| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: win7 - weißer bildschirm - trojaner; OTLPE funkt nichtWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
27.08.2012, 13:54
| #1 |
| |  win7 - weißer bildschirm - trojaner; OTLPE funkt nicht hallo, ich habe mir mitte letzter woche den hier schon mehrmals erwähnten trojaner "weißer bildschirm" bei win7 64bit eingefangen. nach diversen versuchen mit wollte ich nach entsprechender anleitung(en) hier das problem mit otlpe lösen, habe die schritte wie hier beschrieben genau befolgt. leider kann mein pc nicht von usb booten. von cd/dvd wäre es möglich, also habe ich mal den inhalt von C:\eeecpfr auf eine dvd gebrannt. diese ist aber jetzt nicht wirklich bootfähig. ich war schon dabei win7 neu zu installieren, daten sind gesichtert (gottseidank hab ich dual-boot mit win xp am rechner). ich habe jetzt allerdings noch folgendes zusammengebracht: und zwar kann ich das system im "debug-modus" hochzufahren. hier läuft mal auf den ersten blick das wichtigste und ich habe KEINEN weißen bildschirm. momentan schreibe ich auch direkt vom win7. der vollständigkeit halber: ich hatte dazwischen schon mal das system sogar im "normalen modus" hochfahren können ... und zwar mit dem "trick" eine cd mit auotrun eingelegt, neustart gedrückt, und dann auf "abbrechen" oder so in der art. und plötzlich ging es. hatte danach mit antiviurs von avira sogar 2 trojaner entdeckt und auch gelöscht, sowie ein paar warnungen. dachte das war's -> neustart -> gleiches problem wieder. die devise lautet für mich jetzt also "bloß kein neustart"  jetzt zu meiner frage: welche möglichkeit hab ich, vielleicht sogar jetzt direkt aus dem momentan laufenden system das problem zu beheben. vielen dank für eure hilfe!!!! ok, bin schon viel weiter. eine antwort nach meinem beitrag auf einen anderen mit dem gleichen problem brachte mich zu einer funktionieren olt.exe auf meinem rechner. kann also hier meine scan-ergebnisse einfügen: OTL.txt: Code:
ATTFilter OTL logfile created on: 27.08.2012 15:54:28 - Run 1 OTL by OldTimer - Version 3.2.59.1 Folder = C:\Users\nico\Desktop 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000c07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 2,26 Gb Available Physical Memory | 56,61% Memory free 8,00 Gb Paging File | 6,22 Gb Available in Paging File | 77,75% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 146,48 Gb Total Space | 35,48 Gb Free Space | 24,22% Space Free | Partition Type: NTFS Drive D: | 78,12 Gb Total Space | 53,50 Gb Free Space | 68,48% Space Free | Partition Type: NTFS Drive E: | 2,97 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Drive F: | 433,53 Gb Total Space | 60,50 Gb Free Space | 13,95% Space Free | Partition Type: NTFS Drive I: | 1,82 Gb Total Space | 1,49 Gb Free Space | 82,08% Space Free | Partition Type: FAT Drive N: | 7,49 Gb Total Space | 5,86 Gb Free Space | 78,28% Space Free | Partition Type: FAT32 Drive O: | 298,09 Gb Total Space | 206,37 Gb Free Space | 69,23% Space Free | Partition Type: NTFS Computer Name: STAND-PC | User Name: nico | Logged in as Administrator. Cannot determine boot mode. | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\nico\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe (Adobe Systems, Inc.) PRC - C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 11\firefox.exe (Mozilla Corporation) PRC - C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 11\plugin-container.exe (Mozilla Corporation) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe (TomTom) PRC - C:\Program Files (x86)\Adobe\Adobe Illustrator CS5\Support Files\Contents\Windows\Illustrator.exe (Adobe Systems Inc.) PRC - C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\Common Files\Logishrd\LVMVFM\LVPrS64H.exe (Logitech Inc.) PRC - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe () PRC - C:\Windows\SysWOW64\IoctlSvc.exe (Prolific Technology Inc.) ========== Modules (No Company Name) ========== MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll () MOD - C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 11\mozjs.dll () MOD - C:\Program Files (x86)\Adobe\Adobe Illustrator CS5\Support Files\Contents\Windows\Alcid.dll () MOD - C:\Program Files (x86)\Adobe\Adobe Illustrator CS5\Support Files\Contents\Windows\SPBasic.dll () MOD - C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\zlib1.dll () ========== Services (SafeList) ========== SRV:64bit: - (emaudsv) -- C:\Windows\SysNative\emaudsv.exe (E-MU Systems) SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies) SRV - (Akamai) -- c:\program files (x86)\common files\akamai/netsession_win_4f7fccd.dll () SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) SRV - (TomTomHOMEService) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe (TomTom) SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.) SRV - (LBTServ) -- C:\Programme\Common Files\logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.) SRV - (LVPrcS64) -- C:\Programme\Common Files\logishrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.) SRV - (SwitchBoard) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) SRV - (ServiceLayer) -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe (Nokia) SRV - (NIHardwareService) -- C:\Programme\Common Files\Native Instruments\Hardware\NIHardwareService.exe (Native Instruments GmbH) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (PS3 Media Server) -- C:\Program Files (x86)\PS3 Media Server\win32\service\wrapper.exe () SRV - (rpcapd) -- C:\Program Files (x86)\WinPcap\rpcapd.exe (CACE Technologies) SRV - (TryAndDecideService) -- C:\Program Files (x86)\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe () SRV - (AcrSch2Svc) -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe (Acronis) SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation) SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation) SRV - (PLFlash DeviceIoControl Service) -- C:\Windows\SysWOW64\IoctlSvc.exe (Prolific Technology Inc.) ========== Driver Services (SafeList) ========== DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH) DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (pcouffin) -- C:\Windows\SysNative\drivers\pcouffin.sys (VSO Software) DRV:64bit: - (pwdrvio) -- C:\Windows\SysNative\pwdrvio.sys () DRV:64bit: - (pwdspio) -- C:\Windows\SysNative\pwdspio.sys () DRV:64bit: - (ssadmdm) -- C:\Windows\SysNative\drivers\ssadmdm.sys (MCCI Corporation) DRV:64bit: - (ssadbus) -- C:\Windows\SysNative\drivers\ssadbus.sys (MCCI Corporation) DRV:64bit: - (ssadmdfl) -- C:\Windows\SysNative\drivers\ssadmdfl.sys (MCCI Corporation) DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (vpcvmm) -- C:\Windows\SysNative\drivers\vpcvmm.sys (Microsoft Corporation) DRV:64bit: - (vpcbus) -- C:\Windows\SysNative\drivers\vpchbus.sys (Microsoft Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (vpcusb) -- C:\Windows\SysNative\drivers\vpcusb.sys (Microsoft Corporation) DRV:64bit: - (vpcuxd) -- C:\Windows\SysNative\drivers\vpcuxd.sys (Microsoft Corporation) DRV:64bit: - (vpcnfltr) -- C:\Windows\SysNative\drivers\vpcnfltr.sys (Microsoft Corporation) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (emusba10) -- C:\Windows\SysNative\drivers\emusba10.sys (E-MU Systems) DRV:64bit: - (LUsbFilt) -- C:\Windows\SysNative\drivers\LUsbFilt.sys (Logitech, Inc.) DRV:64bit: - (LMouFilt) -- C:\Windows\SysNative\drivers\LMouFilt.Sys (Logitech, Inc.) DRV:64bit: - (LHidFilt) -- C:\Windows\SysNative\drivers\LHidFilt.Sys (Logitech, Inc.) DRV:64bit: - (LVPr2Mon) -- C:\Windows\SysNative\drivers\LVPr2M64.sys () DRV:64bit: - (LVPr2M64) -- C:\Windows\SysNative\drivers\LVPr2M64.sys () DRV:64bit: - (RTL85n64) -- C:\Windows\SysNative\drivers\RTL85n64.sys (Realtek Semiconductor Corporation ) DRV:64bit: - (AtcL001) -- C:\Windows\SysNative\drivers\l160x64.sys (Atheros Communications, Inc.) DRV:64bit: - (LVUVC64) -- C:\Windows\SysNative\drivers\lvuvc64.sys (Logitech Inc.) DRV:64bit: - (LVRS64) -- C:\Windows\SysNative\drivers\lvrs64.sys (Logitech Inc.) DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions) DRV:64bit: - (netr28ux) -- C:\Windows\SysNative\drivers\netr28ux.sys (Ralink Technology Corp.) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV:64bit: - (mcdbus) -- C:\Windows\SysNative\drivers\mcdbus.sys (MagicISO, Inc.) DRV:64bit: - (timounter) -- C:\Windows\SysNative\drivers\timntr.sys (Acronis) DRV:64bit: - (tifsfilter) -- C:\Windows\SysNative\drivers\tifsfilt.sys (Acronis) DRV:64bit: - (snapman) -- C:\Windows\SysNative\drivers\snapman.sys (Acronis) DRV:64bit: - (tdrpman) -- C:\Windows\SysNative\drivers\tdrpman.sys (Acronis) DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys (Duplex Secure Ltd.) DRV:64bit: - (pccsmcfd) -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys (Nokia) DRV:64bit: - (L8042Kbd) -- C:\Windows\SysNative\drivers\L8042Kbd.sys (Logitech, Inc.) DRV:64bit: - (NPF) -- C:\Windows\SysNative\drivers\npf.sys (CACE Technologies) DRV:64bit: - (JRAID) -- C:\Windows\SysNative\drivers\jraid.sys (JMicron Technology Corp.) DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ASACPI.sys () DRV:64bit: - (JGOGO) -- C:\Windows\SysNative\drivers\JGOGO.sys (JMicron ) DRV - (CdaC15BA) -- C:\Windows\SysWOW64\drivers\CdaC15BA.SYS (Macrovision Europe Ltd) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) DRV - (mcdbus) -- C:\Windows\SysWOW64\drivers\mcdbus.sys (MagicISO, Inc.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.) IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> IE - HKU\S-1-5-21-4276689660-1082581986-1976619290-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://at.msn.com/?ocid=iehp IE - HKU\S-1-5-21-4276689660-1082581986-1976619290-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-AT IE - HKU\S-1-5-21-4276689660-1082581986-1976619290-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = C4 9B 33 25 CC 74 CD 01 [binary data] IE - HKU\S-1-5-21-4276689660-1082581986-1976619290-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\S-1-5-21-4276689660-1082581986-1976619290-1000\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.) IE - HKU\S-1-5-21-4276689660-1082581986-1976619290-1000\..\SearchScopes,DefaultScope = {E7728C17-7F8E-4C49-9E6B-16844905ECAA} IE - HKU\S-1-5-21-4276689660-1082581986-1976619290-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-4276689660-1082581986-1976619290-1000\..\SearchScopes\{E7728C17-7F8E-4C49-9E6B-16844905ECAA}: "URL" = hxxp://www.google.de/search?q={searchTerms}&rlz= IE - HKU\S-1-5-21-4276689660-1082581986-1976619290-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-4276689660-1082581986-1976619290-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;127.0.0.1:9421;<local> ========== FireFox ========== FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://mail.google.com/mail/?account_id=nico.reed%40gmail.com#inbox" FF - prefs.js..extensions.enabledItems: {01A8CA0A-4C96-465b-A49B-65C46FAD54F9}:6.0 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:2.7.2.0 FF - prefs.js..extensions.enabledItems: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E}:2.9.1.0 FF - prefs.js..extensions.enabledItems: {000a9d1c-beef-4f90-9363-039d445309b8}:0.5.36.0 FF - prefs.js..extensions.enabledItems: google-wave@chad.smith:0.0.3 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: DeviceDetection@logitech.com:1.0.176.0 FF - prefs.js..extensions.enabledItems: VMwareVMRC@vmware.com:2.5.0.116460 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_271.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_32: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files (x86)\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2897: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.2955: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1675: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\nico\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\nico\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files (x86)\Google\Google Gears\Firefox\ [2010.03.06 15:06:29 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}: C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2011.01.30 15:44:37 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 11\components [2012.08.01 19:16:06 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 11\plugins FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\firejump@firejump.net: C:\Users\nico\AppData\Roaming\Mozilla\Firefox\Profiles\fuoxqe8k.default\extensions\firejump@firejump.net [2012.04.10 19:17:03 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 11\components [2012.08.01 19:16:06 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 11\plugins [2011.04.27 19:30:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\nico\AppData\Roaming\mozilla\Extensions [2011.04.27 19:30:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\nico\AppData\Roaming\mozilla\Extensions\home2@tomtom.com [2012.08.27 14:37:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\nico\AppData\Roaming\mozilla\Firefox\Profiles\fuoxqe8k.default\extensions [2012.07.23 18:00:50 | 000,000,000 | ---D | M] (FireShot) -- C:\Users\nico\AppData\Roaming\mozilla\Firefox\Profiles\fuoxqe8k.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba} [2010.03.20 10:59:25 | 000,000,000 | ---D | M] ("Garmin Communicator") -- C:\Users\nico\AppData\Roaming\mozilla\Firefox\Profiles\fuoxqe8k.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E} [2012.08.01 19:16:09 | 000,000,000 | ---D | M] (ColorZilla) -- C:\Users\nico\AppData\Roaming\mozilla\Firefox\Profiles\fuoxqe8k.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326} [2012.08.21 20:52:24 | 000,000,000 | ---D | M] (DVDVideoSoftTB Community Toolbar) -- C:\Users\nico\AppData\Roaming\mozilla\Firefox\Profiles\fuoxqe8k.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5} [2011.01.05 21:43:15 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\nico\AppData\Roaming\mozilla\Firefox\Profiles\fuoxqe8k.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2011.02.16 20:17:30 | 000,000,000 | ---D | M] (Vuze Remote) -- C:\Users\nico\AppData\Roaming\mozilla\Firefox\Profiles\fuoxqe8k.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc} [2011.08.15 10:05:03 | 000,000,000 | ---D | M] (Разпознаване на устройство Logitech) -- C:\Users\nico\AppData\Roaming\mozilla\Firefox\Profiles\fuoxqe8k.default\extensions\DeviceDetection@logitech.com [2012.04.10 19:17:03 | 000,000,000 | ---D | M] (FireJump) -- C:\Users\nico\AppData\Roaming\mozilla\Firefox\Profiles\fuoxqe8k.default\extensions\firejump@firejump.net [2009.10.30 12:32:26 | 000,000,000 | ---D | M] (Google Wave Add-on for Firefox) -- C:\Users\nico\AppData\Roaming\mozilla\Firefox\Profiles\fuoxqe8k.default\extensions\google-wave@chad.smith [2012.08.27 14:37:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\nico\AppData\Roaming\mozilla\Firefox\Profiles\fuoxqe8k.default\extensions\staged [2010.01.04 15:05:14 | 000,000,000 | ---D | M] (VMware Remote Console Plug-in) -- C:\Users\nico\AppData\Roaming\mozilla\Firefox\Profiles\fuoxqe8k.default\extensions\VMwareVMRC@vmware.com [2012.08.21 19:41:15 | 000,001,611 | ---- | M] () -- C:\Users\nico\AppData\Roaming\Mozilla\Firefox\Profiles\fuoxqe8k.default\searchplugins\tuwis-lva-suche.xml [2009.06.09 21:51:40 | 000,002,028 | ---- | M] () -- C:\Users\nico\AppData\Roaming\Mozilla\Firefox\Profiles\fuoxqe8k.default\searchplugins\xing---powering-relationships.xml [2011.12.10 22:18:45 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2010.05.10 19:39:24 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010.08.24 19:46:34 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2010.11.07 21:22:45 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2011.05.31 18:48:55 | 000,068,465 | ---- | M] () (No name found) -- C:\USERS\NICO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FUOXQE8K.DEFAULT\EXTENSIONS\{386869F0-E3F2-11DC-95FF-0800200C9A66}.XPI [2011.03.27 14:11:45 | 000,242,709 | ---- | M] () (No name found) -- C:\USERS\NICO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FUOXQE8K.DEFAULT\EXTENSIONS\{582195F5-92E7-40A0-A127-DB71295901D7}.XPI [2012.08.21 19:39:11 | 000,341,151 | ---- | M] () (No name found) -- C:\USERS\NICO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FUOXQE8K.DEFAULT\EXTENSIONS\{A7C6CF7F-112C-4500-A7EA-39801A327E5F}.XPI [2012.03.25 11:17:26 | 000,009,847 | ---- | M] () (No name found) -- C:\USERS\NICO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FUOXQE8K.DEFAULT\EXTENSIONS\INFO@CSSUPDATER.COM.XPI [2012.04.21 18:27:29 | 000,344,888 | ---- | M] () (No name found) -- C:\USERS\NICO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FUOXQE8K.DEFAULT\EXTENSIONS\TOOLBAR@ALEXA.COM.XPI [2012.03.18 13:02:28 | 000,011,510 | ---- | M] () (No name found) -- C:\USERS\NICO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FUOXQE8K.DEFAULT\EXTENSIONS\YOUTUBE2MP3@MONDAYX.DE.XPI [2010.03.27 19:06:04 | 000,067,032 | ---- | M] (Adobe Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npContribute.dll [2010.09.15 05:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll ========== Chrome ========== CHR - homepage: hxxp://www.google.at/ig?hl=de&source=iglk CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms} CHR - homepage: hxxp://www.google.at/ig?hl=de&source=iglk CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\nico\AppData\Local\Google\Chrome\Application\21.0.1180.79\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\nico\AppData\Local\Google\Chrome\Application\21.0.1180.79\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\nico\AppData\Local\Google\Chrome\Application\21.0.1180.79\gcswf32.dll CHR - plugin: Shockwave Flash (Disabled) = C:\Users\nico\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll CHR - plugin: ActiveTouch General Plugin Container (Enabled) = C:\Users\nico\AppData\Local\Google\Chrome\Application\plugins\npatgpc.dll CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Google Updater (Enabled) = C:\Program Files (x86)\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: Java(TM) Platform SE 6 U32 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll CHR - plugin: Java Deployment Toolkit 6.0.320.5 (Enabled) = C:\Windows\SysWOW64\npdeployJava1.dll CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll O1 HOSTS File: ([2011.01.30 14:41:50 | 000,000,791 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O1 - Hosts: 127.0.0.1 activate.adobe.com O2:64bit: - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 9\DLLx64\SnagitBHO64.dll (TechSmith Corporation) O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.2.4204.1700\swg64.dll (Google Inc.) O2 - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 9\SnagitBHO.dll (TechSmith Corporation) O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.) O2 - BHO: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.) O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files (x86)\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.) O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3:64bit: - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll () O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll () O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.) O3 - HKLM\..\Toolbar: (FireShot) - {6E6E744E-4D20-4ce3-9A7A-26DFFFE22F68} - C:\Users\nico\AppData\Roaming\Mozilla\Firefox\Profiles\fuoxqe8k.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\library\fsaddin-0.76.dll File not found O3 - HKLM\..\Toolbar: (Snagit) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 9\SnagitIEAddin.dll (TechSmith Corporation) O3 - HKLM\..\Toolbar: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.) O3:64bit: - HKU\S-1-5-21-4276689660-1082581986-1976619290-1000\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll () O3 - HKU\S-1-5-21-4276689660-1082581986-1976619290-1000\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll () O4:64bit: - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis) O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.) O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdcBase.exe (Microsoft Corporation) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.) O4 - HKLM..\Run: [AcronisTimounterMonitor] C:\Program Files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe (Acronis) O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe () O4 - HKLM..\Run: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.) O4 - HKLM..\Run: [MbWzdFPAP-EXL600] C:\Windows\SysWOW64\FPAP-EXL600\PdtGuide.exe () O4 - HKLM..\Run: [NBKeyScan] C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis) O4 - HKLM..\Run: [UpdReg] C:\Windows\Updreg.EXE (Creative Technology Ltd.) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-4276689660-1082581986-1976619290-1000..\Run: [AdobeBridge] File not found O4 - HKU\S-1-5-21-4276689660-1082581986-1976619290-1000..\Run: [Akamai NetSession Interface] C:\Users\nico\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc) O4 - HKU\S-1-5-21-4276689660-1082581986-1976619290-1000..\Run: [E-MU USB Audio Control Panel] C:\Program Files (x86)\Creative Professional\E-MU USB Audio\EmuUsbAudioCP.exe (E-MU Systems) O4 - HKU\S-1-5-21-4276689660-1082581986-1976619290-1000..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG) O4 - HKU\S-1-5-21-4276689660-1082581986-1976619290-1000..\Run: [ONAIR] C:\Programme\ONAIR\ONAIR.exe (DJMASTER.COM) O4 - HKU\S-1-5-21-4276689660-1082581986-1976619290-1000..\Run: [Spotify Web Helper] C:\Users\nico\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe () O4 - HKU\S-1-5-21-4276689660-1082581986-1976619290-1000..\Run: [TomTomHOME.exe] C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe (TomTom) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-21-4276689660-1082581986-1976619290-1000..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_271_Plugin.exe (Adobe Systems Incorporated) O4 - Startup: C:\Users\nico\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\nico\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O4 - Startup: C:\Users\nico\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk = C:\Program Files (x86)\MagicDisc\MagicDisc.exe (MagicISO, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\nico\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8:64bit: - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\nico\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found O9 - Extra 'Tools' menuitem : &Gears-Einstellungen - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files (x86)\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\OFFICE11\REFIEBAR.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O15 - HKU\S-1-5-21-4276689660-1082581986-1976619290-1000\..Trusted Ranges: Range1 ([https] in Trusted sites) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{403DAB77-0A7D-489C-A7B0-18E7BD8064F7}: DhcpNameServer = 10.0.0.138 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{88C4AB40-434F-4A80-A451-BAC19B2729A1}: DhcpNameServer = 10.0.0.138 O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - AppInit_DLLs: (acaptuser64.dll) - C:\Windows\SysNative\acaptuser64.dll (Adobe Systems, Inc.) O20 - AppInit_DLLs: (acaptuser32.dll) - C:\Windows\SysWow64\acaptuser32.dll (Adobe Systems Incorporated) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKU\S-1-5-21-4276689660-1082581986-1976619290-1000 Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Programme\Common Files\logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O24 - Desktop WallPaper: O24 - Desktop BackupWallPaper: O30:64bit: - LSA: Authentication Packages - (relog_ap) - C:\Windows\SysNative\relog_ap.dll (Acronis) O30 - LSA: Authentication Packages - (relog_ap) - C:\Windows\SysWow64\relog_ap.dll (Acronis) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2008.12.04 16:35:53 | 000,000,000 | ---- | M] () - D:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2009.07.15 21:39:51 | 000,000,122 | R--- | M] () - E:\autorun.inf -- [ UDF ] O32 - Unable to obtain root file information for disk I:\ O33 - MountPoints2\{763eef36-2c6d-11e0-85ff-0022158f67e4}\Shell - "" = AutoRun O33 - MountPoints2\{763eef36-2c6d-11e0-85ff-0022158f67e4}\Shell\AutoRun\command - "" = G:\wubi.exe --cdmenu O33 - MountPoints2\{bba8c978-2301-11e1-b750-0022158f67e4}\Shell - "" = AutoRun O33 - MountPoints2\{bba8c978-2301-11e1-b750-0022158f67e4}\Shell\AutoRun\command - "" = G:\DVD-WRITER.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.08.27 15:50:19 | 000,598,528 | ---- | C] (OldTimer Tools) -- C:\Users\nico\Desktop\OTL.exe [2012.08.22 15:07:50 | 000,000,000 | ---D | C] -- C:\Users\nico\AppData\Local\{52DE5A3F-CEAD-4C65-AC35-FFA5E9D9F593} [2012.08.21 20:52:46 | 000,000,000 | ---D | C] -- C:\Users\nico\AppData\Local\{41F0A6FD-2992-4EE9-B99E-4BE288720A69} [2012.08.20 10:22:53 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2012.08.20 10:22:52 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2012.08.20 10:22:52 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2012.08.20 10:22:52 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2012.08.20 10:22:51 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2012.08.20 10:22:51 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2012.08.20 10:22:51 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2012.08.20 10:22:51 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2012.08.20 10:22:51 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2012.08.20 10:22:51 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2012.08.20 10:22:50 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2012.08.20 10:22:49 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2012.08.20 10:22:49 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2012.08.20 10:19:17 | 000,024,416 | R--- | C] (Adobe Systems Inc.) -- C:\Windows\SysNative\AdobePDFUI.dll [2012.08.20 10:17:54 | 000,112,096 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\acaptuser32.dll [2012.08.20 10:13:48 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netapi32.dll [2012.08.20 10:13:48 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\browcli.dll [2012.08.20 10:13:48 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\browcli.dll [2012.08.20 10:13:38 | 000,956,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\localspl.dll [2012.08.13 20:21:26 | 000,000,000 | ---D | C] -- C:\Users\nico\AppData\Local\{F6C21EF0-2A36-4606-B84D-B932354F070E} [2012.08.13 20:21:03 | 000,000,000 | ---D | C] -- C:\Users\nico\AppData\Local\{FFCEAB4B-353A-4D78-8141-6DE489791A0B} [2012.08.13 19:50:13 | 000,000,000 | ---D | C] -- C:\Users\nico\Desktop\hochzeits_lieder [2012.08.06 17:51:39 | 000,000,000 | ---D | C] -- C:\Users\nico\AppData\Local\{86310FAB-DE4F-4963-88B7-D93682063745} [2012.08.06 17:51:17 | 000,000,000 | ---D | C] -- C:\Users\nico\AppData\Local\{23A2C986-8E0B-43B1-8F02-331428AD5898} [2011.09.04 13:51:40 | 000,082,048 | ---- | C] (VSO Software) -- C:\Users\nico\AppData\Roaming\pcouffin.sys [2009.10.27 11:22:46 | 001,499,136 | ---- | C] (CPUID) -- C:\Program Files (x86)\cpuz.exe [1 C:\Users\nico\Documents\*.tmp files -> C:\Users\nico\Documents\*.tmp -> ] [1 C:\Users\nico\Desktop\*.tmp files -> C:\Users\nico\Desktop\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.08.27 15:56:01 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.08.27 15:56:00 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4276689660-1082581986-1976619290-1000UA.job [2012.08.27 15:50:20 | 000,598,528 | ---- | M] (OldTimer Tools) -- C:\Users\nico\Desktop\OTL.exe [2012.08.27 15:42:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.08.27 15:31:36 | 001,472,002 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.08.27 15:31:36 | 000,645,502 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.08.27 15:31:36 | 000,607,530 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.08.27 15:31:36 | 000,126,822 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.08.27 15:31:36 | 000,103,908 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.08.27 14:34:55 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.08.27 14:34:02 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.08.27 14:33:56 | 3220,529,152 | -HS- | M] () -- C:\hiberfil.sys [2012.08.27 14:32:11 | 000,000,045 | ---- | M] () -- C:\Users\nico\AppData\Roaming\msconfig.ini [2012.08.27 13:30:20 | 000,002,562 | ---- | M] () -- C:\Windows\diagwrn.xml [2012.08.27 13:30:20 | 000,001,908 | ---- | M] () -- C:\Windows\diagerr.xml [2012.08.27 13:29:03 | 000,006,952 | ---- | M] () -- C:\Users\nico\Desktop\Windows-Kompatibilitätsbericht.htm [2012.08.27 13:16:05 | 000,019,840 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.08.27 13:16:04 | 000,019,840 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.08.21 21:56:00 | 000,001,064 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4276689660-1082581986-1976619290-1000Core1cab8a345bc00be.job [2012.08.21 19:38:01 | 005,021,128 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.08.20 11:42:24 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2012.08.20 11:42:24 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2012.08.14 13:14:41 | 002,233,344 | ---- | M] () -- C:\Users\nico\Documents\hochzeitssirupholler.zdl [2012.08.14 13:12:28 | 000,000,055 | -H-- | M] () -- C:\Users\nico\Documents\clipart.zdx [2012.08.14 12:34:31 | 002,332,160 | ---- | M] () -- C:\Users\nico\Documents\hochzeitssirupmelisse.zdl [2012.08.06 17:54:45 | 000,055,846 | ---- | M] () -- C:\Users\nico\Documents\FRUEHM.pdf [2012.07.30 15:53:24 | 000,112,096 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\acaptuser32.dll [1 C:\Users\nico\Documents\*.tmp files -> C:\Users\nico\Documents\*.tmp -> ] [1 C:\Users\nico\Desktop\*.tmp files -> C:\Users\nico\Desktop\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.08.27 13:29:03 | 000,006,952 | ---- | C] () -- C:\Users\nico\Desktop\Windows-Kompatibilitätsbericht.htm [2012.08.22 15:55:09 | 000,000,045 | ---- | C] () -- C:\Users\nico\AppData\Roaming\msconfig.ini [2012.08.14 13:13:21 | 002,233,344 | ---- | C] () -- C:\Users\nico\Documents\hochzeitssirupholler.zdl [2012.08.14 12:18:24 | 002,332,160 | ---- | C] () -- C:\Users\nico\Documents\hochzeitssirupmelisse.zdl [2012.08.06 17:54:44 | 000,055,846 | ---- | C] () -- C:\Users\nico\Documents\FRUEHM.pdf [2012.05.18 10:33:00 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\np_plugin.dll [2012.04.10 19:17:00 | 000,338,432 | ---- | C] () -- C:\Windows\SysWow64\sqlite36_engine.dll [2012.01.07 16:40:42 | 000,888,559 | ---- | C] () -- C:\Users\nico\sax-grifftabelle.pdf [2012.01.06 12:40:22 | 001,027,330 | ---- | C] () -- C:\Users\nico\STRDE345.pdf [2011.12.18 21:20:33 | 000,000,016 | ---- | C] () -- C:\Windows\SysWow64\msvcsv60.dll [2011.12.18 21:20:33 | 000,000,016 | ---- | C] () -- C:\Windows\msocreg32.dat [2011.12.13 21:18:49 | 000,023,427 | ---- | C] () -- C:\Users\nico\.recently-used.xbel [2011.12.10 20:26:22 | 000,000,132 | ---- | C] () -- C:\Users\nico\AppData\Roaming\Adobe PNG Format CS5 Prefs [2011.12.10 20:00:24 | 000,001,456 | ---- | C] () -- C:\Users\nico\AppData\Local\Adobe Save for Web 12.0 Prefs [2011.12.10 19:59:49 | 000,000,132 | ---- | C] () -- C:\Users\nico\AppData\Roaming\Adobe IllExport Filter CS5 Prefs [2011.09.16 12:54:44 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll [2011.09.16 12:54:44 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll [2011.09.16 12:54:44 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll [2011.09.16 12:54:44 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll [2011.09.04 13:52:32 | 000,000,014 | ---- | C] () -- C:\Windows\SysWow64\systeminfo3.dll [2011.09.04 13:51:40 | 000,093,696 | ---- | C] () -- C:\Users\nico\AppData\Roaming\ezpinst.exe [2011.09.04 13:51:40 | 000,007,176 | ---- | C] () -- C:\Users\nico\AppData\Roaming\pcouffin.cat [2011.09.04 13:51:40 | 000,001,167 | ---- | C] () -- C:\Users\nico\AppData\Roaming\pcouffin.inf [2011.05.31 20:06:29 | 000,000,017 | ---- | C] () -- C:\Users\nico\AppData\Local\resmon.resmoncfg [2011.02.19 20:44:42 | 003,789,522 | ---- | C] () -- C:\Users\nico\percussion-stomp.jpg [2011.02.19 20:43:28 | 008,024,649 | ---- | C] () -- C:\Users\nico\stomp.m4a [2010.12.05 16:38:28 | 000,004,608 | ---- | C] () -- C:\Users\nico\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.11.16 20:19:06 | 000,000,760 | ---- | C] () -- C:\Users\nico\AppData\Roaming\setup_ldm.iss [2010.09.19 23:53:46 | 000,001,363 | ---- | C] () -- C:\Windows\emasio.dat [2010.03.20 12:07:04 | 001,905,111 | ---- | C] () -- C:\Users\nico\nuvi855_DEBenutzerhandbuch.pdf [2010.03.07 22:26:58 | 000,063,722 | ---- | C] () -- C:\Users\nico\AppData\Roaming\mdbu.bin [2010.03.06 20:34:18 | 000,042,093 | ---- | C] () -- C:\Users\nico\Dienstvertrag Nicolas Fedrigotti.pdf [2010.01.07 19:55:38 | 000,011,230 | ---- | C] () -- C:\Users\nico\gsview64.ini [2009.11.01 19:06:31 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2009.06.01 13:27:00 | 000,070,077 | ---- | C] () -- C:\Users\nico\schnellbahn-wien.kmz [2009.04.22 10:16:45 | 000,007,484 | ---- | C] () -- C:\Users\nico\sample2e.dvi [2009.04.22 10:16:45 | 000,000,159 | ---- | C] () -- C:\Users\nico\sample2e.aux [2009.04.22 10:11:05 | 000,000,097 | ---- | C] () -- C:\Users\nico\psv.ini [2009.04.17 16:27:35 | 000,011,502 | ---- | C] () -- C:\Users\nico\huv.JPG [2009.04.17 16:27:18 | 000,012,665 | ---- | C] () -- C:\Users\nico\bugspoiler.JPG [2009.01.12 12:19:41 | 000,000,107 | ---- | C] () -- C:\Users\nico\AppData\Roaming\default.pls [2008.12.21 15:29:37 | 000,001,024 | ---- | C] () -- C:\Users\nico\.rnd [2008.12.07 14:00:34 | 000,000,600 | ---- | C] () -- C:\Users\nico\AppData\Roaming\winscp.rnd ========== LOP Check ========== [2009.10.30 12:32:17 | 000,000,000 | ---D | M] -- C:\Users\nico\AppData\Roaming\Acronis [2011.02.10 18:20:40 | 000,000,000 | ---D | M] -- C:\Users\nico\AppData\Roaming\at.myphotobook.creator.001F9DF2D0BAABEB11F42CCEE43224607B61109C.1 [2011.12.10 17:43:06 | 000,000,000 | ---D | M] -- C:\Users\nico\AppData\Roaming\Avery [2012.07.27 09:49:42 | 000,000,000 | ---D | M] -- C:\Users\nico\AppData\Roaming\Azureus [2009.10.30 12:32:18 | 000,000,000 | ---D | M] -- C:\Users\nico\AppData\Roaming\Bullzip [2010.09.20 14:29:37 | 000,000,000 | ---D | M] -- C:\Users\nico\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 [2009.10.30 12:32:18 | 000,000,000 | ---D | M] -- C:\Users\nico\AppData\Roaming\DAEMON Tools [2012.06.02 20:38:24 | 000,000,000 | ---D | M] -- C:\Users\nico\AppData\Roaming\DesktopIconForAmazon [2012.08.27 14:31:43 | 000,000,000 | ---D | M] -- C:\Users\nico\AppData\Roaming\Dropbox [2011.01.05 21:43:15 | 000,000,000 | ---D | M] -- C:\Users\nico\AppData\Roaming\DVDVideoSoftIEHelpers [2011.09.15 11:18:39 | 000,000,000 | ---D | M] -- C:\Users\nico\AppData\Roaming\foobar2000 [2011.09.14 22:49:39 | 000,000,000 | ---D | M] -- C:\Users\nico\AppData\Roaming\FreeAudioPack [2010.03.20 12:19:22 | 000,000,000 | ---D | M] -- C:\Users\nico\AppData\Roaming\GARMIN [2011.12.13 21:18:49 | 000,000,000 | ---D | M] -- C:\Users\nico\AppData\Roaming\gtk-2.0 [2011.05.15 19:45:31 | 000,000,000 | ---D | M] -- C:\Users\nico\AppData\Roaming\HappyFoto [2009.10.30 12:32:18 | 000,000,000 | ---D | M] -- C:\Users\nico\AppData\Roaming\Leadertech [2010.05.13 14:58:32 | 000,000,000 | ---D | M] -- C:\Users\nico\AppData\Roaming\Nokia [2012.03.31 21:04:14 | 000,000,000 | ---D | M] -- C:\Users\nico\AppData\Roaming\Notepad++ [2011.09.03 10:29:18 | 000,000,000 | ---D | M] -- C:\Users\nico\AppData\Roaming\PACE Anti-Piracy [2010.05.13 14:58:39 | 000,000,000 | ---D | M] -- C:\Users\nico\AppData\Roaming\PC Suite [2012.04.28 22:47:57 | 000,000,000 | ---D | M] -- C:\Users\nico\AppData\Roaming\PMS [2011.11.05 17:05:04 | 000,000,000 | ---D | M] -- C:\Users\nico\AppData\Roaming\Samsung [2012.08.21 21:03:35 | 000,000,000 | ---D | M] -- C:\Users\nico\AppData\Roaming\Spotify [2011.05.16 20:42:49 | 000,000,000 | ---D | M] -- C:\Users\nico\AppData\Roaming\Steinberg [2011.04.27 19:30:29 | 000,000,000 | ---D | M] -- C:\Users\nico\AppData\Roaming\TomTom [2012.03.25 21:39:46 | 000,000,000 | ---D | M] -- C:\Users\nico\AppData\Roaming\uTorrent [2011.09.04 13:52:25 | 000,000,000 | ---D | M] -- C:\Users\nico\AppData\Roaming\Vso [2011.05.16 20:49:52 | 000,000,000 | ---D | M] -- C:\Users\nico\AppData\Roaming\vstsaxi [2012.05.11 14:57:03 | 000,000,000 | ---D | M] -- C:\Users\nico\AppData\Roaming\webex [2012.06.15 09:30:17 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 1266 bytes -> C:\Users\nico\AppData\Local\Temp:X0JE7R40eSJvamrL1AFsykBGYjSw < End of report > Code:
ATTFilter OTL Extras logfile created on: 27.08.2012 15:54:28 - Run 1
OTL by OldTimer - Version 3.2.59.1 Folder = C:\Users\nico\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000c07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
4,00 Gb Total Physical Memory | 2,26 Gb Available Physical Memory | 56,61% Memory free
8,00 Gb Paging File | 6,22 Gb Available in Paging File | 77,75% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 146,48 Gb Total Space | 35,48 Gb Free Space | 24,22% Space Free | Partition Type: NTFS
Drive D: | 78,12 Gb Total Space | 53,50 Gb Free Space | 68,48% Space Free | Partition Type: NTFS
Drive E: | 2,97 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Drive F: | 433,53 Gb Total Space | 60,50 Gb Free Space | 13,95% Space Free | Partition Type: NTFS
Drive I: | 1,82 Gb Total Space | 1,49 Gb Free Space | 82,08% Space Free | Partition Type: FAT
Drive N: | 7,49 Gb Total Space | 5,86 Gb Free Space | 78,28% Space Free | Partition Type: FAT32
Drive O: | 298,09 Gb Total Space | 206,37 Gb Free Space | 69,23% Space Free | Partition Type: NTFS
Computer Name: STAND-PC | User Name: nico | Logged in as Administrator.
Cannot determine boot mode. | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-4276689660-1082581986-1976619290-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 11\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- C:\Program Files (x86)\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- C:\Program Files (x86)\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- C:\Program Files (x86)\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- C:\Program Files (x86)\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01D81417-47CC-480F-B491-FBE8CB580854}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{08F09759-6B68-4B1A-8D9A-85C3A426BD84}" = rport=445 | protocol=6 | dir=out | app=system |
"{2168C7E9-A4D2-4C13-98FE-C9D342760C4C}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{23E435E3-F640-4326-B7AA-BEDD9261A7D1}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{2E174485-4A6C-4FD0-8FC1-AAE8C0EB740E}" = lport=137 | protocol=17 | dir=in | app=system |
"{2EF4B26A-19C5-4D8E-8071-8CF6A4223F3C}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{34E562EE-DDF3-4A01-AE6A-D0DE84ACDA17}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |
"{37C64DD5-4AD3-4A44-918A-2F72ECB24BEA}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{3BCBDDD0-1AA3-4B17-81DC-99BAAC1EBF67}" = lport=2869 | protocol=6 | dir=in | app=system |
"{3D69947E-757A-4F90-BFE8-C8F746F1D2EF}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{43B2C2FC-A502-4A3D-A467-CD058B42800F}" = rport=139 | protocol=6 | dir=out | app=system |
"{4673C741-5621-4A78-991D-D1EC16E47272}" = lport=445 | protocol=6 | dir=in | app=system |
"{4C765B94-48A7-4F45-ACBE-3146E6258291}" = lport=49159 | protocol=6 | dir=in | name=akamai netsession interface |
"{5F225D5D-6ECD-4CBD-AA76-9744F8E9FE3D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{6BE2BE7A-4DE6-4C3A-ADA7-266A8F834FF5}" = lport=2869 | protocol=6 | dir=in | app=system |
"{6F6F362A-8D88-437A-94B7-69F7A06DB2B3}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{746A8649-9833-4529-9874-B179D3D0F5A2}" = rport=138 | protocol=17 | dir=out | app=system |
"{9287D57D-AEA7-42A7-998B-BDE6B6776695}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{ACEF2B91-CB6F-47E0-BBD3-18C67740F4F0}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{AD355030-ACF8-49CC-AABC-F5307D40CA51}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{B7FF02AF-69D8-44DB-8552-148728A598F5}" = lport=10243 | protocol=6 | dir=in | app=system |
"{C31A593B-89B4-4C23-BA74-DD39D6B9C1DD}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C533561E-718A-4833-B312-D98A4A307BE5}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{CCEF3E8B-8801-49B1-ACAC-A17374DA8ECA}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{CE5126C0-38CB-4E0F-9E7D-99A089FED5EE}" = rport=10243 | protocol=6 | dir=out | app=system |
"{D27F4C4F-5E51-42A7-BFB3-E02E57533A4E}" = rport=137 | protocol=17 | dir=out | app=system |
"{D3E8CA00-B8F7-402F-A7CF-9F1982B1F7C6}" = lport=139 | protocol=6 | dir=in | app=system |
"{F65EC882-0836-44AF-BD39-E28EDD9EC19A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F8F8B60F-E6F3-489B-A1F7-13B0BCA8CBC3}" = lport=138 | protocol=17 | dir=in | app=system |
"{FAD3ED5E-F8AA-4FA6-9FEE-5740D1EAD2FC}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00F14162-EB97-474A-97EF-12470F20D367}" = protocol=6 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe |
"{04687849-D085-4EA2-8850-51680A77F3DE}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{1BA7C8C6-DBFE-4F14-9C38-542D8F8BA001}" = protocol=17 | dir=in | app=c:\users\nico\appdata\local\akamai\netsession_win.exe |
"{269CFDFF-FEC1-44B8-8EC2-1C81AF17D30E}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{2E9DE98A-9C04-4739-B7A3-1F9C3B97B1CE}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{30881CB2-D719-4268-851B-DB6C0ABEB380}" = protocol=6 | dir=in | app=c:\program files (x86)\vuze\azureus.exe |
"{3567338D-712B-490A-B87F-B37F57F84AD0}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{3B101DC4-75C6-4B7E-AD9D-3C5ABE83AF19}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{3BE650D7-6480-4F3E-91DE-057394AAB302}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{3C6DC02B-91A3-4527-AE97-C9EE3DC0F397}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{3F1292A3-2821-4E83-9123-94124198D762}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{3F2412F3-2CC6-49D5-BA44-613D097F90FB}" = protocol=6 | dir=out | app=system |
"{444B3D75-D264-49CD-98C6-EA307C2D0052}" = protocol=17 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe |
"{4C086487-BFB7-4CCD-988E-26C2F3A3337F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{5048EB77-4613-45E2-A8DA-268EDD9A0546}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{54FD559D-3BE4-42A2-956C-5B5DC77BA566}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{5808B63B-D1D0-4C03-9A1B-738D241B72CD}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{5808D050-9B55-4BF8-B9E8-83FA42AAAD7D}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{5C7E68CC-8CD5-4260-B9A6-236AC4A65030}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{5EE88779-8FEB-4808-BC30-9EC05A91FF3B}" = protocol=17 | dir=in | app=c:\program files (x86)\vuze\azureus.exe |
"{618394D8-9364-40B9-BFFE-BE978A06F50B}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{62616F5C-7623-41FD-BDF1-9C1CCBDE945A}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{6596666A-77DD-4D47-BEA1-06921A8A1FCD}" = protocol=6 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe |
"{68066C8F-0C59-4937-9828-A436C838D09D}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{6B0A88D6-771D-4B3D-BD27-2815B9528B25}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{6D1A7774-845D-4CAE-AADE-EF79103100D1}" = protocol=6 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe |
"{6DF00C14-5A6C-42C5-982C-C7EC945AAEB4}" = protocol=17 | dir=in | app=c:\program files (x86)\telekom austria\breitband-internet-installation\fixnet installer\installer.exe |
"{6F614A05-2E04-459F-9E14-1384DDFD4279}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{77CFA8FD-1BFC-4B30-934C-350F0D3ECE41}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{79A08219-7863-4316-BEDB-46C6096B7954}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{7B449407-E423-4612-839B-326571B6E12C}" = protocol=6 | dir=in | app=c:\program files (x86)\telekom austria\breitband-internet-installation\fixnet installer\installer.exe |
"{7B5724C1-4E2A-4525-88A3-0659C9FADA77}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{81E06DE1-E2A9-4DC5-8702-FC82DBA7D412}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{843F97C9-54D4-4655-8B4B-317C4A8BAE31}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{88B5A742-0951-46F1-A954-7B04106232E3}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{8933FB76-3ACD-477E-B219-A6E93A41946E}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{8B9C3517-9821-4775-9B4A-1303F91C40C2}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{8BF1560E-747A-4797-BE88-ACD6E98556C4}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{9381631B-1FA1-4E58-855B-E32AC14FA30C}" = protocol=17 | dir=in | app=f:\games\call of duty - world at war\codwawmp.exe |
"{9398C9DD-0E9A-4EF7-B5C1-97CA1ABCCA0A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{94FFCFE4-0E25-483C-BB73-270BD4730329}" = protocol=6 | dir=in | app=f:\games\call of duty - world at war\codwawmp.exe |
"{9B0A3CC8-5C8B-4A6C-8D59-7ABA8378E6E0}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{9D5B158C-F667-4679-9466-7D53C0AC13F1}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{A2A99A52-F10F-4412-8F0F-12DEB602CDF3}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{A2B88376-03FE-41BA-9E74-90A3FCE08470}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A6F473BB-2238-4DE4-A203-EA8F67395D6C}" = protocol=17 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe |
"{AC75DC21-886F-45B5-937C-187773A030B3}" = protocol=17 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe |
"{B74CDFD0-E9B2-43E7-92A8-F894BD84E2AE}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{BA2575A4-79C7-4D4A-9675-134FB5B0A12D}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{BBB5D70D-8266-4CCD-8094-59EEDA87A806}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{C5781588-55EB-42E9-996A-08F820ED295A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C68BCFF4-51C5-42CA-8895-DCC51DF40FDC}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{C74826E1-E7DA-4864-95A0-D96069ACD031}" = protocol=17 | dir=in | app=c:\users\nico\appdata\roaming\dropbox\bin\dropbox.exe |
"{CBBA31F3-AC31-41BF-B64A-45D635011FFE}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{CD7FF919-BBCE-41F1-9751-DBF6CEBE1895}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{D05E8692-6BC7-425C-9E47-6BADBFCAC1A9}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{D20CE530-98DD-4951-944F-FC2151864092}" = protocol=6 | dir=in | app=c:\users\nico\appdata\local\akamai\netsession_win.exe |
"{D576B10F-E4F0-4C3F-A23F-96764D36F060}" = protocol=17 | dir=in | app=f:\games\call of duty - world at war\codwaw.exe |
"{D98B9087-C49A-4AE8-ABB9-591251BC544A}" = protocol=6 | dir=in | app=f:\games\call of duty - world at war\codwaw.exe |
"{DBE465E0-C290-4A64-831E-0383ABBFACD1}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{DC488800-05F0-4331-BC30-74AD210F94C6}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{DF3165A7-6B69-4CD7-8E29-571D7191836A}" = protocol=6 | dir=in | app=c:\users\nico\appdata\roaming\dropbox\bin\dropbox.exe |
"{E1452085-21C9-4AA6-9913-90BFFFAC98D1}" = protocol=6 | dir=in | app=c:\program files (x86)\telekom austria\breitband-internet-installation\fixnet installer\installer.exe |
"{E2A12707-CEEF-4856-B56C-DFF8197E274F}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E9CD99F4-A59D-464A-8E10-4CFB9FC21A52}" = protocol=17 | dir=in | app=c:\program files (x86)\telekom austria\breitband-internet-installation\fixnet installer\installer.exe |
"{F4AF898D-D83C-4B64-A32C-29E21B63ED40}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"TCP Query User{143F3253-DAC4-4A84-90ED-58FBB01C38FE}C:\users\nico\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\nico\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{15E20C75-5183-4236-8710-12F9C386FBF8}C:\program files (x86)\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"TCP Query User{23605376-C177-4FD5-A5D1-F88CCF782C02}C:\users\nico\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\nico\appdata\roaming\spotify\spotify.exe |
"TCP Query User{687EF463-B86B-4E52-BA6D-37EFC9A95DBB}F:\games\motogp 2007\motogp.exe" = protocol=6 | dir=in | app=f:\games\motogp 2007\motogp.exe |
"TCP Query User{6BB7E3CE-5706-4774-B0F7-18ADE251BBDC}F:\games\deadspace\dead space.exe" = protocol=6 | dir=in | app=f:\games\deadspace\dead space.exe |
"TCP Query User{6D8A7A29-E2E3-4959-8226-6644417EA6BB}C:\program files (x86)\logitech\logitech vid\vid.exe" = protocol=6 | dir=in | app=c:\program files (x86)\logitech\logitech vid\vid.exe |
"TCP Query User{7B5EE8AA-0A29-4119-8437-099CF177A33E}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"TCP Query User{84A6BC78-10E6-47C3-BFAC-699D01F58693}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"TCP Query User{8744EF8E-0903-438F-B38A-3DA385426F93}F:\deadspace\dead space.exe" = protocol=6 | dir=in | app=f:\deadspace\dead space.exe |
"TCP Query User{A1842B3D-EEDF-4947-B4DB-18D2C7B6EBFE}C:\program files (x86)\adobe\adobe dreamweaver cs5\dreamweaver.exe" = protocol=6 | dir=in | app=c:\program files (x86)\adobe\adobe dreamweaver cs5\dreamweaver.exe |
"TCP Query User{BD676508-BDD8-475F-AA94-08E22F9B820B}C:\program files (x86)\vuze\azureus.exe" = protocol=6 | dir=in | app=c:\program files (x86)\vuze\azureus.exe |
"TCP Query User{D1D383C3-5E91-420D-8FD9-20C56848F24B}C:\users\nico\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\nico\appdata\local\akamai\netsession_win.exe |
"TCP Query User{D79B3B28-61F2-4D38-8BC5-284CE00FF305}C:\program files (x86)\last.fm\lastfm.exe" = protocol=6 | dir=in | app=c:\program files (x86)\last.fm\lastfm.exe |
"TCP Query User{DFD18453-ABC0-45F3-B17C-3DB24D8D4140}C:\program files (x86)\vortex software\growl for windows\growl.windowsclient.exe" = protocol=6 | dir=in | app=c:\program files (x86)\vortex software\growl for windows\growl.windowsclient.exe |
"TCP Query User{E7802569-91CE-4081-801B-42BF36E73D4D}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"UDP Query User{091CD2DD-2163-43D5-88A0-2F08E95578F7}C:\program files (x86)\adobe\adobe dreamweaver cs5\dreamweaver.exe" = protocol=17 | dir=in | app=c:\program files (x86)\adobe\adobe dreamweaver cs5\dreamweaver.exe |
"UDP Query User{127542F7-D610-402B-AE5E-F1AA5C3BBAC1}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"UDP Query User{182B8228-4160-4653-B60A-EFDB76E1F966}C:\users\nico\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\nico\appdata\roaming\spotify\spotify.exe |
"UDP Query User{276FF70E-55F7-44B2-A428-775991A2AEE4}C:\program files (x86)\vortex software\growl for windows\growl.windowsclient.exe" = protocol=17 | dir=in | app=c:\program files (x86)\vortex software\growl for windows\growl.windowsclient.exe |
"UDP Query User{793CFFC6-C168-48F0-AF6F-573DC852BD2F}C:\program files (x86)\last.fm\lastfm.exe" = protocol=17 | dir=in | app=c:\program files (x86)\last.fm\lastfm.exe |
"UDP Query User{80A6E03B-4E00-4AE7-A515-DC24F9A61BB4}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"UDP Query User{8F076158-9AE2-4F24-9CFE-1A5C5F59E327}F:\games\motogp 2007\motogp.exe" = protocol=17 | dir=in | app=f:\games\motogp 2007\motogp.exe |
"UDP Query User{95E123F2-FB27-4F17-BFDD-40C75EA24CB2}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"UDP Query User{9A280B9E-26D4-455E-A32D-149227FD30B7}C:\users\nico\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\nico\appdata\local\akamai\netsession_win.exe |
"UDP Query User{A17C0414-5855-45B7-8EB0-451B2CF14440}F:\games\deadspace\dead space.exe" = protocol=17 | dir=in | app=f:\games\deadspace\dead space.exe |
"UDP Query User{B2053C73-4206-4911-ACBE-5760EE515BDD}C:\program files (x86)\logitech\logitech vid\vid.exe" = protocol=17 | dir=in | app=c:\program files (x86)\logitech\logitech vid\vid.exe |
"UDP Query User{B4F74675-ABC2-4229-A369-0115A14C245A}C:\users\nico\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\nico\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{C4A695FA-5F3B-43DF-9DAD-2819EC2FD813}C:\program files (x86)\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"UDP Query User{CD3C83D5-DD99-46FF-A76A-1DEF657C54BC}C:\program files (x86)\vuze\azureus.exe" = protocol=17 | dir=in | app=c:\program files (x86)\vuze\azureus.exe |
"UDP Query User{DC61FE53-B590-4FEF-A228-3338D2844B40}F:\deadspace\dead space.exe" = protocol=17 | dir=in | app=f:\deadspace\dead space.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0886900B-B2F3-452C-B580-60F1253F7F80}" = Native Instruments Controller Editor
"{0B8565BA-BAD5-4732-B122-5FD78EFC50A9}" = Native Instruments Service Center
"{1374CC63-B520-4f3f-98E8-E9020BF01CFF}" = Windows XP Mode
"{138A4072-9E64-46BD-B5F9-DB2BB395391F}" = LWS VideoEffects
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1C8E38DC-AD7F-3EE3-01A8-EDCD37B8646F}" = ccc-utility64
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{2930FB47-6452-4476-BF16-D77F748646DB}" = Native Instruments GuitarRig Mobile IO Driver
"{439760BC-7737-4386-9B1D-A90A3E8A22EA}" = Apple Mobile Device Support
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{4D668D4F-FAA2-4726-834C-31F4614F312E}" = MSVC80_x64_v2
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{7930FB47-6452-4476-BF16-D77F748646DB}" = Native Instruments Session IO Driver
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{997C9EC4-B53D-479D-81B7-0AEC8D174BA1}" = iTunes
"{9FF59B5F-16F3-15B2-2474-AB2376D7329D}" = ATI Catalyst Install Manager
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{AC76BA86-1033-0000-0064-0003D0000004}" = Adobe Acrobat 9 Pro Extended 64-bit Add-On
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{B962AD08-335F-46f7-A182-257D37672E5C}" = Native Instruments Rig Kontrol 3 Driver
"{C25215FC-5900-48B0-B93C-8D3379027312}" = PASW Statistics 18
"{C7FAFC98-5ECC-40FC-B440-A5D5FE3A6A6E}" = Native Instruments Guitar Rig 4
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{CA0D2F09-F811-48D4-843E-C87696C6A9D9}" = Bonjour
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D1EF69B7-7A97-40FC-9AF1-6D6656FF874F}" = ATI AVIVO64 Codecs
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"Bullzip PDF Printer_is1" = Bullzip PDF Printer 6.0.0.702
"CANONIJINBOXADDON100" = Canon Inkjet Printer Driver Add-On Module
"FCEC33AD40CEA5E0FC4CEE6E42041A0DA189652D" = Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"GPL Ghostscript 8.64" = GPL Ghostscript 8.64
"GSview 4.9" = GSview 4.9
"ONAIR_is1" = ONAIR 4.0.0.834
"sp6" = Logitech SetPoint 6.20
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{024521CF-C07E-4F8E-8481-0D75695E03AF}" = PxMergeModule
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{07731480-9925-4E0B-180A-79DABFE1C5F6}" = CCC Help English
"{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0E35BFAF-A40C-CF70-5F80-C9820E054FA7}" = Catalyst Control Center HydraVision Full
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{13105BEE-D0F3-E613-BF57-568AD866D42C}" = Catalyst Control Center Graphics Previews Common
"{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi
"{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1C99893D-BC98-4456-AA3E-B67AB42301A6}" = E-MU USB Audio
"{1ED31028-6D65-4CFD-AD03-8E484A052FE7}" = aonUpdate
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F698102-5739-441E-96F0-74F4EA540F06}" = Attansic Ethernet Utility
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{216EAAD9-D733-4141-BEAF-2C0B6F6B1D04}" = AmpliTube LE
"{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin
"{26A24AE4-039D-4CA4-87B4-2F83216032FF}" = Java(TM) 6 Update 32
"{2FA41EBB-3F5A-35C3-85D6-51EC72A11FBD}" = Google Gears
"{335180B3-94EA-1525-6171-EFAD9024D909}" = Catalyst Control Center Localization German
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = JMB36X Raid Configurer
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5A29E75C-A8DE-49B4-9AF3-2266CE76C428}" = Sun ODF Plugin for Microsoft Office 1.2
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{633A06C3-B709-479A-AAB3-5EE94AD9EE4B}" = Acronis*True*Image*Home
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6E0352EE-6F0D-4FBC-B1B8-4FF032C78BE0}" = PC Connectivity Solution
"{6E19F210-3813-4002-B561-94D66AA182B6}" = Attansic L1 Gigabit Ethernet Driver
"{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery
"{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7E02E0E7-1D63-9437-142C-144B5C4367D3}" = Catalyst Control Center Graphics Light
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}" = Logitech Desktop Messenger
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90510407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Visio Professional 2003
"{90EC11E4-854E-4C0F-9B4C-76D6C7CF7C68}" = Linksys WUSB600N Dual-Band Wireless-N USB Network Adapter
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{9623CC51-112F-DD12-0CBB-7239752F0D08}" = Skins
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B97EC91-B3FD-4BFF-88FC-5345A26AC2E7}" = Adobe Illustrator CS5
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D0682C2-32F1-9073-02BA-AE05DFF2E934}" = ccc-core-static
"{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AC76BA86-1033-F400-7761-000000000004}" = Adobe Acrobat 9 Pro Extended - English, Français, Deutsch
"{AC76BA86-1033-F400-7761-000000000004}_952" = Adobe Acrobat 9.5.2 - CPSID_83708
"{AC76BA86-1033-F400-7761-000000000004}{AC76BA86-1033-F400-7761-000000000004}" = Adobe Acrobat 9 Pro Extended - English, Français, Deutsch
"{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.1
"{B1836D00-BA15-DC8F-C428-171B9B870851}" = HydraVision
"{B3575D00-27EF-49C2-B9E0-14B3D954E992}" = Apple Application Support
"{C149BA55-8DD8-7A84-CB7E-129A928B7CBE}" = Catalyst Control Center InstallProxy
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D1DF4A53-B841-C83F-8F3F-2B61D200E614}" = Catalyst Control Center Graphics Full New
"{D22F5242-773E-4270-AB1F-492021BCABBE}" = Garmin City Navigator Europe NT 2010.31 Update
"{D2F28E39-9813-41D3-8EC9-BAADA38C426D}" = VMware Remote Console Plug-in
"{D3F43601-7ED5-1D9F-2C6A-4B4805F24548}" = CCC Help German
"{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam Software
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D6C9AF27-9414-46C8-B9D8-D878BA041031}" = Nero 8 Ultra Edition HD
"{D85FFE92-BF14-4E9B-BCCD-E5C16069E65F}_is1" = FireJump
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{DE59B901-18EA-4CB9-ADE4-291BF5C1E12E}_is1" = MiniTool Partition Wizard Home Edition 7.0
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{EC14BD52-73EB-E17A-26F3-E8CA419A437C}" = Catalyst Control Center Graphics Previews Vista
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{EED027B7-0DB6-404B-8F45-6DFEE34A0441}" = LWS Video Mask Maker
"{F02C931A-24C7-9255-D300-37DB83BBCDD1}" = Catalyst Control Center Graphics Full Existing
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F20A984B-9B30-4A9E-A3AC-918AF0D85A48}" = Snagit 9.1.1
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F82C6574-AD88-4B40-A432-970BC77F1BD2}" = DesignPro 5
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{F9A90D58-F71B-55B9-30A5-ECD21BBE5C61}" = Catalyst Control Center Core Implementation
"{FA3A247D-437A-455E-A88F-7EB6E5F9E799}" = Catalyst Control Center - Branding
"{FBB02B04-C034-4382-A3F6-57416E2752C4}" = Adobe Creative Suite 5 Master Collection
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook
"7-Zip" = 7-Zip 4.65
"8461-7759-5462-8226" = Vuze
"8781-9705-0578-2960" = Medienmanager 1.3.0
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Akamai" = Akamai NetSession Interface Service
"aonUpdate" = aonUpdate
"ArgoUML" = ArgoUML 0.26.2
"AudioConverter Studio_is1" = AudioConverter Studio 6.1
"Avira AntiVir Desktop" = Avira Free Antivirus
"CanonMyPrinter" = Canon My Printer
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"DAEMON Tools Toolbar" = DAEMON Tools Toolbar
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Finale 2007" = Finale 2007
"foobar2000" = foobar2000 v0.9.6.2
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.7
"Free Video Flip and Rotate_is1" = Free Video Flip and Rotate version 1.8.13.804
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.9.32
"Google Updater" = Google Updater
"GPL Ghostscript Lite_is1" = GPL Ghostscript Lite 8.63
"InstallShield_{90EC11E4-854E-4C0F-9B4C-76D6C7CF7C68}" = Linksys Dual-Band Wireless-N USB Network Adapter
"InstallShield_{F82C6574-AD88-4B40-A432-970BC77F1BD2}" = DesignPro 5
"MagicDisc 2.7.106" = MagicDisc 2.7.106
"MainApp.exe_is1" = CloneDVD 4.1.0.23
"MiKTeX 2.7" = MiKTeX 2.7
"Mozilla Firefox 14.0.1 (x86 de)" = Mozilla Firefox 14.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MyFreeCodec" = MyFreeCodec
"Native Instruments Controller Editor" = Native Instruments Controller Editor
"Native Instruments Guitar Rig 4" = Native Instruments Guitar Rig 4
"Native Instruments GuitarRig Mobile IO Driver" = Native Instruments GuitarRig Mobile IO Driver
"Native Instruments Rig Kontrol 3 Driver" = Native Instruments Rig Kontrol 3 Driver
"Native Instruments Service Center" = Native Instruments Service Center
"Native Instruments Session IO Driver" = Native Instruments Session IO Driver
"Notepad++" = Notepad++
"Photo Resize Magic" = Photo Resize Magic 1.0
"RealPlayer 6.0" = RealPlayer
"Steinberg Cubase LE" = Steinberg Cubase LE
"SUPER ©" = SUPER © Version 2008.bld.30 (Mar 22, 2008)
"TomTom HOME" = TomTom HOME 2.8.1.2218
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 0.9.6
"Vuze_Remote Toolbar" = Vuze Remote Toolbar
"WinGimp-2.0_is1" = GIMP 2.4.2
"WinLiveSuite" = Windows Live Essentials
"WinPcapInst" = WinPcap 4.0.2
"WinRAR archiver" = WinRAR
"winscp3_is1" = WinSCP 4.1.8
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-4276689660-1082581986-1976619290-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"ActiveTouchMeetingClient" = Cisco WebEx Meetings
"Akamai" = Akamai NetSession Interface
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome
"Spotify" = Spotify
"TeXLive" = TeXLive 2008
"uTorrent" = µTorrent
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 20.08.2012 06:08:31 | Computer Name = stand-pc | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Program Files
(x86)\Nero\Nero8\Nero PhotoSnap\PhotoSnapViewer.exe". Fehler in Manifest- oder Richtliniendatei
"" in Zeile . Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt
mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:.
Komponente
1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Error - 21.08.2012 15:55:23 | Computer Name = stand-pc | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: wmprph.exe, Version: 12.0.7600.16385,
Zeitstempel: 0x4a5bd018 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,
Zeitstempel: 0x4ec4aa8e Ausnahmecode: 0xc0000005 Fehleroffset: 0x000000000004e4b4
ID
des fehlerhaften Prozesses: 0x844 Startzeit der fehlerhaften Anwendung: 0x01cd7fd6e598f6e3
Pfad
der fehlerhaften Anwendung: C:\Program Files\Windows Media Player\wmprph.exe Pfad
des fehlerhaften Moduls: C:\Windows\SYSTEM32\ntdll.dll Berichtskennung: 246e3744-ebca-11e1-9e1b-0022158f67e4
Error - 21.08.2012 17:08:34 | Computer Name = stand-pc | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Program Files
(x86)\Nero\Nero8\Nero Toolkit\DiscSpeed.exe". Fehler in Manifest- oder Richtliniendatei
"" in Zeile . Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt
mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:.
Komponente
1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error - 21.08.2012 17:08:36 | Computer Name = stand-pc | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Program Files
(x86)\Nero\Nero8\Nero PhotoSnap\PhotoSnap.exe". Fehler in Manifest- oder Richtliniendatei
"" in Zeile . Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt
mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:.
Komponente
1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Error - 21.08.2012 17:08:36 | Computer Name = stand-pc | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Program Files
(x86)\Nero\Nero8\Nero PhotoSnap\PhotoSnapViewer.exe". Fehler in Manifest- oder Richtliniendatei
"" in Zeile . Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt
mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:.
Komponente
1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Error - 22.08.2012 11:44:10 | Computer Name = stand-pc | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: NMIndexStoreSvr.exe, Version: 3.3.8.0,
Zeitstempel: 0x4860cce5 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00000100 ID des fehlerhaften
Prozesses: 0x910 Startzeit der fehlerhaften Anwendung: 0x01cd807cbe2bea4c Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe
Pfad
des fehlerhaften Moduls: unknown Berichtskennung: 365e8a29-ec70-11e1-b454-0022158f67e4
Error - 22.08.2012 11:49:31 | Computer Name = stand-pc | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: NMIndexStoreSvr.exe, Version: 3.3.8.0,
Zeitstempel: 0x4860cce5 Name des fehlerhaften Moduls: NMIndexStoreSvr.exe, Version:
3.3.8.0, Zeitstempel: 0x4860cce5 Ausnahmecode: 0xc0000005 Fehleroffset: 0x000b29e7
ID
des fehlerhaften Prozesses: 0xa10 Startzeit der fehlerhaften Anwendung: 0x01cd807d8fc38ed8
Pfad
der fehlerhaften Anwendung: C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe
Pfad
des fehlerhaften Moduls: C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe
Berichtskennung:
f63d2feb-ec70-11e1-aa89-0022158f67e4
Error - 27.08.2012 08:36:29 | Computer Name = stand-pc | Source = Software Protection Platform Service | ID = 1001
Description = Fehler beim Starten des Softwareschutzdiensts. 0x80070002 6.1.7601.17514
Error - 27.08.2012 08:37:55 | Computer Name = stand-pc | Source = Software Protection Platform Service | ID = 1001
Description = Fehler beim Starten des Softwareschutzdiensts. 0x80070002 6.1.7601.17514
Error - 27.08.2012 09:53:50 | Computer Name = stand-pc | Source = Application Hang | ID = 1002
Description = Programm OTL.exe, Version 3.2.59.1 kann nicht mehr unter Windows ausgeführt
werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 10a8 Startzeit:
01cd845afe0fff73 Endzeit: 0 Anwendungspfad: C:\Users\nico\Desktop\OTL.exe Berichts-ID:
[ System Events ]
Error - 27.08.2012 08:35:16 | Computer Name = stand-pc | Source = WMPNetworkSvc | ID = 866291
Description =
Error - 27.08.2012 08:35:16 | Computer Name = stand-pc | Source = WMPNetworkSvc | ID = 866316
Description =
Error - 27.08.2012 08:35:16 | Computer Name = stand-pc | Source = PNRPSvc | ID = 102
Description =
Error - 27.08.2012 08:35:16 | Computer Name = stand-pc | Source = PNRPSvc | ID = 102
Description =
Error - 27.08.2012 08:35:16 | Computer Name = stand-pc | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Peer Name Resolution-Protokoll" wurde mit folgendem Fehler
beendet: %%-2140993535
Error - 27.08.2012 08:35:16 | Computer Name = stand-pc | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name
Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet
wurde: %%-2140993535
Error - 27.08.2012 08:35:16 | Computer Name = stand-pc | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Peer Name Resolution-Protokoll" wurde mit folgendem Fehler
beendet: %%-2140993535
Error - 27.08.2012 08:35:16 | Computer Name = stand-pc | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name
Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet
wurde: %%-2140993535
Error - 27.08.2012 08:36:29 | Computer Name = stand-pc | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Software Protection" wurde mit folgendem Fehler beendet:
%%2
Error - 27.08.2012 08:37:55 | Computer Name = stand-pc | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Software Protection" wurde mit folgendem Fehler beendet:
%%2
< End of report >
danke |
|
27.08.2012, 19:12
| #2 |
| /// Helfer-Team  | win7 - weißer bildschirm - trojaner; OTLPE funkt nicht Fixen mit OTL Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).
Code:
ATTFilter :OTL
SRV - (Akamai) -- c:\program files (x86)\common files\akamai/netsession_win_4f7fccd.dll ()
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" =
IE - HKU\S-1-5-21-4276689660-1082581986-1976619290-1000\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-4276689660-1082581986-1976619290-1000\..\SearchScopes,DefaultScope = {E7728C17-7F8E-4C49-9E6B-16844905ECAA}
IE - HKU\S-1-5-21-4276689660-1082581986-1976619290-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-4276689660-1082581986-1976619290-1000\..\SearchScopes\{E7728C17-7F8E-4C49-9E6B-16844905ECAA}: "URL" = http://www.google.de/search?q={searchTerms}&rlz=
IE - HKU\S-1-5-21-4276689660-1082581986-1976619290-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-4276689660-1082581986-1976619290-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;127.0.0.1:9421;
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://mail.google.com/mail/?account_id=nico.reed%40gmail.com#inbox"
FF - user.js - File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_271.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
O2 - BHO: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.)
O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files (x86)\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (FireShot) - {6E6E744E-4D20-4ce3-9A7A-26DFFFE22F68} - C:\Users\nico\AppData\Roaming\Mozilla\Firefox\Profiles\fuoxqe8k.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\library\fsaddin-0.76.dll File not found
O3 - HKLM\..\Toolbar: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.)
O3:64bit: - HKU\S-1-5-21-4276689660-1082581986-1976619290-1000\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()
O3 - HKU\S-1-5-21-4276689660-1082581986-1976619290-1000\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll ()
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [MbWzdFPAP-EXL600] C:\Windows\SysWOW64\FPAP-EXL600\PdtGuide.exe ()
O4 - HKU\S-1-5-21-4276689660-1082581986-1976619290-1000..\Run: [AdobeBridge] File not found
O4 - HKU\S-1-5-21-4276689660-1082581986-1976619290-1000..\Run: [Akamai NetSession Interface] C:\Users\nico\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O9 - Extra 'Tools' menuitem : &Gears-Einstellungen - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files (x86)\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O15 - HKU\S-1-5-21-4276689660-1082581986-1976619290-1000\..Trusted Ranges: Range1 ([https] in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008.12.04 16:35:53 | 000,000,000 | ---- | M] () - D:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009.07.15 21:39:51 | 000,000,122 | R--- | M] () - E:\autorun.inf -- [ UDF ]
O33 - MountPoints2\{763eef36-2c6d-11e0-85ff-0022158f67e4}\Shell - "" = AutoRun
O33 - MountPoints2\{763eef36-2c6d-11e0-85ff-0022158f67e4}\Shell\AutoRun\command - "" = G:\wubi.exe --cdmenu
O33 - MountPoints2\{bba8c978-2301-11e1-b750-0022158f67e4}\Shell - "" = AutoRun
O33 - MountPoints2\{bba8c978-2301-11e1-b750-0022158f67e4}\Shell\AutoRun\command - "" = G:\DVD-WRITER.exe
@Alternate Data Stream - 1266 bytes -> C:\Users\nico\AppData\Local\Temp:X0JE7R40eSJvamrL1AFsykBGYjSw
[2009.11.01 19:06:31 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
:Files
C:\Users\nico\AppData\Local\{*}
C:\ProgramData\*.exe
C:\ProgramData\TEMP
C:\Users\nico\AppData\Local\Temp\*.exe
C:\Users\nico\AppData\LocalLow\Sun\Java\Deployment\cache
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden. Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!
__________________ |
|
27.08.2012, 21:58
| #3 |
| | win7 - weißer bildschirm - trojaner; OTLPE funkt nicht jawohl! hat geklappt (was ich so sehe).
__________________hier das log-file: Code:
ATTFilter All processes killed
========== OTL ==========
Service Akamai stopped successfully!
Service Akamai deleted successfully!
c:\program files (x86)\common files\akamai/netsession_win_4f7fccd.dll moved successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{ba14329e-9550-4989-b3f2-9732e92d17cc} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ba14329e-9550-4989-b3f2-9732e92d17cc}\ deleted successfully.
C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll moved successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-4276689660-1082581986-1976619290-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{ba14329e-9550-4989-b3f2-9732e92d17cc} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ba14329e-9550-4989-b3f2-9732e92d17cc}\ not found.
File C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll not found.
HKEY_USERS\S-1-5-21-4276689660-1082581986-1976619290-1000\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-4276689660-1082581986-1976619290-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_USERS\S-1-5-21-4276689660-1082581986-1976619290-1000\Software\Microsoft\Internet Explorer\SearchScopes\{E7728C17-7F8E-4C49-9E6B-16844905ECAA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E7728C17-7F8E-4C49-9E6B-16844905ECAA}\ not found.
HKU\S-1-5-21-4276689660-1082581986-1976619290-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKU\S-1-5-21-4276689660-1082581986-1976619290-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
Prefs.js: true removed from browser.search.useDBForOrder
Prefs.js: "hxxp://mail.google.com/mail/?account_id=nico.reed%40gmail.com#inbox" removed from browser.startup.homepage
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@adobe.com/FlashPlayer\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ba14329e-9550-4989-b3f2-9732e92d17cc}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ba14329e-9550-4989-b3f2-9732e92d17cc}\ not found.
File C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53}\ deleted successfully.
C:\Program Files (x86)\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{6E6E744E-4D20-4ce3-9A7A-26DFFFE22F68} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6E6E744E-4D20-4ce3-9A7A-26DFFFE22F68}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{ba14329e-9550-4989-b3f2-9732e92d17cc} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ba14329e-9550-4989-b3f2-9732e92d17cc}\ not found.
File C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll not found.
64bit-Registry value HKEY_USERS\S-1-5-21-4276689660-1082581986-1976619290-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{32099AAC-C132-4136-9E9A-4E364A424E17} deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ deleted successfully.
C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll moved successfully.
Registry value HKEY_USERS\S-1-5-21-4276689660-1082581986-1976619290-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{32099AAC-C132-4136-9E9A-4E364A424E17} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ deleted successfully.
C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\MbWzdFPAP-EXL600 deleted successfully.
C:\Windows\SysWOW64\FPAP-EXL600\PdtGuide.exe moved successfully.
Registry value HKEY_USERS\S-1-5-21-4276689660-1082581986-1976619290-1000\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge deleted successfully.
Registry value HKEY_USERS\S-1-5-21-4276689660-1082581986-1976619290-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Akamai NetSession Interface deleted successfully.
C:\Users\nico\AppData\Local\Akamai\netsession_win.exe moved successfully.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Nach Microsoft E&xel exportieren\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Nach Microsoft E&xel exportieren\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5}\ not found.
File C:\Program Files (x86)\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll not found.
Registry value HKEY_USERS\S-1-5-21-4276689660-1082581986-1976619290-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\Range1\\https deleted successfully.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
C:\Windows\Downloaded Program Files\erma.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
D:\AUTOEXEC.BAT moved successfully.
File move failed. E:\autorun.inf scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{763eef36-2c6d-11e0-85ff-0022158f67e4}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{763eef36-2c6d-11e0-85ff-0022158f67e4}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{763eef36-2c6d-11e0-85ff-0022158f67e4}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{763eef36-2c6d-11e0-85ff-0022158f67e4}\ not found.
File G:\wubi.exe --cdmenu not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bba8c978-2301-11e1-b750-0022158f67e4}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bba8c978-2301-11e1-b750-0022158f67e4}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bba8c978-2301-11e1-b750-0022158f67e4}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bba8c978-2301-11e1-b750-0022158f67e4}\ not found.
File G:\DVD-WRITER.exe not found.
ADS C:\Users\nico\AppData\Local\Temp:X0JE7R40eSJvamrL1AFsykBGYjSw deleted successfully.
C:\ProgramData\ezsidmv.dat moved successfully.
========== FILES ==========
C:\Users\nico\AppData\Local\{02CD9CDD-ACC5-4AEF-B377-9A7DD2713626} folder moved successfully.
C:\Users\nico\AppData\Local\{1BAB723D-7642-4368-9D1E-F7B1828F6599} folder moved successfully.
C:\Users\nico\AppData\Local\{2247A262-18D6-422A-A36A-CD41B5FCBA84} folder moved successfully.
C:\Users\nico\AppData\Local\{23A2C986-8E0B-43B1-8F02-331428AD5898} folder moved successfully.
C:\Users\nico\AppData\Local\{287BE475-A546-47F2-8DF0-DB14593B536E} folder moved successfully.
C:\Users\nico\AppData\Local\{41F0A6FD-2992-4EE9-B99E-4BE288720A69} folder moved successfully.
C:\Users\nico\AppData\Local\{52DE5A3F-CEAD-4C65-AC35-FFA5E9D9F593} folder moved successfully.
C:\Users\nico\AppData\Local\{56D3A45C-BE0F-481E-9F1A-7E54A5C12776} folder moved successfully.
C:\Users\nico\AppData\Local\{572023D9-FDE1-43FB-9A1E-C980F03AB570} folder moved successfully.
C:\Users\nico\AppData\Local\{6398C1AD-77C8-4694-9E18-6A532556C034} folder moved successfully.
C:\Users\nico\AppData\Local\{68EA46D6-3AD9-4EF1-B483-D71F92AA6F3C} folder moved successfully.
C:\Users\nico\AppData\Local\{850CD005-82D1-4B2C-A9A6-594A59FBC08B} folder moved successfully.
C:\Users\nico\AppData\Local\{86310FAB-DE4F-4963-88B7-D93682063745} folder moved successfully.
C:\Users\nico\AppData\Local\{90031F19-23BC-4DD1-934A-55AE7ED030CA} folder moved successfully.
C:\Users\nico\AppData\Local\{9724B49A-EF07-4C33-BFB6-4662EE622DE7} folder moved successfully.
C:\Users\nico\AppData\Local\{97B8348A-E867-48BF-802B-9ADB20E376ED} folder moved successfully.
C:\Users\nico\AppData\Local\{9F0AC529-4272-4976-BA0D-33785EE8AC82} folder moved successfully.
C:\Users\nico\AppData\Local\{A5BCE716-E666-4DA7-972B-2AA4111FAD7A} folder moved successfully.
C:\Users\nico\AppData\Local\{AEF71320-1A4C-44AA-85ED-97F6DC442B02} folder moved successfully.
C:\Users\nico\AppData\Local\{AFF04AE0-6C4A-4D54-9122-CD84B321C19B} folder moved successfully.
C:\Users\nico\AppData\Local\{C9A54F10-1445-4BB2-BEA4-942B2B63D7F6} folder moved successfully.
C:\Users\nico\AppData\Local\{CF4D7AD5-35D9-460E-BB15-B3C42B9108C4} folder moved successfully.
C:\Users\nico\AppData\Local\{E342CA03-4E9E-4674-BFF2-E63AE607512F} folder moved successfully.
C:\Users\nico\AppData\Local\{E74EA2FF-581D-4841-A59D-1CAF9B452865} folder moved successfully.
C:\Users\nico\AppData\Local\{E861502E-7EB5-4234-B35A-BFC9401450F9} folder moved successfully.
C:\Users\nico\AppData\Local\{F6C21EF0-2A36-4606-B84D-B932354F070E} folder moved successfully.
C:\Users\nico\AppData\Local\{FC0B4AB1-2628-42C7-91AD-C4C574696DBE} folder moved successfully.
C:\Users\nico\AppData\Local\{FC746361-28D9-47DD-B7FD-C51D213BFF35} folder moved successfully.
C:\Users\nico\AppData\Local\{FFCEAB4B-353A-4D78-8141-6DE489791A0B} folder moved successfully.
File\Folder C:\ProgramData\*.exe not found.
File\Folder C:\ProgramData\TEMP not found.
C:\Users\nico\AppData\Local\Temp\FlashPlayerUpdate.exe moved successfully.
C:\Users\nico\AppData\Local\Temp\FooPlugin0.9.4Setup_2.3.1.2.exe moved successfully.
C:\Users\nico\AppData\Local\Temp\GLF8F0.tmp.ConduitEngineSetup.exe moved successfully.
C:\Users\nico\AppData\Local\Temp\GoogleUpdateSetup.exe10675 moved successfully.
C:\Users\nico\AppData\Local\Temp\GoogleUpdateSetup.exe25317c moved successfully.
C:\Users\nico\AppData\Local\Temp\GoogleUpdateSetup.exe1fc2c2 moved successfully.
C:\Users\nico\AppData\Local\Temp\GoogleUpdateSetup.exe27f98b moved successfully.
C:\Users\nico\AppData\Local\Temp\GoogleUpdateSetup.exe61951f moved successfully.
C:\Users\nico\AppData\Local\Temp\GoogleUpdateSetup.exea57b0 moved successfully.
C:\Users\nico\AppData\Local\Temp\GoogleUpdateSetup.exee5fea moved successfully.
C:\Users\nico\AppData\Local\Temp\GoogleUpdateSetup.exe131d6f moved successfully.
C:\Users\nico\AppData\Local\Temp\GoogleUpdateSetup.exe11520ed moved successfully.
C:\Users\nico\AppData\Local\Temp\GoogleUpdateSetup.exe7e14 moved successfully.
C:\Users\nico\AppData\Local\Temp\GoogleUpdateSetup.exe8d12 moved successfully.
C:\Users\nico\AppData\Local\Temp\GoogleUpdateSetup.exe138ea moved successfully.
C:\Users\nico\AppData\Local\Temp\i4jdel0.exe moved successfully.
C:\Users\nico\AppData\Local\Temp\InstallAX.exe moved successfully.
C:\Users\nico\AppData\Local\Temp\InstallPlugin.exe moved successfully.
C:\Users\nico\AppData\Local\Temp\iTunesPluginWinSetup_3.0.4.0.exe moved successfully.
C:\Users\nico\AppData\Local\Temp\jre-6u17-windows-i586-iftw-rv.exe moved successfully.
C:\Users\nico\AppData\Local\Temp\jre-6u20-windows-i586-iftw-rv.exe moved successfully.
C:\Users\nico\AppData\Local\Temp\jre-6u21-windows-i586-iftw-rv.exe moved successfully.
C:\Users\nico\AppData\Local\Temp\jre-6u22-windows-i586-iftw-rv.exe moved successfully.
C:\Users\nico\AppData\Local\Temp\jre-6u24-windows-i586-iftw-rv.exe moved successfully.
C:\Users\nico\AppData\Local\Temp\jre-6u26-windows-i586-iftw-rv.exe moved successfully.
C:\Users\nico\AppData\Local\Temp\jre-6u29-windows-i586-iftw-rv.exe moved successfully.
C:\Users\nico\AppData\Local\Temp\jre-6u32-windows-i586-iftw.exe moved successfully.
C:\Users\nico\AppData\Local\Temp\lvid_lvid.exe moved successfully.
C:\Users\nico\AppData\Local\Temp\ONAIRSetup100.0.0.000.exe moved successfully.
C:\Users\nico\AppData\Local\Temp\ONAIRSetup4.0.0.834.exe moved successfully.
C:\Users\nico\AppData\Local\Temp\pyl1093.tmp.exe moved successfully.
C:\Users\nico\AppData\Local\Temp\SkypeSetup.exe moved successfully.
C:\Users\nico\AppData\Local\Temp\SpotifyUpgrader.exe moved successfully.
C:\Users\nico\AppData\Local\Temp\wlsetup-cvr.exe moved successfully.
C:\Users\nico\AppData\Local\Temp\WmpPluginSetup_2.1.0.6.exe moved successfully.
C:\Users\nico\AppData\Local\Temp\xmlUpdater.exe moved successfully.
C:\Users\nico\AppData\Local\Temp\_is6E3C.exe moved successfully.
C:\Users\nico\AppData\Local\Temp\_isA2F2.exe moved successfully.
C:\Users\nico\AppData\Local\Temp\_isC4F.exe moved successfully.
C:\Users\nico\AppData\Local\Temp\_isDC3A.exe moved successfully.
C:\Users\nico\AppData\Local\Temp\~convert1587411461053568677.exe moved successfully.
C:\Users\nico\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\tmp folder moved successfully.
C:\Users\nico\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\muffin folder moved successfully.
C:\Users\nico\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\host folder moved successfully.
C:\Users\nico\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9 folder moved successfully.
C:\Users\nico\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8 folder moved successfully.
C:\Users\nico\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7 folder moved successfully.
C:\Users\nico\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63 folder moved successfully.
C:\Users\nico\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62 folder moved successfully.
C:\Users\nico\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61 folder moved successfully.
C:\Users\nico\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60 folder moved successfully.
C:\Users\nico\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6 folder moved successfully.
C:\Users\nico\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59 folder moved successfully.
C:\Users\nico\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58 folder moved successfully.
C:\Users\nico\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57 folder moved successfully.
C:\Users\nico\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56 folder moved successfully.
C:\Users\nico\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55 folder moved successfully.
C:\Users\nico\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54 folder moved successfully.
C:\Users\nico\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53 folder moved successfully.
C:\Users\nico\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52 folder moved successfully.
C:\Users\nico\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\51 folder moved successfully.
C:\Users\nico\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50 folder moved successfully.
C:\Users\nico\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5 folder moved successfully.
C:\Users\nico\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49 folder moved successfully.
C:\Users\nico\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48 folder moved successfully.
C:\Users\nico\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47 folder moved successfully.
C:\Users\nico\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46 folder moved successfully.
C:\Users\nico\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\45 folder moved successfully.
C:\Users\nico\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44 folder moved successfully.
C:\Users\nico\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43 folder moved successfully.
C:\Users\nico\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42 folder moved successfully.
C:\Users\nico\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41 folder moved successfully.
C:\Users\nico\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40 folder moved successfully.
C:\Users\nico\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4 folder moved successfully.
C:\Users\nico\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39 folder moved successfully.
C:\Users\nico\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38 folder moved successfully.
C:\Users\nico\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\37 folder moved successfully.
C:\Users\nico\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36 folder moved successfully.
C:\Users\nico\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35 folder moved successfully.
C:\Users\nico\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34 folder moved successfully.
C:\Users\nico\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33 folder moved successfully.
C:\Users\nico\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32 folder moved successfully.
C:\Users\nico\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31 folder moved successfully.
C:\Users\nico\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30 folder moved successfully.
C:\Users\nico\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3 folder moved successfully.
C:\Users\nico\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29 folder moved successfully.
C:\Users\nico\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28 folder moved successfully.
C:\Users\nico\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27 folder moved successfully.
C:\Users\nico\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26 folder moved successfully.
C:\Users\nico\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25 folder moved successfully.
C:\Users\nico\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\24 folder moved successfully.
C:\Users\nico\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23 folder moved successfully.
C:\Users\nico\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22 folder moved successfully.
C:\Users\nico\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21 folder moved successfully.
C:\Users\nico\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20 folder moved successfully.
C:\Users\nico\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2 folder moved successfully.
C:\Users\nico\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19 folder moved successfully.
C:\Users\nico\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18 folder moved successfully.
C:\Users\nico\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17 folder moved successfully.
C:\Users\nico\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16 folder moved successfully.
C:\Users\nico\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15 folder moved successfully.
C:\Users\nico\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\14 folder moved successfully.
C:\Users\nico\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13 folder moved successfully.
C:\Users\nico\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12 folder moved successfully.
C:\Users\nico\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\11 folder moved successfully.
C:\Users\nico\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10 folder moved successfully.
C:\Users\nico\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1 folder moved successfully.
C:\Users\nico\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0 folder moved successfully.
C:\Users\nico\AppData\LocalLow\Sun\Java\Deployment\cache\6.0 folder moved successfully.
C:\Users\nico\AppData\LocalLow\Sun\Java\Deployment\cache folder moved successfully.
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\nico\Desktop\cmd.bat deleted successfully.
C:\Users\nico\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56509 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: nico
->Temp folder emptied: 1010664002 bytes
->Temporary Internet Files folder emptied: 814044669 bytes
->FireFox cache emptied: 63440536 bytes
->Google Chrome cache emptied: 17946600 bytes
->Flash cache emptied: 2939392 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 658651342 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 526050 bytes
%systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 753 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 102226 bytes
RecycleBin emptied: 289631 bytes
Total Files Cleaned = 2.450,00 mb
OTL by OldTimer - Version 3.2.59.1 log created on 08272012_224744
Files\Folders moved on Reboot...
File move failed. E:\autorun.inf scheduled to be moved on reboot.
C:\Users\nico\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
muss ich irgendwelche dinge jetzt wiederherstellen oder so? was ist die empfehlung als schutz vor weiteren trojanern? avira isses anscheinend mal nicht |
|
28.08.2012, 17:36
| #4 |
| /// Helfer-Team | win7 - weißer bildschirm - trojaner; OTLPE funkt nicht Sehr gut!  Wie laeuft der Rechner? 1. Schritt Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten.danach: 2. Schritt Downloade Dir bitte AdwCleaner auf deinen Desktop.
|
|
31.08.2012, 15:29
| #5 |
| | win7 - weißer bildschirm - trojaner; OTLPE funkt nicht rechner läuft wieder ganz normal. danke auf jeden fall nochmal für die hilfe!!!!!!!!!!!! bin froh das forum gefunden zu haben und werde es auch entsprechend weiter empfehlen ... scan mit Malwarebytes läuft grade noch |
|
31.08.2012, 20:22
| #6 |
| /// Helfer-Team | win7 - weißer bildschirm - trojaner; OTLPE funkt nicht Wir sind noch nicht fertig. Logfiles posten!
__________________ --> win7 - weißer bildschirm - trojaner; OTLPE funkt nicht |
|
31.08.2012, 20:27
| #7 |
| | win7 - weißer bildschirm - trojaner; OTLPE funkt nicht achso ja *** logfile von malwarebytes: Code:
ATTFilter Malwarebytes Anti-Malware 1.62.0.1300 www.malwarebytes.org Datenbank Version: v2012.08.31.07 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 nico :: STAND-PC [Administrator] 31.08.2012 16:13:44 mbam-log-2012-08-31 (16-13-44).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|F:\|J:\|K:\|L:\|M:\|O:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 824668 Laufzeit: 2 Stunde(n), 48 Minute(n), 33 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 4 C:\Users\nico\Documents\Downloads\Nero Burning ROM 8\Nero 8 Keygen.exe (RiskWare.Tool.CK) -> Erfolgreich gelöscht und in Quarantäne gestellt. F:\Datensicherung\Users\nico\AppData\Roaming\msconfig.dat (Trojan.Dropper) -> Erfolgreich gelöscht und in Quarantäne gestellt. F:\Datensicherung\Users\nico\Documents\Downloads\Nero Burning ROM 8\Nero 8 Keygen.exe (RiskWare.Tool.CK) -> Erfolgreich gelöscht und in Quarantäne gestellt. F:\install_files\Acronis True Image 11 Build 8053 Home\keygen.exe (Trojan.Agent.CK) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Code:
ATTFilter # AdwCleaner v2.000 - Datei am 08/31/2012 um 21:24:28 erstellt
# Aktualisiert am 30/08/2012 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzer : nico - STAND-PC
# Normaler Modus : Normal
# Ausgeführt unter : C:\Users\nico\Desktop\adwcleaner.exe
# Option [Suche]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Datei Gefunden : C:\Users\nico\AppData\Roaming\Mozilla\Firefox\Profiles\fuoxqe8k.default\extensions\toolbar@alexa.com.xpi
Ordner Gefunden : C:\Program Files (x86)\DAEMON Tools Toolbar
Ordner Gefunden : C:\Program Files (x86)\Vuze_Remote
Ordner Gefunden : C:\Program Files (x86)\Vuze_Remote
Ordner Gefunden : C:\Users\nico\AppData\Local\Conduit
Ordner Gefunden : C:\Users\nico\AppData\LocalLow\Conduit
Ordner Gefunden : C:\Users\nico\AppData\LocalLow\Vuze_Remote
Ordner Gefunden : C:\Users\nico\AppData\LocalLow\Vuze_Remote
Ordner Gefunden : C:\Users\nico\AppData\Roaming\Mozilla\Firefox\Profiles\fuoxqe8k.default\Conduit
Ordner Gefunden : C:\Users\nico\AppData\Roaming\Mozilla\Firefox\Profiles\fuoxqe8k.default\CT2269050
Ordner Gefunden : C:\Users\nico\AppData\Roaming\Mozilla\Firefox\Profiles\fuoxqe8k.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
***** [Registrierungsdatenbank] *****
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\Vuze_Remote
Schlüssel Gefunden : HKCU\Software\AppDataLow\Toolbar
Schlüssel Gefunden : HKCU\Software\Conduit
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{32099AAC-C132-4136-9E9A-4E364A424E17}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{BA14329E-9550-4989-B3F2-9732E92D17CC}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{32099AAC-C132-4136-9E9A-4E364A424E17}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BA14329E-9550-4989-B3F2-9732E92D17CC}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\BHO.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Conduit.Engine
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\DTToolbar.ToolBandObj
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\DTToolbar.ToolBandObj.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Toolbar.CT2504091
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Schlüssel Gefunden : HKLM\Software\Conduit
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9DC9A143-E7FE-4001-95C6-C186FF82D26C}
Schlüssel Gefunden : HKLM\Software\Vuze_Remote
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{9DC9A143-E7FE-4001-95C6-C186FF82D26C}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{167A3CB3-2554-49F2-86A5-4A6A16A70662}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEAF1BBA-4FF9-4DA8-9E78-1C391E1FE02D}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Vuze_Remote Toolbar
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Wert Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{32099AAC-C132-4136-9E9A-4E364A424E17}]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{32099AAC-C132-4136-9E9A-4E364A424E17}]
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16421
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v14.0.1 (de)
Profilname : default
Datei : C:\Users\nico\AppData\Roaming\Mozilla\Firefox\Profiles\fuoxqe8k.default\prefs.js
Gefunden : user_pref("CT2269050..clientLogIsEnabled", false);
Gefunden : user_pref("CT2269050..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Gefunden : user_pref("CT2269050..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Gefunden : user_pref("CT2269050.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
Gefunden : user_pref("CT2269050.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Gefunden : user_pref("CT2269050.BrowserCompStateIsOpen_129681780741097243", true);
Gefunden : user_pref("CT2269050.BrowserCompStateIsOpen_129853623028165512", true);
Gefunden : user_pref("CT2269050.BrowserCompStateIsOpen_129881141106886992", true);
Gefunden : user_pref("CT2269050.CTID", "CT2269050");
Gefunden : user_pref("CT2269050.CurrentServerDate", "31-8-2012");
Gefunden : user_pref("CT2269050.DialogsAlignMode", "LTR");
Gefunden : user_pref("CT2269050.DialogsGetterLastCheckTime", "Thu Aug 30 2012 14:35:34 GMT+0200");
Gefunden : user_pref("CT2269050.DownloadReferralCookieData", "");
Gefunden : user_pref("CT2269050.EMailNotifierPollDate", "Thu Jan 06 2011 20:03:52 GMT+0100");
Gefunden : user_pref("CT2269050.FirstServerDate", "6-1-2011");
Gefunden : user_pref("CT2269050.FirstTime", true);
Gefunden : user_pref("CT2269050.FirstTimeFF3", true);
Gefunden : user_pref("CT2269050.FirstTimeSettingsDone", true);
Gefunden : user_pref("CT2269050.FixPageNotFoundErrors", true);
Gefunden : user_pref("CT2269050.GroupingServerCheckInterval", 1440);
Gefunden : user_pref("CT2269050.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Gefunden : user_pref("CT2269050.HasUserGlobalKeys", true);
Gefunden : user_pref("CT2269050.Initialize", true);
Gefunden : user_pref("CT2269050.InitializeCommonPrefs", true);
Gefunden : user_pref("CT2269050.InstallationAndCookieDataSentCount", 3);
Gefunden : user_pref("CT2269050.InstallationType", "UnknownIntegration");
Gefunden : user_pref("CT2269050.InstalledDate", "Thu Jan 06 2011 19:53:52 GMT+0100");
Gefunden : user_pref("CT2269050.InvalidateCache", false);
Gefunden : user_pref("CT2269050.IsGrouping", false);
Gefunden : user_pref("CT2269050.IsMulticommunity", false);
Gefunden : user_pref("CT2269050.IsOpenThankYouPage", false);
Gefunden : user_pref("CT2269050.IsOpenUninstallPage", false);
Gefunden : user_pref("CT2269050.LanguagePackLastCheckTime", "Fri Aug 31 2012 15:37:01 GMT+0200");
Gefunden : user_pref("CT2269050.LanguagePackReloadIntervalMM", 1440);
Gefunden : user_pref("CT2269050.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Gefunden : user_pref("CT2269050.LastLogin_2.7.2.0", "Thu Jan 06 2011 19:53:52 GMT+0100");
Gefunden : user_pref("CT2269050.LastLogin_3.12.0.7", "Sat Apr 28 2012 12:31:52 GMT+0200");
Gefunden : user_pref("CT2269050.LastLogin_3.12.2.3", "Sat Jun 02 2012 20:24:42 GMT+0200");
Gefunden : user_pref("CT2269050.LastLogin_3.13.0.6", "Fri Jun 29 2012 07:43:12 GMT+0200");
Gefunden : user_pref("CT2269050.LastLogin_3.14.1.0", "Tue Aug 21 2012 19:39:30 GMT+0200");
Gefunden : user_pref("CT2269050.LastLogin_3.15.1.0", "Fri Aug 31 2012 15:37:01 GMT+0200");
Gefunden : user_pref("CT2269050.LatestVersion", "3.15.1.0");
Gefunden : user_pref("CT2269050.Locale", "en");
Gefunden : user_pref("CT2269050.LoginCache", 4);
Gefunden : user_pref("CT2269050.MCDetectTooltipHeight", "83");
Gefunden : user_pref("CT2269050.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Gefunden : user_pref("CT2269050.MCDetectTooltipWidth", "295");
Gefunden : user_pref("CT2269050.MyStuffEnabledAtInstallation", true);
Gefunden : user_pref("CT2269050.RadioIsPodcast", false);
Gefunden : user_pref("CT2269050.RadioLastCheckTime", "Thu Jan 06 2011 19:53:52 GMT+0100");
Gefunden : user_pref("CT2269050.RadioLastUpdateIPServer", "3");
Gefunden : user_pref("CT2269050.RadioLastUpdateServer", "129132338014870000");
Gefunden : user_pref("CT2269050.RadioMediaID", "12473383");
Gefunden : user_pref("CT2269050.RadioMediaType", "Media Player");
Gefunden : user_pref("CT2269050.RadioMenuSelectedID", "EBRadioMenu_CT226905012473383");
Gefunden : user_pref("CT2269050.RadioStationName", "Hotmix%20108");
Gefunden : user_pref("CT2269050.RadioStationURL", "hxxp://67.202.67.18:8082");
Gefunden : user_pref("CT2269050.SearchEngine", "Search||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TER[...]
Gefunden : user_pref("CT2269050.SearchFromAddressBarIsInit", true);
Gefunden : user_pref("CT2269050.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT226[...]
Gefunden : user_pref("CT2269050.SearchInNewTabEnabled", true);
Gefunden : user_pref("CT2269050.SearchInNewTabIntervalMM", 1440);
Gefunden : user_pref("CT2269050.SearchInNewTabLastCheckTime", "Fri Aug 31 2012 15:36:59 GMT+0200");
Gefunden : user_pref("CT2269050.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Gefunden : user_pref("CT2269050.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...]
Gefunden : user_pref("CT2269050.SearchInNewTabUserEnabled", false);
Gefunden : user_pref("CT2269050.ServiceMapLastCheckTime", "Fri Aug 31 2012 15:36:59 GMT+0200");
Gefunden : user_pref("CT2269050.SettingsCheckIntervalMin", 120);
Gefunden : user_pref("CT2269050.SettingsLastCheckTime", "Fri Aug 31 2012 15:36:58 GMT+0200");
Gefunden : user_pref("CT2269050.SettingsLastUpdate", "1346236157");
Gefunden : user_pref("CT2269050.ThirdPartyComponentsInterval", 504);
Gefunden : user_pref("CT2269050.ThirdPartyComponentsLastCheck", "Thu Jan 06 2011 19:53:51 GMT+0100");
Gefunden : user_pref("CT2269050.ThirdPartyComponentsLastUpdate", "1246790578");
Gefunden : user_pref("CT2269050.ToolbarShrinkedFromSetup", false);
Gefunden : user_pref("CT2269050.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2269050");
Gefunden : user_pref("CT2269050.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]
Gefunden : user_pref("CT2269050.UserID", "UN79856558457248924");
Gefunden : user_pref("CT2269050.WeatherNetwork", "");
Gefunden : user_pref("CT2269050.WeatherPollDate", "Thu Jan 06 2011 19:53:52 GMT+0100");
Gefunden : user_pref("CT2269050.WeatherUnit", "C");
Gefunden : user_pref("CT2269050.alertChannelId", "666138");
Gefunden : user_pref("CT2269050.clientLogIsEnabled", false);
Gefunden : user_pref("CT2269050.clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asm[...]
Gefunden : user_pref("CT2269050.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
Gefunden : user_pref("CT2269050.homepageProtectorEnableByLogin", true);
Gefunden : user_pref("CT2269050.initDone", true);
Gefunden : user_pref("CT2269050.myStuffEnabled", true);
Gefunden : user_pref("CT2269050.myStuffPublihserMinWidth", 400);
Gefunden : user_pref("CT2269050.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Gefunden : user_pref("CT2269050.myStuffServiceIntervalMM", 1440);
Gefunden : user_pref("CT2269050.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Gefunden : user_pref("CT2269050.revertSettingsEnabled", true);
Gefunden : user_pref("CT2269050.searchProtectorDialogDelayInSec", 10);
Gefunden : user_pref("CT2269050.searchProtectorEnableByLogin", true);
Gefunden : user_pref("CT2269050.testingCtid", "");
Gefunden : user_pref("CT2269050.toolbarAppMetaDataLastCheckTime", "Fri Aug 31 2012 15:37:01 GMT+0200");
Gefunden : user_pref("CT2269050.uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Reg[...]
Gefunden : user_pref("CT2269050.usagesFlag", 2);
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2269050/CT2269050[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/909619/905414/AT", "\"0\"")[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2269050", [...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.engine.conduit-services.com/DLG.pkg?ver=3.3.3[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.13[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.14[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.15[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2269050",[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=0", "63[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=1/11/20[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=3/13/20[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"bff[...]
Gefunden : user_pref("CommunityToolbar.EngineOwner", "");
Gefunden : user_pref("CommunityToolbar.EngineOwnerGuid", "");
Gefunden : user_pref("CommunityToolbar.EngineOwnerToolbarId", "");
Gefunden : user_pref("CommunityToolbar.IsEngineShown", true);
Gefunden : user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true);
Gefunden : user_pref("CommunityToolbar.OriginalEngineOwner", "");
Gefunden : user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "");
Gefunden : user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "");
Gefunden : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "chrome://browser-region/locale/region.pr[...]
Gefunden : user_pref("CommunityToolbar.ToolbarsList", "CT2269050");
Gefunden : user_pref("CommunityToolbar.ToolbarsList2", "CT2269050");
Gefunden : user_pref("CommunityToolbar.alert.alertDialogsGetterLastCheckTime", "Sun Mar 27 2011 13:45:16 GMT+02[...]
Gefunden : user_pref("CommunityToolbar.alert.alertInfoInterval", 1440);
Gefunden : user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Tue May 31 2011 18:38:31 GMT+0200");
Gefunden : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");
Gefunden : user_pref("CommunityToolbar.alert.locale", "en");
Gefunden : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
Gefunden : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Tue May 31 2011 18:38:23 GMT+0200");
Gefunden : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1305622559");
Gefunden : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
Gefunden : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");
Gefunden : user_pref("CommunityToolbar.alert.showTrayIcon", false);
Gefunden : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
Gefunden : user_pref("CommunityToolbar.alert.userId", "{3dcb0c32-676d-4e42-a2eb-d16115585769}");
Gefunden : user_pref("CommunityToolbar.globalUserId", "4fe613ed-1941-4b49-968c-19179208b6cb");
Gefunden : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Gefunden : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Gefunden : user_pref("extensions.alexa.toolbarXMLText", "<?xml version=\"1.0\" encoding=\"utf-8\"?>\n<toolbar>\[...]
-\\ Google Chrome v21.0.1180.89
Datei : C:\Users\nico\AppData\Local\Google\Chrome\User Data\Default\Preferences
Gefunden [l.11] : urls_to_restore_on_startup = [ "hxxp://mail.google.com/mail/?shva=1#inbox" ]
Gefunden [l.1451] : urls_to_restore_on_startup = [ "hxxp://mail.google.com/mail/?shva=1#inbox" ]
*************************
AdwCleaner[R1].txt - [16186 octets] - [31/08/2012 21:24:28]
########## EOF - C:\AdwCleaner[R1].txt - [16247 octets] ##########
|
|
31.08.2012, 22:50
| #8 |
| /// Helfer-Team | win7 - weißer bildschirm - trojaner; OTLPE funkt nicht Sehr gut!
danach: Malware-Scan mit Emsisoft Anti-Malware Lade die Gratisversion von => Emsisoft Anti-Malware herunter und installiere das Programm. Lade über Jetzt Updaten die aktuellen Signaturen herunter. Wähle den Freeware-Modus aus. Wähle Detail Scan und starte über den Button Scan die Überprüfung des Computers. Am Ende des Scans nichts loeschen lassen!. Mit Klick auf Bericht speichern das Logfile auf dem Desktop speichern und hier in den Thread posten. Anleitung: http://www.trojaner-board.de/103809-...i-malware.html |
|
02.09.2012, 13:51
| #9 |
| | win7 - weißer bildschirm - trojaner; OTLPE funkt nicht das file von adwcleaner hab ich schon in der vorigen antwort gepostet. hier noch das ergebnis vom emsisoft anti-malware: Code:
ATTFilter Emsisoft Anti-Malware - Version 6.6
Letztes Update: 02.09.2012 11:20:28
Scan Einstellungen:
Scan Methode: Detail Scan
Objekte: Rootkits, Speicher, Traces, C:\, D:\, F:\, O:\
Archiv Scan: An
ADS Scan: An
Scan Beginn: 02.09.2012 11:31:29
F:\install_files\NetLimiter.Pro.2.0.10_CRK-FFF.zip -> NetLimiter.Pro.2.0.10_CRK-FFF\netlimiter.pro.v2.0.10-patch.exe gefunden: possible-Threat.Patch.NetLimiter!E2
F:\install_files\Adobe Creative Suite 5 Master Collection - Shadeyman\Keygen.rar -> Keygen\keygen.exe gefunden: not-a-virus.Keygen.Adobe!E2
F:\GAMES\Unreal.Tournament.3-AVENGED\Unreal.Tournament.3.KEYGEN-RELOADED\rld-ut3k.rar -> rld-ut3k.exe gefunden: not-a-virus.Keygen.UnrealTournament3!E2
F:\GAMES\S.T.A.L.K.E.R\S.T.A.L.K.E.R.Shadow.of.Chernobyl.PLUS.4.TRAINER.REPACK-Unleashed\unl-sp4tr.rar -> trainer.exe gefunden: Trojan.Packed!E2
F:\GAMES\Call.Of.Duty.World.At.War-RELOADED\CoD5_Patch.rar -> CoD5_Patch.exe gefunden: Backdoor.Win32.Poison!E2
F:\GAMES\Crysis-Razor1911\Crysis.Update.1.2-ViTALiTY\ViTALiTY\Bin64\Crysis.exe gefunden: Riskware.Crack.Crysis!E2
F:\GAMES\Crysis-Razor1911\Crysis.Update.1.2-ViTALiTY\ViTALiTY\Bin32\Crysis.exe gefunden: Riskware.Crack.Crysis!E2
F:\Datensicherung\FestplatteTemp11_2011\Adobe Creative Suite 5 Master Collection - Shadeyman.rar -> Adobe Creative Suite 5 Master Collection - Shadeyman\Keygen.rar -> Keygen\keygen.exe gefunden: not-a-virus.Keygen.Adobe!E2
F:\Datensicherung\FestplatteTemp11_2011\Adobe Creative Suite 5 Master Collection - Shadeyman.rar -> Adobe Creative Suite 5 Master Collection - Shadeyman\Keygen\keygen.exe gefunden: not-a-virus.Keygen.Adobe!E2
F:\Datensicherung\FestplatteTemp11_2011\Adobe Creative Suite 5 Master Collection - Shadeyman.rar -> Adobe Creative Suite 5 Master Collection - Shadeyman\Keygen.rar gefunden: not-a-virus.Keygen.Adobe!E2
O:\System Volume Information\_restore{62419767-DBF8-46BF-9DBB-CC6249393EEE}\RP333\A0057815.exe gefunden: Riskware.Crack.Crysis!E2
O:\System Volume Information\_restore{62419767-DBF8-46BF-9DBB-CC6249393EEE}\RP333\A0057814.exe gefunden: Riskware.Crack.Crysis!E2
Gescannt 1077601
Gefunden 12
Scan Ende: 02.09.2012 14:29:06
Scan Zeit: 2:57:37
|
|
02.09.2012, 19:56
| #10 |
| /// Helfer-Team | win7 - weißer bildschirm - trojaner; OTLPE funkt nicht adwCleaner war eine andere Anweisung. Die Benutzung von Cracks und Keygens ist illegal und verstoesst gegen unseren Kodex. Schon mal darueber nachgedacht, warum es Cracks gibt? Mit Cracks & Co installiert man sich Hintertueren auf dem Rechner. Kriminelle nutzen solche Rechner als Botnetz fuer ihre Machenschaften. Dein System ist als nicht vertrauenswuerdig einzustufen und du solltest keine sensiblen Sachen wie Homebanking an dem PC betreiben. Anleitungen zum Neuaufsetzen (bebildert) > Windows 7 neu aufsetzen > Vista > XP 1. Datenrettung:
2. Formatieren, Windows neu instalieren:
3. PC absichern: http://www.trojaner-board.de/96344-a...-rechners.html ich werde außerdem noch weitere punkte dazu posten. 4. alle Passwörter ändern! 5. nach PC Absicherung, die gesicherten Daten prüfen und falls sauber: zurückspielen. |
|
03.09.2012, 13:17
| #11 |
| | win7 - weißer bildschirm - trojaner; OTLPE funkt nicht ok, bin mir keiner schuld bewusst. habe den rechner fix fertig mit allen programmen drauf von einem kumpel übernommen. der hat mir dahingehend nix gesagt  ich werd das mit ihm mal besprechen .... die Daten hab ich auf jeden Fall schon gesichert und Passwörter geändert. formatieren und neu aufsetzen? dann muss ich ja auch alle Programme neu installieren ... das werd ich eher nicht machen, bzw. wenn dann lieber mit meinem kollegen gemeinsam von dem ich den pc hab. |
|
| Themen zu win7 - weißer bildschirm - trojaner; OTLPE funkt nicht |
| 2.0.7, 7-zip, anleitung, avira, bildschirm, conduit, cubase, daten, diverse, entdeck, folge, frage, gelöscht, google earth, hilfe!, hochfahren, install.exe, langs, lws.exe, neu, neustart, ntdll.dll, office 2007, plug-in, plötzlich, problem, rechner, richtlinie, spotify web helper, super, system, tan, trick, trojaner, usb, version., visual studio, weißer bildschirm trojaner, win, win xp, win7, win7 64bit, windows 7 64bit, wirklich |
Linear-Darstellung
