|  | 
| 
 | |||||||
| Plagegeister aller Art und deren Bekämpfung: Bundespolizei Trojaner bei Win 7 64 BitWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. | 
|  10.07.2012, 10:37 | #1 | 
|  |   Bundespolizei Trojaner bei Win 7 64 Bit Hallo. Habe den Virus leider auch wie viel hier. Er kommt aber immer nur bei bestehender Internetverbindung. sobald ich den Router deaktiviere, kann ich ganz normal auf alles auf den PC zugreifen. Im abgesicherten Modus mit Netzwerktreibern kommt er nicht Betriebssystem: Win 7 Home 64 Bit ist übrigens die Version 1.3 des Trojaners vom Bild her. Vielen Dank für eure Hilfe  Malewarebytes Log: Code: 
  ATTFilter Malwarebytes Anti-Malware (Test) 1.61.0.1400 www.malwarebytes.org Datenbank Version: v2012.07.06.05 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 XXXXX :: XXXXXX [Administrator] Schutz: Aktiviert 06.07.2012 14:06:43 mbam-log-2012-07-06 (14-06-43).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 418779 Laufzeit: 1 Stunde(n), 5 Minute(n), 18 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code: 
  ATTFilter OTL logfile created on: 7/6/2012 4:06:34 PM - Run 1 OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\XXXX\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4.00 Gb Total Physical Memory | 2.65 Gb Available Physical Memory | 66.25% Memory free 8.00 Gb Paging File | 6.33 Gb Available in Paging File | 79.17% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 74.52 Gb Total Space | 39.13 Gb Free Space | 52.51% Space Free | Partition Type: NTFS Drive D: | 208.92 Gb Total Space | 12.56 Gb Free Space | 6.01% Space Free | Partition Type: NTFS Computer Name: XXXX | User Name: XXXX | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012/07/06 12:45:54 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\XXXX\Downloads\OTL.exe PRC - [2012/07/05 23:04:24 | 000,056,832 | ---- | M] (Razer) -- C:\Users\XXXX\AppData\Local\Temp\zfguvbsoiblghw.exe PRC - [2012/05/15 20:40:49 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2012/05/15 20:40:49 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2012/05/15 20:40:49 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2012/05/15 10:24:57 | 003,054,136 | ---- | M] (ASUS) -- C:\Windows\AsScrPro.exe PRC - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2011/06/17 19:33:04 | 000,272,528 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee Security Scan\3.0.207\SSScheduler.exe PRC - [2009/08/17 18:58:46 | 006,859,392 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe PRC - [2009/07/23 02:58:46 | 000,017,976 | ---- | M] () -- C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe PRC - [2009/06/24 21:30:18 | 000,272,952 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe PRC - [2009/05/19 00:58:38 | 000,305,720 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe PRC - [2009/04/20 20:09:30 | 000,159,744 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe PRC - [2008/09/30 12:48:28 | 000,935,208 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe ========== Modules (No Company Name) ========== MOD - [2012/06/24 09:49:10 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\8e56489276063ededde74e597a121df3\PresentationFramework.Aero.ni.dll MOD - [2012/06/24 09:48:34 | 014,340,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\e717a230496832656b05b515eb9f3bc5\PresentationFramework.ni.dll MOD - [2012/06/24 09:48:15 | 012,237,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\14a87218ea49639f38097e278b98a3da\PresentationCore.ni.dll MOD - [2012/06/24 09:48:02 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll MOD - [2012/06/24 09:45:18 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll MOD - [2012/06/24 09:45:08 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll MOD - [2009/07/23 02:58:46 | 000,017,976 | ---- | M] () -- C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe ========== Win32 Services (SafeList) ========== SRV:64bit: - [2012/04/06 04:16:02 | 000,236,544 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2012/04/05 21:57:34 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Disabled | Stopped] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service) SRV:64bit: - [2009/08/22 03:07:20 | 000,356,480 | ---- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Windows\SysNative\FBAgent.exe -- (FastBootAgent) SRV:64bit: - [2009/07/14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend) SRV:64bit: - [2009/07/10 02:32:52 | 000,128,224 | ---- | M] (SRS Labs, Inc.) [Disabled | Stopped] -- C:\Program Files\SRS Labs\SRS Premium Sound\SRS_VolSync.exe -- (SRS_VolSync_Service) SRV:64bit: - [2007/08/08 09:08:40 | 000,094,208 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv) SRV - [2012/07/02 12:52:44 | 000,113,120 | ---- | M] (Mozilla Foundation) [Disabled | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012/06/17 11:41:48 | 000,257,224 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012/05/15 20:40:49 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012/05/15 20:40:49 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012/04/04 07:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2011/09/02 06:13:49 | 000,292,136 | ---- | M] (CyberLink) [Disabled | Stopped] -- C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSServerForPDVD11.exe -- (CyberLink PowerDVD 11.0 Service) SRV - [2011/09/02 06:13:47 | 000,075,048 | ---- | M] (CyberLink) [Disabled | Stopped] -- C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe -- (CyberLink PowerDVD 11.0 Monitor Service) SRV - [2011/08/24 03:13:43 | 000,083,240 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe -- (CLHNServiceForPowerDVD) SRV - [2011/06/17 19:33:04 | 000,237,008 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\3.0.207\McCHSvc.exe -- (McComponentHostService) SRV - [2010/11/21 11:49:24 | 000,247,608 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service) SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009/06/16 02:30:42 | 000,084,536 | ---- | M] (ASUS) [Disabled | Stopped] -- C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe -- (ASLDRService) SRV - [2009/06/10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2008/09/30 12:48:28 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0) SRV - [2008/03/31 11:55:48 | 000,225,280 | ---- | M] (ASUSTek Computer Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe -- (ADSMService) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012/05/21 04:09:00 | 000,203,320 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm) SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.) DRV:64bit: - [2012/05/21 04:09:00 | 000,099,384 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus) SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.) DRV:64bit: - [2012/05/15 22:14:31 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01) DRV:64bit: - [2012/05/15 20:40:49 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2012/05/15 20:40:49 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2012/05/15 10:24:15 | 000,035,384 | ---- | M] (ASUSTek Computer Inc) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\AsDsm.sys -- (AsDsm) DRV:64bit: - [2012/04/06 07:22:40 | 011,174,400 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag) DRV:64bit: - [2012/04/06 07:22:40 | 011,174,400 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2012/04/06 03:10:44 | 000,343,040 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2012/04/04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2012/03/27 01:42:14 | 000,138,360 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AnyDVD.sys -- (AnyDVD) DRV:64bit: - [2012/03/05 16:04:30 | 000,053,888 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys -- (AODDriver4.1) DRV:64bit: - [2012/03/01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011/10/11 15:00:01 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2011/06/27 01:37:00 | 002,753,536 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr) DRV:64bit: - [2010/12/17 00:58:14 | 000,040,816 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO) DRV:64bit: - [2010/11/20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010/11/20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010/02/18 09:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64) DRV:64bit: - [2009/07/20 11:29:40 | 000,015,416 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kbfiltr.sys -- (kbfiltr) DRV:64bit: - [2009/07/17 08:00:12 | 000,068,664 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2009/07/17 08:00:12 | 000,029,240 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2009/07/14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009/07/14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009/07/14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009/07/09 10:11:32 | 001,222,144 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService) DRV:64bit: - [2009/06/18 21:18:10 | 000,015,928 | ---- | M] (Windows (R) Win 7 DDK provider) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\lullaby.sys -- (lullaby) DRV:64bit: - [2009/06/12 13:41:56 | 000,112,128 | ---- | M] (ELAN Microelectronic Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD) DRV:64bit: - [2009/06/10 22:35:57 | 000,056,832 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SiSG664.sys -- (SiSGbeLH) DRV:64bit: - [2009/06/10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009/06/10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009/06/10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009/06/10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009/06/05 12:53:42 | 000,034,872 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter) DRV:64bit: - [2009/06/05 12:15:56 | 001,806,400 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC) DRV:64bit: - [2009/05/23 00:52:30 | 000,215,040 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2009/05/18 19:27:08 | 000,343,592 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SRS_PremiumSound_amd64.sys -- (SRS_PremiumSound_Service) DRV:64bit: - [2009/05/13 03:07:20 | 000,015,928 | ---- | M] (ASUS) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ATK64AMD.sys -- (MTsensor) DRV:64bit: - [2009/05/05 16:00:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO) DRV:64bit: - [2008/04/07 08:00:46 | 000,007,168 | ---- | M] (Generic) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CRFILTER.sys -- (CRFILTER) DRV:64bit: - [2007/07/24 20:11:32 | 000,014,904 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\ATKGFNEX\ASMMAP64.sys -- (ASMMAP64) DRV - [2012/03/27 01:42:14 | 000,138,360 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\AnyDVD.sys -- (AnyDVD) DRV - [2011/09/02 12:08:46 | 000,148,976 | ---- | M] (CyberLink Corp.) [2012/05/15 22:14:58] [Kernel | Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD11\Common\NavFilter\000.fcl -- ({329F96B6-DF1E-4328-BFDA-39EA953C1312}) DRV - [2011/08/24 03:13:44 | 000,075,248 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\ntk_PowerDVD_64.sys -- (ntk_PowerDVD) DRV - [2009/07/14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 58 6C 09 7B C2 36 CD 01 [binary data] IE - HKCU\..\URLSearchHook: - No CLSID value found IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ) IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.defaultthis.engineName: "WiseConvert Customized Web Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3196716&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.selectedEngine: "WiseConvert Customized Web Search" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3196716&SearchSource=2&q=" FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_257.dll File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_32: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/07/02 12:52:46 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/05/21 23:12:55 | 000,000,000 | ---D | M] [2012/05/15 19:51:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\XXXX\AppData\Roaming\mozilla\Extensions [2012/07/05 14:14:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\XXXX\AppData\Roaming\mozilla\Firefox\Profiles\84gf9ft8.default\extensions [2012/05/22 22:02:51 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\XXXX\AppData\Roaming\mozilla\Firefox\Profiles\84gf9ft8.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2012/06/29 09:47:39 | 000,000,000 | ---D | M] (WiseConvert Community Toolbar) -- C:\Users\XXXX\AppData\Roaming\mozilla\Firefox\Profiles\84gf9ft8.default\extensions\{ebd898f8-fcf6-4694-bc3b-eabc7271eeb1} [2012/07/05 14:14:50 | 000,000,000 | ---D | M] (Advanced Cookie Manager) -- C:\Users\XXXX\AppData\Roaming\mozilla\Firefox\Profiles\84gf9ft8.default\extensions\cookiemgr@jayapal.com [2012/07/04 22:52:11 | 000,000,000 | ---D | M] (Yontoo) -- C:\Users\XXXX\AppData\Roaming\mozilla\Firefox\Profiles\84gf9ft8.default\extensions\plugin@yontoo.com [2012/05/17 17:21:39 | 000,000,000 | ---D | M] (LastPass) -- C:\Users\XXXX\AppData\Roaming\mozilla\Firefox\Profiles\84gf9ft8.default\extensions\support@lastpass.com [2012/06/30 14:55:48 | 000,000,853 | ---- | M] () -- C:\Users\XXXX\AppData\Roaming\Mozilla\Firefox\Profiles\84gf9ft8.default\searchplugins\11-suche.xml [2012/06/21 09:17:42 | 000,000,925 | ---- | M] () -- C:\Users\XXXX\AppData\Roaming\Mozilla\Firefox\Profiles\84gf9ft8.default\searchplugins\conduit.xml [2012/06/30 14:55:48 | 000,002,209 | ---- | M] () -- C:\Users\XXXX\AppData\Roaming\Mozilla\Firefox\Profiles\84gf9ft8.default\searchplugins\englische-ergebnisse.xml [2012/06/30 14:55:48 | 000,010,506 | ---- | M] () -- C:\Users\XXXX\AppData\Roaming\Mozilla\Firefox\Profiles\84gf9ft8.default\searchplugins\gmx-suche.xml [2012/06/29 20:04:56 | 000,001,056 | ---- | M] () -- C:\Users\XXXX\AppData\Roaming\Mozilla\Firefox\Profiles\84gf9ft8.default\searchplugins\icqplugin.xml [2012/06/30 14:55:48 | 000,002,368 | ---- | M] () -- C:\Users\XXXX\AppData\Roaming\Mozilla\Firefox\Profiles\84gf9ft8.default\searchplugins\lastminute.xml [2012/06/30 14:55:48 | 000,005,489 | ---- | M] () -- C:\Users\XXXX\AppData\Roaming\Mozilla\Firefox\Profiles\84gf9ft8.default\searchplugins\webde-suche.xml [2012/05/20 20:12:03 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012/07/02 12:52:46 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\distribution\extensions [2012/05/15 19:53:45 | 001,184,804 | ---- | M] () (No name found) -- C:\USERS\XXXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\84GF9FT8.DEFAULT\EXTENSIONS\TESTPILOT@LABS.MOZILLA.COM.XPI [2012/06/30 14:55:37 | 000,578,962 | ---- | M] () (No name found) -- C:\USERS\XXXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\84GF9FT8.DEFAULT\EXTENSIONS\TOOLBAR@WEB.DE.XPI [2012/07/02 12:52:45 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2010/01/12 22:03:50 | 000,063,488 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll [2012/06/27 11:49:24 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012/06/27 11:49:24 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012/06/27 11:49:24 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012/06/27 11:49:24 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012/06/27 11:49:24 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012/06/27 11:49:24 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009/06/10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\SnagIt 8\DLLx64\SnagItBHO64.dll (TechSmith Corporation) O2 - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\SnagIt 8\SnagItBHO.dll (TechSmith Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Yontoo) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll (Yontoo LLC) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ) O3 - HKLM\..\Toolbar: (SnagIt) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\SnagIt 8\SnagItIEAddin.dll (TechSmith Corporation) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4:64bit: - HKLM..\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronic Corp.) O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation) O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe (ASUS) O4 - HKLM..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe (ASUS) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [NeroFilterCheck] C:\Windows\SysWOW64\NeroCheck.exe (Ahead Software Gmbh) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKCU..\Run: [] C:\Users\XXXX\AppData\Local\Temp\zfguvbsoiblghw.exe (Razer) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32) O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0901F52D-E71C-4FD5-BB09-90BA4EF4E0CD}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{5bfcf825-a574-11e1-b019-e0cb4e111fc8}\Shell - "" = AutoRun O33 - MountPoints2\{5bfcf825-a574-11e1-b019-e0cb4e111fc8}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012/07/06 12:52:53 | 000,000,000 | ---D | C] -- C:\Users\XXXX\AppData\Roaming\Malwarebytes [2012/07/06 12:52:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012/07/06 12:52:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012/07/06 12:52:42 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012/07/06 12:52:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012/07/05 19:30:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\JDownloader [2012/07/05 19:30:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Brotherhood Software [2012/07/04 23:35:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\JDownloader 2 [2012/07/04 22:52:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\v-Grabber [2012/07/04 22:52:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Yontoo [2012/07/04 22:52:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Tarma Installer [2012/07/04 22:29:04 | 000,000,000 | ---D | C] -- C:\Users\XXXX\AppData\Local\Captcha_Brotherhood [2012/07/03 00:21:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0 [2012/06/30 15:54:33 | 000,000,000 | ---D | C] -- C:\Users\XXXX\AppData\Roaming\Nero [2012/06/30 15:23:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Nero [2012/06/30 15:22:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Nero [2012/06/30 15:22:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Nero [2012/06/30 15:14:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero [2012/06/30 15:13:49 | 000,106,496 | ---- | C] (Pegasus Software) -- C:\Windows\SysWow64\TwnLib20.dll [2012/06/30 15:13:48 | 000,155,648 | ---- | C] (Ahead Software Gmbh) -- C:\Windows\SysWow64\NeroCheck.exe [2012/06/30 15:13:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Ahead [2012/06/30 15:13:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ahead [2012/06/27 11:42:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus [2012/06/24 10:28:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Live Add-in [2012/06/24 10:28:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft [2012/06/21 21:04:45 | 000,000,000 | ---D | C] -- C:\Users\XXXX\Desktop\Noten [2012/06/21 20:56:42 | 000,000,000 | ---D | C] -- C:\Users\XXXX\Documents\SnagIt Katalog [2012/06/21 20:55:49 | 000,000,000 | ---D | C] -- C:\ProgramData\TechSmith [2012/06/21 20:55:42 | 000,000,000 | ---D | C] -- C:\Users\XXXX\AppData\Local\TechSmith [2012/06/21 20:55:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TechSmith [2012/06/21 20:55:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SnagIt 8 [2012/06/21 20:42:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET [2012/06/17 11:41:55 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee Security Scan [2012/06/17 11:41:53 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee [2012/06/17 11:41:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\McAfee Security Scan [2012/06/17 11:24:37 | 000,000,000 | ---D | C] -- C:\Users\XXXX\AppData\Roaming\Media Player Classic [2012/06/17 11:21:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack [2012/06/17 11:21:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\K-Lite Codec Pack [2012/06/16 22:28:56 | 000,000,000 | ---D | C] -- C:\Users\XXXX\Application Data [2012/06/16 22:27:09 | 000,000,000 | ---D | C] -- C:\Users\XXXX\AppData\Local\Macromedia [2012/06/13 22:07:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools [2012/06/13 22:07:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Designer [2012/06/13 22:07:01 | 000,000,000 | ---D | C] -- C:\Windows\Msagent [2012/06/13 22:06:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Office [2008/08/12 06:45:20 | 000,155,648 | ---- | C] (ASUS) -- C:\Program Files (x86)\Common Files\MSIactionall.dll ========== Files - Modified Within 30 Days ========== [2012/07/06 16:05:58 | 000,010,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012/07/06 16:05:58 | 000,010,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012/07/06 16:02:49 | 000,000,000 | ---- | M] () -- C:\Users\XXXX\defogger_reenable [2012/07/06 16:02:34 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012/07/06 16:02:34 | 000,654,166 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012/07/06 16:02:34 | 000,616,008 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012/07/06 16:02:34 | 000,130,006 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012/07/06 16:02:34 | 000,106,388 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012/07/06 15:57:46 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012/07/06 15:57:22 | 3220,529,152 | -HS- | M] () -- C:\hiberfil.sys [2012/07/06 15:22:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012/07/06 13:31:47 | 000,001,738 | ---- | M] () -- C:\Windows\SysNative\AutoRunFilter.ini [2012/07/06 13:11:10 | 000,001,655 | ---- | M] () -- C:\Windows\SysNative\ServiceFilter.ini [2012/07/06 12:52:43 | 000,001,115 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012/07/05 19:30:43 | 000,002,328 | ---- | M] () -- C:\Users\XXXX\Desktop\CBH Captcha Solver.lnk [2012/07/05 18:27:23 | 000,000,168 | ---- | M] () -- C:\Users\XXXX\AppData\Roaming\default.rss [2012/06/27 11:42:41 | 000,002,096 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2012/06/21 20:33:52 | 000,285,376 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012/06/13 22:08:21 | 000,000,400 | ---- | M] () -- C:\Windows\ODBC.INI ========== Files Created - No Company Name ========== [2012/07/06 16:02:49 | 000,000,000 | ---- | C] () -- C:\Users\XXXX\defogger_reenable [2012/07/06 12:52:43 | 000,001,115 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012/07/05 19:30:43 | 000,002,328 | ---- | C] () -- C:\Users\XXXX\Desktop\CBH Captcha Solver.lnk [2012/07/05 18:27:23 | 000,000,168 | ---- | C] () -- C:\Users\XXXX\AppData\Roaming\default.rss [2012/07/04 23:36:27 | 000,002,039 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Update.lnk [2012/07/04 23:36:27 | 000,002,039 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Deinstallationsprogramm.lnk [2012/07/04 23:36:27 | 000,001,983 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader 2.lnk [2012/06/17 11:41:53 | 000,002,096 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2012/06/17 11:21:22 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll [2012/06/13 22:08:21 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI [2012/06/13 22:07:38 | 000,002,715 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Excel.lnk [2012/06/13 22:07:38 | 000,002,703 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft PowerPoint.lnk [2012/06/13 22:07:38 | 000,002,683 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Word.lnk [2012/05/15 20:46:53 | 000,001,534 | ---- | C] () -- C:\ProgramData\ss.ini [2012/05/15 20:07:41 | 000,000,040 | -HS- | C] () -- C:\ProgramData\.zreglib [2012/05/15 10:13:12 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2012/04/06 03:29:34 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat [2012/04/06 03:29:34 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat [2012/03/09 14:06:14 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll [2012/01/08 00:21:50 | 006,366,094 | ---- | C] () -- C:\Windows\SysWow64\avcodec-lav-53.dll [2012/01/08 00:21:50 | 001,007,151 | ---- | C] () -- C:\Windows\SysWow64\avformat-lav-53.dll [2011/09/13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2011/03/02 07:57:44 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe [2011/03/02 07:57:40 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll [2011/03/02 07:57:40 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll [2011/03/02 07:57:40 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll [2011/03/02 07:57:40 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll [2009/04/08 19:31:56 | 000,106,496 | ---- | C] () -- C:\Program Files (x86)\Common Files\CPInstallAction.dll [2008/05/22 17:35:54 | 000,051,962 | ---- | C] () -- C:\Program Files (x86)\Common Files\banner.jpg ========== LOP Check ========== [2012/05/15 22:21:45 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\DAEMON Tools Lite [2012/05/30 21:44:25 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\ICQ [2012/07/05 13:55:14 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\Mp3tag [2012/05/25 15:17:10 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\Samsung [2012/05/25 18:48:36 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\Temp [2009/07/14 07:08:49 | 000,018,514 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > Code: 
  ATTFilter OTL Extras logfile created on: 7/6/2012 4:06:34 PM - Run 1
OTL by OldTimer - Version 3.2.53.1     Folder = C:\Users\XXXX\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4.00 Gb Total Physical Memory | 2.65 Gb Available Physical Memory | 66.25% Memory free
8.00 Gb Paging File | 6.33 Gb Available in Paging File | 79.17% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 74.52 Gb Total Space | 39.13 Gb Free Space | 52.51% Space Free | Partition Type: NTFS
Drive D: | 208.92 Gb Total Space | 12.56 Gb Free Space | 6.01% Space Free | Partition Type: NTFS
 
Computer Name: XXXX | User Name: XXXX | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"AutoUpdateDisableNotify" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02F2B793-C762-4DE1-BA25-7B2C664888A0}" = lport=138 | protocol=17 | dir=in | app=system | 
"{07EF8F31-2A59-45FC-97C8-29A5343CFB1D}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{18A3E7EF-38EB-4356-86E2-0C83DE8FA5AC}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{19CEF19F-1DB4-4CA7-A63C-67D0FF361BF1}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{1B7596EA-B7C4-49CA-9E9F-403D1085D1A7}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{208FDEEE-914D-4BAE-A244-7F2A05E48C82}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{23C67B78-388B-4958-8C53-BF1D732EB475}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{2ED2908C-4DFC-4E0A-8BDD-F933C21723B7}" = rport=137 | protocol=17 | dir=out | app=system | 
"{30D3865D-BC94-4EAC-9FC0-E496DBDE10FA}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{3AFBB47E-31B9-4DFD-997E-2BAA78B5994A}" = rport=138 | protocol=17 | dir=out | app=system | 
"{42057307-C778-42FB-B8E6-C9B61098DEBC}" = lport=445 | protocol=6 | dir=in | app=system | 
"{567A15C0-1299-42D8-AAA3-D5E6527971C1}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{58B0B87A-BE22-40D5-9470-7BFAB8FCB54D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{68123E04-D368-4148-9211-CEC311B4FD98}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{7B7ED4B8-B49A-4B69-A86E-570B246CD6EC}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe | 
"{90D175A1-DB31-4D27-9FF6-773350342A70}" = rport=139 | protocol=6 | dir=out | app=system | 
"{9D71084C-9020-47B6-BD5C-FB3E89FCEDBA}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{AD320B5B-F33C-4771-8A7A-D57C86A4A921}" = lport=137 | protocol=17 | dir=in | app=system | 
"{BAC5EEB2-A1D7-4D51-AA32-05CFAFFE9088}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{BDCD3FB9-D556-43F2-946A-83E18E04652D}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{C3B805BA-3A47-4F8B-B50C-666BA5D01595}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{CA5F316D-EC91-4A3C-BC6C-67BD4BE0EE0C}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{D0A7FEE9-F79B-40EA-B740-5190EFF4D33D}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{D70C9092-7BD9-4A64-B1BF-8EE59C068006}" = rport=445 | protocol=6 | dir=out | app=system | 
"{E2D1FB10-EFD3-436E-A44E-62CD400D8E1C}" = lport=139 | protocol=6 | dir=in | app=system | 
"{E97DCA6C-ECE2-4694-AAAF-7C9C8A0B74BD}" = lport=2869 | protocol=6 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0FD58F70-6F82-42A6-983E-C4B88BC7E7D9}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd11\common\mediaserver\clmsserverforpdvd11.exe | 
"{11275490-D433-49A8-94FF-77E97BD51959}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{1D9F4B56-6420-407F-960A-8BD3BDA2A9CC}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe | 
"{237ADCE9-E9BC-4586-8AF2-941A8D9BFBEE}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{2A71B319-4433-4599-8757-955F8F1F395B}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.5\icq.exe | 
"{2BC8330D-7A3E-41C3-8C6F-BEC66B14CFEF}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{2F593765-8717-4103-ABCB-CFC60039C263}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{3ABE48A1-CE9F-4301-A8F2-BB7201B0DAB3}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd11\powerdvd11.exe | 
"{4113A1F9-57BA-4CA2-85FD-B2CBB9988BF4}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.5\icq.exe | 
"{44AD043A-9238-4D37-BE97-BA3B6ECE168B}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd11\movie\moviemodule.exe | 
"{4E2FBDA4-E2B3-41CC-83C1-913CF8611FB9}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{551440C4-421C-44F7-ABF3-537B1C03D5E9}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{658C2492-DA79-4B3D-AA8C-5BAA29C42461}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{6DB0D47B-A709-4FE4-BD0F-DBAE025D9FA3}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd11\movie\powerdvd cinema\powerdvdcinema11.exe | 
"{726CDAE4-6F0D-4ADD-B974-6DCD436D2728}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{7805EB47-6DB6-440E-8FAB-79EA721B3705}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{7F8784E2-15CA-42EA-8345-20F60CE1DEC2}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{813174B3-BC56-4604-ABFE-492BFEB8323D}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{934E1510-D8BC-4E16-987C-7EF0B0ACA32D}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd11\pdvd11serv.exe | 
"{955DA87E-C8C0-435F-B4F5-93B99970CA8E}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe | 
"{A697DEE4-4609-4837-977E-2790E20E3ADF}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{A955CFB4-350E-45EB-84A4-9117D1E78071}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{AF279E52-86DE-43BF-BB5F-4CF9174CF2B5}" = protocol=6 | dir=out | app=system | 
"{B89ADABB-5765-4EF5-AC95-088EAC5B2229}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{C3B2F0A7-03A5-4924-AC78-892371AD1E3A}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{D36E159F-2510-4984-97E2-10B2B0690794}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{DBFA73EF-0BD7-4195-B509-C29DD85CE9D9}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{DF12E20A-C01D-4ABE-BBBD-58C18CBF4407}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.5\icq.exe | 
"{E8CD6107-E436-443E-ABF4-AF4C958680F0}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{EB1407F1-E0A3-44E1-9370-95B8BC909440}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{F32E33B2-EA5B-4B72-B899-CD0D76A21872}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.5\icq.exe | 
"TCP Query User{1EF9AC67-C2AB-4CC9-BF41-183DB87AD6BE}C:\program files (x86)\icq7.4\icq.exe" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.4\icq.exe | 
"TCP Query User{8B1648BE-CDEE-4B5C-982F-9D2FD6F55D96}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
"TCP Query User{C93EDE71-3941-477B-BDC8-9E082204F380}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe | 
"TCP Query User{EC20AB66-CDC5-4CC4-9A4F-59DBE407C27B}C:\program files (x86)\jdownloader 2\jdownloader 2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\jdownloader 2\jdownloader 2.exe | 
"UDP Query User{4853ECC6-8D95-4742-9632-E77EA2699825}C:\program files (x86)\icq7.4\icq.exe" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.4\icq.exe | 
"UDP Query User{4D3EBD1C-A7E2-4B2D-AC60-6A19FB3E5EE2}C:\program files (x86)\jdownloader 2\jdownloader 2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\jdownloader 2\jdownloader 2.exe | 
"UDP Query User{66C4C244-B793-44C5-8F12-F35891E1272B}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
"UDP Query User{858D137D-FF21-4CA0-B535-B43D400270E9}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{13F4A7F3-EABC-4261-AF6B-1317777F0755}" = Fast Boot
"{1686C4D1-B1FD-42E8-B7A8-FB4C4DBA5BA8}" = ASUS Power4Gear Hybrid
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{389D85F6-D005-095E-3C49-3675754B41F8}" = AMD Drag and Drop Transcoding
"{4B6B024F-F6D4-4A7B-8ADA-F9F8370320CC}" = SRS Premium Sound
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5DBC38C9-D776-3050-FD3E-F4B5E99CCDDC}" = AMD Fuel
"{63591AAA-97F0-24A8-3EBD-174B5E35D6BF}" = ccc-utility64
"{63FC1F01-1232-B654-0C07-E1CD91B760E0}" = AMD Media Foundation Decoders
"{82C9101B-36EC-5821-DD8B-05480074A0B8}" = AMD Catalyst Install Manager
"{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo 1.10.02
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
"{F4F0546E-E0F2-5D87-A502-B0B2FBFDD7CD}" = AMD Accelerated Video Transcoding
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Elantech" = ETDWare PS/2-x64 7.0.5.5_WHQL
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"USB 2.0 1.3M UVC WebCam" = USB 2.0 1.3M UVC WebCam
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02627ee5-eaca-4742-a9cc-e687631773e4}" = Nero ShowTime
"{02D0DF6E-BE8D-66B0-3C3F-ED0F395DF765}" = CCC Help Finnish
"{086a7d8c-0a38-4c7f-819a-620275550d5c}" = Nero BurningROM
"{0969AF05-4FF6-4C00-9406-43599238DE0D}" = ASUS Splendid Video Enhancement Technology
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0F0447B4-6DDD-4831-933A-1EDF52091150}" = SnagIt 8
"{1395B38D-5889-19E5-D02E-BD1A02BF373B}" = CCC Help Spanish
"{13D5F9B6-D70A-DCCA-A00D-E43839CDFA83}" = CCC Help Chinese Standard
"{1410D707-A9C3-2E70-9476-2427EC18134F}" = CCC Help Turkish
"{1c00c7c5-e615-4139-b817-7f4003de68c0}" = Nero PhotoSnap Help
"{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = ASUS LifeFrame3
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2010100b-ec0d-4b02-be23-f2ad4a498994}" = Nero 9
"{20400dbd-e6db-45b8-9b6b-1dd7033818ec}" = Nero InfoTool
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{20FDF948-C8ED-4543-A539-F7F4AEF5AFA2}" = Wireless Console 3
"{2348b586-c9ae-46ce-936c-a68e9426e214}" = Nero StartSmart Help
"{26A24AE4-039D-4CA4-87B4-2F83216032FF}" = Java(TM) 6 Update 32
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Client Installation Program
"{33cf58f5-48d8-4575-83d6-96f574e4d83a}" = Nero DriveSpeed
"{359cfc0a-beb1-440d-95ba-cf63a86da34f}" = Nero Recode
"{368ba326-73ad-4351-84ed-3c0a7a52cc53}" = Nero Rescue Agent
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3B05F2FB-745B-4012-ADF2-439F36B2E70B}" = ATKOSD2
"{43e39830-1826-415d-8bae-86845787b54b}" = Nero Vision
"{46AFD359-AAE9-2843-B7CE-10FB46C76E99}" = CCC Help German
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4F5B18A3-E921-4FFE-BEF4-ACBB98964FC2}" = AMD USB Filter Driver
"{501451DE-5808-4599-B544-8BD0915B6B24}_is1" = FreeRIP v3.2
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57D5FAFB-30E8-63EB-D4F7-07298597578F}" = AMD VISION Engine Control Center
"{595a3116-40bb-4e0f-a2e8-d7951da56270}" = NeroExpress
"{5B65EF64-1DFA-414A-8C94-7BB726158E21}" = ControlDeck
"{5CAA69CD-9C1B-5604-B14B-8FAC2BC5E228}" = Catalyst Control Center InstallProxy
"{5d9be3c1-8ba4-4e7e-82fd-9f74fa6815d1}" = Nero Vision
"{5e08ecd1-c98e-4711-bf65-8fd736b3f969}" = Nero RescueAgent Help
"{60c731fb-c951-41ce-ad41-8e54c8594609}" = Nero Disc Copy Gadget Help
"{62ac81f6-bdd3-4110-9d36-3e9eaab40999}" = Nero CoverDesigner
"{64452561-169F-4A36-A2FF-B5E118EC65F5}" = ASUS SmartLogon
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6B77A7F6-DD63-4F13-A6FF-83137A5AC354}" = ASUS CopyProtect
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7322467B-FAD1-5529-C4EF-7EA4BC17C0A2}" = CCC Help Korean
"{74E4B282-F25A-53A1-BBA5-7A3EFB90FAF4}" = CCC Help Japanese
"{7578ADEA-D65F-4C89-A249-B1C88B6FFC20}" = ICQ7.5
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{7748ac8c-18e3-43bb-959b-088faea16fb2}" = Nero StartSmart
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{77e33d87-255e-413e-9c8d-eed2a7f9bebf}" = Nero Live Help
"{7829db6f-a066-4e40-8912-cb07887c20bb}" = Nero BurnRights
"{7C05592D-424B-46CB-B505-E0013E8E75C9}" = ATK Hotkey
"{83202942-84b3-4c50-8622-b8c0aa2d2885}" = Nero Express
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{869200db-287a-4dc0-b02b-2b6787fbcd4c}" = Nero DiscSpeed
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver
"{8AC115AA-27D2-4024-6E7D-D9FCD93D0487}" = CCC Help Portuguese
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8F21291E-0444-4B1D-B9F9-4370A73E346D}" = WinFlash
"{90280407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional mit FrontPage
"{914544F7-4EB6-9F54-6217-D76997EB9E06}" = Catalyst Control Center InstallProxy
"{91EDBF6E-2260-646A-4D80-CB0802132736}" = Catalyst Control Center Localization All
"{931AED36-CF8A-F34F-8C13-5C19010DF6C6}" = CCC Help French
"{98a67610-a3b5-4098-a423-3708040026d3}" = "Nero SoundTrax Help
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D48531D-2135-49FC-BC29-ACCDA5396A76}" = ASUS MultiFrame
"{9E75789D-E176-A72B-DE9E-D2AE63FE601B}" = Catalyst Control Center Graphics Previews Common
"{9e82b934-9a25-445b-b8df-8012808074ac}" = Nero PhotoSnap
"{9F711CB6-8E76-63DA-6ABA-C21B7C839CA5}" = CCC Help Russian
"{A0E52598-872B-9E9A-181F-1A80C6AA4493}" = CCC Help Italian
"{a209525b-3377-43f4-b886-32f6b6e7356f}" = Nero WaveEditor
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch
"{ad6bc5cc-2ef0-49c4-b33d-cdc8b2c4dc80}" = Nero Recode Help
"{b1adf008-e898-4fe2-8a1f-690d9a06acaf}" = DolbyFiles
"{b2ec4a38-b545-4a00-8214-13fe0e915e6d}" = Advertising Center
"{b78120a0-cf84-4366-a393-4d0a59bc546c}" = Menu Templates - Starter Kit
"{bd5ca0da-71ad-43da-b19e-6eee0c9adc9a}" = Nero ControlCenter
"{BFA7A60F-D018-AF0D-47E9-A13D0219E86A}" = CCC Help Thai
"{C3C35CB3-82B6-F36F-B39A-B2AFAA74F7D2}" = CCC Help Norwegian
"{C47C2F4D-4419-D823-C272-325FD9B92415}" = CCC Help Czech
"{c5a7cb6c-e76d-408f-ba0e-85605420fe9d}" = SoundTrax
"{C68C6E34-A103-F7BC-8682-C1C4190BAC1F}" = CCC Help Greek
"{cc019e3f-59d2-4486-8d4b-878105b62a71}" = Nero DiscSpeed
"{CCD438F0-5D72-4945-9E72-6560C7E5E0D0}" = Captcha Brotherhood
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{ce96f5a5-584d-4f8f-aa3e-9baed413db72}" = Nero CoverDesigner Help
"{D0251102-442C-6FE0-4FDC-2ACF2AD2A2A5}" = CCC Help English
"{d025a639-b9c9-417d-8531-208859000af8}" = NeroBurningROM
"{D1E5870E-E3E5-4475-98A6-ADD614524ADF}" = ATK Media
"{D2A90CAF-AF34-C526-D4C7-AE4FF4547B66}" = CCC Help Polish
"{D3D54F3E-C5C3-443D-978F-87A72E5616E8}" = ATK Generic Function Service
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{d9dcf92e-72eb-412d-ac71-3b01276e5f8b}" = Nero ShowTime
"{DA41F9E9-B878-467F-95E7-27E4D1943533}" = Multimedia Card Reader
"{df6a95f5-adc1-406a-bdc6-2aa7cc0182aa}" = Nero Live
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E19490CD-5380-4F37-B0A7-624D635605DC}" = Catalyst Control Center - Branding
"{e498385e-1c51-459a-b45f-1721e37aa1a0}" = Movie Templates - Starter Kit
"{E5C76964-F17B-7FCB-958F-1C067A2D217C}" = CCC Help Swedish
"{e5c7d048-f9b4-4219-b323-8bdb01a2563d}" = Nero DriveSpeed
"{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}" = ASUS Live Update
"{E7E76AEC-266C-C1A0-E39B-21AB97402CA1}" = CCC Help Chinese Traditional
"{E7F12C4C-9932-A039-4FAC-CAD1672EB633}" = CCC Help Hungarian
"{e8631efb-6b9a-426c-b1ce-e7173ca26bf8}" = Nero WaveEditor Help
"{e8a80433-302b-4ff1-815d-fcc8eac482ff}" = Nero Installer
"{EBE9A607-31AB-696D-5220-5098B61AA9B2}" = CCC Help Dutch
"{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}" = ASUS Virtual Camera
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0DF4513-3C4C-4EB8-8012-2C5F70AF3988}" = ASUS FancyStart
"{f1861f30-3419-44db-b2a1-c274825698b3}" = Nero Disc Copy Gadget
"{F232C87C-6E92-4775-8210-DFE90B7777D9}" = CyberLink PowerDVD 11
"{f4041dce-3fe1-4e18-8a9e-9de65231ee36}" = Nero ControlCenter
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{f6bdd7c5-89ed-4569-9318-469aa9732572}" = Nero BurnRights
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FA2092C5-7979-412D-A962-6485274AE1EE}" = ASUS Data Security Manager
"{fbcdfd61-7dcf-4e71-9226-873ba0053139}" = Nero InfoTool
"{FFAF4DB9-943E-97E5-051C-DC6C4E7094C0}" = CCC Help Danish
"0630-0716-3135-7887" = JDownloader 2
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AnyDVD" = AnyDVD
"ASUS_Screensaver" = ASUS_Screensaver
"Avira AntiVir Desktop" = Avira Free Antivirus
"DAEMON Tools Lite" = DAEMON Tools Lite
"DVDFab 8 Qt_is1" = DVDFab 8.1.7.8 (17/04/2012) Qt
"ICQToolbar" = ICQ Toolbar
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Platform Device Manager
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"InstallShield_{F232C87C-6E92-4775-8210-DFE90B7777D9}" = CyberLink PowerDVD 11
"KLiteCodecPack_is1" = K-Lite Codec Pack 8.8.0 (Full)
"LastPass" = LastPass (uninstall only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"McAfee Security Scan" = McAfee Security Scan Plus
"Mozilla Firefox 14.0 (x86 de)" = Mozilla Firefox 14.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Mp3tag" = Mp3tag v2.50
"USB Mass Storage Filter Driver" = Multimedia Card Reader
"VLC media player" = VLC media player 2.0.1
"Winamp" = Winamp
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Winamp Detect" = Winamp Anwendungserkennung
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 6/25/2012 4:47:24 AM | Computer Name = XXXX | Source = MsiInstaller | ID = 11500
Description = 
 
Error - 6/25/2012 4:47:27 AM | Computer Name = XXXX | Source = MsiInstaller | ID = 11500
Description = 
 
Error - 6/25/2012 11:09:16 AM | Computer Name = XXXX | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files
 (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
 Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
 AIR.dll" in Zeile 3.  Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
 des "version"-Attributs im assemblyIdentity-Element ist ungültig.
 
Error - 6/25/2012 2:35:13 PM | Computer Name = XXXX | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: FlashPlayerPlugin_11_3_300_257.exe,
 Version: 11.3.300.257, Zeitstempel: 0x4fc82063  Name des fehlerhaften Moduls: NPSWF32_11_3_300_257.dll,
 Version: 11.3.300.257, Zeitstempel: 0x4fc821fc  Ausnahmecode: 0xc0000005  Fehleroffset:
 0x000ccb60  ID des fehlerhaften Prozesses: 0xef4  Startzeit der fehlerhaften Anwendung:
 0x01cd530063fc409b  Pfad der fehlerhaften Anwendung: C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_257.exe
Pfad
 des fehlerhaften Moduls: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll
Berichtskennung:
 7fdb03c3-bef4-11e1-92d2-e0cb4e111fc8
 
Error - 6/25/2012 2:55:20 PM | Computer Name = XXXX | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: FlashPlayerPlugin_11_3_300_257.exe,
 Version: 11.3.300.257, Zeitstempel: 0x4fc82063  Name des fehlerhaften Moduls: NPSWF32_11_3_300_257.dll,
 Version: 11.3.300.257, Zeitstempel: 0x4fc821fc  Ausnahmecode: 0xc0000005  Fehleroffset:
 0x000ccb60  ID des fehlerhaften Prozesses: 0x10e4  Startzeit der fehlerhaften Anwendung:
 0x01cd5302960dbd1d  Pfad der fehlerhaften Anwendung: C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_257.exe
Pfad
 des fehlerhaften Moduls: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll
Berichtskennung:
 4f995e7d-bef7-11e1-92d2-e0cb4e111fc8
 
Error - 6/25/2012 6:31:22 PM | Computer Name = XXXX | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files
 (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
 Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
 AIR.dll" in Zeile 3.  Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
 des "version"-Attributs im assemblyIdentity-Element ist ungültig.
 
Error - 6/26/2012 4:14:37 AM | Computer Name = XXXX | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: plugin-container.exe, Version: 13.0.0.4534,
 Zeitstempel: 0x4fc8243c  Name des fehlerhaften Moduls: NPSWF32_11_3_300_257.dll_unloaded,
 Version: 0.0.0.0, Zeitstempel: 0x4fc821fc  Ausnahmecode: 0xc0000005  Fehleroffset: 
0x65ae9903  ID des fehlerhaften Prozesses: 0xf48  Startzeit der fehlerhaften Anwendung:
 0x01cd537318f64c93  Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Mozilla
 Firefox\plugin-container.exe  Pfad des fehlerhaften Moduls: NPSWF32_11_3_300_257.dll
Berichtskennung:
 f7b72562-bf66-11e1-92d2-e0cb4e111fc8
 
Error - 6/26/2012 6:30:55 PM | Computer Name = XXXX | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files
 (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
 Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
 AIR.dll" in Zeile 3.  Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
 des "version"-Attributs im assemblyIdentity-Element ist ungültig.
 
Error - 6/27/2012 2:25:21 PM | Computer Name = XXXX | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: FlashPlayerPlugin_11_3_300_257.exe,
 Version: 11.3.300.257, Zeitstempel: 0x4fc82063  Name des fehlerhaften Moduls: NPSWF32_11_3_300_257.dll,
 Version: 11.3.300.257, Zeitstempel: 0x4fc821fc  Ausnahmecode: 0xc0000005  Fehleroffset:
 0x0016b4ac  ID des fehlerhaften Prozesses: 0x11c4  Startzeit der fehlerhaften Anwendung:
 0x01cd548fc6ac21f5  Pfad der fehlerhaften Anwendung: C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_257.exe
Pfad
 des fehlerhaften Moduls: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll
Berichtskennung:
 741d4901-c085-11e1-92d2-e0cb4e111fc8
 
Error - 6/28/2012 3:46:36 AM | Computer Name = XXXX | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files
 (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
 Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
 AIR.dll" in Zeile 3.  Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
 des "version"-Attributs im assemblyIdentity-Element ist ungültig.
 
[ System Events ]
Error - 7/6/2012 5:46:22 AM | Computer Name = XXXX | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 7/6/2012 5:46:22 AM | Computer Name = XXXX | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 7/6/2012 5:46:22 AM | Computer Name = XXXX | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 7/6/2012 5:46:22 AM | Computer Name = XXXX | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 7/6/2012 5:46:56 AM | Computer Name = XXXX | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 7/6/2012 5:46:56 AM | Computer Name = XXXX | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 7/6/2012 5:46:56 AM | Computer Name = XXXX | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 7/6/2012 5:46:56 AM | Computer Name = XXXX | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 7/6/2012 5:46:56 AM | Computer Name = XXXX | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 7/6/2012 5:46:56 AM | Computer Name = XXXX | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
 
< End of report >
          | 
| Themen zu Bundespolizei Trojaner bei Win 7 64 Bit | 
| antivir, autorun, avira, bho, desktop, device driver, error, fehler, firefox, flash player, gfnexsrv.exe, helper, heuristiks/extra, heuristiks/shuriken, home, install.exe, langs, logfile, mozilla, mp3, msiinstaller, netzwerk, plug-in, realtek, registry, richtlinie, scan, searchscopes, security, software, svchost.exe, tarma, trojaner, usb, usb 2.0, vdeck.exe, virus, win 7 64 bit, yontoo |