.08.2011 09:44:30 | Computer Name = moritz-HP | Source = HP WA Application | ID = 0
Description = HardwareAccess.UnableToConnectException Application.ApplicationStartup;
 failed to create hardware layer Fehler in der Anwendung.    bei HardwareAccess.Hardware..ctor(Dispatcher
 dispatcher, ServicePort port, Int32 timeout)     bei HardwareAccess.Hardware.Create(Dispatcher
 dispatcher, ServicePort port, Int32 timeout)     bei HPWA_Main.App.ApplicationStartup(Object
 sender, StartupEventArgs args)
 
Error - 19.08.2011 09:44:32 | Computer Name = moritz-HP | Source = HP WA Application | ID = 0
Description = MainWindow.ShowImpl; not initialized, closing application...
 
[ Media Center Events ]
Error - 20.04.2011 05:05:12 | Computer Name = moritz-HP | Source = MCUpdate | ID = 0
Description = 11:05:12 - Fehler beim Herstellen der Internetverbindung.  11:05:12 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 20.04.2011 05:05:18 | Computer Name = moritz-HP | Source = MCUpdate | ID = 0
Description = 11:05:17 - Fehler beim Herstellen der Internetverbindung.  11:05:17 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 20.04.2011 06:05:28 | Computer Name = moritz-HP | Source = MCUpdate | ID = 0
Description = 12:05:28 - Fehler beim Herstellen der Internetverbindung.  12:05:28 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 20.04.2011 06:05:38 | Computer Name = moritz-HP | Source = MCUpdate | ID = 0
Description = 12:05:33 - Fehler beim Herstellen der Internetverbindung.  12:05:33 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 11.02.2012 15:10:04 | Computer Name = moritz-HP | Source = MCUpdate | ID = 0
Description = 20:10:04 - Fehler beim Herstellen der Internetverbindung.  20:10:04 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 11.02.2012 15:10:11 | Computer Name = moritz-HP | Source = MCUpdate | ID = 0
Description = 20:10:09 - Fehler beim Herstellen der Internetverbindung.  20:10:09 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 11.02.2012 16:10:17 | Computer Name = moritz-HP | Source = MCUpdate | ID = 0
Description = 21:10:17 - Fehler beim Herstellen der Internetverbindung.  21:10:17 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 11.02.2012 16:10:23 | Computer Name = moritz-HP | Source = MCUpdate | ID = 0
Description = 21:10:22 - Fehler beim Herstellen der Internetverbindung.  21:10:22 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 11.02.2012 17:10:28 | Computer Name = moritz-HP | Source = MCUpdate | ID = 0
Description = 22:10:28 - Fehler beim Herstellen der Internetverbindung.  22:10:28 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 11.02.2012 17:10:34 | Computer Name = moritz-HP | Source = MCUpdate | ID = 0
Description = 22:10:33 - Fehler beim Herstellen der Internetverbindung.  22:10:33 
-     Serververbindung konnte nicht hergestellt werden..  
 
[ System Events ]
Error - 12.02.2012 14:40:40 | Computer Name = moritz-HP | Source = Microsoft-Windows-Kernel-Power | ID = 88
Description = Das System ist aufgrund eines kritischen thermischen Ereignisses in
 den Ruhezustand gewechselt.  Zeit für den Ruhezustand = 2012-02-12T18:40:40.786395800Z

              ACPI-Thermozone = ACPI\ThermalZone\TSZ0                _HOT = 369K
 
Error - 12.02.2012 14:40:42 | Computer Name = moritz-HP | Source = Microsoft-Windows-Kernel-Power | ID = 88
Description = Das System ist aufgrund eines kritischen thermischen Ereignisses in
 den Ruhezustand gewechselt.  Zeit für den Ruhezustand = 2012-02-12T18:40:42.299598400Z

              ACPI-Thermozone = ACPI\ThermalZone\TSZ0                _HOT = 369K
 
Error - 12.02.2012 14:40:50 | Computer Name = moritz-HP | Source = Microsoft-Windows-Kernel-Power | ID = 88
Description = Das System ist aufgrund eines kritischen thermischen Ereignisses in
 den Ruhezustand gewechselt.  Zeit für den Ruhezustand = 2012-02-12T18:40:50.770413300Z

              ACPI-Thermozone = ACPI\ThermalZone\TSZ0                _HOT = 369K
 
Error - 12.02.2012 14:40:52 | Computer Name = moritz-HP | Source = Microsoft-Windows-Kernel-Power | ID = 88
Description = Das System ist aufgrund eines kritischen thermischen Ereignisses in
 den Ruhezustand gewechselt.  Zeit für den Ruhezustand = 2012-02-12T18:40:52.283616000Z

              ACPI-Thermozone = ACPI\ThermalZone\TSZ0                _HOT = 369K
 
Error - 12.02.2012 14:41:00 | Computer Name = moritz-HP | Source = Microsoft-Windows-Kernel-Power | ID = 88
Description = Das System ist aufgrund eines kritischen thermischen Ereignisses in
 den Ruhezustand gewechselt.  Zeit für den Ruhezustand = 2012-02-12T18:41:00.754430900Z

              ACPI-Thermozone = ACPI\ThermalZone\TSZ0                _HOT = 369K
 
Error - 12.02.2012 14:41:02 | Computer Name = moritz-HP | Source = Microsoft-Windows-Kernel-Power | ID = 88
Description = Das System ist aufgrund eines kritischen thermischen Ereignisses in
 den Ruhezustand gewechselt.  Zeit für den Ruhezustand = 2012-02-12T18:41:02.267633500Z

              ACPI-Thermozone = ACPI\ThermalZone\TSZ0                _HOT = 369K
 
Error - 12.02.2012 14:41:10 | Computer Name = moritz-HP | Source = Microsoft-Windows-Kernel-Power | ID = 88
Description = Das System ist aufgrund eines kritischen thermischen Ereignisses in
 den Ruhezustand gewechselt.  Zeit für den Ruhezustand = 2012-02-12T18:41:10.722848400Z

              ACPI-Thermozone = ACPI\ThermalZone\TSZ0                _HOT = 369K
 
Error - 12.02.2012 14:41:12 | Computer Name = moritz-HP | Source = Microsoft-Windows-Kernel-Power | ID = 88
Description = Das System ist aufgrund eines kritischen thermischen Ereignisses in
 den Ruhezustand gewechselt.  Zeit für den Ruhezustand = 2012-02-12T18:41:12.236051000Z

              ACPI-Thermozone = ACPI\ThermalZone\TSZ0                _HOT = 369K
 
Error - 12.02.2012 14:41:20 | Computer Name = moritz-HP | Source = Microsoft-Windows-Kernel-Power | ID = 88
Description = Das System ist aufgrund eines kritischen thermischen Ereignisses in
 den Ruhezustand gewechselt.  Zeit für den Ruhezustand = 2012-02-12T18:41:20.706865900Z

              ACPI-Thermozone = ACPI\ThermalZone\TSZ0                _HOT = 369K
 
Error - 12.02.2012 14:41:22 | Computer Name = moritz-HP | Source = Microsoft-Windows-Kernel-Power | ID = 88
Description = Das System ist aufgrund eines kritischen thermischen Ereignisses in
 den Ruhezustand gewechselt.  Zeit für den Ruhezustand = 2012-02-12T18:41:22.220068600Z

              ACPI-Thermozone = ACPI\ThermalZone\TSZ0                _HOT = 369K
 
 
< End of report >
         
--- --- ---

Alt 12.02.2012, 20:44   #7
Swisstreasure
/// Malwareteam
 
"50 Euro Virus" Schwarzer Bildschirm Zahlung - Standard

"50 Euro Virus" Schwarzer Bildschirm Zahlung



Hast Du noch Probleme?
Sagt Dir dieser Proxy was:
Zitat:
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 10.128.9.30:80

Alt 13.02.2012, 16:11   #8
mo99
 
"50 Euro Virus" Schwarzer Bildschirm Zahlung - Standard

"50 Euro Virus" Schwarzer Bildschirm Zahlung



Also Erstens:
Ich weiß nicht, er (oder was) dieser (dieses) Proxy ist.
Und Zweitens:
Ich weiß nicht, was passiert ist, ABER DER COMPUTER FUNKTIONIERT WIEDER!!!
Ich lass das Virenprogramm sicherheitsalber noch mal durchgehen, aber ich rechne nicht mit Funden.
VIELEN, VIELEN DANK LIEBER SWISS (MEINE RETTUNG)
Moritz

Alt 13.02.2012, 23:14   #9
Swisstreasure
/// Malwareteam
 
"50 Euro Virus" Schwarzer Bildschirm Zahlung - Standard

"50 Euro Virus" Schwarzer Bildschirm Zahlung



Das tönt doch gut Wir sind aber noch nicht fertig:


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Antwort

Themen zu "50 Euro Virus" Schwarzer Bildschirm Zahlung
50 euro, 50 euro virus, absoluter, angezeigt, bildschirm, blockiert, euro, gefunde, geholfen, keine viren, nachricht, nichts, programm, schonmal, schwarzer, schwarzer bildschirm, thema, tipps, trojaner, virenprogramm, virus, wenige, wenigen, windowssystem, windowssystem blockiert, zahlung



Ähnliche Themen: "50 Euro Virus" Schwarzer Bildschirm Zahlung


  1. Windows 7 schwarzer Bildschirm, keine Taskleiste aber Fenster "Computer" geöffnet
    Plagegeister aller Art und deren Bekämpfung - 27.03.2015 (9)
  2. Windows 7 schwarzer Bildschirm, keine Taskleiste aber Fenster "Computer" geöffnet 3
    Plagegeister aller Art und deren Bekämpfung - 23.12.2014 (10)
  3. Windows 7: Nach Hochfahren schwarzer Bildschirm und das Fenster " Computer" offen
    Plagegeister aller Art und deren Bekämpfung - 14.12.2014 (23)
  4. Nach Windows 7- Start schwarzer Bildschirm, nur "Explorer" zu sehen
    Plagegeister aller Art und deren Bekämpfung - 08.12.2014 (9)
  5. Schwarzer Bildschirm, Deutschlandflagge, "Aus Sicherheitsgründen wurde ihr Windowssystem blockiert"
    Log-Analyse und Auswertung - 04.04.2012 (9)
  6. "windows gesperrt" -schwarzer Bildschirm, rote Schrift/ keine Bezahlsumme angegeben
    Log-Analyse und Auswertung - 01.04.2012 (6)
  7. System Check - "Windows - Delayed Write Failed", schwarzer Bildschirm, Datenverlust?
    Log-Analyse und Auswertung - 26.03.2012 (12)
  8. Schwarzer Bildschirm, 50 Euro Zahlung
    Log-Analyse und Auswertung - 19.03.2012 (6)
  9. Aufforderung von Zahlung 50 Euro, schwarzer Bildschirm
    Log-Analyse und Auswertung - 18.02.2012 (20)
  10. schwarzer Bildschirm mit Überschrift "Aus Sicherherheitsgründen wird ihr Windowssystem blockiert"
    Log-Analyse und Auswertung - 07.02.2012 (1)
  11. Schwarzer Bildschirm bei Windows 7 Starter Edition und Aufforderung "bezahlen und runterladen"
    Plagegeister aller Art und deren Bekämpfung - 17.01.2012 (4)
  12. Schwarzer Bildschirm bei win7 start mit Feld "Bezahlen und runterladen"
    Log-Analyse und Auswertung - 12.01.2012 (11)
  13. schwarzer bildschirm mid dem satz "aus sicherheitsgründen wurde ihr windows system blockiert"
    Plagegeister aller Art und deren Bekämpfung - 17.12.2011 (9)
  14. Schwarzer Bildschirm mit dem Satz "aus Sicherheitsgründen wurde ihr Windows system blockiert"
    Plagegeister aller Art und deren Bekämpfung - 14.12.2011 (2)
  15. "Windows - Delayed Write Failed" - Schwarzer Bildschirm, keine Icons
    Log-Analyse und Auswertung - 23.11.2011 (24)
  16. Schwarzer Windows Bildschirm und Meldung "Festplatten Cluster..."
    Plagegeister aller Art und deren Bekämpfung - 20.09.2011 (26)
  17. Schwarzer Bildschirm mit "Your computer is in Danger.." und fehlermeldungen
    Plagegeister aller Art und deren Bekämpfung - 24.06.2008 (9)

Zum Thema "50 Euro Virus" Schwarzer Bildschirm Zahlung - Auch ich habe mir den "50 Euro Virus" eingefangen. Für die Wenigen, die ihn nicht kennen: Bei mir wird ein schwarzer Bildschirm angezeigt mit der Nachricht, dass mein Windowssystem blockiert - "50 Euro Virus" Schwarzer Bildschirm Zahlung...
Archiv
Du betrachtest: "50 Euro Virus" Schwarzer Bildschirm Zahlung auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.