Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: win7 - weißer bildschirm - trojaner; OTLPE funkt nicht

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 27.08.2012, 13:54   #1
nicoreed
 
win7 - weißer bildschirm - trojaner; OTLPE funkt nicht - Standard

win7 - weißer bildschirm - trojaner; OTLPE funkt nicht



hallo,

ich habe mir mitte letzter woche den hier schon mehrmals erwähnten trojaner "weißer bildschirm" bei win7 64bit eingefangen. nach diversen versuchen mit
wollte ich nach entsprechender anleitung(en) hier das problem mit otlpe lösen, habe die schritte wie hier beschrieben genau befolgt.
leider kann mein pc nicht von usb booten. von cd/dvd wäre es möglich, also habe ich mal den inhalt von C:\eeecpfr auf eine dvd gebrannt. diese ist aber jetzt nicht wirklich bootfähig.

ich war schon dabei win7 neu zu installieren, daten sind gesichtert (gottseidank hab ich dual-boot mit win xp am rechner).

ich habe jetzt allerdings noch folgendes zusammengebracht:
und zwar kann ich das system im "debug-modus" hochzufahren. hier läuft mal auf den ersten blick das wichtigste und ich habe KEINEN weißen bildschirm. momentan schreibe ich auch direkt vom win7.

der vollständigkeit halber: ich hatte dazwischen schon mal das system sogar im "normalen modus" hochfahren können ... und zwar mit dem "trick" eine cd mit auotrun eingelegt, neustart gedrückt, und dann auf "abbrechen" oder so in der art. und plötzlich ging es. hatte danach mit antiviurs von avira sogar 2 trojaner entdeckt und auch gelöscht, sowie ein paar warnungen. dachte das war's -> neustart -> gleiches problem wieder.
die devise lautet für mich jetzt also "bloß kein neustart"

jetzt zu meiner frage:
welche möglichkeit hab ich, vielleicht sogar jetzt direkt aus dem momentan laufenden system das problem zu beheben.

vielen dank für eure hilfe!!!!

ok, bin schon viel weiter. eine antwort nach meinem beitrag auf einen anderen mit dem gleichen problem brachte mich zu einer funktionieren olt.exe auf meinem rechner.
kann also hier meine scan-ergebnisse einfügen:

OTL.txt:
Code:
ATTFilter
OTL logfile created on: 27.08.2012 15:54:28 - Run 1
OTL by OldTimer - Version 3.2.59.1     Folder = C:\Users\nico\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000c07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,26 Gb Available Physical Memory | 56,61% Memory free
8,00 Gb Paging File | 6,22 Gb Available in Paging File | 77,75% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 146,48 Gb Total Space | 35,48 Gb Free Space | 24,22% Space Free | Partition Type: NTFS
Drive D: | 78,12 Gb Total Space | 53,50 Gb Free Space | 68,48% Space Free | Partition Type: NTFS
Drive E: | 2,97 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Drive F: | 433,53 Gb Total Space | 60,50 Gb Free Space | 13,95% Space Free | Partition Type: NTFS
Drive I: | 1,82 Gb Total Space | 1,49 Gb Free Space | 82,08% Space Free | Partition Type: FAT
Drive N: | 7,49 Gb Total Space | 5,86 Gb Free Space | 78,28% Space Free | Partition Type: FAT32
Drive O: | 298,09 Gb Total Space | 206,37 Gb Free Space | 69,23% Space Free | Partition Type: NTFS
 
Computer Name: STAND-PC | User Name: nico | Logged in as Administrator.
Cannot determine boot mode. | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\nico\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe (Adobe Systems, Inc.)
PRC - C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 11\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 11\plugin-container.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
PRC - C:\Program Files (x86)\Adobe\Adobe Illustrator CS5\Support Files\Contents\Windows\Illustrator.exe (Adobe Systems Inc.)
PRC - C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Common Files\Logishrd\LVMVFM\LVPrS64H.exe (Logitech Inc.)
PRC - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe ()
PRC - C:\Windows\SysWOW64\IoctlSvc.exe (Prolific Technology Inc.)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll ()
MOD - C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 11\mozjs.dll ()
MOD - C:\Program Files (x86)\Adobe\Adobe Illustrator CS5\Support Files\Contents\Windows\Alcid.dll ()
MOD - C:\Program Files (x86)\Adobe\Adobe Illustrator CS5\Support Files\Contents\Windows\SPBasic.dll ()
MOD - C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\zlib1.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (emaudsv) -- C:\Windows\SysNative\emaudsv.exe (E-MU Systems)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (Akamai) -- c:\program files (x86)\common files\akamai/netsession_win_4f7fccd.dll ()
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (TomTomHOMEService) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (LBTServ) -- C:\Programme\Common Files\logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV - (LVPrcS64) -- C:\Programme\Common Files\logishrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
SRV - (SwitchBoard) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (ServiceLayer) -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe (Nokia)
SRV - (NIHardwareService) -- C:\Programme\Common Files\Native Instruments\Hardware\NIHardwareService.exe (Native Instruments GmbH)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (PS3 Media Server) -- C:\Program Files (x86)\PS3 Media Server\win32\service\wrapper.exe ()
SRV - (rpcapd) -- C:\Program Files (x86)\WinPcap\rpcapd.exe (CACE Technologies)
SRV - (TryAndDecideService) -- C:\Program Files (x86)\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe ()
SRV - (AcrSch2Svc) -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe (Acronis)
SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)
SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)
SRV - (PLFlash DeviceIoControl Service) -- C:\Windows\SysWOW64\IoctlSvc.exe (Prolific Technology Inc.)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH)
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (pcouffin) -- C:\Windows\SysNative\drivers\pcouffin.sys (VSO Software)
DRV:64bit: - (pwdrvio) -- C:\Windows\SysNative\pwdrvio.sys ()
DRV:64bit: - (pwdspio) -- C:\Windows\SysNative\pwdspio.sys ()
DRV:64bit: - (ssadmdm) -- C:\Windows\SysNative\drivers\ssadmdm.sys (MCCI Corporation)
DRV:64bit: - (ssadbus) -- C:\Windows\SysNative\drivers\ssadbus.sys (MCCI Corporation)
DRV:64bit: - (ssadmdfl) -- C:\Windows\SysNative\drivers\ssadmdfl.sys (MCCI Corporation)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (vpcvmm) -- C:\Windows\SysNative\drivers\vpcvmm.sys (Microsoft Corporation)
DRV:64bit: - (vpcbus) -- C:\Windows\SysNative\drivers\vpchbus.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (vpcusb) -- C:\Windows\SysNative\drivers\vpcusb.sys (Microsoft Corporation)
DRV:64bit: - (vpcuxd) -- C:\Windows\SysNative\drivers\vpcuxd.sys (Microsoft Corporation)
DRV:64bit: - (vpcnfltr) -- C:\Windows\SysNative\drivers\vpcnfltr.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (emusba10) -- C:\Windows\SysNative\drivers\emusba10.sys (E-MU Systems)
DRV:64bit: - (LUsbFilt) -- C:\Windows\SysNative\drivers\LUsbFilt.sys (Logitech, Inc.)
DRV:64bit: - (LMouFilt) -- C:\Windows\SysNative\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV:64bit: - (LHidFilt) -- C:\Windows\SysNative\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV:64bit: - (LVPr2Mon) -- C:\Windows\SysNative\drivers\LVPr2M64.sys ()
DRV:64bit: - (LVPr2M64) -- C:\Windows\SysNative\drivers\LVPr2M64.sys ()
DRV:64bit: - (RTL85n64) -- C:\Windows\SysNative\drivers\RTL85n64.sys (Realtek Semiconductor Corporation                           )
DRV:64bit: - (AtcL001) -- C:\Windows\SysNative\drivers\l160x64.sys (Atheros Communications, Inc.)
DRV:64bit: - (LVUVC64) -- C:\Windows\SysNative\drivers\lvuvc64.sys (Logitech Inc.)
DRV:64bit: - (LVRS64) -- C:\Windows\SysNative\drivers\lvrs64.sys (Logitech Inc.)
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (netr28ux) -- C:\Windows\SysNative\drivers\netr28ux.sys (Ralink Technology Corp.)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (mcdbus) -- C:\Windows\SysNative\drivers\mcdbus.sys (MagicISO, Inc.)
DRV:64bit: - (timounter) -- C:\Windows\SysNative\drivers\timntr.sys (Acronis)
DRV:64bit: - (tifsfilter) -- C:\Windows\SysNative\drivers\tifsfilt.sys (Acronis)
DRV:64bit: - (snapman) -- C:\Windows\SysNative\drivers\snapman.sys (Acronis)
DRV:64bit: - (tdrpman) -- C:\Windows\SysNative\drivers\tdrpman.sys (Acronis)
DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys (Duplex Secure Ltd.)
DRV:64bit: - (pccsmcfd) -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys (Nokia)
DRV:64bit: - (L8042Kbd) -- C:\Windows\SysNative\drivers\L8042Kbd.sys (Logitech, Inc.)
DRV:64bit: - (NPF) -- C:\Windows\SysNative\drivers\npf.sys (CACE Technologies)
DRV:64bit: - (JRAID) -- C:\Windows\SysNative\drivers\jraid.sys (JMicron Technology Corp.)
DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ASACPI.sys ()
DRV:64bit: - (JGOGO) -- C:\Windows\SysNative\drivers\JGOGO.sys (JMicron )
DRV - (CdaC15BA) -- C:\Windows\SysWOW64\drivers\CdaC15BA.SYS (Macrovision Europe Ltd)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (mcdbus) -- C:\Windows\SysWOW64\drivers\mcdbus.sys (MagicISO, Inc.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
 
 
IE - HKU\S-1-5-21-4276689660-1082581986-1976619290-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://at.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-4276689660-1082581986-1976619290-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-AT
IE - HKU\S-1-5-21-4276689660-1082581986-1976619290-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = C4 9B 33 25 CC 74 CD 01  [binary data]
IE - HKU\S-1-5-21-4276689660-1082581986-1976619290-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-4276689660-1082581986-1976619290-1000\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-4276689660-1082581986-1976619290-1000\..\SearchScopes,DefaultScope = {E7728C17-7F8E-4C49-9E6B-16844905ECAA}
IE - HKU\S-1-5-21-4276689660-1082581986-1976619290-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-4276689660-1082581986-1976619290-1000\..\SearchScopes\{E7728C17-7F8E-4C49-9E6B-16844905ECAA}: "URL" = hxxp://www.google.de/search?q={searchTerms}&rlz=
IE - HKU\S-1-5-21-4276689660-1082581986-1976619290-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-4276689660-1082581986-1976619290-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;127.0.0.1:9421;<local>
 
========== FireFox ==========
 
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://mail.google.com/mail/?account_id=nico.reed%40gmail.com#inbox"
FF - prefs.js..extensions.enabledItems: {01A8CA0A-4C96-465b-A49B-65C46FAD54F9}:6.0
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:2.7.2.0
FF - prefs.js..extensions.enabledItems: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E}:2.9.1.0
FF - prefs.js..extensions.enabledItems: {000a9d1c-beef-4f90-9363-039d445309b8}:0.5.36.0
FF - prefs.js..extensions.enabledItems: google-wave@chad.smith:0.0.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: DeviceDetection@logitech.com:1.0.176.0
FF - prefs.js..extensions.enabledItems: VMwareVMRC@vmware.com:2.5.0.116460
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_271.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_32: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files (x86)\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2897: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.2955: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1675: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\nico\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\nico\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files (x86)\Google\Google Gears\Firefox\ [2010.03.06 15:06:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}: C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2011.01.30 15:44:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 11\components [2012.08.01 19:16:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 11\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\firejump@firejump.net: C:\Users\nico\AppData\Roaming\Mozilla\Firefox\Profiles\fuoxqe8k.default\extensions\firejump@firejump.net [2012.04.10 19:17:03 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 11\components [2012.08.01 19:16:06 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 11\plugins
 
[2011.04.27 19:30:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\nico\AppData\Roaming\mozilla\Extensions
[2011.04.27 19:30:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\nico\AppData\Roaming\mozilla\Extensions\home2@tomtom.com
[2012.08.27 14:37:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\nico\AppData\Roaming\mozilla\Firefox\Profiles\fuoxqe8k.default\extensions
[2012.07.23 18:00:50 | 000,000,000 | ---D | M] (FireShot) -- C:\Users\nico\AppData\Roaming\mozilla\Firefox\Profiles\fuoxqe8k.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}
[2010.03.20 10:59:25 | 000,000,000 | ---D | M] ("Garmin Communicator") -- C:\Users\nico\AppData\Roaming\mozilla\Firefox\Profiles\fuoxqe8k.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2012.08.01 19:16:09 | 000,000,000 | ---D | M] (ColorZilla) -- C:\Users\nico\AppData\Roaming\mozilla\Firefox\Profiles\fuoxqe8k.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}
[2012.08.21 20:52:24 | 000,000,000 | ---D | M] (DVDVideoSoftTB Community Toolbar) -- C:\Users\nico\AppData\Roaming\mozilla\Firefox\Profiles\fuoxqe8k.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2011.01.05 21:43:15 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\nico\AppData\Roaming\mozilla\Firefox\Profiles\fuoxqe8k.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.02.16 20:17:30 | 000,000,000 | ---D | M] (Vuze Remote) -- C:\Users\nico\AppData\Roaming\mozilla\Firefox\Profiles\fuoxqe8k.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}
[2011.08.15 10:05:03 | 000,000,000 | ---D | M] (Разпознаване на устройство Logitech) -- C:\Users\nico\AppData\Roaming\mozilla\Firefox\Profiles\fuoxqe8k.default\extensions\DeviceDetection@logitech.com
[2012.04.10 19:17:03 | 000,000,000 | ---D | M] (FireJump) -- C:\Users\nico\AppData\Roaming\mozilla\Firefox\Profiles\fuoxqe8k.default\extensions\firejump@firejump.net
[2009.10.30 12:32:26 | 000,000,000 | ---D | M] (Google Wave Add-on for Firefox) -- C:\Users\nico\AppData\Roaming\mozilla\Firefox\Profiles\fuoxqe8k.default\extensions\google-wave@chad.smith
[2012.08.27 14:37:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\nico\AppData\Roaming\mozilla\Firefox\Profiles\fuoxqe8k.default\extensions\staged
[2010.01.04 15:05:14 | 000,000,000 | ---D | M] (VMware Remote Console Plug-in) -- C:\Users\nico\AppData\Roaming\mozilla\Firefox\Profiles\fuoxqe8k.default\extensions\VMwareVMRC@vmware.com
[2012.08.21 19:41:15 | 000,001,611 | ---- | M] () -- C:\Users\nico\AppData\Roaming\Mozilla\Firefox\Profiles\fuoxqe8k.default\searchplugins\tuwis-lva-suche.xml
[2009.06.09 21:51:40 | 000,002,028 | ---- | M] () -- C:\Users\nico\AppData\Roaming\Mozilla\Firefox\Profiles\fuoxqe8k.default\searchplugins\xing---powering-relationships.xml
[2011.12.10 22:18:45 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2010.05.10 19:39:24 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.08.24 19:46:34 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010.11.07 21:22:45 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011.05.31 18:48:55 | 000,068,465 | ---- | M] () (No name found) -- C:\USERS\NICO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FUOXQE8K.DEFAULT\EXTENSIONS\{386869F0-E3F2-11DC-95FF-0800200C9A66}.XPI
[2011.03.27 14:11:45 | 000,242,709 | ---- | M] () (No name found) -- C:\USERS\NICO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FUOXQE8K.DEFAULT\EXTENSIONS\{582195F5-92E7-40A0-A127-DB71295901D7}.XPI
[2012.08.21 19:39:11 | 000,341,151 | ---- | M] () (No name found) -- C:\USERS\NICO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FUOXQE8K.DEFAULT\EXTENSIONS\{A7C6CF7F-112C-4500-A7EA-39801A327E5F}.XPI
[2012.03.25 11:17:26 | 000,009,847 | ---- | M] () (No name found) -- C:\USERS\NICO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FUOXQE8K.DEFAULT\EXTENSIONS\INFO@CSSUPDATER.COM.XPI
[2012.04.21 18:27:29 | 000,344,888 | ---- | M] () (No name found) -- C:\USERS\NICO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FUOXQE8K.DEFAULT\EXTENSIONS\TOOLBAR@ALEXA.COM.XPI
[2012.03.18 13:02:28 | 000,011,510 | ---- | M] () (No name found) -- C:\USERS\NICO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FUOXQE8K.DEFAULT\EXTENSIONS\YOUTUBE2MP3@MONDAYX.DE.XPI
[2010.03.27 19:06:04 | 000,067,032 | ---- | M] (Adobe Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npContribute.dll
[2010.09.15 05:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
 
========== Chrome  ==========
 
CHR - homepage: hxxp://www.google.at/ig?hl=de&source=iglk
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: hxxp://www.google.at/ig?hl=de&source=iglk
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\nico\AppData\Local\Google\Chrome\Application\21.0.1180.79\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\nico\AppData\Local\Google\Chrome\Application\21.0.1180.79\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\nico\AppData\Local\Google\Chrome\Application\21.0.1180.79\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\nico\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: ActiveTouch General Plugin Container (Enabled) = C:\Users\nico\AppData\Local\Google\Chrome\Application\plugins\npatgpc.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Updater (Enabled) = C:\Program Files (x86)\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 6 U32 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 6.0.320.5 (Enabled) = C:\Windows\SysWOW64\npdeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit)  (Enabled) = C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
 
O1 HOSTS File: ([2011.01.30 14:41:50 | 000,000,791 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O1 - Hosts: 127.0.0.1 activate.adobe.com
O2:64bit: - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 9\DLLx64\SnagitBHO64.dll (TechSmith Corporation)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.2.4204.1700\swg64.dll (Google Inc.)
O2 - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 9\SnagitBHO.dll (TechSmith Corporation)
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
O2 - BHO: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.)
O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files (x86)\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3:64bit: - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
O3 - HKLM\..\Toolbar: (FireShot) - {6E6E744E-4D20-4ce3-9A7A-26DFFFE22F68} - C:\Users\nico\AppData\Roaming\Mozilla\Firefox\Profiles\fuoxqe8k.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\library\fsaddin-0.76.dll File not found
O3 - HKLM\..\Toolbar: (Snagit) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 9\SnagitIEAddin.dll (TechSmith Corporation)
O3 - HKLM\..\Toolbar: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.)
O3:64bit: - HKU\S-1-5-21-4276689660-1082581986-1976619290-1000\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()
O3 - HKU\S-1-5-21-4276689660-1082581986-1976619290-1000\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll ()
O4:64bit: - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdcBase.exe (Microsoft Corporation)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [AcronisTimounterMonitor] C:\Program Files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe (Acronis)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe ()
O4 - HKLM..\Run: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
O4 - HKLM..\Run: [MbWzdFPAP-EXL600] C:\Windows\SysWOW64\FPAP-EXL600\PdtGuide.exe ()
O4 - HKLM..\Run: [NBKeyScan] C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKLM..\Run: [UpdReg] C:\Windows\Updreg.EXE (Creative Technology Ltd.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-4276689660-1082581986-1976619290-1000..\Run: [AdobeBridge]  File not found
O4 - HKU\S-1-5-21-4276689660-1082581986-1976619290-1000..\Run: [Akamai NetSession Interface] C:\Users\nico\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc)
O4 - HKU\S-1-5-21-4276689660-1082581986-1976619290-1000..\Run: [E-MU USB Audio Control Panel] C:\Program Files (x86)\Creative Professional\E-MU USB Audio\EmuUsbAudioCP.exe (E-MU Systems)
O4 - HKU\S-1-5-21-4276689660-1082581986-1976619290-1000..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
O4 - HKU\S-1-5-21-4276689660-1082581986-1976619290-1000..\Run: [ONAIR] C:\Programme\ONAIR\ONAIR.exe (DJMASTER.COM)
O4 - HKU\S-1-5-21-4276689660-1082581986-1976619290-1000..\Run: [Spotify Web Helper] C:\Users\nico\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe ()
O4 - HKU\S-1-5-21-4276689660-1082581986-1976619290-1000..\Run: [TomTomHOME.exe] C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-4276689660-1082581986-1976619290-1000..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_271_Plugin.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Users\nico\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\nico\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\nico\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk = C:\Program Files (x86)\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\nico\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8:64bit: - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\nico\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O9 - Extra 'Tools' menuitem : &Gears-Einstellungen - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files (x86)\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-4276689660-1082581986-1976619290-1000\..Trusted Ranges: Range1 ([https] in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{403DAB77-0A7D-489C-A7B0-18E7BD8064F7}: DhcpNameServer = 10.0.0.138
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{88C4AB40-434F-4A80-A451-BAC19B2729A1}: DhcpNameServer = 10.0.0.138
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - AppInit_DLLs: (acaptuser64.dll) - C:\Windows\SysNative\acaptuser64.dll (Adobe Systems, Inc.)
O20 - AppInit_DLLs: (acaptuser32.dll) - C:\Windows\SysWow64\acaptuser32.dll (Adobe Systems Incorporated)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKU\S-1-5-21-4276689660-1082581986-1976619290-1000 Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Programme\Common Files\logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O24 - Desktop WallPaper: 
O24 - Desktop BackupWallPaper: 
O30:64bit: - LSA: Authentication Packages - (relog_ap) - C:\Windows\SysNative\relog_ap.dll (Acronis)
O30 - LSA: Authentication Packages - (relog_ap) - C:\Windows\SysWow64\relog_ap.dll (Acronis)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008.12.04 16:35:53 | 000,000,000 | ---- | M] () - D:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009.07.15 21:39:51 | 000,000,122 | R--- | M] () - E:\autorun.inf -- [ UDF ]
O32 - Unable to obtain root file information for disk I:\
O33 - MountPoints2\{763eef36-2c6d-11e0-85ff-0022158f67e4}\Shell - "" = AutoRun
O33 - MountPoints2\{763eef36-2c6d-11e0-85ff-0022158f67e4}\Shell\AutoRun\command - "" = G:\wubi.exe --cdmenu
O33 - MountPoints2\{bba8c978-2301-11e1-b750-0022158f67e4}\Shell - "" = AutoRun
O33 - MountPoints2\{bba8c978-2301-11e1-b750-0022158f67e4}\Shell\AutoRun\command - "" = G:\DVD-WRITER.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.08.27 15:50:19 | 000,598,528 | ---- | C] (OldTimer Tools) -- C:\Users\nico\Desktop\OTL.exe
[2012.08.22 15:07:50 | 000,000,000 | ---D | C] -- C:\Users\nico\AppData\Local\{52DE5A3F-CEAD-4C65-AC35-FFA5E9D9F593}
[2012.08.21 20:52:46 | 000,000,000 | ---D | C] -- C:\Users\nico\AppData\Local\{41F0A6FD-2992-4EE9-B99E-4BE288720A69}
[2012.08.20 10:22:53 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012.08.20 10:22:52 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012.08.20 10:22:52 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012.08.20 10:22:52 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012.08.20 10:22:51 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012.08.20 10:22:51 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012.08.20 10:22:51 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012.08.20 10:22:51 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012.08.20 10:22:51 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012.08.20 10:22:51 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012.08.20 10:22:50 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012.08.20 10:22:49 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012.08.20 10:22:49 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012.08.20 10:19:17 | 000,024,416 | R--- | C] (Adobe Systems Inc.) -- C:\Windows\SysNative\AdobePDFUI.dll
[2012.08.20 10:17:54 | 000,112,096 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\acaptuser32.dll
[2012.08.20 10:13:48 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netapi32.dll
[2012.08.20 10:13:48 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\browcli.dll
[2012.08.20 10:13:48 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\browcli.dll
[2012.08.20 10:13:38 | 000,956,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\localspl.dll
[2012.08.13 20:21:26 | 000,000,000 | ---D | C] -- C:\Users\nico\AppData\Local\{F6C21EF0-2A36-4606-B84D-B932354F070E}
[2012.08.13 20:21:03 | 000,000,000 | ---D | C] -- C:\Users\nico\AppData\Local\{FFCEAB4B-353A-4D78-8141-6DE489791A0B}
[2012.08.13 19:50:13 | 000,000,000 | ---D | C] -- C:\Users\nico\Desktop\hochzeits_lieder
[2012.08.06 17:51:39 | 000,000,000 | ---D | C] -- C:\Users\nico\AppData\Local\{86310FAB-DE4F-4963-88B7-D93682063745}
[2012.08.06 17:51:17 | 000,000,000 | ---D | C] -- C:\Users\nico\AppData\Local\{23A2C986-8E0B-43B1-8F02-331428AD5898}
[2011.09.04 13:51:40 | 000,082,048 | ---- | C] (VSO Software) -- C:\Users\nico\AppData\Roaming\pcouffin.sys
[2009.10.27 11:22:46 | 001,499,136 | ---- | C] (CPUID) -- C:\Program Files (x86)\cpuz.exe
[1 C:\Users\nico\Documents\*.tmp files -> C:\Users\nico\Documents\*.tmp -> ]
[1 C:\Users\nico\Desktop\*.tmp files -> C:\Users\nico\Desktop\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.08.27 15:56:01 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.08.27 15:56:00 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4276689660-1082581986-1976619290-1000UA.job
[2012.08.27 15:50:20 | 000,598,528 | ---- | M] (OldTimer Tools) -- C:\Users\nico\Desktop\OTL.exe
[2012.08.27 15:42:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.08.27 15:31:36 | 001,472,002 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.08.27 15:31:36 | 000,645,502 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.08.27 15:31:36 | 000,607,530 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.08.27 15:31:36 | 000,126,822 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.08.27 15:31:36 | 000,103,908 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.08.27 14:34:55 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.08.27 14:34:02 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.08.27 14:33:56 | 3220,529,152 | -HS- | M] () -- C:\hiberfil.sys
[2012.08.27 14:32:11 | 000,000,045 | ---- | M] () -- C:\Users\nico\AppData\Roaming\msconfig.ini
[2012.08.27 13:30:20 | 000,002,562 | ---- | M] () -- C:\Windows\diagwrn.xml
[2012.08.27 13:30:20 | 000,001,908 | ---- | M] () -- C:\Windows\diagerr.xml
[2012.08.27 13:29:03 | 000,006,952 | ---- | M] () -- C:\Users\nico\Desktop\Windows-Kompatibilitätsbericht.htm
[2012.08.27 13:16:05 | 000,019,840 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.08.27 13:16:04 | 000,019,840 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.08.21 21:56:00 | 000,001,064 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4276689660-1082581986-1976619290-1000Core1cab8a345bc00be.job
[2012.08.21 19:38:01 | 005,021,128 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.08.20 11:42:24 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012.08.20 11:42:24 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012.08.14 13:14:41 | 002,233,344 | ---- | M] () -- C:\Users\nico\Documents\hochzeitssirupholler.zdl
[2012.08.14 13:12:28 | 000,000,055 | -H-- | M] () -- C:\Users\nico\Documents\clipart.zdx
[2012.08.14 12:34:31 | 002,332,160 | ---- | M] () -- C:\Users\nico\Documents\hochzeitssirupmelisse.zdl
[2012.08.06 17:54:45 | 000,055,846 | ---- | M] () -- C:\Users\nico\Documents\FRUEHM.pdf
[2012.07.30 15:53:24 | 000,112,096 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\acaptuser32.dll
[1 C:\Users\nico\Documents\*.tmp files -> C:\Users\nico\Documents\*.tmp -> ]
[1 C:\Users\nico\Desktop\*.tmp files -> C:\Users\nico\Desktop\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.08.27 13:29:03 | 000,006,952 | ---- | C] () -- C:\Users\nico\Desktop\Windows-Kompatibilitätsbericht.htm
[2012.08.22 15:55:09 | 000,000,045 | ---- | C] () -- C:\Users\nico\AppData\Roaming\msconfig.ini
[2012.08.14 13:13:21 | 002,233,344 | ---- | C] () -- C:\Users\nico\Documents\hochzeitssirupholler.zdl
[2012.08.14 12:18:24 | 002,332,160 | ---- | C] () -- C:\Users\nico\Documents\hochzeitssirupmelisse.zdl
[2012.08.06 17:54:44 | 000,055,846 | ---- | C] () -- C:\Users\nico\Documents\FRUEHM.pdf
[2012.05.18 10:33:00 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\np_plugin.dll
[2012.04.10 19:17:00 | 000,338,432 | ---- | C] () -- C:\Windows\SysWow64\sqlite36_engine.dll
[2012.01.07 16:40:42 | 000,888,559 | ---- | C] () -- C:\Users\nico\sax-grifftabelle.pdf
[2012.01.06 12:40:22 | 001,027,330 | ---- | C] () -- C:\Users\nico\STRDE345.pdf
[2011.12.18 21:20:33 | 000,000,016 | ---- | C] () -- C:\Windows\SysWow64\msvcsv60.dll
[2011.12.18 21:20:33 | 000,000,016 | ---- | C] () -- C:\Windows\msocreg32.dat
[2011.12.13 21:18:49 | 000,023,427 | ---- | C] () -- C:\Users\nico\.recently-used.xbel
[2011.12.10 20:26:22 | 000,000,132 | ---- | C] () -- C:\Users\nico\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2011.12.10 20:00:24 | 000,001,456 | ---- | C] () -- C:\Users\nico\AppData\Local\Adobe Save for Web 12.0 Prefs
[2011.12.10 19:59:49 | 000,000,132 | ---- | C] () -- C:\Users\nico\AppData\Roaming\Adobe IllExport Filter CS5 Prefs
[2011.09.16 12:54:44 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2011.09.16 12:54:44 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2011.09.16 12:54:44 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2011.09.16 12:54:44 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2011.09.04 13:52:32 | 000,000,014 | ---- | C] () -- C:\Windows\SysWow64\systeminfo3.dll
[2011.09.04 13:51:40 | 000,093,696 | ---- | C] () -- C:\Users\nico\AppData\Roaming\ezpinst.exe
[2011.09.04 13:51:40 | 000,007,176 | ---- | C] () -- C:\Users\nico\AppData\Roaming\pcouffin.cat
[2011.09.04 13:51:40 | 000,001,167 | ---- | C] () -- C:\Users\nico\AppData\Roaming\pcouffin.inf
[2011.05.31 20:06:29 | 000,000,017 | ---- | C] () -- C:\Users\nico\AppData\Local\resmon.resmoncfg
[2011.02.19 20:44:42 | 003,789,522 | ---- | C] () -- C:\Users\nico\percussion-stomp.jpg
[2011.02.19 20:43:28 | 008,024,649 | ---- | C] () -- C:\Users\nico\stomp.m4a
[2010.12.05 16:38:28 | 000,004,608 | ---- | C] () -- C:\Users\nico\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.11.16 20:19:06 | 000,000,760 | ---- | C] () -- C:\Users\nico\AppData\Roaming\setup_ldm.iss
[2010.09.19 23:53:46 | 000,001,363 | ---- | C] () -- C:\Windows\emasio.dat
[2010.03.20 12:07:04 | 001,905,111 | ---- | C] () -- C:\Users\nico\nuvi855_DEBenutzerhandbuch.pdf
[2010.03.07 22:26:58 | 000,063,722 | ---- | C] () -- C:\Users\nico\AppData\Roaming\mdbu.bin
[2010.03.06 20:34:18 | 000,042,093 | ---- | C] () -- C:\Users\nico\Dienstvertrag Nicolas Fedrigotti.pdf
[2010.01.07 19:55:38 | 000,011,230 | ---- | C] () -- C:\Users\nico\gsview64.ini
[2009.11.01 19:06:31 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009.06.01 13:27:00 | 000,070,077 | ---- | C] () -- C:\Users\nico\schnellbahn-wien.kmz
[2009.04.22 10:16:45 | 000,007,484 | ---- | C] () -- C:\Users\nico\sample2e.dvi
[2009.04.22 10:16:45 | 000,000,159 | ---- | C] () -- C:\Users\nico\sample2e.aux
[2009.04.22 10:11:05 | 000,000,097 | ---- | C] () -- C:\Users\nico\psv.ini
[2009.04.17 16:27:35 | 000,011,502 | ---- | C] () -- C:\Users\nico\huv.JPG
[2009.04.17 16:27:18 | 000,012,665 | ---- | C] () -- C:\Users\nico\bugspoiler.JPG
[2009.01.12 12:19:41 | 000,000,107 | ---- | C] () -- C:\Users\nico\AppData\Roaming\default.pls
[2008.12.21 15:29:37 | 000,001,024 | ---- | C] () -- C:\Users\nico\.rnd
[2008.12.07 14:00:34 | 000,000,600 | ---- | C] () -- C:\Users\nico\AppData\Roaming\winscp.rnd
 
========== LOP Check ==========
 
[2009.10.30 12:32:17 | 000,000,000 | ---D | M] -- C:\Users\nico\AppData\Roaming\Acronis
[2011.02.10 18:20:40 | 000,000,000 | ---D | M] -- C:\Users\nico\AppData\Roaming\at.myphotobook.creator.001F9DF2D0BAABEB11F42CCEE43224607B61109C.1
[2011.12.10 17:43:06 | 000,000,000 | ---D | M] -- C:\Users\nico\AppData\Roaming\Avery
[2012.07.27 09:49:42 | 000,000,000 | ---D | M] -- C:\Users\nico\AppData\Roaming\Azureus
[2009.10.30 12:32:18 | 000,000,000 | ---D | M] -- C:\Users\nico\AppData\Roaming\Bullzip
[2010.09.20 14:29:37 | 000,000,000 | ---D | M] -- C:\Users\nico\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2009.10.30 12:32:18 | 000,000,000 | ---D | M] -- C:\Users\nico\AppData\Roaming\DAEMON Tools
[2012.06.02 20:38:24 | 000,000,000 | ---D | M] -- C:\Users\nico\AppData\Roaming\DesktopIconForAmazon
[2012.08.27 14:31:43 | 000,000,000 | ---D | M] -- C:\Users\nico\AppData\Roaming\Dropbox
[2011.01.05 21:43:15 | 000,000,000 | ---D | M] -- C:\Users\nico\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.09.15 11:18:39 | 000,000,000 | ---D | M] -- C:\Users\nico\AppData\Roaming\foobar2000
[2011.09.14 22:49:39 | 000,000,000 | ---D | M] -- C:\Users\nico\AppData\Roaming\FreeAudioPack
[2010.03.20 12:19:22 | 000,000,000 | ---D | M] -- C:\Users\nico\AppData\Roaming\GARMIN
[2011.12.13 21:18:49 | 000,000,000 | ---D | M] -- C:\Users\nico\AppData\Roaming\gtk-2.0
[2011.05.15 19:45:31 | 000,000,000 | ---D | M] -- C:\Users\nico\AppData\Roaming\HappyFoto
[2009.10.30 12:32:18 | 000,000,000 | ---D | M] -- C:\Users\nico\AppData\Roaming\Leadertech
[2010.05.13 14:58:32 | 000,000,000 | ---D | M] -- C:\Users\nico\AppData\Roaming\Nokia
[2012.03.31 21:04:14 | 000,000,000 | ---D | M] -- C:\Users\nico\AppData\Roaming\Notepad++
[2011.09.03 10:29:18 | 000,000,000 | ---D | M] -- C:\Users\nico\AppData\Roaming\PACE Anti-Piracy
[2010.05.13 14:58:39 | 000,000,000 | ---D | M] -- C:\Users\nico\AppData\Roaming\PC Suite
[2012.04.28 22:47:57 | 000,000,000 | ---D | M] -- C:\Users\nico\AppData\Roaming\PMS
[2011.11.05 17:05:04 | 000,000,000 | ---D | M] -- C:\Users\nico\AppData\Roaming\Samsung
[2012.08.21 21:03:35 | 000,000,000 | ---D | M] -- C:\Users\nico\AppData\Roaming\Spotify
[2011.05.16 20:42:49 | 000,000,000 | ---D | M] -- C:\Users\nico\AppData\Roaming\Steinberg
[2011.04.27 19:30:29 | 000,000,000 | ---D | M] -- C:\Users\nico\AppData\Roaming\TomTom
[2012.03.25 21:39:46 | 000,000,000 | ---D | M] -- C:\Users\nico\AppData\Roaming\uTorrent
[2011.09.04 13:52:25 | 000,000,000 | ---D | M] -- C:\Users\nico\AppData\Roaming\Vso
[2011.05.16 20:49:52 | 000,000,000 | ---D | M] -- C:\Users\nico\AppData\Roaming\vstsaxi
[2012.05.11 14:57:03 | 000,000,000 | ---D | M] -- C:\Users\nico\AppData\Roaming\webex
[2012.06.15 09:30:17 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 1266 bytes -> C:\Users\nico\AppData\Local\Temp:X0JE7R40eSJvamrL1AFsykBGYjSw

< End of report >
         
extras.txt:
Code:
ATTFilter
OTL Extras logfile created on: 27.08.2012 15:54:28 - Run 1
OTL by OldTimer - Version 3.2.59.1     Folder = C:\Users\nico\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000c07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,26 Gb Available Physical Memory | 56,61% Memory free
8,00 Gb Paging File | 6,22 Gb Available in Paging File | 77,75% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 146,48 Gb Total Space | 35,48 Gb Free Space | 24,22% Space Free | Partition Type: NTFS
Drive D: | 78,12 Gb Total Space | 53,50 Gb Free Space | 68,48% Space Free | Partition Type: NTFS
Drive E: | 2,97 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Drive F: | 433,53 Gb Total Space | 60,50 Gb Free Space | 13,95% Space Free | Partition Type: NTFS
Drive I: | 1,82 Gb Total Space | 1,49 Gb Free Space | 82,08% Space Free | Partition Type: FAT
Drive N: | 7,49 Gb Total Space | 5,86 Gb Free Space | 78,28% Space Free | Partition Type: FAT32
Drive O: | 298,09 Gb Total Space | 206,37 Gb Free Space | 69,23% Space Free | Partition Type: NTFS
 
Computer Name: STAND-PC | User Name: nico | Logged in as Administrator.
Cannot determine boot mode. | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-4276689660-1082581986-1976619290-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 11\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- C:\Program Files (x86)\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- C:\Program Files (x86)\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- C:\Program Files (x86)\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- C:\Program Files (x86)\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01D81417-47CC-480F-B491-FBE8CB580854}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{08F09759-6B68-4B1A-8D9A-85C3A426BD84}" = rport=445 | protocol=6 | dir=out | app=system | 
"{2168C7E9-A4D2-4C13-98FE-C9D342760C4C}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe | 
"{23E435E3-F640-4326-B7AA-BEDD9261A7D1}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{2E174485-4A6C-4FD0-8FC1-AAE8C0EB740E}" = lport=137 | protocol=17 | dir=in | app=system | 
"{2EF4B26A-19C5-4D8E-8071-8CF6A4223F3C}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{34E562EE-DDF3-4A01-AE6A-D0DE84ACDA17}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface | 
"{37C64DD5-4AD3-4A44-918A-2F72ECB24BEA}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{3BCBDDD0-1AA3-4B17-81DC-99BAAC1EBF67}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{3D69947E-757A-4F90-BFE8-C8F746F1D2EF}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{43B2C2FC-A502-4A3D-A467-CD058B42800F}" = rport=139 | protocol=6 | dir=out | app=system | 
"{4673C741-5621-4A78-991D-D1EC16E47272}" = lport=445 | protocol=6 | dir=in | app=system | 
"{4C765B94-48A7-4F45-ACBE-3146E6258291}" = lport=49159 | protocol=6 | dir=in | name=akamai netsession interface | 
"{5F225D5D-6ECD-4CBD-AA76-9744F8E9FE3D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{6BE2BE7A-4DE6-4C3A-ADA7-266A8F834FF5}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{6F6F362A-8D88-437A-94B7-69F7A06DB2B3}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{746A8649-9833-4529-9874-B179D3D0F5A2}" = rport=138 | protocol=17 | dir=out | app=system | 
"{9287D57D-AEA7-42A7-998B-BDE6B6776695}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{ACEF2B91-CB6F-47E0-BBD3-18C67740F4F0}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{AD355030-ACF8-49CC-AABC-F5307D40CA51}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{B7FF02AF-69D8-44DB-8552-148728A598F5}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{C31A593B-89B4-4C23-BA74-DD39D6B9C1DD}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{C533561E-718A-4833-B312-D98A4A307BE5}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{CCEF3E8B-8801-49B1-ACAC-A17374DA8ECA}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{CE5126C0-38CB-4E0F-9E7D-99A089FED5EE}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{D27F4C4F-5E51-42A7-BFB3-E02E57533A4E}" = rport=137 | protocol=17 | dir=out | app=system | 
"{D3E8CA00-B8F7-402F-A7CF-9F1982B1F7C6}" = lport=139 | protocol=6 | dir=in | app=system | 
"{F65EC882-0836-44AF-BD39-E28EDD9EC19A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{F8F8B60F-E6F3-489B-A1F7-13B0BCA8CBC3}" = lport=138 | protocol=17 | dir=in | app=system | 
"{FAD3ED5E-F8AA-4FA6-9FEE-5740D1EAD2FC}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00F14162-EB97-474A-97EF-12470F20D367}" = protocol=6 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe | 
"{04687849-D085-4EA2-8850-51680A77F3DE}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{1BA7C8C6-DBFE-4F14-9C38-542D8F8BA001}" = protocol=17 | dir=in | app=c:\users\nico\appdata\local\akamai\netsession_win.exe | 
"{269CFDFF-FEC1-44B8-8EC2-1C81AF17D30E}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{2E9DE98A-9C04-4739-B7A3-1F9C3B97B1CE}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{30881CB2-D719-4268-851B-DB6C0ABEB380}" = protocol=6 | dir=in | app=c:\program files (x86)\vuze\azureus.exe | 
"{3567338D-712B-490A-B87F-B37F57F84AD0}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{3B101DC4-75C6-4B7E-AD9D-3C5ABE83AF19}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | 
"{3BE650D7-6480-4F3E-91DE-057394AAB302}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{3C6DC02B-91A3-4527-AE97-C9EE3DC0F397}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{3F1292A3-2821-4E83-9123-94124198D762}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe | 
"{3F2412F3-2CC6-49D5-BA44-613D097F90FB}" = protocol=6 | dir=out | app=system | 
"{444B3D75-D264-49CD-98C6-EA307C2D0052}" = protocol=17 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe | 
"{4C086487-BFB7-4CCD-988E-26C2F3A3337F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{5048EB77-4613-45E2-A8DA-268EDD9A0546}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{54FD559D-3BE4-42A2-956C-5B5DC77BA566}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{5808B63B-D1D0-4C03-9A1B-738D241B72CD}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{5808D050-9B55-4BF8-B9E8-83FA42AAAD7D}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{5C7E68CC-8CD5-4260-B9A6-236AC4A65030}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | 
"{5EE88779-8FEB-4808-BC30-9EC05A91FF3B}" = protocol=17 | dir=in | app=c:\program files (x86)\vuze\azureus.exe | 
"{618394D8-9364-40B9-BFFE-BE978A06F50B}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{62616F5C-7623-41FD-BDF1-9C1CCBDE945A}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{6596666A-77DD-4D47-BEA1-06921A8A1FCD}" = protocol=6 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe | 
"{68066C8F-0C59-4937-9828-A436C838D09D}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{6B0A88D6-771D-4B3D-BD27-2815B9528B25}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{6D1A7774-845D-4CAE-AADE-EF79103100D1}" = protocol=6 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe | 
"{6DF00C14-5A6C-42C5-982C-C7EC945AAEB4}" = protocol=17 | dir=in | app=c:\program files (x86)\telekom austria\breitband-internet-installation\fixnet installer\installer.exe | 
"{6F614A05-2E04-459F-9E14-1384DDFD4279}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{77CFA8FD-1BFC-4B30-934C-350F0D3ECE41}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{79A08219-7863-4316-BEDB-46C6096B7954}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{7B449407-E423-4612-839B-326571B6E12C}" = protocol=6 | dir=in | app=c:\program files (x86)\telekom austria\breitband-internet-installation\fixnet installer\installer.exe | 
"{7B5724C1-4E2A-4525-88A3-0659C9FADA77}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{81E06DE1-E2A9-4DC5-8702-FC82DBA7D412}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{843F97C9-54D4-4655-8B4B-317C4A8BAE31}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | 
"{88B5A742-0951-46F1-A954-7B04106232E3}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | 
"{8933FB76-3ACD-477E-B219-A6E93A41946E}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{8B9C3517-9821-4775-9B4A-1303F91C40C2}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | 
"{8BF1560E-747A-4797-BE88-ACD6E98556C4}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe | 
"{9381631B-1FA1-4E58-855B-E32AC14FA30C}" = protocol=17 | dir=in | app=f:\games\call of duty - world at war\codwawmp.exe | 
"{9398C9DD-0E9A-4EF7-B5C1-97CA1ABCCA0A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{94FFCFE4-0E25-483C-BB73-270BD4730329}" = protocol=6 | dir=in | app=f:\games\call of duty - world at war\codwawmp.exe | 
"{9B0A3CC8-5C8B-4A6C-8D59-7ABA8378E6E0}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{9D5B158C-F667-4679-9466-7D53C0AC13F1}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{A2A99A52-F10F-4412-8F0F-12DEB602CDF3}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{A2B88376-03FE-41BA-9E74-90A3FCE08470}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{A6F473BB-2238-4DE4-A203-EA8F67395D6C}" = protocol=17 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe | 
"{AC75DC21-886F-45B5-937C-187773A030B3}" = protocol=17 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe | 
"{B74CDFD0-E9B2-43E7-92A8-F894BD84E2AE}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{BA2575A4-79C7-4D4A-9675-134FB5B0A12D}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{BBB5D70D-8266-4CCD-8094-59EEDA87A806}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{C5781588-55EB-42E9-996A-08F820ED295A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{C68BCFF4-51C5-42CA-8895-DCC51DF40FDC}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{C74826E1-E7DA-4864-95A0-D96069ACD031}" = protocol=17 | dir=in | app=c:\users\nico\appdata\roaming\dropbox\bin\dropbox.exe | 
"{CBBA31F3-AC31-41BF-B64A-45D635011FFE}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | 
"{CD7FF919-BBCE-41F1-9751-DBF6CEBE1895}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe | 
"{D05E8692-6BC7-425C-9E47-6BADBFCAC1A9}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | 
"{D20CE530-98DD-4951-944F-FC2151864092}" = protocol=6 | dir=in | app=c:\users\nico\appdata\local\akamai\netsession_win.exe | 
"{D576B10F-E4F0-4C3F-A23F-96764D36F060}" = protocol=17 | dir=in | app=f:\games\call of duty - world at war\codwaw.exe | 
"{D98B9087-C49A-4AE8-ABB9-591251BC544A}" = protocol=6 | dir=in | app=f:\games\call of duty - world at war\codwaw.exe | 
"{DBE465E0-C290-4A64-831E-0383ABBFACD1}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{DC488800-05F0-4331-BC30-74AD210F94C6}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe | 
"{DF3165A7-6B69-4CD7-8E29-571D7191836A}" = protocol=6 | dir=in | app=c:\users\nico\appdata\roaming\dropbox\bin\dropbox.exe | 
"{E1452085-21C9-4AA6-9913-90BFFFAC98D1}" = protocol=6 | dir=in | app=c:\program files (x86)\telekom austria\breitband-internet-installation\fixnet installer\installer.exe | 
"{E2A12707-CEEF-4856-B56C-DFF8197E274F}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{E9CD99F4-A59D-464A-8E10-4CFB9FC21A52}" = protocol=17 | dir=in | app=c:\program files (x86)\telekom austria\breitband-internet-installation\fixnet installer\installer.exe | 
"{F4AF898D-D83C-4B64-A32C-29E21B63ED40}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"TCP Query User{143F3253-DAC4-4A84-90ED-58FBB01C38FE}C:\users\nico\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\nico\appdata\roaming\dropbox\bin\dropbox.exe | 
"TCP Query User{15E20C75-5183-4236-8710-12F9C386FBF8}C:\program files (x86)\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | 
"TCP Query User{23605376-C177-4FD5-A5D1-F88CCF782C02}C:\users\nico\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\nico\appdata\roaming\spotify\spotify.exe | 
"TCP Query User{687EF463-B86B-4E52-BA6D-37EFC9A95DBB}F:\games\motogp 2007\motogp.exe" = protocol=6 | dir=in | app=f:\games\motogp 2007\motogp.exe | 
"TCP Query User{6BB7E3CE-5706-4774-B0F7-18ADE251BBDC}F:\games\deadspace\dead space.exe" = protocol=6 | dir=in | app=f:\games\deadspace\dead space.exe | 
"TCP Query User{6D8A7A29-E2E3-4959-8226-6644417EA6BB}C:\program files (x86)\logitech\logitech vid\vid.exe" = protocol=6 | dir=in | app=c:\program files (x86)\logitech\logitech vid\vid.exe | 
"TCP Query User{7B5EE8AA-0A29-4119-8437-099CF177A33E}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
"TCP Query User{84A6BC78-10E6-47C3-BFAC-699D01F58693}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe | 
"TCP Query User{8744EF8E-0903-438F-B38A-3DA385426F93}F:\deadspace\dead space.exe" = protocol=6 | dir=in | app=f:\deadspace\dead space.exe | 
"TCP Query User{A1842B3D-EEDF-4947-B4DB-18D2C7B6EBFE}C:\program files (x86)\adobe\adobe dreamweaver cs5\dreamweaver.exe" = protocol=6 | dir=in | app=c:\program files (x86)\adobe\adobe dreamweaver cs5\dreamweaver.exe | 
"TCP Query User{BD676508-BDD8-475F-AA94-08E22F9B820B}C:\program files (x86)\vuze\azureus.exe" = protocol=6 | dir=in | app=c:\program files (x86)\vuze\azureus.exe | 
"TCP Query User{D1D383C3-5E91-420D-8FD9-20C56848F24B}C:\users\nico\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\nico\appdata\local\akamai\netsession_win.exe | 
"TCP Query User{D79B3B28-61F2-4D38-8BC5-284CE00FF305}C:\program files (x86)\last.fm\lastfm.exe" = protocol=6 | dir=in | app=c:\program files (x86)\last.fm\lastfm.exe | 
"TCP Query User{DFD18453-ABC0-45F3-B17C-3DB24D8D4140}C:\program files (x86)\vortex software\growl for windows\growl.windowsclient.exe" = protocol=6 | dir=in | app=c:\program files (x86)\vortex software\growl for windows\growl.windowsclient.exe | 
"TCP Query User{E7802569-91CE-4081-801B-42BF36E73D4D}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
"UDP Query User{091CD2DD-2163-43D5-88A0-2F08E95578F7}C:\program files (x86)\adobe\adobe dreamweaver cs5\dreamweaver.exe" = protocol=17 | dir=in | app=c:\program files (x86)\adobe\adobe dreamweaver cs5\dreamweaver.exe | 
"UDP Query User{127542F7-D610-402B-AE5E-F1AA5C3BBAC1}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe | 
"UDP Query User{182B8228-4160-4653-B60A-EFDB76E1F966}C:\users\nico\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\nico\appdata\roaming\spotify\spotify.exe | 
"UDP Query User{276FF70E-55F7-44B2-A428-775991A2AEE4}C:\program files (x86)\vortex software\growl for windows\growl.windowsclient.exe" = protocol=17 | dir=in | app=c:\program files (x86)\vortex software\growl for windows\growl.windowsclient.exe | 
"UDP Query User{793CFFC6-C168-48F0-AF6F-573DC852BD2F}C:\program files (x86)\last.fm\lastfm.exe" = protocol=17 | dir=in | app=c:\program files (x86)\last.fm\lastfm.exe | 
"UDP Query User{80A6E03B-4E00-4AE7-A515-DC24F9A61BB4}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
"UDP Query User{8F076158-9AE2-4F24-9CFE-1A5C5F59E327}F:\games\motogp 2007\motogp.exe" = protocol=17 | dir=in | app=f:\games\motogp 2007\motogp.exe | 
"UDP Query User{95E123F2-FB27-4F17-BFDD-40C75EA24CB2}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
"UDP Query User{9A280B9E-26D4-455E-A32D-149227FD30B7}C:\users\nico\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\nico\appdata\local\akamai\netsession_win.exe | 
"UDP Query User{A17C0414-5855-45B7-8EB0-451B2CF14440}F:\games\deadspace\dead space.exe" = protocol=17 | dir=in | app=f:\games\deadspace\dead space.exe | 
"UDP Query User{B2053C73-4206-4911-ACBE-5760EE515BDD}C:\program files (x86)\logitech\logitech vid\vid.exe" = protocol=17 | dir=in | app=c:\program files (x86)\logitech\logitech vid\vid.exe | 
"UDP Query User{B4F74675-ABC2-4229-A369-0115A14C245A}C:\users\nico\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\nico\appdata\roaming\dropbox\bin\dropbox.exe | 
"UDP Query User{C4A695FA-5F3B-43DF-9DAD-2819EC2FD813}C:\program files (x86)\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | 
"UDP Query User{CD3C83D5-DD99-46FF-A76A-1DEF657C54BC}C:\program files (x86)\vuze\azureus.exe" = protocol=17 | dir=in | app=c:\program files (x86)\vuze\azureus.exe | 
"UDP Query User{DC61FE53-B590-4FEF-A228-3338D2844B40}F:\deadspace\dead space.exe" = protocol=17 | dir=in | app=f:\deadspace\dead space.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0886900B-B2F3-452C-B580-60F1253F7F80}" = Native Instruments Controller Editor
"{0B8565BA-BAD5-4732-B122-5FD78EFC50A9}" = Native Instruments Service Center
"{1374CC63-B520-4f3f-98E8-E9020BF01CFF}" = Windows XP Mode
"{138A4072-9E64-46BD-B5F9-DB2BB395391F}" = LWS VideoEffects
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1C8E38DC-AD7F-3EE3-01A8-EDCD37B8646F}" = ccc-utility64
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{2930FB47-6452-4476-BF16-D77F748646DB}" = Native Instruments GuitarRig Mobile IO Driver
"{439760BC-7737-4386-9B1D-A90A3E8A22EA}" = Apple Mobile Device Support
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{4D668D4F-FAA2-4726-834C-31F4614F312E}" = MSVC80_x64_v2
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{7930FB47-6452-4476-BF16-D77F748646DB}" = Native Instruments Session IO Driver
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{997C9EC4-B53D-479D-81B7-0AEC8D174BA1}" = iTunes
"{9FF59B5F-16F3-15B2-2474-AB2376D7329D}" = ATI Catalyst Install Manager
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{AC76BA86-1033-0000-0064-0003D0000004}" = Adobe Acrobat 9 Pro Extended 64-bit Add-On
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{B962AD08-335F-46f7-A182-257D37672E5C}" = Native Instruments Rig Kontrol 3 Driver
"{C25215FC-5900-48B0-B93C-8D3379027312}" = PASW Statistics 18
"{C7FAFC98-5ECC-40FC-B440-A5D5FE3A6A6E}" = Native Instruments Guitar Rig 4
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{CA0D2F09-F811-48D4-843E-C87696C6A9D9}" = Bonjour
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D1EF69B7-7A97-40FC-9AF1-6D6656FF874F}" = ATI AVIVO64 Codecs
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"Bullzip PDF Printer_is1" = Bullzip PDF Printer 6.0.0.702
"CANONIJINBOXADDON100" = Canon Inkjet Printer Driver Add-On Module
"FCEC33AD40CEA5E0FC4CEE6E42041A0DA189652D" = Windows-Treiberpaket - Nokia pccsmcfd  (08/22/2008 7.0.0.0)
"GPL Ghostscript 8.64" = GPL Ghostscript 8.64
"GSview 4.9" = GSview 4.9
"ONAIR_is1" = ONAIR 4.0.0.834
"sp6" = Logitech SetPoint 6.20
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{024521CF-C07E-4F8E-8481-0D75695E03AF}" = PxMergeModule
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{07731480-9925-4E0B-180A-79DABFE1C5F6}" = CCC Help English
"{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0E35BFAF-A40C-CF70-5F80-C9820E054FA7}" = Catalyst Control Center HydraVision Full
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{13105BEE-D0F3-E613-BF57-568AD866D42C}" = Catalyst Control Center Graphics Previews Common
"{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi
"{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1C99893D-BC98-4456-AA3E-B67AB42301A6}" = E-MU USB Audio
"{1ED31028-6D65-4CFD-AD03-8E484A052FE7}" = aonUpdate
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F698102-5739-441E-96F0-74F4EA540F06}" = Attansic Ethernet Utility
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{216EAAD9-D733-4141-BEAF-2C0B6F6B1D04}" = AmpliTube LE
"{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin
"{26A24AE4-039D-4CA4-87B4-2F83216032FF}" = Java(TM) 6 Update 32
"{2FA41EBB-3F5A-35C3-85D6-51EC72A11FBD}" = Google Gears
"{335180B3-94EA-1525-6171-EFAD9024D909}" = Catalyst Control Center Localization German
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = JMB36X Raid Configurer
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5A29E75C-A8DE-49B4-9AF3-2266CE76C428}" = Sun ODF Plugin for Microsoft Office 1.2
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{633A06C3-B709-479A-AAB3-5EE94AD9EE4B}" = Acronis*True*Image*Home
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6E0352EE-6F0D-4FBC-B1B8-4FF032C78BE0}" = PC Connectivity Solution
"{6E19F210-3813-4002-B561-94D66AA182B6}" = Attansic L1 Gigabit Ethernet Driver
"{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery
"{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7E02E0E7-1D63-9437-142C-144B5C4367D3}" = Catalyst Control Center Graphics Light
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}" = Logitech Desktop Messenger
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90510407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Visio Professional 2003
"{90EC11E4-854E-4C0F-9B4C-76D6C7CF7C68}" = Linksys WUSB600N Dual-Band Wireless-N USB Network Adapter
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{9623CC51-112F-DD12-0CBB-7239752F0D08}" = Skins
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B97EC91-B3FD-4BFF-88FC-5345A26AC2E7}" = Adobe Illustrator CS5
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D0682C2-32F1-9073-02BA-AE05DFF2E934}" = ccc-core-static
"{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AC76BA86-1033-F400-7761-000000000004}" = Adobe Acrobat 9 Pro Extended - English, Français, Deutsch
"{AC76BA86-1033-F400-7761-000000000004}_952" = Adobe Acrobat 9.5.2 - CPSID_83708
"{AC76BA86-1033-F400-7761-000000000004}{AC76BA86-1033-F400-7761-000000000004}" = Adobe Acrobat 9 Pro Extended - English, Français, Deutsch
"{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.1
"{B1836D00-BA15-DC8F-C428-171B9B870851}" = HydraVision
"{B3575D00-27EF-49C2-B9E0-14B3D954E992}" = Apple Application Support
"{C149BA55-8DD8-7A84-CB7E-129A928B7CBE}" = Catalyst Control Center InstallProxy
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D1DF4A53-B841-C83F-8F3F-2B61D200E614}" = Catalyst Control Center Graphics Full New
"{D22F5242-773E-4270-AB1F-492021BCABBE}" = Garmin City Navigator Europe NT 2010.31 Update
"{D2F28E39-9813-41D3-8EC9-BAADA38C426D}" = VMware Remote Console Plug-in
"{D3F43601-7ED5-1D9F-2C6A-4B4805F24548}" = CCC Help German
"{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam Software
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D6C9AF27-9414-46C8-B9D8-D878BA041031}" = Nero 8 Ultra Edition HD
"{D85FFE92-BF14-4E9B-BCCD-E5C16069E65F}_is1" = FireJump
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{DE59B901-18EA-4CB9-ADE4-291BF5C1E12E}_is1" = MiniTool Partition Wizard Home Edition 7.0
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{EC14BD52-73EB-E17A-26F3-E8CA419A437C}" = Catalyst Control Center Graphics Previews Vista
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{EED027B7-0DB6-404B-8F45-6DFEE34A0441}" = LWS Video Mask Maker
"{F02C931A-24C7-9255-D300-37DB83BBCDD1}" = Catalyst Control Center Graphics Full Existing
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F20A984B-9B30-4A9E-A3AC-918AF0D85A48}" = Snagit 9.1.1
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F82C6574-AD88-4B40-A432-970BC77F1BD2}" = DesignPro 5
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{F9A90D58-F71B-55B9-30A5-ECD21BBE5C61}" = Catalyst Control Center Core Implementation
"{FA3A247D-437A-455E-A88F-7EB6E5F9E799}" = Catalyst Control Center - Branding
"{FBB02B04-C034-4382-A3F6-57416E2752C4}" = Adobe Creative Suite 5 Master Collection
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook
"7-Zip" = 7-Zip 4.65
"8461-7759-5462-8226" = Vuze
"8781-9705-0578-2960" = Medienmanager 1.3.0
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Akamai" = Akamai NetSession Interface Service
"aonUpdate" = aonUpdate
"ArgoUML" = ArgoUML 0.26.2
"AudioConverter Studio_is1" = AudioConverter Studio 6.1
"Avira AntiVir Desktop" = Avira Free Antivirus
"CanonMyPrinter" = Canon My Printer
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"DAEMON Tools Toolbar" = DAEMON Tools Toolbar
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Finale 2007" = Finale 2007
"foobar2000" = foobar2000 v0.9.6.2
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.7
"Free Video Flip and Rotate_is1" = Free Video Flip and Rotate version 1.8.13.804
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.9.32
"Google Updater" = Google Updater
"GPL Ghostscript Lite_is1" = GPL Ghostscript Lite 8.63
"InstallShield_{90EC11E4-854E-4C0F-9B4C-76D6C7CF7C68}" = Linksys Dual-Band Wireless-N USB Network Adapter
"InstallShield_{F82C6574-AD88-4B40-A432-970BC77F1BD2}" = DesignPro 5
"MagicDisc 2.7.106" = MagicDisc 2.7.106
"MainApp.exe_is1" = CloneDVD 4.1.0.23
"MiKTeX 2.7" = MiKTeX 2.7
"Mozilla Firefox 14.0.1 (x86 de)" = Mozilla Firefox 14.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MyFreeCodec" = MyFreeCodec
"Native Instruments Controller Editor" = Native Instruments Controller Editor
"Native Instruments Guitar Rig 4" = Native Instruments Guitar Rig 4
"Native Instruments GuitarRig Mobile IO Driver" = Native Instruments GuitarRig Mobile IO Driver
"Native Instruments Rig Kontrol 3 Driver" = Native Instruments Rig Kontrol 3 Driver
"Native Instruments Service Center" = Native Instruments Service Center
"Native Instruments Session IO Driver" = Native Instruments Session IO Driver
"Notepad++" = Notepad++
"Photo Resize Magic" = Photo Resize Magic 1.0
"RealPlayer 6.0" = RealPlayer
"Steinberg Cubase LE" = Steinberg Cubase LE
"SUPER ©" = SUPER © Version 2008.bld.30 (Mar 22, 2008)
"TomTom HOME" = TomTom HOME 2.8.1.2218
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 0.9.6
"Vuze_Remote Toolbar" = Vuze Remote Toolbar
"WinGimp-2.0_is1" = GIMP 2.4.2
"WinLiveSuite" = Windows Live Essentials
"WinPcapInst" = WinPcap 4.0.2
"WinRAR archiver" = WinRAR
"winscp3_is1" = WinSCP 4.1.8
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-4276689660-1082581986-1976619290-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"ActiveTouchMeetingClient" = Cisco WebEx Meetings
"Akamai" = Akamai NetSession Interface
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome
"Spotify" = Spotify
"TeXLive" = TeXLive 2008
"uTorrent" = µTorrent
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 20.08.2012 06:08:31 | Computer Name = stand-pc | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Program Files
 (x86)\Nero\Nero8\Nero PhotoSnap\PhotoSnapViewer.exe". Fehler in  Manifest- oder Richtliniendatei
 "" in Zeile .  Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt
 mit  einer anderen, bereits aktiven Komponentenversion.  In Konflikt stehende Komponenten:.
Komponente
 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
 
Error - 21.08.2012 15:55:23 | Computer Name = stand-pc | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: wmprph.exe, Version: 12.0.7600.16385,
 Zeitstempel: 0x4a5bd018  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,
 Zeitstempel: 0x4ec4aa8e  Ausnahmecode: 0xc0000005  Fehleroffset: 0x000000000004e4b4
ID
 des fehlerhaften Prozesses: 0x844  Startzeit der fehlerhaften Anwendung: 0x01cd7fd6e598f6e3
Pfad
 der fehlerhaften Anwendung: C:\Program Files\Windows Media Player\wmprph.exe  Pfad
 des fehlerhaften Moduls: C:\Windows\SYSTEM32\ntdll.dll  Berichtskennung: 246e3744-ebca-11e1-9e1b-0022158f67e4
 
Error - 21.08.2012 17:08:34 | Computer Name = stand-pc | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Program Files
 (x86)\Nero\Nero8\Nero Toolkit\DiscSpeed.exe". Fehler in  Manifest- oder Richtliniendatei
 "" in Zeile .  Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt
 mit  einer anderen, bereits aktiven Komponentenversion.  In Konflikt stehende Komponenten:.
Komponente
 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error - 21.08.2012 17:08:36 | Computer Name = stand-pc | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Program Files
 (x86)\Nero\Nero8\Nero PhotoSnap\PhotoSnap.exe". Fehler in  Manifest- oder Richtliniendatei
 "" in Zeile .  Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt
 mit  einer anderen, bereits aktiven Komponentenversion.  In Konflikt stehende Komponenten:.
Komponente
 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
 
Error - 21.08.2012 17:08:36 | Computer Name = stand-pc | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Program Files
 (x86)\Nero\Nero8\Nero PhotoSnap\PhotoSnapViewer.exe". Fehler in  Manifest- oder Richtliniendatei
 "" in Zeile .  Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt
 mit  einer anderen, bereits aktiven Komponentenversion.  In Konflikt stehende Komponenten:.
Komponente
 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
 
Error - 22.08.2012 11:44:10 | Computer Name = stand-pc | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: NMIndexStoreSvr.exe, Version: 3.3.8.0,
 Zeitstempel: 0x4860cce5  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00000100  ID des fehlerhaften
 Prozesses: 0x910  Startzeit der fehlerhaften Anwendung: 0x01cd807cbe2bea4c  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe
Pfad
 des fehlerhaften Moduls: unknown  Berichtskennung: 365e8a29-ec70-11e1-b454-0022158f67e4
 
Error - 22.08.2012 11:49:31 | Computer Name = stand-pc | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: NMIndexStoreSvr.exe, Version: 3.3.8.0,
 Zeitstempel: 0x4860cce5  Name des fehlerhaften Moduls: NMIndexStoreSvr.exe, Version:
 3.3.8.0, Zeitstempel: 0x4860cce5  Ausnahmecode: 0xc0000005  Fehleroffset: 0x000b29e7
ID
 des fehlerhaften Prozesses: 0xa10  Startzeit der fehlerhaften Anwendung: 0x01cd807d8fc38ed8
Pfad
 der fehlerhaften Anwendung: C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe
Pfad
 des fehlerhaften Moduls: C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe
Berichtskennung:
 f63d2feb-ec70-11e1-aa89-0022158f67e4
 
Error - 27.08.2012 08:36:29 | Computer Name = stand-pc | Source = Software Protection Platform Service | ID = 1001
Description = Fehler beim Starten des Softwareschutzdiensts.  0x80070002  6.1.7601.17514
 
Error - 27.08.2012 08:37:55 | Computer Name = stand-pc | Source = Software Protection Platform Service | ID = 1001
Description = Fehler beim Starten des Softwareschutzdiensts.  0x80070002  6.1.7601.17514
 
Error - 27.08.2012 09:53:50 | Computer Name = stand-pc | Source = Application Hang | ID = 1002
Description = Programm OTL.exe, Version 3.2.59.1 kann nicht mehr unter Windows ausgeführt
 werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 10a8    Startzeit:
 01cd845afe0fff73    Endzeit: 0    Anwendungspfad: C:\Users\nico\Desktop\OTL.exe    Berichts-ID:
   
 
[ System Events ]
Error - 27.08.2012 08:35:16 | Computer Name = stand-pc | Source = WMPNetworkSvc | ID = 866291
Description = 
 
Error - 27.08.2012 08:35:16 | Computer Name = stand-pc | Source = WMPNetworkSvc | ID = 866316
Description = 
 
Error - 27.08.2012 08:35:16 | Computer Name = stand-pc | Source = PNRPSvc | ID = 102
Description = 
 
Error - 27.08.2012 08:35:16 | Computer Name = stand-pc | Source = PNRPSvc | ID = 102
Description = 
 
Error - 27.08.2012 08:35:16 | Computer Name = stand-pc | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Peer Name Resolution-Protokoll" wurde mit folgendem Fehler
 beendet:   %%-2140993535
 
Error - 27.08.2012 08:35:16 | Computer Name = stand-pc | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name
 Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet 
wurde:   %%-2140993535
 
Error - 27.08.2012 08:35:16 | Computer Name = stand-pc | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Peer Name Resolution-Protokoll" wurde mit folgendem Fehler
 beendet:   %%-2140993535
 
Error - 27.08.2012 08:35:16 | Computer Name = stand-pc | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name
 Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet 
wurde:   %%-2140993535
 
Error - 27.08.2012 08:36:29 | Computer Name = stand-pc | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Software Protection" wurde mit folgendem Fehler beendet:
   %%2
 
Error - 27.08.2012 08:37:55 | Computer Name = stand-pc | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Software Protection" wurde mit folgendem Fehler beendet:
   %%2
 
 
< End of report >
         
wie geht's jetzt weiter?

danke

Alt 27.08.2012, 19:12   #2
t'john
/// Helfer-Team
 
win7 - weißer bildschirm - trojaner; OTLPE funkt nicht - Standard

win7 - weißer bildschirm - trojaner; OTLPE funkt nicht





Fixen mit OTL

Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).

  • Deaktiviere etwaige Virenscanner wie Avira, Kaspersky etc.
  • Starte die OTL.exe.
    Vista- und Windows 7-User starten mit Rechtsklick auf das Programm-Icon und wählen "Als Administrator ausführen".
  • Kopiere folgendes Skript in das Textfeld unterhalb von Benuterdefinierte Scans/Fixes:
  • Der Fix fängt mit :OTL an. Vergewissere dich, dass du ihn richtig kopiert hast.


Code:
ATTFilter
:OTL

SRV - (Akamai) -- c:\program files (x86)\common files\akamai/netsession_win_4f7fccd.dll () 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} 
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} 
IE - HKLM\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.) 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 
IE - HKU\S-1-5-21-4276689660-1082581986-1976619290-1000\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.) 
IE - HKU\S-1-5-21-4276689660-1082581986-1976619290-1000\..\SearchScopes,DefaultScope = {E7728C17-7F8E-4C49-9E6B-16844905ECAA} 
IE - HKU\S-1-5-21-4276689660-1082581986-1976619290-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC 
IE - HKU\S-1-5-21-4276689660-1082581986-1976619290-1000\..\SearchScopes\{E7728C17-7F8E-4C49-9E6B-16844905ECAA}: "URL" = http://www.google.de/search?q={searchTerms}&rlz= 
IE - HKU\S-1-5-21-4276689660-1082581986-1976619290-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 
IE - HKU\S-1-5-21-4276689660-1082581986-1976619290-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;127.0.0.1:9421; 
FF - prefs.js..browser.search.useDBForOrder: true 
FF - prefs.js..browser.startup.homepage: "http://mail.google.com/mail/?account_id=nico.reed%40gmail.com#inbox" 
FF - user.js - File not found 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_271.dll File not found 
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found 
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found 
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found 
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found 
O2 - BHO: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.) 
O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files (x86)\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.) 
O3 - HKLM\..\Toolbar: (FireShot) - {6E6E744E-4D20-4ce3-9A7A-26DFFFE22F68} - C:\Users\nico\AppData\Roaming\Mozilla\Firefox\Profiles\fuoxqe8k.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\library\fsaddin-0.76.dll File not found 
O3 - HKLM\..\Toolbar: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.) 
O3:64bit: - HKU\S-1-5-21-4276689660-1082581986-1976619290-1000\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll () 
O3 - HKU\S-1-5-21-4276689660-1082581986-1976619290-1000\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll () 
O4 - HKLM..\Run: [] File not found 
O4 - HKLM..\Run: [MbWzdFPAP-EXL600] C:\Windows\SysWOW64\FPAP-EXL600\PdtGuide.exe () 
O4 - HKU\S-1-5-21-4276689660-1082581986-1976619290-1000..\Run: [AdobeBridge] File not found 
O4 - HKU\S-1-5-21-4276689660-1082581986-1976619290-1000..\Run: [Akamai NetSession Interface] C:\Users\nico\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc) 
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found 
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found 
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found 
O9 - Extra 'Tools' menuitem : &Gears-Einstellungen - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files (x86)\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.) 
O15 - HKU\S-1-5-21-4276689660-1082581986-1976619290-1000\..Trusted Ranges: Range1 ([https] in Trusted sites) 
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32) 
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.) 
O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32) 
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32) 
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found 
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found 
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. 
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. 
O32 - HKLM CDRom: AutoRun - 1 
O32 - AutoRun File - [2008.12.04 16:35:53 | 000,000,000 | ---- | M] () - D:\AUTOEXEC.BAT -- [ NTFS ] 
O32 - AutoRun File - [2009.07.15 21:39:51 | 000,000,122 | R--- | M] () - E:\autorun.inf -- [ UDF ] 
O33 - MountPoints2\{763eef36-2c6d-11e0-85ff-0022158f67e4}\Shell - "" = AutoRun 
O33 - MountPoints2\{763eef36-2c6d-11e0-85ff-0022158f67e4}\Shell\AutoRun\command - "" = G:\wubi.exe --cdmenu 
O33 - MountPoints2\{bba8c978-2301-11e1-b750-0022158f67e4}\Shell - "" = AutoRun 
O33 - MountPoints2\{bba8c978-2301-11e1-b750-0022158f67e4}\Shell\AutoRun\command - "" = G:\DVD-WRITER.exe 
 
@Alternate Data Stream - 1266 bytes -> C:\Users\nico\AppData\Local\Temp:X0JE7R40eSJvamrL1AFsykBGYjSw 

[2009.11.01 19:06:31 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat 
 
:Files

C:\Users\nico\AppData\Local\{*}
C:\ProgramData\*.exe
C:\ProgramData\TEMP
C:\Users\nico\AppData\Local\Temp\*.exe
C:\Users\nico\AppData\LocalLow\Sun\Java\Deployment\cache
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
         
  • Schließe alle Programme.
  • Klicke auf den Fix Button.
  • Wenn OTL einen Neustart verlangt, bitte zulassen.
  • Kopiere den Inhalt des Logfiles hier in Code-Tags in Deinen Thread.
    Nachträglich kannst Du das Logfile hier einsehen => C:\_OTL\MovedFiles\<datum_nummer.log>

Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!
__________________

__________________

Alt 27.08.2012, 21:58   #3
nicoreed
 
win7 - weißer bildschirm - trojaner; OTLPE funkt nicht - Standard

win7 - weißer bildschirm - trojaner; OTLPE funkt nicht



jawohl! hat geklappt (was ich so sehe).
hier das log-file:

Code:
ATTFilter
All processes killed
========== OTL ==========
Service Akamai stopped successfully!
Service Akamai deleted successfully!
c:\program files (x86)\common files\akamai/netsession_win_4f7fccd.dll moved successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{ba14329e-9550-4989-b3f2-9732e92d17cc} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ba14329e-9550-4989-b3f2-9732e92d17cc}\ deleted successfully.
C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll moved successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-4276689660-1082581986-1976619290-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{ba14329e-9550-4989-b3f2-9732e92d17cc} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ba14329e-9550-4989-b3f2-9732e92d17cc}\ not found.
File C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll not found.
HKEY_USERS\S-1-5-21-4276689660-1082581986-1976619290-1000\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-4276689660-1082581986-1976619290-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_USERS\S-1-5-21-4276689660-1082581986-1976619290-1000\Software\Microsoft\Internet Explorer\SearchScopes\{E7728C17-7F8E-4C49-9E6B-16844905ECAA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E7728C17-7F8E-4C49-9E6B-16844905ECAA}\ not found.
HKU\S-1-5-21-4276689660-1082581986-1976619290-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKU\S-1-5-21-4276689660-1082581986-1976619290-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
Prefs.js: true removed from browser.search.useDBForOrder
Prefs.js: "hxxp://mail.google.com/mail/?account_id=nico.reed%40gmail.com#inbox" removed from browser.startup.homepage
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@adobe.com/FlashPlayer\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ba14329e-9550-4989-b3f2-9732e92d17cc}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ba14329e-9550-4989-b3f2-9732e92d17cc}\ not found.
File C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53}\ deleted successfully.
C:\Program Files (x86)\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{6E6E744E-4D20-4ce3-9A7A-26DFFFE22F68} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6E6E744E-4D20-4ce3-9A7A-26DFFFE22F68}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{ba14329e-9550-4989-b3f2-9732e92d17cc} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ba14329e-9550-4989-b3f2-9732e92d17cc}\ not found.
File C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll not found.
64bit-Registry value HKEY_USERS\S-1-5-21-4276689660-1082581986-1976619290-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{32099AAC-C132-4136-9E9A-4E364A424E17} deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ deleted successfully.
C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll moved successfully.
Registry value HKEY_USERS\S-1-5-21-4276689660-1082581986-1976619290-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{32099AAC-C132-4136-9E9A-4E364A424E17} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ deleted successfully.
C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\MbWzdFPAP-EXL600 deleted successfully.
C:\Windows\SysWOW64\FPAP-EXL600\PdtGuide.exe moved successfully.
Registry value HKEY_USERS\S-1-5-21-4276689660-1082581986-1976619290-1000\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge deleted successfully.
Registry value HKEY_USERS\S-1-5-21-4276689660-1082581986-1976619290-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Akamai NetSession Interface deleted successfully.
C:\Users\nico\AppData\Local\Akamai\netsession_win.exe moved successfully.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Nach Microsoft E&xel exportieren\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Nach Microsoft E&xel exportieren\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5}\ not found.
File C:\Program Files (x86)\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll not found.
Registry value HKEY_USERS\S-1-5-21-4276689660-1082581986-1976619290-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\Range1\\https deleted successfully.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
C:\Windows\Downloaded Program Files\erma.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
D:\AUTOEXEC.BAT moved successfully.
File move failed. E:\autorun.inf scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{763eef36-2c6d-11e0-85ff-0022158f67e4}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{763eef36-2c6d-11e0-85ff-0022158f67e4}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{763eef36-2c6d-11e0-85ff-0022158f67e4}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{763eef36-2c6d-11e0-85ff-0022158f67e4}\ not found.
File G:\wubi.exe --cdmenu not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bba8c978-2301-11e1-b750-0022158f67e4}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bba8c978-2301-11e1-b750-0022158f67e4}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bba8c978-2301-11e1-b750-0022158f67e4}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bba8c978-2301-11e1-b750-0022158f67e4}\ not found.
File G:\DVD-WRITER.exe not found.
ADS C:\Users\nico\AppData\Local\Temp:X0JE7R40eSJvamrL1AFsykBGYjSw deleted successfully.
C:\ProgramData\ezsidmv.dat moved successfully.
========== FILES ==========
C:\Users\nico\AppData\Local\{02CD9CDD-ACC5-4AEF-B377-9A7DD2713626} folder moved successfully.
C:\Users\nico\AppData\Local\{1BAB723D-7642-4368-9D1E-F7B1828F6599} folder moved successfully.
C:\Users\nico\AppData\Local\{2247A262-18D6-422A-A36A-CD41B5FCBA84} folder moved successfully.
C:\Users\nico\AppData\Local\{23A2C986-8E0B-43B1-8F02-331428AD5898} folder moved successfully.
C:\Users\nico\AppData\Local\{287BE475-A546-47F2-8DF0-DB14593B536E} folder moved successfully.
C:\Users\nico\AppData\Local\{41F0A6FD-2992-4EE9-B99E-4BE288720A69} folder moved successfully.
C:\Users\nico\AppData\Local\{52DE5A3F-CEAD-4C65-AC35-FFA5E9D9F593} folder moved successfully.
C:\Users\nico\AppData\Local\{56D3A45C-BE0F-481E-9F1A-7E54A5C12776} folder moved successfully.
C:\Users\nico\AppData\Local\{572023D9-FDE1-43FB-9A1E-C980F03AB570} folder moved successfully.
C:\Users\nico\AppData\Local\{6398C1AD-77C8-4694-9E18-6A532556C034} folder moved successfully.
C:\Users\nico\AppData\Local\{68EA46D6-3AD9-4EF1-B483-D71F92AA6F3C} folder moved successfully.
C:\Users\nico\AppData\Local\{850CD005-82D1-4B2C-A9A6-594A59FBC08B} folder moved successfully.
C:\Users\nico\AppData\Local\{86310FAB-DE4F-4963-88B7-D93682063745} folder moved successfully.
C:\Users\nico\AppData\Local\{90031F19-23BC-4DD1-934A-55AE7ED030CA} folder moved successfully.
C:\Users\nico\AppData\Local\{9724B49A-EF07-4C33-BFB6-4662EE622DE7} folder moved successfully.
C:\Users\nico\AppData\Local\{97B8348A-E867-48BF-802B-9ADB20E376ED} folder moved successfully.
C:\Users\nico\AppData\Local\{9F0AC529-4272-4976-BA0D-33785EE8AC82} folder moved successfully.
C:\Users\nico\AppData\Local\{A5BCE716-E666-4DA7-972B-2AA4111FAD7A} folder moved successfully.
C:\Users\nico\AppData\Local\{AEF71320-1A4C-44AA-85ED-97F6DC442B02} folder moved successfully.
C:\Users\nico\AppData\Local\{AFF04AE0-6C4A-4D54-9122-CD84B321C19B} folder moved successfully.
C:\Users\nico\AppData\Local\{C9A54F10-1445-4BB2-BEA4-942B2B63D7F6} folder moved successfully.
C:\Users\nico\AppData\Local\{CF4D7AD5-35D9-460E-BB15-B3C42B9108C4} folder moved successfully.
C:\Users\nico\AppData\Local\{E342CA03-4E9E-4674-BFF2-E63AE607512F} folder moved successfully.
C:\Users\nico\AppData\Local\{E74EA2FF-581D-4841-A59D-1CAF9B452865} folder moved successfully.
C:\Users\nico\AppData\Local\{E861502E-7EB5-4234-B35A-BFC9401450F9} folder moved successfully.
C:\Users\nico\AppData\Local\{F6C21EF0-2A36-4606-B84D-B932354F070E} folder moved successfully.
C:\Users\nico\AppData\Local\{FC0B4AB1-2628-42C7-91AD-C4C574696DBE} folder moved successfully.
C:\Users\nico\AppData\Local\{FC746361-28D9-47DD-B7FD-C51D213BFF35} folder moved successfully.
C:\Users\nico\AppData\Local\{FFCEAB4B-353A-4D78-8141-6DE489791A0B} folder moved successfully.
File\Folder C:\ProgramData\*.exe not found.
File\Folder C:\ProgramData\TEMP not found.
C:\Users\nico\AppData\Local\Temp\FlashPlayerUpdate.exe moved successfully.
C:\Users\nico\AppData\Local\Temp\FooPlugin0.9.4Setup_2.3.1.2.exe moved successfully.
C:\Users\nico\AppData\Local\Temp\GLF8F0.tmp.ConduitEngineSetup.exe moved successfully.
C:\Users\nico\AppData\Local\Temp\GoogleUpdateSetup.exe10675 moved successfully.
C:\Users\nico\AppData\Local\Temp\GoogleUpdateSetup.exe25317c moved successfully.
C:\Users\nico\AppData\Local\Temp\GoogleUpdateSetup.exe1fc2c2 moved successfully.
C:\Users\nico\AppData\Local\Temp\GoogleUpdateSetup.exe27f98b moved successfully.
C:\Users\nico\AppData\Local\Temp\GoogleUpdateSetup.exe61951f moved successfully.
C:\Users\nico\AppData\Local\Temp\GoogleUpdateSetup.exea57b0 moved successfully.
C:\Users\nico\AppData\Local\Temp\GoogleUpdateSetup.exee5fea moved successfully.
C:\Users\nico\AppData\Local\Temp\GoogleUpdateSetup.exe131d6f moved successfully.
C:\Users\nico\AppData\Local\Temp\GoogleUpdateSetup.exe11520ed moved successfully.
C:\Users\nico\AppData\Local\Temp\GoogleUpdateSetup.exe7e14 moved successfully.
C:\Users\nico\AppData\Local\Temp\GoogleUpdateSetup.exe8d12 moved successfully.
C:\Users\nico\AppData\Local\Temp\GoogleUpdateSetup.exe138ea moved successfully.
C:\Users\nico\AppData\Local\Temp\i4jdel0.exe moved successfully.
C:\Users\nico\AppData\Local\Temp\InstallAX.exe moved successfully.
C:\Users\nico\AppData\Local\Temp\InstallPlugin.exe moved successfully.
C:\Users\nico\AppData\Local\Temp\iTunesPluginWinSetup_3.0.4.0.exe moved successfully.
C:\Users\nico\AppData\Local\Temp\jre-6u17-windows-i586-iftw-rv.exe moved successfully.
C:\Users\nico\AppData\Local\Temp\jre-6u20-windows-i586-iftw-rv.exe moved successfully.
C:\Users\nico\AppData\Local\Temp\jre-6u21-windows-i586-iftw-rv.exe moved successfully.
C:\Users\nico\AppData\Local\Temp\jre-6u22-windows-i586-iftw-rv.exe moved successfully.
C:\Users\nico\AppData\Local\Temp\jre-6u24-windows-i586-iftw-rv.exe moved successfully.
C:\Users\nico\AppData\Local\Temp\jre-6u26-windows-i586-iftw-rv.exe moved successfully.
C:\Users\nico\AppData\Local\Temp\jre-6u29-windows-i586-iftw-rv.exe moved successfully.
C:\Users\nico\AppData\Local\Temp\jre-6u32-windows-i586-iftw.exe moved successfully.
C:\Users\nico\AppData\Local\Temp\lvid_lvid.exe moved successfully.
C:\Users\nico\AppData\Local\Temp\ONAIRSetup100.0.0.000.exe moved successfully.
C:\Users\nico\AppData\Local\Temp\ONAIRSetup4.0.0.834.exe moved successfully.
C:\Users\nico\AppData\Local\Temp\pyl1093.tmp.exe moved successfully.
C:\Users\nico\AppData\Local\Temp\SkypeSetup.exe moved successfully.
C:\Users\nico\AppData\Local\Temp\SpotifyUpgrader.exe moved successfully.
C:\Users\nico\AppData\Local\Temp\wlsetup-cvr.exe moved successfully.
C:\Users\nico\AppData\Local\Temp\WmpPluginSetup_2.1.0.6.exe moved successfully.
C:\Users\nico\AppData\Local\Temp\xmlUpdater.exe moved successfully.
C:\Users\nico\AppData\Local\Temp\_is6E3C.exe moved successfully.
C:\Users\nico\AppData\Local\Temp\_isA2F2.exe moved successfully.
C:\Users\nico\AppData\Local\Temp\_isC4F.exe moved successfully.
C:\Users\nico\AppData\Local\Temp\_isDC3A.exe moved successfully.
C:\Users\nico\AppData\Local\Temp\~convert1587411461053568677.exe moved successfully.
C:\Users\nico\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\tmp folder moved successfully.
C:\Users\nico\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\muffin folder moved successfully.
C:\Users\nico\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\host folder moved successfully.
C:\Users\nico\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9 folder moved successfully.
C:\Users\nico\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8 folder moved successfully.
C:\Users\nico\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7 folder moved successfully.
C:\Users\nico\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63 folder moved successfully.
C:\Users\nico\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62 folder moved successfully.
C:\Users\nico\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61 folder moved successfully.
C:\Users\nico\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60 folder moved successfully.
C:\Users\nico\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6 folder moved successfully.
C:\Users\nico\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59 folder moved successfully.
C:\Users\nico\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58 folder moved successfully.
C:\Users\nico\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57 folder moved successfully.
C:\Users\nico\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56 folder moved successfully.
C:\Users\nico\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55 folder moved successfully.
C:\Users\nico\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54 folder moved successfully.
C:\Users\nico\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53 folder moved successfully.
C:\Users\nico\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52 folder moved successfully.
C:\Users\nico\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\51 folder moved successfully.
C:\Users\nico\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50 folder moved successfully.
C:\Users\nico\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5 folder moved successfully.
C:\Users\nico\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49 folder moved successfully.
C:\Users\nico\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48 folder moved successfully.
C:\Users\nico\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47 folder moved successfully.
C:\Users\nico\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46 folder moved successfully.
C:\Users\nico\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\45 folder moved successfully.
C:\Users\nico\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44 folder moved successfully.
C:\Users\nico\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43 folder moved successfully.
C:\Users\nico\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42 folder moved successfully.
C:\Users\nico\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41 folder moved successfully.
C:\Users\nico\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40 folder moved successfully.
C:\Users\nico\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4 folder moved successfully.
C:\Users\nico\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39 folder moved successfully.
C:\Users\nico\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38 folder moved successfully.
C:\Users\nico\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\37 folder moved successfully.
C:\Users\nico\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36 folder moved successfully.
C:\Users\nico\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35 folder moved successfully.
C:\Users\nico\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34 folder moved successfully.
C:\Users\nico\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33 folder moved successfully.
C:\Users\nico\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32 folder moved successfully.
C:\Users\nico\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31 folder moved successfully.
C:\Users\nico\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30 folder moved successfully.
C:\Users\nico\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3 folder moved successfully.
C:\Users\nico\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29 folder moved successfully.
C:\Users\nico\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28 folder moved successfully.
C:\Users\nico\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27 folder moved successfully.
C:\Users\nico\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26 folder moved successfully.
C:\Users\nico\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25 folder moved successfully.
C:\Users\nico\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\24 folder moved successfully.
C:\Users\nico\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23 folder moved successfully.
C:\Users\nico\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22 folder moved successfully.
C:\Users\nico\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21 folder moved successfully.
C:\Users\nico\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20 folder moved successfully.
C:\Users\nico\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2 folder moved successfully.
C:\Users\nico\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19 folder moved successfully.
C:\Users\nico\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18 folder moved successfully.
C:\Users\nico\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17 folder moved successfully.
C:\Users\nico\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16 folder moved successfully.
C:\Users\nico\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15 folder moved successfully.
C:\Users\nico\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\14 folder moved successfully.
C:\Users\nico\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13 folder moved successfully.
C:\Users\nico\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12 folder moved successfully.
C:\Users\nico\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\11 folder moved successfully.
C:\Users\nico\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10 folder moved successfully.
C:\Users\nico\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1 folder moved successfully.
C:\Users\nico\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0 folder moved successfully.
C:\Users\nico\AppData\LocalLow\Sun\Java\Deployment\cache\6.0 folder moved successfully.
C:\Users\nico\AppData\LocalLow\Sun\Java\Deployment\cache folder moved successfully.
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\nico\Desktop\cmd.bat deleted successfully.
C:\Users\nico\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56509 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: nico
->Temp folder emptied: 1010664002 bytes
->Temporary Internet Files folder emptied: 814044669 bytes
->FireFox cache emptied: 63440536 bytes
->Google Chrome cache emptied: 17946600 bytes
->Flash cache emptied: 2939392 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 658651342 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 526050 bytes
%systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 753 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 102226 bytes
RecycleBin emptied: 289631 bytes
 
Total Files Cleaned = 2.450,00 mb
 
 
OTL by OldTimer - Version 3.2.59.1 log created on 08272012_224744

Files\Folders moved on Reboot...
File move failed. E:\autorun.inf scheduled to be moved on reboot.
C:\Users\nico\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
         
da wurde ja einiges "moved" ... was heißt das jetzt für mich?
muss ich irgendwelche dinge jetzt wiederherstellen oder so?
was ist die empfehlung als schutz vor weiteren trojanern? avira isses anscheinend mal nicht
__________________

Alt 28.08.2012, 17:36   #4
t'john
/// Helfer-Team
 
win7 - weißer bildschirm - trojaner; OTLPE funkt nicht - Standard

win7 - weißer bildschirm - trojaner; OTLPE funkt nicht



Sehr gut!

Wie laeuft der Rechner?

1. Schritt
Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Malwarebytes Anti-Malware
- Anwendbar auf Windows 2000, XP, Vista und 7.
- Installiere das Programm in den vorgegebenen Pfad.
- Aktualisiere die Datenbank!
- Aktiviere "Komplett Scan durchführen" => Scan.
- Wähle alle verfügbaren Laufwerke (ausser CD/DVD) aus und starte den Scan.
- Funde bitte löschen lassen oder in Quarantäne.
- Wenn der Scan beendet ist, klicke auf "Zeige Resultate".
danach:

2. Schritt

Downloade Dir bitte AdwCleaner auf deinen Desktop.

  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Search.
  • Nach Ende des Suchlaufs öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[R1].txt.
__________________
Mfg, t'john
Das TB unterstützen

Alt 31.08.2012, 15:29   #5
nicoreed
 
win7 - weißer bildschirm - trojaner; OTLPE funkt nicht - Standard

win7 - weißer bildschirm - trojaner; OTLPE funkt nicht



rechner läuft wieder ganz normal.
danke auf jeden fall nochmal für die hilfe!!!!!!!!!!!!
bin froh das forum gefunden zu haben und werde es auch entsprechend weiter empfehlen ...

scan mit Malwarebytes läuft grade noch


Alt 31.08.2012, 20:22   #6
t'john
/// Helfer-Team
 
win7 - weißer bildschirm - trojaner; OTLPE funkt nicht - Standard

win7 - weißer bildschirm - trojaner; OTLPE funkt nicht



Wir sind noch nicht fertig.

Logfiles posten!
__________________
--> win7 - weißer bildschirm - trojaner; OTLPE funkt nicht

Alt 31.08.2012, 20:27   #7
nicoreed
 
win7 - weißer bildschirm - trojaner; OTLPE funkt nicht - Standard

win7 - weißer bildschirm - trojaner; OTLPE funkt nicht



achso ja
***

logfile von malwarebytes:

Code:
ATTFilter
Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.08.31.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
nico :: STAND-PC [Administrator]

31.08.2012 16:13:44
mbam-log-2012-08-31 (16-13-44).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|F:\|J:\|K:\|L:\|M:\|O:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 824668
Laufzeit: 2 Stunde(n), 48 Minute(n), 33 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 4
C:\Users\nico\Documents\Downloads\Nero Burning ROM 8\Nero 8 Keygen.exe (RiskWare.Tool.CK) -> Erfolgreich gelöscht und in Quarantäne gestellt.
F:\Datensicherung\Users\nico\AppData\Roaming\msconfig.dat (Trojan.Dropper) -> Erfolgreich gelöscht und in Quarantäne gestellt.
F:\Datensicherung\Users\nico\Documents\Downloads\Nero Burning ROM 8\Nero 8 Keygen.exe (RiskWare.Tool.CK) -> Erfolgreich gelöscht und in Quarantäne gestellt.
F:\install_files\Acronis True Image 11 Build 8053 Home\keygen.exe (Trojan.Agent.CK) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
         
logfile von adwcleaner:

Code:
ATTFilter
# AdwCleaner v2.000 - Datei am 08/31/2012 um 21:24:28 erstellt
# Aktualisiert am 30/08/2012 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzer : nico - STAND-PC
# Normaler Modus : Normal
# Ausgeführt unter : C:\Users\nico\Desktop\adwcleaner.exe
# Option [Suche]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gefunden : C:\Users\nico\AppData\Roaming\Mozilla\Firefox\Profiles\fuoxqe8k.default\extensions\toolbar@alexa.com.xpi
Ordner Gefunden : C:\Program Files (x86)\DAEMON Tools Toolbar
Ordner Gefunden : C:\Program Files (x86)\Vuze_Remote
Ordner Gefunden : C:\Program Files (x86)\Vuze_Remote
Ordner Gefunden : C:\Users\nico\AppData\Local\Conduit
Ordner Gefunden : C:\Users\nico\AppData\LocalLow\Conduit
Ordner Gefunden : C:\Users\nico\AppData\LocalLow\Vuze_Remote
Ordner Gefunden : C:\Users\nico\AppData\LocalLow\Vuze_Remote
Ordner Gefunden : C:\Users\nico\AppData\Roaming\Mozilla\Firefox\Profiles\fuoxqe8k.default\Conduit
Ordner Gefunden : C:\Users\nico\AppData\Roaming\Mozilla\Firefox\Profiles\fuoxqe8k.default\CT2269050
Ordner Gefunden : C:\Users\nico\AppData\Roaming\Mozilla\Firefox\Profiles\fuoxqe8k.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}

***** [Registrierungsdatenbank] *****

Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\Vuze_Remote
Schlüssel Gefunden : HKCU\Software\AppDataLow\Toolbar
Schlüssel Gefunden : HKCU\Software\Conduit
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{32099AAC-C132-4136-9E9A-4E364A424E17}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{BA14329E-9550-4989-B3F2-9732E92D17CC}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{32099AAC-C132-4136-9E9A-4E364A424E17}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BA14329E-9550-4989-B3F2-9732E92D17CC}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\BHO.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Conduit.Engine
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\DTToolbar.ToolBandObj
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\DTToolbar.ToolBandObj.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Toolbar.CT2504091
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Schlüssel Gefunden : HKLM\Software\Conduit
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9DC9A143-E7FE-4001-95C6-C186FF82D26C}
Schlüssel Gefunden : HKLM\Software\Vuze_Remote
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{9DC9A143-E7FE-4001-95C6-C186FF82D26C}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{167A3CB3-2554-49F2-86A5-4A6A16A70662}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEAF1BBA-4FF9-4DA8-9E78-1C391E1FE02D}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Vuze_Remote Toolbar
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Wert Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{32099AAC-C132-4136-9E9A-4E364A424E17}]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{32099AAC-C132-4136-9E9A-4E364A424E17}]

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v14.0.1 (de)

Profilname : default 
Datei : C:\Users\nico\AppData\Roaming\Mozilla\Firefox\Profiles\fuoxqe8k.default\prefs.js

Gefunden : user_pref("CT2269050..clientLogIsEnabled", false);
Gefunden : user_pref("CT2269050..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Gefunden : user_pref("CT2269050..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Gefunden : user_pref("CT2269050.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
Gefunden : user_pref("CT2269050.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Gefunden : user_pref("CT2269050.BrowserCompStateIsOpen_129681780741097243", true);
Gefunden : user_pref("CT2269050.BrowserCompStateIsOpen_129853623028165512", true);
Gefunden : user_pref("CT2269050.BrowserCompStateIsOpen_129881141106886992", true);
Gefunden : user_pref("CT2269050.CTID", "CT2269050");
Gefunden : user_pref("CT2269050.CurrentServerDate", "31-8-2012");
Gefunden : user_pref("CT2269050.DialogsAlignMode", "LTR");
Gefunden : user_pref("CT2269050.DialogsGetterLastCheckTime", "Thu Aug 30 2012 14:35:34 GMT+0200");
Gefunden : user_pref("CT2269050.DownloadReferralCookieData", "");
Gefunden : user_pref("CT2269050.EMailNotifierPollDate", "Thu Jan 06 2011 20:03:52 GMT+0100");
Gefunden : user_pref("CT2269050.FirstServerDate", "6-1-2011");
Gefunden : user_pref("CT2269050.FirstTime", true);
Gefunden : user_pref("CT2269050.FirstTimeFF3", true);
Gefunden : user_pref("CT2269050.FirstTimeSettingsDone", true);
Gefunden : user_pref("CT2269050.FixPageNotFoundErrors", true);
Gefunden : user_pref("CT2269050.GroupingServerCheckInterval", 1440);
Gefunden : user_pref("CT2269050.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Gefunden : user_pref("CT2269050.HasUserGlobalKeys", true);
Gefunden : user_pref("CT2269050.Initialize", true);
Gefunden : user_pref("CT2269050.InitializeCommonPrefs", true);
Gefunden : user_pref("CT2269050.InstallationAndCookieDataSentCount", 3);
Gefunden : user_pref("CT2269050.InstallationType", "UnknownIntegration");
Gefunden : user_pref("CT2269050.InstalledDate", "Thu Jan 06 2011 19:53:52 GMT+0100");
Gefunden : user_pref("CT2269050.InvalidateCache", false);
Gefunden : user_pref("CT2269050.IsGrouping", false);
Gefunden : user_pref("CT2269050.IsMulticommunity", false);
Gefunden : user_pref("CT2269050.IsOpenThankYouPage", false);
Gefunden : user_pref("CT2269050.IsOpenUninstallPage", false);
Gefunden : user_pref("CT2269050.LanguagePackLastCheckTime", "Fri Aug 31 2012 15:37:01 GMT+0200");
Gefunden : user_pref("CT2269050.LanguagePackReloadIntervalMM", 1440);
Gefunden : user_pref("CT2269050.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Gefunden : user_pref("CT2269050.LastLogin_2.7.2.0", "Thu Jan 06 2011 19:53:52 GMT+0100");
Gefunden : user_pref("CT2269050.LastLogin_3.12.0.7", "Sat Apr 28 2012 12:31:52 GMT+0200");
Gefunden : user_pref("CT2269050.LastLogin_3.12.2.3", "Sat Jun 02 2012 20:24:42 GMT+0200");
Gefunden : user_pref("CT2269050.LastLogin_3.13.0.6", "Fri Jun 29 2012 07:43:12 GMT+0200");
Gefunden : user_pref("CT2269050.LastLogin_3.14.1.0", "Tue Aug 21 2012 19:39:30 GMT+0200");
Gefunden : user_pref("CT2269050.LastLogin_3.15.1.0", "Fri Aug 31 2012 15:37:01 GMT+0200");
Gefunden : user_pref("CT2269050.LatestVersion", "3.15.1.0");
Gefunden : user_pref("CT2269050.Locale", "en");
Gefunden : user_pref("CT2269050.LoginCache", 4);
Gefunden : user_pref("CT2269050.MCDetectTooltipHeight", "83");
Gefunden : user_pref("CT2269050.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Gefunden : user_pref("CT2269050.MCDetectTooltipWidth", "295");
Gefunden : user_pref("CT2269050.MyStuffEnabledAtInstallation", true);
Gefunden : user_pref("CT2269050.RadioIsPodcast", false);
Gefunden : user_pref("CT2269050.RadioLastCheckTime", "Thu Jan 06 2011 19:53:52 GMT+0100");
Gefunden : user_pref("CT2269050.RadioLastUpdateIPServer", "3");
Gefunden : user_pref("CT2269050.RadioLastUpdateServer", "129132338014870000");
Gefunden : user_pref("CT2269050.RadioMediaID", "12473383");
Gefunden : user_pref("CT2269050.RadioMediaType", "Media Player");
Gefunden : user_pref("CT2269050.RadioMenuSelectedID", "EBRadioMenu_CT226905012473383");
Gefunden : user_pref("CT2269050.RadioStationName", "Hotmix%20108");
Gefunden : user_pref("CT2269050.RadioStationURL", "hxxp://67.202.67.18:8082");
Gefunden : user_pref("CT2269050.SearchEngine", "Search||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TER[...]
Gefunden : user_pref("CT2269050.SearchFromAddressBarIsInit", true);
Gefunden : user_pref("CT2269050.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT226[...]
Gefunden : user_pref("CT2269050.SearchInNewTabEnabled", true);
Gefunden : user_pref("CT2269050.SearchInNewTabIntervalMM", 1440);
Gefunden : user_pref("CT2269050.SearchInNewTabLastCheckTime", "Fri Aug 31 2012 15:36:59 GMT+0200");
Gefunden : user_pref("CT2269050.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Gefunden : user_pref("CT2269050.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...]
Gefunden : user_pref("CT2269050.SearchInNewTabUserEnabled", false);
Gefunden : user_pref("CT2269050.ServiceMapLastCheckTime", "Fri Aug 31 2012 15:36:59 GMT+0200");
Gefunden : user_pref("CT2269050.SettingsCheckIntervalMin", 120);
Gefunden : user_pref("CT2269050.SettingsLastCheckTime", "Fri Aug 31 2012 15:36:58 GMT+0200");
Gefunden : user_pref("CT2269050.SettingsLastUpdate", "1346236157");
Gefunden : user_pref("CT2269050.ThirdPartyComponentsInterval", 504);
Gefunden : user_pref("CT2269050.ThirdPartyComponentsLastCheck", "Thu Jan 06 2011 19:53:51 GMT+0100");
Gefunden : user_pref("CT2269050.ThirdPartyComponentsLastUpdate", "1246790578");
Gefunden : user_pref("CT2269050.ToolbarShrinkedFromSetup", false);
Gefunden : user_pref("CT2269050.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2269050");
Gefunden : user_pref("CT2269050.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]
Gefunden : user_pref("CT2269050.UserID", "UN79856558457248924");
Gefunden : user_pref("CT2269050.WeatherNetwork", "");
Gefunden : user_pref("CT2269050.WeatherPollDate", "Thu Jan 06 2011 19:53:52 GMT+0100");
Gefunden : user_pref("CT2269050.WeatherUnit", "C");
Gefunden : user_pref("CT2269050.alertChannelId", "666138");
Gefunden : user_pref("CT2269050.clientLogIsEnabled", false);
Gefunden : user_pref("CT2269050.clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asm[...]
Gefunden : user_pref("CT2269050.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
Gefunden : user_pref("CT2269050.homepageProtectorEnableByLogin", true);
Gefunden : user_pref("CT2269050.initDone", true);
Gefunden : user_pref("CT2269050.myStuffEnabled", true);
Gefunden : user_pref("CT2269050.myStuffPublihserMinWidth", 400);
Gefunden : user_pref("CT2269050.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Gefunden : user_pref("CT2269050.myStuffServiceIntervalMM", 1440);
Gefunden : user_pref("CT2269050.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Gefunden : user_pref("CT2269050.revertSettingsEnabled", true);
Gefunden : user_pref("CT2269050.searchProtectorDialogDelayInSec", 10);
Gefunden : user_pref("CT2269050.searchProtectorEnableByLogin", true);
Gefunden : user_pref("CT2269050.testingCtid", "");
Gefunden : user_pref("CT2269050.toolbarAppMetaDataLastCheckTime", "Fri Aug 31 2012 15:37:01 GMT+0200");
Gefunden : user_pref("CT2269050.uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Reg[...]
Gefunden : user_pref("CT2269050.usagesFlag", 2);
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2269050/CT2269050[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/909619/905414/AT", "\"0\"")[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2269050", [...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.engine.conduit-services.com/DLG.pkg?ver=3.3.3[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.13[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.14[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.15[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2269050",[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=0", "63[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=1/11/20[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=3/13/20[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"bff[...]
Gefunden : user_pref("CommunityToolbar.EngineOwner", "");
Gefunden : user_pref("CommunityToolbar.EngineOwnerGuid", "");
Gefunden : user_pref("CommunityToolbar.EngineOwnerToolbarId", "");
Gefunden : user_pref("CommunityToolbar.IsEngineShown", true);
Gefunden : user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true);
Gefunden : user_pref("CommunityToolbar.OriginalEngineOwner", "");
Gefunden : user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "");
Gefunden : user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "");
Gefunden : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "chrome://browser-region/locale/region.pr[...]
Gefunden : user_pref("CommunityToolbar.ToolbarsList", "CT2269050");
Gefunden : user_pref("CommunityToolbar.ToolbarsList2", "CT2269050");
Gefunden : user_pref("CommunityToolbar.alert.alertDialogsGetterLastCheckTime", "Sun Mar 27 2011 13:45:16 GMT+02[...]
Gefunden : user_pref("CommunityToolbar.alert.alertInfoInterval", 1440);
Gefunden : user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Tue May 31 2011 18:38:31 GMT+0200");
Gefunden : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");
Gefunden : user_pref("CommunityToolbar.alert.locale", "en");
Gefunden : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
Gefunden : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Tue May 31 2011 18:38:23 GMT+0200");
Gefunden : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1305622559");
Gefunden : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
Gefunden : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");
Gefunden : user_pref("CommunityToolbar.alert.showTrayIcon", false);
Gefunden : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
Gefunden : user_pref("CommunityToolbar.alert.userId", "{3dcb0c32-676d-4e42-a2eb-d16115585769}");
Gefunden : user_pref("CommunityToolbar.globalUserId", "4fe613ed-1941-4b49-968c-19179208b6cb");
Gefunden : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Gefunden : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Gefunden : user_pref("extensions.alexa.toolbarXMLText", "<?xml version=\"1.0\" encoding=\"utf-8\"?>\n<toolbar>\[...]

-\\ Google Chrome v21.0.1180.89

Datei : C:\Users\nico\AppData\Local\Google\Chrome\User Data\Default\Preferences

Gefunden [l.11] : urls_to_restore_on_startup = [ "hxxp://mail.google.com/mail/?shva=1#inbox" ]
Gefunden [l.1451] : urls_to_restore_on_startup = [ "hxxp://mail.google.com/mail/?shva=1#inbox" ]

*************************

AdwCleaner[R1].txt - [16186 octets] - [31/08/2012 21:24:28]

########## EOF - C:\AdwCleaner[R1].txt - [16247 octets] ##########
         

Alt 31.08.2012, 22:50   #8
t'john
/// Helfer-Team
 
win7 - weißer bildschirm - trojaner; OTLPE funkt nicht - Standard

win7 - weißer bildschirm - trojaner; OTLPE funkt nicht



Sehr gut!


  • Schließe alle offenen Programme und Browser.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Delete.
  • Bestätige jeweils mit Ok.
  • Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[S1].txt.




danach:


Malware-Scan mit Emsisoft Anti-Malware

Lade die Gratisversion von => Emsisoft Anti-Malware herunter und installiere das Programm.
Lade über Jetzt Updaten die aktuellen Signaturen herunter.
Wähle den Freeware-Modus aus.

Wähle Detail Scan und starte über den Button Scan die Überprüfung des Computers.
Am Ende des Scans nichts loeschen lassen!. Mit Klick auf Bericht speichern das Logfile auf dem Desktop speichern und hier in den Thread posten.

Anleitung: http://www.trojaner-board.de/103809-...i-malware.html
__________________
Mfg, t'john
Das TB unterstützen

Alt 02.09.2012, 13:51   #9
nicoreed
 
win7 - weißer bildschirm - trojaner; OTLPE funkt nicht - Standard

win7 - weißer bildschirm - trojaner; OTLPE funkt nicht



das file von adwcleaner hab ich schon in der vorigen antwort gepostet.
hier noch das ergebnis vom emsisoft anti-malware:

Code:
ATTFilter
Emsisoft Anti-Malware - Version 6.6
Letztes Update: 02.09.2012 11:20:28

Scan Einstellungen:

Scan Methode: Detail Scan
Objekte: Rootkits, Speicher, Traces, C:\, D:\, F:\, O:\
Archiv Scan: An
ADS Scan: An

Scan Beginn:	02.09.2012 11:31:29

F:\install_files\NetLimiter.Pro.2.0.10_CRK-FFF.zip -> NetLimiter.Pro.2.0.10_CRK-FFF\netlimiter.pro.v2.0.10-patch.exe 	gefunden: possible-Threat.Patch.NetLimiter!E2
F:\install_files\Adobe Creative Suite 5 Master Collection - Shadeyman\Keygen.rar -> Keygen\keygen.exe 	gefunden: not-a-virus.Keygen.Adobe!E2
F:\GAMES\Unreal.Tournament.3-AVENGED\Unreal.Tournament.3.KEYGEN-RELOADED\rld-ut3k.rar -> rld-ut3k.exe 	gefunden: not-a-virus.Keygen.UnrealTournament3!E2
F:\GAMES\S.T.A.L.K.E.R\S.T.A.L.K.E.R.Shadow.of.Chernobyl.PLUS.4.TRAINER.REPACK-Unleashed\unl-sp4tr.rar -> trainer.exe 	gefunden: Trojan.Packed!E2
F:\GAMES\Call.Of.Duty.World.At.War-RELOADED\CoD5_Patch.rar -> CoD5_Patch.exe 	gefunden: Backdoor.Win32.Poison!E2
F:\GAMES\Crysis-Razor1911\Crysis.Update.1.2-ViTALiTY\ViTALiTY\Bin64\Crysis.exe 	gefunden: Riskware.Crack.Crysis!E2
F:\GAMES\Crysis-Razor1911\Crysis.Update.1.2-ViTALiTY\ViTALiTY\Bin32\Crysis.exe 	gefunden: Riskware.Crack.Crysis!E2
F:\Datensicherung\FestplatteTemp11_2011\Adobe Creative Suite 5 Master Collection - Shadeyman.rar -> Adobe Creative Suite 5 Master Collection - Shadeyman\Keygen.rar -> Keygen\keygen.exe 	gefunden: not-a-virus.Keygen.Adobe!E2
F:\Datensicherung\FestplatteTemp11_2011\Adobe Creative Suite 5 Master Collection - Shadeyman.rar -> Adobe Creative Suite 5 Master Collection - Shadeyman\Keygen\keygen.exe 	gefunden: not-a-virus.Keygen.Adobe!E2
F:\Datensicherung\FestplatteTemp11_2011\Adobe Creative Suite 5 Master Collection - Shadeyman.rar -> Adobe Creative Suite 5 Master Collection - Shadeyman\Keygen.rar 	gefunden: not-a-virus.Keygen.Adobe!E2
O:\System Volume Information\_restore{62419767-DBF8-46BF-9DBB-CC6249393EEE}\RP333\A0057815.exe 	gefunden: Riskware.Crack.Crysis!E2
O:\System Volume Information\_restore{62419767-DBF8-46BF-9DBB-CC6249393EEE}\RP333\A0057814.exe 	gefunden: Riskware.Crack.Crysis!E2

Gescannt	1077601
Gefunden	12

Scan Ende:	02.09.2012 14:29:06
Scan Zeit:	2:57:37
         

Alt 02.09.2012, 19:56   #10
t'john
/// Helfer-Team
 
win7 - weißer bildschirm - trojaner; OTLPE funkt nicht - Standard

win7 - weißer bildschirm - trojaner; OTLPE funkt nicht



adwCleaner war eine andere Anweisung.


Die Benutzung von Cracks und Keygens ist illegal und verstoesst gegen unseren Kodex.

Schon mal darueber nachgedacht, warum es Cracks gibt?
Mit Cracks & Co installiert man sich Hintertueren auf dem Rechner.
Kriminelle nutzen solche Rechner als Botnetz fuer ihre Machenschaften. Dein System ist als nicht vertrauenswuerdig einzustufen und du solltest keine sensiblen Sachen wie Homebanking an dem PC betreiben.

Anleitungen zum Neuaufsetzen (bebildert) > Windows 7 neu aufsetzen > Vista > XP

1. Datenrettung:



2. Formatieren, Windows neu instalieren:



3. PC absichern: http://www.trojaner-board.de/96344-a...-rechners.html
ich werde außerdem noch weitere punkte dazu posten.
4. alle Passwörter ändern!
5. nach PC Absicherung, die gesicherten Daten prüfen und falls sauber: zurückspielen.
__________________
Mfg, t'john
Das TB unterstützen

Alt 03.09.2012, 13:17   #11
nicoreed
 
win7 - weißer bildschirm - trojaner; OTLPE funkt nicht - Standard

win7 - weißer bildschirm - trojaner; OTLPE funkt nicht



ok, bin mir keiner schuld bewusst.
habe den rechner fix fertig mit allen programmen drauf von einem kumpel übernommen. der hat mir dahingehend nix gesagt

ich werd das mit ihm mal besprechen ....

die Daten hab ich auf jeden Fall schon gesichert und Passwörter geändert.
formatieren und neu aufsetzen? dann muss ich ja auch alle Programme neu installieren ... das werd ich eher nicht machen, bzw. wenn dann lieber mit meinem kollegen gemeinsam von dem ich den pc hab.

Antwort

Themen zu win7 - weißer bildschirm - trojaner; OTLPE funkt nicht
2.0.7, 7-zip, anleitung, avira, bildschirm, conduit, cubase, daten, diverse, entdeck, folge, frage, gelöscht, google earth, hilfe!, hochfahren, install.exe, langs, lws.exe, neu, neustart, ntdll.dll, office 2007, plötzlich, problem, rechner, richtlinie, spotify web helper, super, system, tan, trick, trojaner, usb, version., visual studio, weißer bildschirm trojaner, win, win xp, win7, win7 64bit, windows 7 64bit, wirklich



Ähnliche Themen: win7 - weißer bildschirm - trojaner; OTLPE funkt nicht


  1. Win7 Installation kann nicht beendet werden, es erscheint ein weißer Bildschirm
    Alles rund um Windows - 07.12.2014 (9)
  2. Weißer Bildschirm nach Start bei Win7 auf Laptop
    Plagegeister aller Art und deren Bekämpfung - 11.11.2014 (12)
  3. Landespolizeidirection virus abgesicherter modus funkt nicht otlpe ok
    Log-Analyse und Auswertung - 21.10.2013 (7)
  4. Weißer Bildschirm nach dem Star von WIN7
    Log-Analyse und Auswertung - 06.10.2013 (2)
  5. Win7: weißer Bildschirm nach hochfahren
    Plagegeister aller Art und deren Bekämpfung - 23.09.2013 (10)
  6. Weißer Bildschirm nach Start Win7
    Log-Analyse und Auswertung - 14.09.2013 (5)
  7. Win7 64Bit Weißer Bildschirm nach Anmeldung
    Plagegeister aller Art und deren Bekämpfung - 08.09.2013 (7)
  8. Win7 weißer Bildschirm nach start
    Plagegeister aller Art und deren Bekämpfung - 14.08.2013 (3)
  9. Weißer Bildschirm Win7, FRST.txt erstellt, weiteres Vorgehen
    Log-Analyse und Auswertung - 12.08.2013 (15)
  10. Weißer Bildschirm win7 Frst. log gemacht bitte um Auswertung
    Plagegeister aller Art und deren Bekämpfung - 18.07.2013 (12)
  11. Weißer Bildschirm nach Benutzeranmelding WIN7
    Log-Analyse und Auswertung - 02.07.2013 (24)
  12. Weißer Bildschirm nach anmelden PC Win7 64Bit
    Plagegeister aller Art und deren Bekämpfung - 08.05.2013 (6)
  13. Weißer Bildschirm - Trojaner Variante nicht bekannt
    Log-Analyse und Auswertung - 03.02.2013 (1)
  14. Windows 7 - Weißer Bildschirm nach Anmeldung - OTLPE funktioniert nicht
    Plagegeister aller Art und deren Bekämpfung - 11.01.2013 (8)
  15. bka win7 otl funkt nicht
    Plagegeister aller Art und deren Bekämpfung - 12.06.2012 (1)
  16. weißer Bildschirm, Verbindung wird hergestellt, OTLPE gebrannt und gestartet, OTL.txt angehängt
    Log-Analyse und Auswertung - 05.06.2012 (1)
  17. Weißer Bildschirm nach Systemstart WIN7
    Log-Analyse und Auswertung - 03.06.2012 (2)

Zum Thema win7 - weißer bildschirm - trojaner; OTLPE funkt nicht - hallo, ich habe mir mitte letzter woche den hier schon mehrmals erwähnten trojaner "weißer bildschirm" bei win7 64bit eingefangen. nach diversen versuchen mit wollte ich nach entsprechender anleitung(en) hier das - win7 - weißer bildschirm - trojaner; OTLPE funkt nicht...
Archiv
Du betrachtest: win7 - weißer bildschirm - trojaner; OTLPE funkt nicht auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.