Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Bundeskriminalamt virus:-( sperrt mir internet!

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 31.07.2012, 13:12   #1
esta
 
Bundeskriminalamt virus:-( sperrt mir internet! - Standard

Bundeskriminalamt virus:-( sperrt mir internet!



Ich bin leider wie viele andere von diesem virus angegriffen worden!!!
ich hab mir auch schon die malwarebytes-Anti-Malware gedownloaded und auch schon durch laufen lassen auch eset aber er ist immer noch nicht weg...:-(
ich wäre sehr froh über eure hilfe!!!
Liebe Grüße schon mal

ps die Logs stelle ich gerne bei anfrage rein!!!

Alt 31.07.2012, 13:40   #2
markusg
/// Malware-holic
 
Bundeskriminalamt virus:-( sperrt mir internet! - Standard

Bundeskriminalamt virus:-( sperrt mir internet!



hi
logs einstellen bitte.
__________________

__________________

Alt 31.07.2012, 13:48   #3
esta
 
Bundeskriminalamt virus:-( sperrt mir internet! - Standard

Bundeskriminalamt virus:-( sperrt mir internet!



Code:
ATTFilter
 Malwarebytes Anti-Malware  (Test) 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.07.31.04

Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
Familie :: GG-HP [Administrator]

Schutz: Aktiviert

31.07.2012 10:14:51
mbam-log-2012-07-31 (10-14-51).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|F:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 410737
Laufzeit: 2 Stunde(n), 5 Minute(n), 36 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Users\Familie.GG-HP\AppData\Local\Temp\deo0_sar.exe (Exploit.Drop.GS) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
         
das war der erste ich hab noch einen, einen Moment

Code:
ATTFilter
 Malwarebytes Anti-Malware  (Test) 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.07.31.07

Windows 7 x64 NTFS (Abgesichertenmodus/Netzwerkfähig)
Internet Explorer 9.0.8112.16421
Familie :: GG-HP [Administrator]

Schutz: Deaktiviert

31.07.2012 12:56:57
mbam-log-2012-07-31 (12-56-57).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|F:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 210259
Laufzeit: 47 Minute(n), 10 Sekunde(n) [Abgebrochen]

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         
und der von eset:

Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=777e179e9f521342836c50e91d95e6e5
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-07-31 07:57:16
# local_time=2012-07-31 09:57:16 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7600 NT 
# compatibility_mode=5893 16776573 100 94 22883 95345078 0 0
# compatibility_mode=8192 67108863 100 0 176 176 0 0
# scanned=196545
# found=8
# cleaned=0
# scan_time=6229
C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe	a variant of Win32/Toolbar.Widgi application (unable to clean)	00000000000000000000000000000000	I
C:\Program Files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll	a variant of Win32/Toolbar.Widgi application (unable to clean)	00000000000000000000000000000000	I
C:\Program Files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.5	a variant of Win32/Toolbar.Widgi application (unable to clean)	00000000000000000000000000000000	I
C:\Program Files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.6	a variant of Win32/Toolbar.Widgi application (unable to clean)	00000000000000000000000000000000	I
C:\Program Files (x86)\pdfforge Toolbar\IE\4.6\pdfforgeToolbarIE.dll	a variant of Win32/Toolbar.Widgi application (unable to clean)	00000000000000000000000000000000	I
C:\Users\Familie.GG-HP\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28\49768cdc-1432644b	Java/Exploit.CVE-2012-0507.DI trojan (unable to clean)	00000000000000000000000000000000	I
C:\Users\Familie.GG-HP\Downloads\VeohWebPlayerSetup_eng.exe	Win32/Toolbar.Zugo application (unable to clean)	00000000000000000000000000000000	I
C:\Windows\Installer\211dbd.msi	a variant of Win32/Toolbar.Widgi application (unable to clean)	00000000000000000000000000000000	I
         
bitte schön!!!
__________________

Alt 31.07.2012, 13:54   #4
markusg
/// Malware-holic
 
Bundeskriminalamt virus:-( sperrt mir internet! - Standard

Bundeskriminalamt virus:-( sperrt mir internet!



danke
wenn du jetzt neustartest, kommt da der sperr bildschirm noch?
falls ja, starte erneut neu in den abesicherten mdosu mit netzwerk, bei pc start über f8 zu erreichen
falls nicht, im normalen modus arbeiten.
die arbeitsschritte gelten für beide modi.
danach:
für eine weitere analyse benötige ich mal folgendes.
c:\Users\name\AppData\LocalLow\Sun\Java\Deployment\cache
dort rechtsklick auf den ordner cache, diesen mit winrar oder einem anderen programm packen, und im upload channel hochladen bitte
Trojaner-Board Upload Channel
Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die
    OTL.exe
    .
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Kopiere nun den Inhalt in die
    Textbox.
Code:
ATTFilter
activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
         
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Kopiere
    nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 31.07.2012, 15:22   #5
esta
 
Bundeskriminalamt virus:-( sperrt mir internet! - Standard

Bundeskriminalamt virus:-( sperrt mir internet!



so hier sind die logs:
OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 7/31/2012 2:29:35 PM - Run 1
OTL by OldTimer - Version 3.2.55.0     Folder = C:\Users\Familie.GG-HP\Downloads
64bit- Professional  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1.75 Gb Total Physical Memory | 1.03 Gb Available Physical Memory | 59.24% Memory free
3.49 Gb Paging File | 2.98 Gb Available in Paging File | 85.19% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 280.79 Gb Total Space | 223.99 Gb Free Space | 79.77% Space Free | Partition Type: NTFS
Drive F: | 1.99 Gb Total Space | 1.98 Gb Free Space | 99.64% Space Free | Partition Type: FAT32
 
Computer Name: GG-HP | User Name: Familie | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Familie.GG-HP\Downloads\OTL.exe (OldTimer Tools)
 
 
========== Modules (No Company Name) ==========
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV:64bit: - (STacSV) -- C:\Program Files\IDT\WDM\STacSV64.exe (IDT, Inc.)
SRV:64bit: - (AESTFilters) -- C:\Program Files\IDT\WDM\AESTSr64.exe (Andrea Electronics Corporation)
SRV:64bit: - (NitroReaderDriverReadSpool2) -- C:\Program Files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe (Nitro PDF Software)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (btwdins) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
SRV:64bit: - (HP Wireless Assistant Service) -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe (Hewlett-Packard)
SRV:64bit: - (AgereModemAudio) -- C:\Program Files\LSI SoftModem\agr64svc.exe (LSI Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirWebService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira Operations GmbH & Co. KG)
SRV - (AntiVirMailService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (PCSUService) -- C:\Program Files (x86)\PC Beschleunigen\PCSUService.exe ()
SRV - (HPDrvMntSvc.exe) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company)
SRV - (hpHotkeyMonitor) -- C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe (Hewlett-Packard Company)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (pdfcDispatcher) -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe (PDF Complete Inc)
SRV - (McComponentHostService) -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (ServiceLayer) -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe (Nokia.)
SRV - (PSI_SVC_2) -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
SRV - (IJPLMSVC) -- C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE ()
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH)
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (aswSnx) -- C:\windows\SysNative\drivers\aswSnx.sys (AVAST Software)
DRV:64bit: - (aswSP) -- C:\windows\SysNative\drivers\aswSP.sys (AVAST Software)
DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (AVAST Software)
DRV:64bit: - (aswTdi) -- C:\windows\SysNative\drivers\aswTdi.sys (AVAST Software)
DRV:64bit: - (aswRdr) -- C:\Windows\SysNative\drivers\aswRdr2.sys (AVAST Software)
DRV:64bit: - (aswFsBlk) -- C:\windows\SysNative\drivers\aswFsBlk.sys (AVAST Software)
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (Fs_Rec) -- C:\windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (STHDA) -- C:\Windows\SysNative\drivers\stwrt64.sys (IDT, Inc.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (vpcbus) -- C:\Windows\SysNative\drivers\vpchbus.sys (Microsoft Corporation)
DRV:64bit: - (vpcusb) -- C:\Windows\SysNative\drivers\vpcusb.sys (Microsoft Corporation)
DRV:64bit: - (vpcnfltr) -- C:\Windows\SysNative\drivers\vpcnfltr.sys (Microsoft Corporation)
DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation)
DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (btwaudio) -- C:\Windows\SysNative\drivers\btwaudio.sys (Broadcom Corporation.)
DRV:64bit: - (btwavdt) -- C:\Windows\SysNative\drivers\btwavdt.sys (Broadcom Corporation.)
DRV:64bit: - (btwrchid) -- C:\Windows\SysNative\drivers\btwrchid.sys (Broadcom Corporation.)
DRV:64bit: - (epmntdrv) -- C:\Windows\SysNative\epmntdrv.sys ()
DRV:64bit: - (EuGdiDrv) -- C:\Windows\SysNative\EuGdiDrv.sys ()
DRV:64bit: - (btwampfl) -- C:\Windows\SysNative\drivers\btwampfl.sys (Broadcom Corporation.)
DRV:64bit: - (TFsExDisk) -- C:\Windows\SysNative\drivers\TFsExDisk.sys (Teruten Inc)
DRV:64bit: - (rtsuvc) -- C:\Windows\SysNative\drivers\rtsuvc.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (ss_bmdm) -- C:\Windows\SysNative\drivers\ss_bmdm.sys (MCCI Corporation)
DRV:64bit: - (ss_bbus) -- C:\Windows\SysNative\drivers\ss_bbus.sys (MCCI)
DRV:64bit: - (ss_bmdfl) -- C:\Windows\SysNative\drivers\ss_bmdfl.sys (MCCI Corporation)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (AtiPcie) -- C:\Windows\SysNative\drivers\AtiPcie64.sys (Advanced Micro Devices Inc.)
DRV:64bit: - (btwl2cap) -- C:\Windows\SysNative\drivers\btwl2cap.sys (Broadcom Corporation.)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (HpqKbFiltr) -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys (Hewlett-Packard Company)
DRV:64bit: - (vpcvmm) -- C:\Windows\SysNative\drivers\vpcvmm.sys (Microsoft Corporation)
DRV:64bit: - (AgereSoftModem) -- C:\Windows\SysNative\drivers\agrsm64.sys (LSI Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (usb_rndisx) -- C:\Windows\SysNative\drivers\usb8023x.sys (Microsoft Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (TPM) -- C:\Windows\SysNative\drivers\tpm.sys (Microsoft Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (pccsmcfd) -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys (Nokia)
DRV - (epmntdrv) -- C:\Windows\SysWOW64\epmntdrv.sys ()
DRV - (EuGdiDrv) -- C:\Windows\SysWOW64\EuGdiDrv.sys ()
DRV - (TFsExDisk) -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys (Teruten Inc)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCOM/10
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPCOM/10
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {D7C5183A-7397-4D9C-9B0E-BC8D16744586}
IE:64bit: - HKLM\..\SearchScopes\{D7C5183A-7397-4D9C-9B0E-BC8D16744586}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCOM/10
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPCOM/10
IE - HKLM\..\URLSearchHook: {707db484-2428-402d-afb5-d85b387544c7} - C:\Program Files (x86)\Mario_Forever\prxtbMari.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {D7C5183A-7397-4D9C-9B0E-BC8D16744586}
IE - HKLM\..\SearchScopes\{D7C5183A-7397-4D9C-9B0E-BC8D16744586}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-1998016419-1850255896-693874555-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCOM/10
IE - HKU\S-1-5-21-1998016419-1850255896-693874555-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2247187
IE - HKU\S-1-5-21-1998016419-1850255896-693874555-1002\..\URLSearchHook: {707db484-2428-402d-afb5-d85b387544c7} - C:\Program Files (x86)\Mario_Forever\prxtbMari.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-1998016419-1850255896-693874555-1002\..\SearchScopes,DefaultScope = {D7C5183A-7397-4D9C-9B0E-BC8D16744586}
IE - HKU\S-1-5-21-1998016419-1850255896-693874555-1002\..\SearchScopes\{2C6E980D-57DF-4D2E-9EDF-FA445BCC3AE1}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2247187
IE - HKU\S-1-5-21-1998016419-1850255896-693874555-1002\..\SearchScopes\{4BF8CD25-2826-4F33-8987-EC357FA97860}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=827316&p={searchTerms}
IE - HKU\S-1-5-21-1998016419-1850255896-693874555-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..CT2247187.browser.search.defaultthis.engineName: true
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=827316"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://de-de.facebook.com/"
FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2247187&SearchSource=2&q="
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_3_300_268.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_268.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpWinExt,version=5.0: C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2237.0\npwinext.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nitropdf.com/NitroPDF: C:\Program Files (x86)\Nitro PDF\Reader 2\npnitromozilla.dll ( )
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\msntoolbar@msn.com: C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2237.0\Firefox [2010/09/09 03:09:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2010/09/09 03:09:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2010/09/09 03:09:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/07/05 11:00:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/04/21 07:40:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/06/18 21:04:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012/06/30 20:17:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
 
[2011/06/14 21:52:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Familie.GG-HP\AppData\Roaming\mozilla\Extensions
[2012/07/18 08:44:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Familie.GG-HP\AppData\Roaming\mozilla\Firefox\Profiles\j9crxxxf.default\extensions
[2012/06/29 22:15:41 | 000,000,853 | ---- | M] () -- C:\Users\Familie.GG-HP\AppData\Roaming\Mozilla\Firefox\Profiles\j9crxxxf.default\searchplugins\11-suche.xml
[2012/07/18 08:38:12 | 000,000,919 | ---- | M] () -- C:\Users\Familie.GG-HP\AppData\Roaming\Mozilla\Firefox\Profiles\j9crxxxf.default\searchplugins\conduit.xml
[2012/06/29 22:15:41 | 000,002,209 | ---- | M] () -- C:\Users\Familie.GG-HP\AppData\Roaming\Mozilla\Firefox\Profiles\j9crxxxf.default\searchplugins\englische-ergebnisse.xml
[2012/06/29 22:15:40 | 000,010,506 | ---- | M] () -- C:\Users\Familie.GG-HP\AppData\Roaming\Mozilla\Firefox\Profiles\j9crxxxf.default\searchplugins\gmx-suche.xml
[2012/06/29 22:15:41 | 000,002,368 | ---- | M] () -- C:\Users\Familie.GG-HP\AppData\Roaming\Mozilla\Firefox\Profiles\j9crxxxf.default\searchplugins\lastminute.xml
[2012/06/29 22:15:40 | 000,005,489 | ---- | M] () -- C:\Users\Familie.GG-HP\AppData\Roaming\Mozilla\Firefox\Profiles\j9crxxxf.default\searchplugins\webde-suche.xml
[2012/06/15 14:44:37 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2011/08/30 16:50:09 | 000,000,000 | ---D | M] (pdfforge Toolbar) -- C:\PROGRAM FILES (X86)\PDFFORGE TOOLBAR\FF
[2012/04/21 07:40:40 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/03/03 14:46:34 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011/12/09 19:23:32 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2012/03/03 14:33:44 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012/03/03 14:33:44 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/03/03 14:33:44 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012/03/03 14:33:44 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012/03/03 14:33:44 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012/03/03 14:33:44 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - homepage: hxxp://search.conduit.com/?ctid=CT2247187&SearchSource=48&sspv=CHOB15
CHR - homepage: hxxp://search.conduit.com/?ctid=CT2247187&SearchSource=48&sspv=CHOB15
CHR - Extension: YouTube = C:\Users\Familie.GG-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google-Suche = C:\Users\Familie.GG-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: avast! WebRep = C:\Users\Familie.GG-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1456_0\
CHR - Extension: Mario Forever = C:\Users\Familie.GG-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\jllpjckabhalgdienlngoikeehalibei\2.3.4.980_0\
CHR - Extension: Google Mail = C:\Users\Familie.GG-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2009/06/10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2 - BHO: (Mario Forever Toolbar) - {707db484-2428-402d-afb5-d85b387544c7} - C:\Program Files (x86)\Mario_Forever\prxtbMari.dll (Conduit Ltd.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files (x86)\pdfforge Toolbar\IE\4.6\pdfforgeToolbarIE.dll (Spigot, Inc.)
O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2237.0\npwinext.dll (Microsoft Corporation)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Mario Forever Toolbar) - {707db484-2428-402d-afb5-d85b387544c7} - C:\Program Files (x86)\Mario_Forever\prxtbMari.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (@C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2237.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2237.0\npwinext.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files (x86)\pdfforge Toolbar\IE\4.6\pdfforgeToolbarIE.dll (Spigot, Inc.)
O3 - HKU\S-1-5-21-1998016419-1850255896-693874555-1002\..\Toolbar\WebBrowser: (Mario Forever Toolbar) - {707DB484-2428-402D-AFB5-D85B387544C7} - C:\Program Files (x86)\Mario_Forever\prxtbMari.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [CanonSolutionMenu] C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe ()
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NOBuActivation.exe (Symantec Corporation)
O4 - HKLM..\Run: [NPSStartup]  File not found
O4 - HKLM..\Run: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe (PDF Complete Inc)
O4 - HKLM..\Run: [QLBController] C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Familie.GG-HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O4 - Startup: C:\Users\GG\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000020 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKLM\..Trusted Domains: //about.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Exclude.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //FWEvent.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //LanguageSelection.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Message.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //MyAgttryCmd.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //MyAgttryNag.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //MyNotification.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //NOCLessUpdate.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //quarantine.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //ScanNow.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //strings.vbs/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Template.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Update.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //VirFound.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafee.com ([*] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafee.com ([*] https in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([betavscan] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([betavscan] https in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([vs] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([vs] https in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([www] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([www] https in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0AF47D53-754F-4731-9E3E-9E2F96599C0A}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~1\Office12\GRA32A~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
 
MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Google Calendar Sync.lnk - C:\PROGRA~2\Google\GOOGLE~1\GOOGLE~1.EXE - (Google)
MsConfig:64bit - StartUpReg: PCSpeedUp - hkey= - key= - C:\Program Files (x86)\PC Beschleunigen\PCSpeedUp.lnk ()
MsConfig:64bit - StartUpReg: SearchSettings - hkey= - key= - C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
MsConfig:64bit - StartUpReg: SynTPEnh - hkey= - key= - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics Incorporated)
MsConfig:64bit - State: "startup" - Reg Error: Key error.
 
CREATERESTOREPOINT
Unable to start System Restore Service. Error code 1084
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012/07/31 10:29:31 | 000,000,000 | ---D | C] -- C:\Users\Familie.GG-HP\AppData\Roaming\Avira
[2012/07/31 10:22:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2012/07/31 10:21:02 | 000,132,832 | ---- | C] (Avira GmbH) -- C:\windows\SysNative\drivers\avipbb.sys
[2012/07/31 10:21:02 | 000,098,848 | ---- | C] (Avira GmbH) -- C:\windows\SysNative\drivers\avgntflt.sys
[2012/07/31 10:21:02 | 000,027,760 | ---- | C] (Avira GmbH) -- C:\windows\SysNative\drivers\avkmgr.sys
[2012/07/31 10:20:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2012/07/31 10:20:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2012/07/31 08:10:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012/07/31 02:21:29 | 000,000,000 | ---D | C] -- C:\Users\Familie.GG-HP\AppData\Roaming\Malwarebytes
[2012/07/31 02:21:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/07/31 02:21:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/07/31 02:21:08 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys
[2012/07/31 02:21:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/07/31 01:42:45 | 000,000,000 | ---D | C] -- C:\windows\SysNative\EventProviders
[2012/07/31 01:41:45 | 000,000,000 | ---D | C] -- C:\1b59ae919142615c39de3fb1
[2012/07/18 16:54:45 | 000,000,000 | ---D | C] -- C:\ProgramData\TreeCardGames
[2012/07/18 08:38:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Conduit
[2012/07/18 08:38:52 | 000,000,000 | ---D | C] -- C:\Users\Familie.GG-HP\AppData\Local\Conduit
[2012/07/18 08:38:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mario_Forever
[2012/07/18 08:38:15 | 000,000,000 | ---D | C] -- C:\Users\Familie.GG-HP\AppData\Local\CRE
[2012/07/18 08:36:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mario Forever
[2012/07/18 08:36:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mario Forever
[2012/07/18 08:35:53 | 000,000,000 | ---D | C] -- C:\Users\Familie.GG-HP\AppData\Roaming\TreeCardGames
[2012/07/18 08:35:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\123 Free Solitaire
[2012/07/18 08:35:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\123 Free Solitaire
[2012/07/14 01:21:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Canneverbe Limited
[2012/07/14 01:19:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CDBurnerXP
[2012/07/07 19:49:51 | 000,000,000 | ---D | C] -- C:\Users\Familie.GG-HP\Documents\SNES
[2012/07/07 19:41:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2012/07/07 19:41:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\7-Zip
[2012/07/06 07:44:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2012/07/05 12:47:27 | 000,000,000 | ---D | C] -- C:\Users\Familie.GG-HP\.webKONRAD
 
========== Files - Modified Within 30 Days ==========
 
[2012/07/31 14:16:30 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012/07/31 14:16:22 | 1875,439,616 | -HS- | M] () -- C:\hiberfil.sys
[2012/07/31 14:08:11 | 000,000,884 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2012/07/31 14:06:11 | 000,001,102 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/07/31 14:01:47 | 000,001,098 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/07/31 12:33:13 | 000,020,944 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/07/31 12:33:13 | 000,020,944 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/07/31 10:22:40 | 000,002,066 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012/07/31 10:20:00 | 000,000,320 | ---- | M] () -- C:\windows\tasks\HPCeeScheduleForGG.job
[2012/07/31 10:16:35 | 000,027,760 | ---- | M] (Avira GmbH) -- C:\windows\SysNative\drivers\avkmgr.sys
[2012/07/31 10:16:34 | 000,132,832 | ---- | M] (Avira GmbH) -- C:\windows\SysNative\drivers\avipbb.sys
[2012/07/31 10:16:33 | 000,098,848 | ---- | M] (Avira GmbH) -- C:\windows\SysNative\drivers\avgntflt.sys
[2012/07/31 09:59:53 | 000,001,994 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012/07/31 02:21:09 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012/07/31 01:55:52 | 000,000,000 | -H-- | M] () -- C:\windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2012/07/31 01:43:15 | 004,503,728 | ---- | M] () -- C:\ProgramData\ras_0oed.pad
[2012/07/22 19:15:33 | 000,000,340 | ---- | M] () -- C:\windows\tasks\HPCeeScheduleForFamilie.job
[2012/07/21 15:33:54 | 001,507,342 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2012/07/21 15:33:54 | 000,659,804 | ---- | M] () -- C:\windows\SysNative\perfh007.dat
[2012/07/21 15:33:54 | 000,619,704 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2012/07/21 15:33:54 | 000,131,904 | ---- | M] () -- C:\windows\SysNative\perfc007.dat
[2012/07/21 15:33:54 | 000,108,024 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2012/07/18 08:49:08 | 000,000,020 | ---- | M] () -- C:\windows\mafosav.INI
[2012/07/18 08:39:02 | 000,000,009 | ---- | M] () -- C:\END
[2012/07/18 08:35:45 | 000,001,033 | ---- | M] () -- C:\Users\Public\Desktop\123 Free Solitaire.lnk
[2012/07/15 07:28:33 | 000,442,856 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2012/07/14 01:19:59 | 000,001,949 | ---- | M] () -- C:\Users\Public\Desktop\CDBurnerXP.lnk
[2012/07/12 08:18:08 | 000,002,340 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012/07/05 11:00:07 | 000,000,000 | ---- | M] () -- C:\windows\SysWow64\config.nt
[2012/07/03 18:21:52 | 000,958,400 | ---- | M] (AVAST Software) -- C:\windows\SysNative\drivers\aswSnx.sys
[2012/07/03 18:21:52 | 000,355,856 | ---- | M] (AVAST Software) -- C:\windows\SysNative\drivers\aswSP.sys
[2012/07/03 18:21:52 | 000,071,064 | ---- | M] (AVAST Software) -- C:\windows\SysNative\drivers\aswMonFlt.sys
[2012/07/03 18:21:52 | 000,059,728 | ---- | M] (AVAST Software) -- C:\windows\SysNative\drivers\aswTdi.sys
[2012/07/03 18:21:52 | 000,054,072 | ---- | M] (AVAST Software) -- C:\windows\SysNative\drivers\aswRdr2.sys
[2012/07/03 18:21:51 | 000,025,232 | ---- | M] (AVAST Software) -- C:\windows\SysNative\drivers\aswFsBlk.sys
[2012/07/03 18:21:32 | 000,041,224 | ---- | M] (AVAST Software) -- C:\windows\avastSS.scr
[2012/07/03 18:21:28 | 000,227,648 | ---- | M] (AVAST Software) -- C:\windows\SysWow64\aswBoot.exe
[2012/07/03 18:21:18 | 000,285,328 | ---- | M] (AVAST Software) -- C:\windows\SysNative\aswBoot.exe
[2012/07/03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys
 
========== Files Created - No Company Name ==========
 
[2012/07/31 10:22:40 | 000,002,066 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012/07/31 02:21:09 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012/07/31 01:55:52 | 000,000,000 | -H-- | C] () -- C:\windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2012/07/31 01:24:26 | 004,503,728 | ---- | C] () -- C:\ProgramData\ras_0oed.pad
[2012/07/18 08:49:08 | 000,000,020 | ---- | C] () -- C:\windows\mafosav.INI
[2012/07/18 08:39:02 | 000,000,009 | ---- | C] () -- C:\END
[2012/07/18 08:35:45 | 000,001,045 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\123 Free Solitaire.lnk
[2012/07/18 08:35:45 | 000,001,033 | ---- | C] () -- C:\Users\Public\Desktop\123 Free Solitaire.lnk
[2012/07/14 01:19:59 | 000,001,949 | ---- | C] () -- C:\Users\Public\Desktop\CDBurnerXP.lnk
[2012/07/14 01:19:59 | 000,001,899 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CDBurnerXP.lnk
[2012/07/06 07:44:22 | 000,002,340 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012/05/08 16:41:01 | 000,195,531 | ---- | C] () -- C:\Users\Familie.GG-HP\Masstabelle.pdf
[2011/08/31 22:07:36 | 001,530,612 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2011/06/14 18:01:14 | 002,336,384 | ---- | C] () -- C:\windows\SysWow64\BootMan.exe
[2011/06/14 18:01:14 | 000,086,408 | ---- | C] () -- C:\windows\SysWow64\setupempdrv03.exe
[2011/06/14 18:01:14 | 000,014,848 | ---- | C] () -- C:\windows\SysWow64\EuEpmGdi.dll
[2011/06/14 18:01:14 | 000,014,216 | ---- | C] () -- C:\windows\SysWow64\epmntdrv.sys
[2011/06/14 18:01:14 | 000,008,456 | ---- | C] () -- C:\windows\SysWow64\EuGdiDrv.sys
[2010/10/29 09:37:02 | 000,000,000 | ---- | C] () -- C:\windows\ativpsrm.bin
[2010/09/09 03:08:35 | 000,000,188 | ---- | C] () -- C:\windows\SysWow64\HPWA.ini
 
========== LOP Check ==========
 
[2012/01/29 17:18:32 | 000,000,000 | ---D | M] -- C:\Users\Familie.GG-HP\AppData\Roaming\Nitro PDF
[2012/03/03 01:37:14 | 000,000,000 | ---D | M] -- C:\Users\Familie.GG-HP\AppData\Roaming\OpenCandy
[2011/06/22 17:00:02 | 000,000,000 | ---D | M] -- C:\Users\Familie.GG-HP\AppData\Roaming\OpenOffice.org
[2011/09/17 13:16:03 | 000,000,000 | ---D | M] -- C:\Users\Familie.GG-HP\AppData\Roaming\PC Suite
[2011/12/20 15:23:33 | 000,000,000 | ---D | M] -- C:\Users\Familie.GG-HP\AppData\Roaming\PerformerSoft
[2011/12/29 20:37:56 | 000,000,000 | ---D | M] -- C:\Users\Familie.GG-HP\AppData\Roaming\Rovio
[2012/05/22 17:13:18 | 000,000,000 | ---D | M] -- C:\Users\Familie.GG-HP\AppData\Roaming\Thunderbird
[2012/07/18 08:35:53 | 000,000,000 | ---D | M] -- C:\Users\Familie.GG-HP\AppData\Roaming\TreeCardGames
[2012/07/14 01:21:50 | 000,000,000 | ---D | M] -- C:\Users\GG\AppData\Roaming\Canneverbe Limited
[2011/10/27 12:33:09 | 000,000,000 | ---D | M] -- C:\Users\GG\AppData\Roaming\Downloaded Installations
[2012/02/02 16:15:40 | 000,000,000 | ---D | M] -- C:\Users\GG\AppData\Roaming\Nitro PDF
[2011/06/22 15:05:42 | 000,000,000 | ---D | M] -- C:\Users\GG\AppData\Roaming\OpenOffice.org
[2011/08/26 11:48:14 | 000,000,000 | ---D | M] -- C:\Users\GG\AppData\Roaming\PC Suite
[2011/08/26 14:34:58 | 000,000,000 | ---D | M] -- C:\Users\GG\AppData\Roaming\Samsung
[2011/06/14 17:30:48 | 000,000,000 | ---D | M] -- C:\Users\GG\AppData\Roaming\Thunderbird
[2012/05/19 00:17:49 | 000,032,640 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*. >
[2012/05/07 20:28:19 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2012/07/31 01:42:07 | 000,000,000 | ---D | M] -- C:\1b59ae919142615c39de3fb1
[2009/07/27 17:04:41 | 000,000,000 | -HSD | M] -- C:\boot
[2011/06/19 09:48:30 | 000,000,000 | ---D | M] -- C:\dc43f76bb24ec8f493df17901f
[2009/07/14 07:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2010/09/09 01:24:36 | 000,000,000 | ---D | M] -- C:\EFI
[2010/09/09 03:38:14 | 000,000,000 | -H-D | M] -- C:\hp
[2011/08/31 21:44:40 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2009/07/14 05:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2012/06/15 16:05:12 | 000,000,000 | R--D | M] -- C:\Program Files
[2012/07/31 10:20:35 | 000,000,000 | R--D | M] -- C:\Program Files (x86)
[2012/07/31 10:20:35 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2012/01/23 12:31:17 | 000,000,000 | ---D | M] -- C:\swsetup
[2012/07/31 10:25:21 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2011/11/29 00:19:08 | 000,000,000 | -H-D | M] -- C:\SYSTEM.SAV
[2011/12/03 11:33:47 | 000,000,000 | ---D | M] -- C:\Tivola
[2011/06/14 20:12:01 | 000,000,000 | R--D | M] -- C:\Users
[2012/07/18 08:49:08 | 000,000,000 | ---D | M] -- C:\Windows
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
< MD5 for: AGP440.SYS  >
[2009/07/14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\windows\SysNative\drivers\AGP440.sys
[2009/07/14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\AGP440.sys
[2009/07/14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
[2009/07/14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\windows\SysNative\drivers\atapi.sys
[2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_0dbde3119acb22ca\atapi.sys
[2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys
[2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_dab2e93700ba2683\atapi.sys
[2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16552_none_394a8c733b252fb9\atapi.sys
[2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16593_none_39204d0d3b44b8d4\atapi.sys
[2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.20669_none_39d05b5854449cd5\atapi.sys
[2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.20713_none_3a006b1e5421763d\atapi.sys
[2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009/07/14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009/07/14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009/07/14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\windows\SysNative\cngaudit.dll
[2009/07/14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: EXPLORER.EXE  >
[2011/02/26 08:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\explorer.exe
[2011/02/26 08:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011/02/26 07:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009/07/14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011/02/26 07:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2010/09/09 02:50:22 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011/02/26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\SysWOW64\explorer.exe
[2011/02/26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011/02/25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 08:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 14:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2010/09/09 02:39:14 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011/02/25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010/09/09 02:50:22 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2010/09/09 02:39:14 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010/11/20 15:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2010/09/09 02:50:22 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2010/09/09 02:39:14 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/14 03:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2010/09/09 02:50:22 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2011/02/26 08:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2010/09/09 02:39:14 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
 
< MD5 for: IASTORV.SYS  >
[2010/11/20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2010/05/12 10:37:57 | 000,410,504 | ---- | M] (Intel Corporation) MD5=513DC087CFED7D2BB82F005385D3531F -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16592_none_0af87721a183cb70\iaStorV.sys
[2011/03/11 08:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011/03/11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
[2011/03/11 08:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\windows\SysNative\drivers\iaStorV.sys
[2011/03/11 08:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0033117673c16921\iaStorV.sys
[2011/03/11 08:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys
[2011/03/11 08:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys
[2009/07/14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_18cccb83b34e1453\iaStorV.sys
[2009/07/14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
[2010/05/12 10:50:37 | 000,410,496 | ---- | M] (Intel Corporation) MD5=E353CF970C5D4D6A092911E15FB78C07 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20712_none_0bd89532ba6088d9\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009/07/14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\windows\SysNative\netlogon.dll
[2009/07/14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2010/11/20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010/11/20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
[2009/07/14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll
[2009/07/14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2010/05/12 10:38:10 | 000,166,280 | ---- | M] (NVIDIA Corporation) MD5=0AF7B8136794E23E87BE138992880E64 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16592_none_95c1e7d0d8ba7548\nvstor.sys
[2009/07/14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvstor.sys
[2009/07/14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
[2011/03/11 08:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\windows\SysNative\drivers\nvstor.sys
[2011/03/11 08:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_38e464dbe521cc7f\nvstor.sys
[2011/03/11 08:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys
[2011/03/11 08:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys
[2010/05/12 10:50:49 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=CE76755AF933E728CEBA6C7A970838A4 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20712_none_96a205e1f19732b1\nvstor.sys
[2011/03/11 08:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011/03/11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010/11/20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009/07/14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll
[2009/07/14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009/07/14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\windows\SysNative\scecli.dll
[2009/07/14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
[2010/11/20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010/11/20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010/11/20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2009/07/14 03:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\windows\SysNative\user32.dll
[2009/07/14 03:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[2009/07/14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\SysWOW64\user32.dll
[2009/07/14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
[2010/11/20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010/11/20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe
[2009/07/14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\windows\SysNative\userinit.exe
[2009/07/14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010/11/20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010/11/20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009/07/14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2012/07/03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2010/09/09 02:50:22 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2010/09/09 02:50:22 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\windows\SysNative\winlogon.exe
[2010/09/09 02:50:22 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009/07/14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\windows\SysNative\drivers\ws2ifsl.sys
[2009/07/14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
< %USERPROFILE%\*.* >
[2012/05/08 16:41:03 | 000,195,531 | ---- | M] () -- C:\Users\Familie.GG-HP\Masstabelle.pdf
[2012/07/31 14:31:25 | 002,097,152 | -HS- | M] () -- C:\Users\Familie.GG-HP\NTUSER.DAT
[2012/07/31 14:31:25 | 000,262,144 | -HS- | M] () -- C:\Users\Familie.GG-HP\ntuser.dat.LOG1
[2011/06/14 20:12:06 | 000,000,000 | -HS- | M] () -- C:\Users\Familie.GG-HP\ntuser.dat.LOG2
[2011/06/15 00:37:55 | 000,065,536 | -HS- | M] () -- C:\Users\Familie.GG-HP\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
[2011/06/15 00:37:55 | 000,524,288 | -HS- | M] () -- C:\Users\Familie.GG-HP\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
[2011/06/15 00:37:55 | 000,524,288 | -HS- | M] () -- C:\Users\Familie.GG-HP\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
[2012/03/18 01:34:46 | 000,065,536 | -HS- | M] () -- C:\Users\Familie.GG-HP\NTUSER.DAT{ab064078-7088-11e1-8f45-e02a820293f6}.TM.blf
[2012/03/18 01:34:45 | 000,524,288 | -HS- | M] () -- C:\Users\Familie.GG-HP\NTUSER.DAT{ab064078-7088-11e1-8f45-e02a820293f6}.TMContainer00000000000000000001.regtrans-ms
[2012/03/18 01:34:46 | 000,524,288 | -HS- | M] () -- C:\Users\Familie.GG-HP\NTUSER.DAT{ab064078-7088-11e1-8f45-e02a820293f6}.TMContainer00000000000000000002.regtrans-ms
[2009/07/27 16:09:59 | 000,000,020 | -HS- | M] () -- C:\Users\Familie.GG-HP\ntuser.ini
 
< %USERPROFILE%\Local Settings\Temp\*.exe >
 
< %USERPROFILE%\Local Settings\Temp\*.dll >
 
< %USERPROFILE%\Application Data\*.exe >
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
 
<           >

< End of report >
         
--- --- ---
[\code]

OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 7/31/2012 2:29:36 PM - Run 1
OTL by OldTimer - Version 3.2.55.0     Folder = C:\Users\Familie.GG-HP\Downloads
64bit- Professional  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1.75 Gb Total Physical Memory | 1.03 Gb Available Physical Memory | 59.24% Memory free
3.49 Gb Paging File | 2.98 Gb Available in Paging File | 85.19% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 280.79 Gb Total Space | 223.99 Gb Free Space | 79.77% Space Free | Partition Type: NTFS
Drive F: | 1.99 Gb Total Space | 1.98 Gb Free Space | 99.64% Space Free | Partition Type: FAT32
 
Computer Name: GG-HP | User Name: Familie | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
 
[HKEY_USERS\S-1-5-21-1998016419-1850255896-693874555-1002\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0E7BE1C0-E944-47CD-AD2C-536BBFFBCFF5}" = rport=137 | protocol=17 | dir=out | app=system | 
"{189D4465-F93F-4D45-9D68-CCE79BFE302C}" = lport=138 | protocol=17 | dir=in | app=system | 
"{2408FB0F-279A-4A7E-A353-50817878F0BA}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{24BBD07F-0727-4E8B-B792-A84CC62C87DD}" = rport=138 | protocol=17 | dir=out | app=system | 
"{2AEFB996-0028-4BE8-9939-05FFD121B312}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{43CED6A7-F928-4EC8-9149-0F325715D6FD}" = lport=445 | protocol=6 | dir=in | app=system | 
"{462DD7F4-61D5-4590-8681-EC0895944E04}" = rport=139 | protocol=6 | dir=out | app=system | 
"{4995C464-28EA-41CA-B804-C66B186BD63B}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{4B80D4D3-2993-4612-B3E1-54C84923012F}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{55DC4547-068A-44D3-A365-82E5B21C590B}" = rport=2869 | protocol=6 | dir=out | app=system | 
"{5D61ED8E-4293-473D-8D90-6915D420D350}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{5F6B15C7-752D-4B61-AA77-9A078BFBA5A2}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{71377E6B-F3C8-468A-A368-785B03241BE0}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{78A0443E-429C-4BB6-BEDE-F1DD9F201FC0}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{7BE1902A-8456-4A08-9907-F02B0DE22DD3}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{87BB19A9-B7A4-40DF-84BF-105DC66B258F}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{8B5F11DB-47EA-4389-B214-11DF3DDE34AB}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{916CDE4B-C5BD-45AF-B0DE-2072883D4E74}" = rport=445 | protocol=6 | dir=out | app=system | 
"{A0DF94DF-4F42-498A-B5D7-F14EFD955496}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{B3E143CD-DFBD-4DBF-B5F7-61C603DDFE30}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{B9B671E3-B3E1-4DC1-B82C-C5826A2D483C}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe | 
"{C86D6569-4E60-4789-A4EC-A67283A4D516}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{C9435DC0-80BF-4BC0-8120-A8AF55F36B65}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{CCE4C9E2-8322-44D4-A520-C2A53AB1D9EF}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{D0FDF753-B796-4B83-8A83-DCA4B0CF76C1}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{DB8D675E-6936-4A38-B269-30F5449D04BE}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{E187247D-FF71-4DC3-845A-7DAD753AB462}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{E39C7F91-27BD-4221-A8AD-72052B9DD9B7}" = lport=139 | protocol=6 | dir=in | app=system | 
"{F3A28E2B-0E8D-4F88-9AED-7B041F37688C}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{F44069B5-EF62-4376-B2F7-E9B660D6DCA2}" = lport=137 | protocol=17 | dir=in | app=system | 
"{F6514B32-707D-4A54-9515-57090E0BDAF3}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0F6D7F9F-67C4-41F2-B576-8F52EC95CE21}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{162DE246-8FA4-4DFC-8B15-53E2C66792E7}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{1800DF1C-8FAC-4591-8FF9-070486B10C00}" = protocol=6 | dir=in | app=c:\program files (x86)\samsung\samsung new pc studio\npsasvr.exe | 
"{3C857A22-669D-4D5A-A40B-3D0B6AFC6BFE}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | 
"{5321E475-9FE5-4B5D-A4B3-64DADFDC08B7}" = protocol=17 | dir=in | app=c:\program files (x86)\samsung\samsung new pc studio\npsvsvr.exe | 
"{594BD1BE-FA27-446E-A0E6-E42F01982783}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{5C20539A-D2BE-43AA-8EB2-DAA35A5B521C}" = protocol=17 | dir=in | app=c:\program files (x86)\samsung\samsung new pc studio\npsasvr.exe | 
"{6245A557-F413-4547-91D9-22C6309D8816}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{77DB8C41-E3F0-45F6-B2B5-6EE6C0908D76}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 | 
"{7B4022A5-3F23-4BB5-A52E-2ACDF382F264}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{84AF5BD9-E30B-4419-B60A-FAAA6661E750}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{876FC1B0-6DED-49BE-8568-421E231E7EAB}" = protocol=6 | dir=in | app=c:\program files (x86)\samsung\samsung new pc studio\npsvsvr.exe | 
"{92437A52-8C85-4576-AD6D-D7D42F3CE56E}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{9AB06129-F400-47FB-B04C-7E9D6A40A1E7}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{A8329CC6-80F7-4AA8-84E0-F4BAB86E0F03}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | 
"{DD45F7F7-42EB-49B9-BF49-67CF697F4BBC}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{E71C7C09-1487-49F8-A409-D73CA5F435C3}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{014C6C60-4916-48F7-916E-E8048E12E9F1}" = HP HotKey Support
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP2600_series" = Canon iP2600 series
"{2C69D297-A524-1FB1-5C00-1C52363E044F}" = ccc-utility64
"{369ABA06-0536-4E6A-A1FC-40983E268F47}" = Nitro PDF Reader 2
"{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}" = Broadcom 2070 Bluetooth 3.0
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{560932B5-8702-7FB8-01AE-265EA44FAEEB}" = ATI Catalyst Install Manager
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{92DBCA36-9B41-4DD1-941A-AED149DD37F0}" = Windows Mobile Device Center Driver Update
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{C7AE4EC3-9C13-4213-8457-74D16B353F91}" = HP Web Camera
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240CD}" = WinZip 16.0
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{EC720706-3F19-4B7F-BDDD-E31D9B3921D2}" = HP Wireless Assistant
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"BC15EA930074932BB2C4B4493C9FD4EA95087D1A" = Windows-Treiberpaket - Nokia pccsmcfd  (10/12/2007 6.85.4.0)
"Broadcom 802.11 Wireless LAN Adapter" = Broadcom 802.11 Wireless LAN Adapter
"CanonMyPrinter" = Canon My Printer
"GIMP-2_is1" = GIMP 2.7.4
"LSI Soft Modem" = LSI HDA Modem
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"PCSU-SL_is1" = PC Beschleunigen - Vollständige Deinstallation
"Samsung Mobile phone USB driver Drive" = Samsung Mobile phone USB driver Drive Software
"SynTPDeinstKey" = Synaptics Pointing Device Driver
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{36C95AD3-D330-4BAA-884A-9F3EFD15A5EA}" = Corel Home Office
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{04801E42-B1A6-4C52-9F3D-CADB5A050433}" = HP Software Setup
"{06E6E30D-B498-442F-A943-07DE41D7F785}" = Microsoft Search Enhancement Pack
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = Bing Bar
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{0B2187A6-8ACC-4012-9817-9221211EF407}" = Corel Home Office - IPM
"{0C7A1F10-3965-190D-3409-B0DD7C45C0EE}" = CCC Help Italian
"{14B61ABC-D4A7-BCF5-92BE-95CEB8DF4374}" = CCC Help Czech
"{16CA9DAC-6A40-4204-A826-33C4D52A266C}" = Catalyst Control Center - Branding
"{1A1E33D2-9824-454A-B8CB-50072118635A}" = Corel Home Office - CS Templates
"{1C598CE5-344B-997B-FF33-2976D689C0AC}" = CCC Help Greek
"{1CAC7A41-583B-4483-9FA5-3E5465AFF8C2}" = Microsoft Default Manager
"{1D11E96F-0405-4B99-8356-5750B1D9FAE9}" = Corel Home Office - JP Templates
"{1D61E881-43CD-447B-9E6B-D2C6138B2862}" = HP Webcam
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{26D19512-874B-4EDA-B7F1-779850B2AD5A}" = Corel Home Office - CT Templates
"{2DA697D7-FED3-4DE2-A174-92A2A12F9688}" = HP SoftPaq Download Manager
"{36C95AD3-D330-4BAA-884A-9F3EFD15A5EA}" = Corel Home Office
"{39C5A498-FA1A-2473-34D1-6755E5A1BC99}" = CCC Help German
"{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}" = HP Advisor
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{4412F224-3849-4461-A3E9-DEEF8D252790}" = Visual Studio C++ 10.0 Runtime
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B4911AA-98AA-F2E0-1BF4-2E2737D1C95C}" = Catalyst Control Center InstallProxy
"{5017D60D-C0A5-4CC8-8D2F-0BDA1ADF39D0}" = Corel Home Office - Templates1
"{537BF16E-7412-448C-95D8-846E85A1D817}" = Roxio Creator Business
"{5478075D-1797-1C4C-B3F0-DC8ECCA7D5C3}" = Catalyst Control Center Localization All
"{54B29835-EF99-41D2-9104-F159DE62F165}" = Bing Bar Platform
"{558ED580-6168-AF04-C71F-E63B0E149E21}" = CCC Help Korean
"{5746E4F9-77C6-47E8-A737-A5975A57B4AA}" = Corel Home Office - KR Templates
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5BF8E079-D6E2-4323-B794-75152371122A}" = Windows 7 Default Setting
"{61EDBE71-5D3E-4AB7-AD95-E53FEAF68C17}" = Bing Rewards Client Installer
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{6AFDE3BE-BC01-45A4-9D06-BBF5AD207313}" = LightScribe System Software
"{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}" = HP Support Assistant
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{79CF6EF9-8C9A-F284-5042-B5B54645B5F8}" = CCC Help Norwegian
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{7E84FAC8-C518-40F9-9807-7455301D6D25}" = SamsungConnectivityCableDriver
"{7F30B436-1196-1401-9A4F-CFF6C10D6EBA}" = CCC Help Polish
"{84EC6CDF-E378-0EBA-E4C2-BBD5489CD4EF}" = CCC Help Japanese
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{910D3FB9-E341-4DD9-B52A-3B3C0C340AF6}" = Angry Birds
"{919D10CE-CADB-8D08-3429-7FB1DFA3B043}" = CCC Help Spanish
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{96AC1B0B-02D1-4FAA-9C1E-C92ECA74921A}" = HP Setup
"{9978D298-9AA1-99EE-9975-18AAEF34DE0C}" = CCC Help Dutch
"{9D4D0B44-0A55-1905-5CF4-8A6EC311673F}" = CCC Help Russian
"{A005479C-7D10-A4CB-0BAD-5D8765E141C6}" = CCC Help Turkish
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC599724-5755-48C1-ABE7-ABB857652930}" = PC Connectivity Solution
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch
"{AF6EB833-D48A-49AC-9394-4C57489FDFF2}" = HP Software Framework
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}" = Energy Star Digital Logo
"{C1DE827D-8A61-4A77-9CCF-31AD84CC1FB6}" = HP Documentation
"{C2036B7D-C21E-38E9-FB0B-3746E82B898B}" = CCC Help Hungarian
"{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}" = Norton Online Backup
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D10B94E4-8545-CA0F-EDE9-41F62272A0DE}" = CCC Help Portuguese
"{D35A9E39-05F9-0D80-C41C-71B2FDCBE5E9}" = CCC Help Chinese Standard
"{D9989A13-B173-4048-B8A5-93C204DCB1B3}" = HP ESU for Microsoft Windows 7
"{DB393B0B-4A5D-7B50-AD80-3772372C4243}" = CCC Help Thai
"{E0A7ED39-8CD6-4351-93C3-69CCA00D12B4}" = HP Webcam Driver
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E4756B93-69FF-D723-D7F8-97FFE73A0D2C}" = CCC Help French
"{E4C82543-E98E-E66D-84A7-9C9235ADF9CE}" = CCC Help English
"{E6098043-1183-4580-89EF-423CBF807188}" = pdfforge Toolbar v4.6
"{E684A226-D7B1-4B14-9778-44AD48A654F0}" = Corel Home Office
"{E74EA3B1-7192-489D-9A57-0AE918FEC001}" = Corel Home Office - Launcher
"{E8CA17C0-5A35-3CF1-C50F-1E9783FFB08B}" = CCC Help Swedish
"{EC877639-07AB-495C-BFD1-D63AF9140810}" = Roxio Activation Module
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator Business v10
"{F0261797-E2ED-8BEC-7B6F-A7C0A0E478FF}" = ccc-core-static
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"{F45048A1-12C4-4B08-A3EB-32D88033368A}" = Corel Home Office - Templates RU
"{F6CEF69E-35EA-6086-6D7D-21E89FD70B16}" = CCC Help Finnish
"{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}" = Realtek Ethernet Controller All-In-One Windows Driver
"{F8801800-9E88-3AB1-21DA-E50EFA0F771E}" = CCC Help Danish
"{FC6256BB-BDD4-AB91-451B-86896F236769}" = CCC Help Chinese Traditional
"123 Free Solitaire_is1" = 123 Free Solitaire 2011 v8.0
"7-Zip" = 7-Zip 9.20
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"avast" = avast! Free Antivirus
"Avira AntiVir Desktop" = Avira Antivirus Premium 2012
"Canon iP2600 series Benutzerregistrierung" = Canon iP2600 series Benutzerregistrierung
"CANONIJPLM100" = PIXMA Extended Survey Program
"CanonSolutionMenu" = Canon Utilities Solution Menu
"EASEUS Partition Master Home Edition_is1" = EASEUS Partition Master 7.1.1 Home Edition
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ESET Online Scanner" = ESET Online Scanner v3
"Farm Frenzy 3" = Farm Frenzy 3
"Free Audio CD to MP3 Converter_is1" = Free Audio CD to MP3 Converter version 1.3.12.908
"Google Calendar Sync" = Google Calendar Sync
"Google Chrome" = Google Chrome
"InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"Mario_Forever Toolbar" = Mario Forever Toolbar
"McAfee Security Scan" = McAfee Security Scan Plus
"Mozilla Firefox 11.0 (x86 de)" = Mozilla Firefox 11.0 (x86 de)
"Mozilla Thunderbird 13.0.1 (x86 de)" = Mozilla Thunderbird 13.0.1 (x86 de)
"MyTomTom" = MyTomTom 3.1.0.530
"PDF Complete" = PDF Complete Special Edition
"Revo Uninstaller" = Revo Uninstaller 1.93
"SurfMusik 3.1a_is1" = SurfMusik 3.1a
"Winamp" = Winamp
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-1998016419-1850255896-693874555-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"webKONRAD" = webKONRAD
"Winamp Detect" = Winamp Erkennungs-Plug-in
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 5/17/2012 12:22:14 PM | Computer Name = GG-HP | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: atibtmon.exe, Version: 2.0.0.0, Zeitstempel:
 0x4a04ab6c  Name des fehlerhaften Moduls: atibtmon.exe, Version: 2.0.0.0, Zeitstempel:
 0x4a04ab6c  Ausnahmecode: 0xc000000d  Fehleroffset: 0x00004340  ID des fehlerhaften Prozesses:
 0x12bc  Startzeit der fehlerhaften Anwendung: 0x01cd34491d228fe3  Pfad der fehlerhaften
 Anwendung: C:\windows\system32\atibtmon.exe  Pfad des fehlerhaften Moduls: C:\windows\system32\atibtmon.exe
Berichtskennung:
 75d10369-a03c-11e1-97d4-e02a820293f6
 
Error - 5/18/2012 5:57:15 PM | Computer Name = GG-HP | Source = EventSystem | ID = 4622
Description = 
 
Error - 5/20/2012 4:57:28 AM | Computer Name = GG-HP | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: AcroRd32.exe, Version: 10.1.1.33,
 Zeitstempel: 0x4e64e4e2  Name des fehlerhaften Moduls: AcroRd32.dll, Version: 10.1.1.33,
 Zeitstempel: 0x4e64f98b  Ausnahmecode: 0xc0000005  Fehleroffset: 0x000218f8  ID des fehlerhaften
 Prozesses: 0x15e4  Startzeit der fehlerhaften Anwendung: 0x01cd35cd03ee506a  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe
Pfad
 des fehlerhaften Moduls: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.dll
Berichtskennung:
 d2f0f360-a259-11e1-8044-e02a820293f6
 
Error - 5/23/2012 11:14:33 AM | Computer Name = GG-HP | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: atibtmon.exe, Version: 2.0.0.0, Zeitstempel:
 0x4a04ab6c  Name des fehlerhaften Moduls: atibtmon.exe, Version: 2.0.0.0, Zeitstempel:
 0x4a04ab6c  Ausnahmecode: 0xc000000d  Fehleroffset: 0x00004340  ID des fehlerhaften Prozesses:
 0x225c  Startzeit der fehlerhaften Anwendung: 0x01cd38f6a1be8b85  Pfad der fehlerhaften
 Anwendung: C:\windows\system32\atibtmon.exe  Pfad des fehlerhaften Moduls: C:\windows\system32\atibtmon.exe
Berichtskennung:
 ffb91f56-a4e9-11e1-95a7-e02a820293f6
 
Error - 5/23/2012 6:18:44 PM | Computer Name = GG-HP | Source = EventSystem | ID = 4622
Description = 
 
Error - 5/28/2012 5:27:17 PM | Computer Name = GG-HP | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: atibtmon.exe, Version: 2.0.0.0, Zeitstempel:
 0x4a04ab6c  Name des fehlerhaften Moduls: atibtmon.exe, Version: 2.0.0.0, Zeitstempel:
 0x4a04ab6c  Ausnahmecode: 0xc000000d  Fehleroffset: 0x00004340  ID des fehlerhaften Prozesses:
 0x1344  Startzeit der fehlerhaften Anwendung: 0x01cd3d188e55e64c  Pfad der fehlerhaften
 Anwendung: C:\windows\system32\atibtmon.exe  Pfad des fehlerhaften Moduls: C:\windows\system32\atibtmon.exe
Berichtskennung:
 e5cdaa07-a90b-11e1-9881-e02a820293f6
 
Error - 5/31/2012 6:02:13 PM | Computer Name = GG-HP | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: atibtmon.exe, Version: 2.0.0.0, Zeitstempel:
 0x4a04ab6c  Name des fehlerhaften Moduls: atibtmon.exe, Version: 2.0.0.0, Zeitstempel:
 0x4a04ab6c  Ausnahmecode: 0xc000000d  Fehleroffset: 0x00004340  ID des fehlerhaften Prozesses:
 0xbcc  Startzeit der fehlerhaften Anwendung: 0x01cd3f78fa8555a3  Pfad der fehlerhaften
 Anwendung: C:\windows\system32\atibtmon.exe  Pfad des fehlerhaften Moduls: C:\windows\system32\atibtmon.exe
Berichtskennung:
 4645c3df-ab6c-11e1-9e59-e02a820293f6
 
Error - 6/1/2012 12:15:36 AM | Computer Name = GG-HP | Source = System Restore | ID = 8193
Description = 
 
Error - 6/2/2012 3:08:36 AM | Computer Name = GG-HP | Source = Service1 | ID = 0
Description = Der Dienst kann nicht gestartet werden. Der Dienstprozess konnte keine
 Verbindung mit dem Dienstcontroller herstellen
 
Error - 6/11/2012 6:02:40 PM | Computer Name = GG-HP | Source = EventSystem | ID = 4621
Description = 
 
[ Hewlett-Packard Events ]
Error - 12/17/2011 5:40:28 AM | Computer Name = GG-HP | Source = HPSF.exe | ID = 4000
Description = 
 
Error - 12/17/2011 5:40:39 AM | Computer Name = GG-HP | Source = HPSF.exe | ID = 4000
Description = 
 
Error - 12/17/2011 5:40:58 AM | Computer Name = GG-HP | Source = HPSF.exe | ID = 4000
Description = 
 
Error - 1/10/2012 3:10:54 AM | Computer Name = GG-HP | Source = HPSF.exe | ID = 4000
Description = 
 
Error - 1/14/2012 11:40:18 AM | Computer Name = GG-HP | Source = HPSF.exe | ID = 4000
Description = 
 
Error - 1/14/2012 11:42:00 AM | Computer Name = GG-HP | Source = HPSF.exe | ID = 4000
Description = 
 
Error - 1/14/2012 11:44:35 AM | Computer Name = GG-HP | Source = HPSF.exe | ID = 4000
Description = 
 
Error - 1/14/2012 11:47:00 AM | Computer Name = GG-HP | Source = HPSF.exe | ID = 4000
Description = 
 
Error - 1/14/2012 11:48:59 AM | Computer Name = GG-HP | Source = HPSF.exe | ID = 4000
Description = 
 
Error - 1/17/2012 6:57:22 AM | Computer Name = GG-HP | Source = HPSF.exe | ID = 4000
Description = 
 
[ HP Software Framework Events ]
Error - 7/31/2012 6:45:13 AM | Computer Name = GG-HP | Source = CaslWmi | ID = 5
Description = 2012.07.31 12:45:13.650|00000D48|Error      |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
 
Error - 7/31/2012 6:45:13 AM | Computer Name = GG-HP | Source = CaslWmi | ID = 5
Description = 2012.07.31 12:45:13.853|00000D48|Error      |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
 
Error - 7/31/2012 6:45:13 AM | Computer Name = GG-HP | Source = CaslWmi | ID = 5
Description = 2012.07.31 12:45:13.899|00000D48|Error      |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
 
Error - 7/31/2012 6:45:13 AM | Computer Name = GG-HP | Source = CaslWmi | ID = 5
Description = 2012.07.31 12:45:13.946|00000D48|Error      |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
 
Error - 7/31/2012 6:45:14 AM | Computer Name = GG-HP | Source = CaslWmi | ID = 5
Description = 2012.07.31 12:45:14.040|00000D48|Error      |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
 
Error - 7/31/2012 8:05:15 AM | Computer Name = GG-HP | Source = CaslWmi | ID = 5
Description = 2012.07.31 14:05:15.492|000015A8|Error      |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
 
Error - 7/31/2012 8:05:15 AM | Computer Name = GG-HP | Source = CaslWmi | ID = 5
Description = 2012.07.31 14:05:15.757|000015A8|Error      |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
 
Error - 7/31/2012 8:05:15 AM | Computer Name = GG-HP | Source = CaslWmi | ID = 5
Description = 2012.07.31 14:05:15.804|000015A8|Error      |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
 
Error - 7/31/2012 8:05:15 AM | Computer Name = GG-HP | Source = CaslWmi | ID = 5
Description = 2012.07.31 14:05:15.867|000015A8|Error      |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
 
Error - 7/31/2012 8:05:15 AM | Computer Name = GG-HP | Source = CaslWmi | ID = 5
Description = 2012.07.31 14:05:15.913|000015A8|Error      |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
 
[ HP Wireless Assistant Events ]
Error - 5/24/2012 5:00:25 AM | Computer Name = GG-HP | Source = HP WA Application | ID = 0
Description = HardwareAccess.UnableToConnectException Application.ApplicationStartup;
 failed to create hardware layer Fehler in der Anwendung.    bei HardwareAccess.Hardware..ctor(Dispatcher
 dispatcher, ServicePort port, Int32 timeout)     bei HardwareAccess.Hardware.Create(Dispatcher
 dispatcher, ServicePort port, Int32 timeout)     bei HPWA_Main.App.ApplicationStartup(Object
 sender, StartupEventArgs args)
 
Error - 5/24/2012 5:01:19 AM | Computer Name = GG-HP | Source = HP WA Application | ID = 0
Description = MainWindow.ShowImpl; not initialized, closing application...
 
Error - 6/2/2012 3:14:52 AM | Computer Name = GG-HP | Source = HP WA Application | ID = 0
Description = HardwareAccess.UnableToConnectException Application.ApplicationStartup;
 failed to create hardware layer Fehler in der Anwendung.    bei HardwareAccess.Hardware..ctor(Dispatcher
 dispatcher, ServicePort port, Int32 timeout)     bei HardwareAccess.Hardware.Create(Dispatcher
 dispatcher, ServicePort port, Int32 timeout)     bei HPWA_Main.App.ApplicationStartup(Object
 sender, StartupEventArgs args)
 
Error - 6/2/2012 3:15:24 AM | Computer Name = GG-HP | Source = HP WA Application | ID = 0
Description = MainWindow.ShowImpl; not initialized, closing application...
 
Error - 7/7/2012 6:46:24 AM | Computer Name = GG-HP | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException Aufruf wurde durch Messagefilter
 abgebrochen. (Ausnahme von HRESULT: 0x80010002 (RPC_E_CALL_CANCELED))    bei System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
 errorCode, IntPtr errorInfo)     bei System.Management.ManagementScope.InitializeGuts(Object
 o)     bei System.Management.ManagementScope.Initialize()     bei System.Management.ManagementObjectSearcher.Initialize()

   bei System.Management.ManagementObjectSearcher.Get()     bei HPPA_Service.CurrentConfiguration.FindDevice(String
 hostPath, String portName)     bei HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__9(RadioHardware
 radio)     bei System.Linq.Enumerable.WhereSelectListIterator`2.MoveNext()     bei 
System.Linq.Enumerable.WhereSelectEnumerableIterator`2.MoveNext()     bei HPPA_Service.CurrentConfiguration.ReloadRadioList()
 
Error - 7/10/2012 3:08:02 AM | Computer Name = GG-HP | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException Aufruf wurde durch Messagefilter
 abgebrochen. (Ausnahme von HRESULT: 0x80010002 (RPC_E_CALL_CANCELED))    bei System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
 errorCode, IntPtr errorInfo)     bei System.Management.ManagementScope.InitializeGuts(Object
 o)     bei System.Management.ManagementScope.Initialize()     bei System.Management.ManagementObjectSearcher.Initialize()

   bei System.Management.ManagementObjectSearcher.Get()     bei HPPA_Service.CurrentConfiguration.FindDevice(String
 hostPath, String portName)     bei HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__9(RadioHardware
 radio)     bei System.Linq.Enumerable.WhereSelectListIterator`2.MoveNext()     bei 
System.Linq.Enumerable.WhereSelectEnumerableIterator`2.MoveNext()     bei HPPA_Service.CurrentConfiguration.ReloadRadioList()
 
Error - 7/16/2012 11:31:07 AM | Computer Name = GG-HP | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException Aufruf wurde durch Messagefilter
 abgebrochen. (Ausnahme von HRESULT: 0x80010002 (RPC_E_CALL_CANCELED))    bei System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
 errorCode, IntPtr errorInfo)     bei System.Management.ManagementScope.InitializeGuts(Object
 o)     bei System.Management.ManagementScope.Initialize()     bei System.Management.ManagementObjectSearcher.Initialize()

   bei System.Management.ManagementObjectSearcher.Get()     bei HPPA_Service.CurrentConfiguration.FindDevice(String
 hostPath, String portName)     bei HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__9(RadioHardware
 radio)     bei System.Linq.Enumerable.WhereSelectListIterator`2.MoveNext()     bei 
System.Linq.Enumerable.WhereSelectEnumerableIterator`2.MoveNext()     bei HPPA_Service.CurrentConfiguration.ReloadRadioList()
 
Error - 7/22/2012 1:14:49 PM | Computer Name = GG-HP | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException Aufruf wurde durch Messagefilter
 abgebrochen. (Ausnahme von HRESULT: 0x80010002 (RPC_E_CALL_CANCELED))    bei System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
 errorCode, IntPtr errorInfo)     bei System.Management.ManagementScope.InitializeGuts(Object
 o)     bei System.Management.ManagementScope.Initialize()     bei System.Management.ManagementObjectSearcher.Initialize()

   bei System.Management.ManagementObjectSearcher.Get()     bei HPPA_Service.CurrentConfiguration.FindDevice(String
 hostPath, String portName)     bei HPPA_Service.CurrentConfiguration.ApplyDeviceManagerState(List`1
 radios)     bei HPPA_Service.CurrentConfiguration.ReloadRadioList()
 
Error - 7/25/2012 10:26:56 PM | Computer Name = GG-HP | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException Aufruf wurde durch Messagefilter
 abgebrochen. (Ausnahme von HRESULT: 0x80010002 (RPC_E_CALL_CANCELED))    bei System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
 errorCode, IntPtr errorInfo)     bei System.Management.ManagementScope.InitializeGuts(Object
 o)     bei System.Management.ManagementScope.Initialize()     bei System.Management.ManagementObjectSearcher.Initialize()

   bei System.Management.ManagementObjectSearcher.Get()     bei HPPA_Service.CurrentConfiguration.FindDevice(String
 hostPath, String portName)     bei HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__9(RadioHardware
 radio)     bei System.Linq.Enumerable.WhereSelectListIterator`2.MoveNext()     bei 
System.Linq.Enumerable.WhereSelectEnumerableIterator`2.MoveNext()     bei HPPA_Service.CurrentConfiguration.ReloadRadioList()
 
Error - 7/30/2012 4:20:41 PM | Computer Name = GG-HP | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException Aufruf wurde durch Messagefilter
 abgebrochen. (Ausnahme von HRESULT: 0x80010002 (RPC_E_CALL_CANCELED))    bei System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
 errorCode, IntPtr errorInfo)     bei System.Management.ManagementScope.InitializeGuts(Object
 o)     bei System.Management.ManagementScope.Initialize()     bei System.Management.ManagementObjectSearcher.Initialize()

   bei System.Management.ManagementObjectSearcher.Get()     bei HPPA_Service.CurrentConfiguration.FindDevice(String
 hostPath, String portName)     bei HPPA_Service.CurrentConfiguration.ApplyDeviceManagerState(List`1
 radios)     bei HPPA_Service.CurrentConfiguration.ReloadRadioList()
 
[ OSession Events ]
Error - 10/7/2011 2:21:27 AM | Computer Name = GG-HP | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 74092
 seconds with 1320 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 7/31/2012 8:24:22 AM | Computer Name = GG-HP | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 7/31/2012 8:26:30 AM | Computer Name = GG-HP | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 7/31/2012 8:26:30 AM | Computer Name = GG-HP | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 7/31/2012 8:26:30 AM | Computer Name = GG-HP | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 7/31/2012 8:31:30 AM | Computer Name = GG-HP | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 7/31/2012 8:31:30 AM | Computer Name = GG-HP | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 7/31/2012 8:31:30 AM | Computer Name = GG-HP | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 7/31/2012 8:33:36 AM | Computer Name = GG-HP | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 7/31/2012 8:33:36 AM | Computer Name = GG-HP | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 7/31/2012 8:33:36 AM | Computer Name = GG-HP | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
 
< End of report >
         
--- --- ---
[\code]

aber das mit dem appData finde ich leider nicht :-(


Alt 31.07.2012, 15:24   #6
esta
 
Bundeskriminalamt virus:-( sperrt mir internet! - Standard

Bundeskriminalamt virus:-( sperrt mir internet!



so hier sind die logs:

OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 7/31/2012 2:29:35 PM - Run 1
OTL by OldTimer - Version 3.2.55.0     Folder = C:\Users\Familie.GG-HP\Downloads
64bit- Professional  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1.75 Gb Total Physical Memory | 1.03 Gb Available Physical Memory | 59.24% Memory free
3.49 Gb Paging File | 2.98 Gb Available in Paging File | 85.19% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 280.79 Gb Total Space | 223.99 Gb Free Space | 79.77% Space Free | Partition Type: NTFS
Drive F: | 1.99 Gb Total Space | 1.98 Gb Free Space | 99.64% Space Free | Partition Type: FAT32
 
Computer Name: GG-HP | User Name: Familie | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Familie.GG-HP\Downloads\OTL.exe (OldTimer Tools)
 
 
========== Modules (No Company Name) ==========
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV:64bit: - (STacSV) -- C:\Program Files\IDT\WDM\STacSV64.exe (IDT, Inc.)
SRV:64bit: - (AESTFilters) -- C:\Program Files\IDT\WDM\AESTSr64.exe (Andrea Electronics Corporation)
SRV:64bit: - (NitroReaderDriverReadSpool2) -- C:\Program Files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe (Nitro PDF Software)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (btwdins) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
SRV:64bit: - (HP Wireless Assistant Service) -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe (Hewlett-Packard)
SRV:64bit: - (AgereModemAudio) -- C:\Program Files\LSI SoftModem\agr64svc.exe (LSI Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirWebService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira Operations GmbH & Co. KG)
SRV - (AntiVirMailService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (PCSUService) -- C:\Program Files (x86)\PC Beschleunigen\PCSUService.exe ()
SRV - (HPDrvMntSvc.exe) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company)
SRV - (hpHotkeyMonitor) -- C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe (Hewlett-Packard Company)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (pdfcDispatcher) -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe (PDF Complete Inc)
SRV - (McComponentHostService) -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (ServiceLayer) -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe (Nokia.)
SRV - (PSI_SVC_2) -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
SRV - (IJPLMSVC) -- C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE ()
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH)
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (aswSnx) -- C:\windows\SysNative\drivers\aswSnx.sys (AVAST Software)
DRV:64bit: - (aswSP) -- C:\windows\SysNative\drivers\aswSP.sys (AVAST Software)
DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (AVAST Software)
DRV:64bit: - (aswTdi) -- C:\windows\SysNative\drivers\aswTdi.sys (AVAST Software)
DRV:64bit: - (aswRdr) -- C:\Windows\SysNative\drivers\aswRdr2.sys (AVAST Software)
DRV:64bit: - (aswFsBlk) -- C:\windows\SysNative\drivers\aswFsBlk.sys (AVAST Software)
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (Fs_Rec) -- C:\windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (STHDA) -- C:\Windows\SysNative\drivers\stwrt64.sys (IDT, Inc.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (vpcbus) -- C:\Windows\SysNative\drivers\vpchbus.sys (Microsoft Corporation)
DRV:64bit: - (vpcusb) -- C:\Windows\SysNative\drivers\vpcusb.sys (Microsoft Corporation)
DRV:64bit: - (vpcnfltr) -- C:\Windows\SysNative\drivers\vpcnfltr.sys (Microsoft Corporation)
DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation)
DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (btwaudio) -- C:\Windows\SysNative\drivers\btwaudio.sys (Broadcom Corporation.)
DRV:64bit: - (btwavdt) -- C:\Windows\SysNative\drivers\btwavdt.sys (Broadcom Corporation.)
DRV:64bit: - (btwrchid) -- C:\Windows\SysNative\drivers\btwrchid.sys (Broadcom Corporation.)
DRV:64bit: - (epmntdrv) -- C:\Windows\SysNative\epmntdrv.sys ()
DRV:64bit: - (EuGdiDrv) -- C:\Windows\SysNative\EuGdiDrv.sys ()
DRV:64bit: - (btwampfl) -- C:\Windows\SysNative\drivers\btwampfl.sys (Broadcom Corporation.)
DRV:64bit: - (TFsExDisk) -- C:\Windows\SysNative\drivers\TFsExDisk.sys (Teruten Inc)
DRV:64bit: - (rtsuvc) -- C:\Windows\SysNative\drivers\rtsuvc.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (ss_bmdm) -- C:\Windows\SysNative\drivers\ss_bmdm.sys (MCCI Corporation)
DRV:64bit: - (ss_bbus) -- C:\Windows\SysNative\drivers\ss_bbus.sys (MCCI)
DRV:64bit: - (ss_bmdfl) -- C:\Windows\SysNative\drivers\ss_bmdfl.sys (MCCI Corporation)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (AtiPcie) -- C:\Windows\SysNative\drivers\AtiPcie64.sys (Advanced Micro Devices Inc.)
DRV:64bit: - (btwl2cap) -- C:\Windows\SysNative\drivers\btwl2cap.sys (Broadcom Corporation.)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (HpqKbFiltr) -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys (Hewlett-Packard Company)
DRV:64bit: - (vpcvmm) -- C:\Windows\SysNative\drivers\vpcvmm.sys (Microsoft Corporation)
DRV:64bit: - (AgereSoftModem) -- C:\Windows\SysNative\drivers\agrsm64.sys (LSI Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (usb_rndisx) -- C:\Windows\SysNative\drivers\usb8023x.sys (Microsoft Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (TPM) -- C:\Windows\SysNative\drivers\tpm.sys (Microsoft Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (pccsmcfd) -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys (Nokia)
DRV - (epmntdrv) -- C:\Windows\SysWOW64\epmntdrv.sys ()
DRV - (EuGdiDrv) -- C:\Windows\SysWOW64\EuGdiDrv.sys ()
DRV - (TFsExDisk) -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys (Teruten Inc)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCOM/10
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPCOM/10
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {D7C5183A-7397-4D9C-9B0E-BC8D16744586}
IE:64bit: - HKLM\..\SearchScopes\{D7C5183A-7397-4D9C-9B0E-BC8D16744586}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCOM/10
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPCOM/10
IE - HKLM\..\URLSearchHook: {707db484-2428-402d-afb5-d85b387544c7} - C:\Program Files (x86)\Mario_Forever\prxtbMari.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {D7C5183A-7397-4D9C-9B0E-BC8D16744586}
IE - HKLM\..\SearchScopes\{D7C5183A-7397-4D9C-9B0E-BC8D16744586}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-1998016419-1850255896-693874555-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCOM/10
IE - HKU\S-1-5-21-1998016419-1850255896-693874555-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2247187
IE - HKU\S-1-5-21-1998016419-1850255896-693874555-1002\..\URLSearchHook: {707db484-2428-402d-afb5-d85b387544c7} - C:\Program Files (x86)\Mario_Forever\prxtbMari.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-1998016419-1850255896-693874555-1002\..\SearchScopes,DefaultScope = {D7C5183A-7397-4D9C-9B0E-BC8D16744586}
IE - HKU\S-1-5-21-1998016419-1850255896-693874555-1002\..\SearchScopes\{2C6E980D-57DF-4D2E-9EDF-FA445BCC3AE1}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2247187
IE - HKU\S-1-5-21-1998016419-1850255896-693874555-1002\..\SearchScopes\{4BF8CD25-2826-4F33-8987-EC357FA97860}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=827316&p={searchTerms}
IE - HKU\S-1-5-21-1998016419-1850255896-693874555-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..CT2247187.browser.search.defaultthis.engineName: true
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=827316"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://de-de.facebook.com/"
FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2247187&SearchSource=2&q="
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_3_300_268.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_268.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpWinExt,version=5.0: C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2237.0\npwinext.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nitropdf.com/NitroPDF: C:\Program Files (x86)\Nitro PDF\Reader 2\npnitromozilla.dll ( )
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\msntoolbar@msn.com: C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2237.0\Firefox [2010/09/09 03:09:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2010/09/09 03:09:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2010/09/09 03:09:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/07/05 11:00:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/04/21 07:40:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/06/18 21:04:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012/06/30 20:17:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
 
[2011/06/14 21:52:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Familie.GG-HP\AppData\Roaming\mozilla\Extensions
[2012/07/18 08:44:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Familie.GG-HP\AppData\Roaming\mozilla\Firefox\Profiles\j9crxxxf.default\extensions
[2012/06/29 22:15:41 | 000,000,853 | ---- | M] () -- C:\Users\Familie.GG-HP\AppData\Roaming\Mozilla\Firefox\Profiles\j9crxxxf.default\searchplugins\11-suche.xml
[2012/07/18 08:38:12 | 000,000,919 | ---- | M] () -- C:\Users\Familie.GG-HP\AppData\Roaming\Mozilla\Firefox\Profiles\j9crxxxf.default\searchplugins\conduit.xml
[2012/06/29 22:15:41 | 000,002,209 | ---- | M] () -- C:\Users\Familie.GG-HP\AppData\Roaming\Mozilla\Firefox\Profiles\j9crxxxf.default\searchplugins\englische-ergebnisse.xml
[2012/06/29 22:15:40 | 000,010,506 | ---- | M] () -- C:\Users\Familie.GG-HP\AppData\Roaming\Mozilla\Firefox\Profiles\j9crxxxf.default\searchplugins\gmx-suche.xml
[2012/06/29 22:15:41 | 000,002,368 | ---- | M] () -- C:\Users\Familie.GG-HP\AppData\Roaming\Mozilla\Firefox\Profiles\j9crxxxf.default\searchplugins\lastminute.xml
[2012/06/29 22:15:40 | 000,005,489 | ---- | M] () -- C:\Users\Familie.GG-HP\AppData\Roaming\Mozilla\Firefox\Profiles\j9crxxxf.default\searchplugins\webde-suche.xml
[2012/06/15 14:44:37 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2011/08/30 16:50:09 | 000,000,000 | ---D | M] (pdfforge Toolbar) -- C:\PROGRAM FILES (X86)\PDFFORGE TOOLBAR\FF
[2012/04/21 07:40:40 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/03/03 14:46:34 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011/12/09 19:23:32 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2012/03/03 14:33:44 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012/03/03 14:33:44 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/03/03 14:33:44 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012/03/03 14:33:44 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012/03/03 14:33:44 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012/03/03 14:33:44 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - homepage: hxxp://search.conduit.com/?ctid=CT2247187&SearchSource=48&sspv=CHOB15
CHR - homepage: hxxp://search.conduit.com/?ctid=CT2247187&SearchSource=48&sspv=CHOB15
CHR - Extension: YouTube = C:\Users\Familie.GG-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google-Suche = C:\Users\Familie.GG-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: avast! WebRep = C:\Users\Familie.GG-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1456_0\
CHR - Extension: Mario Forever = C:\Users\Familie.GG-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\jllpjckabhalgdienlngoikeehalibei\2.3.4.980_0\
CHR - Extension: Google Mail = C:\Users\Familie.GG-HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2009/06/10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2 - BHO: (Mario Forever Toolbar) - {707db484-2428-402d-afb5-d85b387544c7} - C:\Program Files (x86)\Mario_Forever\prxtbMari.dll (Conduit Ltd.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files (x86)\pdfforge Toolbar\IE\4.6\pdfforgeToolbarIE.dll (Spigot, Inc.)
O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2237.0\npwinext.dll (Microsoft Corporation)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Mario Forever Toolbar) - {707db484-2428-402d-afb5-d85b387544c7} - C:\Program Files (x86)\Mario_Forever\prxtbMari.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (@C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2237.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2237.0\npwinext.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files (x86)\pdfforge Toolbar\IE\4.6\pdfforgeToolbarIE.dll (Spigot, Inc.)
O3 - HKU\S-1-5-21-1998016419-1850255896-693874555-1002\..\Toolbar\WebBrowser: (Mario Forever Toolbar) - {707DB484-2428-402D-AFB5-D85B387544C7} - C:\Program Files (x86)\Mario_Forever\prxtbMari.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [CanonSolutionMenu] C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe ()
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NOBuActivation.exe (Symantec Corporation)
O4 - HKLM..\Run: [NPSStartup]  File not found
O4 - HKLM..\Run: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe (PDF Complete Inc)
O4 - HKLM..\Run: [QLBController] C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Familie.GG-HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O4 - Startup: C:\Users\GG\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000020 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKLM\..Trusted Domains: //about.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Exclude.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //FWEvent.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //LanguageSelection.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Message.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //MyAgttryCmd.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //MyAgttryNag.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //MyNotification.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //NOCLessUpdate.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //quarantine.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //ScanNow.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //strings.vbs/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Template.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Update.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //VirFound.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafee.com ([*] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafee.com ([*] https in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([betavscan] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([betavscan] https in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([vs] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([vs] https in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([www] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([www] https in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0AF47D53-754F-4731-9E3E-9E2F96599C0A}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~1\Office12\GRA32A~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
 
MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Google Calendar Sync.lnk - C:\PROGRA~2\Google\GOOGLE~1\GOOGLE~1.EXE - (Google)
MsConfig:64bit - StartUpReg: PCSpeedUp - hkey= - key= - C:\Program Files (x86)\PC Beschleunigen\PCSpeedUp.lnk ()
MsConfig:64bit - StartUpReg: SearchSettings - hkey= - key= - C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
MsConfig:64bit - StartUpReg: SynTPEnh - hkey= - key= - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics Incorporated)
MsConfig:64bit - State: "startup" - Reg Error: Key error.
 
CREATERESTOREPOINT
Unable to start System Restore Service. Error code 1084
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012/07/31 10:29:31 | 000,000,000 | ---D | C] -- C:\Users\Familie.GG-HP\AppData\Roaming\Avira
[2012/07/31 10:22:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2012/07/31 10:21:02 | 000,132,832 | ---- | C] (Avira GmbH) -- C:\windows\SysNative\drivers\avipbb.sys
[2012/07/31 10:21:02 | 000,098,848 | ---- | C] (Avira GmbH) -- C:\windows\SysNative\drivers\avgntflt.sys
[2012/07/31 10:21:02 | 000,027,760 | ---- | C] (Avira GmbH) -- C:\windows\SysNative\drivers\avkmgr.sys
[2012/07/31 10:20:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2012/07/31 10:20:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2012/07/31 08:10:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012/07/31 02:21:29 | 000,000,000 | ---D | C] -- C:\Users\Familie.GG-HP\AppData\Roaming\Malwarebytes
[2012/07/31 02:21:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/07/31 02:21:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/07/31 02:21:08 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys
[2012/07/31 02:21:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/07/31 01:42:45 | 000,000,000 | ---D | C] -- C:\windows\SysNative\EventProviders
[2012/07/31 01:41:45 | 000,000,000 | ---D | C] -- C:\1b59ae919142615c39de3fb1
[2012/07/18 16:54:45 | 000,000,000 | ---D | C] -- C:\ProgramData\TreeCardGames
[2012/07/18 08:38:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Conduit
[2012/07/18 08:38:52 | 000,000,000 | ---D | C] -- C:\Users\Familie.GG-HP\AppData\Local\Conduit
[2012/07/18 08:38:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mario_Forever
[2012/07/18 08:38:15 | 000,000,000 | ---D | C] -- C:\Users\Familie.GG-HP\AppData\Local\CRE
[2012/07/18 08:36:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mario Forever
[2012/07/18 08:36:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mario Forever
[2012/07/18 08:35:53 | 000,000,000 | ---D | C] -- C:\Users\Familie.GG-HP\AppData\Roaming\TreeCardGames
[2012/07/18 08:35:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\123 Free Solitaire
[2012/07/18 08:35:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\123 Free Solitaire
[2012/07/14 01:21:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Canneverbe Limited
[2012/07/14 01:19:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CDBurnerXP
[2012/07/07 19:49:51 | 000,000,000 | ---D | C] -- C:\Users\Familie.GG-HP\Documents\SNES
[2012/07/07 19:41:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2012/07/07 19:41:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\7-Zip
[2012/07/06 07:44:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2012/07/05 12:47:27 | 000,000,000 | ---D | C] -- C:\Users\Familie.GG-HP\.webKONRAD
 
========== Files - Modified Within 30 Days ==========
 
[2012/07/31 14:16:30 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012/07/31 14:16:22 | 1875,439,616 | -HS- | M] () -- C:\hiberfil.sys
[2012/07/31 14:08:11 | 000,000,884 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2012/07/31 14:06:11 | 000,001,102 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/07/31 14:01:47 | 000,001,098 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/07/31 12:33:13 | 000,020,944 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/07/31 12:33:13 | 000,020,944 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/07/31 10:22:40 | 000,002,066 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012/07/31 10:20:00 | 000,000,320 | ---- | M] () -- C:\windows\tasks\HPCeeScheduleForGG.job
[2012/07/31 10:16:35 | 000,027,760 | ---- | M] (Avira GmbH) -- C:\windows\SysNative\drivers\avkmgr.sys
[2012/07/31 10:16:34 | 000,132,832 | ---- | M] (Avira GmbH) -- C:\windows\SysNative\drivers\avipbb.sys
[2012/07/31 10:16:33 | 000,098,848 | ---- | M] (Avira GmbH) -- C:\windows\SysNative\drivers\avgntflt.sys
[2012/07/31 09:59:53 | 000,001,994 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012/07/31 02:21:09 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012/07/31 01:55:52 | 000,000,000 | -H-- | M] () -- C:\windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2012/07/31 01:43:15 | 004,503,728 | ---- | M] () -- C:\ProgramData\ras_0oed.pad
[2012/07/22 19:15:33 | 000,000,340 | ---- | M] () -- C:\windows\tasks\HPCeeScheduleForFamilie.job
[2012/07/21 15:33:54 | 001,507,342 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2012/07/21 15:33:54 | 000,659,804 | ---- | M] () -- C:\windows\SysNative\perfh007.dat
[2012/07/21 15:33:54 | 000,619,704 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2012/07/21 15:33:54 | 000,131,904 | ---- | M] () -- C:\windows\SysNative\perfc007.dat
[2012/07/21 15:33:54 | 000,108,024 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2012/07/18 08:49:08 | 000,000,020 | ---- | M] () -- C:\windows\mafosav.INI
[2012/07/18 08:39:02 | 000,000,009 | ---- | M] () -- C:\END
[2012/07/18 08:35:45 | 000,001,033 | ---- | M] () -- C:\Users\Public\Desktop\123 Free Solitaire.lnk
[2012/07/15 07:28:33 | 000,442,856 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2012/07/14 01:19:59 | 000,001,949 | ---- | M] () -- C:\Users\Public\Desktop\CDBurnerXP.lnk
[2012/07/12 08:18:08 | 000,002,340 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012/07/05 11:00:07 | 000,000,000 | ---- | M] () -- C:\windows\SysWow64\config.nt
[2012/07/03 18:21:52 | 000,958,400 | ---- | M] (AVAST Software) -- C:\windows\SysNative\drivers\aswSnx.sys
[2012/07/03 18:21:52 | 000,355,856 | ---- | M] (AVAST Software) -- C:\windows\SysNative\drivers\aswSP.sys
[2012/07/03 18:21:52 | 000,071,064 | ---- | M] (AVAST Software) -- C:\windows\SysNative\drivers\aswMonFlt.sys
[2012/07/03 18:21:52 | 000,059,728 | ---- | M] (AVAST Software) -- C:\windows\SysNative\drivers\aswTdi.sys
[2012/07/03 18:21:52 | 000,054,072 | ---- | M] (AVAST Software) -- C:\windows\SysNative\drivers\aswRdr2.sys
[2012/07/03 18:21:51 | 000,025,232 | ---- | M] (AVAST Software) -- C:\windows\SysNative\drivers\aswFsBlk.sys
[2012/07/03 18:21:32 | 000,041,224 | ---- | M] (AVAST Software) -- C:\windows\avastSS.scr
[2012/07/03 18:21:28 | 000,227,648 | ---- | M] (AVAST Software) -- C:\windows\SysWow64\aswBoot.exe
[2012/07/03 18:21:18 | 000,285,328 | ---- | M] (AVAST Software) -- C:\windows\SysNative\aswBoot.exe
[2012/07/03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys
 
========== Files Created - No Company Name ==========
 
[2012/07/31 10:22:40 | 000,002,066 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012/07/31 02:21:09 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012/07/31 01:55:52 | 000,000,000 | -H-- | C] () -- C:\windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2012/07/31 01:24:26 | 004,503,728 | ---- | C] () -- C:\ProgramData\ras_0oed.pad
[2012/07/18 08:49:08 | 000,000,020 | ---- | C] () -- C:\windows\mafosav.INI
[2012/07/18 08:39:02 | 000,000,009 | ---- | C] () -- C:\END
[2012/07/18 08:35:45 | 000,001,045 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\123 Free Solitaire.lnk
[2012/07/18 08:35:45 | 000,001,033 | ---- | C] () -- C:\Users\Public\Desktop\123 Free Solitaire.lnk
[2012/07/14 01:19:59 | 000,001,949 | ---- | C] () -- C:\Users\Public\Desktop\CDBurnerXP.lnk
[2012/07/14 01:19:59 | 000,001,899 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CDBurnerXP.lnk
[2012/07/06 07:44:22 | 000,002,340 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012/05/08 16:41:01 | 000,195,531 | ---- | C] () -- C:\Users\Familie.GG-HP\Masstabelle.pdf
[2011/08/31 22:07:36 | 001,530,612 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2011/06/14 18:01:14 | 002,336,384 | ---- | C] () -- C:\windows\SysWow64\BootMan.exe
[2011/06/14 18:01:14 | 000,086,408 | ---- | C] () -- C:\windows\SysWow64\setupempdrv03.exe
[2011/06/14 18:01:14 | 000,014,848 | ---- | C] () -- C:\windows\SysWow64\EuEpmGdi.dll
[2011/06/14 18:01:14 | 000,014,216 | ---- | C] () -- C:\windows\SysWow64\epmntdrv.sys
[2011/06/14 18:01:14 | 000,008,456 | ---- | C] () -- C:\windows\SysWow64\EuGdiDrv.sys
[2010/10/29 09:37:02 | 000,000,000 | ---- | C] () -- C:\windows\ativpsrm.bin
[2010/09/09 03:08:35 | 000,000,188 | ---- | C] () -- C:\windows\SysWow64\HPWA.ini
 
========== LOP Check ==========
 
[2012/01/29 17:18:32 | 000,000,000 | ---D | M] -- C:\Users\Familie.GG-HP\AppData\Roaming\Nitro PDF
[2012/03/03 01:37:14 | 000,000,000 | ---D | M] -- C:\Users\Familie.GG-HP\AppData\Roaming\OpenCandy
[2011/06/22 17:00:02 | 000,000,000 | ---D | M] -- C:\Users\Familie.GG-HP\AppData\Roaming\OpenOffice.org
[2011/09/17 13:16:03 | 000,000,000 | ---D | M] -- C:\Users\Familie.GG-HP\AppData\Roaming\PC Suite
[2011/12/20 15:23:33 | 000,000,000 | ---D | M] -- C:\Users\Familie.GG-HP\AppData\Roaming\PerformerSoft
[2011/12/29 20:37:56 | 000,000,000 | ---D | M] -- C:\Users\Familie.GG-HP\AppData\Roaming\Rovio
[2012/05/22 17:13:18 | 000,000,000 | ---D | M] -- C:\Users\Familie.GG-HP\AppData\Roaming\Thunderbird
[2012/07/18 08:35:53 | 000,000,000 | ---D | M] -- C:\Users\Familie.GG-HP\AppData\Roaming\TreeCardGames
[2012/07/14 01:21:50 | 000,000,000 | ---D | M] -- C:\Users\GG\AppData\Roaming\Canneverbe Limited
[2011/10/27 12:33:09 | 000,000,000 | ---D | M] -- C:\Users\GG\AppData\Roaming\Downloaded Installations
[2012/02/02 16:15:40 | 000,000,000 | ---D | M] -- C:\Users\GG\AppData\Roaming\Nitro PDF
[2011/06/22 15:05:42 | 000,000,000 | ---D | M] -- C:\Users\GG\AppData\Roaming\OpenOffice.org
[2011/08/26 11:48:14 | 000,000,000 | ---D | M] -- C:\Users\GG\AppData\Roaming\PC Suite
[2011/08/26 14:34:58 | 000,000,000 | ---D | M] -- C:\Users\GG\AppData\Roaming\Samsung
[2011/06/14 17:30:48 | 000,000,000 | ---D | M] -- C:\Users\GG\AppData\Roaming\Thunderbird
[2012/05/19 00:17:49 | 000,032,640 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*. >
[2012/05/07 20:28:19 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2012/07/31 01:42:07 | 000,000,000 | ---D | M] -- C:\1b59ae919142615c39de3fb1
[2009/07/27 17:04:41 | 000,000,000 | -HSD | M] -- C:\boot
[2011/06/19 09:48:30 | 000,000,000 | ---D | M] -- C:\dc43f76bb24ec8f493df17901f
[2009/07/14 07:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2010/09/09 01:24:36 | 000,000,000 | ---D | M] -- C:\EFI
[2010/09/09 03:38:14 | 000,000,000 | -H-D | M] -- C:\hp
[2011/08/31 21:44:40 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2009/07/14 05:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2012/06/15 16:05:12 | 000,000,000 | R--D | M] -- C:\Program Files
[2012/07/31 10:20:35 | 000,000,000 | R--D | M] -- C:\Program Files (x86)
[2012/07/31 10:20:35 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2012/01/23 12:31:17 | 000,000,000 | ---D | M] -- C:\swsetup
[2012/07/31 10:25:21 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2011/11/29 00:19:08 | 000,000,000 | -H-D | M] -- C:\SYSTEM.SAV
[2011/12/03 11:33:47 | 000,000,000 | ---D | M] -- C:\Tivola
[2011/06/14 20:12:01 | 000,000,000 | R--D | M] -- C:\Users
[2012/07/18 08:49:08 | 000,000,000 | ---D | M] -- C:\Windows
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
< MD5 for: AGP440.SYS  >
[2009/07/14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\windows\SysNative\drivers\AGP440.sys
[2009/07/14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\AGP440.sys
[2009/07/14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
[2009/07/14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\windows\SysNative\drivers\atapi.sys
[2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_0dbde3119acb22ca\atapi.sys
[2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys
[2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_dab2e93700ba2683\atapi.sys
[2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16552_none_394a8c733b252fb9\atapi.sys
[2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16593_none_39204d0d3b44b8d4\atapi.sys
[2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.20669_none_39d05b5854449cd5\atapi.sys
[2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.20713_none_3a006b1e5421763d\atapi.sys
[2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009/07/14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009/07/14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009/07/14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\windows\SysNative\cngaudit.dll
[2009/07/14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: EXPLORER.EXE  >
[2011/02/26 08:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\explorer.exe
[2011/02/26 08:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011/02/26 07:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009/07/14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011/02/26 07:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2010/09/09 02:50:22 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011/02/26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\SysWOW64\explorer.exe
[2011/02/26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011/02/25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 08:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 14:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2010/09/09 02:39:14 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011/02/25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010/09/09 02:50:22 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2010/09/09 02:39:14 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010/11/20 15:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2010/09/09 02:50:22 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2010/09/09 02:39:14 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/14 03:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2010/09/09 02:50:22 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2011/02/26 08:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2010/09/09 02:39:14 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
 
< MD5 for: IASTORV.SYS  >
[2010/11/20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2010/05/12 10:37:57 | 000,410,504 | ---- | M] (Intel Corporation) MD5=513DC087CFED7D2BB82F005385D3531F -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16592_none_0af87721a183cb70\iaStorV.sys
[2011/03/11 08:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011/03/11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
[2011/03/11 08:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\windows\SysNative\drivers\iaStorV.sys
[2011/03/11 08:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0033117673c16921\iaStorV.sys
[2011/03/11 08:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys
[2011/03/11 08:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys
[2009/07/14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_18cccb83b34e1453\iaStorV.sys
[2009/07/14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
[2010/05/12 10:50:37 | 000,410,496 | ---- | M] (Intel Corporation) MD5=E353CF970C5D4D6A092911E15FB78C07 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20712_none_0bd89532ba6088d9\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009/07/14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\windows\SysNative\netlogon.dll
[2009/07/14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2010/11/20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010/11/20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
[2009/07/14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll
[2009/07/14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2010/05/12 10:38:10 | 000,166,280 | ---- | M] (NVIDIA Corporation) MD5=0AF7B8136794E23E87BE138992880E64 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16592_none_95c1e7d0d8ba7548\nvstor.sys
[2009/07/14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvstor.sys
[2009/07/14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
[2011/03/11 08:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\windows\SysNative\drivers\nvstor.sys
[2011/03/11 08:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_38e464dbe521cc7f\nvstor.sys
[2011/03/11 08:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys
[2011/03/11 08:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys
[2010/05/12 10:50:49 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=CE76755AF933E728CEBA6C7A970838A4 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20712_none_96a205e1f19732b1\nvstor.sys
[2011/03/11 08:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011/03/11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010/11/20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009/07/14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll
[2009/07/14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009/07/14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\windows\SysNative\scecli.dll
[2009/07/14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
[2010/11/20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010/11/20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010/11/20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2009/07/14 03:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\windows\SysNative\user32.dll
[2009/07/14 03:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[2009/07/14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\SysWOW64\user32.dll
[2009/07/14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
[2010/11/20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010/11/20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe
[2009/07/14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\windows\SysNative\userinit.exe
[2009/07/14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010/11/20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010/11/20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009/07/14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2012/07/03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2010/09/09 02:50:22 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2010/09/09 02:50:22 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\windows\SysNative\winlogon.exe
[2010/09/09 02:50:22 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009/07/14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\windows\SysNative\drivers\ws2ifsl.sys
[2009/07/14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
< %USERPROFILE%\*.* >
[2012/05/08 16:41:03 | 000,195,531 | ---- | M] () -- C:\Users\Familie.GG-HP\Masstabelle.pdf
[2012/07/31 14:31:25 | 002,097,152 | -HS- | M] () -- C:\Users\Familie.GG-HP\NTUSER.DAT
[2012/07/31 14:31:25 | 000,262,144 | -HS- | M] () -- C:\Users\Familie.GG-HP\ntuser.dat.LOG1
[2011/06/14 20:12:06 | 000,000,000 | -HS- | M] () -- C:\Users\Familie.GG-HP\ntuser.dat.LOG2
[2011/06/15 00:37:55 | 000,065,536 | -HS- | M] () -- C:\Users\Familie.GG-HP\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
[2011/06/15 00:37:55 | 000,524,288 | -HS- | M] () -- C:\Users\Familie.GG-HP\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
[2011/06/15 00:37:55 | 000,524,288 | -HS- | M] () -- C:\Users\Familie.GG-HP\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
[2012/03/18 01:34:46 | 000,065,536 | -HS- | M] () -- C:\Users\Familie.GG-HP\NTUSER.DAT{ab064078-7088-11e1-8f45-e02a820293f6}.TM.blf
[2012/03/18 01:34:45 | 000,524,288 | -HS- | M] () -- C:\Users\Familie.GG-HP\NTUSER.DAT{ab064078-7088-11e1-8f45-e02a820293f6}.TMContainer00000000000000000001.regtrans-ms
[2012/03/18 01:34:46 | 000,524,288 | -HS- | M] () -- C:\Users\Familie.GG-HP\NTUSER.DAT{ab064078-7088-11e1-8f45-e02a820293f6}.TMContainer00000000000000000002.regtrans-ms
[2009/07/27 16:09:59 | 000,000,020 | -HS- | M] () -- C:\Users\Familie.GG-HP\ntuser.ini
 
< %USERPROFILE%\Local Settings\Temp\*.exe >
 
< %USERPROFILE%\Local Settings\Temp\*.dll >
 
< %USERPROFILE%\Application Data\*.exe >
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
 
<           >

< End of report >
         
--- --- ---
[\code]

OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 7/31/2012 2:29:36 PM - Run 1
OTL by OldTimer - Version 3.2.55.0     Folder = C:\Users\Familie.GG-HP\Downloads
64bit- Professional  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1.75 Gb Total Physical Memory | 1.03 Gb Available Physical Memory | 59.24% Memory free
3.49 Gb Paging File | 2.98 Gb Available in Paging File | 85.19% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 280.79 Gb Total Space | 223.99 Gb Free Space | 79.77% Space Free | Partition Type: NTFS
Drive F: | 1.99 Gb Total Space | 1.98 Gb Free Space | 99.64% Space Free | Partition Type: FAT32
 
Computer Name: GG-HP | User Name: Familie | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
 
[HKEY_USERS\S-1-5-21-1998016419-1850255896-693874555-1002\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0E7BE1C0-E944-47CD-AD2C-536BBFFBCFF5}" = rport=137 | protocol=17 | dir=out | app=system | 
"{189D4465-F93F-4D45-9D68-CCE79BFE302C}" = lport=138 | protocol=17 | dir=in | app=system | 
"{2408FB0F-279A-4A7E-A353-50817878F0BA}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{24BBD07F-0727-4E8B-B792-A84CC62C87DD}" = rport=138 | protocol=17 | dir=out | app=system | 
"{2AEFB996-0028-4BE8-9939-05FFD121B312}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{43CED6A7-F928-4EC8-9149-0F325715D6FD}" = lport=445 | protocol=6 | dir=in | app=system | 
"{462DD7F4-61D5-4590-8681-EC0895944E04}" = rport=139 | protocol=6 | dir=out | app=system | 
"{4995C464-28EA-41CA-B804-C66B186BD63B}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{4B80D4D3-2993-4612-B3E1-54C84923012F}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{55DC4547-068A-44D3-A365-82E5B21C590B}" = rport=2869 | protocol=6 | dir=out | app=system | 
"{5D61ED8E-4293-473D-8D90-6915D420D350}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{5F6B15C7-752D-4B61-AA77-9A078BFBA5A2}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{71377E6B-F3C8-468A-A368-785B03241BE0}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{78A0443E-429C-4BB6-BEDE-F1DD9F201FC0}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{7BE1902A-8456-4A08-9907-F02B0DE22DD3}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{87BB19A9-B7A4-40DF-84BF-105DC66B258F}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{8B5F11DB-47EA-4389-B214-11DF3DDE34AB}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{916CDE4B-C5BD-45AF-B0DE-2072883D4E74}" = rport=445 | protocol=6 | dir=out | app=system | 
"{A0DF94DF-4F42-498A-B5D7-F14EFD955496}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{B3E143CD-DFBD-4DBF-B5F7-61C603DDFE30}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{B9B671E3-B3E1-4DC1-B82C-C5826A2D483C}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe | 
"{C86D6569-4E60-4789-A4EC-A67283A4D516}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{C9435DC0-80BF-4BC0-8120-A8AF55F36B65}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{CCE4C9E2-8322-44D4-A520-C2A53AB1D9EF}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{D0FDF753-B796-4B83-8A83-DCA4B0CF76C1}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{DB8D675E-6936-4A38-B269-30F5449D04BE}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{E187247D-FF71-4DC3-845A-7DAD753AB462}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{E39C7F91-27BD-4221-A8AD-72052B9DD9B7}" = lport=139 | protocol=6 | dir=in | app=system | 
"{F3A28E2B-0E8D-4F88-9AED-7B041F37688C}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{F44069B5-EF62-4376-B2F7-E9B660D6DCA2}" = lport=137 | protocol=17 | dir=in | app=system | 
"{F6514B32-707D-4A54-9515-57090E0BDAF3}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0F6D7F9F-67C4-41F2-B576-8F52EC95CE21}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{162DE246-8FA4-4DFC-8B15-53E2C66792E7}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{1800DF1C-8FAC-4591-8FF9-070486B10C00}" = protocol=6 | dir=in | app=c:\program files (x86)\samsung\samsung new pc studio\npsasvr.exe | 
"{3C857A22-669D-4D5A-A40B-3D0B6AFC6BFE}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | 
"{5321E475-9FE5-4B5D-A4B3-64DADFDC08B7}" = protocol=17 | dir=in | app=c:\program files (x86)\samsung\samsung new pc studio\npsvsvr.exe | 
"{594BD1BE-FA27-446E-A0E6-E42F01982783}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{5C20539A-D2BE-43AA-8EB2-DAA35A5B521C}" = protocol=17 | dir=in | app=c:\program files (x86)\samsung\samsung new pc studio\npsasvr.exe | 
"{6245A557-F413-4547-91D9-22C6309D8816}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{77DB8C41-E3F0-45F6-B2B5-6EE6C0908D76}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 | 
"{7B4022A5-3F23-4BB5-A52E-2ACDF382F264}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{84AF5BD9-E30B-4419-B60A-FAAA6661E750}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{876FC1B0-6DED-49BE-8568-421E231E7EAB}" = protocol=6 | dir=in | app=c:\program files (x86)\samsung\samsung new pc studio\npsvsvr.exe | 
"{92437A52-8C85-4576-AD6D-D7D42F3CE56E}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{9AB06129-F400-47FB-B04C-7E9D6A40A1E7}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{A8329CC6-80F7-4AA8-84E0-F4BAB86E0F03}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | 
"{DD45F7F7-42EB-49B9-BF49-67CF697F4BBC}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{E71C7C09-1487-49F8-A409-D73CA5F435C3}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{014C6C60-4916-48F7-916E-E8048E12E9F1}" = HP HotKey Support
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP2600_series" = Canon iP2600 series
"{2C69D297-A524-1FB1-5C00-1C52363E044F}" = ccc-utility64
"{369ABA06-0536-4E6A-A1FC-40983E268F47}" = Nitro PDF Reader 2
"{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}" = Broadcom 2070 Bluetooth 3.0
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{560932B5-8702-7FB8-01AE-265EA44FAEEB}" = ATI Catalyst Install Manager
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{92DBCA36-9B41-4DD1-941A-AED149DD37F0}" = Windows Mobile Device Center Driver Update
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{C7AE4EC3-9C13-4213-8457-74D16B353F91}" = HP Web Camera
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240CD}" = WinZip 16.0
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{EC720706-3F19-4B7F-BDDD-E31D9B3921D2}" = HP Wireless Assistant
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"BC15EA930074932BB2C4B4493C9FD4EA95087D1A" = Windows-Treiberpaket - Nokia pccsmcfd  (10/12/2007 6.85.4.0)
"Broadcom 802.11 Wireless LAN Adapter" = Broadcom 802.11 Wireless LAN Adapter
"CanonMyPrinter" = Canon My Printer
"GIMP-2_is1" = GIMP 2.7.4
"LSI Soft Modem" = LSI HDA Modem
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"PCSU-SL_is1" = PC Beschleunigen - Vollständige Deinstallation
"Samsung Mobile phone USB driver Drive" = Samsung Mobile phone USB driver Drive Software
"SynTPDeinstKey" = Synaptics Pointing Device Driver
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{36C95AD3-D330-4BAA-884A-9F3EFD15A5EA}" = Corel Home Office
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{04801E42-B1A6-4C52-9F3D-CADB5A050433}" = HP Software Setup
"{06E6E30D-B498-442F-A943-07DE41D7F785}" = Microsoft Search Enhancement Pack
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = Bing Bar
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{0B2187A6-8ACC-4012-9817-9221211EF407}" = Corel Home Office - IPM
"{0C7A1F10-3965-190D-3409-B0DD7C45C0EE}" = CCC Help Italian
"{14B61ABC-D4A7-BCF5-92BE-95CEB8DF4374}" = CCC Help Czech
"{16CA9DAC-6A40-4204-A826-33C4D52A266C}" = Catalyst Control Center - Branding
"{1A1E33D2-9824-454A-B8CB-50072118635A}" = Corel Home Office - CS Templates
"{1C598CE5-344B-997B-FF33-2976D689C0AC}" = CCC Help Greek
"{1CAC7A41-583B-4483-9FA5-3E5465AFF8C2}" = Microsoft Default Manager
"{1D11E96F-0405-4B99-8356-5750B1D9FAE9}" = Corel Home Office - JP Templates
"{1D61E881-43CD-447B-9E6B-D2C6138B2862}" = HP Webcam
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{26D19512-874B-4EDA-B7F1-779850B2AD5A}" = Corel Home Office - CT Templates
"{2DA697D7-FED3-4DE2-A174-92A2A12F9688}" = HP SoftPaq Download Manager
"{36C95AD3-D330-4BAA-884A-9F3EFD15A5EA}" = Corel Home Office
"{39C5A498-FA1A-2473-34D1-6755E5A1BC99}" = CCC Help German
"{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}" = HP Advisor
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{4412F224-3849-4461-A3E9-DEEF8D252790}" = Visual Studio C++ 10.0 Runtime
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B4911AA-98AA-F2E0-1BF4-2E2737D1C95C}" = Catalyst Control Center InstallProxy
"{5017D60D-C0A5-4CC8-8D2F-0BDA1ADF39D0}" = Corel Home Office - Templates1
"{537BF16E-7412-448C-95D8-846E85A1D817}" = Roxio Creator Business
"{5478075D-1797-1C4C-B3F0-DC8ECCA7D5C3}" = Catalyst Control Center Localization All
"{54B29835-EF99-41D2-9104-F159DE62F165}" = Bing Bar Platform
"{558ED580-6168-AF04-C71F-E63B0E149E21}" = CCC Help Korean
"{5746E4F9-77C6-47E8-A737-A5975A57B4AA}" = Corel Home Office - KR Templates
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5BF8E079-D6E2-4323-B794-75152371122A}" = Windows 7 Default Setting
"{61EDBE71-5D3E-4AB7-AD95-E53FEAF68C17}" = Bing Rewards Client Installer
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{6AFDE3BE-BC01-45A4-9D06-BBF5AD207313}" = LightScribe System Software
"{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}" = HP Support Assistant
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{79CF6EF9-8C9A-F284-5042-B5B54645B5F8}" = CCC Help Norwegian
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{7E84FAC8-C518-40F9-9807-7455301D6D25}" = SamsungConnectivityCableDriver
"{7F30B436-1196-1401-9A4F-CFF6C10D6EBA}" = CCC Help Polish
"{84EC6CDF-E378-0EBA-E4C2-BBD5489CD4EF}" = CCC Help Japanese
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{910D3FB9-E341-4DD9-B52A-3B3C0C340AF6}" = Angry Birds
"{919D10CE-CADB-8D08-3429-7FB1DFA3B043}" = CCC Help Spanish
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{96AC1B0B-02D1-4FAA-9C1E-C92ECA74921A}" = HP Setup
"{9978D298-9AA1-99EE-9975-18AAEF34DE0C}" = CCC Help Dutch
"{9D4D0B44-0A55-1905-5CF4-8A6EC311673F}" = CCC Help Russian
"{A005479C-7D10-A4CB-0BAD-5D8765E141C6}" = CCC Help Turkish
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC599724-5755-48C1-ABE7-ABB857652930}" = PC Connectivity Solution
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch
"{AF6EB833-D48A-49AC-9394-4C57489FDFF2}" = HP Software Framework
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}" = Energy Star Digital Logo
"{C1DE827D-8A61-4A77-9CCF-31AD84CC1FB6}" = HP Documentation
"{C2036B7D-C21E-38E9-FB0B-3746E82B898B}" = CCC Help Hungarian
"{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}" = Norton Online Backup
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D10B94E4-8545-CA0F-EDE9-41F62272A0DE}" = CCC Help Portuguese
"{D35A9E39-05F9-0D80-C41C-71B2FDCBE5E9}" = CCC Help Chinese Standard
"{D9989A13-B173-4048-B8A5-93C204DCB1B3}" = HP ESU for Microsoft Windows 7
"{DB393B0B-4A5D-7B50-AD80-3772372C4243}" = CCC Help Thai
"{E0A7ED39-8CD6-4351-93C3-69CCA00D12B4}" = HP Webcam Driver
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E4756B93-69FF-D723-D7F8-97FFE73A0D2C}" = CCC Help French
"{E4C82543-E98E-E66D-84A7-9C9235ADF9CE}" = CCC Help English
"{E6098043-1183-4580-89EF-423CBF807188}" = pdfforge Toolbar v4.6
"{E684A226-D7B1-4B14-9778-44AD48A654F0}" = Corel Home Office
"{E74EA3B1-7192-489D-9A57-0AE918FEC001}" = Corel Home Office - Launcher
"{E8CA17C0-5A35-3CF1-C50F-1E9783FFB08B}" = CCC Help Swedish
"{EC877639-07AB-495C-BFD1-D63AF9140810}" = Roxio Activation Module
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator Business v10
"{F0261797-E2ED-8BEC-7B6F-A7C0A0E478FF}" = ccc-core-static
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"{F45048A1-12C4-4B08-A3EB-32D88033368A}" = Corel Home Office - Templates RU
"{F6CEF69E-35EA-6086-6D7D-21E89FD70B16}" = CCC Help Finnish
"{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}" = Realtek Ethernet Controller All-In-One Windows Driver
"{F8801800-9E88-3AB1-21DA-E50EFA0F771E}" = CCC Help Danish
"{FC6256BB-BDD4-AB91-451B-86896F236769}" = CCC Help Chinese Traditional
"123 Free Solitaire_is1" = 123 Free Solitaire 2011 v8.0
"7-Zip" = 7-Zip 9.20
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"avast" = avast! Free Antivirus
"Avira AntiVir Desktop" = Avira Antivirus Premium 2012
"Canon iP2600 series Benutzerregistrierung" = Canon iP2600 series Benutzerregistrierung
"CANONIJPLM100" = PIXMA Extended Survey Program
"CanonSolutionMenu" = Canon Utilities Solution Menu
"EASEUS Partition Master Home Edition_is1" = EASEUS Partition Master 7.1.1 Home Edition
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ESET Online Scanner" = ESET Online Scanner v3
"Farm Frenzy 3" = Farm Frenzy 3
"Free Audio CD to MP3 Converter_is1" = Free Audio CD to MP3 Converter version 1.3.12.908
"Google Calendar Sync" = Google Calendar Sync
"Google Chrome" = Google Chrome
"InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"Mario_Forever Toolbar" = Mario Forever Toolbar
"McAfee Security Scan" = McAfee Security Scan Plus
"Mozilla Firefox 11.0 (x86 de)" = Mozilla Firefox 11.0 (x86 de)
"Mozilla Thunderbird 13.0.1 (x86 de)" = Mozilla Thunderbird 13.0.1 (x86 de)
"MyTomTom" = MyTomTom 3.1.0.530
"PDF Complete" = PDF Complete Special Edition
"Revo Uninstaller" = Revo Uninstaller 1.93
"SurfMusik 3.1a_is1" = SurfMusik 3.1a
"Winamp" = Winamp
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-1998016419-1850255896-693874555-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"webKONRAD" = webKONRAD
"Winamp Detect" = Winamp Erkennungs-Plug-in
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 5/17/2012 12:22:14 PM | Computer Name = GG-HP | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: atibtmon.exe, Version: 2.0.0.0, Zeitstempel:
 0x4a04ab6c  Name des fehlerhaften Moduls: atibtmon.exe, Version: 2.0.0.0, Zeitstempel:
 0x4a04ab6c  Ausnahmecode: 0xc000000d  Fehleroffset: 0x00004340  ID des fehlerhaften Prozesses:
 0x12bc  Startzeit der fehlerhaften Anwendung: 0x01cd34491d228fe3  Pfad der fehlerhaften
 Anwendung: C:\windows\system32\atibtmon.exe  Pfad des fehlerhaften Moduls: C:\windows\system32\atibtmon.exe
Berichtskennung:
 75d10369-a03c-11e1-97d4-e02a820293f6
 
Error - 5/18/2012 5:57:15 PM | Computer Name = GG-HP | Source = EventSystem | ID = 4622
Description = 
 
Error - 5/20/2012 4:57:28 AM | Computer Name = GG-HP | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: AcroRd32.exe, Version: 10.1.1.33,
 Zeitstempel: 0x4e64e4e2  Name des fehlerhaften Moduls: AcroRd32.dll, Version: 10.1.1.33,
 Zeitstempel: 0x4e64f98b  Ausnahmecode: 0xc0000005  Fehleroffset: 0x000218f8  ID des fehlerhaften
 Prozesses: 0x15e4  Startzeit der fehlerhaften Anwendung: 0x01cd35cd03ee506a  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe
Pfad
 des fehlerhaften Moduls: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.dll
Berichtskennung:
 d2f0f360-a259-11e1-8044-e02a820293f6
 
Error - 5/23/2012 11:14:33 AM | Computer Name = GG-HP | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: atibtmon.exe, Version: 2.0.0.0, Zeitstempel:
 0x4a04ab6c  Name des fehlerhaften Moduls: atibtmon.exe, Version: 2.0.0.0, Zeitstempel:
 0x4a04ab6c  Ausnahmecode: 0xc000000d  Fehleroffset: 0x00004340  ID des fehlerhaften Prozesses:
 0x225c  Startzeit der fehlerhaften Anwendung: 0x01cd38f6a1be8b85  Pfad der fehlerhaften
 Anwendung: C:\windows\system32\atibtmon.exe  Pfad des fehlerhaften Moduls: C:\windows\system32\atibtmon.exe
Berichtskennung:
 ffb91f56-a4e9-11e1-95a7-e02a820293f6
 
Error - 5/23/2012 6:18:44 PM | Computer Name = GG-HP | Source = EventSystem | ID = 4622
Description = 
 
Error - 5/28/2012 5:27:17 PM | Computer Name = GG-HP | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: atibtmon.exe, Version: 2.0.0.0, Zeitstempel:
 0x4a04ab6c  Name des fehlerhaften Moduls: atibtmon.exe, Version: 2.0.0.0, Zeitstempel:
 0x4a04ab6c  Ausnahmecode: 0xc000000d  Fehleroffset: 0x00004340  ID des fehlerhaften Prozesses:
 0x1344  Startzeit der fehlerhaften Anwendung: 0x01cd3d188e55e64c  Pfad der fehlerhaften
 Anwendung: C:\windows\system32\atibtmon.exe  Pfad des fehlerhaften Moduls: C:\windows\system32\atibtmon.exe
Berichtskennung:
 e5cdaa07-a90b-11e1-9881-e02a820293f6
 
Error - 5/31/2012 6:02:13 PM | Computer Name = GG-HP | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: atibtmon.exe, Version: 2.0.0.0, Zeitstempel:
 0x4a04ab6c  Name des fehlerhaften Moduls: atibtmon.exe, Version: 2.0.0.0, Zeitstempel:
 0x4a04ab6c  Ausnahmecode: 0xc000000d  Fehleroffset: 0x00004340  ID des fehlerhaften Prozesses:
 0xbcc  Startzeit der fehlerhaften Anwendung: 0x01cd3f78fa8555a3  Pfad der fehlerhaften
 Anwendung: C:\windows\system32\atibtmon.exe  Pfad des fehlerhaften Moduls: C:\windows\system32\atibtmon.exe
Berichtskennung:
 4645c3df-ab6c-11e1-9e59-e02a820293f6
 
Error - 6/1/2012 12:15:36 AM | Computer Name = GG-HP | Source = System Restore | ID = 8193
Description = 
 
Error - 6/2/2012 3:08:36 AM | Computer Name = GG-HP | Source = Service1 | ID = 0
Description = Der Dienst kann nicht gestartet werden. Der Dienstprozess konnte keine
 Verbindung mit dem Dienstcontroller herstellen
 
Error - 6/11/2012 6:02:40 PM | Computer Name = GG-HP | Source = EventSystem | ID = 4621
Description = 
 
[ Hewlett-Packard Events ]
Error - 12/17/2011 5:40:28 AM | Computer Name = GG-HP | Source = HPSF.exe | ID = 4000
Description = 
 
Error - 12/17/2011 5:40:39 AM | Computer Name = GG-HP | Source = HPSF.exe | ID = 4000
Description = 
 
Error - 12/17/2011 5:40:58 AM | Computer Name = GG-HP | Source = HPSF.exe | ID = 4000
Description = 
 
Error - 1/10/2012 3:10:54 AM | Computer Name = GG-HP | Source = HPSF.exe | ID = 4000
Description = 
 
Error - 1/14/2012 11:40:18 AM | Computer Name = GG-HP | Source = HPSF.exe | ID = 4000
Description = 
 
Error - 1/14/2012 11:42:00 AM | Computer Name = GG-HP | Source = HPSF.exe | ID = 4000
Description = 
 
Error - 1/14/2012 11:44:35 AM | Computer Name = GG-HP | Source = HPSF.exe | ID = 4000
Description = 
 
Error - 1/14/2012 11:47:00 AM | Computer Name = GG-HP | Source = HPSF.exe | ID = 4000
Description = 
 
Error - 1/14/2012 11:48:59 AM | Computer Name = GG-HP | Source = HPSF.exe | ID = 4000
Description = 
 
Error - 1/17/2012 6:57:22 AM | Computer Name = GG-HP | Source = HPSF.exe | ID = 4000
Description = 
 
[ HP Software Framework Events ]
Error - 7/31/2012 6:45:13 AM | Computer Name = GG-HP | Source = CaslWmi | ID = 5
Description = 2012.07.31 12:45:13.650|00000D48|Error      |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
 
Error - 7/31/2012 6:45:13 AM | Computer Name = GG-HP | Source = CaslWmi | ID = 5
Description = 2012.07.31 12:45:13.853|00000D48|Error      |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
 
Error - 7/31/2012 6:45:13 AM | Computer Name = GG-HP | Source = CaslWmi | ID = 5
Description = 2012.07.31 12:45:13.899|00000D48|Error      |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
 
Error - 7/31/2012 6:45:13 AM | Computer Name = GG-HP | Source = CaslWmi | ID = 5
Description = 2012.07.31 12:45:13.946|00000D48|Error      |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
 
Error - 7/31/2012 6:45:14 AM | Computer Name = GG-HP | Source = CaslWmi | ID = 5
Description = 2012.07.31 12:45:14.040|00000D48|Error      |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
 
Error - 7/31/2012 8:05:15 AM | Computer Name = GG-HP | Source = CaslWmi | ID = 5
Description = 2012.07.31 14:05:15.492|000015A8|Error      |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
 
Error - 7/31/2012 8:05:15 AM | Computer Name = GG-HP | Source = CaslWmi | ID = 5
Description = 2012.07.31 14:05:15.757|000015A8|Error      |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
 
Error - 7/31/2012 8:05:15 AM | Computer Name = GG-HP | Source = CaslWmi | ID = 5
Description = 2012.07.31 14:05:15.804|000015A8|Error      |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
 
Error - 7/31/2012 8:05:15 AM | Computer Name = GG-HP | Source = CaslWmi | ID = 5
Description = 2012.07.31 14:05:15.867|000015A8|Error      |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
 
Error - 7/31/2012 8:05:15 AM | Computer Name = GG-HP | Source = CaslWmi | ID = 5
Description = 2012.07.31 14:05:15.913|000015A8|Error      |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
 
[ HP Wireless Assistant Events ]
Error - 5/24/2012 5:00:25 AM | Computer Name = GG-HP | Source = HP WA Application | ID = 0
Description = HardwareAccess.UnableToConnectException Application.ApplicationStartup;
 failed to create hardware layer Fehler in der Anwendung.    bei HardwareAccess.Hardware..ctor(Dispatcher
 dispatcher, ServicePort port, Int32 timeout)     bei HardwareAccess.Hardware.Create(Dispatcher
 dispatcher, ServicePort port, Int32 timeout)     bei HPWA_Main.App.ApplicationStartup(Object
 sender, StartupEventArgs args)
 
Error - 5/24/2012 5:01:19 AM | Computer Name = GG-HP | Source = HP WA Application | ID = 0
Description = MainWindow.ShowImpl; not initialized, closing application...
 
Error - 6/2/2012 3:14:52 AM | Computer Name = GG-HP | Source = HP WA Application | ID = 0
Description = HardwareAccess.UnableToConnectException Application.ApplicationStartup;
 failed to create hardware layer Fehler in der Anwendung.    bei HardwareAccess.Hardware..ctor(Dispatcher
 dispatcher, ServicePort port, Int32 timeout)     bei HardwareAccess.Hardware.Create(Dispatcher
 dispatcher, ServicePort port, Int32 timeout)     bei HPWA_Main.App.ApplicationStartup(Object
 sender, StartupEventArgs args)
 
Error - 6/2/2012 3:15:24 AM | Computer Name = GG-HP | Source = HP WA Application | ID = 0
Description = MainWindow.ShowImpl; not initialized, closing application...
 
Error - 7/7/2012 6:46:24 AM | Computer Name = GG-HP | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException Aufruf wurde durch Messagefilter
 abgebrochen. (Ausnahme von HRESULT: 0x80010002 (RPC_E_CALL_CANCELED))    bei System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
 errorCode, IntPtr errorInfo)     bei System.Management.ManagementScope.InitializeGuts(Object
 o)     bei System.Management.ManagementScope.Initialize()     bei System.Management.ManagementObjectSearcher.Initialize()

   bei System.Management.ManagementObjectSearcher.Get()     bei HPPA_Service.CurrentConfiguration.FindDevice(String
 hostPath, String portName)     bei HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__9(RadioHardware
 radio)     bei System.Linq.Enumerable.WhereSelectListIterator`2.MoveNext()     bei 
System.Linq.Enumerable.WhereSelectEnumerableIterator`2.MoveNext()     bei HPPA_Service.CurrentConfiguration.ReloadRadioList()
 
Error - 7/10/2012 3:08:02 AM | Computer Name = GG-HP | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException Aufruf wurde durch Messagefilter
 abgebrochen. (Ausnahme von HRESULT: 0x80010002 (RPC_E_CALL_CANCELED))    bei System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
 errorCode, IntPtr errorInfo)     bei System.Management.ManagementScope.InitializeGuts(Object
 o)     bei System.Management.ManagementScope.Initialize()     bei System.Management.ManagementObjectSearcher.Initialize()

   bei System.Management.ManagementObjectSearcher.Get()     bei HPPA_Service.CurrentConfiguration.FindDevice(String
 hostPath, String portName)     bei HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__9(RadioHardware
 radio)     bei System.Linq.Enumerable.WhereSelectListIterator`2.MoveNext()     bei 
System.Linq.Enumerable.WhereSelectEnumerableIterator`2.MoveNext()     bei HPPA_Service.CurrentConfiguration.ReloadRadioList()
 
Error - 7/16/2012 11:31:07 AM | Computer Name = GG-HP | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException Aufruf wurde durch Messagefilter
 abgebrochen. (Ausnahme von HRESULT: 0x80010002 (RPC_E_CALL_CANCELED))    bei System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
 errorCode, IntPtr errorInfo)     bei System.Management.ManagementScope.InitializeGuts(Object
 o)     bei System.Management.ManagementScope.Initialize()     bei System.Management.ManagementObjectSearcher.Initialize()

   bei System.Management.ManagementObjectSearcher.Get()     bei HPPA_Service.CurrentConfiguration.FindDevice(String
 hostPath, String portName)     bei HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__9(RadioHardware
 radio)     bei System.Linq.Enumerable.WhereSelectListIterator`2.MoveNext()     bei 
System.Linq.Enumerable.WhereSelectEnumerableIterator`2.MoveNext()     bei HPPA_Service.CurrentConfiguration.ReloadRadioList()
 
Error - 7/22/2012 1:14:49 PM | Computer Name = GG-HP | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException Aufruf wurde durch Messagefilter
 abgebrochen. (Ausnahme von HRESULT: 0x80010002 (RPC_E_CALL_CANCELED))    bei System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
 errorCode, IntPtr errorInfo)     bei System.Management.ManagementScope.InitializeGuts(Object
 o)     bei System.Management.ManagementScope.Initialize()     bei System.Management.ManagementObjectSearcher.Initialize()

   bei System.Management.ManagementObjectSearcher.Get()     bei HPPA_Service.CurrentConfiguration.FindDevice(String
 hostPath, String portName)     bei HPPA_Service.CurrentConfiguration.ApplyDeviceManagerState(List`1
 radios)     bei HPPA_Service.CurrentConfiguration.ReloadRadioList()
 
Error - 7/25/2012 10:26:56 PM | Computer Name = GG-HP | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException Aufruf wurde durch Messagefilter
 abgebrochen. (Ausnahme von HRESULT: 0x80010002 (RPC_E_CALL_CANCELED))    bei System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
 errorCode, IntPtr errorInfo)     bei System.Management.ManagementScope.InitializeGuts(Object
 o)     bei System.Management.ManagementScope.Initialize()     bei System.Management.ManagementObjectSearcher.Initialize()

   bei System.Management.ManagementObjectSearcher.Get()     bei HPPA_Service.CurrentConfiguration.FindDevice(String
 hostPath, String portName)     bei HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__9(RadioHardware
 radio)     bei System.Linq.Enumerable.WhereSelectListIterator`2.MoveNext()     bei 
System.Linq.Enumerable.WhereSelectEnumerableIterator`2.MoveNext()     bei HPPA_Service.CurrentConfiguration.ReloadRadioList()
 
Error - 7/30/2012 4:20:41 PM | Computer Name = GG-HP | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException Aufruf wurde durch Messagefilter
 abgebrochen. (Ausnahme von HRESULT: 0x80010002 (RPC_E_CALL_CANCELED))    bei System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
 errorCode, IntPtr errorInfo)     bei System.Management.ManagementScope.InitializeGuts(Object
 o)     bei System.Management.ManagementScope.Initialize()     bei System.Management.ManagementObjectSearcher.Initialize()

   bei System.Management.ManagementObjectSearcher.Get()     bei HPPA_Service.CurrentConfiguration.FindDevice(String
 hostPath, String portName)     bei HPPA_Service.CurrentConfiguration.ApplyDeviceManagerState(List`1
 radios)     bei HPPA_Service.CurrentConfiguration.ReloadRadioList()
 
[ OSession Events ]
Error - 10/7/2011 2:21:27 AM | Computer Name = GG-HP | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 74092
 seconds with 1320 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 7/31/2012 8:24:22 AM | Computer Name = GG-HP | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 7/31/2012 8:26:30 AM | Computer Name = GG-HP | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 7/31/2012 8:26:30 AM | Computer Name = GG-HP | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 7/31/2012 8:26:30 AM | Computer Name = GG-HP | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 7/31/2012 8:31:30 AM | Computer Name = GG-HP | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 7/31/2012 8:31:30 AM | Computer Name = GG-HP | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 7/31/2012 8:31:30 AM | Computer Name = GG-HP | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 7/31/2012 8:33:36 AM | Computer Name = GG-HP | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 7/31/2012 8:33:36 AM | Computer Name = GG-HP | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 7/31/2012 8:33:36 AM | Computer Name = GG-HP | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
 
< End of report >
         
--- --- ---
[\code]

aber das mit dem appData finde ich leider nicht :-(

Alt 02.08.2012, 18:23   #7
markusg
/// Malware-holic
 
Bundeskriminalamt virus:-( sperrt mir internet! - Standard

Bundeskriminalamt virus:-( sperrt mir internet!



dieses script sowie evtl. folgende scripts sind nur für den jeweiligen user.
wenn ihr probleme habt, eröffnet eigene topics und wartet auf, für euch angepasste scripts.


• Starte bitte die OTL.exe
• Kopiere nun das Folgende in die Textbox.



Code:
ATTFilter
:OTL
[2012/07/31 01:43:15 | 004,503,728 | ---- | M] () -- C:\ProgramData\ras_0oed.pad
 :Files
:Commands
[purity]
[EMPTYFLASH] 
[emptytemp]
[Reboot]
         


• Schliesse bitte nun alle Programme.
• Klicke nun bitte auf den Fix Button.
• OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
• Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren.
starte in den normalen modus.

falls du keine symbole hast, dann rechtsklick, ansicht, desktop symbole einblenden
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 03.08.2012, 11:18   #8
esta
 
Bundeskriminalamt virus:-( sperrt mir internet! - Standard

Bundeskriminalamt virus:-( sperrt mir internet!



Code:
ATTFilter
  All processes killed
========== OTL ==========
C:\ProgramData\ras_0oed.pad moved successfully.
========== COMMANDS ==========
 
[EMPTYFLASH]
 
User: All Users
 
User: Default
 
User: Default User
 
User: Familie
->Flash cache emptied: 264 bytes
 
User: Familie.GG-HP
->Flash cache emptied: 11275141 bytes
 
User: GG
->Flash cache emptied: 20841 bytes
 
User: Public
 
Total Flash Files Cleaned = 11.00 mb
 
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Familie
->Temp folder emptied: 32799 bytes
->Temporary Internet Files folder emptied: 631081 bytes
->Flash cache emptied: 0 bytes
 
User: Familie.GG-HP
->Temp folder emptied: 409031816 bytes
->Temporary Internet Files folder emptied: 19801851 bytes
->Java cache emptied: 8849084 bytes
->FireFox cache emptied: 71407403 bytes
->Google Chrome cache emptied: 6502305 bytes
->Flash cache emptied: 0 bytes
 
User: GG
->Temp folder emptied: 779425268 bytes
->Temporary Internet Files folder emptied: 123063967 bytes
->Java cache emptied: 1 bytes
->FireFox cache emptied: 262038925 bytes
->Google Chrome cache emptied: 6432210 bytes
->Flash cache emptied: 0 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 410290044 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 36049828 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 2,035.00 mb
 
 
OTL by OldTimer - Version 3.2.55.0 log created on 08032012_110100

Files\Folders moved on Reboot...
C:\Users\Familie.GG-HP\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...
File C:\Users\Familie.GG-HP\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!

Registry entries deleted on Reboot...
         
nochmal vielen dank!!!jetzt schon;-)
sollte jetzt das internet wieder funktionieren?
lg

Alt 08.08.2012, 10:17   #9
esta
 
Bundeskriminalamt virus:-( sperrt mir internet! - Standard

Bundeskriminalamt virus:-( sperrt mir internet!



Hey Ich weiß du hast viel zutun aber könntest du mir hier weiterhelfen?
dankeschön!!!

Alt 08.08.2012, 18:09   #10
markusg
/// Malware-holic
 
Bundeskriminalamt virus:-( sperrt mir internet! - Standard

Bundeskriminalamt virus:-( sperrt mir internet!



sorry.
Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich
ziehen und eine Bereinigung der Infektion noch erschweren.
Downloade dir bitte Combofix von einem dieser Downloadspiegel

Link 1
Link 2


WICHTIG - Speichere Combofix auf deinem Desktop
  • Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.


Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Antwort

Themen zu Bundeskriminalamt virus:-( sperrt mir internet!
andere, anfrage, bundeskriminalamt, bundeskriminalamt virus, eset, frage, hilfe!, inter, interne, internet, laufe, laufen, sperrt, stelle, virus, weg...



Ähnliche Themen: Bundeskriminalamt virus:-( sperrt mir internet!


  1. Windows Rechner befallen - Swisscom sperrt Internet
    Plagegeister aller Art und deren Bekämpfung - 11.10.2015 (17)
  2. Bundeskriminalamt Virus
    Log-Analyse und Auswertung - 19.03.2014 (8)
  3. Österreichischen Polizeitrojaner sperrt mein Internet
    Plagegeister aller Art und deren Bekämpfung - 01.09.2012 (17)
  4. Bundeskriminalamt - Virus
    Plagegeister aller Art und deren Bekämpfung - 20.12.2011 (6)
  5. Bundeskriminalamt virus
    Plagegeister aller Art und deren Bekämpfung - 17.11.2011 (29)
  6. Bundeskriminalamt Virus
    Log-Analyse und Auswertung - 31.08.2011 (25)
  7. Bundeskriminalamt Virus
    Log-Analyse und Auswertung - 22.08.2011 (32)
  8. Bundeskriminalamt Trojaner sperrt alles
    Plagegeister aller Art und deren Bekämpfung - 19.08.2011 (1)
  9. Bundeskriminalamt Virus
    Plagegeister aller Art und deren Bekämpfung - 13.08.2011 (6)
  10. Bundeskriminalamt Virus
    Log-Analyse und Auswertung - 11.08.2011 (1)
  11. Bundeskriminalamt Virus
    Log-Analyse und Auswertung - 09.08.2011 (1)
  12. Bundeskriminalamt Virus
    Plagegeister aller Art und deren Bekämpfung - 23.06.2011 (11)
  13. Bundeskriminalamt - Virus
    Log-Analyse und Auswertung - 16.06.2011 (24)
  14. Bundeskriminalamt Virus otl.txt
    Log-Analyse und Auswertung - 28.05.2011 (3)
  15. (bundeskriminalamt) virus
    Log-Analyse und Auswertung - 13.04.2011 (16)
  16. Nod32 Smart Security 4 sperrt ab und zu mein Internet
    Antiviren-, Firewall- und andere Schutzprogramme - 11.04.2011 (9)
  17. Word sperrt Internet Explorer
    Alles rund um Windows - 14.05.2006 (7)

Zum Thema Bundeskriminalamt virus:-( sperrt mir internet! - Ich bin leider wie viele andere von diesem virus angegriffen worden!!! ich hab mir auch schon die malwarebytes-Anti-Malware gedownloaded und auch schon durch laufen lassen auch eset aber er ist - Bundeskriminalamt virus:-( sperrt mir internet!...
Archiv
Du betrachtest: Bundeskriminalamt virus:-( sperrt mir internet! auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.