Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: mystart.incredibar.com

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 02.06.2012, 13:41   #1
knipsfuzzi
 
mystart.incredibar.com - Standard

mystart.incredibar.com



Hallo,

ich bekomme den Trojaner nicht weg. Hier die Logfiles....

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=69bbd45ed5cbb14293adc9f8a33a45c5
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-06-02 12:24:49
# local_time=2012-06-02 02:24:49 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776573 100 94 5408 90265730 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=119468
# found=3
# cleaned=0
# scan_time=5349
C:\Users\Sina und Andreas\Downloads\PDFCreator-1_2_3_setup.exe Win32/Toolbar.Widgi application (unable to clean) 00000000000000000000000000000000 I
C:\Windows\Installer\5516c.msi a variant of Win32/Toolbar.Widgi application (unable to clean) 00000000000000000000000000000000 I
C:\Windows\Installer\5759a.msi a variant of Win32/Toolbar.Widgi application (unable to clean) 00000000000000000000000000000000 I

Gruß
Knipsfuzzi

Alt 03.06.2012, 10:12   #2
kira
/// Helfer-Team
 
mystart.incredibar.com - Standard

mystart.incredibar.com



Hallo und Herzlich Willkommen!

Bevor wir unsere Zusammenarbeit beginnen, [Bitte Vollständig lesen]:
Zitat:
  • "Fernbehandlungen/Fernhilfe" und die damit verbundenen Haftungsrisken:
    - da die Fehlerprüfung und Handlung werden über große Entfernungen durchgeführt, besteht keine Haftung unsererseits für die daraus entstehenden Folgen.
    - also, jede Haftung für die daraus entstandene Schäden wird ausgeschlossen, ANWEISUNGEN UND DEREN BEFOLGUNG, ERFOLGT AUF DEINE EIGENE VERANTWORTUNG!
  • Charakteristische Merkmale/Profilinformationen:
    - aus der verwendeten Loglisten oder Logdateien - wie z.B. deinen Realnamen, Seriennummer in Programm etc)- kannst Du durch [X] oder Sternchen (*) ersetzen
  • Die Systemprüfung und Bereinigung:
    - kann einige Zeit in Anspruch nehmen (je nach Art der Infektion), kann aber sogar so stark kompromittiert sein, so dass eine wirkungsvolle technische Säuberung ist nicht mehr möglich bzw Du es neu installieren musst
  • Ich empfehle Dir die Anweisungen erst einmal komplett durchzulesen, bevor du es anwendest, weil wenn du etwas falsch machst, kann es wirklich gefährlich werden. Wenn du meinen Anweisungen Schritt für Schritt folgst, kann eigentlich nichts schief gehen.
  • Innerhalb der Betreuungszeit:
    - ohne Abspräche bitte nicht auf eigene Faust handeln!- bei Problemen nachfragen.
  • Die Reihenfolge:
    - genau so wie beschrieben bitte einhalten, nicht selbst die Reihenfolge wählen!
  • GECRACKTE SOFTWARE werden hier nicht geduldet!!!!
  • Ansonsten unsere Forumsregeln:
    - Bitte erst lesen, dann posten!-> Für alle Hilfesuchenden! Was muss ich vor der Eröffnung eines Themas beachten?
  • Alle Logfile mit einem vBCode Tag eingefügen, das bietet hier eine gute Übersicht, erleichtert mir die Arbeit! Falls das Logfile zu groß, teile es in mehrere Teile auf.

Sobald Du diesen Einführungstext gelesen hast, kannst Du beginnen
► Erster Teil des 3-teiligen Verfahren, werden wir dein System auf Viren untersuchen, bzw nach einem anderen Verursacher suchen:
Für Vista und Win7:
Wichtig: Alle Befehle bitte als Administrator ausführen! rechte Maustaste auf die Eingabeaufforderung und "als Administrator ausführen" auswählen
Auf der angewählten Anwendung einen Rechtsklick (rechte Maustaste) und "Als Administrator ausführen" wählen!

1.
  • Download AdwCleaner by Xplode auf dem Desktop
  • Starte AdwCleaner und klicke auf Search
  • Nach einiger zeit öffnet sich ein Logfile (C:\ AdwCleaner[xx].txt
  • Poste dessen Inhalt hier ins Forum

2.
  • Schliesse alle offenstehende Fenster und starte AdwCleaner
  • Klicke auf Delete
  • Klicke bei: AdwCleaner-Information OK
  • Klicke bei: AdwCleaner-Restart Required OK
  • Alle ikone verschwinden vom Desktop, das ist normal
  • Dein Rechner wird jetzt neu gestartet und es öffnet ein Log (C:\ AdwCleaner[xx].txt poste dessen Inhalt hier ins Forum
  • Wenn die Startseite infiziert war, stelle sie neu ein auf Google.de oder nach deine Wahl
    Notice:
    Dieses Tool kommt aus Frankreich daher wird die Startseite auf Google.fr zurueck gesetzt

3.
Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt - OTL.txt und Extras.txt
  • Poste die Logfiles in Code-Tags hier in den Thread.

4.
Um festzustellen, ob veraltete oder schädliche Software unter Programme installiert sind, ich würde gerne noch all deine installierten Programme sehen:
  • Download den CCleaner herunter
  • Software-Lizenzvereinbarung lesen, falls irgendeine Toolbar angeboten wird, bitte abwählen!-> starten -> Falls nötig, auf "Deutsch" einstellen.
  • starten-> klick auf `Extras` (um auf deinem System installierte Software zu anzeigen)-> dann auf `Als Textdatei speichern...`
  • ein Textdatei wird automatisch erstellt, poste auch dieses Logfile (also die Liste alle installierten Programme...eine Textdatei)

Zitat:
Damit dein Thread übersichtlicher und schön lesbar bleibt, am besten nutze den Code-Tags für deinen Post:
→ vor dein Log schreibst Du (also am Anfang des Logfiles):[code]
hier kommt dein Logfile rein - z.B OTL-Logfile o. sonstiges
→ dahinter - also am Ende der Logdatei: [/code]
gruß
kira
__________________

__________________

Geändert von kira (03.06.2012 um 10:18 Uhr)

Alt 03.06.2012, 13:39   #3
knipsfuzzi
 
mystart.incredibar.com - Standard

mystart.incredibar.com



Code:
ATTFilter
# AdwCleaner v1.608 - Logfile created 06/03/2012 at 14:36:35
# Updated 27/05/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (32 bits)
# User : Sina und Andreas - SINAUNDANDREAS
# Running from : C:\Users\Sina und Andreas\Desktop\adwcleaner.exe
# Option [Search]


***** [Services] *****

Found : Application Updater

***** [Files / Folders] *****

Folder Found : C:\Users\Sina und Andreas\AppData\LocalLow\pdfforge
Folder Found : C:\Users\Sina und Andreas\AppData\LocalLow\Search Settings
Folder Found : C:\Program Files\Application Updater
Folder Found : C:\Program Files\Common Files\spigot
File Found : C:\Users\Sina und Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\wbj3qj96.default\searchplugins\MyStart Search.xml

***** [Registry] *****

Key Found : HKCU\Software\pdfforge
Key Found : HKCU\Software\Search Settings
Key Found : HKCU\Software\AppDataLow\Software\pdfforge
Key Found : HKCU\Software\AppDataLow\Software\Search Settings
Key Found : HKLM\SOFTWARE\Application Updater
Key Found : HKLM\SOFTWARE\pdfforge
Key Found : HKLM\SOFTWARE\Search Settings
Key Found : HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [SearchSettings]

***** [Registre - GUID] *****

Key Found : HKLM\SOFTWARE\Classes\CLSID\{B922D405-6D13-4A2B-AE89-08A030DA4402}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B922D405-6D13-4A2B-AE89-08A030DA4402}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{B922D405-6D13-4A2B-AE89-08A030DA4402}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B922D405-6D13-4A2B-AE89-08A030DA4402}
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{B922D405-6D13-4A2B-AE89-08A030DA4402}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{B922D405-6D13-4A2B-AE89-08A030DA4402}]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.7601.17514

[OK] Registry is clean.

-\\ Mozilla Firefox v12.0 (de)

Profile name : default 
File : C:\Users\Sina und Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\wbj3qj96.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v [Unable to get version]

File : C:\Users\Sina und Andreas\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [2598 octets] - [03/06/2012 14:36:35]

########## EOF - C:\AdwCleaner[R1].txt - [2726 octets] ##########
         
Code:
ATTFilter
# AdwCleaner v1.608 - Logfile created 06/03/2012 at 14:40:22
# Updated 27/05/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (32 bits)
# User : Sina und Andreas - SINAUNDANDREAS
# Running from : C:\Users\Sina und Andreas\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****

Stopped & Deleted : Application Updater

***** [Files / Folders] *****

Folder Deleted : C:\Users\Sina und Andreas\AppData\LocalLow\pdfforge
Folder Deleted : C:\Users\Sina und Andreas\AppData\LocalLow\Search Settings
Folder Deleted : C:\Program Files\Application Updater
Deleted on reboot : C:\Program Files\Common Files\spigot
File Deleted : C:\Users\Sina und Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\wbj3qj96.default\searchplugins\MyStart Search.xml

***** [Registry] *****

Key Deleted : HKCU\Software\pdfforge
Key Deleted : HKCU\Software\Search Settings
Key Deleted : HKCU\Software\AppDataLow\Software\pdfforge
Key Deleted : HKCU\Software\AppDataLow\Software\Search Settings
Key Deleted : HKLM\SOFTWARE\Application Updater
Key Deleted : HKLM\SOFTWARE\pdfforge
Key Deleted : HKLM\SOFTWARE\Search Settings
Key Deleted : HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [SearchSettings]

***** [Registre - GUID] *****

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B922D405-6D13-4A2B-AE89-08A030DA4402}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B922D405-6D13-4A2B-AE89-08A030DA4402}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{B922D405-6D13-4A2B-AE89-08A030DA4402}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B922D405-6D13-4A2B-AE89-08A030DA4402}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{B922D405-6D13-4A2B-AE89-08A030DA4402}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{B922D405-6D13-4A2B-AE89-08A030DA4402}]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.7601.17514

[OK] Registry is clean.

-\\ Mozilla Firefox v12.0 (de)

Profile name : default 
File : C:\Users\Sina und Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\wbj3qj96.default\prefs.js

C:\Users\Sina und Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\wbj3qj96.default\user.js ... Deleted !

[OK] File is clean.

-\\ Google Chrome v [Unable to get version]

File : C:\Users\Sina und Andreas\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [2727 octets] - [03/06/2012 14:36:35]
AdwCleaner[S1].txt - [2824 octets] - [03/06/2012 14:40:22]

########## EOF - C:\AdwCleaner[S1].txt - [2952 octets] ##########
         
__________________

Alt 03.06.2012, 16:56   #4
kira
/// Helfer-Team
 
mystart.incredibar.com - Standard

mystart.incredibar.com



geht es noch weiter?
__________________

Warnung!:
Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein!
Anhang nicht öffnen, in unserem Forum erst nachfragen!

Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten!
Bitte diese Warnung weitergeben, wo Du nur kannst!

Alt 03.06.2012, 17:25   #5
knipsfuzzi
 
mystart.incredibar.com - Standard

mystart.incredibar.com



Ja, sorry. Musste weg. So in ner Stunde kann ich wieder.

OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 03.06.2012 18:35:24 - Run 1
OTL by OldTimer - Version 3.2.45.0     Folder = C:\Users\Sina und Andreas\Desktop
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,91 Gb Total Physical Memory | 2,03 Gb Available Physical Memory | 69,58% Memory free
5,83 Gb Paging File | 4,00 Gb Available in Paging File | 68,60% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 297,99 Gb Total Space | 242,01 Gb Free Space | 81,21% Space Free | Partition Type: NTFS
Drive E: | 1,88 Gb Total Space | 1,75 Gb Free Space | 93,13% Space Free | Partition Type: FAT
 
Computer Name: SINAUNDANDREAS | User Name: Sina und Andreas | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Sina und Andreas\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Web Assistant\ExtensionUpdaterService.exe ()
PRC - C:\Programme\Mozilla Thunderbird\thunderbird.exe (Mozilla Messaging)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\Emsisoft Anti-Malware\a2service.exe (Emsisoft GmbH)
PRC - C:\Programme\Emsisoft Anti-Malware\a2guard.exe (Emsisoft GmbH)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Programme\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Programme\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Programme\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Windows\AsScrPro.exe (ASUS)
PRC - C:\Programme\Nitro PDF\Reader 2\NitroPDFReaderDriverService2.exe (Nitro PDF Software)
PRC - C:\Programme\Realtek\Audio\HDA\RtHDVBg.exe (Realtek Semiconductor)
PRC - C:\Programme\ASUS\ASUS Live Update\LiveUpdate.exe (ASUSTeK Computer Inc.)
PRC - C:\Programme\Common Files\InstantOn\InsOnSrv.exe (ASUS)
PRC - C:\Programme\Common Files\InstantOn\InsOnWMI.exe (ASUS)
PRC - C:\Programme\ASUS\Splendid\ACMON.exe (ASUS)
PRC - C:\Windows\System32\ACEngSvr.exe (ASUSTeK)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corp.)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
PRC - C:\Programme\AmIcoSingLun\AmIcoSinglun.exe (Alcor Micro Corp.)
PRC - C:\Programme\P4G\BatteryLife.exe (ASUS)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\ASUS\ATK Package\ATK Hotkey\HControl.exe (ASUS)
PRC - C:\Programme\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Programme\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Programme\ASUS\SmartLogon\sensorsrv.exe (ASUS)
PRC - C:\Programme\Tablet\Pen\Pen_Tablet.exe (Wacom Technology, Corp.)
PRC - C:\Programme\Tablet\Pen\Pen_TouchUser.exe (Wacom Technology, Corp.)
PRC - C:\Programme\Tablet\Pen\Pen_TabletUser.exe (Wacom Technology, Corp.)
PRC - C:\Programme\Tablet\Pen\Pen_TouchService.exe (Wacom Technology, Corp.)
PRC - C:\Programme\ASUS\ATK Package\ATK Media\DMedia.exe (ASUS)
PRC - C:\Programme\ASUS\Wireless Console 3\wcourier.exe ()
PRC - C:\Programme\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUS)
PRC - C:\Programme\ASUS\Sonic Focus\SonicFocusTray.exe (Virage Logic Corporation / Sonic Focus)
PRC - C:\Programme\Datacolor\Spyder3Pro\Utility\Spyder3Utility.exe ()
PRC - C:\Programme\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe (ASUS)
PRC - C:\Programme\Common Files\microsoft shared\ink\TabTip.exe (Microsoft Corporation)
PRC - C:\Programme\Common Files\microsoft shared\ink\InputPersonalization.exe (Microsoft Corporation)
PRC - C:\Programme\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ASUS)
PRC - C:\Programme\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe (ASUS)
PRC - C:\Programme\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe (ASUS)
PRC - C:\Windows\System32\FsUsbExService.Exe (Teruten)
PRC - C:\Programme\ASUS\ATK Package\ATK Hotkey\WDC.exe (ASUS)
PRC - C:\Programme\Fotografie\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated)
PRC - C:\ProgramData\EPSON\EPW!3 SSRP\E_S30RP1.EXE (SEIKO EPSON CORPORATION)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\8e56489276063ededde74e597a121df3\PresentationFramework.Aero.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\07f019692c382d588d3c6cb2da2a9ec5\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\90555968565afd59bce4b0974e9903bd\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\69f6e582cb79f107c61308b468c1a215\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\d8af9a65cf0ed85d47360796e2645a06\UIAutomationTypes.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\ca2eff60beb3ba00a529a2d42dceca22\UIAutomationProvider.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\2d1fd350e9bc62ce659e5cbcfd555796\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll ()
MOD - C:\Programme\Mozilla Thunderbird\mozjs.dll ()
MOD - C:\Programme\Mozilla Thunderbird\nsldap32v60.dll ()
MOD - C:\Programme\Mozilla Thunderbird\nsldappr32v60.dll ()
MOD - C:\Windows\System32\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
MOD - C:\Programme\Mozilla Firefox\mozjs.dll ()
MOD - C:\Programme\WinRAR\RarExt.dll ()
MOD - C:\Windows\System32\IccLibDll.dll ()
MOD - C:\Programme\ASUS\ASUS Live Update\alvupdt.dll ()
MOD - C:\Programme\ASUS\Splendid\GLCDdll.dll ()
MOD - C:\Programme\Synaptics\SynTP\SynTPEnhPS.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Programme\Tablet\Pen\libxml2.dll ()
MOD - C:\Programme\ASUS\Wireless Console 3\wcourier.exe ()
MOD - C:\Programme\P4G\DevMng.dll ()
MOD - C:\Programme\Datacolor\Spyder3Pro\Utility\Spyder3Utility.exe ()
MOD - C:\Programme\Datacolor\Spyder3Pro\Utility\Spyder3Utility Libs\RBScript.dll ()
MOD - C:\Programme\Datacolor\Spyder3Pro\Utility\Spyder3Utility Libs\XML.dll ()
MOD - C:\Programme\Datacolor\Spyder3Pro\Utility\Spyder3Utility Libs\CGamma.dll ()
MOD - C:\Programme\Datacolor\Spyder3Pro\Utility\Spyder3Utility Libs\RegEx.dll ()
MOD - C:\Programme\Datacolor\Spyder3Pro\Utility\Spyder3Utility Libs\Appearance Pak.dll ()
MOD - C:\Programme\Datacolor\Spyder3Pro\Utility\Spyder3Utility Libs\Shell.dll ()
MOD - C:\Programme\Datacolor\Spyder3Pro\Utility\Spyder3Utility Libs\CSensor.dll ()
MOD - C:\Programme\Datacolor\Spyder3Pro\Utility\Spyder3Utility Libs\MBSRegistrationPlugin16042.dll ()
MOD - C:\Programme\Datacolor\Spyder3Pro\Utility\Spyder3Utility Libs\MBSPluginVersionPlugin16042.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\PresentationFramework.resources\3.0.0.0_de_31bf3856ad364e35\PresentationFramework.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\PresentationCore.resources\3.0.0.0_de_31bf3856ad364e35\PresentationCore.resources.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (HPSLPSVC) -- C:\Users\Sina und Andreas\AppData\Local\Temp\7zS4BF0\hpslpsvc32.dll File not found
SRV - (Web Assistant Updater) -- C:\Programme\Web Assistant\ExtensionUpdaterService.exe ()
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (a2AntiMalware) -- C:\Programme\Emsisoft Anti-Malware\a2service.exe (Emsisoft GmbH)
SRV - (MBAMService) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (avast! Antivirus) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV - (Sony PC Companion) -- C:\Programme\Sony\Sony PC Companion\PCCService.exe (Avanquest Software)
SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV - (FLEXnet Licensing Service) -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (NitroReaderDriverReadSpool2) -- C:\Programme\Nitro PDF\Reader 2\NitroPDFReaderDriverService2.exe (Nitro PDF Software)
SRV - (ASUS InstantOn) -- C:\Programme\Common Files\InstantOn\InsOnSrv.exe (ASUS)
SRV - (fsssvc) -- C:\Programme\Windows Live\Family Safety\fsssvc.exe (Microsoft Corporation)
SRV - (wlidsvc) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (UNS) Intel(R) -- C:\Programme\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) Intel(R) -- C:\Programme\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (Mcx2Svc) -- C:\Windows\System32\Mcx2Svc.dll (Microsoft Corporation)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (NetTcpPortSharing) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (TabletServicePen) -- C:\Programme\Tablet\Pen\Pen_Tablet.exe (Wacom Technology, Corp.)
SRV - (TouchServicePen) -- C:\Programme\Tablet\Pen\Pen_TouchService.exe (Wacom Technology, Corp.)
SRV - (wlcrasvc) -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV - (ATKGFNEXSrv) -- C:\Programme\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe (ASUS)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (RemoteAccess) -- C:\Windows\System32\mprdim.dll (Microsoft Corporation)
SRV - (ASLDRService) -- C:\Programme\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe (ASUS)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (FsUsbExService) -- C:\Windows\System32\FsUsbExService.Exe (Teruten)
SRV - (AdobeActiveFileMonitor7.0) -- C:\Programme\Fotografie\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated)
SRV - (ServiceLayer) -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe (Nokia.)
SRV - (EPSON_PM_RPCV4_01) EPSON V3 Service4(01) -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S30RP1.EXE (SEIKO EPSON CORPORATION)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (aswSnx) -- C:\Windows\System32\drivers\aswSnx.sys (AVAST Software)
DRV - (aswSP) -- C:\Windows\System32\drivers\aswSP.sys (AVAST Software)
DRV - (aswRdr) -- C:\Windows\System32\drivers\aswRdr2.sys (AVAST Software)
DRV - (aswTdi) -- C:\Windows\System32\drivers\aswTdi.sys (AVAST Software)
DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (AVAST Software)
DRV - (aswFsBlk) -- C:\Windows\System32\drivers\aswFsBlk.sys (AVAST Software)
DRV - (a2injectiondriver) -- C:\Programme\Emsisoft Anti-Malware\a2dix86.sys (Emsi Software GmbH)
DRV - (a2acc) -- C:\Programme\Emsisoft Anti-Malware\a2accx86.sys (Emsi Software GmbH)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (asmtxhci) -- C:\Windows\System32\drivers\asmtxhci.sys (ASMedia Technology Inc)
DRV - (asmthub3) -- C:\Windows\System32\drivers\asmthub3.sys (ASMedia Technology Inc)
DRV - (A2DDA) -- C:\Programme\Emsisoft Anti-Malware\a2ddax86.sys (Emsi Software GmbH)
DRV - (AmUStor) -- C:\Windows\System32\drivers\AmUStor.sys (Alcor Micro, Corp.)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (udfs) -- C:\Windows\System32\drivers\udfs.sys (Microsoft Corporation)
DRV - (MEI) Intel(R) -- C:\Windows\System32\drivers\HECI.sys (Intel Corporation)
DRV - (wacmoumonitor) -- C:\Windows\System32\drivers\wacmoumonitor.sys (Wacom Technology)
DRV - (wacommousefilter) -- C:\Windows\System32\drivers\wacommousefilter.sys (Wacom Technology)
DRV - (wacomvhid) -- C:\Windows\System32\drivers\wacomvhid.sys (Wacom Technology)
DRV - (L1C) -- C:\Windows\System32\drivers\L1C62x86.sys (Atheros Communications, Inc.)
DRV - (ATKWMIACPIIO) -- C:\Programme\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi.sys (ASUS)
DRV - (a2util) -- C:\Programme\Emsisoft Anti-Malware\a2util32.sys (Emsi Software GmbH)
DRV - (Spyder3) -- C:\Windows\System32\drivers\Spyder3.sys ()
DRV - (crcdisk) -- C:\Windows\System32\drivers\crcdisk.sys (Microsoft Corporation)
DRV - (ws2ifsl) -- C:\Windows\System32\drivers\ws2ifsl.sys (Microsoft Corporation)
DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation)
DRV - (Serial) -- C:\Windows\System32\drivers\serial.sys (Brother Industries Ltd.)
DRV - (cdfs) -- C:\Windows\System32\drivers\cdfs.sys (Microsoft Corporation)
DRV - (ASMMAP) -- C:\Programme\ASUS\ATK Package\ATKGFNEX\ASMMAP.sys (ASUS)
DRV - (FsUsbExDisk) -- C:\Windows\System32\FsUsbExDisk.Sys ()
DRV - (ss_bmdm) -- C:\Windows\System32\drivers\ss_bmdm.sys (MCCI Corporation)
DRV - (ss_bbus) SAMSUNG USB Mobile Device (WDM) -- C:\Windows\System32\drivers\ss_bbus.sys (MCCI)
DRV - (ss_bmdfl) SAMSUNG USB Mobile Modem (Filter) -- C:\Windows\System32\drivers\ss_bmdfl.sys (MCCI Corporation)
DRV - (WimFltr) -- C:\Windows\System32\drivers\WimFltr.sys (Microsoft Corporation)
DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 88 DD 74 79 D3 A6 CC 01  [binary data]
IE - HKCU\..\URLSearchHook: {E634228A-03CF-4BC8-B0AB-668257F1FD8C} - C:\Programme\FreeRIP Toolbar\IE\5.8\freeripToolbarIE.dll (Spigot, Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {37755889-0174-4C43-81F9-6D413A98FE3E}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{37755889-0174-4C43-81F9-6D413A98FE3E}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=386496&p={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&ilc=12&type=386496"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://mystart.incredibar.com/mb161?a=6R8uBdKvKs&i=26"
FF - prefs.js..keyword.URL: "hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=386496&p="
FF - prefs.js..network.proxy.http: "178.168.58.100"
FF - prefs.js..network.proxy.http_port: 8081
FF - prefs.js..network.proxy.no_proxies_on: "localhost, 127.0.0.1, stealthy.co"
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nitropdf.com/NitroPDF: C:\Program Files\Nitro PDF\Reader 2\npnitromozilla.dll ( )
FF - HKLM\Software\MozillaPlugins\@playstation.com/PsndlCheck,version=1.00: C:\Program Files\Sony\PLAYSTATION Network Downloader\nppsndl.dll (Sony Computer Entertainment Inc.)
FF - HKLM\Software\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0: C:\Program Files\Sony\Media Go\npmediago.dll (Sony Network Entertainment International LLC)
FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.5: C:\Program Files\TabletPlugins\npwacom.dll (Wacom, Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012.03.23 19:44:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\Web Assistant\Firefox [2012.05.31 19:50:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.04.27 15:58:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011.11.19 18:12:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
 
[2011.11.19 18:11:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sina und Andreas\AppData\Roaming\mozilla\Extensions
[2012.06.03 14:44:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sina und Andreas\AppData\Roaming\mozilla\Firefox\Profiles\wbj3qj96.default\extensions
[2012.05.18 04:47:46 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Sina und Andreas\AppData\Roaming\mozilla\Firefox\Profiles\wbj3qj96.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2012.05.12 13:49:34 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Sina und Andreas\AppData\Roaming\mozilla\Firefox\Profiles\wbj3qj96.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.02.24 20:59:55 | 000,000,933 | ---- | M] () -- C:\Users\Sina und Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\wbj3qj96.default\searchplugins\11-suche.xml
[2012.02.24 20:59:55 | 000,002,419 | ---- | M] () -- C:\Users\Sina und Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\wbj3qj96.default\searchplugins\englische-ergebnisse.xml
[2012.02.24 20:59:55 | 000,010,525 | ---- | M] () -- C:\Users\Sina und Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\wbj3qj96.default\searchplugins\gmx-suche.xml
[2012.02.24 20:59:55 | 000,002,457 | ---- | M] () -- C:\Users\Sina und Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\wbj3qj96.default\searchplugins\lastminute.xml
[2012.04.30 20:03:14 | 000,005,489 | ---- | M] () -- C:\Users\Sina und Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\wbj3qj96.default\searchplugins\webde-suche.xml
[2012.04.27 15:58:41 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2011.12.25 17:03:44 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012.05.27 06:59:45 | 000,000,000 | ---D | M] (FreeRIP Toolbar) -- C:\PROGRAM FILES\FREERIP TOOLBAR\FF
[2012.01.07 11:26:22 | 000,634,964 | ---- | M] () (No name found) -- C:\USERS\SINA UND ANDREAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WBJ3QJ96.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2012.05.11 16:41:59 | 000,181,880 | ---- | M] () (No name found) -- C:\USERS\SINA UND ANDREAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WBJ3QJ96.DEFAULT\EXTENSIONS\STEALTHYEXTENSION@GMAIL.COM.XPI
[2012.04.30 20:03:11 | 000,574,144 | ---- | M] () (No name found) -- C:\USERS\SINA UND ANDREAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WBJ3QJ96.DEFAULT\EXTENSIONS\TOOLBAR@GMX.NET.XPI
[2012.04.27 15:58:38 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.04.27 15:58:35 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.04.27 15:58:35 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.04.27 15:58:35 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.04.27 15:58:35 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.04.27 15:58:35 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.04.27 15:58:35 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider:  ()
CHR - default_search_provider: search_url = 
CHR - default_search_provider: suggest_url = 
CHR - Extension: No name found = C:\Users\Sina und Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\
CHR - Extension: No name found = C:\Users\Sina und Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\
CHR - Extension: No name found = C:\Users\Sina und Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\6.0.1407_0\
CHR - Extension: No name found = C:\Users\Sina und Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\
 
O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Web Assistant) - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Programme\Web Assistant\Extension32.dll ()
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Windows Live Messenger Companion Helper) - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (FreeRIP Toolbar) - {E634228A-03CF-4BC8-B0AB-668257F1FD8C} - C:\Programme\FreeRIP Toolbar\IE\5.8\freeripToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (FreeRIP Toolbar) - {E634228A-03CF-4BC8-B0AB-668257F1FD8C} - C:\Programme\FreeRIP Toolbar\IE\5.8\freeripToolbarIE.dll (Spigot, Inc.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [AmIcoSinglun] C:\Programme\AmIcoSingLun\AmIcoSinglun.exe (Alcor Micro Corp.)
O4 - HKLM..\Run: [ASUS Screen Saver Protector] C:\Windows\AsScrPro.exe (ASUS)
O4 - HKLM..\Run: [ATKMEDIA] C:\Programme\ASUS\ATK Package\ATK Media\DMedia.exe (ASUS)
O4 - HKLM..\Run: [ATKOSD2] C:\Programme\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUS)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [emsisoft anti-malware] c:\program files\emsisoft anti-malware\a2guard.exe (Emsisoft GmbH)
O4 - HKLM..\Run: [HControlUser] C:\Programme\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ASUS)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NPSStartup]  File not found
O4 - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SonicMasterTray] C:\Programme\ASUS\Sonic Focus\SonicFocusTray.exe (Virage Logic Corporation / Sonic Focus)
O4 - HKLM..\Run: [SynAsusAcpi] C:\Programme\Synaptics\SynTP\SynAsusAcpi.exe (Synaptics Incorporated)
O4 - HKLM..\Run: [Wireless Console 3] C:\Programme\ASUS\Wireless Console 3\wcourier.exe ()
O4 - HKCU..\Run: [AutoStartNPSAgent] C:\Programme\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKCU..\Run: [EPSON Stylus DX4000 Series] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIBEE.EXE (SEIKO EPSON CORPORATION)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Sina und Andreas\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra Button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{04C1D857-66B3-49A8-81F9-5E622E2BF61E}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{963680A4-92D3-4F4A-997A-0C77853B900B}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{a7b0680d-2191-11e1-8c31-5404a627d4d5}\Shell - "" = AutoRun
O33 - MountPoints2\{a7b0680d-2191-11e1-8c31-5404a627d4d5}\Shell\AutoRun\command - "" = F:\Startme.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.06.03 14:47:11 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\Sina und Andreas\Desktop\OTL.exe
[2012.06.03 10:53:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware
[2012.06.03 10:52:59 | 000,000,000 | ---D | C] -- C:\Program Files\Emsisoft Anti-Malware
[2012.06.03 10:52:59 | 000,000,000 | ---D | C] -- C:\Users\Sina und Andreas\Documents\Anti-Malware
[2012.06.02 12:51:19 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012.06.01 17:26:27 | 000,000,000 | ---D | C] -- C:\Users\Sina und Andreas\AppData\Roaming\Malwarebytes
[2012.06.01 17:26:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.06.01 17:26:19 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.06.01 17:26:19 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.05.31 19:50:00 | 000,000,000 | ---D | C] -- C:\Program Files\Web Assistant
[2012.05.27 06:59:43 | 000,000,000 | ---D | C] -- C:\Program Files\FreeRIP Toolbar
[2012.05.15 16:47:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Sony
[2012.05.12 13:49:32 | 002,557,952 | ---- | C] (Nokia Corporation and/or its subsidiary(-ies)) -- C:\Windows\System32\QtCore4.dll
[2012.05.12 13:49:26 | 000,405,176 | ---- | C] (Newtonsoft) -- C:\Windows\System32\Newtonsoft.Json.Net20.dll
[2012.05.12 13:49:16 | 004,421,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc100u.dll
[2012.05.12 13:49:16 | 000,136,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\atl100.dll
[2012.05.12 13:49:16 | 000,080,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfcm100u.dll
[2012.05.12 12:32:55 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2012.05.12 12:32:54 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2012.05.12 12:32:54 | 002,343,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012.05.12 12:30:07 | 001,077,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
 
========== Files - Modified Within 30 Days ==========
 
[2012.06.03 18:24:04 | 000,010,096 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.06.03 18:24:04 | 000,010,096 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.06.03 18:23:59 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.06.03 15:00:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.06.03 14:47:21 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Sina und Andreas\Desktop\OTL.exe
[2012.06.03 14:42:47 | 000,045,056 | ---- | M] () -- C:\Windows\System32\acovcnt.exe
[2012.06.03 14:42:06 | 2346,811,392 | -HS- | M] () -- C:\hiberfil.sys
[2012.06.03 14:34:58 | 000,591,235 | ---- | M] () -- C:\Users\Sina und Andreas\Desktop\adwcleaner.exe
[2012.06.03 10:53:24 | 000,001,049 | ---- | M] () -- C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk
[2012.06.01 17:26:21 | 000,001,067 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.06.01 16:50:43 | 000,308,616 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.05.31 19:50:14 | 000,000,447 | ---- | M] () -- C:\user.js
[2012.05.18 16:07:56 | 000,032,124 | ---- | M] () -- C:\Users\Sina und Andreas\Desktop\Schreiben 2 vom 15.05.pdf
[2012.05.18 16:05:00 | 000,031,978 | ---- | M] () -- C:\Users\Sina und Andreas\Desktop\Schreiben 1 vom 15.05.pdf
[2012.05.16 21:00:54 | 000,665,578 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.05.16 21:00:54 | 000,627,420 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.05.16 21:00:54 | 000,133,758 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.05.16 21:00:54 | 000,110,140 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.05.15 16:48:04 | 000,002,042 | ---- | M] () -- C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk
[2012.05.05 20:00:16 | 000,419,488 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012.05.05 20:00:16 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
 
========== Files Created - No Company Name ==========
 
[2012.06.03 14:34:50 | 000,591,235 | ---- | C] () -- C:\Users\Sina und Andreas\Desktop\adwcleaner.exe
[2012.06.03 10:53:24 | 000,001,049 | ---- | C] () -- C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk
[2012.06.01 17:26:21 | 000,001,067 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.05.31 19:50:14 | 000,000,447 | ---- | C] () -- C:\user.js
[2012.05.18 16:07:56 | 000,032,124 | ---- | C] () -- C:\Users\Sina und Andreas\Desktop\Schreiben 2 vom 15.05.pdf
[2012.05.18 16:05:00 | 000,031,978 | ---- | C] () -- C:\Users\Sina und Andreas\Desktop\Schreiben 1 vom 15.05.pdf
[2012.05.15 16:48:04 | 000,002,042 | ---- | C] () -- C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk
[2012.03.14 11:23:01 | 000,001,534 | ---- | C] () -- C:\ProgramData\ss.ini
[2012.02.08 21:55:55 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll
[2012.02.08 21:55:55 | 000,036,608 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys
[2011.11.30 16:50:44 | 000,000,027 | ---- | C] () -- C:\Windows\CDE DX4000DEFGIPS.ini
[2011.11.19 17:14:12 | 000,000,024 | ---- | C] () -- C:\Windows\ATKPF.ini
[2011.11.18 21:17:58 | 000,045,056 | ---- | C] () -- C:\Windows\System32\acovcnt.exe
[2011.11.18 20:56:29 | 000,008,192 | ---- | C] () -- C:\Windows\System32\drivers\IntelMEFWVer.dll
[2011.08.31 20:46:18 | 000,145,804 | ---- | C] () -- C:\Windows\System32\igcompkrng600.bin
[2011.08.31 20:46:14 | 000,216,000 | ---- | C] () -- C:\Windows\System32\igfcg600m.bin
[2011.08.31 20:46:10 | 000,963,116 | ---- | C] () -- C:\Windows\System32\igkrng600.bin
[2011.08.31 20:46:00 | 000,056,832 | ---- | C] () -- C:\Windows\System32\igdde32.dll
[2011.08.31 20:26:20 | 013,903,872 | ---- | C] () -- C:\Windows\System32\ig4icd32.dll
[2011.08.31 20:15:48 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[2011.08.31 20:14:12 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
[2011.08.31 20:13:52 | 000,094,208 | ---- | C] () -- C:\Windows\System32\IccLibDll.dll
[2010.07.26 23:17:50 | 000,012,288 | ---- | C] () -- C:\Windows\System32\drivers\Spyder3.sys

< End of report >
         
--- --- ---

OTL EXTRAS Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 03.06.2012 18:35:24 - Run 1
OTL by OldTimer - Version 3.2.45.0     Folder = C:\Users\Sina und Andreas\Desktop
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,91 Gb Total Physical Memory | 2,03 Gb Available Physical Memory | 69,58% Memory free
5,83 Gb Paging File | 4,00 Gb Available in Paging File | 68,60% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 297,99 Gb Total Space | 242,01 Gb Free Space | 81,21% Space Free | Partition Type: NTFS
Drive E: | 1,88 Gb Total Space | 1,75 Gb Free Space | 93,13% Space Free | Partition Type: FAT
 
Computer Name: SINAUNDANDREAS | User Name: Sina und Andreas | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{134C017B-87B4-459A-93D5-0F0D1807A59E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{14AD1581-1E4A-4DAE-B2BF-493666CFD059}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{14AE250C-F647-4DC7-9ADA-2256CB111950}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{1A174DBC-E99C-441E-B94F-066B14E0EF43}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{2656F301-722F-44B1-AB17-B18D2C271997}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{35325B96-C4B6-4BAB-8488-1679BB097CD5}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{35AFCA2A-DF96-4C8A-AF75-DE9923E84F0E}" = rport=445 | protocol=6 | dir=out | app=system | 
"{35F5FD1E-776F-4244-A500-C784D85C3AEF}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{4B005F87-5EDD-4CE9-A18E-7B50154B6A41}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{4B261894-D5CB-449E-AE46-97CCAA54CF21}" = rport=137 | protocol=17 | dir=out | app=system | 
"{53789BFC-A69F-4F4C-B671-C699CCFF87BC}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{56648C13-68EE-4167-869D-CC76326AE960}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{5BFD776D-9868-47E4-BB71-707945F09FE3}" = lport=445 | protocol=6 | dir=in | app=system | 
"{5F3DF554-7093-4130-80B9-695860692562}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{7391204E-53DC-4477-9050-E7A6ADF04C1B}" = lport=138 | protocol=17 | dir=in | app=system | 
"{83895168-AA33-4DD5-A910-57D9EBE2973F}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{86857365-FBC1-4C58-8C61-7D42BA781B32}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{8B92D754-7D56-497A-8172-192D5C86B420}" = rport=139 | protocol=6 | dir=out | app=system | 
"{8EB80347-B777-4035-A07A-0D829F8EBA5A}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{90B6251F-6183-4961-B4DE-9949B20ACB0D}" = lport=137 | protocol=17 | dir=in | app=system | 
"{BD0D6169-D241-49FE-B445-13C5AB7670FF}" = lport=139 | protocol=6 | dir=in | app=system | 
"{DBC9DA80-0912-4945-9D86-B45053985F08}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{E49726D5-6567-4743-85FB-6699C7AC8106}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{ED4677B0-6EA9-4F16-8912-D28E603D0AAC}" = rport=138 | protocol=17 | dir=out | app=system | 
"{F0D4FFBC-EBB1-4F0D-946D-7BA2EAF4FF9B}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{19366339-1B74-42A1-B8C2-2EFB4DF2BB33}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{22B75CC0-BC9A-49E3-8A1D-29B4D16264C3}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{24741A85-77A8-4624-8A3B-C9351B86FF4B}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{2B0ACB14-675F-498E-827C-DC8DC7E92509}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{41B7C51C-6405-4C00-9A80-E93D2B3E62D8}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{506A77B8-7D24-4DC4-BFF0-77364163B552}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{560534F6-7BEF-4905-9ABA-6535BF90F42D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{6215390F-7F29-44D0-96EB-1F0CEDEE644D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{68A0D65D-4C88-40A0-8A94-BC17F6F22654}" = protocol=17 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsvsvr.exe | 
"{6C9DD904-41EF-4EED-B2EA-04F963BB25BF}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{77D01BF1-F879-4E28-AC8A-D12B5D0B6250}" = protocol=17 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsasvr.exe | 
"{785A3A02-A53C-45E7-8881-0A79CA9D5A5E}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe | 
"{8AADD299-1F2F-4B1B-9C81-1EE527564D0E}" = dir=in | app=c:\program files\windows live\mesh\moe.exe | 
"{8EC753F9-3F42-46B5-9B4B-CC6AE58EBC1B}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{9744B593-CD4F-4EE8-B1DF-880E2E09E7CB}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{9D11B168-206D-4A3A-9D5C-322B51F726A3}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{A6A27286-7D42-406B-AA95-18951455547B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{B42AD2B6-AE2B-4ED9-827A-DFDEE0D426AD}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{C346EAE0-8AFF-4855-AF06-DC7A21EC61A8}" = protocol=6 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsvsvr.exe | 
"{CD33B939-9827-497D-B640-62FD7E1F4664}" = protocol=6 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsasvr.exe | 
"{CD8DCEB1-08EE-400B-84EE-BF8C738A022C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{D411958B-0C41-4878-B6CA-D632F304C612}" = protocol=6 | dir=out | app=system | 
"{DEA37B2C-6FDB-4DE4-9C7B-736CED2749C1}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{F04CD810-5BB4-493E-A1EC-BA8E1DF23BC3}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{022D2599-2316-4927-89F1-9188894CEB02}" = StarMoney
"{02602409-9189-4567-BC07-562605243B69}" = Windows Live Remote Client Resources
"{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion
"{0969AF05-4FF6-4C00-9406-43599238DE0D}" = ASUS Splendid Video Enhancement Technology
"{09BCB9CE-964B-4BDA-AE46-B5A0ABEF1D3F}" = Sonic Focus
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}" = PlayStation(R)Store
"{167A1F6A-9BF2-4B24-83DB-C6D659F680EA}" = Media Go
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = ASUS LifeFrame3
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20FDF948-C8ED-4543-A539-F7F4AEF5AFA2}" = Wireless Console 3
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{29CE00CE-10A1-44DE-9BBC-25E7988D4219}" = FreeRIP Toolbar v5.8
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{336D0C35-8A85-403a-B9D2-65C292C39087}_is1" = Web Assistant 2.0.0.445
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3A65A74A-5B6E-451A-92D8-50F1182BBE9A}" = Windows Live Remote Service Resources
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{4555BB9E-E715-4260-A178-E8EFD2B653E3}" = Alcor Micro USB Card Reader
"{46D3B906-C93E-9CC7-D47F-0B04B343BEFA}" = Saal Design Software
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5482DCBE-D2D1-47B0-A621-DF8E2B0D174C}" = Windows Live Family Safety
"{5B2C4D32-A7CD-44B0-8619-4ADBE301B2D3}" = pdfforge Toolbar v5.8
"{64452561-169F-4A36-A2FF-B5E118EC65F5}" = ASUS SmartLogon
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{749F674B-2674-47E8-879C-5626A06B2A91}" = InstantOn for NB
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{7E84FAC8-C518-40F9-9807-7455301D6D25}" = SamsungConnectivityCableDriver
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8F21291E-0444-4B1D-B9F9-4370A73E346D}" = WinFlash
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}" = ASUS Power4Gear Hybrid
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A89768CF-CD21-44FD-A723-16D5A8557415}" = NEF Codec
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.6
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}" = ATK Package
"{AC599724-5755-48C1-ABE7-ABB857652930}" = PC Connectivity Solution
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AF7E85DC-317C-47F5-810E-B82EE093A612}" = Samsung New PC Studio USB Driver Installer
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B1A70A4D-549B-4C56-9C00-EF55A22E52B6}" = StarMoney
"{B6659DD8-00A7-4A24-BBFB-C1F6982E5D66}" = PlayStation(R)Network Downloader
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{BC30E5E7-047D-4232-A7E8-F2CB7CC7B2E0}_is1" = Emsisoft Anti-Malware
"{BCF16F16-AC0E-4ABE-A9EF-412CF484BA51}" = Windows Live Family Safety
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C3C2983F-BF2E-431D-B140-C678B60A8FB7}" = GoGear Spark Device Manager
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{C944B4C5-1C4D-4D95-8AC0-7CEF13914131}" = ASUS FancyStart
"{CB6075D9-F912-40AE-BEA6-E590DA24F16B}" = Adobe Photoshop Elements 7.0
"{CCF22908-ECD2-4068-84F1-BA02DA1EC72D}" = GoGear Spark Device Manager
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D39F0676-163E-4595-A917-E28F99BBD4D2}" = ASUS AI Recovery
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}" = Asmedia ASM104x USB 3.0 Host Controller Driver
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}" = ASUS Virtual Camera
"{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}" = Sony PC Companion 2.10.053
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0FF219A-6233-440A-BC76-5CC144CDCDB6}" = Nitro PDF Reader 2
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}" = ASUS Live Update
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"3A5DEFA413DDE699DBA6EBE0A63534ACA524D30F" = Windows-Treiberpaket - Nokia pccsmcfd  (10/12/2007 6.85.4.0)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop Elements 7" = Adobe Photoshop Elements 7.0
"AmUStor" = Alcor Micro USB Card Reader
"ASUS_Screensaver" = ASUS_Screensaver
"avast" = avast! Free Antivirus
"CCleaner" = CCleaner
"ElsterFormular für Unternehmer 12.1.0.6164u" = ElsterFormular für Unternehmer
"EPSON Printer and Utilities" = EPSON-Drucker-Software
"EPSON Scanner" = EPSON Scan
"ESET Online Scanner" = ESET Online Scanner v3
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.22.508
"InstallShield_{AF7E85DC-317C-47F5-810E-B82EE093A612}" = Samsung New PC Studio USB Driver Installer
"InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 12.0 (x86 de)" = Mozilla Firefox 12.0 (x86 de)
"Mozilla Thunderbird 12.0.1 (x86 de)" = Mozilla Thunderbird 12.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Neat Image_is1" = Neat Image v6 Demo (with plug-in)
"Pen Tablet Driver" = Bamboo
"SaalDesignSoftware" = Saal Design Software
"SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Samsung Mobile Modem Device" = Samsung Mobile Modem Device Software
"Samsung Mobile phone USB driver Drive" = Samsung Mobile phone USB driver Drive Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"SAMSUNG USB Mobile Device" = SAMSUNG USB Mobile Device Software
"Spyder3Pro" = Spyder3Pro
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"VLC media player" = VLC media player 1.1.11
"Wacom WebTabletPlugin for IE" = WebTablet IE Plugin
"Wacom WebTabletPlugin for Netscape" = WebTablet Netscape Plugin
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.11 (32-Bit)
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 01.06.2012 13:49:54 | Computer Name = SinaundAndreas | Source = Windows Search Service | ID = 7040
Description = 
 
Error - 01.06.2012 13:49:54 | Computer Name = SinaundAndreas | Source = Windows Search Service | ID = 7042
Description = 
 
Error - 01.06.2012 13:49:54 | Computer Name = SinaundAndreas | Source = Windows Search Service | ID = 9002
Description = 
 
Error - 01.06.2012 13:49:54 | Computer Name = SinaundAndreas | Source = Windows Search Service | ID = 3029
Description = 
 
Error - 01.06.2012 13:49:55 | Computer Name = SinaundAndreas | Source = Windows Search Service | ID = 3029
Description = 
 
Error - 01.06.2012 13:49:55 | Computer Name = SinaundAndreas | Source = Windows Search Service | ID = 3028
Description = 
 
Error - 01.06.2012 13:49:55 | Computer Name = SinaundAndreas | Source = Windows Search Service | ID = 3058
Description = 
 
Error - 01.06.2012 13:49:55 | Computer Name = SinaundAndreas | Source = Windows Search Service | ID = 7010
Description = 
 
Error - 02.06.2012 06:19:19 | Computer Name = SinaundAndreas | Source = Software Protection Platform Service | ID = 8200
Description = Lizenzerwerb-Fehlerdetails.   hr=0xC004C533
 
Error - 02.06.2012 06:19:19 | Computer Name = SinaundAndreas | Source = Software Protection Platform Service | ID = 8208
Description = Fehler bei der Erfassung des authentischen Tickets (hr=0xC004C533)
 für die Vorlagen-ID 66c92734-d682-4d71-983e-d6ec3f16059f.
 
[ System Events ]
Error - 09.04.2012 04:38:50 | Computer Name = SinaundAndreas | Source = Service Control Manager | ID = 7034
Description = Dienst "Google Update-Dienst (gupdate)" wurde unerwartet beendet. 
Dies ist bereits 1 Mal passiert.
 
Error - 09.04.2012 04:39:20 | Computer Name = SinaundAndreas | Source = DCOM | ID = 10010
Description = 
 
Error - 13.04.2012 08:54:26 | Computer Name = SinaundAndreas | Source = WMPNetworkSvc | ID = 866300
Description = 
 
Error - 14.04.2012 14:14:43 | Computer Name = SinaundAndreas | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?13.?04.?2012 um 22:08:27 unerwartet heruntergefahren.
 
Error - 18.04.2012 15:24:51 | Computer Name = SinaundAndreas | Source = Service Control Manager | ID = 7043
Description = Der Dienst Gruppenrichtlinienclient konnte nach dem Empfang eines 
Preshutdown-Steuerelements nicht richtig heruntergefahren werden.
 
Error - 23.04.2012 06:44:19 | Computer Name = SinaundAndreas | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst WinDefend erreicht.
 
Error - 23.04.2012 11:24:16 | Computer Name = SinaundAndreas | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
 
Error - 23.04.2012 11:24:19 | Computer Name = SinaundAndreas | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst TouchServicePen erreicht.
 
Error - 23.04.2012 16:05:44 | Computer Name = SinaundAndreas | Source = DCOM | ID = 10010
Description = 
 
Error - 01.05.2012 08:36:59 | Computer Name = SinaundAndreas | Source = DCOM | ID = 10010
Description = 
 
 
< End of report >
         
--- --- ---

Code:
ATTFilter
Adobe AIR	Adobe Systems Incorporated	27.11.2011		3.1.0.4880
Adobe Flash Player 11 ActiveX	Adobe Systems Incorporated	04.05.2012	6,00MB	11.2.202.235
Adobe Flash Player 11 Plugin	Adobe Systems Incorporated	04.05.2012	6,00MB	11.2.202.235
Adobe Photoshop Elements 7.0	Adobe Systems Incorporated	18.11.2011		7.0
Alcor Micro USB Card Reader	Alcor Micro Corp.	17.11.2011	2,83MB	1.2.0117.08443
Asmedia ASM104x USB 3.0 Host Controller Driver	Asmedia Technology	17.11.2011	2,27MB	1.12.5.0
ASUS AI Recovery	ASUS	17.11.2011	6,96MB	1.0.14
ASUS FancyStart	ASUSTeK Computer Inc.	17.11.2011	12,1MB	1.1.1
ASUS LifeFrame3	ASUS	17.11.2011	30,2MB	3.0.21
ASUS Live Update	ASUS	17.11.2011	3,60MB	3.0.3
ASUS Power4Gear Hybrid	ASUS	17.11.2011	10,7MB	1.1.44
ASUS SmartLogon	ASUS	17.11.2011	11,0MB	1.0.0011
ASUS Splendid Video Enhancement Technology	ASUS	17.11.2011	19,3MB	1.02.0033
ASUS Virtual Camera	asus	17.11.2011	3,13MB	1.0.21
ASUS_Screensaver		17.11.2011		
ATK Package	ASUS	17.11.2011	12,0MB	1.0.0008
avast! Free Antivirus	AVAST Software	22.03.2012		7.0.1426.0
Bamboo	Wacom Technology Corp.	03.01.2012		5.2.4-6
CCleaner	Piriform	22.05.2012		3.19
CDBurnerXP	CDBurnerXP	13.03.2012	12,0MB	4.4.0.2971
ElsterFormular für Unternehmer	Landesfinanzdirektion Thüringen	11.12.2011	179.119MB	12.1.0.6164u
Emsisoft Anti-Malware	Emsisoft GmbH	02.06.2012	164,7MB	6.5
EPSON Scan		29.11.2011		
EPSON-Drucker-Software	SEIKO EPSON Corporation	29.11.2011		
ESET Online Scanner v3		01.06.2012		
Free YouTube to MP3 Converter version 3.11.22.508	DVDVideoSoft Ltd.	11.05.2012	85,1MB	3.11.22.508
FreeRIP Toolbar v5.8	Spigot, Inc.	26.05.2012	13,3MB	5.8
GoGear Spark Device Manager	Philips	17.01.2012		0.1
InstantOn for NB	ASUS	18.11.2011	3,45MB	2.1.2
Intel(R) Control Center	Intel Corporation	18.11.2011		1.2.1.1007
Intel(R) Management Engine Components	Intel Corporation	18.11.2011		7.0.0.1144
Java(TM) 6 Update 31	Oracle	26.03.2012	95,1MB	6.0.310
Malwarebytes Anti-Malware Version 1.61.0.1400	Malwarebytes Corporation	31.05.2012	18,0MB	1.61.0.1400
Media Go	Sony	25.12.2011	100,1MB	2.0.317
Microsoft .NET Framework 4 Client Profile	Microsoft Corporation	19.11.2011	38,8MB	4.0.30319
Microsoft .NET Framework 4 Client Profile DEU Language Pack	Microsoft Corporation	19.11.2011	2,94MB	4.0.30319
Microsoft Silverlight	Microsoft Corporation	17.05.2012	102,4MB	5.1.10411.0
Microsoft SQL Server 2005 Compact Edition [ENU]	Microsoft Corporation	28.11.2011	1,70MB	3.1.0000
Microsoft Visual C++ 2005 Redistributable	Microsoft Corporation	28.11.2011	0,29MB	8.0.59193
Microsoft Visual C++ 2005 Redistributable - KB2467175	Microsoft Corporation	25.12.2011	2,65MB	8.0.51011
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729	Microsoft Corporation	11.12.2011	0,24MB	9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148	Microsoft Corporation	18.11.2011	0,58MB	9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161	Microsoft Corporation	28.11.2011	0,59MB	9.0.30729.6161
Mozilla Firefox 12.0 (x86 de)	Mozilla	26.04.2012	40,6MB	12.0
Mozilla Maintenance Service	Mozilla	26.04.2012	0,21MB	12.0
Mozilla Thunderbird 12.0.1 (x86 de)	Mozilla	05.05.2012	38,1MB	12.0.1
MSXML 4.0 SP2 (KB954430)	Microsoft Corporation	07.01.2012	35,00KB	4.20.9870.0
MSXML 4.0 SP2 (KB973688)	Microsoft Corporation	07.01.2012	1,33MB	4.20.9876.0
Neat Image v6 Demo (with plug-in)	Neat Image team, ABSoft	18.11.2011		
NEF Codec	Nikon	19.11.2011		1.00.0000
Nitro PDF Reader 2	Nitro PDF Software	20.11.2011	88,6MB	2.1.0.13
OpenOffice.org 3.3	OpenOffice.org	18.11.2011	413MB	3.3.9567
PC Connectivity Solution	Nokia	07.02.2012	9,22MB	8.15.0.0
pdfforge Toolbar v5.8	Spigot, Inc.	25.05.2012	13,3MB	5.8
PlayStation(R)Network Downloader	Sony Computer Entertainment Inc.	25.12.2011	0,81MB	2.07.00849
PlayStation(R)Store	Sony Computer Entertainment Inc.	25.12.2011	5,54MB	4.5.16.13625
Realtek High Definition Audio Driver	Realtek Semiconductor Corp.	17.11.2011		6.0.1.6438
Saal Design Software	SSW Software GmbH	27.11.2011		2.9.2
SAMSUNG Mobile Composite Device Software		07.02.2012		
Samsung Mobile Modem Device Software		07.02.2012		
SAMSUNG Mobile Modem Driver Set		07.02.2012		
Samsung Mobile phone USB driver Drive Software		07.02.2012		
SAMSUNG Mobile USB Modem 1.0 Software		07.02.2012		
SAMSUNG Mobile USB Modem Software		07.02.2012		
Samsung New PC Studio	Samsung Electronics Co., Ltd.	07.02.2012	198,9MB	1.00.0000
Samsung New PC Studio USB Driver Installer	Samsung Electronics Co., Ltd.	07.02.2012	8,50MB	1.00.0000
SAMSUNG USB Mobile Device Software		07.02.2012		
SamsungConnectivityCableDriver	Samsung	07.02.2012	0,62MB	6.83.6.2.1
Skype Click to Call	Skype Technologies S.A.	24.12.2011	12,6MB	5.6.8442
Skype™ 5.6	Skype Technologies S.A.	24.12.2011	19,5MB	5.6.110
Sonic Focus	Synopsys 	17.11.2011	4,32MB	1.0.0.4
Sony PC Companion 2.10.053	Sony	14.05.2012	19,2MB	2.10.053
Spyder3Pro		27.12.2011		
Synaptics Pointing Device Driver	Synaptics Incorporated	17.11.2011	46,4MB	15.3.6.0
VLC media player 1.1.11	VideoLAN	18.11.2011		1.1.11
Web Assistant 2.0.0.445	IB	30.05.2012	1,83MB	
WebTablet IE Plugin	Wacom Technology Corp.	03.01.2012		1.1.0.7
WebTablet Netscape Plugin	Wacom Technology Corp.	03.01.2012		1.1.0.5
Windows Live Essentials	Microsoft Corporation	29.11.2011		15.4.3538.0513
Windows Live Mesh ActiveX control for remote connections	Microsoft Corporation	28.11.2011	5,58MB	15.4.5722.2
Windows-Treiberpaket - Nokia pccsmcfd  (10/12/2007 6.85.4.0)	Nokia	07.02.2012		10/12/2007 6.85.4.0
WinFlash	ASUS	17.11.2011	0,84MB	2.31.0
WinRAR 4.11 (32-Bit)	win.rar GmbH	12.04.2012		4.11.0
Wireless Console 3	ASUS	17.11.2011	2,45MB	3.0.19
         


Alt 04.06.2012, 06:02   #6
kira
/// Helfer-Team
 
mystart.incredibar.com - Standard

mystart.incredibar.com



Systemreinigung und Prüfung:

1.
über Rechtsklick oder mit Uninstall entfernen:
Zitat:
AdwCleaner
2.
Deinstalliere, falls unter Systemsteuerung-> Software/Programme existiert:
Code:
ATTFilter
pdfforge Toolbar 
FreeRIP Toolbar
         
Leider oft tragen sich "ungebetene Gäste direkt in die Suchleiste, Startseite und unter Erweiterungen ein" und sie können schon wirklich lästig sein... meistens aus Unwissenheit oder Ignoranz wird mitinstalliert, manche davon gehört sogar zur gefährlichsten Art der Adware , oder auch zum eine "Foistware-Gruppe".

Immer die benutzerdefinierte Installation wählen, nicht die Standardinstallation, weil dann oft Sachen mitinstalliert werden, die man nicht braucht oder nicht möchte.
Während des Installationsvorgangs die Lizenzbestimmungen immer lesen, und nicht sofort überall den Haken setzen bzw gesetzten Haken belassen, weil damit stimmt man nämlich zu, dass andere "Fremdprogramm", oder sogar Adware (Werbe-Pop-ups) durch Partnerprogrammen, Sponsoren etc - mitinstalliert wird, weil sich Freeware damit finanziert.

In diese Kategorie gehören noch einige, wie z.B: -> Unerwünschte Toolbars
Zitat:
Daher ist es ratsam, nach jeder Installation in alle installierten Browser zu kontrollieren, ob:
die aktuelle Webseite als Startseite unter die Lupe nehmen
unter Extras ⇒ Erweiterungen nach ungewollte AddOns/PlugIns, Toolbars schauen
In der Liste Zurzeit installierte Programme (unter Systemsteuerung) nachsehen, ob sich so etwas "ungewoltes" (Programm, Toolbar etc) eingenistet hat!
3.
Zitat:
Achtung wichtig!:
Falls Du selber im Logfile Änderungen vorgenommen hast, musst Du durch die Originalbezeichnung ersetzen und so in Script einfügen! sonst funktioniert nicht!
(Benutzerordner, dein Name oder sonstige Änderungen durch X, Stern oder andere Namen ersetzt)
Fixen mit OTL
  • Starte die OTL.exe.
  • Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
  • Kopiere folgendes Skript also - nach dem "Code", alles was in der Codebox steht - (also beginnend mit :OTL und am Ende [emptytemp]), alles was in der Codebox steht (ohne "code"!) :
Code:
ATTFilter
:OTL
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://de.msn.com/?ocid=iehp
IE - HKCU\..\URLSearchHook: {E634228A-03CF-4BC8-B0AB-668257F1FD8C} - C:\Programme\FreeRIP Toolbar\IE\5.8\freeripToolbarIE.dll (Spigot, Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {37755889-0174-4C43-81F9-6D413A98FE3E}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{37755889-0174-4C43-81F9-6D413A98FE3E}: "URL" = http://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=386496&p={searchTerms}
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&ilc=12&type=386496"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://mystart.incredibar.com/mb161?a=6R8uBdKvKs&i=26"
FF - prefs.js..keyword.URL: "http://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=386496&p="
[2012.02.24 20:59:55 | 000,000,933 | ---- | M] () -- C:\Users\Sina und Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\wbj3qj96.default\searchplugins\11-suche.xml
[2012.02.24 20:59:55 | 000,002,419 | ---- | M] () -- C:\Users\Sina und Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\wbj3qj96.default\searchplugins\englische-ergebnisse.xml
[2012.02.24 20:59:55 | 000,010,525 | ---- | M] () -- C:\Users\Sina und Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\wbj3qj96.default\searchplugins\gmx-suche.xml
[2012.02.24 20:59:55 | 000,002,457 | ---- | M] () -- C:\Users\Sina und Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\wbj3qj96.default\searchplugins\lastminute.xml
[2012.04.30 20:03:14 | 000,005,489 | ---- | M] () -- C:\Users\Sina und Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\wbj3qj96.default\searchplugins\webde-suche.xml
[2012.04.27 15:58:35 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.04.27 15:58:35 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.04.27 15:58:35 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.04.27 15:58:35 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.04.27 15:58:35 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{a7b0680d-2191-11e1-8c31-5404a627d4d5}\Shell - "" = AutoRun
O33 - MountPoints2\{a7b0680d-2191-11e1-8c31-5404a627d4d5}\Shell\AutoRun\command - "" = F:\Startme.exe

:Files
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
         
  • und füge es hier ein:
  • Schließe alle Programme.
  • Klicke auf den Fix Button.
  • Klick auf .
  • OTL verlangt einen Neustart. Bitte zulassen.
  • Nach dem Neustart findest Du ein Textdokument.
    Kopiere den Inhalt hier in Deinen Thread.

4.
ich nehme an mit deine Zustimmung wurde die Proxy-Einstellungen so eingerichtet?
Code:
ATTFilter
FF - prefs.js..network.proxy.http: "178.168.58.100"
FF - prefs.js..network.proxy.http_port: 8081
FF - prefs.js..network.proxy.no_proxies_on: "localhost, 127.0.0.1, stealthy.co"
         
5.
Tipps (unabhängig davon ob man den Internet Explorer benutzt oder nicht!):
-> Tipps zu Internet Explorer
-> Standard Suchmaschine des Explorers ändern
-> Wie kann ich den Cache im Internet Explorer leeren?

6.
reinige dein System mit CCleaner:
  • "CCleaner"→ "Analysieren"→ Klick auf den Button "Start CCleaner"
  • "Registry""Fehler suchen"→ "Fehler beheben"→ "Alle beheben"
  • Starte dein System neu auf

7.
  • lade Dir SUPERAntiSpyware FREE Edition herunter.
    Achte darauf, eventuell angebotene Toolbar nicht mitzuinstallieren, also während der Installation den Haken bei der Toolbar (falls nötig), entfernen.
  • installiere das Programm und update online.
  • starte SUPERAntiSpyware und klicke auf "Ihren Computer durchsuchen"
  • setze ein Häkchen bei "Kompletter Scan" und klicke auf "Weiter"
  • anschließend alle gefundenen Schadprogramme werden aufgelistet, bei alle Funde Häkchen setzen und mit "OK" bestätigen
  • auf "Weiter" klicken dann "OK" und auf "Fertig stellen"
  • um die Ergebnisse anzuzeigen: auf "Präferenzen" dann auf den "Statistiken und Protokolle" klicken
  • drücke auf "Protokoll anzeigen" - anschließend diesen Bericht bitte speichern und hier posten

8.
Auch auf USB-Sticks, selbstgebrannten Datenträgern, externen Festplatten und anderen Datenträgern können Viren transportiert werden. Man muss daher durch regelmäßige Prüfungen auf Schäden, die durch Malware ("Worm.Win32.Autorun") verursacht worden sein können, überwacht werden. Hierfür sind ser gut geegnet und empfohlen, die auf dem Speichermedium gesicherten Daten, mit Hilfe des kostenlosen Online Scanners zu prüfen.
Schließe jetzt alle externe Datenträgeran (USB Sticks etc) Deinen Rechner an, dabei die Hochstell-Taste [Shift-Taste] gedrückt halten, damit die Autorun-Funktion nicht ausgeführt wird. (So verhindest Du die Ausführung der AUTORUN-Funktion) - Man kann die AUTORUN-Funktion aber auch generell abschalten.►Anleitung

9.
-> Führe dann einen Komplett-Systemcheck mit Eset Online Scanner (NOD32)Kostenlose Online Scanner durch
Achtung!: >>Du sollst nicht die Antivirus-Sicherheitssoftware installieren, sondern dein System nur online scannen<<

10.
erneut einen Scan mit OTL:
  • Doppelklick auf die OTL.exe
  • Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
  • Oben findest Du ein Kästchen mit Ausgabe.
    Wähle bitte Standard-Ausgabe
  • Unter Extra-Registrierung wähle bitte Benutze SafeList.
  • Mache Häckchen bei LOP- und Purity-Prüfung.
  • Klicke nun auf Scan links oben.
  • Wenn der Scan beendet wurde werden zwei Logfiles erstellt.
    Du findest die Logfiles auf Deinem Desktop => OTL.txt und Extras.txt
  • Poste die Logfiles in Code-Tags hier in den Thread.

► berichte erneut über den Zustand des Computers. Ob noch Probleme auftreten, wenn ja, welche?
__________________
--> mystart.incredibar.com

Alt 04.06.2012, 19:00   #7
knipsfuzzi
 
mystart.incredibar.com - Standard

mystart.incredibar.com



OTL EXTRAS Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 04.06.2012 19:00:38 - Run 2
OTL by OldTimer - Version 3.2.45.0     Folder = C:\Users\Sina und Andreas\Desktop
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,91 Gb Total Physical Memory | 2,02 Gb Available Physical Memory | 69,45% Memory free
5,83 Gb Paging File | 3,94 Gb Available in Paging File | 67,62% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 297,99 Gb Total Space | 241,17 Gb Free Space | 80,93% Space Free | Partition Type: NTFS
Drive E: | 1,88 Gb Total Space | 1,75 Gb Free Space | 93,13% Space Free | Partition Type: FAT
 
Computer Name: SINAUNDANDREAS | User Name: Sina und Andreas | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{134C017B-87B4-459A-93D5-0F0D1807A59E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{14AD1581-1E4A-4DAE-B2BF-493666CFD059}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{14AE250C-F647-4DC7-9ADA-2256CB111950}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{1A174DBC-E99C-441E-B94F-066B14E0EF43}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{2656F301-722F-44B1-AB17-B18D2C271997}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{35325B96-C4B6-4BAB-8488-1679BB097CD5}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{35AFCA2A-DF96-4C8A-AF75-DE9923E84F0E}" = rport=445 | protocol=6 | dir=out | app=system | 
"{35F5FD1E-776F-4244-A500-C784D85C3AEF}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{4B005F87-5EDD-4CE9-A18E-7B50154B6A41}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{4B261894-D5CB-449E-AE46-97CCAA54CF21}" = rport=137 | protocol=17 | dir=out | app=system | 
"{53789BFC-A69F-4F4C-B671-C699CCFF87BC}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{56648C13-68EE-4167-869D-CC76326AE960}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{5BFD776D-9868-47E4-BB71-707945F09FE3}" = lport=445 | protocol=6 | dir=in | app=system | 
"{5F3DF554-7093-4130-80B9-695860692562}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{7391204E-53DC-4477-9050-E7A6ADF04C1B}" = lport=138 | protocol=17 | dir=in | app=system | 
"{83895168-AA33-4DD5-A910-57D9EBE2973F}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{86857365-FBC1-4C58-8C61-7D42BA781B32}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{8B92D754-7D56-497A-8172-192D5C86B420}" = rport=139 | protocol=6 | dir=out | app=system | 
"{8EB80347-B777-4035-A07A-0D829F8EBA5A}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{90B6251F-6183-4961-B4DE-9949B20ACB0D}" = lport=137 | protocol=17 | dir=in | app=system | 
"{BD0D6169-D241-49FE-B445-13C5AB7670FF}" = lport=139 | protocol=6 | dir=in | app=system | 
"{DBC9DA80-0912-4945-9D86-B45053985F08}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{E49726D5-6567-4743-85FB-6699C7AC8106}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{ED4677B0-6EA9-4F16-8912-D28E603D0AAC}" = rport=138 | protocol=17 | dir=out | app=system | 
"{F0D4FFBC-EBB1-4F0D-946D-7BA2EAF4FF9B}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{19366339-1B74-42A1-B8C2-2EFB4DF2BB33}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{22B75CC0-BC9A-49E3-8A1D-29B4D16264C3}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{24741A85-77A8-4624-8A3B-C9351B86FF4B}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{2B0ACB14-675F-498E-827C-DC8DC7E92509}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{41B7C51C-6405-4C00-9A80-E93D2B3E62D8}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{506A77B8-7D24-4DC4-BFF0-77364163B552}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{560534F6-7BEF-4905-9ABA-6535BF90F42D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{6215390F-7F29-44D0-96EB-1F0CEDEE644D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{68A0D65D-4C88-40A0-8A94-BC17F6F22654}" = protocol=17 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsvsvr.exe | 
"{6C9DD904-41EF-4EED-B2EA-04F963BB25BF}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{77D01BF1-F879-4E28-AC8A-D12B5D0B6250}" = protocol=17 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsasvr.exe | 
"{785A3A02-A53C-45E7-8881-0A79CA9D5A5E}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe | 
"{8AADD299-1F2F-4B1B-9C81-1EE527564D0E}" = dir=in | app=c:\program files\windows live\mesh\moe.exe | 
"{8EC753F9-3F42-46B5-9B4B-CC6AE58EBC1B}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{9744B593-CD4F-4EE8-B1DF-880E2E09E7CB}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{9D11B168-206D-4A3A-9D5C-322B51F726A3}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{A6A27286-7D42-406B-AA95-18951455547B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{B42AD2B6-AE2B-4ED9-827A-DFDEE0D426AD}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{C346EAE0-8AFF-4855-AF06-DC7A21EC61A8}" = protocol=6 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsvsvr.exe | 
"{CD33B939-9827-497D-B640-62FD7E1F4664}" = protocol=6 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsasvr.exe | 
"{CD8DCEB1-08EE-400B-84EE-BF8C738A022C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{D411958B-0C41-4878-B6CA-D632F304C612}" = protocol=6 | dir=out | app=system | 
"{DEA37B2C-6FDB-4DE4-9C7B-736CED2749C1}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{F04CD810-5BB4-493E-A1EC-BA8E1DF23BC3}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{022D2599-2316-4927-89F1-9188894CEB02}" = StarMoney
"{02602409-9189-4567-BC07-562605243B69}" = Windows Live Remote Client Resources
"{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion
"{0969AF05-4FF6-4C00-9406-43599238DE0D}" = ASUS Splendid Video Enhancement Technology
"{09BCB9CE-964B-4BDA-AE46-B5A0ABEF1D3F}" = Sonic Focus
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}" = PlayStation(R)Store
"{167A1F6A-9BF2-4B24-83DB-C6D659F680EA}" = Media Go
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = ASUS LifeFrame3
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20FDF948-C8ED-4543-A539-F7F4AEF5AFA2}" = Wireless Console 3
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{29CE00CE-10A1-44DE-9BBC-25E7988D4219}" = FreeRIP Toolbar v5.8
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{336D0C35-8A85-403a-B9D2-65C292C39087}_is1" = Web Assistant 2.0.0.445
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3A65A74A-5B6E-451A-92D8-50F1182BBE9A}" = Windows Live Remote Service Resources
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{4555BB9E-E715-4260-A178-E8EFD2B653E3}" = Alcor Micro USB Card Reader
"{46D3B906-C93E-9CC7-D47F-0B04B343BEFA}" = Saal Design Software
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5482DCBE-D2D1-47B0-A621-DF8E2B0D174C}" = Windows Live Family Safety
"{5B2C4D32-A7CD-44B0-8619-4ADBE301B2D3}" = pdfforge Toolbar v5.8
"{64452561-169F-4A36-A2FF-B5E118EC65F5}" = ASUS SmartLogon
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{749F674B-2674-47E8-879C-5626A06B2A91}" = InstantOn for NB
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{7E84FAC8-C518-40F9-9807-7455301D6D25}" = SamsungConnectivityCableDriver
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8F21291E-0444-4B1D-B9F9-4370A73E346D}" = WinFlash
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}" = ASUS Power4Gear Hybrid
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A89768CF-CD21-44FD-A723-16D5A8557415}" = NEF Codec
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.6
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}" = ATK Package
"{AC599724-5755-48C1-ABE7-ABB857652930}" = PC Connectivity Solution
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AF7E85DC-317C-47F5-810E-B82EE093A612}" = Samsung New PC Studio USB Driver Installer
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B1A70A4D-549B-4C56-9C00-EF55A22E52B6}" = StarMoney
"{B6659DD8-00A7-4A24-BBFB-C1F6982E5D66}" = PlayStation(R)Network Downloader
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{BC30E5E7-047D-4232-A7E8-F2CB7CC7B2E0}_is1" = Emsisoft Anti-Malware
"{BCF16F16-AC0E-4ABE-A9EF-412CF484BA51}" = Windows Live Family Safety
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C3C2983F-BF2E-431D-B140-C678B60A8FB7}" = GoGear Spark Device Manager
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{C944B4C5-1C4D-4D95-8AC0-7CEF13914131}" = ASUS FancyStart
"{CB6075D9-F912-40AE-BEA6-E590DA24F16B}" = Adobe Photoshop Elements 7.0
"{CCF22908-ECD2-4068-84F1-BA02DA1EC72D}" = GoGear Spark Device Manager
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D39F0676-163E-4595-A917-E28F99BBD4D2}" = ASUS AI Recovery
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}" = Asmedia ASM104x USB 3.0 Host Controller Driver
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}" = ASUS Virtual Camera
"{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}" = Sony PC Companion 2.10.053
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0FF219A-6233-440A-BC76-5CC144CDCDB6}" = Nitro PDF Reader 2
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}" = ASUS Live Update
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"3A5DEFA413DDE699DBA6EBE0A63534ACA524D30F" = Windows-Treiberpaket - Nokia pccsmcfd  (10/12/2007 6.85.4.0)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop Elements 7" = Adobe Photoshop Elements 7.0
"AmUStor" = Alcor Micro USB Card Reader
"ASUS_Screensaver" = ASUS_Screensaver
"avast" = avast! Free Antivirus
"CCleaner" = CCleaner
"ElsterFormular für Unternehmer 12.1.0.6164u" = ElsterFormular für Unternehmer
"EPSON Printer and Utilities" = EPSON-Drucker-Software
"EPSON Scanner" = EPSON Scan
"ESET Online Scanner" = ESET Online Scanner v3
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.22.508
"InstallShield_{AF7E85DC-317C-47F5-810E-B82EE093A612}" = Samsung New PC Studio USB Driver Installer
"InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 12.0 (x86 de)" = Mozilla Firefox 12.0 (x86 de)
"Mozilla Thunderbird 12.0.1 (x86 de)" = Mozilla Thunderbird 12.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Neat Image_is1" = Neat Image v6 Demo (with plug-in)
"Pen Tablet Driver" = Bamboo
"SaalDesignSoftware" = Saal Design Software
"SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Samsung Mobile Modem Device" = Samsung Mobile Modem Device Software
"Samsung Mobile phone USB driver Drive" = Samsung Mobile phone USB driver Drive Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"SAMSUNG USB Mobile Device" = SAMSUNG USB Mobile Device Software
"Spyder3Pro" = Spyder3Pro
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"VLC media player" = VLC media player 1.1.11
"Wacom WebTabletPlugin for IE" = WebTablet IE Plugin
"Wacom WebTabletPlugin for Netscape" = WebTablet Netscape Plugin
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.11 (32-Bit)
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 01.06.2012 13:49:54 | Computer Name = SinaundAndreas | Source = Windows Search Service | ID = 7040
Description = 
 
Error - 01.06.2012 13:49:54 | Computer Name = SinaundAndreas | Source = Windows Search Service | ID = 7042
Description = 
 
Error - 01.06.2012 13:49:54 | Computer Name = SinaundAndreas | Source = Windows Search Service | ID = 9002
Description = 
 
Error - 01.06.2012 13:49:54 | Computer Name = SinaundAndreas | Source = Windows Search Service | ID = 3029
Description = 
 
Error - 01.06.2012 13:49:55 | Computer Name = SinaundAndreas | Source = Windows Search Service | ID = 3029
Description = 
 
Error - 01.06.2012 13:49:55 | Computer Name = SinaundAndreas | Source = Windows Search Service | ID = 3028
Description = 
 
Error - 01.06.2012 13:49:55 | Computer Name = SinaundAndreas | Source = Windows Search Service | ID = 3058
Description = 
 
Error - 01.06.2012 13:49:55 | Computer Name = SinaundAndreas | Source = Windows Search Service | ID = 7010
Description = 
 
Error - 02.06.2012 06:19:19 | Computer Name = SinaundAndreas | Source = Software Protection Platform Service | ID = 8200
Description = Lizenzerwerb-Fehlerdetails.   hr=0xC004C533
 
Error - 02.06.2012 06:19:19 | Computer Name = SinaundAndreas | Source = Software Protection Platform Service | ID = 8208
Description = Fehler bei der Erfassung des authentischen Tickets (hr=0xC004C533)
 für die Vorlagen-ID 66c92734-d682-4d71-983e-d6ec3f16059f.
 
[ System Events ]
Error - 07.04.2012 12:08:27 | Computer Name = SinaundAndreas | Source = DCOM | ID = 10010
Description = 
 
Error - 09.04.2012 04:38:50 | Computer Name = SinaundAndreas | Source = Service Control Manager | ID = 7034
Description = Dienst "Google Update-Dienst (gupdate)" wurde unerwartet beendet. 
Dies ist bereits 1 Mal passiert.
 
Error - 09.04.2012 04:39:20 | Computer Name = SinaundAndreas | Source = DCOM | ID = 10010
Description = 
 
Error - 13.04.2012 08:54:26 | Computer Name = SinaundAndreas | Source = WMPNetworkSvc | ID = 866300
Description = 
 
Error - 14.04.2012 14:14:43 | Computer Name = SinaundAndreas | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?13.?04.?2012 um 22:08:27 unerwartet heruntergefahren.
 
Error - 18.04.2012 15:24:51 | Computer Name = SinaundAndreas | Source = Service Control Manager | ID = 7043
Description = Der Dienst Gruppenrichtlinienclient konnte nach dem Empfang eines 
Preshutdown-Steuerelements nicht richtig heruntergefahren werden.
 
Error - 23.04.2012 06:44:19 | Computer Name = SinaundAndreas | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst WinDefend erreicht.
 
Error - 23.04.2012 11:24:16 | Computer Name = SinaundAndreas | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
 
Error - 23.04.2012 11:24:19 | Computer Name = SinaundAndreas | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst TouchServicePen erreicht.
 
Error - 23.04.2012 16:05:44 | Computer Name = SinaundAndreas | Source = DCOM | ID = 10010
Description = 
 
 
< End of report >
         
--- --- ---


OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 04.06.2012 19:00:37 - Run 2
OTL by OldTimer - Version 3.2.45.0     Folder = C:\Users\Sina und Andreas\Desktop
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,91 Gb Total Physical Memory | 2,02 Gb Available Physical Memory | 69,45% Memory free
5,83 Gb Paging File | 3,94 Gb Available in Paging File | 67,62% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 297,99 Gb Total Space | 241,17 Gb Free Space | 80,93% Space Free | Partition Type: NTFS
Drive E: | 1,88 Gb Total Space | 1,75 Gb Free Space | 93,13% Space Free | Partition Type: FAT
 
Computer Name: SINAUNDANDREAS | User Name: Sina und Andreas | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Sina und Andreas\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Web Assistant\ExtensionUpdaterService.exe ()
PRC - C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
PRC - C:\Programme\Emsisoft Anti-Malware\a2service.exe (Emsisoft GmbH)
PRC - C:\Programme\Emsisoft Anti-Malware\a2guard.exe (Emsisoft GmbH)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Programme\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Programme\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Programme\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Windows\AsScrPro.exe (ASUS)
PRC - C:\Programme\Nitro PDF\Reader 2\NitroPDFReaderDriverService2.exe (Nitro PDF Software)
PRC - C:\Programme\Realtek\Audio\HDA\RtHDVBg.exe (Realtek Semiconductor)
PRC - C:\Programme\SUPERAntiSpyware\SASCore.exe (SUPERAntiSpyware.com)
PRC - C:\Programme\Common Files\InstantOn\InsOnSrv.exe (ASUS)
PRC - C:\Programme\Common Files\InstantOn\InsOnWMI.exe (ASUS)
PRC - C:\Programme\ASUS\Splendid\ACMON.exe (ASUS)
PRC - C:\Windows\System32\ACEngSvr.exe (ASUSTeK)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corp.)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
PRC - C:\Programme\AmIcoSingLun\AmIcoSinglun.exe (Alcor Micro Corp.)
PRC - C:\Programme\P4G\BatteryLife.exe (ASUS)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\ASUS\ATK Package\ATK Hotkey\HControl.exe (ASUS)
PRC - C:\Programme\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Programme\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Programme\ASUS\SmartLogon\sensorsrv.exe (ASUS)
PRC - C:\Programme\Tablet\Pen\Pen_Tablet.exe (Wacom Technology, Corp.)
PRC - C:\Programme\Tablet\Pen\Pen_TouchUser.exe (Wacom Technology, Corp.)
PRC - C:\Programme\Tablet\Pen\Pen_TabletUser.exe (Wacom Technology, Corp.)
PRC - C:\Programme\Tablet\Pen\Pen_TouchService.exe (Wacom Technology, Corp.)
PRC - C:\Programme\ASUS\ATK Package\ATK Media\DMedia.exe (ASUS)
PRC - C:\Programme\ASUS\Wireless Console 3\wcourier.exe ()
PRC - C:\Programme\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUS)
PRC - C:\Programme\ASUS\Sonic Focus\SonicFocusTray.exe (Virage Logic Corporation / Sonic Focus)
PRC - C:\Programme\Datacolor\Spyder3Pro\Utility\Spyder3Utility.exe ()
PRC - C:\Programme\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe (ASUS)
PRC - C:\Programme\Common Files\microsoft shared\ink\TabTip.exe (Microsoft Corporation)
PRC - C:\Programme\Common Files\microsoft shared\ink\InputPersonalization.exe (Microsoft Corporation)
PRC - C:\Programme\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ASUS)
PRC - C:\Programme\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe (ASUS)
PRC - C:\Programme\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe (ASUS)
PRC - C:\Windows\System32\FsUsbExService.Exe (Teruten)
PRC - C:\Programme\ASUS\ATK Package\ATK Hotkey\WDC.exe (ASUS)
PRC - C:\Programme\Fotografie\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated)
PRC - C:\ProgramData\EPSON\EPW!3 SSRP\E_S30RP1.EXE (SEIKO EPSON CORPORATION)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL ()
MOD - C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll ()
MOD - C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10007.dll ()
MOD - C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll ()
MOD - C:\Programme\WinRAR\RarExt.dll ()
MOD - C:\Windows\System32\IccLibDll.dll ()
MOD - C:\Programme\ASUS\Splendid\GLCDdll.dll ()
MOD - C:\Programme\Synaptics\SynTP\SynTPEnhPS.dll ()
MOD - C:\Programme\Tablet\Pen\libxml2.dll ()
MOD - C:\Programme\ASUS\Wireless Console 3\wcourier.exe ()
MOD - C:\Programme\P4G\DevMng.dll ()
MOD - C:\Programme\Datacolor\Spyder3Pro\Utility\Spyder3Utility.exe ()
MOD - C:\Programme\Datacolor\Spyder3Pro\Utility\Spyder3Utility Libs\RBScript.dll ()
MOD - C:\Programme\Datacolor\Spyder3Pro\Utility\Spyder3Utility Libs\XML.dll ()
MOD - C:\Programme\Datacolor\Spyder3Pro\Utility\Spyder3Utility Libs\CGamma.dll ()
MOD - C:\Programme\Datacolor\Spyder3Pro\Utility\Spyder3Utility Libs\RegEx.dll ()
MOD - C:\Programme\Datacolor\Spyder3Pro\Utility\Spyder3Utility Libs\Appearance Pak.dll ()
MOD - C:\Programme\Datacolor\Spyder3Pro\Utility\Spyder3Utility Libs\Shell.dll ()
MOD - C:\Programme\Datacolor\Spyder3Pro\Utility\Spyder3Utility Libs\CSensor.dll ()
MOD - C:\Programme\Datacolor\Spyder3Pro\Utility\Spyder3Utility Libs\MBSRegistrationPlugin16042.dll ()
MOD - C:\Programme\Datacolor\Spyder3Pro\Utility\Spyder3Utility Libs\MBSPluginVersionPlugin16042.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (HPSLPSVC) -- C:\Users\Sina und Andreas\AppData\Local\Temp\7zS4BF0\hpslpsvc32.dll File not found
SRV - (Web Assistant Updater) -- C:\Programme\Web Assistant\ExtensionUpdaterService.exe ()
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (a2AntiMalware) -- C:\Programme\Emsisoft Anti-Malware\a2service.exe (Emsisoft GmbH)
SRV - (MBAMService) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (avast! Antivirus) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV - (Sony PC Companion) -- C:\Programme\Sony\Sony PC Companion\PCCService.exe (Avanquest Software)
SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV - (FLEXnet Licensing Service) -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (NitroReaderDriverReadSpool2) -- C:\Programme\Nitro PDF\Reader 2\NitroPDFReaderDriverService2.exe (Nitro PDF Software)
SRV - (!SASCORE) -- C:\Programme\SUPERAntiSpyware\SASCore.exe (SUPERAntiSpyware.com)
SRV - (ASUS InstantOn) -- C:\Programme\Common Files\InstantOn\InsOnSrv.exe (ASUS)
SRV - (fsssvc) -- C:\Programme\Windows Live\Family Safety\fsssvc.exe (Microsoft Corporation)
SRV - (wlidsvc) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (UNS) Intel(R) -- C:\Programme\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) Intel(R) -- C:\Programme\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (Mcx2Svc) -- C:\Windows\System32\Mcx2Svc.dll (Microsoft Corporation)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (NetTcpPortSharing) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (TabletServicePen) -- C:\Programme\Tablet\Pen\Pen_Tablet.exe (Wacom Technology, Corp.)
SRV - (TouchServicePen) -- C:\Programme\Tablet\Pen\Pen_TouchService.exe (Wacom Technology, Corp.)
SRV - (wlcrasvc) -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV - (ATKGFNEXSrv) -- C:\Programme\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe (ASUS)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (RemoteAccess) -- C:\Windows\System32\mprdim.dll (Microsoft Corporation)
SRV - (ASLDRService) -- C:\Programme\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe (ASUS)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (FsUsbExService) -- C:\Windows\System32\FsUsbExService.Exe (Teruten)
SRV - (AdobeActiveFileMonitor7.0) -- C:\Programme\Fotografie\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated)
SRV - (ServiceLayer) -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe (Nokia.)
SRV - (EPSON_PM_RPCV4_01) EPSON V3 Service4(01) -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S30RP1.EXE (SEIKO EPSON CORPORATION)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (aswSnx) -- C:\Windows\System32\drivers\aswSnx.sys (AVAST Software)
DRV - (aswSP) -- C:\Windows\System32\drivers\aswSP.sys (AVAST Software)
DRV - (aswRdr) -- C:\Windows\System32\drivers\aswRdr2.sys (AVAST Software)
DRV - (aswTdi) -- C:\Windows\System32\drivers\aswTdi.sys (AVAST Software)
DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (AVAST Software)
DRV - (aswFsBlk) -- C:\Windows\System32\drivers\aswFsBlk.sys (AVAST Software)
DRV - (a2injectiondriver) -- C:\Programme\Emsisoft Anti-Malware\a2dix86.sys (Emsi Software GmbH)
DRV - (a2acc) -- C:\Programme\Emsisoft Anti-Malware\a2accx86.sys (Emsi Software GmbH)
DRV - (SASDIFSV) -- C:\Programme\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL) -- C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (asmtxhci) -- C:\Windows\System32\drivers\asmtxhci.sys (ASMedia Technology Inc)
DRV - (asmthub3) -- C:\Windows\System32\drivers\asmthub3.sys (ASMedia Technology Inc)
DRV - (A2DDA) -- C:\Programme\Emsisoft Anti-Malware\a2ddax86.sys (Emsi Software GmbH)
DRV - (AmUStor) -- C:\Windows\System32\drivers\AmUStor.sys (Alcor Micro, Corp.)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (udfs) -- C:\Windows\System32\drivers\udfs.sys (Microsoft Corporation)
DRV - (MEI) Intel(R) -- C:\Windows\System32\drivers\HECI.sys (Intel Corporation)
DRV - (wacmoumonitor) -- C:\Windows\System32\drivers\wacmoumonitor.sys (Wacom Technology)
DRV - (wacommousefilter) -- C:\Windows\System32\drivers\wacommousefilter.sys (Wacom Technology)
DRV - (wacomvhid) -- C:\Windows\System32\drivers\wacomvhid.sys (Wacom Technology)
DRV - (L1C) -- C:\Windows\System32\drivers\L1C62x86.sys (Atheros Communications, Inc.)
DRV - (ATKWMIACPIIO) -- C:\Programme\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi.sys (ASUS)
DRV - (a2util) -- C:\Programme\Emsisoft Anti-Malware\a2util32.sys (Emsi Software GmbH)
DRV - (Spyder3) -- C:\Windows\System32\drivers\Spyder3.sys ()
DRV - (crcdisk) -- C:\Windows\System32\drivers\crcdisk.sys (Microsoft Corporation)
DRV - (ws2ifsl) -- C:\Windows\System32\drivers\ws2ifsl.sys (Microsoft Corporation)
DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation)
DRV - (Serial) -- C:\Windows\System32\drivers\serial.sys (Brother Industries Ltd.)
DRV - (cdfs) -- C:\Windows\System32\drivers\cdfs.sys (Microsoft Corporation)
DRV - (ASMMAP) -- C:\Programme\ASUS\ATK Package\ATKGFNEX\ASMMAP.sys (ASUS)
DRV - (FsUsbExDisk) -- C:\Windows\System32\FsUsbExDisk.Sys ()
DRV - (ss_bmdm) -- C:\Windows\System32\drivers\ss_bmdm.sys (MCCI Corporation)
DRV - (ss_bbus) SAMSUNG USB Mobile Device (WDM) -- C:\Windows\System32\drivers\ss_bbus.sys (MCCI)
DRV - (ss_bmdfl) SAMSUNG USB Mobile Modem (Filter) -- C:\Windows\System32\drivers\ss_bmdfl.sys (MCCI Corporation)
DRV - (WimFltr) -- C:\Windows\System32\drivers\WimFltr.sys (Microsoft Corporation)
DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 88 DD 74 79 D3 A6 CC 01  [binary data]
IE - HKCU\..\URLSearchHook: {E634228A-03CF-4BC8-B0AB-668257F1FD8C} - C:\Programme\FreeRIP Toolbar\IE\5.8\freeripToolbarIE.dll (Spigot, Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {37755889-0174-4C43-81F9-6D413A98FE3E}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{37755889-0174-4C43-81F9-6D413A98FE3E}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=386496&p={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&ilc=12&type=386496"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://mystart.incredibar.com/mb161?a=6R8uBdKvKs&i=26"
FF - prefs.js..keyword.URL: "hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=386496&p="
FF - prefs.js..network.proxy.http: "178.168.58.100"
FF - prefs.js..network.proxy.http_port: 8081
FF - prefs.js..network.proxy.no_proxies_on: "localhost, 127.0.0.1, stealthy.co"
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nitropdf.com/NitroPDF: C:\Program Files\Nitro PDF\Reader 2\npnitromozilla.dll ( )
FF - HKLM\Software\MozillaPlugins\@playstation.com/PsndlCheck,version=1.00: C:\Program Files\Sony\PLAYSTATION Network Downloader\nppsndl.dll (Sony Computer Entertainment Inc.)
FF - HKLM\Software\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0: C:\Program Files\Sony\Media Go\npmediago.dll (Sony Network Entertainment International LLC)
FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.5: C:\Program Files\TabletPlugins\npwacom.dll (Wacom, Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012.03.23 19:44:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\Web Assistant\Firefox [2012.05.31 19:50:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.04.27 15:58:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011.11.19 18:12:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
 
[2011.11.19 18:11:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sina und Andreas\AppData\Roaming\mozilla\Extensions
[2012.06.03 14:44:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sina und Andreas\AppData\Roaming\mozilla\Firefox\Profiles\wbj3qj96.default\extensions
[2012.05.18 04:47:46 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Sina und Andreas\AppData\Roaming\mozilla\Firefox\Profiles\wbj3qj96.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2012.05.12 13:49:34 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Sina und Andreas\AppData\Roaming\mozilla\Firefox\Profiles\wbj3qj96.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.02.24 20:59:55 | 000,000,933 | ---- | M] () -- C:\Users\Sina und Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\wbj3qj96.default\searchplugins\11-suche.xml
[2012.02.24 20:59:55 | 000,002,419 | ---- | M] () -- C:\Users\Sina und Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\wbj3qj96.default\searchplugins\englische-ergebnisse.xml
[2012.02.24 20:59:55 | 000,010,525 | ---- | M] () -- C:\Users\Sina und Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\wbj3qj96.default\searchplugins\gmx-suche.xml
[2012.02.24 20:59:55 | 000,002,457 | ---- | M] () -- C:\Users\Sina und Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\wbj3qj96.default\searchplugins\lastminute.xml
[2012.04.30 20:03:14 | 000,005,489 | ---- | M] () -- C:\Users\Sina und Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\wbj3qj96.default\searchplugins\webde-suche.xml
[2012.04.27 15:58:41 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2011.12.25 17:03:44 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012.05.27 06:59:45 | 000,000,000 | ---D | M] (FreeRIP Toolbar) -- C:\PROGRAM FILES\FREERIP TOOLBAR\FF
[2012.01.07 11:26:22 | 000,634,964 | ---- | M] () (No name found) -- C:\USERS\SINA UND ANDREAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WBJ3QJ96.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2012.05.11 16:41:59 | 000,181,880 | ---- | M] () (No name found) -- C:\USERS\SINA UND ANDREAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WBJ3QJ96.DEFAULT\EXTENSIONS\STEALTHYEXTENSION@GMAIL.COM.XPI
[2012.04.30 20:03:11 | 000,574,144 | ---- | M] () (No name found) -- C:\USERS\SINA UND ANDREAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WBJ3QJ96.DEFAULT\EXTENSIONS\TOOLBAR@GMX.NET.XPI
[2012.04.27 15:58:38 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.04.27 15:58:35 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.04.27 15:58:35 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.04.27 15:58:35 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.04.27 15:58:35 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.04.27 15:58:35 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.04.27 15:58:35 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider:  ()
CHR - default_search_provider: search_url = 
CHR - default_search_provider: suggest_url = 
CHR - Extension: No name found = C:\Users\Sina und Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\
CHR - Extension: No name found = C:\Users\Sina und Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\
CHR - Extension: No name found = C:\Users\Sina und Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\6.0.1407_0\
CHR - Extension: No name found = C:\Users\Sina und Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\
 
O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Web Assistant) - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Programme\Web Assistant\Extension32.dll ()
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Windows Live Messenger Companion Helper) - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (FreeRIP Toolbar) - {E634228A-03CF-4BC8-B0AB-668257F1FD8C} - C:\Programme\FreeRIP Toolbar\IE\5.8\freeripToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (FreeRIP Toolbar) - {E634228A-03CF-4BC8-B0AB-668257F1FD8C} - C:\Programme\FreeRIP Toolbar\IE\5.8\freeripToolbarIE.dll (Spigot, Inc.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [AmIcoSinglun] C:\Programme\AmIcoSingLun\AmIcoSinglun.exe (Alcor Micro Corp.)
O4 - HKLM..\Run: [ASUS Screen Saver Protector] C:\Windows\AsScrPro.exe (ASUS)
O4 - HKLM..\Run: [ATKMEDIA] C:\Programme\ASUS\ATK Package\ATK Media\DMedia.exe (ASUS)
O4 - HKLM..\Run: [ATKOSD2] C:\Programme\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUS)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [emsisoft anti-malware] c:\program files\emsisoft anti-malware\a2guard.exe (Emsisoft GmbH)
O4 - HKLM..\Run: [HControlUser] C:\Programme\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ASUS)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NPSStartup]  File not found
O4 - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SonicMasterTray] C:\Programme\ASUS\Sonic Focus\SonicFocusTray.exe (Virage Logic Corporation / Sonic Focus)
O4 - HKLM..\Run: [SynAsusAcpi] C:\Programme\Synaptics\SynTP\SynAsusAcpi.exe (Synaptics Incorporated)
O4 - HKLM..\Run: [Wireless Console 3] C:\Programme\ASUS\Wireless Console 3\wcourier.exe ()
O4 - HKCU..\Run: [AutoStartNPSAgent] C:\Programme\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKCU..\Run: [EPSON Stylus DX4000 Series] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIBEE.EXE (SEIKO EPSON CORPORATION)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Sina und Andreas\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra Button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{04C1D857-66B3-49A8-81F9-5E622E2BF61E}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{963680A4-92D3-4F4A-997A-0C77853B900B}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{a7b0680d-2191-11e1-8c31-5404a627d4d5}\Shell - "" = AutoRun
O33 - MountPoints2\{a7b0680d-2191-11e1-8c31-5404a627d4d5}\Shell\AutoRun\command - "" = F:\Startme.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.06.04 16:15:12 | 000,000,000 | ---D | C] -- C:\Users\Sina und Andreas\AppData\Roaming\SUPERAntiSpyware.com
[2012.06.04 16:14:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2012.06.04 16:14:29 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2012.06.04 16:14:29 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012.06.04 16:03:55 | 000,000,000 | ---D | C] -- C:\_OTL
[2012.06.03 14:47:11 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\Sina und Andreas\Desktop\OTL.exe
[2012.06.03 10:53:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware
[2012.06.03 10:52:59 | 000,000,000 | ---D | C] -- C:\Program Files\Emsisoft Anti-Malware
[2012.06.03 10:52:59 | 000,000,000 | ---D | C] -- C:\Users\Sina und Andreas\Documents\Anti-Malware
[2012.06.02 12:51:19 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012.06.01 17:26:27 | 000,000,000 | ---D | C] -- C:\Users\Sina und Andreas\AppData\Roaming\Malwarebytes
[2012.06.01 17:26:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.06.01 17:26:19 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.06.01 17:26:19 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.05.31 19:50:00 | 000,000,000 | ---D | C] -- C:\Program Files\Web Assistant
[2012.05.27 06:59:43 | 000,000,000 | ---D | C] -- C:\Program Files\FreeRIP Toolbar
[2012.05.15 16:47:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Sony
[2012.05.12 13:49:32 | 002,557,952 | ---- | C] (Nokia Corporation and/or its subsidiary(-ies)) -- C:\Windows\System32\QtCore4.dll
[2012.05.12 13:49:26 | 000,405,176 | ---- | C] (Newtonsoft) -- C:\Windows\System32\Newtonsoft.Json.Net20.dll
[2012.05.12 13:49:16 | 004,421,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc100u.dll
[2012.05.12 13:49:16 | 000,136,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\atl100.dll
[2012.05.12 13:49:16 | 000,080,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfcm100u.dll
[2012.05.12 12:32:55 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2012.05.12 12:32:54 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2012.05.12 12:32:54 | 002,343,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012.05.12 12:30:07 | 001,077,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
 
========== Files - Modified Within 30 Days ==========
 
[2012.06.04 19:00:07 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.06.04 18:57:35 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.06.04 18:10:02 | 000,010,096 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.06.04 18:10:02 | 000,010,096 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.06.04 16:14:37 | 000,001,961 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012.06.04 16:09:29 | 2346,811,392 | -HS- | M] () -- C:\hiberfil.sys
[2012.06.03 14:47:21 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Sina und Andreas\Desktop\OTL.exe
[2012.06.03 14:42:47 | 000,045,056 | ---- | M] () -- C:\Windows\System32\acovcnt.exe
[2012.06.03 10:53:24 | 000,001,049 | ---- | M] () -- C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk
[2012.06.01 17:26:21 | 000,001,067 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.06.01 16:50:43 | 000,308,616 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.05.31 19:50:14 | 000,000,447 | ---- | M] () -- C:\user.js
[2012.05.18 16:07:56 | 000,032,124 | ---- | M] () -- C:\Users\Sina und Andreas\Desktop\Schreiben 2 vom 15.05.pdf
[2012.05.18 16:05:00 | 000,031,978 | ---- | M] () -- C:\Users\Sina und Andreas\Desktop\Schreiben 1 vom 15.05.pdf
[2012.05.16 21:00:54 | 000,665,578 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.05.16 21:00:54 | 000,627,420 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.05.16 21:00:54 | 000,133,758 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.05.16 21:00:54 | 000,110,140 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.05.15 16:48:04 | 000,002,042 | ---- | M] () -- C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk
[2012.05.05 20:00:16 | 000,419,488 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012.05.05 20:00:16 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
 
========== Files Created - No Company Name ==========
 
[2012.06.04 16:14:37 | 000,001,961 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012.06.03 10:53:24 | 000,001,049 | ---- | C] () -- C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk
[2012.06.01 17:26:21 | 000,001,067 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.05.31 19:50:14 | 000,000,447 | ---- | C] () -- C:\user.js
[2012.05.18 16:07:56 | 000,032,124 | ---- | C] () -- C:\Users\Sina und Andreas\Desktop\Schreiben 2 vom 15.05.pdf
[2012.05.18 16:05:00 | 000,031,978 | ---- | C] () -- C:\Users\Sina und Andreas\Desktop\Schreiben 1 vom 15.05.pdf
[2012.05.15 16:48:04 | 000,002,042 | ---- | C] () -- C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk
[2012.03.14 11:23:01 | 000,001,534 | ---- | C] () -- C:\ProgramData\ss.ini
[2012.02.08 21:55:55 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll
[2012.02.08 21:55:55 | 000,036,608 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys
[2011.11.30 16:50:44 | 000,000,027 | ---- | C] () -- C:\Windows\CDE DX4000DEFGIPS.ini
[2011.11.19 17:14:12 | 000,000,024 | ---- | C] () -- C:\Windows\ATKPF.ini
[2011.11.18 21:17:58 | 000,045,056 | ---- | C] () -- C:\Windows\System32\acovcnt.exe
[2011.11.18 20:56:29 | 000,008,192 | ---- | C] () -- C:\Windows\System32\drivers\IntelMEFWVer.dll
[2011.08.31 20:46:18 | 000,145,804 | ---- | C] () -- C:\Windows\System32\igcompkrng600.bin
[2011.08.31 20:46:14 | 000,216,000 | ---- | C] () -- C:\Windows\System32\igfcg600m.bin
[2011.08.31 20:46:10 | 000,963,116 | ---- | C] () -- C:\Windows\System32\igkrng600.bin
[2011.08.31 20:46:00 | 000,056,832 | ---- | C] () -- C:\Windows\System32\igdde32.dll
[2011.08.31 20:26:20 | 013,903,872 | ---- | C] () -- C:\Windows\System32\ig4icd32.dll
[2011.08.31 20:15:48 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[2011.08.31 20:14:12 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
[2011.08.31 20:13:52 | 000,094,208 | ---- | C] () -- C:\Windows\System32\IccLibDll.dll
[2010.07.26 23:17:50 | 000,012,288 | ---- | C] () -- C:\Windows\System32\drivers\Spyder3.sys
 
========== LOP Check ==========
 
[2011.12.25 15:18:11 | 000,000,000 | ---D | M] -- C:\Users\Sina und Andreas\AppData\Roaming\Canneverbe Limited
[2011.11.21 15:03:20 | 000,000,000 | ---D | M] -- C:\Users\Sina und Andreas\AppData\Roaming\Downloaded Installations
[2012.05.12 13:49:49 | 000,000,000 | ---D | M] -- C:\Users\Sina und Andreas\AppData\Roaming\DVDVideoSoft
[2011.12.08 17:54:34 | 000,000,000 | ---D | M] -- C:\Users\Sina und Andreas\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.12.12 21:02:18 | 000,000,000 | ---D | M] -- C:\Users\Sina und Andreas\AppData\Roaming\elsterformular
[2011.11.19 20:33:41 | 000,000,000 | ---D | M] -- C:\Users\Sina und Andreas\AppData\Roaming\NeatImage SL
[2012.05.21 20:37:44 | 000,000,000 | ---D | M] -- C:\Users\Sina und Andreas\AppData\Roaming\Nitro PDF
[2011.11.21 14:25:37 | 000,000,000 | ---D | M] -- C:\Users\Sina und Andreas\AppData\Roaming\OpenOffice.org
[2012.02.08 23:48:32 | 000,000,000 | ---D | M] -- C:\Users\Sina und Andreas\AppData\Roaming\PC Suite
[2011.11.28 22:56:43 | 000,000,000 | ---D | M] -- C:\Users\Sina und Andreas\AppData\Roaming\SaalDesignSoftware
[2012.02.08 21:55:42 | 000,000,000 | ---D | M] -- C:\Users\Sina und Andreas\AppData\Roaming\Samsung
[2011.12.26 12:40:32 | 000,000,000 | ---D | M] -- C:\Users\Sina und Andreas\AppData\Roaming\Sony
[2011.11.19 18:12:13 | 000,000,000 | ---D | M] -- C:\Users\Sina und Andreas\AppData\Roaming\Thunderbird
[2011.12.01 13:56:49 | 000,000,000 | ---D | M] -- C:\Users\Sina und Andreas\AppData\Roaming\Windows Live Writer
[2012.02.26 08:31:54 | 000,032,630 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >
         
--- --- ---

Es hat sich leider nichts verändert. Der MIst ist immer noch als Startseite drin.....obwohl google.de eingestellt ist.

Alt 06.06.2012, 05:19   #8
kira
/// Helfer-Team
 
mystart.incredibar.com - Standard

mystart.incredibar.com



was ist passiert mit die Schritte 1-9?
__________________

Warnung!:
Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein!
Anhang nicht öffnen, in unserem Forum erst nachfragen!

Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten!
Bitte diese Warnung weitergeben, wo Du nur kannst!

Alt 06.06.2012, 16:31   #9
knipsfuzzi
 
mystart.incredibar.com - Standard

mystart.incredibar.com



Ich habe die Schritte durchgeführt und anschließend die logs gepostet, wie gefordert. Die blöde Seite ist immer noch Startseite.....

Oder was meinst Du?

Alt 07.06.2012, 09:25   #10
kira
/// Helfer-Team
 
mystart.incredibar.com - Standard

mystart.incredibar.com



Zitat:
Zitat von knipsfuzzi Beitrag anzeigen
Ich habe die Schritte durchgeführt und anschließend die logs gepostet, wie gefordert.
nein, das hast Du leider nicht getan!
damit ich weiß, welche Änderungen Du vorgenommen hast:
Zitat:
► Berichte mir kurz über alle Umsetzungsschritte (zu jedem Punkt), die Du erledigt hast!
auch alle Ergebnisse/Logs bitte posten!

zu Punkt 2.: beides deinstalliert?

zu Punkt 3.: OTL-Fix-Log posten
Eine Kopie eines OTL-Fix-Logs wird in einer Textdatei in folgendem Ordner gespeichert:

-> C:\_OTL\Moved Files

zu Punkt 4.: die Frage habe nicht umsonst gestellt!

zu Punkt 7.: Das Protokoll sollst mir posten!

zu Punkt 9.: ebenso..Scanergebnis?
__________________

Warnung!:
Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein!
Anhang nicht öffnen, in unserem Forum erst nachfragen!

Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten!
Bitte diese Warnung weitergeben, wo Du nur kannst!

Geändert von kira (07.06.2012 um 09:31 Uhr)

Antwort

Themen zu mystart.incredibar.com
andreas, checked, downloader, downloads, escan, found, installer, loader, local, onlinescan, remove, service, sommerzeit, troja, trojaner, users, variant, version, wanted, windows



Ähnliche Themen: mystart.incredibar.com


  1. MyStart/Incredibar
    Plagegeister aller Art und deren Bekämpfung - 05.10.2013 (9)
  2. MyStart by IncrediBar.com
    Log-Analyse und Auswertung - 06.05.2013 (11)
  3. MyStart by IncrediBar.com
    Plagegeister aller Art und deren Bekämpfung - 21.12.2012 (9)
  4. MyStart by IncrediBar.com
    Plagegeister aller Art und deren Bekämpfung - 24.10.2012 (18)
  5. MyStart by IncrediBar.com
    Log-Analyse und Auswertung - 18.10.2012 (1)
  6. MyStart by IncrediBar.com
    Log-Analyse und Auswertung - 14.10.2012 (17)
  7. Mystart.Incredibar
    Plagegeister aller Art und deren Bekämpfung - 14.10.2012 (37)
  8. mystart.incredibar.com
    Log-Analyse und Auswertung - 29.09.2012 (2)
  9. Mystart.Incredibar
    Plagegeister aller Art und deren Bekämpfung - 27.09.2012 (3)
  10. mystart incredibar
    Plagegeister aller Art und deren Bekämpfung - 09.09.2012 (2)
  11. MyStart @ Incredibar und MyStart Search trotz Deinstallation des Programms
    Plagegeister aller Art und deren Bekämpfung - 09.09.2012 (2)
  12. MySTart by Incredibar
    Plagegeister aller Art und deren Bekämpfung - 30.08.2012 (1)
  13. MyStart incredibar
    Log-Analyse und Auswertung - 23.07.2012 (1)
  14. Mystart Incredibar
    Log-Analyse und Auswertung - 20.07.2012 (32)
  15. Mystart Incredibar
    Log-Analyse und Auswertung - 16.07.2012 (7)
  16. MyStart Incredibar
    Plagegeister aller Art und deren Bekämpfung - 15.07.2012 (3)
  17. Mystart by incredibar
    Plagegeister aller Art und deren Bekämpfung - 04.07.2012 (1)

Zum Thema mystart.incredibar.com - Hallo, ich bekomme den Trojaner nicht weg. Hier die Logfiles.... ESETSmartInstaller@High as downloader log: all ok # version=7 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6583 # api_version=3.0.2 # EOSSerial=69bbd45ed5cbb14293adc9f8a33a45c5 # end=finished # remove_checked=false - mystart.incredibar.com...
Archiv
Du betrachtest: mystart.incredibar.com auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.