Ihr Computer wurde gesperrt ...

eagle_j · 16.10.2012, 13:16

Hallo, heute morgen hat es mich erwischt. Plötzlich zeigte mein PC nur mehr eine Seite "Ihr Computer wurde gesperrt, ..." - was dann noch genau stand, weiß ich nicht - ich glaube bka oder österreichische Polizei.
In meinem Schreck hab ich sofort meinen PC heruntergefahren und im abgesichterten Modus gestartet.
Irgendwo las ich von Malwarebytes - und hab das laufen lassen (drei infizierte Files wurden entdeckt und entfernt) - dummerweise auch aus der Quarantäne gelöscht.
Dann hab ich eure Seite (am IPad) gefunden und nach Neustart in den abgesicherten Modus einen erneuten Malwarebytes Scan gemacht (diesmal ohne Funde) und einen ESET-Scan gestartet (der 5 Funde vermeldet hat)
Eins vorweg - ich kann momentan wieder auf dem PC arbeiten, brauche aber Hilfe, um zu checken, ob auch wirklich alles weg ist.

Vielen Dank dafür schon im voraus!!

Hier der erste Malwarebytes Scan mit den infizierten Dateien:

Code:

ATTFilter

 Malwarebytes Anti-Malware  (Test) 1.65.0.1400
www.malwarebytes.org

Datenbank Version: v2012.10.16.03

Windows 7 Service Pack 1 x64 NTFS (Abgesichertenmodus/Netzwerkfähig)
Internet Explorer 9.0.8112.16421
Johannes :: JOHANNES-PC2 [Administrator]

Schutz: Deaktiviert

16.10.2012 09:04:37
mbam-log-2012-10-16 (09-04-37).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 207457
Laufzeit: 4 Minute(n), 7 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 3
C:\Users\Johannes\AppData\Local\Temp\wgsdgsdgdsgsd.exe (Exploit.Drop.GS) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\ProgramData\lsass.exe (Trojan.Delf) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk (Trojan.Ransom.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

Nun folgt der 2. nach der Reinigung:

Code:

ATTFilter

 Malwarebytes Anti-Malware  (Test) 1.65.0.1400
www.malwarebytes.org

Datenbank Version: v2012.10.16.04

Windows 7 Service Pack 1 x64 NTFS (Abgesichertenmodus/Netzwerkfähig)
Internet Explorer 9.0.8112.16421
Johannes :: JOHANNES-PC2 [Administrator]

Schutz: Deaktiviert

16.10.2012 09:13:12
mbam-log-2012-10-16 (09-13-12).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 206865
Laufzeit: 3 Minute(n), 56 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

Nun folgt der ESET - Log:

Code:

ATTFilter

 ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=7e5d543ba7e4bb44b761396df052d34c
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-10-16 10:40:40
# local_time=2012-10-16 12:40:40 (+0100, Mitteleuropäische Sommerzeit)
# country="Austria"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1792 16777215 100 0 25597648 25597648 0 0
# compatibility_mode=5893 16776573 100 94 3762 102002435 0 0
# compatibility_mode=8192 67108863 100 0 77 77 0 0
# scanned=723002
# found=5
# cleaned=0
# scan_time=11454
C:\Users\Johannes\AppData\Local\Temp\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbar4ie.exe	Win32/Toolbar.Babylon Anwendung (Säubern nicht möglich)	00000000000000000000000000000000	I
C:\Users\Johannes\AppData\Local\Temp\C12E6529-BAB0-7891-9864-B33EEC580518\MyBabylonTB.exe	Win32/Toolbar.Babylon Anwendung (Säubern nicht möglich)	00000000000000000000000000000000	I
D:\Backup\Eigene Webs\Vorlagen\flash\Skripte\PHP\google.zip	PHP/Obfuscated.F Anwendung (Säubern nicht möglich)	00000000000000000000000000000000	I
D:\Downloads\coretemp_1236.exe	Variante von Win32/InstallIQ Anwendung (Säubern nicht möglich)	00000000000000000000000000000000	I
D:\Downloads\CHIP\LOESCHEN.zip	Win32/Adware.ADON Anwendung (Säubern nicht möglich)	00000000000000000000000000000000	I

Momentan scheint der PC normal zu funktionieren.
Für Hilfe und etwaige weitere Anweisungen wäre ich sehr dankbar.

kira · 16.10.2012, 16:45

Hallo und Herzlich Willkommen!

Bevor wir unsere Zusammenarbeit beginnen, [Bitte Vollständig lesen]:

Zitat:

"Fernbehandlungen/Fernhilfe" und die damit verbundenen Haftungsrisken:
- da die Fehlerprüfung und Handlung werden über große Entfernungen durchgeführt, besteht keine Haftung unsererseits für die daraus entstehenden Folgen.
- also, jede Haftung für die daraus entstandene Schäden wird ausgeschlossen, ANWEISUNGEN UND DEREN BEFOLGUNG, ERFOLGT AUF DEINE EIGENE VERANTWORTUNG!
Charakteristische Merkmale/Profilinformationen:
- aus der verwendeten Loglisten oder Logdateien - wie z.B. deinen Realnamen, Seriennummer in Programm etc)- kannst Du durch [X] oder Sternchen (*) ersetzen
Die Systemprüfung und Bereinigung:
- kann einige Zeit in Anspruch nehmen (je nach Art der Infektion), kann aber sogar so stark kompromittiert sein, so dass eine wirkungsvolle technische Säuberung ist nicht mehr möglich bzw Du es neu installieren musst
Ich empfehle Dir die Anweisungen erst einmal komplett durchzulesen, bevor du es anwendest, weil wenn du etwas falsch machst, kann es wirklich gefährlich werden. Wenn du meinen Anweisungen Schritt für Schritt folgst, kann eigentlich nichts schief gehen.
Innerhalb der Betreuungszeit:
- ohne Abspräche bitte nicht auf eigene Faust handeln!- bei Problemen nachfragen.
Die Reihenfolge:
- genau so wie beschrieben bitte einhalten, nicht selbst die Reihenfolge wählen!
GECRACKTE SOFTWARE werden hier nicht geduldet!!!!
Ansonsten unsere Forumsregeln:
- Bitte erst lesen, dann posten!-> Für alle Hilfesuchenden! Was muss ich vor der Eröffnung eines Themas beachten?

Alle Logfile mit einem vBCode Tag eingefügen, das bietet hier eine gute Übersicht, erleichtert mir die Arbeit! Falls das Logfile zu groß, teile es in mehrere Teile auf.

Sobald Du diesen Einführungstext gelesen hast, kannst Du beginnen

► Hilfeleistung - geplante Vorgehensweise:

Problemsuche
Problembeseitigung/Systembereinigung
Verwendete Programme deinstallieren/entfernen
Thema abschließen: Tipps zur Computersicherheit

Für Vista und Win7:
Wichtig: Alle Befehle bitte als Administrator ausführen! rechte Maustaste auf die Eingabeaufforderung und "als Administrator ausführen" auswählen
Auf der angewählten Anwendung einen Rechtsklick (rechte Maustaste) und "Als Administrator ausführen" wählen!

1.
starte Malwarebytes Anti-Malware im normalen Modus
-> Funde aus Quarantäne löschen
-> Update ziehen
-> Vollständiger Suchlauf wählen
-> Funde löschen lassen
-> Scanergebnis hier posten!

2.
Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Doppelklick auf die OTL.exe
Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
Unter Extra Registry, wähle bitte Use SafeList
Mache Häckchen bei LOP- und Purity-Prüfung
Klicke nun auf Run Scan links oben
Wenn der Scan beendet wurde werden 2 Logfiles erstellt - OTL.txt und Extras.txt
Poste die Logfiles in Code-Tags hier in den Thread.

3.
Um festzustellen, ob veraltete oder schädliche Software unter Programme installiert sind, ich würde gerne noch all deine installierten Programme sehen:

Download den CCleaner herunter
Software-Lizenzvereinbarung lesen, falls irgendeine Toolbar angeboten wird, bitte abwählen!-> starten -> Falls nötig, auf "Deutsch" einstellen.
starten-> klick auf `Extras` (um auf deinem System installierte Software zu anzeigen)-> dann auf `Als Textdatei speichern...`
ein Textdatei wird automatisch erstellt, poste auch dieses Logfile (also die Liste alle installierten Programme...eine Textdatei)

Zitat:

Damit dein Thread übersichtlicher und schön lesbar bleibt, am besten nutze den Code-Tags für deinen Post:
→ vor dein Log schreibst Du (also am Anfang des Logfiles):[code]
hier kommt dein Logfile rein - z.B OTL-Logfile o. sonstiges
→ dahinter - also am Ende der Logdatei: [/code]

** Möglichst nicht ins internet gehen, kein Online-Banking, File-sharing, Chatprogramme usw

gruß
kira

eagle_j · 16.10.2012, 19:36

Hallo und danke für die Anweisungen, hat ein bisserl gedauert, aber der Suchlauf hat so lange gedauert.
Die Logs folgen nun:
Malwarerbytes

Code:

ATTFilter

 Malwarebytes Anti-Malware  (Test) 1.65.0.1400
www.malwarebytes.org

Datenbank Version: v2012.10.16.08

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Johannes :: JOHANNES-PC2 [Administrator]

Schutz: Aktiviert

16.10.2012 17:34:31
mbam-log-2012-10-16 (17-34-31).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 864747
Laufzeit: 2 Stunde(n), 1 Minute(n), 37 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 3
C:\Program Files (x86)\SmartStore\SmartStore.biz 5\SMResLib.dll (Trojan.Agent.GNI) -> Keine Aktion durchgeführt.
C:\Users\Public\Documents\SmartStore\SmartStore.biz 5\SMResLib.dll (Trojan.Agent.GNI) -> Keine Aktion durchgeführt.
D:\Downloads\coretemp_1236.exe (PUP.BundleOffers.IIQ) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

Die beiden gefundenen Dateien "SMResLib.dll" hab ich manuell umbenannt, gezippt und dann die Originalfiles gelöscht, da bei beiden in Malwarebytes das Häkchen zum Löschen nicht gesetzt war - und ich den 2-stündigen Suchlauf nicht nochmal machen wollte. Ein nachträgliches Verschieben in den Quarantäneordner war nicht möglich.

Nun der OTL - Log
OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 16.10.2012 19:56:09 - Run 6
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Johannes\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000c07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
7,98 Gb Total Physical Memory | 6,19 Gb Available Physical Memory | 77,59% Memory free
15,95 Gb Paging File | 14,04 Gb Available in Paging File | 87,98% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 467,21 Gb Total Space | 168,52 Gb Free Space | 36,07% Space Free | Partition Type: NTFS
Drive D: | 464,21 Gb Total Space | 56,22 Gb Free Space | 12,11% Space Free | Partition Type: NTFS
 
Computer Name: JOHANNES-PC2 | User Name: Johannes | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Johannes\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\ASUS\ASUS Ai Charger\AiChargerAP.exe (ASUSTek Computer Inc.)
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Users\Johannes\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG)
PRC - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (Web Assistant Updater) -- C:\Programme\Web Assistant\ExtensionUpdaterService.exe ()
SRV - (AdobeActiveFileMonitor10.0) -- C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated)
SRV - (Microsoft SharePoint Workspace Audit Service) -- C:\Program Files (x86)\Microsoft Office2010\Office14\GROOVE.EXE (Microsoft Corporation)
SRV - (Fabs) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG)
SRV - (DAZContentManagementService) -- C:\Programme\DAZ 3D\Content Management Service\ContentManagementServer.exe ()
SRV - (FirebirdServerMAGIXInstance) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe (MAGIX®)
SRV - (AtherosSvc) -- C:\Program Files (x86)\Bluetooth Suite\adminservice.exe (Atheros Commnucations)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (truecrypt) -- C:\Windows\SysNative\drivers\truecrypt.sys (TrueCrypt Foundation)
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices)
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH)
DRV:64bit: - (Netaapl) -- C:\Windows\SysNative\drivers\netaapl64.sys (Apple Inc.)
DRV:64bit: - (Point64) -- C:\Windows\SysNative\drivers\point64.sys (Microsoft Corporation)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (Renesas Electronics Corporation)
DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (Renesas Electronics Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (BTATH_A2DP) -- C:\Windows\SysNative\drivers\btath_a2dp.sys (Atheros)
DRV:64bit: - (BtFilter) -- C:\Windows\SysNative\drivers\btfilter.sys (Atheros)
DRV:64bit: - (BTATH_HCRP) -- C:\Windows\SysNative\drivers\btath_hcrp.sys (Atheros)
DRV:64bit: - (BTATH_RCP) -- C:\Windows\SysNative\drivers\btath_rcp.sys (Atheros)
DRV:64bit: - (BTATH_LWFLT) -- C:\Windows\SysNative\drivers\btath_lwflt.sys (Atheros)
DRV:64bit: - (ATHDFU) -- C:\Windows\SysNative\drivers\AthDfu.sys (Windows (R) Win 7 DDK provider)
DRV:64bit: - (AthBTPort) -- C:\Windows\SysNative\drivers\btath_flt.sys (Atheros)
DRV:64bit: - (BTATH_BUS) -- C:\Windows\SysNative\drivers\btath_bus.sys (Atheros)
DRV:64bit: - (AiCharger) -- C:\Windows\SysNative\drivers\AiCharger.sys (ASUSTek Computer Inc.)
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (AiCharger) -- C:\Windows\SysWOW64\drivers\AiCharger.sys (ASUSTek Computer Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://home.sweetim.com/?crg=4.0002002
IE - HKLM\..\SearchScopes,DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}&crg=4.0002002
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.at/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://at.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-AT
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0D 39 6D EF 07 C0 CC 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {1CADBE96-EECC-4F16-A813-60BD2A48DA4B}
IE - HKCU\..\SearchScopes\{1CADBE96-EECC-4F16-A813-60BD2A48DA4B}: "URL" = hxxp://www.google.at/search?q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..browser.search.selectedEngine: "Google.at"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.google.at"
FF - prefs.js..extensions.enabledAddons: {336D0C35-8A85-403a-B9D2-65C292C39087}:2.0.0.430
FF - prefs.js..extensions.enabledAddons: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.9
FF - prefs.js..keyword.URL: "hxxp://search.sweetim.com/search.asp?src=2&q="
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..network.proxy.type: 0
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_265.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Johannes\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Johannes\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll (Amazon.com, Inc.)
FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft)
 
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX [2012.05.03 11:15:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\Web Assistant\Firefox [2012.05.03 11:15:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.02.09 17:55:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2012.02.09 17:55:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Johannes\AppData\Roaming\mozilla\Extensions
[2012.07.30 18:19:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Johannes\AppData\Roaming\mozilla\Firefox\Profiles\79s52rs8.default\extensions
[2012.07.30 18:11:43 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Johannes\AppData\Roaming\mozilla\Firefox\Profiles\79s52rs8.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012.07.30 18:19:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Johannes\AppData\Roaming\mozilla\Firefox\Profiles\79s52rs8.default\extensions\staged
[2012.06.06 12:00:19 | 000,002,467 | ---- | M] () -- C:\Users\Johannes\AppData\Roaming\mozilla\firefox\profiles\79s52rs8.default\searchplugins\googleat.xml
[2012.05.03 11:15:24 | 000,002,203 | ---- | M] () -- C:\Users\Johannes\AppData\Roaming\mozilla\firefox\profiles\79s52rs8.default\searchplugins\MyStart Search.xml
[2012.05.03 11:17:04 | 000,003,934 | ---- | M] () -- C:\Users\Johannes\AppData\Roaming\mozilla\firefox\profiles\79s52rs8.default\searchplugins\sweetim.xml
[2012.05.03 11:17:11 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.05.03 11:17:11 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions\ffxtlbr@babylon.com
[2012.05.03 11:15:26 | 000,000,000 | ---D | M] (Web Assistant) -- C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX
[2012.01.29 18:12:48 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.01.29 16:02:49 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.05.03 11:17:08 | 000,002,298 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
[2012.01.29 15:50:55 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.01.29 16:02:49 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.01.29 16:02:49 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.01.29 16:02:49 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.01.29 16:02:49 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - homepage: hxxp://isearch.babylon.com/?babsrc=HP_ss&mntrId=ba010ec9000000000000f46d04b04223
CHR - default_search_provider: Google \u00D6sterreich (Enabled)
CHR - default_search_provider: search_url = hxxp://www.google.at/search?q={searchTerms}
CHR - default_search_provider: suggest_url = 
CHR - homepage: hxxp://isearch.babylon.com/?babsrc=HP_ss&mntrId=ba010ec9000000000000f46d04b04223
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Johannes\AppData\Local\Google\Chrome\Application\20.0.1132.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Johannes\AppData\Local\Google\Chrome\Application\20.0.1132.57\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Johannes\AppData\Local\Google\Chrome\Application\20.0.1132.57\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.300.12 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U30 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Johannes\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\Johannes\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google-Suche = C:\Users\Johannes\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Web Assistant = C:\Users\Johannes\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd\2.0.0.430_0\
CHR - Extension: SweetIM for Facebook = C:\Users\Johannes\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.0.0.0_0\Copy of 
CHR - Extension: SweetIM for Facebook = C:\Users\Johannes\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.0.0.0_0\
CHR - Extension: Google Mail = C:\Users\Johannes\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
CHR - Extension: YouTube = C:\Users\Johannes\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google-Suche = C:\Users\Johannes\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Web Assistant = C:\Users\Johannes\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd\2.0.0.430_0\
CHR - Extension: SweetIM for Facebook = C:\Users\Johannes\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.0.0.0_0\Copy of 
CHR - Extension: SweetIM for Facebook = C:\Users\Johannes\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.0.0.0_0\
CHR - Extension: Google Mail = C:\Users\Johannes\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Web Assistant) - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Programme\Web Assistant\Extension64.dll ()
O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Web Assistant) - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Programme\Web Assistant\Extension32.dll ()
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ASUS Ai Charger] C:\Program Files (x86)\ASUS\ASUS Ai Charger\AiChargerAP.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - Startup: C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Johannes\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105 File not found
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Johannes\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Free YouTube Download - C:\Users\Johannes\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000 File not found
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - Reg Error: Value error. File not found
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office2010\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office2010\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office2010\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office2010\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7E2423B5-DAB0-4686-B78D-C0557C26D1A9}: DhcpNameServer = 213.94.78.16 213.94.78.17
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{844448C0-194D-41F9-8382-01E5B447EF47}: NameServer = 212.186.211.21,195.34.133.21
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.10.16 17:10:08 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Johannes\Desktop\OTL.exe
[2012.10.16 16:59:34 | 000,000,000 | ---D | C] -- C:\Users\Johannes\Desktop\Musik
[2012.10.16 13:20:05 | 000,000,000 | ---D | C] -- C:\Users\Johannes\Desktop\Logs
[2012.10.16 09:28:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012.10.16 09:03:59 | 000,000,000 | ---D | C] -- C:\Users\Johannes\AppData\Roaming\Malwarebytes
[2012.10.16 09:02:57 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.10.16 09:02:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.10.16 09:02:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.10.16 09:02:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.10.16 09:02:24 | 010,524,080 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\Johannes\Desktop\mbam-setup-1.65.0.1400.exe
[2012.10.10 19:56:50 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012.10.10 19:56:50 | 003,968,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012.10.10 19:56:50 | 003,914,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012.10.10 19:56:49 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll
[2012.10.10 19:56:17 | 001,464,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2012.10.10 19:56:16 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll
[2012.10.05 10:12:42 | 000,000,000 | ---D | C] -- C:\Users\Johannes\Desktop\WW10-2012
[2012.10.02 16:46:01 | 000,014,848 | ---- | C] (ASUSTek Computer Inc.) -- C:\Windows\SysWow64\drivers\AiCharger.sys
[2012.10.02 16:27:35 | 000,014,592 | ---- | C] (ASUSTek Computer Inc.) -- C:\Windows\SysNative\drivers\AiCharger.sys
[2012.10.02 16:26:12 | 000,000,000 | ---D | C] -- C:\Windows\AsDmiHtm
[2012.10.01 19:34:29 | 000,000,000 | ---D | C] -- C:\Users\Johannes\AppData\Roaming\Trine2
[2012.10.01 10:36:30 | 000,028,672 | ---- | C] (ASUSTek Computer Inc.) -- C:\Windows\SysWow64\AsIO.dll
[2012.10.01 10:36:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ASUS
[2012.10.01 02:39:55 | 000,000,000 | ---D | C] -- C:\Users\Johannes\Documents\Crazy Talk
[2012.10.01 01:39:00 | 000,000,000 | ---D | C] -- C:\Users\Johannes\AppData\Roaming\Reallusion
[2012.09.22 09:54:48 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012.09.22 09:54:48 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012.09.22 09:54:46 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012.09.22 09:54:45 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012.09.22 09:54:45 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012.09.22 09:54:45 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012.09.22 09:54:44 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012.09.22 09:54:44 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012.09.22 09:54:43 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012.09.22 09:54:43 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012.09.22 09:54:43 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012.09.22 09:54:43 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012.09.22 09:54:42 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012.09.22 09:54:42 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012.09.22 09:54:42 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2012.09.21 20:16:28 | 000,000,000 | ---D | C] -- C:\Program Files\Serif
[2012.09.19 13:52:46 | 001,034,216 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\npDeployJava1.dll
[2012.09.19 13:52:46 | 000,916,456 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\deployJava1.dll
[2012.09.19 13:52:46 | 000,289,768 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe
[2012.09.19 13:52:35 | 000,189,416 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe
[2012.09.19 13:52:35 | 000,188,904 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\java.exe
[2012.09.19 13:52:35 | 000,108,008 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\WindowsAccessBridge-64.dll
[2012.09.19 13:52:30 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2012.09.19 13:08:35 | 000,000,000 | ---D | C] -- C:\Users\Johannes\AppData\Roaming\.minecraft
[2012.09.19 01:52:11 | 000,503,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\srcore.dll
[2012.09.19 01:52:10 | 000,751,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll
[2012.09.19 01:52:10 | 000,492,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll
[2012.09.19 01:52:10 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\splwow64.exe
[2012.09.19 01:52:09 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\RNDISMP.sys
[2012.09.19 01:51:51 | 000,574,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll
[2012.09.18 13:00:34 | 000,000,000 | ---D | C] -- C:\Program Files\Gehriger Engineering
[2012.09.17 12:46:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012.09.17 12:46:34 | 000,033,240 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys
[2012.09.17 12:46:05 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012.09.17 12:46:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2012.09.17 12:46:05 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012.09.17 12:46:05 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2012.07.18 01:06:51 | 001,242,448 | ---- | C] (Valve Corporation) -- C:\Program Files (x86)\Steam.exe
 
========== Files - Modified Within 30 Days ==========
 
[2012.10.16 19:52:49 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.10.16 19:52:45 | 2129,219,583 | -HS- | M] () -- C:\hiberfil.sys
[2012.10.16 19:18:04 | 000,001,132 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3452236036-1519950677-1972415991-1000UA.job
[2012.10.16 17:33:56 | 000,021,664 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.10.16 17:33:56 | 000,021,664 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.10.16 17:33:31 | 001,612,484 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.10.16 17:33:31 | 000,696,620 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.10.16 17:33:31 | 000,651,938 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.10.16 17:33:31 | 000,147,916 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.10.16 17:33:31 | 000,120,870 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.10.16 17:10:08 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Johannes\Desktop\OTL.exe
[2012.10.16 16:44:23 | 000,000,000 | ---- | M] () -- C:\Users\Johannes\defogger_reenable
[2012.10.16 16:37:47 | 000,050,477 | ---- | M] () -- C:\Users\Johannes\Desktop\Defogger.exe
[2012.10.16 09:02:57 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.10.16 09:02:36 | 010,524,080 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\Johannes\Desktop\mbam-setup-1.65.0.1400.exe
[2012.10.16 08:38:47 | 083,023,306 | ---- | M] () -- C:\ProgramData\dsgsdgdsgdsgw.pad
[2012.10.15 09:18:00 | 000,001,080 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3452236036-1519950677-1972415991-1000Core.job
[2012.10.10 20:18:56 | 000,002,506 | ---- | M] () -- C:\Users\Johannes\Desktop\Google Chrome.lnk
[2012.10.10 19:49:17 | 000,696,760 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012.10.10 19:49:17 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012.10.09 10:25:18 | 000,001,124 | ---- | M] () -- C:\Users\Johannes\Desktop\SongBeamer.lnk
[2012.10.02 18:13:58 | 000,027,946 | ---- | M] () -- C:\Windows\Ascd_tmp.ini
[2012.10.02 18:13:51 | 000,001,769 | ---- | M] () -- C:\Windows\Language_trs.ini
[2012.10.02 17:48:28 | 000,011,832 | ---- | M] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys
[2012.10.02 17:48:28 | 000,010,216 | ---- | M] () -- C:\Windows\SysWow64\drivers\AsInsHelp32.sys
[2012.10.02 17:09:29 | 004,194,304 | ---- | M] () -- C:\P8P67-ASUS-3509.ROM
[2012.10.02 16:46:17 | 000,028,672 | ---- | M] (ASUSTek Computer Inc.) -- C:\Windows\SysWow64\AsIO.dll
[2012.10.02 16:46:17 | 000,013,440 | ---- | M] () -- C:\Windows\SysWow64\drivers\AsIO.sys
[2012.10.01 10:43:22 | 000,001,106 | ---- | M] () -- C:\Users\Johannes\Desktop\MuseScore.lnk
[2012.10.01 01:57:35 | 000,000,075 | RHS- | M] () -- C:\Windows\CT6STET.BIN
[2012.09.22 17:23:51 | 001,404,488 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.09.21 20:16:43 | 000,002,135 | ---- | M] () -- C:\Users\Public\Desktop\Serif CraftArtist 2.lnk
[2012.09.19 13:52:31 | 000,108,008 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\WindowsAccessBridge-64.dll
[2012.09.19 13:52:30 | 001,034,216 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\npDeployJava1.dll
[2012.09.19 13:52:30 | 000,916,456 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\deployJava1.dll
[2012.09.19 13:52:30 | 000,289,768 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe
[2012.09.19 13:52:30 | 000,189,416 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe
[2012.09.19 13:52:30 | 000,188,904 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\java.exe
[2012.09.17 12:46:40 | 000,001,783 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
 
========== Files Created - No Company Name ==========
 
[2012.10.16 16:44:23 | 000,000,000 | ---- | C] () -- C:\Users\Johannes\defogger_reenable
[2012.10.16 16:37:47 | 000,050,477 | ---- | C] () -- C:\Users\Johannes\Desktop\Defogger.exe
[2012.10.16 09:02:57 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.10.16 08:35:43 | 083,023,306 | ---- | C] () -- C:\ProgramData\dsgsdgdsgdsgw.pad
[2012.10.02 17:45:44 | 004,194,304 | ---- | C] () -- C:\P8P67-ASUS-3509.ROM
[2012.10.01 10:43:22 | 000,001,106 | ---- | C] () -- C:\Users\Johannes\Desktop\MuseScore.lnk
[2012.10.01 10:36:30 | 000,013,440 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
[2012.10.01 10:36:28 | 000,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys
[2012.10.01 01:57:35 | 000,000,075 | RHS- | C] () -- C:\Windows\CT6STET.BIN
[2012.09.21 20:16:43 | 000,002,495 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Serif CraftArtist 2.lnk
[2012.09.21 20:16:43 | 000,002,135 | ---- | C] () -- C:\Users\Public\Desktop\Serif CraftArtist 2.lnk
[2012.09.17 12:46:40 | 000,001,783 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012.08.04 00:05:28 | 000,189,248 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012.08.04 00:05:27 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012.03.23 11:30:11 | 000,007,168 | ---- | C] () -- C:\Users\Johannes\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.03.12 13:01:21 | 000,000,218 | ---- | C] () -- C:\Users\Johannes\.recently-used.xbel
[2012.03.09 14:06:14 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2012.02.15 04:36:36 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012.02.15 04:36:36 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012.01.30 02:29:20 | 001,589,442 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.01.09 12:34:09 | 000,601,088 | ---- | C] () -- C:\Users\Johannes\AppData\Roaming\SharedSettings.ccs
[2012.01.01 19:05:27 | 000,000,432 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2012.01.01 19:05:27 | 000,000,034 | ---- | C] () -- C:\Windows\SysWow64\BD2030.DAT
[2011.12.27 20:03:41 | 000,000,931 | ---- | C] () -- C:\Users\Johannes\.jalbum-defaults.jap
[2011.12.27 20:03:41 | 000,000,884 | ---- | C] () -- C:\Users\Johannes\.jalbum-recent-projects.properties
[2011.12.27 20:03:41 | 000,000,423 | ---- | C] () -- C:\Users\Johannes\.jalbum-ftp-accounts.xml
[2011.12.27 04:58:52 | 000,004,441 | ---- | C] () -- C:\Windows\jtzf_sq32.ini
[2011.12.25 15:05:49 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2011.12.21 20:18:20 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011.12.21 19:46:26 | 000,007,597 | ---- | C] () -- C:\Users\Johannes\AppData\Local\Resmon.ResmonCfg
[2011.12.21 19:12:38 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2011.12.21 19:12:32 | 000,027,946 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2011.09.28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011.09.13 01:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011.08.03 14:21:58 | 004,077,568 | ---- | C] () -- C:\Windows\QLMGXRenderer.dll
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012.09.19 13:24:44 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\.minecraft
[2011.12.27 05:04:53 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\AceBIT
[2012.01.07 04:45:51 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\Amazon
[2011.12.26 01:41:39 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\Ashampoo
[2012.05.03 11:17:05 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\Babylon
[2011.12.25 13:57:05 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\bizarre creations
[2012.08.08 18:16:39 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\calibre
[2012.01.13 17:20:51 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\Canon
[2012.04.16 02:34:07 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012.02.27 04:00:18 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\CoffeeCup Software
[2012.01.24 18:01:44 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\ComBib
[2012.02.04 15:19:43 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\DAZ 3D
[2012.07.14 02:52:48 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\DiskAid
[2012.10.16 19:53:34 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\Dropbox
[2012.02.02 13:09:56 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\DVDVideoSoft
[2012.02.02 13:09:48 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.03.12 12:48:13 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\gtk-2.0
[2012.02.18 03:51:21 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\HandBrake
[2011.12.27 05:32:19 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\HDRsoft
[2011.12.27 02:52:40 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\MAGIX
[2012.04.30 12:53:06 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\MakeMusic
[2012.03.16 12:48:20 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\MultiCommander
[2012.02.16 00:04:34 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\MusE
[2011.12.30 18:27:02 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\NeatImage SL 64
[2012.02.18 04:51:40 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\Need for Speed World
[2012.07.10 11:31:39 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\Nik Software
[2012.09.08 18:40:36 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\Origin
[2012.02.04 16:50:30 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\Poser 7
[2012.02.04 16:33:43 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\Poser 7_2008_07_09 10_55_15 AM
[2012.01.03 09:16:44 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\Poser Debut
[2011.12.27 03:59:36 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\proDAD
[2012.01.05 04:32:46 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\Serif
[2011.12.31 17:59:22 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\SmartStore
[2012.07.11 17:58:30 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\Smith Micro
[2012.02.07 12:35:26 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\Software4u
[2012.10.14 03:57:44 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\SongBeamer
[2012.07.16 12:43:41 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\SpeedProject
[2012.10.01 19:34:29 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\Trine2
[2012.06.30 01:41:09 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\TrueCrypt
[2012.03.02 14:50:40 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\Ubisoft
 
========== Purity Check ==========
 
 

< End of report >

--- --- ---

und Extras
OTL Logfile:

Code:

ATTFilter

OTL Extras logfile created on: 16.10.2012 19:56:09 - Run 6
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Johannes\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000c07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
7,98 Gb Total Physical Memory | 6,19 Gb Available Physical Memory | 77,59% Memory free
15,95 Gb Paging File | 14,04 Gb Available in Paging File | 87,98% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 467,21 Gb Total Space | 168,52 Gb Free Space | 36,07% Space Free | Partition Type: NTFS
Drive D: | 464,21 Gb Total Space | 56,22 Gb Free Space | 12,11% Space Free | Partition Type: NTFS
 
Computer Name: JOHANNES-PC2 | User Name: Johannes | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office2010\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office2010\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office2010\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office2010\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{027DA069-7FDC-4DFE-983E-F1ECC84B6AAB}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{03063BC3-A0ED-443E-9742-B22B6552AC3B}" = lport=137 | protocol=17 | dir=in | app=system | 
"{05F4FEF1-6442-41A3-8A4E-0B4669D31E93}" = rport=138 | protocol=17 | dir=out | app=system | 
"{09E9DB4E-A13F-4E3C-9467-E9031544F660}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{155A2F31-0542-4D6C-8CC5-3287F35011CC}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{162B726E-306A-40C3-A581-B5382133D9C1}" = rport=139 | protocol=6 | dir=out | app=system | 
"{1DCC5D25-4403-4C9E-958C-A1444D4D1EBC}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{209BBA11-8CFE-46BB-AA74-F982CA3765A8}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{49988696-5508-4474-9039-A5D562404FBB}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe | 
"{51A3705B-139A-4A3A-B318-409DF1842A11}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{61C03BFC-2FA0-481C-A791-19CE7C6E2BA0}" = lport=138 | protocol=17 | dir=in | app=system | 
"{8F7D1587-3110-4BB8-8D42-EB7B4AD5517C}" = lport=445 | protocol=6 | dir=in | app=system | 
"{951D7F7D-04F9-4C0F-8009-BB166DEF38B3}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{9AF1ADE3-074A-4CAC-AAB8-1AF344F49DEF}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{A634EFC9-CB43-4C17-A680-96E61E6D6AA6}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{B3D25FE6-1B1D-45CB-AA2F-DC937C6F454D}" = rport=445 | protocol=6 | dir=out | app=system | 
"{BB21617F-03B1-4132-95B8-4FE6CD14A24F}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{BB3EF0E9-8A87-48F8-B46B-607FFB5FB2E3}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{C977078D-FF19-4E03-93D7-46D5EEB3C305}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{C9EBAE05-57CA-4FD5-B25F-A6A53CEFC2B9}" = lport=139 | protocol=6 | dir=in | app=system | 
"{EA1B08F8-CC79-44C3-8414-39D0EFEDBC80}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office2010\office14\outlook.exe | 
"{F2B8DA3F-F6EC-4189-9111-C3CF1E256B71}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{F6FB4B5C-91E3-4052-A0E9-FFF6F8D0B9B6}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{FC75C9F3-7398-4B3E-AFF4-970D0F4FFBD3}" = rport=137 | protocol=17 | dir=out | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{029A78F1-7394-4583-A7DD-1E054251F2DE}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\prince of persia\launcher\launcher.exe | 
"{094AEF80-5B26-4448-AE13-0BCB94436F6E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\lost planet 2\launcher.exe | 
"{0A0A62E2-B346-46D0-A9D4-209AD654614C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\star trek online\star trek online.exe | 
"{0A9203EF-578B-49C0-A5F7-2AC94FD15570}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\virtua tennis 4\vt4.exe | 
"{0AE3D138-1A07-4E00-9676-7215D3524A07}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{0DDAFCC2-2A8B-49D2-A2F0-A4389CD43CA0}" = protocol=6 | dir=in | app=c:\program files (x86)\smith micro\motionartist\motionartist.exe | 
"{0EB3BEBA-F3E2-4B03-A0A4-269F564D0E21}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{0F52430D-90B2-4B0D-970F-F4F79C40230A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\lost planet 2\launcher.exe | 
"{0F88C5F6-9AF4-4862-B4BF-03D0F79F3434}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{126C1894-E78F-4874-82AC-0616EEE97101}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{16B0B9C8-20C2-46DE-8751-8BE59471D698}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\burnout(tm) paradise the ultimate box\burnoutparadise.exe | 
"{16DE49B5-6FE2-4FE4-9533-74F965064981}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\microsoft flight\flight.exe | 
"{17E0DB1B-4AC4-43A2-A76D-118217F61601}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\burnout(tm) paradise the ultimate box\support\ea help\electronic_arts_technical_support.htm | 
"{18B18EBC-C704-49B3-8CCA-D6D467D2E17A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\assassin's creed 2\assassinscreediigame.exe | 
"{19ABE88F-47AA-423A-ADD8-82E90BDBC8F2}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\mass effect 3 demo\binaries\win32\masseffect3demo.exe | 
"{25B38EB9-18D6-471B-A7EB-B803AB3131C2}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office2010\office14\groove.exe | 
"{264CB953-04DF-4D73-84F7-A17C8A5A569F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\microsoft flight\flight.exe | 
"{2674D841-6ABA-4CE0-8FDE-717B2CBCA2C8}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dirt 3\dirt3.exe | 
"{27DF8793-1808-4B57-ACDC-5BBC8AB31988}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office2010\office14\groove.exe | 
"{28513028-493C-4524-A500-AF3A2E240220}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office2010\office14\onenote.exe | 
"{2A4756B7-520C-4B8B-86E4-4490ACFEB3CE}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{2CB7EE0E-CA32-4AB8-9BE7-47D26A2F59A6}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{36671498-1FBE-4434-B412-AC1F6D8619A7}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\portal 2\portal2.exe | 
"{3A1E317F-78D5-494E-9A63-0DF0D3A1AB50}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{3C6310D4-61B2-4F0B-BC14-3C63B211FFDB}" = protocol=6 | dir=in | app=c:\users\johannes\appdata\roaming\dropbox\bin\dropbox.exe | 
"{408E39CD-BC1E-43A4-B97C-14E65DEB2378}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\crysis\bin32\crysis.exe | 
"{454978BD-3652-4724-825C-775222CFA544}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\portal 2\portal2.exe | 
"{463B854E-BBB1-4AB2-AF65-1767936BD238}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\prince of persia\launcher\launcher.exe | 
"{49C4B5C2-2125-410F-9165-61733D21D5CD}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\burnout(tm) paradise the ultimate box\burnoutparadise.exe | 
"{4AA94CED-402C-408B-B79E-DCB9721F47E6}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\assassins creed\assassinscreed_game.exe | 
"{55047D4F-CFF2-418F-B9A5-063B3C79913E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\max payne\maxpayne.exe | 
"{5ACA05C9-FAD6-4ACF-95E6-895306562478}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\portal 2\portal2.exe | 
"{5DECC12F-9F0F-4970-BA04-2AC6B123689C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\max payne\maxpayne.exe | 
"{5F9F10B4-079F-410B-90B7-4EBAEF7C1F8E}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\need for speed hot pursuit\launcher.exe | 
"{5FA2EDA7-FBB9-4521-B0C7-8387A907E85E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\flight_control_hd\flightcontrol_win32.exe | 
"{5FD2686D-250F-41CB-8844-AFC815CED818}" = protocol=6 | dir=in | app=c:\windows\system32\cnac4rpd.exe | 
"{60EF82EA-028C-438D-9C0C-9DE25E8990F7}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\virtua tennis 4\vt4.exe | 
"{65D75AB7-1180-4CDE-A408-5B19B1089F0A}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{693F664F-0E39-4050-9484-91D5C707D33D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\burnout(tm) paradise the ultimate box\support\ea help\electronic_arts_technical_support.htm | 
"{6D1A2BD8-3EE6-4775-BA60-DB897E965DE3}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{72673A37-FC5A-456B-94E5-982F1860C660}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\max payne 2 the fall of max payne\maxpayne2.exe | 
"{76739171-6F93-480D-97EC-A5C9BD9B501B}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{7BBFAFDF-8020-4428-9C6F-B4ADAE0C6E3C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\trine 2\trine2_launcher.exe | 
"{7E1D8AC7-D5EF-48F5-B2A9-5F9A567B89E3}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{83A91DDA-032A-4E22-B243-FCA45282AC49}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{84574FCA-BDF4-402C-BD7F-AD212ACCDF0F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{86E5DAFA-990E-4AF3-B683-B98F001BBEB5}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\portal 2\portal2.exe | 
"{8A20A4B7-0A67-447B-A026-BF77970E29F8}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\assassins creed\assassinscreed_game.exe | 
"{8BACA49D-E2C9-4041-9E7E-47D62E38C923}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\assassins creed brotherhood\acbsp.exe | 
"{8BB3F9BD-AEDF-41C0-A9D5-B7861E422F72}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\burnout(tm) paradise the ultimate box\burnoutconfigtool.exe | 
"{8CDACAE1-E51D-435E-8793-8EFF47A16871}" = protocol=17 | dir=in | app=c:\windows\system32\cnac4rpd.exe | 
"{8E355948-2B63-4F03-BD01-47105099ACF7}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{8F548C08-6B1F-4A4F-A90A-D539AA5282F3}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\burnout(tm) paradise the ultimate box\burnoutconfigtool.exe | 
"{9A59BF8F-8EDF-4F1F-853F-B2493741ECB4}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\mass effect 3 demo\binaries\win32\masseffect3demo.exe | 
"{AC3B3170-5A6D-4C3C-AD32-E22A9F04C61D}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{B1284279-2933-4BD2-80DD-E5AED1F39807}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{B187F61C-5B1C-44A2-84E0-C161FF31888B}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\need for speed hot pursuit\launcher.exe | 
"{C053D254-BFF9-4F29-A733-746111636BBB}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\virtua tennis 4\launcher.exe | 
"{C278D24A-B23D-4869-9B2D-0EAB9FE58B0B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dirt 3\dirt3.exe | 
"{C2E948B8-5580-4F76-AAB9-152A51277888}" = protocol=17 | dir=in | app=c:\users\johannes\appdata\roaming\dropbox\bin\dropbox.exe | 
"{C5EE0450-AD8C-4CDA-8310-CFE2333162FD}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\assassin's creed 2\assassinscreediigame.exe | 
"{CA6F13FF-AECD-4B89-877F-0B64946B41A8}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{D02A74E4-561E-4424-BFDC-2D04B5CCD093}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office2010\office14\onenote.exe | 
"{D0F1FF5B-6843-4CD4-A22F-E4DEC54DEDF3}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\crysis warhead\bin32\crysis.exe | 
"{D3817AE0-2A2B-4C2D-AF97-05C818A9C6B8}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\trine 2\trine2_launcher.exe | 
"{DA5FB809-1CBA-454D-A8EB-54B6A4EAB89E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\assassins creed brotherhood\acbsp.exe | 
"{E35F79D7-4AB6-4D40-AE0C-BB859909F1BA}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{E4C7FDEE-A87C-4BAE-A6A4-F68283A928CE}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\star trek online\star trek online.exe | 
"{E774B196-3451-4D50-BA86-F240D115D76B}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | 
"{E833ED0A-FC69-431B-80B0-EC1AB1C6D40B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\virtua tennis 4\launcher.exe | 
"{E861F3E6-67CC-4EB7-903B-8AE31B5459B0}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\flight_control_hd\flightcontrol_win32.exe | 
"{E8BA1094-1A63-46BD-ACA7-B80F6EF12E15}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\crysis\bin32\crysis.exe | 
"{E8BD6115-A507-4161-B74B-7C9CF23D61E1}" = protocol=17 | dir=in | app=c:\program files (x86)\smith micro\motionartist\motionartist.exe | 
"{F1F649CE-B06A-48EB-B2F2-3A8B70EB4F6D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\max payne 2 the fall of max payne\maxpayne2.exe | 
"{FEB5966D-FB07-42F3-B035-B94DF4DCAF4A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\crysis warhead\bin32\crysis.exe | 
"TCP Query User{0B553E11-9391-4D17-B510-517CA836C513}C:\program files (x86)\steam\steamapps\common\blur\blur.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\blur\blur.exe | 
"TCP Query User{1422B22C-38B7-47B9-B051-ABF41BC8FDAE}C:\program files (x86)\steam\steamapps\common\lost planet 2\lp2dx11.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\lost planet 2\lp2dx11.exe | 
"TCP Query User{24596A8E-37B8-48BF-BAC1-02B3DCAAEBF1}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | 
"TCP Query User{2A3E41A3-6DED-4373-9051-A4DFBAEAED01}C:\program files (x86)\smith micro\anime studio debut 8\anime studio.exe" = protocol=6 | dir=in | app=c:\program files (x86)\smith micro\anime studio debut 8\anime studio.exe | 
"TCP Query User{4CD0AE45-8A82-4902-9C3C-0185BF9E60A8}C:\program files (x86)\smith micro\poser debut\poserdebut.exe" = protocol=6 | dir=in | app=c:\program files (x86)\smith micro\poser debut\poserdebut.exe | 
"TCP Query User{5FEBC81D-6582-4BC5-BDD0-EC918DEE83E4}C:\program files (x86)\steam\steamapps\common\lost planet 2\lp2dx9.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\lost planet 2\lp2dx9.exe | 
"TCP Query User{6D512BEA-8A39-4E8C-8DDC-5C157CE3C48A}C:\program files (x86)\origin games\need for speed hot pursuit\nfs11.exe" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\need for speed hot pursuit\nfs11.exe | 
"TCP Query User{70744988-3EA2-4449-AC30-DEB23C10DF3B}C:\program files (x86)\tmnationsforever\tmforever.exe" = protocol=6 | dir=in | app=c:\program files (x86)\tmnationsforever\tmforever.exe | 
"TCP Query User{81C36F38-DB1F-47FF-BC72-64F085206DF5}C:\program files (x86)\steam\steamapps\common\crysis 2 game of the year\bin32\crysis2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\crysis 2 game of the year\bin32\crysis2.exe | 
"TCP Query User{92B05302-6141-40F4-AD4E-894E9BF1C5CD}C:\program files (x86)\e frontier\poser 7\poser.exe" = protocol=6 | dir=in | app=c:\program files (x86)\e frontier\poser 7\poser.exe | 
"TCP Query User{94BCCDA7-BE96-4B96-BCB1-02594E1F35C3}C:\program files (x86)\smith micro\anime studio debut 8\anime studio.exe" = protocol=6 | dir=in | app=c:\program files (x86)\smith micro\anime studio debut 8\anime studio.exe | 
"TCP Query User{A08B02E7-630C-4DA3-BB0D-180B7837E14A}C:\program files (x86)\tmunitedforever\tmforever.exe" = protocol=6 | dir=in | app=c:\program files (x86)\tmunitedforever\tmforever.exe | 
"TCP Query User{A60A2CD4-3381-484B-91D9-A3EEA1FDB184}C:\program files (x86)\steam\steamapps\common\dirt 3\dirt3_game.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dirt 3\dirt3_game.exe | 
"TCP Query User{AB31F086-BB51-4F38-98F3-E9984D1D1FD5}C:\program files (x86)\steam\steamapps\common\star trek online\star trek online\live\gameclient.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\star trek online\star trek online\live\gameclient.exe | 
"TCP Query User{B5CF2684-C286-4728-962A-4062DD3884E0}C:\users\johannes\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\johannes\appdata\roaming\dropbox\bin\dropbox.exe | 
"TCP Query User{D89AD2D3-2400-4768-AC22-CE73DBFB768C}C:\program files (x86)\steam\steamapps\common\blur\blur.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\blur\blur.exe | 
"TCP Query User{FD09C831-4272-49CF-AFF5-7B71D309B255}C:\program files (x86)\trackmania united\tmunited.exe" = protocol=6 | dir=in | app=c:\program files (x86)\trackmania united\tmunited.exe | 
"UDP Query User{1E318440-C16A-4AA9-B00D-B6ED50ED2480}C:\program files (x86)\tmunitedforever\tmforever.exe" = protocol=17 | dir=in | app=c:\program files (x86)\tmunitedforever\tmforever.exe | 
"UDP Query User{2A81B791-9659-4F6E-B0B5-51AFCB10488C}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | 
"UDP Query User{4616AF84-C894-4895-9892-F659694E88B1}C:\program files (x86)\tmnationsforever\tmforever.exe" = protocol=17 | dir=in | app=c:\program files (x86)\tmnationsforever\tmforever.exe | 
"UDP Query User{476299E9-0394-4233-AAB5-A1614FA1A2CA}C:\program files (x86)\steam\steamapps\common\star trek online\star trek online\live\gameclient.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\star trek online\star trek online\live\gameclient.exe | 
"UDP Query User{4A60A829-D9C2-4A72-84E6-2103E7AF4032}C:\program files (x86)\steam\steamapps\common\blur\blur.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\blur\blur.exe | 
"UDP Query User{57344D81-AEED-45D8-B8D8-A735AFE76270}C:\program files (x86)\smith micro\poser debut\poserdebut.exe" = protocol=17 | dir=in | app=c:\program files (x86)\smith micro\poser debut\poserdebut.exe | 
"UDP Query User{6887CD3A-900F-4C75-91FD-E9EE15FE3C31}C:\program files (x86)\trackmania united\tmunited.exe" = protocol=17 | dir=in | app=c:\program files (x86)\trackmania united\tmunited.exe | 
"UDP Query User{81062D8C-8CAE-480E-B8B5-B37FB6F216F3}C:\program files (x86)\smith micro\anime studio debut 8\anime studio.exe" = protocol=17 | dir=in | app=c:\program files (x86)\smith micro\anime studio debut 8\anime studio.exe | 
"UDP Query User{8411F21B-8FD0-4C06-917C-50989CEDA70F}C:\program files (x86)\e frontier\poser 7\poser.exe" = protocol=17 | dir=in | app=c:\program files (x86)\e frontier\poser 7\poser.exe | 
"UDP Query User{883A3BFA-6596-4C41-AF5C-C448EA41EFE4}C:\program files (x86)\steam\steamapps\common\blur\blur.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\blur\blur.exe | 
"UDP Query User{909188C3-AB6D-4279-80C5-20863DE93838}C:\users\johannes\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\johannes\appdata\roaming\dropbox\bin\dropbox.exe | 
"UDP Query User{ACFA47F0-1460-49BC-A345-88FCCFC3F696}C:\program files (x86)\origin games\need for speed hot pursuit\nfs11.exe" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\need for speed hot pursuit\nfs11.exe | 
"UDP Query User{AFFCF98B-D4C5-401A-992C-F793A73653B2}C:\program files (x86)\steam\steamapps\common\lost planet 2\lp2dx9.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\lost planet 2\lp2dx9.exe | 
"UDP Query User{C43AC7E2-7BD0-4F8D-BC4C-E4312C53DC1C}C:\program files (x86)\steam\steamapps\common\crysis 2 game of the year\bin32\crysis2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\crysis 2 game of the year\bin32\crysis2.exe | 
"UDP Query User{C8265820-5865-4EA2-BE21-2676C929CBB9}C:\program files (x86)\steam\steamapps\common\dirt 3\dirt3_game.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dirt 3\dirt3_game.exe | 
"UDP Query User{ED6D745F-3D51-40F3-B6AD-9F940DA5C222}C:\program files (x86)\steam\steamapps\common\lost planet 2\lp2dx11.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\lost planet 2\lp2dx11.exe | 
"UDP Query User{F8C69F8A-AB49-48E9-B80B-A800CC7A9114}C:\program files (x86)\smith micro\anime studio debut 8\anime studio.exe" = protocol=17 | dir=in | app=c:\program files (x86)\smith micro\anime studio debut 8\anime studio.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1" = Core Temp 1.0 RC3
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP540_series" = Canon MP540 series MP Drivers
"{1493B2AE-0261-47D2-B1AA-F4DAD0F6C48B}" = iTunes
"{230D1595-57DA-4933-8C4E-375797EBB7E1}" = Bluetooth Win7 Suite (64)
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{26A24AE4-039D-4CA4-87B4-2F86417007FF}" = Java 7 Update 7 (64-bit)
"{26F481C6-8DBE-4F8B-9D8D-715081C23ADE}" = Adobe Premiere Elements 10
"{336D0C35-8A85-403a-B9D2-65C292C39087}_is1" = Web Assistant 2.0.0.430
"{3DAE9A67-DD8D-4EDB-91F7-7B5132B1864D}" = SmartSound Premiere Elements 10 x64 Plugin
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4D533F05-A3F6-F8A9-F1F6-FA6812089D36}" = AMD Drag and Drop Transcoding
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{624C7F0A-89B2-4C49-9CAB-9D69613EC95A}" = Microsoft IntelliPoint 8.2
"{6C2E334F-37F5-C312-53BA-1482F9A6FD4D}" = ccc-utility64
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{7446FE8D-C1F9-4D42-AAAE-5DBCE58605A6}" = Apple Mobile Device Support
"{81D00339-968D-15D1-3499-8431658E896F}" = AMD Catalyst Install Manager
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B9609B6D-9532-E0F8-BE41-DFE18BFAEC22}" = AMD AVIVO64 Codecs
"{BABA4667-CF82-B330-A8E5-6E8A09B2D911}" = AMD Accelerated Video Transcoding
"{C1AC1FED-9E75-42A5-B3EA-CCEC92E75D61}" = Raw Therapee V4.0.7.1 x64
"{D0BE8477-6206-4588-8148-971EDAB6BBAD}" = Serif CraftArtist 2 Professional
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
"{E6F5D8BE-0B00-6DD9-18F9-D4045798FCBE}" = AMD Media Foundation Decoders
"{EB59AEBA-DF0C-4532-9C09-31E7B660EC13}" = EMF Plug-In
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Canon LBP5000" = Canon LBP5000
"CutePDF Writer Installation" = CutePDF Writer 2.8
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft IntelliPoint 8.2" = Microsoft IntelliPoint 8.2
"Neat Image Standalone_is1" = Neat Image v7.1.0 Demo Standalone
"PhotomatixPro41x64_is1" = Photomatix Pro version 4.1.2
"PremElem100" = Adobe Premiere Elements 10
"WinRAR archiver" = WinRAR 4.20 (64-Bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01496C89-6117-AD97-3CB3-98AF2026070C}" = CCC Help German
"{02E43EC2-6B1C-45B5-9E48-941C3E1B204A}_is1" = System.Data.SQLite v1.0.80.0
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0486991B-63F4-5106-06CE-404D7BA55041}" = CCC Help Italian
"{05BBF12D-565E-4212-8BDD-C482C72866DD}" = Vasco da Gama 4 HDPro
"{0834BB26-4019-4BCA-81F9-067FAFBFAE80}" = DaisyTrail Posters Digikit
"{10B1D4F7-6568-48F7-92FD-74D616CD061E}" = Serif CraftArtist Wedding Days Collection
"{11D08055-939C-432b-98C3-E072478A0CD7}" = PSE10 STI Installer
"{15FD2553-F154-4A40-9A2A-226C91AEAED7}" = DaisyTrail Diwali 2011 Digikit
"{177A3BC5-ECD3-BFF1-4D87-C4B417924DF2}" = CCC Help Russian
"{182D9A20-F5AE-4E6C-A4FC-651351DD083E}" = Serif WebPlus: Business Template - Real Estate 1
"{189B9ACF-DBA6-4F52-8726-2E11049FB1F7}" = HydraVision
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{19D368B2-5601-007B-A296-535706E00D97}" = CCC Help English
"{1D273D91-D7D5-4036-8B84-EB4615FF5F81}" = SmartSound Sonicfire Pro 5
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{22D3A614-482C-444A-932C-9DA1B8ECDFD2}" = Elements 10 Organizer
"{2397CAD4-2263-4CD0-96BE-E43A980B9C9A}_is1" = Geeks3D.com FurMark 1.9.2
"{25015AF4-F435-4605-A06F-BA91C0BF6087}" = Serif CraftArtist Scrapbooks Collection
"{26A24AE4-039D-4CA4-87B4-2F83216030FF}" = Java(TM) 6 Update 30
"{27786902-FB5A-484C-8A2E-2501215AE454}" = DaisyTrail Valentine's 2012 Digikit
"{278FA289-F502-D888-A3BA-5FA10308AAAD}" = CCC Help Danish
"{2DC240EA-51B1-4CC4-A0E5-4E4399CD7302}" = Serif PagePlus X4
"{312F775B-EF9B-4456-83C8-4B4596677C13}" = Serif CraftArtist Baby Photos Collection
"{31D888B7-9DA0-4219-9371-9A0037A097C6}" = MAGIX Screenshare
"{340C0246-975B-420F-8ADD-DEA69B16FDEE}" = Adobe Premiere Elements 10 Content 1
"{35EDE682-4AE5-47D6-B44F-103F859951DC}" = Serif PanoramaPlus X4
"{371C9583-5174-4CF8-B10D-D4C3AA7E8CD0}" = Serif PagePlus X5
"{39CF0384-AF7F-4E56-9A8F-6F533C8A6DF4}" = MAGIX Video deluxe 17 Premium Sonderedition Video Plugins
"{3EAF3023-F780-46E5-8220-72F8DB87A7EB}_is1" = WISE-FTP 7
"{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX
"{44F77218-4BBD-1B74-88B7-FC302868F2B3}" = CCC Help Japanese
"{465C892E-BEE0-422F-A992-EA627D1943A3}" = Serif WebPlus: Interest Template - Photography 2
"{489BC3B4-AEF9-E14A-11BC-B70FDE9D543D}" = CCC Help Chinese Traditional
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A85AE1B-9727-261D-9EAF-07C1AECCF977}" = CCC Help Turkish
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4F29521F-7338-4D15-8691-8FEEB987780C}" = Adobe Premiere Elements 10 HD Content 3
"{502699FF-F586-54B1-91E8-E85D9FAE0D6D}" = CCC Help Greek
"{505AFDC0-5E72-4928-8368-5DEA385E3647}" = CorelDRAW Graphics Suite 12
"{53450FA2-F4B6-48C4-805B-751000018201}" = Virtua Tennis 4
"{53EF1C4D-0705-98F2-1889-A69BBF9F03F3}" = CCC Help Thai
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{548A4EF3-BD97-0813-B469-E1E2FC9DE487}" = CCC Help Korean
"{55533224-CAD0-39B5-6297-E1B2D1D8F176}" = Catalyst Control Center
"{590828E0-9BA6-3E4D-8491-A1D9CC3EB8CE}" = CCC Help French
"{5D037ECA-B00A-466F-848C-D21B4DB69DEA}" = Adobe Premiere Elements 10 HD Content 1
"{60CE924D-12CB-4A96-8B75-18F92CE1D585}" = CrazyTalk v6.21 SE
"{61B3CAF9-0C8A-4390-AE72-D6B90FB71C17}" = Serif CraftArtist Professional
"{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Apple Application Support
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{6563FAF5-84F9-0A35-C032-182EBC4C3BDB}" = CCC Help Finnish
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6C5F8503-55D2-4398-858C-362B7A7AF51C}" = Firebird SQL Server - MAGIX Edition
"{6D46F639-5F2F-90F3-4B60-EB2EF264B82E}" = CCC Help Spanish
"{70210CF8-CAB1-8FEB-D964-C33AFE18730B}" = CCC Help Czech
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7430B12A-3B67-4191-B0C5-59E57344CB1F}" = iClone v4.31 PRO
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789567FD-CAA2-4E1C-B38E-9072B3015FFD}" = CrazyTalk Animator PRO Trial
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7B2CC3DF-64FA-44AE-8F57-B0F915147E4F}_is1" = Need For Speed™ World
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7C08721F-AC43-4198-A35B-93442DD10A26}" = Serif CraftArtist Greeting Cards Collection
"{7D427BD1-1C88-4007-BBFB-C2DD2ED48C63}" = Serif WebPlus X5
"{7D775738-C2CC-4E91-9E87-B3F77833A238}" = Serif WebPlus: Business Template - Real Estate 2
"{7FB64E72-9B0E-4460-A821-040C341E414A}" = ASUS Ai Charger
"{7FCBED5C-8C0F-43FA-9880-E3BBCE81FEF0}" = CoffeeCup Web Form Builder
"{7FD8B0C1-CDDA-4B4D-A577-B2E3570EA3A3}_is1" = iExplorer 2.2.1.3
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{83A606F5-BF6F-42ED-9F33-B9F74297CDED}" = Need for Speed(TM) Hot Pursuit
"{83C97249-FB38-4FF0-8480-1D8E367767D8}" = Serif WebPlus: Interest Template - Music 1
"{84228E96-3FBE-4E1F-9161-D55E527687D3}" = Hoffnung für heute
"{85DE30D0-AEC8-4799-A56A-14267C421A76}" = CoffeeCup Web Form Builder Lite
"{875F9A42-D47B-43E6-BA68-29D1895188D5}_is1" = Dynamic Auto-Painter 2.5.3
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8B1AEC85-4507-28BD-F3BA-4A5D732752E7}" = CCC Help Hungarian
"{8C5ACED4-34D3-23BB-F90E-2F90420321BC}" = Catalyst Control Center Localization All
"{8F42D65F-B288-401B-BDE3-308AF6B33BF8}" = MAGIX Video deluxe 17 Premium Sonderedition
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.PROPLUSR_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.PROPLUSR_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90170407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office FrontPage 2003
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{93C40A12-0098-46B1-972E-E8083686A7A0}" = Serif MoviePlus X5
"{96CFF0DB-C3C3-44B8-930C-1121EC68A3BF}" = Serif WebPlus X4 Ressourcen
"{99C7D73D-E201-4D03-B8A4-5EDBA529B505}" = Adobe Premiere Elements 10 Content 3
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9ADA45A0-8043-470A-8E8B-02EA7D95F896}" = Serif WebPlus X4
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C8D1290-0A4C-446C-AD86-0590812660CC}" = Adobe Premiere Elements 10 Content
"{9F06F464-479A-403E-AF92-70CBB8D674A1}" = PRE10STI64Installer
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A127C3C0-055E-38CF-B38F-1E85F8BBBFFE}" = Adobe Community Help
"{A1683CA7-4850-4A21-982B-C6D853C79AF7}" = Mass Effect™ 3 Demo
"{A3DAD349-E48E-AE45-3F26-7B80A4FFCD26}" = Catalyst Control Center InstallProxy
"{A5909EAD-96CE-49E4-9BA8-D2F271C34AB4}" = DaisyTrail Christmas Crafts Digikit
"{A93EC091-461F-46EE-BAE1-327EB608AA60}" = Serif PagePlus X4 Ressourcen
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{AFA3224E-8AD6-4EFA-9DBA-A2E499F30282}" = Serif PhotoPlus X4
"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
"{B0B1A8A5-4711-BB6C-DD59-9794AD928368}" = CCC Help Dutch
"{B2CF1869-8727-4F9C-BA7D-807CA9F7C528}" = Magic Bullet Quick Looks (MAGIX)
"{B33D2348-2938-1A03-0CD3-E6F7101244E0}" = CCC Help Polish
"{B47A51FD-0DBC-45E1-8275-C4B5D8351E98}" = DaisyTrail New Year 2012 Digikit
"{B5BF7B43-E13D-4A76-9F8F-E933817131EC}" = calibre
"{B7C8D838-9C3A-1177-B80A-E3C512FD8AF5}" = CCC Help Swedish
"{B8A2869E-30CA-40C5-9CF8-BD7354E57EF8}" = SmartSound Common Data
"{B8A6C9D6-7A53-41CB-BC2A-891F461B613E}" = DaisyTrail Table Plans Digikit
"{BB55B191-6B35-4BDD-BED6-B2C9F2089954}" = DaisyTrail Thankgiving 2011 Digikit
"{C36CC334-10DA-4D13-B4EA-605B453D8912}" = DaisyTrail Happy Hanukkah 2011 Digikit
"{C7B3C4B4-D6E1-4E5D-8428-1FB7111944B9}" = Serif WebPlus X6
"{C8B6F34D-EF2D-4804-9F5D-21BD556C52AA}" = DaisyTrail Valentine's Day 2011 Digikit
"{CF53472F-99F4-4DFC-A267-74FE2909E6BF}" = DaisyTrail Mother's Day 2011 Digikit
"{D0F1732F-DE2D-4A6D-BE19-2D6CF784356C}" = Serif PagePlus X3 Ressourcen
"{D1CE6204-061A-43B5-830F-6A8A35C4E0C6}" = Adobe Premiere Elements 10 HD Content 2
"{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1" = Rapture3D 2.4.8 Game
"{D66A42BA-3747-4628-9CE4-9E7C18C3ED95}" = Adobe Premiere Elements 10 Content 2
"{D91AB4D6-2CA1-4427-91B3-BB31D3C6D4EE}" = SmartStore.biz 5
"{D982FFA1-51C2-4187-8EED-563F718536A3}" = MAGIX Video deluxe MX Premium
"{DDCB737A-EEC8-3815-42DA-69011A55E3E5}" = Catalyst Control Center Graphics Previews Common
"{E170E984-6B20-79C2-1E9F-0256EC5ADFB4}" = CCC Help Chinese Standard
"{E23FEC6A-C2D9-4D91-ADF4-FD513B4421A3}" = Serif WebPlus: Interest Template - Photography 1
"{E2B22002-9C8B-43CC-A75B-464B6ED4FF6B}" = Serif PagePlus X6
"{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding
"{E5F7F7F8-9FE2-4AA4-B142-8B5981F0A290}" = DaisyTrail Certificates Digikit
"{E866E52C-1F56-4CCF-0071-CA915F8CFEDA}" = CCC Help Norwegian
"{EE549AF9-8FAA-4584-83B2-ECF1BC9DC1FF}" = Adobe Photoshop Elements 10
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F5D245CC-C332-1E8E-CCB1-75E0C3C4D6F1}" = CCC Help Portuguese
"{F8F9302E-27C2-45FA-A2D3-3880616A2BD1}" = MAGIX Speed burnR (MSI)
"{FBAB18E2-4F7F-4DBD-BBE2-2062602BF5CA}" = MAGIX Audio Cleaning Lab MX
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop Elements 10" = Adobe Photoshop Elements 10
"Adobe Premiere Elements 10 Content" = Adobe Premiere Elements 10 Content
"Adobe Premiere Elements 10 Content 1" = Adobe Premiere Elements 10 Content 1
"Adobe Premiere Elements 10 Content 2" = Adobe Premiere Elements 10 Content 2
"Adobe Premiere Elements 10 Content 3" = Adobe Premiere Elements 10 Content 3
"Adobe Premiere Elements 10 HD Content 1" = Adobe Premiere Elements 10 HD Content 1
"Adobe Premiere Elements 10 HD Content 2" = Adobe Premiere Elements 10 HD Content 2
"Adobe Premiere Elements 10 HD Content 3" = Adobe Premiere Elements 10 HD Content 3
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.15
"ASD800_is1" = Anime Studio Debut 8.0
"Ashampoo Burning Studio 10_is1" = Ashampoo Burning Studio 10 v.10.0.15
"Avira AntiVir Desktop" = Avira Free Antivirus
"Bryce 7.0 Content 7.0.0.21" = Bryce 7.0 Content
"Bryce 7.1 7.1.0.109" = Bryce 7.1
"Bryce Lightning 7.0 7.1.0.109" = Bryce Lightning 7.0
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"Color Efex Pro 3.0 Stand-Alone Standard" = Color Efex Pro 3.0 Standard
"DAZ Content Management Service 4.8.1.7" = DAZ Content Management Service
"DAZ Studio 4 (64bit) 4.0.3.47" = DAZ Studio 4 (64bit)
"DiskAid_is1" = DiskAid 5.11
"DS4 Default Content 4.0.0.19" = DS4 Default Content
"DVD Shrink_is1" = DVD Shrink 3.2
"Elements+_is1" = Elements+ for PSE 10, v.4.0
"ESET Online Scanner" = ESET Online Scanner v3
"Finale NotePad 2012" = Finale NotePad 2012
"Free YouTube Download_is1" = Free YouTube Download version 3.0.20.1228
"GoZ DS4 (64bit) 1.0.3.9" = GoZ DS4 (64bit)
"HandBrake" = HandBrake 0.9.5
"Hexagon 2 2.5.1.79" = Hexagon 2
"InstallShield_{1D273D91-D7D5-4036-8B84-EB4615FF5F81}" = SmartSound Sonicfire Pro 5
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"InstallShield_{B8A2869E-30CA-40C5-9CF8-BD7354E57EF8}" = SmartSound Common Data
"IrfanView" = IrfanView (remove only)
"jAlbum_0" = jAlbum 9.3
"KoolMoves_is1" = KoolMoves 7.4.2
"MAGIX_MSI_mclab_mx" = MAGIX Audio Cleaning Lab MX
"MAGIX_MSI_Videodeluxe17_premium" = MAGIX Video deluxe 17 Premium Sonderedition
"MAGIX_MSI_Videodeluxe18_premium" = MAGIX Video deluxe MX Premium
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.0.1400
"MotionArtist09_is1" = MotionArtist 0.9
"Mozilla Firefox 10.0 (x86 de)" = Mozilla Firefox 10.0 (x86 de)
"MultiCommander" = MultiCommander
"MuseScore" = MuseScore 1.2 MuseScore score typesetter
"NewBlue Light Rays for Magix" = NewBlue Light Rays for Magix
"NewBlue Lightning for Magix" = NewBlue Lightning for Magix
"NewBlueFX Light Blends" = NewBlueFX Light Blends
"NewBlueFX Premium Effects" = NewBlueFX Premium Effects
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"OpenAL" = OpenAL
"Origin" = Origin
"PhotoZoom Classic 4" = BenVista PhotoZoom Classic 4.1.2
"Poser 7_is1" = Poser 7.0.4 Service Release
"Poser Debut_is1" = Poser Debut
"proDAD-Adorage-3.0" = proDAD Adorage 3.0
"proDAD-Heroglyph-2.5" = proDAD Heroglyph 2.5
"proDAD-Mercalli-2.0" = proDAD Mercalli 2.0
"proDAD-Vitascene-2.0" = proDAD Vitascene 2.0
"PunkBusterSvc" = PunkBuster Services
"SongBeamer_Bible_Elb2006_is1" = SongBeamer - Elberfelder Bibel 2006
"SongBeamer_Setup_is1" = SongBeamer 4.09
"SpeedCommander 10" = SpeedCommander 10
"Steam App 218" = Source SDK Base 2007
"Steam App 35720" = Trine 2
"Steam App 71390" = Virtua Tennis 4
"TmNationsForever_is1" = TmNationsForever
"TmUnited_is1" = TrackMania United 0.2.0.8
"TmUnitedForever_is1" = TmUnitedForever
"TrueCrypt" = TrueCrypt
"Uplay" = Uplay
"Victoria 4.2 Base DAZ Studio Content ps_pe069_Victoria4DS" = Victoria 4.2 Base DAZ Studio Content
"Victoria 4.2 Base ps_pe069_Victoria4" = Victoria 4.2 Base
"Victoria 4.2 Morphs++ DAZ Studio Content ps_pe070_V4MorphsDS" = Victoria 4.2 Morphs++ DAZ Studio Content
"Victoria 4.2 Morphs++ ps_pe070_V4Morphs" = Victoria 4.2 Morphs++
"virtualPhotographer_is1" = virtualPhotographer 1.5.6
"VLC media player" = VLC media player 1.1.11
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"fc6d9d64ce333d98" = BibleReader
"Google Chrome" = Google Chrome
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 29.08.2012 13:50:14 | Computer Name = Johannes-PC2 | Source = Steam Client Service | ID = 1
Description = Error: Invalid file signature: C:\Program Files (x86)\bin\SteamService.dll
 
Error - 29.08.2012 13:50:24 | Computer Name = Johannes-PC2 | Source = Steam Client Service | ID = 1
Description = Error: Invalid file signature: C:\Program Files (x86)\bin\SteamService.dll
 
Error - 29.08.2012 13:51:54 | Computer Name = Johannes-PC2 | Source = Steam Client Service | ID = 1
Description = Error: Invalid file signature: C:\Program Files (x86)\bin\SteamService.dll
 
Error - 29.08.2012 13:51:54 | Computer Name = Johannes-PC2 | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: VT4.exe, Version: 1.0.0.1, Zeitstempel:
 0x4de8f45c  Name des fehlerhaften Moduls: VT4.exe, Version: 1.0.0.1, Zeitstempel:
 0x4de8f45c  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00027205  ID des fehlerhaften Prozesses:
 0x5c0  Startzeit der fehlerhaften Anwendung: 0x01cd860ef90941cf  Pfad der fehlerhaften
 Anwendung: C:\Program Files (x86)\Steam\steamapps\common\Virtua Tennis 4\VT4.exe
Pfad
 des fehlerhaften Moduls: C:\Program Files (x86)\Steam\steamapps\common\Virtua Tennis
 4\VT4.exe  Berichtskennung: 37c8bf41-f202-11e1-ae3b-f46d04b04223
 
Error - 29.08.2012 13:52:00 | Computer Name = Johannes-PC2 | Source = Steam Client Service | ID = 1
Description = Error: Invalid file signature: C:\Program Files (x86)\bin\SteamService.dll
 
Error - 29.08.2012 13:56:52 | Computer Name = Johannes-PC2 | Source = Steam Client Service | ID = 1
Description = Error: Invalid file signature: C:\Program Files (x86)\bin\SteamService.dll
 
Error - 29.08.2012 13:56:53 | Computer Name = Johannes-PC2 | Source = Steam Client Service | ID = 1
Description = Error: Invalid file signature: C:\Program Files (x86)\bin\SteamService.dll
 
Error - 29.08.2012 13:56:54 | Computer Name = Johannes-PC2 | Source = Steam Client Service | ID = 1
Description = Error: Invalid file signature: C:\Program Files (x86)\bin\SteamService.dll
 
Error - 29.08.2012 14:15:46 | Computer Name = Johannes-PC2 | Source = Avira Antivirus | ID = 4110
Description = Während der Initialisierung der Suchengine trat ein unbekannter Fehler
 auf!  Fehlercode: 0x35
 
Error - 29.08.2012 14:17:19 | Computer Name = Johannes-PC2 | Source = WinMgmt | ID = 10
Description = 
 
[ System Events ]
Error - 20.06.2012 06:18:10 | Computer Name = Johannes-PC2 | Source = bowser | ID = 8003
Description = 
 
Error - 20.06.2012 06:30:12 | Computer Name = Johannes-PC2 | Source = bowser | ID = 8003
Description = 
 
Error - 20.06.2012 06:54:16 | Computer Name = Johannes-PC2 | Source = bowser | ID = 8003
Description = 
 
Error - 20.06.2012 07:30:21 | Computer Name = Johannes-PC2 | Source = bowser | ID = 8003
Description = 
 
Error - 20.06.2012 08:06:28 | Computer Name = Johannes-PC2 | Source = bowser | ID = 8003
Description = 
 
Error - 20.06.2012 08:30:33 | Computer Name = Johannes-PC2 | Source = bowser | ID = 8003
Description = 
 
Error - 20.06.2012 09:06:40 | Computer Name = Johannes-PC2 | Source = bowser | ID = 8003
Description = 
 
Error - 20.06.2012 09:42:36 | Computer Name = Johannes-PC2 | Source = bowser | ID = 8003
Description = 
 
Error - 20.06.2012 10:06:40 | Computer Name = Johannes-PC2 | Source = bowser | ID = 8003
Description = 
 
Error - 20.06.2012 10:42:56 | Computer Name = Johannes-PC2 | Source = bowser | ID = 8003
Description = 
 
 
< End of report >

--- --- ---

Nun noch CCleaner

Code:

ATTFilter

7-Zip 9.20 (x64 edition)	Igor Pavlov	03.02.2012	4,53MB	9.20.00.0
Adobe AIR	Adobe Systems Incorporated	28.12.2011		2.6.0.19140
Adobe Community Help	Adobe Systems Incorporated.	28.12.2011		3.5.23
Adobe Flash Player 11 ActiveX	Adobe Systems Incorporated	10.10.2012	6,00MB	11.4.402.287
Adobe Flash Player 11 Plugin	Adobe Systems Incorporated	15.07.2012	6,00MB	11.3.300.265
Adobe Photoshop Elements 10	Adobe Systems Incorporated	28.12.2011	2,60GB	10.0
Adobe Premiere Elements 10		01.10.2012		
Adobe Premiere Elements 10	Adobe Systems Incorporated	28.12.2011	1,23GB	10.0
Adobe Premiere Elements 10 Content	Adobe Systems Incorporated	28.12.2011	1,23GB	10.0
Adobe Reader X (10.1.4) - Deutsch	Adobe Systems Incorporated	22.08.2012	122MB	10.1.4
Amazon MP3-Downloader 1.0.15	Amazon Services LLC	05.08.2012		1.0.15
AMD Catalyst Install Manager	Advanced Micro Devices, Inc.	29.08.2012	26,3MB	8.0.881.0
Anime Studio Debut 8.0	Smith Micro Software, Inc.	27.12.2011	480MB	8.0
Apple Application Support	Apple Inc.	17.09.2012	64,5MB	2.2.2
Apple Mobile Device Support	Apple Inc.	17.09.2012	23,7MB	6.0.0.59
Apple Software Update	Apple Inc.	25.12.2011	2,38MB	2.1.3.127
Ashampoo Burning Studio 10 v.10.0.15	Ashampoo GmbH & Co. KG	26.12.2011	233MB	10.0.15
ASUS Ai Charger	ASUSTeK Computer Inc.	02.10.2012		1.03.00
Avira Free Antivirus	Avira	12.09.2012	108MB	12.0.0.1199
BenVista PhotoZoom Classic 4.1.2	BenVista Ltd.	27.12.2011	10,9MB	4.1.2
BibleReader	Olive Tree Bible Software	15.08.2012		5.0.4.916
Bluetooth Win7 Suite (64)	Atheros Communications	21.12.2011	59,1MB	7.2.0.40
Bonjour	Apple Inc.	25.12.2011	2,00MB	3.0.0.10
Bryce 7.0 Content	DAZ 3D	04.02.2012	849GB	7.0.0.21
Bryce 7.1	DAZ 3D	04.02.2012		7.1.0.109
Bryce Lightning 7.0	DAZ 3D	04.02.2012		7.1.0.109
calibre	Kovid Goyal	08.08.2012	131MB	0.8.63
Canon LBP5000		01.01.2012		
Canon MP540 series MP Drivers		13.01.2012		
CCleaner	Piriform	24.09.2012		3.23
CoffeeCup Web Form Builder	CoffeeCup Software, Inc.	28.06.2012	21,3MB	2.0.4263
CoffeeCup Web Form Builder Lite	CoffeeCup Software, Inc.	09.01.2012	17,0MB	1.0.3033
Color Efex Pro 3.0 Standard	Nik Software, Inc.	10.07.2012		3.1.0.9
Core Temp 1.0 RC3	Alcpu	07.07.2012	2,00MB	1.0
CorelDRAW Graphics Suite 12	Corel Corporation	26.12.2011	273MB	12.0.0.458
CrazyTalk Animator PRO Trial	Reallusion Inc.	01.10.2012		1.2.2816.1
CrazyTalk v6.21 SE	Reallusion	01.10.2012		6.21.2325.1
CutePDF Writer 2.8		05.01.2012		
DaisyTrail Certificates Digikit	Serif (Europe) Ltd	27.12.2011	31,5MB	1.0.2.027
DaisyTrail Christmas Crafts Digikit	Serif (Europe) Ltd	27.12.2011	27,8MB	1.0.2.027
DaisyTrail Diwali 2011 Digikit	Serif (Europe) Ltd	27.12.2011	26,6MB	1.0.2.025
DaisyTrail Happy Hanukkah 2011 Digikit	Serif (Europe) Ltd	27.12.2011	19,0MB	1.0.2.027
DaisyTrail Mother's Day 2011 Digikit	Serif (Europe) Ltd	27.12.2011	15,8MB	1.0.2.018
DaisyTrail New Year 2012 Digikit	Serif (Europe) Ltd	14.02.2012	21,4MB	1.0.2.027
DaisyTrail Posters Digikit	Serif (Europe) Ltd	14.02.2012	14,5MB	1.0.2.027
DaisyTrail Table Plans Digikit	Serif (Europe) Ltd	27.12.2011	21,5MB	1.0.2.027
DaisyTrail Thankgiving 2011 Digikit	Serif (Europe) Ltd	27.12.2011	22,2MB	1.0.2.027
DaisyTrail Valentine's 2012 Digikit	Serif (Europe) Ltd	14.02.2012	20,3MB	1.0.2.027
DaisyTrail Valentine's Day 2011 Digikit	Serif (Europe) Ltd	27.12.2011	17,6MB	1.0.1.013
DAZ Content Management Service	DAZ 3D	04.02.2012	23,0MB	4.8.1.7
DAZ Studio 4 (64bit)	DAZ 3D	04.02.2012		4.0.3.47
DiskAid 5.11	DigiDNA	09.04.2012	18,6MB	5.11
Dropbox	Dropbox, Inc.	26.05.2012		1.4.7
DS4 Default Content	DAZ 3D	04.02.2012	588GB	4.0.0.19
DVD Shrink 3.2	DVD Shrink	18.02.2012		
Dynamic Auto-Painter 2.5.3	Mediachance.com	27.12.2011		
Elements+ for PSE 10, v.4.0	Andrei Doubrovski	29.03.2012	33,3MB	
EMF Plug-In	Gehriger Engineering	18.09.2012	457KB	1.0.2
ESET Online Scanner v3		16.10.2012		
Finale NotePad 2012	MakeMusic	30.04.2012		2012..r1.1
Firebird SQL Server - MAGIX Edition	MAGIX AG	25.12.2011	11,5MB	2.1.31.0
Free YouTube Download version 3.0.20.1228	DVDVideoSoft Ltd.	02.02.2012	75,1MB	
Geeks3D.com FurMark 1.9.2	Geeks3D.com	22.12.2011	4,62MB	
Google Chrome	Google Inc.	09.02.2012		22.0.1229.94
GoZ DS4 (64bit)	DAZ 3D	04.02.2012	3,90GB	1.0.3.9
HandBrake 0.9.5		18.02.2012		0.9.5
Hexagon 2	DAZ 3D	04.02.2012	113GB	2.5.1.79
Hoffnung für heute		27.12.2011	20,6MB	2.3.2
iClone v4.31 PRO	Reallusion Inc.	23.03.2012		4.31.2517.1
iExplorer 2.2.1.3	Macroplant, LLC	10.05.2012	4,10MB	
Intel(R) Management Engine Components	Intel Corporation	01.10.2012		7.0.0.1144
IrfanView (remove only)	Irfan Skiljan	29.12.2011	1,50MB	4.32
iTunes	Apple Inc.	17.09.2012	182MB	10.7.0.21
jAlbum 9.3		27.12.2011		
Java 7 Update 7 (64-bit)	Oracle	19.09.2012	127MB	7.0.70
Java(TM) 6 Update 30	Oracle	21.12.2011	95,1MB	6.0.300
KoolMoves 7.4.2	Lucky Monkey Designs LLC	03.02.2012	19,4MB	7.4.2
Magic Bullet Quick Looks (MAGIX)	Red Giant	27.12.2011	24,0MB	1.0.0
MAGIX Audio Cleaning Lab MX	MAGIX AG	26.12.2011		18.0.0.7
MAGIX Screenshare	MAGIX AG	25.12.2011	1,54MB	4.3.6.1987
MAGIX Speed burnR (MSI)	MAGIX AG	25.12.2011	21,5MB	7.0.2.6
MAGIX Video deluxe 17 Premium Sonderedition	MAGIX AG	27.12.2011		10.0.11.0
MAGIX Video deluxe 17 Premium Sonderedition Video Plugins	MAGIX AG	27.12.2011	1,47MB	1.0.0.0
MAGIX Video deluxe MX Premium	MAGIX AG	27.12.2011		11.0.0.42
Malwarebytes Anti-Malware Version 1.65.0.1400	Malwarebytes Corporation	16.10.2012	19,3MB	1.65.0.1400
Mass Effect™ 3 Demo	Electronic Arts	18.02.2012		1.0.0.0
Microsoft .NET Framework 4 Client Profile	Microsoft Corporation	30.01.2012	38,8MB	4.0.30319
Microsoft .NET Framework 4 Extended	Microsoft Corporation	30.01.2012	51,9MB	4.0.30319
Microsoft Games for Windows - LIVE Redistributable	Microsoft Corporation	13.09.2012	31,3MB	3.5.92.0
Microsoft Games for Windows Marketplace	Microsoft Corporation	13.09.2012	6,03MB	3.5.50.0
Microsoft IntelliPoint 8.2	Microsoft Corporation	31.01.2012		8.20.468.0
Microsoft Office FrontPage 2003	Microsoft Corporation	14.08.2012	318MB	11.0.8173.0
Microsoft Office Professional Plus 2010	Microsoft Corporation	25.12.2011		14.0.6029.1000
Microsoft Silverlight	Microsoft Corporation	11.05.2012	50,6MB	5.1.10411.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053	Microsoft Corporation	24.01.2012	250KB	8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable	Microsoft Corporation	27.12.2011	298KB	8.0.56336
Microsoft Visual C++ 2005 Redistributable (x64)	Microsoft Corporation	12.07.2012	698KB	8.0.61000
Microsoft Visual C++ 2005 Redistributable - KB2467175	Microsoft Corporation	04.02.2012	2,64MB	8.0.51011
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148	Microsoft Corporation	23.03.2012	778KB	9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161	Microsoft Corporation	24.03.2012	788KB	9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022	Microsoft Corporation	25.12.2011	3,51MB	9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729	Microsoft Corporation	27.12.2011	234KB	9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17	Microsoft Corporation	25.12.2011	238KB	9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148	Microsoft Corporation	23.03.2012	222KB	9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161	Microsoft Corporation	25.12.2011	600KB	9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319	Microsoft Corporation	25.12.2011	13,7MB	10.0.30319
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219	Microsoft Corporation	03.05.2012	16,5MB	10.0.40219
MotionArtist 0.9	Smith Micro Software, Inc.	11.07.2012	58,8MB	0.9
Mozilla Firefox 10.0 (x86 de)	Mozilla	09.02.2012	35,4MB	10.0
MSXML 4.0 SP2 Parser and SDK	Microsoft Corporation	08.04.2012	5,04MB	4.20.9818.0
MSXML 4.0 SP3 Parser	Microsoft Corporation	25.12.2011	1,47MB	4.30.2100.0
MSXML 4.0 SP3 Parser (KB2721691)	Microsoft Corporation	12.07.2012	1,53MB	4.30.2114.0
MSXML 4.0 SP3 Parser (KB973685)	Microsoft Corporation	27.12.2011	1,53MB	4.30.2107.0
MultiCommander		26.01.2012		
MuseScore 1.2 MuseScore score typesetter	Werner Schweer and Others	16.03.2012		1.2.0
Neat Image v7.1.0 Demo Standalone	Neat Image team, ABSoft	30.12.2011		
Need for Speed(TM) Hot Pursuit	Electronic Arts	22.06.2012	7,77GB	1.0.0.0
Need For Speed™ World	Electronic Arts	18.02.2012	12,4MB	1.0.0.776
NewBlue Light Rays for Magix	NewBlue	27.12.2011		1.4
NewBlue Lightning for Magix	NewBlue	27.12.2011		1.4
NewBlueFX Light Blends	NewBlue	27.12.2011		1.4
NewBlueFX Premium Effects	NewBlue	27.12.2011		1.4
NVIDIA PhysX	NVIDIA Corporation	18.02.2012	78,9MB	9.10.0513
OpenAL		12.01.2012		
Origin	Electronic Arts, Inc.	08.09.2012		9.0.2.2065
Photomatix Pro version 4.1.2	HDRsoft Sarl	27.12.2011	22,2MB	4.1.2
Poser 7.0.4 Service Release		04.02.2012		
Poser Debut	Smith Micro Software, Inc.	03.01.2012	344MB	8.0.3
proDAD Adorage 3.0	proDAD GmbH	27.12.2011		3.0.92
proDAD Heroglyph 2.5	proDAD GmbH	27.12.2011		2.6.32
proDAD Mercalli 2.0	proDAD GmbH	27.12.2011		2.0.61
proDAD Vitascene 2.0	proDAD GmbH	27.12.2011		2.0.113
PunkBuster Services	Even Balance, Inc.	04.08.2012		0.990
QuickTime	Apple Inc.	26.12.2011	73,2MB	7.71.80.42
Rapture3D 2.4.8 Game	Blue Ripple Sound	12.01.2012		
Raw Therapee V4.0.7.1 x64	Raw Therapee Team	12.03.2012	48,9MB	4.0.701
Realtek Ethernet Controller Driver	Realtek	21.12.2011		7.37.1229.2010
Realtek High Definition Audio Driver	Realtek Semiconductor Corp.	25.12.2011		6.0.1.6235
Renesas Electronics USB 3.0 Host Controller Driver	Renesas Electronics Corporation	21.12.2011	1,00MB	2.0.32.0
Serif CraftArtist 2 Professional	Serif (Europe) Ltd	21.09.2012	833MB	2.0.0.22
Serif CraftArtist Baby Photos Collection	Serif (Europe) Ltd	26.12.2011	468MB	1.0.0.007
Serif CraftArtist Greeting Cards Collection	Serif (Europe) Ltd	26.12.2011	2,29GB	1.0.0.007
Serif CraftArtist Professional	Serif (Europe) Ltd	26.12.2011	232MB	1.0.5.043
Serif CraftArtist Scrapbooks Collection	Serif (Europe) Ltd	26.12.2011	815MB	1.0.0.007
Serif CraftArtist Wedding Days Collection	Serif (Europe) Ltd	26.12.2011	548MB	1.0.0.008
Serif MoviePlus X5	Serif (Europe) Ltd	27.05.2012	1,28GB	7.0.2.018
Serif PagePlus X3 Ressourcen	Serif (Europe) Ltd	26.12.2011	811MB	13.0.1.008
Serif PagePlus X4	Serif (Europe) Ltd	26.12.2011	466MB	14.0.5.027
Serif PagePlus X4 Ressourcen	Serif (Europe) Ltd	26.12.2011	620MB	14.0.0.008
Serif PagePlus X5	Serif (Europe) Ltd	13.01.2012	760MB	15.0.5.030
Serif PagePlus X6	Serif (Europe) Ltd	29.08.2012	1,33GB	16.0.2.27
Serif PanoramaPlus X4	Serif (Europe) Ltd	26.12.2011	119MB	4.0.2.009
Serif PhotoPlus X4	Serif (Europe) Ltd	26.12.2011	435MB	14.0.2.013
Serif WebPlus X4	Serif (Europe) Ltd	02.04.2012	514MB	12.0.5.033
Serif WebPlus X4 Ressourcen	Serif (Europe) Ltd	03.02.2012	90,9MB	12.0.0.008
Serif WebPlus X5	Serif (Europe) Ltd	21.03.2012	456MB	13.0.3.029
Serif WebPlus X6	Serif (Europe) Ltd	11.08.2012	505MB	14.0.1.23
Serif WebPlus: Business Template - Real Estate 1	Serif (Europe) Ltd	26.12.2011	1,30MB	1.0.0.005
Serif WebPlus: Business Template - Real Estate 2	Serif (Europe) Ltd	26.12.2011	820KB	1.0.0.005
Serif WebPlus: Interest Template - Music 1	Serif (Europe) Ltd	26.12.2011	1,01MB	1.0.0.005
Serif WebPlus: Interest Template - Photography 1	Serif (Europe) Ltd	02.05.2012	1,20MB	1.0.1.007
Serif WebPlus: Interest Template - Photography 2	Serif (Europe) Ltd	26.12.2011	2,27MB	1.0.0.005
SmartSound Common Data	SmartSound Software Inc.	28.12.2011	13,4MB	1.1.0
SmartSound Premiere Elements 10 x64 Plugin	SmartSound Software Inc.	28.12.2011	3,40MB	5.70.0001
SmartSound Sonicfire Pro 5	SmartSound Software Inc.	28.12.2011	60,7MB	5.7.1
SmartStore.biz 5	SmartStore AG	31.12.2011	88,9MB	5.6.02
SongBeamer - Elberfelder Bibel 2006	Hänssler Verlag	30.01.2012		
SongBeamer 4.09	SongBeamer	27.12.2011		
Source SDK Base 2007	Valve	19.09.2012		
SpeedCommander 10	SpeedProject	16.07.2012		10.0
Steam	Valve Corporation	18.07.2012	35,4MB	1.0.0.0
System.Data.SQLite v1.0.80.0	System.Data.SQLite Team	03.05.2012	7,93MB	1.0.80.0
TmNationsForever	Nadeo	23.02.2012		
TmUnitedForever	Nadeo	30.01.2012		
TrackMania United 0.2.0.8	Nadeo	29.01.2012		
Trine 2		01.10.2012		
TrueCrypt	TrueCrypt Foundation	30.06.2012		7.1a
Uplay	Ubisoft	18.07.2012		2.0
Vasco da Gama 4 HDPro	MotionStudios	27.12.2011	891MB	4.00.0000
Victoria 4.2 Base	Name of your company	04.02.2012	25,4GB	ps_pe069_Victoria4
Victoria 4.2 Base DAZ Studio Content	Name of your company	04.02.2012	254MB	ps_pe069_Victoria4DS
Victoria 4.2 Morphs++	Name of your company	04.02.2012	68,7GB	ps_pe070_V4Morphs
Victoria 4.2 Morphs++ DAZ Studio Content	Name of your company	04.02.2012	174MB	ps_pe070_V4MorphsDS
Virtua Tennis 4		13.09.2012		
virtualPhotographer 1.5.6	optikVerve Labs	29.12.2011		
VLC media player 1.1.11	VideoLAN	25.01.2012		1.1.11
Web Assistant 2.0.0.430	IB	03.05.2012	2,02MB	
Windows Live ID Sign-in Assistant	Microsoft Corporation	12.01.2012	10,0MB	6.500.3165.0
WinRAR 4.20 (64-Bit)	win.rar GmbH	29.06.2012		4.20.0
WISE-FTP 7	AceBIT GmbH	30.08.2012	7,73MB

Danke fürs checken.
Was soll ich nun tun?
LG

kira · 17.10.2012, 06:42

Systemreinigung und Prüfung:

► Wenn Du nun alle Schritte erledigt hast, melde dich mit die gewünschten Ergebnisse zurück!
Nur bei Probleme inzwischen melden!

1.
Deinstalliere unter Systemsteuerung-> Software/Programme:

Code:

ATTFilter

Web Assistant <- Adware !!

Leider oft tragen sich "ungebetene Gäste direkt in die Suchleiste, Startseite und unter Erweiterungen ein" und sie können schon wirklich lästig sein... meistens aus Unwissenheit oder Ignoranz wird mitinstalliert, manche davon gehört sogar zur gefährlichsten Art der Adware , oder auch zum eine "Foistware-Gruppe".

Immer die benutzerdefinierte Installation wählen, nicht die Standardinstallation, weil dann oft Sachen mitinstalliert werden, die man nicht braucht oder nicht möchte.
Während des Installationsvorgangs die Lizenzbestimmungen immer lesen, und nicht sofort überall den Haken setzen bzw gesetzten Haken belassen, weil damit stimmt man nämlich zu, dass andere "Fremdprogramm", oder sogar Adware (Werbe-Pop-ups) durch Partnerprogrammen, Sponsoren etc - mitinstalliert wird, weil sich Freeware damit finanziert.
In diese Kategorie gehören noch einige, wie z.B: -> Unerwünschte Toolbars

Zitat:

Daher ist es ratsam, nach jeder Installation in alle installierten Browser zu kontrollieren:
die aktuelle Webseite als Startseite unter die Lupe nehmen
unter Extras ⇒ Erweiterungen nach ungewollte AddOns/PlugIns, Toolbars schauen
In der Liste Zurzeit installierte Programme (unter Systemsteuerung) nachsehen, ob sich so etwas "ungewoltes" (Programm, Toolbar etc) eingenistet hat!

2.

Zitat:

Achtung wichtig!:
Falls Du selber im Logfile Änderungen vorgenommen hast, musst Du durch die Originalbezeichnung ersetzen und so in Script einfügen! sonst funktioniert nicht!
(Benutzerordner, dein Name oder sonstige Änderungen durch X, Stern oder andere Namen ersetzt)

Fixen mit OTL

Starte die OTL.exe.
Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
Kopiere folgendes Skript also - nach dem "Code", alles was in der Codebox steht - (also beginnend mit :OTL und am Ende [emptytemp]), alles was in der Codebox steht (ohne "code"!) :

Code:

ATTFilter

:OTL
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com/?crg=4.0002002
IE - HKLM\..\SearchScopes,DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://search.sweetim.com/search.asp?src=6&q={searchTerms}&crg=4.0002002
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://at.msn.com/?ocid=iehp
IE - HKCU\..\SearchScopes,DefaultScope = {1CADBE96-EECC-4F16-A813-60BD2A48DA4B}
IE - HKCU\..\SearchScopes\{1CADBE96-EECC-4F16-A813-60BD2A48DA4B}: "URL" = http://www.google.at/search?q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..extensions.enabledAddons: {336D0C35-8A85-403a-B9D2-65C292C39087}:2.0.0.430
FF - prefs.js..keyword.URL: "http://search.sweetim.com/search.asp?src=2&q="
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Johannes\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Johannes\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
[2012.05.03 11:15:24 | 000,002,203 | ---- | M] () -- C:\Users\Johannes\AppData\Roaming\mozilla\firefox\profiles\79s52rs8.default\searchplugins\MyStart Search.xml
[2012.05.03 11:17:04 | 000,003,934 | ---- | M] () -- C:\Users\Johannes\AppData\Roaming\mozilla\firefox\profiles\79s52rs8.default\searchplugins\sweetim.xml
[2012.05.03 11:17:11 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions\ffxtlbr@babylon.com
[2012.01.29 16:02:49 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.05.03 11:17:08 | 000,002,298 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
[2012.01.29 15:50:55 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.01.29 16:02:49 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.01.29 16:02:49 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.01.29 16:02:49 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
CHR - homepage: http://isearch.babylon.com/?babsrc=HP_ss&mntrId=ba010ec9000000000000f46d04b04223
CHR - homepage: http://isearch.babylon.com/?babsrc=HP_ss&mntrId=ba010ec9000000000000f46d04b04223
CHR - Extension: Web Assistant = C:\Users\Johannes\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd\2.0.0.430_0\
CHR - Extension: SweetIM for Facebook = C:\Users\Johannes\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.0.0.0_0\Copy of 
CHR - Extension: SweetIM for Facebook = C:\Users\Johannes\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.0.0.0_0\
CHR - Extension: Web Assistant = C:\Users\Johannes\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd\2.0.0.430_0\
CHR - Extension: SweetIM for Facebook = C:\Users\Johannes\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.0.0.0_0\Copy of 
CHR - Extension: SweetIM for Facebook = C:\Users\Johannes\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.0.0.0_0\
[2012.10.16 08:38:47 | 083,023,306 | ---- | M] () -- C:\ProgramData\dsgsdgdsgdsgw.pad
[2012.10.16 08:35:43 | 083,023,306 | ---- | C] () -- C:\ProgramData\dsgsdgdsgdsgw.pad

:Files
C:\Users\Johannes\AppData\Roaming\Babylon
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]

und füge es hier ein:
Schließe alle Programme.
Klicke auf den Fix Button.
Klick auf .
OTL verlangt einen Neustart. Bitte zulassen.
Nach dem Neustart findest Du ein Textdokument.
Kopiere den Inhalt hier in Deinen Thread.

3.
Alle Programme/Fenster schliessen
Java-Cache leeren

Start => Systemsteuerung => Java => Allgemein => Temporäre Internet-Dateien "Einstellungen" => Dateien löschen => Haken bei "Anwendungen und Applets" sowie bei "Verfolgungs- und Protokolldateien" setzen => OK
-> Wie leere ich den Java-Cache?
-> Java-Cache leeren
-> Kurze Videoanleitung wie man unter Windows 7 und XP den JAVA Cache löschen kann.

4.
Java :
Ältere Versionen falls noch existieren, deinstallieren
► Die alte Java-Versionen verbleiben auf dem PC...aus Sicherheitsgründen müssen entfernt werden,auch in Zukunft darauf achten!

5.
Aktualisieren:
-> Mozilla Firefox-> Hilfe -> über Menü Hilfe -> "Über Firefox"
Info:-> Firefox auf die letzte Version aktualisieren

6.
Tipps - Der Internet Explorer von Microsoft gehört zur Grundausstattung unter Windows, somit wie alle andere installierte Software muss gepflegt werden! Auch bei Nicht-Verwendung!:
-> Tipps zu Internet Explorer
-> Standard Suchmaschine des Explorers ändern
-> Ändern oder Auswählen eines Suchanbieters in Internet Explorer 7/8
-> Wie kann ich den Cache im Internet Explorer leeren?

7.
Alle Programme/Fenster schliessen
reinige dein System mit CCleaner:

"CCleaner"→ "Analysieren"→ Klick auf den Button "Start CCleaner"
"Registry""Fehler suchen"→ "Fehler beheben"→ "Alle beheben"
Starte dein System neu auf

8.
Vorbereitung

Schließe evtl. vorhandene externe Festplatten und/oder sonstigen Wechselmedien (z. B. evtl. vorhandene USB-Sticks) an den Rechner an.
Bitte während der Online-Scans deaktivieren:
Anti-Virus-Programm und Firewall.
Internet Explorer starten => im Menü unter Extras => Internetoption => Datenschutz => den Haken bei "Popupblocker einschalten" entfernen und
unter dem Reiter "Sicherheit" => die Sicherheitsstufe ggfs. auf "Mittelhoch" herabsetzen.
Nicht vergessen, sie hinterher wieder einzuschalten bzw. die Internetoptionen wie zuvor einzustellen..
Während der Online-Scans auf andere Online-Aktivitäten verzichten.
Du musst das Herunterladen und Installieren von ActiveX-Steuerelementen (Controls) zulassen.
.

Den PC NUR online scannen und NICHT ein zweites Antivirenprogramm installieren!!!

Eset Online Scanner (NOD32)
- Unterstützte Betriebssysteme: Microsoft Windows 7 - Vista - XP - 2000 - NT.
- Anmerkung für Vista und Windows 7-User: Bitte den Browser unbedingt als Administrator starten.
- Dein Anti-Virus-Programm während des Scans deaktivieren.
- Button "ESET Online Scanner" drücken.
- IE-User müssen das Installieren eines ActiveX Elements erlauben.
- Einen Haken bei "YES, I accept the Terms of Use." machen und auf den Button "Start" drücken.
- Einen Haken bei "Remove found threads" und "Scan archives" machen.
- Start drücken.
- Signaturen werden heruntergeladen.
- Der Scan beginnt automatisch.
- Wenn fertig, das Protokoll speichern und mir posten.
  -> List of found threats
  -> Export to text file
  -> Back
  -> Delete quarantäne files
- Finish drücken.
- Browser schließen.
- Deinstallation nachdem das Protokoll mir gepostet hast: Systemsteuerung => Software => Eset Online Scanner V3 entfernen.
- Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

9.
erneut einen Scan mit OTL:

Doppelklick auf die OTL.exe
Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
Oben findest Du ein Kästchen mit Ausgabe.
Wähle bitte Standard-Ausgabe
Unter Extra-Registrierung wähle bitte Benutze SafeList.
Mache Häckchen bei LOP- und Purity-Prüfung.
Klicke nun auf Scan links oben.
Wenn der Scan beendet wurde werden zwei Logfiles erstellt.
Du findest die Logfiles auf Deinem Desktop => OTL.txt und Extras.txt
Poste die Logfiles in Code-Tags hier in den Thread.

► berichte erneut über den Zustand des Computers. Ob noch Probleme auftreten, wenn ja, welche?

eagle_j · 17.10.2012, 13:03

Hallo, ich melde mich zwischendurch, weil ich nicht alle Punkte ausführen konnte:
Ich habe alles wie beschrieben erfolgreich gemacht bis zum Eset Test im IE9. Dieser fragte mich immer beim Herunterladen der Signaturen, ob ich einen Proxi konfiguriert hätte, weil er die Signaturen nicht laden könne. Hat das ev. mit Win 7 64Bit zu tun? Da hab ich nämlich zwei Internet Explorer Versionen (32 und 64 Bit) Bei beiden klappt es aber nicht.
Nach den vorherigen Punkten meldet sich beim Start des Internet Explorers immer ein lästiges Konfigurationsfenster für Addins, Suchanbieter - das war vor den Maßnahmen nicht der Fall. Und es kommt jedesmal.
Ich hab dann den Eset Online Scanner über Firefox (aktuelle Version) gedownloaded, installiert und da hats dann mit dem Herunterladen der Signaturen geklappt.
Nun ist er gerade am checken...
Ist das ok so? Oder muss ich mir wegen des ESET - Internet Explorer Problemes Sorgen machen?
Wie bekomme ich beim IE das lästige Einstellungsfenster (siehe iben) beim Start wieder weg?
Vielen Dank im vorhinein für die Hilfe.
LG

eagle_j · 17.10.2012, 17:26

Hallo. Der ESET Online Scan ist durch und auch OTL hab ich nochmal laufen lassen.
Alle anderen Punkte deiner Liste hab ich durchgeführt. Probleme gabs eben (wie im obigen Post beschrieben) nur beim IE mit dem ESET - der dort die Signaturen nicht herunterladen konnte - mit Firefox gings dann aber.

So nun der Text nach dem OTL Fix:

Code:

ATTFilter

All processes killed
========== OTL ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C360-6118-11DC-9C72-001320C79847}\ not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache| /E : value set successfully!
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{1CADBE96-EECC-4F16-A813-60BD2A48DA4B}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1CADBE96-EECC-4F16-A813-60BD2A48DA4B}\ not found.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
Prefs.js: "Search the web (Babylon)" removed from browser.search.order.1
Prefs.js: {336D0C35-8A85-403a-B9D2-65C292C39087}:2.0.0.430 removed from extensions.enabledAddons
Prefs.js: "hxxp://search.sweetim.com/search.asp?src=2&q=" removed from keyword.URL
Prefs.js: "*.local" removed from network.proxy.no_proxies_on
Registry key HKEY_CURRENT_USER\Software\MozillaPlugins\@tools.google.com/Google Update;version=3\ deleted successfully.
C:\Users\Johannes\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll moved successfully.
Registry key HKEY_CURRENT_USER\Software\MozillaPlugins\@tools.google.com/Google Update;version=9\ deleted successfully.
File C:\Users\Johannes\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll not found.
C:\Users\Johannes\AppData\Roaming\mozilla\firefox\profiles\79s52rs8.default\searchplugins\MyStart Search.xml moved successfully.
C:\Users\Johannes\AppData\Roaming\mozilla\firefox\profiles\79s52rs8.default\searchplugins\sweetim.xml moved successfully.
C:\Program Files (x86)\mozilla firefox\extensions\ffxtlbr@babylon.com folder moved successfully.
C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml moved successfully.
C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml moved successfully.
C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml moved successfully.
C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml moved successfully.
C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml moved successfully.
C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml moved successfully.
Use Chrome's Settings page to change the HomePage.
Use Chrome's Settings page to change the HomePage.
File C:\Users\Johannes\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd\2.0.0.430_0 not found.
File C:\Users\Johannes\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.0.0.0_0\Copy of not found.
C:\Users\Johannes\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.0.0.0_0 folder moved successfully.
File C:\Users\Johannes\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd\2.0.0.430_0 not found.
File C:\Users\Johannes\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.0.0.0_0\Copy of not found.
File C:\Users\Johannes\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.0.0.0_0 not found.
C:\ProgramData\dsgsdgdsgdsgw.pad moved successfully.
File C:\ProgramData\dsgsdgdsgdsgw.pad not found.
========== FILES ==========
C:\Users\Johannes\AppData\Roaming\Babylon folder moved successfully.
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\Johannes\Desktop\cmd.bat deleted successfully.
C:\Users\Johannes\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56466 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Johannes
->Temp folder emptied: 5354696995 bytes
->Temporary Internet Files folder emptied: 1224568984 bytes
->Java cache emptied: 13527 bytes
->FireFox cache emptied: 87564465 bytes
->Google Chrome cache emptied: 14930253 bytes
->Flash cache emptied: 52546 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 178513889 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67899 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 6.543,00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 10172012_122734

Files\Folders moved on Reboot...
C:\Users\Johannes\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

Nun der ESET Text (ESET war bei mir in Deutsch) Das File hab ich aus dem ESET-Verzeichnis und hieß dort log:

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=7e5d543ba7e4bb44b761396df052d34c
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-10-17 02:59:24
# local_time=2012-10-17 04:59:24 (+0100, Mitteleuropäische Sommerzeit)
# country="Austria"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1792 16777215 100 0 25699669 25699669 0 0
# compatibility_mode=5893 16776573 100 94 22345 102104456 0 0
# compatibility_mode=8192 67108863 100 0 141 141 0 0
# scanned=678971
# found=2
# cleaned=2
# scan_time=11357
D:\Backup\Eigene Webs\Vorlagen\flash\Skripte\PHP\google.zip	PHP/Obfuscated.F Anwendung (gelöscht - in Quarantäne kopiert)	00000000000000000000000000000000	C
D:\Downloads\CHIP\LOESCHEN.zip	Win32/Adware.ADON Anwendung (gelöscht - in Quarantäne kopiert)	00000000000000000000000000000000	C

Die exportierte threats list (ESET):

Code:

ATTFilter

D:\Backup\Eigene Webs\Vorlagen\flash\Skripte\PHP\google.zip	PHP/Obfuscated.F Anwendung	gelöscht - in Quarantäne kopiert
D:\Downloads\CHIP\LOESCHEN.zip	Win32/Adware.ADON Anwendung	gelöscht - in Quarantäne kopiert

Dann Neustart und OTL nach Anweisung:
OTL.txt
OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 17.10.2012 18:01:06 - Run 7
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Johannes\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000c07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
7,98 Gb Total Physical Memory | 6,49 Gb Available Physical Memory | 81,34% Memory free
15,95 Gb Paging File | 14,27 Gb Available in Paging File | 89,47% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 467,21 Gb Total Space | 172,58 Gb Free Space | 36,94% Space Free | Partition Type: NTFS
Drive D: | 464,21 Gb Total Space | 56,12 Gb Free Space | 12,09% Space Free | Partition Type: NTFS
 
Computer Name: JOHANNES-PC2 | User Name: Johannes | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.10.16 17:10:08 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Johannes\Desktop\OTL.exe
PRC - [2012.09.07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012.08.13 09:33:46 | 000,547,984 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\ASUS Ai Charger\AiChargerAP.exe
PRC - [2012.08.04 11:45:48 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2012.07.31 10:23:32 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.05.24 20:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Users\Johannes\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2012.05.09 00:57:20 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.05.09 00:57:20 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2011.07.28 18:12:10 | 000,393,216 | ---- | M] (AMD) -- C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
PRC - [2011.05.24 11:33:30 | 001,840,128 | ---- | M] (MAGIX AG) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
PRC - [2010.11.17 03:53:16 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011.11.02 00:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011.11.02 00:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2012.07.28 04:09:44 | 000,239,616 | ---- | M] (AMD) [Disabled | Stopped] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2012.10.11 03:04:37 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.09.08 17:29:27 | 000,529,744 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012.09.07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.09.07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012.08.04 11:45:48 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.05.09 00:57:20 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.05.09 00:57:20 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.09.01 03:22:18 | 000,169,624 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor10.0)
SRV - [2011.06.12 12:15:00 | 031,125,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft Office2010\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2011.05.24 11:33:30 | 001,840,128 | ---- | M] (MAGIX AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe -- (Fabs)
SRV - [2011.05.05 22:36:05 | 000,022,528 | ---- | M] () [Disabled | Stopped] -- C:\Programme\DAZ 3D\Content Management Service\ContentManagementServer.exe -- (DAZContentManagementService)
SRV - [2011.04.26 14:54:12 | 002,702,848 | ---- | M] (MAGIX®) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
SRV - [2010.10.27 17:18:52 | 000,052,896 | ---- | M] (Atheros Commnucations) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\adminservice.exe -- (AtherosSvc)
SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.01.09 22:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2009.08.18 13:48:02 | 002,291,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.09.07 17:04:46 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012.08.21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012.07.28 06:07:44 | 010,278,912 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012.07.28 03:14:46 | 000,368,640 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012.07.09 13:42:54 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012.06.30 01:37:07 | 000,231,376 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\truecrypt.sys -- (truecrypt)
DRV:64bit: - [2012.05.14 08:12:30 | 000,096,896 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2012.05.09 00:57:20 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012.05.09 00:57:20 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.12.15 16:00:00 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2011.08.02 18:38:44 | 000,022,528 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netaapl64.sys -- (Netaapl)
DRV:64bit: - [2011.08.01 16:59:06 | 000,045,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2011.06.10 07:34:52 | 000,539,240 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.12.10 07:50:36 | 000,181,248 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2010.12.10 07:50:36 | 000,080,384 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2010.11.21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010.10.27 16:50:28 | 000,301,680 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_a2dp.sys -- (BTATH_A2DP)
DRV:64bit: - [2010.10.27 16:50:28 | 000,279,152 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btfilter.sys -- (BtFilter)
DRV:64bit: - [2010.10.27 16:50:28 | 000,203,624 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_hcrp.sys -- (BTATH_HCRP)
DRV:64bit: - [2010.10.27 16:50:28 | 000,156,520 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_rcp.sys -- (BTATH_RCP)
DRV:64bit: - [2010.10.27 16:50:28 | 000,058,992 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_lwflt.sys -- (BTATH_LWFLT)
DRV:64bit: - [2010.10.27 16:50:28 | 000,055,336 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AthDfu.sys -- (ATHDFU)
DRV:64bit: - [2010.10.27 16:50:28 | 000,038,248 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_flt.sys -- (AthBTPort)
DRV:64bit: - [2010.10.27 16:50:28 | 000,031,080 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_bus.sys -- (BTATH_BUS)
DRV:64bit: - [2010.10.20 20:05:18 | 000,014,592 | ---- | M] (ASUSTek Computer Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AiCharger.sys -- (AiCharger)
DRV:64bit: - [2010.10.19 17:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010.03.19 04:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2012.03.22 16:10:14 | 000,014,848 | ---- | M] (ASUSTek Computer Inc.) [Kernel | Boot | Running] -- C:\Windows\SysWOW64\drivers\AiCharger.sys -- (AiCharger)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = 
IE - HKLM\..\SearchScopes,DefaultScope = 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.at/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-AT
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0D 39 6D EF 07 C0 CC 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {28D19648-2FD8-4E6E-B7BF-E0608E47C46E}
IE - HKCU\..\SearchScopes\{28D19648-2FD8-4E6E-B7BF-E0608E47C46E}: "URL" = hxxp://www.google.at/search?q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.order.1: ""
FF - prefs.js..browser.search.selectedEngine: "Google.at"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.google.at"
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_265.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll (Amazon.com, Inc.)
FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft)
 
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\Web Assistant\Firefox
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.10.17 13:13:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2012.02.09 17:55:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Johannes\AppData\Roaming\mozilla\Extensions
[2012.10.17 13:10:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Johannes\AppData\Roaming\mozilla\Firefox\Profiles\79s52rs8.default\extensions
[2012.06.06 12:00:19 | 000,002,467 | ---- | M] () -- C:\Users\Johannes\AppData\Roaming\mozilla\firefox\profiles\79s52rs8.default\searchplugins\googleat.xml
[2012.10.17 13:13:41 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.10.11 03:05:24 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.10.11 04:10:32 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.10.11 04:10:32 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.10.11 04:10:32 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.10.11 04:10:32 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.10.11 04:10:32 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.10.11 04:10:32 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - homepage: hxxp://isearch.babylon.com/?babsrc=HP_ss&mntrId=ba010ec9000000000000f46d04b04223
CHR - default_search_provider:  ()
CHR - default_search_provider: search_url = 
CHR - default_search_provider: suggest_url = 
CHR - homepage: hxxp://isearch.babylon.com/?babsrc=HP_ss&mntrId=ba010ec9000000000000f46d04b04223
CHR - Extension: No name found = C:\Users\Johannes\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: No name found = C:\Users\Johannes\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: No name found = C:\Users\Johannes\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
CHR - Extension: No name found = C:\Users\Johannes\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: No name found = C:\Users\Johannes\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: No name found = C:\Users\Johannes\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No CLSID value found.
O2 - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.
O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ASUS Ai Charger] C:\Program Files (x86)\ASUS\ASUS Ai Charger\AiChargerAP.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [HydraVisionDesktopManager] C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe (AMD)
O4 - Startup: C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Johannes\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105 File not found
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Johannes\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Free YouTube Download - C:\Users\Johannes\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000 File not found
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - Reg Error: Value error. File not found
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office2010\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office2010\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office2010\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office2010\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7E2423B5-DAB0-4686-B78D-C0557C26D1A9}: DhcpNameServer = 213.94.78.16 213.94.78.17
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{844448C0-194D-41F9-8382-01E5B447EF47}: NameServer = 212.186.211.21,195.34.133.21
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.10.17 13:47:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012.10.17 13:11:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2012.10.17 13:11:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012.10.17 12:27:34 | 000,000,000 | ---D | C] -- C:\_OTL
[2012.10.16 20:10:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2012.10.16 20:10:02 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012.10.16 20:08:57 | 003,941,312 | ---- | C] (Piriform Ltd) -- C:\Users\Johannes\Desktop\ccsetup323.exe
[2012.10.16 17:10:08 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Johannes\Desktop\OTL.exe
[2012.10.16 16:59:34 | 000,000,000 | ---D | C] -- C:\Users\Johannes\Desktop\Musik
[2012.10.16 13:20:05 | 000,000,000 | ---D | C] -- C:\Users\Johannes\Desktop\Logs
[2012.10.16 09:03:59 | 000,000,000 | ---D | C] -- C:\Users\Johannes\AppData\Roaming\Malwarebytes
[2012.10.16 09:02:57 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.10.16 09:02:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.10.16 09:02:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.10.16 09:02:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.10.16 09:02:24 | 010,524,080 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\Johannes\Desktop\mbam-setup-1.65.0.1400.exe
[2012.10.10 19:56:50 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012.10.10 19:56:50 | 003,968,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012.10.10 19:56:50 | 003,914,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012.10.10 19:56:49 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll
[2012.10.10 19:56:17 | 001,464,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2012.10.10 19:56:16 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll
[2012.10.05 10:12:42 | 000,000,000 | ---D | C] -- C:\Users\Johannes\Desktop\WW10-2012
[2012.10.02 16:46:01 | 000,014,848 | ---- | C] (ASUSTek Computer Inc.) -- C:\Windows\SysWow64\drivers\AiCharger.sys
[2012.10.02 16:27:35 | 000,014,592 | ---- | C] (ASUSTek Computer Inc.) -- C:\Windows\SysNative\drivers\AiCharger.sys
[2012.10.02 16:26:12 | 000,000,000 | ---D | C] -- C:\Windows\AsDmiHtm
[2012.10.01 19:34:29 | 000,000,000 | ---D | C] -- C:\Users\Johannes\AppData\Roaming\Trine2
[2012.10.01 10:36:30 | 000,028,672 | ---- | C] (ASUSTek Computer Inc.) -- C:\Windows\SysWow64\AsIO.dll
[2012.10.01 10:36:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ASUS
[2012.10.01 02:39:55 | 000,000,000 | ---D | C] -- C:\Users\Johannes\Documents\Crazy Talk
[2012.10.01 01:39:00 | 000,000,000 | ---D | C] -- C:\Users\Johannes\AppData\Roaming\Reallusion
[2012.09.22 09:54:48 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012.09.22 09:54:48 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012.09.22 09:54:46 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012.09.22 09:54:45 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012.09.22 09:54:45 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012.09.22 09:54:45 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012.09.22 09:54:44 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012.09.22 09:54:44 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012.09.22 09:54:43 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012.09.22 09:54:43 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012.09.22 09:54:43 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012.09.22 09:54:43 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012.09.22 09:54:42 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012.09.22 09:54:42 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012.09.22 09:54:42 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2012.09.21 20:16:28 | 000,000,000 | ---D | C] -- C:\Program Files\Serif
[2012.09.19 13:52:46 | 001,034,216 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\npDeployJava1.dll
[2012.09.19 13:52:46 | 000,916,456 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\deployJava1.dll
[2012.09.19 13:52:46 | 000,289,768 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe
[2012.09.19 13:52:35 | 000,189,416 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe
[2012.09.19 13:52:35 | 000,188,904 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\java.exe
[2012.09.19 13:52:35 | 000,108,008 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\WindowsAccessBridge-64.dll
[2012.09.19 13:52:30 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2012.09.19 13:08:35 | 000,000,000 | ---D | C] -- C:\Users\Johannes\AppData\Roaming\.minecraft
[2012.09.19 01:52:11 | 000,503,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\srcore.dll
[2012.09.19 01:52:10 | 000,751,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll
[2012.09.19 01:52:10 | 000,492,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll
[2012.09.19 01:52:10 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\splwow64.exe
[2012.09.19 01:52:09 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\RNDISMP.sys
[2012.09.19 01:51:51 | 000,574,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll
[2012.09.18 13:00:34 | 000,000,000 | ---D | C] -- C:\Program Files\Gehriger Engineering
[2012.07.18 01:06:51 | 001,242,448 | ---- | C] (Valve Corporation) -- C:\Program Files (x86)\Steam.exe
 
========== Files - Modified Within 30 Days ==========
 
[2012.10.17 17:58:03 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.10.17 17:57:58 | 2129,219,583 | -HS- | M] () -- C:\hiberfil.sys
[2012.10.17 17:21:40 | 000,021,664 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.10.17 17:21:40 | 000,021,664 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.10.17 17:18:01 | 000,001,132 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3452236036-1519950677-1972415991-1000UA.job
[2012.10.17 13:46:39 | 001,612,484 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.10.17 13:46:39 | 000,696,620 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.10.17 13:46:39 | 000,651,938 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.10.17 13:46:39 | 000,147,916 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.10.17 13:46:39 | 000,120,870 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.10.17 13:13:42 | 000,001,151 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.10.17 12:47:55 | 000,137,202 | ---- | M] () -- C:\Users\Johannes\Documents\cc_20121017_124741.reg
[2012.10.16 20:10:03 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.10.16 20:09:11 | 003,941,312 | ---- | M] (Piriform Ltd) -- C:\Users\Johannes\Desktop\ccsetup323.exe
[2012.10.16 17:10:08 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Johannes\Desktop\OTL.exe
[2012.10.16 16:44:23 | 000,000,000 | ---- | M] () -- C:\Users\Johannes\defogger_reenable
[2012.10.16 16:37:47 | 000,050,477 | ---- | M] () -- C:\Users\Johannes\Desktop\Defogger.exe
[2012.10.16 09:02:57 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.10.16 09:02:36 | 010,524,080 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\Johannes\Desktop\mbam-setup-1.65.0.1400.exe
[2012.10.15 09:18:00 | 000,001,080 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3452236036-1519950677-1972415991-1000Core.job
[2012.10.10 20:18:56 | 000,002,506 | ---- | M] () -- C:\Users\Johannes\Desktop\Google Chrome.lnk
[2012.10.10 19:49:17 | 000,696,760 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012.10.10 19:49:17 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012.10.09 10:25:18 | 000,001,124 | ---- | M] () -- C:\Users\Johannes\Desktop\SongBeamer.lnk
[2012.10.02 18:13:58 | 000,027,946 | ---- | M] () -- C:\Windows\Ascd_tmp.ini
[2012.10.02 18:13:51 | 000,001,769 | ---- | M] () -- C:\Windows\Language_trs.ini
[2012.10.02 17:48:28 | 000,011,832 | ---- | M] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys
[2012.10.02 17:48:28 | 000,010,216 | ---- | M] () -- C:\Windows\SysWow64\drivers\AsInsHelp32.sys
[2012.10.02 17:09:29 | 004,194,304 | ---- | M] () -- C:\P8P67-ASUS-3509.ROM
[2012.10.02 16:46:17 | 000,028,672 | ---- | M] (ASUSTek Computer Inc.) -- C:\Windows\SysWow64\AsIO.dll
[2012.10.02 16:46:17 | 000,013,440 | ---- | M] () -- C:\Windows\SysWow64\drivers\AsIO.sys
[2012.10.01 10:43:22 | 000,001,106 | ---- | M] () -- C:\Users\Johannes\Desktop\MuseScore.lnk
[2012.10.01 01:57:35 | 000,000,075 | RHS- | M] () -- C:\Windows\CT6STET.BIN
[2012.09.22 17:23:51 | 001,404,488 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.09.21 20:16:43 | 000,002,135 | ---- | M] () -- C:\Users\Public\Desktop\Serif CraftArtist 2.lnk
[2012.09.19 13:52:31 | 000,108,008 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\WindowsAccessBridge-64.dll
[2012.09.19 13:52:30 | 001,034,216 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\npDeployJava1.dll
[2012.09.19 13:52:30 | 000,916,456 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\deployJava1.dll
[2012.09.19 13:52:30 | 000,289,768 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe
[2012.09.19 13:52:30 | 000,189,416 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe
[2012.09.19 13:52:30 | 000,188,904 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\java.exe
 
========== Files Created - No Company Name ==========
 
[2012.10.17 13:13:42 | 000,001,151 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.10.17 12:47:48 | 000,137,202 | ---- | C] () -- C:\Users\Johannes\Documents\cc_20121017_124741.reg
[2012.10.16 20:10:03 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.10.16 16:44:23 | 000,000,000 | ---- | C] () -- C:\Users\Johannes\defogger_reenable
[2012.10.16 16:37:47 | 000,050,477 | ---- | C] () -- C:\Users\Johannes\Desktop\Defogger.exe
[2012.10.16 09:02:57 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.10.02 17:45:44 | 004,194,304 | ---- | C] () -- C:\P8P67-ASUS-3509.ROM
[2012.10.01 10:43:22 | 000,001,106 | ---- | C] () -- C:\Users\Johannes\Desktop\MuseScore.lnk
[2012.10.01 10:36:30 | 000,013,440 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
[2012.10.01 10:36:28 | 000,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys
[2012.10.01 01:57:35 | 000,000,075 | RHS- | C] () -- C:\Windows\CT6STET.BIN
[2012.09.21 20:16:43 | 000,002,495 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Serif CraftArtist 2.lnk
[2012.09.21 20:16:43 | 000,002,135 | ---- | C] () -- C:\Users\Public\Desktop\Serif CraftArtist 2.lnk
[2012.08.04 00:05:28 | 000,189,248 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012.08.04 00:05:27 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012.03.23 11:30:11 | 000,007,168 | ---- | C] () -- C:\Users\Johannes\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.03.12 13:01:21 | 000,000,218 | ---- | C] () -- C:\Users\Johannes\.recently-used.xbel
[2012.03.09 14:06:14 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2012.02.15 04:36:36 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012.02.15 04:36:36 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012.01.30 02:29:20 | 001,589,442 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.01.09 12:34:09 | 000,601,088 | ---- | C] () -- C:\Users\Johannes\AppData\Roaming\SharedSettings.ccs
[2012.01.01 19:05:27 | 000,000,432 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2012.01.01 19:05:27 | 000,000,034 | ---- | C] () -- C:\Windows\SysWow64\BD2030.DAT
[2011.12.27 20:03:41 | 000,000,931 | ---- | C] () -- C:\Users\Johannes\.jalbum-defaults.jap
[2011.12.27 20:03:41 | 000,000,884 | ---- | C] () -- C:\Users\Johannes\.jalbum-recent-projects.properties
[2011.12.27 20:03:41 | 000,000,423 | ---- | C] () -- C:\Users\Johannes\.jalbum-ftp-accounts.xml
[2011.12.27 04:58:52 | 000,004,441 | ---- | C] () -- C:\Windows\jtzf_sq32.ini
[2011.12.25 15:05:49 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2011.12.21 20:18:20 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011.12.21 19:46:26 | 000,007,597 | ---- | C] () -- C:\Users\Johannes\AppData\Local\Resmon.ResmonCfg
[2011.12.21 19:12:38 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2011.12.21 19:12:32 | 000,027,946 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2011.09.28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011.09.13 01:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011.08.03 14:21:58 | 004,077,568 | ---- | C] () -- C:\Windows\QLMGXRenderer.dll
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012.09.19 13:24:44 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\.minecraft
[2011.12.27 05:04:53 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\AceBIT
[2012.01.07 04:45:51 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\Amazon
[2011.12.26 01:41:39 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\Ashampoo
[2011.12.25 13:57:05 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\bizarre creations
[2012.08.08 18:16:39 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\calibre
[2012.01.13 17:20:51 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\Canon
[2012.04.16 02:34:07 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012.02.27 04:00:18 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\CoffeeCup Software
[2012.01.24 18:01:44 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\ComBib
[2012.02.04 15:19:43 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\DAZ 3D
[2012.07.14 02:52:48 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\DiskAid
[2012.10.17 17:58:43 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\Dropbox
[2012.02.02 13:09:56 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\DVDVideoSoft
[2012.02.02 13:09:48 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.03.12 12:48:13 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\gtk-2.0
[2012.02.18 03:51:21 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\HandBrake
[2011.12.27 05:32:19 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\HDRsoft
[2011.12.27 02:52:40 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\MAGIX
[2012.04.30 12:53:06 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\MakeMusic
[2012.03.16 12:48:20 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\MultiCommander
[2012.02.16 00:04:34 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\MusE
[2011.12.30 18:27:02 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\NeatImage SL 64
[2012.02.18 04:51:40 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\Need for Speed World
[2012.07.10 11:31:39 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\Nik Software
[2012.09.08 18:40:36 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\Origin
[2012.02.04 16:50:30 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\Poser 7
[2012.02.04 16:33:43 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\Poser 7_2008_07_09 10_55_15 AM
[2012.01.03 09:16:44 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\Poser Debut
[2011.12.27 03:59:36 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\proDAD
[2012.01.05 04:32:46 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\Serif
[2011.12.31 17:59:22 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\SmartStore
[2012.07.11 17:58:30 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\Smith Micro
[2012.02.07 12:35:26 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\Software4u
[2012.10.14 03:57:44 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\SongBeamer
[2012.07.16 12:43:41 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\SpeedProject
[2012.10.01 19:34:29 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\Trine2
[2012.06.30 01:41:09 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\TrueCrypt
[2012.03.02 14:50:40 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\Ubisoft
 
========== Purity Check ==========
 
 

< End of report >

--- --- ---

und Extras.txt
OTL Logfile:

Code:

ATTFilter

OTL Extras logfile created on: 17.10.2012 18:01:06 - Run 7
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Johannes\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000c07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
7,98 Gb Total Physical Memory | 6,49 Gb Available Physical Memory | 81,34% Memory free
15,95 Gb Paging File | 14,27 Gb Available in Paging File | 89,47% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 467,21 Gb Total Space | 172,58 Gb Free Space | 36,94% Space Free | Partition Type: NTFS
Drive D: | 464,21 Gb Total Space | 56,12 Gb Free Space | 12,09% Space Free | Partition Type: NTFS
 
Computer Name: JOHANNES-PC2 | User Name: Johannes | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office2010\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office2010\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office2010\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office2010\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{027DA069-7FDC-4DFE-983E-F1ECC84B6AAB}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{03063BC3-A0ED-443E-9742-B22B6552AC3B}" = lport=137 | protocol=17 | dir=in | app=system | 
"{05F4FEF1-6442-41A3-8A4E-0B4669D31E93}" = rport=138 | protocol=17 | dir=out | app=system | 
"{09E9DB4E-A13F-4E3C-9467-E9031544F660}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{155A2F31-0542-4D6C-8CC5-3287F35011CC}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{162B726E-306A-40C3-A581-B5382133D9C1}" = rport=139 | protocol=6 | dir=out | app=system | 
"{1DCC5D25-4403-4C9E-958C-A1444D4D1EBC}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{209BBA11-8CFE-46BB-AA74-F982CA3765A8}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{49988696-5508-4474-9039-A5D562404FBB}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe | 
"{51A3705B-139A-4A3A-B318-409DF1842A11}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{61C03BFC-2FA0-481C-A791-19CE7C6E2BA0}" = lport=138 | protocol=17 | dir=in | app=system | 
"{8F7D1587-3110-4BB8-8D42-EB7B4AD5517C}" = lport=445 | protocol=6 | dir=in | app=system | 
"{951D7F7D-04F9-4C0F-8009-BB166DEF38B3}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{9AF1ADE3-074A-4CAC-AAB8-1AF344F49DEF}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{A634EFC9-CB43-4C17-A680-96E61E6D6AA6}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{B3D25FE6-1B1D-45CB-AA2F-DC937C6F454D}" = rport=445 | protocol=6 | dir=out | app=system | 
"{BB21617F-03B1-4132-95B8-4FE6CD14A24F}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{BB3EF0E9-8A87-48F8-B46B-607FFB5FB2E3}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{C977078D-FF19-4E03-93D7-46D5EEB3C305}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{C9EBAE05-57CA-4FD5-B25F-A6A53CEFC2B9}" = lport=139 | protocol=6 | dir=in | app=system | 
"{EA1B08F8-CC79-44C3-8414-39D0EFEDBC80}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office2010\office14\outlook.exe | 
"{F2B8DA3F-F6EC-4189-9111-C3CF1E256B71}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{F6FB4B5C-91E3-4052-A0E9-FFF6F8D0B9B6}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{FC75C9F3-7398-4B3E-AFF4-970D0F4FFBD3}" = rport=137 | protocol=17 | dir=out | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{029A78F1-7394-4583-A7DD-1E054251F2DE}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\prince of persia\launcher\launcher.exe | 
"{0A0A62E2-B346-46D0-A9D4-209AD654614C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\star trek online\star trek online.exe | 
"{0A9203EF-578B-49C0-A5F7-2AC94FD15570}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\virtua tennis 4\vt4.exe | 
"{0AE3D138-1A07-4E00-9676-7215D3524A07}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{0DDAFCC2-2A8B-49D2-A2F0-A4389CD43CA0}" = protocol=6 | dir=in | app=c:\program files (x86)\smith micro\motionartist\motionartist.exe | 
"{0EB3BEBA-F3E2-4B03-A0A4-269F564D0E21}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{0F88C5F6-9AF4-4862-B4BF-03D0F79F3434}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{126C1894-E78F-4874-82AC-0616EEE97101}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{16B0B9C8-20C2-46DE-8751-8BE59471D698}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\burnout(tm) paradise the ultimate box\burnoutparadise.exe | 
"{16DE49B5-6FE2-4FE4-9533-74F965064981}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\microsoft flight\flight.exe | 
"{17E0DB1B-4AC4-43A2-A76D-118217F61601}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\burnout(tm) paradise the ultimate box\support\ea help\electronic_arts_technical_support.htm | 
"{18B18EBC-C704-49B3-8CCA-D6D467D2E17A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\assassin's creed 2\assassinscreediigame.exe | 
"{19ABE88F-47AA-423A-ADD8-82E90BDBC8F2}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\mass effect 3 demo\binaries\win32\masseffect3demo.exe | 
"{25B38EB9-18D6-471B-A7EB-B803AB3131C2}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office2010\office14\groove.exe | 
"{264CB953-04DF-4D73-84F7-A17C8A5A569F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\microsoft flight\flight.exe | 
"{2674D841-6ABA-4CE0-8FDE-717B2CBCA2C8}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dirt 3\dirt3.exe | 
"{27DF8793-1808-4B57-ACDC-5BBC8AB31988}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office2010\office14\groove.exe | 
"{28513028-493C-4524-A500-AF3A2E240220}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office2010\office14\onenote.exe | 
"{2A4756B7-520C-4B8B-86E4-4490ACFEB3CE}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{2CB7EE0E-CA32-4AB8-9BE7-47D26A2F59A6}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{36671498-1FBE-4434-B412-AC1F6D8619A7}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\portal 2\portal2.exe | 
"{3A1E317F-78D5-494E-9A63-0DF0D3A1AB50}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{3C6310D4-61B2-4F0B-BC14-3C63B211FFDB}" = protocol=6 | dir=in | app=c:\users\johannes\appdata\roaming\dropbox\bin\dropbox.exe | 
"{408E39CD-BC1E-43A4-B97C-14E65DEB2378}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\crysis\bin32\crysis.exe | 
"{454978BD-3652-4724-825C-775222CFA544}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\portal 2\portal2.exe | 
"{463B854E-BBB1-4AB2-AF65-1767936BD238}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\prince of persia\launcher\launcher.exe | 
"{49C4B5C2-2125-410F-9165-61733D21D5CD}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\burnout(tm) paradise the ultimate box\burnoutparadise.exe | 
"{4AA94CED-402C-408B-B79E-DCB9721F47E6}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\assassins creed\assassinscreed_game.exe | 
"{55047D4F-CFF2-418F-B9A5-063B3C79913E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\max payne\maxpayne.exe | 
"{5ACA05C9-FAD6-4ACF-95E6-895306562478}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\portal 2\portal2.exe | 
"{5DECC12F-9F0F-4970-BA04-2AC6B123689C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\max payne\maxpayne.exe | 
"{5F9F10B4-079F-410B-90B7-4EBAEF7C1F8E}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\need for speed hot pursuit\launcher.exe | 
"{5FA2EDA7-FBB9-4521-B0C7-8387A907E85E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\flight_control_hd\flightcontrol_win32.exe | 
"{5FD2686D-250F-41CB-8844-AFC815CED818}" = protocol=6 | dir=in | app=c:\windows\system32\cnac4rpd.exe | 
"{60EF82EA-028C-438D-9C0C-9DE25E8990F7}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\virtua tennis 4\vt4.exe | 
"{65D75AB7-1180-4CDE-A408-5B19B1089F0A}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{693F664F-0E39-4050-9484-91D5C707D33D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\burnout(tm) paradise the ultimate box\support\ea help\electronic_arts_technical_support.htm | 
"{6D1A2BD8-3EE6-4775-BA60-DB897E965DE3}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{72673A37-FC5A-456B-94E5-982F1860C660}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\max payne 2 the fall of max payne\maxpayne2.exe | 
"{76739171-6F93-480D-97EC-A5C9BD9B501B}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{7BBFAFDF-8020-4428-9C6F-B4ADAE0C6E3C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\trine 2\trine2_launcher.exe | 
"{7E1D8AC7-D5EF-48F5-B2A9-5F9A567B89E3}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{83A91DDA-032A-4E22-B243-FCA45282AC49}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{84574FCA-BDF4-402C-BD7F-AD212ACCDF0F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{86E5DAFA-990E-4AF3-B683-B98F001BBEB5}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\portal 2\portal2.exe | 
"{8A20A4B7-0A67-447B-A026-BF77970E29F8}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\assassins creed\assassinscreed_game.exe | 
"{8BACA49D-E2C9-4041-9E7E-47D62E38C923}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\assassins creed brotherhood\acbsp.exe | 
"{8BB3F9BD-AEDF-41C0-A9D5-B7861E422F72}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\burnout(tm) paradise the ultimate box\burnoutconfigtool.exe | 
"{8CDACAE1-E51D-435E-8793-8EFF47A16871}" = protocol=17 | dir=in | app=c:\windows\system32\cnac4rpd.exe | 
"{8E355948-2B63-4F03-BD01-47105099ACF7}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{8F548C08-6B1F-4A4F-A90A-D539AA5282F3}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\burnout(tm) paradise the ultimate box\burnoutconfigtool.exe | 
"{9A59BF8F-8EDF-4F1F-853F-B2493741ECB4}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\mass effect 3 demo\binaries\win32\masseffect3demo.exe | 
"{AC3B3170-5A6D-4C3C-AD32-E22A9F04C61D}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{B1284279-2933-4BD2-80DD-E5AED1F39807}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{B187F61C-5B1C-44A2-84E0-C161FF31888B}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\need for speed hot pursuit\launcher.exe | 
"{C053D254-BFF9-4F29-A733-746111636BBB}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\virtua tennis 4\launcher.exe | 
"{C278D24A-B23D-4869-9B2D-0EAB9FE58B0B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dirt 3\dirt3.exe | 
"{C2E948B8-5580-4F76-AAB9-152A51277888}" = protocol=17 | dir=in | app=c:\users\johannes\appdata\roaming\dropbox\bin\dropbox.exe | 
"{C5EE0450-AD8C-4CDA-8310-CFE2333162FD}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\assassin's creed 2\assassinscreediigame.exe | 
"{CA6F13FF-AECD-4B89-877F-0B64946B41A8}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{D02A74E4-561E-4424-BFDC-2D04B5CCD093}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office2010\office14\onenote.exe | 
"{D0F1FF5B-6843-4CD4-A22F-E4DEC54DEDF3}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\crysis warhead\bin32\crysis.exe | 
"{D3817AE0-2A2B-4C2D-AF97-05C818A9C6B8}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\trine 2\trine2_launcher.exe | 
"{DA5FB809-1CBA-454D-A8EB-54B6A4EAB89E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\assassins creed brotherhood\acbsp.exe | 
"{E35F79D7-4AB6-4D40-AE0C-BB859909F1BA}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{E4C7FDEE-A87C-4BAE-A6A4-F68283A928CE}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\star trek online\star trek online.exe | 
"{E774B196-3451-4D50-BA86-F240D115D76B}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | 
"{E833ED0A-FC69-431B-80B0-EC1AB1C6D40B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\virtua tennis 4\launcher.exe | 
"{E861F3E6-67CC-4EB7-903B-8AE31B5459B0}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\flight_control_hd\flightcontrol_win32.exe | 
"{E8BA1094-1A63-46BD-ACA7-B80F6EF12E15}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\crysis\bin32\crysis.exe | 
"{E8BD6115-A507-4161-B74B-7C9CF23D61E1}" = protocol=17 | dir=in | app=c:\program files (x86)\smith micro\motionartist\motionartist.exe | 
"{F1F649CE-B06A-48EB-B2F2-3A8B70EB4F6D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\max payne 2 the fall of max payne\maxpayne2.exe | 
"{FEB5966D-FB07-42F3-B035-B94DF4DCAF4A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\crysis warhead\bin32\crysis.exe | 
"TCP Query User{0B553E11-9391-4D17-B510-517CA836C513}C:\program files (x86)\steam\steamapps\common\blur\blur.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\blur\blur.exe | 
"TCP Query User{24596A8E-37B8-48BF-BAC1-02B3DCAAEBF1}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | 
"TCP Query User{2A3E41A3-6DED-4373-9051-A4DFBAEAED01}C:\program files (x86)\smith micro\anime studio debut 8\anime studio.exe" = protocol=6 | dir=in | app=c:\program files (x86)\smith micro\anime studio debut 8\anime studio.exe | 
"TCP Query User{4CD0AE45-8A82-4902-9C3C-0185BF9E60A8}C:\program files (x86)\smith micro\poser debut\poserdebut.exe" = protocol=6 | dir=in | app=c:\program files (x86)\smith micro\poser debut\poserdebut.exe | 
"TCP Query User{6D512BEA-8A39-4E8C-8DDC-5C157CE3C48A}C:\program files (x86)\origin games\need for speed hot pursuit\nfs11.exe" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\need for speed hot pursuit\nfs11.exe | 
"TCP Query User{70744988-3EA2-4449-AC30-DEB23C10DF3B}C:\program files (x86)\tmnationsforever\tmforever.exe" = protocol=6 | dir=in | app=c:\program files (x86)\tmnationsforever\tmforever.exe | 
"TCP Query User{81C36F38-DB1F-47FF-BC72-64F085206DF5}C:\program files (x86)\steam\steamapps\common\crysis 2 game of the year\bin32\crysis2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\crysis 2 game of the year\bin32\crysis2.exe | 
"TCP Query User{92B05302-6141-40F4-AD4E-894E9BF1C5CD}C:\program files (x86)\e frontier\poser 7\poser.exe" = protocol=6 | dir=in | app=c:\program files (x86)\e frontier\poser 7\poser.exe | 
"TCP Query User{94BCCDA7-BE96-4B96-BCB1-02594E1F35C3}C:\program files (x86)\smith micro\anime studio debut 8\anime studio.exe" = protocol=6 | dir=in | app=c:\program files (x86)\smith micro\anime studio debut 8\anime studio.exe | 
"TCP Query User{A08B02E7-630C-4DA3-BB0D-180B7837E14A}C:\program files (x86)\tmunitedforever\tmforever.exe" = protocol=6 | dir=in | app=c:\program files (x86)\tmunitedforever\tmforever.exe | 
"TCP Query User{A60A2CD4-3381-484B-91D9-A3EEA1FDB184}C:\program files (x86)\steam\steamapps\common\dirt 3\dirt3_game.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dirt 3\dirt3_game.exe | 
"TCP Query User{AB31F086-BB51-4F38-98F3-E9984D1D1FD5}C:\program files (x86)\steam\steamapps\common\star trek online\star trek online\live\gameclient.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\star trek online\star trek online\live\gameclient.exe | 
"TCP Query User{B5CF2684-C286-4728-962A-4062DD3884E0}C:\users\johannes\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\johannes\appdata\roaming\dropbox\bin\dropbox.exe | 
"TCP Query User{D89AD2D3-2400-4768-AC22-CE73DBFB768C}C:\program files (x86)\steam\steamapps\common\blur\blur.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\blur\blur.exe | 
"TCP Query User{FD09C831-4272-49CF-AFF5-7B71D309B255}C:\program files (x86)\trackmania united\tmunited.exe" = protocol=6 | dir=in | app=c:\program files (x86)\trackmania united\tmunited.exe | 
"UDP Query User{1E318440-C16A-4AA9-B00D-B6ED50ED2480}C:\program files (x86)\tmunitedforever\tmforever.exe" = protocol=17 | dir=in | app=c:\program files (x86)\tmunitedforever\tmforever.exe | 
"UDP Query User{2A81B791-9659-4F6E-B0B5-51AFCB10488C}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | 
"UDP Query User{4616AF84-C894-4895-9892-F659694E88B1}C:\program files (x86)\tmnationsforever\tmforever.exe" = protocol=17 | dir=in | app=c:\program files (x86)\tmnationsforever\tmforever.exe | 
"UDP Query User{476299E9-0394-4233-AAB5-A1614FA1A2CA}C:\program files (x86)\steam\steamapps\common\star trek online\star trek online\live\gameclient.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\star trek online\star trek online\live\gameclient.exe | 
"UDP Query User{4A60A829-D9C2-4A72-84E6-2103E7AF4032}C:\program files (x86)\steam\steamapps\common\blur\blur.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\blur\blur.exe | 
"UDP Query User{57344D81-AEED-45D8-B8D8-A735AFE76270}C:\program files (x86)\smith micro\poser debut\poserdebut.exe" = protocol=17 | dir=in | app=c:\program files (x86)\smith micro\poser debut\poserdebut.exe | 
"UDP Query User{6887CD3A-900F-4C75-91FD-E9EE15FE3C31}C:\program files (x86)\trackmania united\tmunited.exe" = protocol=17 | dir=in | app=c:\program files (x86)\trackmania united\tmunited.exe | 
"UDP Query User{81062D8C-8CAE-480E-B8B5-B37FB6F216F3}C:\program files (x86)\smith micro\anime studio debut 8\anime studio.exe" = protocol=17 | dir=in | app=c:\program files (x86)\smith micro\anime studio debut 8\anime studio.exe | 
"UDP Query User{8411F21B-8FD0-4C06-917C-50989CEDA70F}C:\program files (x86)\e frontier\poser 7\poser.exe" = protocol=17 | dir=in | app=c:\program files (x86)\e frontier\poser 7\poser.exe | 
"UDP Query User{883A3BFA-6596-4C41-AF5C-C448EA41EFE4}C:\program files (x86)\steam\steamapps\common\blur\blur.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\blur\blur.exe | 
"UDP Query User{909188C3-AB6D-4279-80C5-20863DE93838}C:\users\johannes\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\johannes\appdata\roaming\dropbox\bin\dropbox.exe | 
"UDP Query User{ACFA47F0-1460-49BC-A345-88FCCFC3F696}C:\program files (x86)\origin games\need for speed hot pursuit\nfs11.exe" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\need for speed hot pursuit\nfs11.exe | 
"UDP Query User{C43AC7E2-7BD0-4F8D-BC4C-E4312C53DC1C}C:\program files (x86)\steam\steamapps\common\crysis 2 game of the year\bin32\crysis2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\crysis 2 game of the year\bin32\crysis2.exe | 
"UDP Query User{C8265820-5865-4EA2-BE21-2676C929CBB9}C:\program files (x86)\steam\steamapps\common\dirt 3\dirt3_game.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dirt 3\dirt3_game.exe | 
"UDP Query User{F8C69F8A-AB49-48E9-B80B-A800CC7A9114}C:\program files (x86)\smith micro\anime studio debut 8\anime studio.exe" = protocol=17 | dir=in | app=c:\program files (x86)\smith micro\anime studio debut 8\anime studio.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1" = Core Temp 1.0 RC3
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP540_series" = Canon MP540 series MP Drivers
"{1493B2AE-0261-47D2-B1AA-F4DAD0F6C48B}" = iTunes
"{230D1595-57DA-4933-8C4E-375797EBB7E1}" = Bluetooth Win7 Suite (64)
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{26A24AE4-039D-4CA4-87B4-2F86417007FF}" = Java 7 Update 7 (64-bit)
"{26F481C6-8DBE-4F8B-9D8D-715081C23ADE}" = Adobe Premiere Elements 10
"{3DAE9A67-DD8D-4EDB-91F7-7B5132B1864D}" = SmartSound Premiere Elements 10 x64 Plugin
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4D533F05-A3F6-F8A9-F1F6-FA6812089D36}" = AMD Drag and Drop Transcoding
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{624C7F0A-89B2-4C49-9CAB-9D69613EC95A}" = Microsoft IntelliPoint 8.2
"{6C2E334F-37F5-C312-53BA-1482F9A6FD4D}" = ccc-utility64
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{7446FE8D-C1F9-4D42-AAAE-5DBCE58605A6}" = Apple Mobile Device Support
"{81D00339-968D-15D1-3499-8431658E896F}" = AMD Catalyst Install Manager
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B9609B6D-9532-E0F8-BE41-DFE18BFAEC22}" = AMD AVIVO64 Codecs
"{BABA4667-CF82-B330-A8E5-6E8A09B2D911}" = AMD Accelerated Video Transcoding
"{C1AC1FED-9E75-42A5-B3EA-CCEC92E75D61}" = Raw Therapee V4.0.7.1 x64
"{D0BE8477-6206-4588-8148-971EDAB6BBAD}" = Serif CraftArtist 2 Professional
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
"{E6F5D8BE-0B00-6DD9-18F9-D4045798FCBE}" = AMD Media Foundation Decoders
"{EB59AEBA-DF0C-4532-9C09-31E7B660EC13}" = EMF Plug-In
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Canon LBP5000" = Canon LBP5000
"CCleaner" = CCleaner
"CutePDF Writer Installation" = CutePDF Writer 2.8
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft IntelliPoint 8.2" = Microsoft IntelliPoint 8.2
"Neat Image Standalone_is1" = Neat Image v7.1.0 Demo Standalone
"PhotomatixPro41x64_is1" = Photomatix Pro version 4.1.2
"PremElem100" = Adobe Premiere Elements 10
"WinRAR archiver" = WinRAR 4.20 (64-Bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01496C89-6117-AD97-3CB3-98AF2026070C}" = CCC Help German
"{02E43EC2-6B1C-45B5-9E48-941C3E1B204A}_is1" = System.Data.SQLite v1.0.80.0
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0486991B-63F4-5106-06CE-404D7BA55041}" = CCC Help Italian
"{05BBF12D-565E-4212-8BDD-C482C72866DD}" = Vasco da Gama 4 HDPro
"{0834BB26-4019-4BCA-81F9-067FAFBFAE80}" = DaisyTrail Posters Digikit
"{10B1D4F7-6568-48F7-92FD-74D616CD061E}" = Serif CraftArtist Wedding Days Collection
"{11D08055-939C-432b-98C3-E072478A0CD7}" = PSE10 STI Installer
"{15FD2553-F154-4A40-9A2A-226C91AEAED7}" = DaisyTrail Diwali 2011 Digikit
"{177A3BC5-ECD3-BFF1-4D87-C4B417924DF2}" = CCC Help Russian
"{182D9A20-F5AE-4E6C-A4FC-651351DD083E}" = Serif WebPlus: Business Template - Real Estate 1
"{189B9ACF-DBA6-4F52-8726-2E11049FB1F7}" = HydraVision
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{19D368B2-5601-007B-A296-535706E00D97}" = CCC Help English
"{1D273D91-D7D5-4036-8B84-EB4615FF5F81}" = SmartSound Sonicfire Pro 5
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{22D3A614-482C-444A-932C-9DA1B8ECDFD2}" = Elements 10 Organizer
"{2397CAD4-2263-4CD0-96BE-E43A980B9C9A}_is1" = Geeks3D.com FurMark 1.9.2
"{25015AF4-F435-4605-A06F-BA91C0BF6087}" = Serif CraftArtist Scrapbooks Collection
"{27786902-FB5A-484C-8A2E-2501215AE454}" = DaisyTrail Valentine's 2012 Digikit
"{278FA289-F502-D888-A3BA-5FA10308AAAD}" = CCC Help Danish
"{2DC240EA-51B1-4CC4-A0E5-4E4399CD7302}" = Serif PagePlus X4
"{312F775B-EF9B-4456-83C8-4B4596677C13}" = Serif CraftArtist Baby Photos Collection
"{31D888B7-9DA0-4219-9371-9A0037A097C6}" = MAGIX Screenshare
"{340C0246-975B-420F-8ADD-DEA69B16FDEE}" = Adobe Premiere Elements 10 Content 1
"{35EDE682-4AE5-47D6-B44F-103F859951DC}" = Serif PanoramaPlus X4
"{371C9583-5174-4CF8-B10D-D4C3AA7E8CD0}" = Serif PagePlus X5
"{39CF0384-AF7F-4E56-9A8F-6F533C8A6DF4}" = MAGIX Video deluxe 17 Premium Sonderedition Video Plugins
"{3EAF3023-F780-46E5-8220-72F8DB87A7EB}_is1" = WISE-FTP 7
"{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX
"{44F77218-4BBD-1B74-88B7-FC302868F2B3}" = CCC Help Japanese
"{465C892E-BEE0-422F-A992-EA627D1943A3}" = Serif WebPlus: Interest Template - Photography 2
"{489BC3B4-AEF9-E14A-11BC-B70FDE9D543D}" = CCC Help Chinese Traditional
"{4A85AE1B-9727-261D-9EAF-07C1AECCF977}" = CCC Help Turkish
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4F29521F-7338-4D15-8691-8FEEB987780C}" = Adobe Premiere Elements 10 HD Content 3
"{502699FF-F586-54B1-91E8-E85D9FAE0D6D}" = CCC Help Greek
"{505AFDC0-5E72-4928-8368-5DEA385E3647}" = CorelDRAW Graphics Suite 12
"{53450FA2-F4B6-48C4-805B-751000018201}" = Virtua Tennis 4
"{53EF1C4D-0705-98F2-1889-A69BBF9F03F3}" = CCC Help Thai
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{548A4EF3-BD97-0813-B469-E1E2FC9DE487}" = CCC Help Korean
"{55533224-CAD0-39B5-6297-E1B2D1D8F176}" = Catalyst Control Center
"{590828E0-9BA6-3E4D-8491-A1D9CC3EB8CE}" = CCC Help French
"{5D037ECA-B00A-466F-848C-D21B4DB69DEA}" = Adobe Premiere Elements 10 HD Content 1
"{60CE924D-12CB-4A96-8B75-18F92CE1D585}" = CrazyTalk v6.21 SE
"{61B3CAF9-0C8A-4390-AE72-D6B90FB71C17}" = Serif CraftArtist Professional
"{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Apple Application Support
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{6563FAF5-84F9-0A35-C032-182EBC4C3BDB}" = CCC Help Finnish
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6C5F8503-55D2-4398-858C-362B7A7AF51C}" = Firebird SQL Server - MAGIX Edition
"{6D46F639-5F2F-90F3-4B60-EB2EF264B82E}" = CCC Help Spanish
"{70210CF8-CAB1-8FEB-D964-C33AFE18730B}" = CCC Help Czech
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7430B12A-3B67-4191-B0C5-59E57344CB1F}" = iClone v4.31 PRO
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789567FD-CAA2-4E1C-B38E-9072B3015FFD}" = CrazyTalk Animator PRO Trial
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7B2CC3DF-64FA-44AE-8F57-B0F915147E4F}_is1" = Need For Speed™ World
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7C08721F-AC43-4198-A35B-93442DD10A26}" = Serif CraftArtist Greeting Cards Collection
"{7D427BD1-1C88-4007-BBFB-C2DD2ED48C63}" = Serif WebPlus X5
"{7D775738-C2CC-4E91-9E87-B3F77833A238}" = Serif WebPlus: Business Template - Real Estate 2
"{7FB64E72-9B0E-4460-A821-040C341E414A}" = ASUS Ai Charger
"{7FCBED5C-8C0F-43FA-9880-E3BBCE81FEF0}" = CoffeeCup Web Form Builder
"{7FD8B0C1-CDDA-4B4D-A577-B2E3570EA3A3}_is1" = iExplorer 2.2.1.3
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{83A606F5-BF6F-42ED-9F33-B9F74297CDED}" = Need for Speed(TM) Hot Pursuit
"{83C97249-FB38-4FF0-8480-1D8E367767D8}" = Serif WebPlus: Interest Template - Music 1
"{84228E96-3FBE-4E1F-9161-D55E527687D3}" = Hoffnung für heute
"{85DE30D0-AEC8-4799-A56A-14267C421A76}" = CoffeeCup Web Form Builder Lite
"{875F9A42-D47B-43E6-BA68-29D1895188D5}_is1" = Dynamic Auto-Painter 2.5.3
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8B1AEC85-4507-28BD-F3BA-4A5D732752E7}" = CCC Help Hungarian
"{8C5ACED4-34D3-23BB-F90E-2F90420321BC}" = Catalyst Control Center Localization All
"{8F42D65F-B288-401B-BDE3-308AF6B33BF8}" = MAGIX Video deluxe 17 Premium Sonderedition
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.PROPLUSR_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.PROPLUSR_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90170407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office FrontPage 2003
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{93C40A12-0098-46B1-972E-E8083686A7A0}" = Serif MoviePlus X5
"{96CFF0DB-C3C3-44B8-930C-1121EC68A3BF}" = Serif WebPlus X4 Ressourcen
"{99C7D73D-E201-4D03-B8A4-5EDBA529B505}" = Adobe Premiere Elements 10 Content 3
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9ADA45A0-8043-470A-8E8B-02EA7D95F896}" = Serif WebPlus X4
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C8D1290-0A4C-446C-AD86-0590812660CC}" = Adobe Premiere Elements 10 Content
"{9F06F464-479A-403E-AF92-70CBB8D674A1}" = PRE10STI64Installer
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A127C3C0-055E-38CF-B38F-1E85F8BBBFFE}" = Adobe Community Help
"{A1683CA7-4850-4A21-982B-C6D853C79AF7}" = Mass Effect™ 3 Demo
"{A3DAD349-E48E-AE45-3F26-7B80A4FFCD26}" = Catalyst Control Center InstallProxy
"{A5909EAD-96CE-49E4-9BA8-D2F271C34AB4}" = DaisyTrail Christmas Crafts Digikit
"{A93EC091-461F-46EE-BAE1-327EB608AA60}" = Serif PagePlus X4 Ressourcen
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{AFA3224E-8AD6-4EFA-9DBA-A2E499F30282}" = Serif PhotoPlus X4
"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
"{B0B1A8A5-4711-BB6C-DD59-9794AD928368}" = CCC Help Dutch
"{B2CF1869-8727-4F9C-BA7D-807CA9F7C528}" = Magic Bullet Quick Looks (MAGIX)
"{B33D2348-2938-1A03-0CD3-E6F7101244E0}" = CCC Help Polish
"{B47A51FD-0DBC-45E1-8275-C4B5D8351E98}" = DaisyTrail New Year 2012 Digikit
"{B5BF7B43-E13D-4A76-9F8F-E933817131EC}" = calibre
"{B7C8D838-9C3A-1177-B80A-E3C512FD8AF5}" = CCC Help Swedish
"{B8A2869E-30CA-40C5-9CF8-BD7354E57EF8}" = SmartSound Common Data
"{B8A6C9D6-7A53-41CB-BC2A-891F461B613E}" = DaisyTrail Table Plans Digikit
"{BB55B191-6B35-4BDD-BED6-B2C9F2089954}" = DaisyTrail Thankgiving 2011 Digikit
"{C36CC334-10DA-4D13-B4EA-605B453D8912}" = DaisyTrail Happy Hanukkah 2011 Digikit
"{C7B3C4B4-D6E1-4E5D-8428-1FB7111944B9}" = Serif WebPlus X6
"{C8B6F34D-EF2D-4804-9F5D-21BD556C52AA}" = DaisyTrail Valentine's Day 2011 Digikit
"{CF53472F-99F4-4DFC-A267-74FE2909E6BF}" = DaisyTrail Mother's Day 2011 Digikit
"{D0F1732F-DE2D-4A6D-BE19-2D6CF784356C}" = Serif PagePlus X3 Ressourcen
"{D1CE6204-061A-43B5-830F-6A8A35C4E0C6}" = Adobe Premiere Elements 10 HD Content 2
"{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1" = Rapture3D 2.4.8 Game
"{D66A42BA-3747-4628-9CE4-9E7C18C3ED95}" = Adobe Premiere Elements 10 Content 2
"{D91AB4D6-2CA1-4427-91B3-BB31D3C6D4EE}" = SmartStore.biz 5
"{D982FFA1-51C2-4187-8EED-563F718536A3}" = MAGIX Video deluxe MX Premium
"{DDCB737A-EEC8-3815-42DA-69011A55E3E5}" = Catalyst Control Center Graphics Previews Common
"{E170E984-6B20-79C2-1E9F-0256EC5ADFB4}" = CCC Help Chinese Standard
"{E23FEC6A-C2D9-4D91-ADF4-FD513B4421A3}" = Serif WebPlus: Interest Template - Photography 1
"{E2B22002-9C8B-43CC-A75B-464B6ED4FF6B}" = Serif PagePlus X6
"{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding
"{E5F7F7F8-9FE2-4AA4-B142-8B5981F0A290}" = DaisyTrail Certificates Digikit
"{E866E52C-1F56-4CCF-0071-CA915F8CFEDA}" = CCC Help Norwegian
"{EE549AF9-8FAA-4584-83B2-ECF1BC9DC1FF}" = Adobe Photoshop Elements 10
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F5D245CC-C332-1E8E-CCB1-75E0C3C4D6F1}" = CCC Help Portuguese
"{F8F9302E-27C2-45FA-A2D3-3880616A2BD1}" = MAGIX Speed burnR (MSI)
"{FBAB18E2-4F7F-4DBD-BBE2-2062602BF5CA}" = MAGIX Audio Cleaning Lab MX
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop Elements 10" = Adobe Photoshop Elements 10
"Adobe Premiere Elements 10 Content" = Adobe Premiere Elements 10 Content
"Adobe Premiere Elements 10 Content 1" = Adobe Premiere Elements 10 Content 1
"Adobe Premiere Elements 10 Content 2" = Adobe Premiere Elements 10 Content 2
"Adobe Premiere Elements 10 Content 3" = Adobe Premiere Elements 10 Content 3
"Adobe Premiere Elements 10 HD Content 1" = Adobe Premiere Elements 10 HD Content 1
"Adobe Premiere Elements 10 HD Content 2" = Adobe Premiere Elements 10 HD Content 2
"Adobe Premiere Elements 10 HD Content 3" = Adobe Premiere Elements 10 HD Content 3
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.15
"ASD800_is1" = Anime Studio Debut 8.0
"Ashampoo Burning Studio 10_is1" = Ashampoo Burning Studio 10 v.10.0.15
"Avira AntiVir Desktop" = Avira Free Antivirus
"Bryce 7.0 Content 7.0.0.21" = Bryce 7.0 Content
"Bryce 7.1 7.1.0.109" = Bryce 7.1
"Bryce Lightning 7.0 7.1.0.109" = Bryce Lightning 7.0
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"Color Efex Pro 3.0 Stand-Alone Standard" = Color Efex Pro 3.0 Standard
"DAZ Content Management Service 4.8.1.7" = DAZ Content Management Service
"DAZ Studio 4 (64bit) 4.0.3.47" = DAZ Studio 4 (64bit)
"DiskAid_is1" = DiskAid 5.11
"DS4 Default Content 4.0.0.19" = DS4 Default Content
"DVD Shrink_is1" = DVD Shrink 3.2
"Elements+_is1" = Elements+ for PSE 10, v.4.0
"ESET Online Scanner" = ESET Online Scanner v3
"Finale NotePad 2012" = Finale NotePad 2012
"Free YouTube Download_is1" = Free YouTube Download version 3.0.20.1228
"GoZ DS4 (64bit) 1.0.3.9" = GoZ DS4 (64bit)
"HandBrake" = HandBrake 0.9.5
"Hexagon 2 2.5.1.79" = Hexagon 2
"InstallShield_{1D273D91-D7D5-4036-8B84-EB4615FF5F81}" = SmartSound Sonicfire Pro 5
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"InstallShield_{B8A2869E-30CA-40C5-9CF8-BD7354E57EF8}" = SmartSound Common Data
"IrfanView" = IrfanView (remove only)
"jAlbum_0" = jAlbum 9.3
"KoolMoves_is1" = KoolMoves 7.4.2
"MAGIX_MSI_mclab_mx" = MAGIX Audio Cleaning Lab MX
"MAGIX_MSI_Videodeluxe17_premium" = MAGIX Video deluxe 17 Premium Sonderedition
"MAGIX_MSI_Videodeluxe18_premium" = MAGIX Video deluxe MX Premium
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.0.1400
"MotionArtist09_is1" = MotionArtist 0.9
"Mozilla Firefox 16.0.1 (x86 de)" = Mozilla Firefox 16.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MultiCommander" = MultiCommander
"MuseScore" = MuseScore 1.2 MuseScore score typesetter
"NewBlue Light Rays for Magix" = NewBlue Light Rays for Magix
"NewBlue Lightning for Magix" = NewBlue Lightning for Magix
"NewBlueFX Light Blends" = NewBlueFX Light Blends
"NewBlueFX Premium Effects" = NewBlueFX Premium Effects
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"OpenAL" = OpenAL
"Origin" = Origin
"PhotoZoom Classic 4" = BenVista PhotoZoom Classic 4.1.2
"Poser 7_is1" = Poser 7.0.4 Service Release
"Poser Debut_is1" = Poser Debut
"proDAD-Adorage-3.0" = proDAD Adorage 3.0
"proDAD-Heroglyph-2.5" = proDAD Heroglyph 2.5
"proDAD-Mercalli-2.0" = proDAD Mercalli 2.0
"proDAD-Vitascene-2.0" = proDAD Vitascene 2.0
"PunkBusterSvc" = PunkBuster Services
"SongBeamer_Bible_Elb2006_is1" = SongBeamer - Elberfelder Bibel 2006
"SongBeamer_Setup_is1" = SongBeamer 4.09
"SpeedCommander 10" = SpeedCommander 10
"Steam App 218" = Source SDK Base 2007
"Steam App 35720" = Trine 2
"Steam App 71390" = Virtua Tennis 4
"TmNationsForever_is1" = TmNationsForever
"TmUnited_is1" = TrackMania United 0.2.0.8
"TmUnitedForever_is1" = TmUnitedForever
"TrueCrypt" = TrueCrypt
"Uplay" = Uplay
"Victoria 4.2 Base DAZ Studio Content ps_pe069_Victoria4DS" = Victoria 4.2 Base DAZ Studio Content
"Victoria 4.2 Base ps_pe069_Victoria4" = Victoria 4.2 Base
"Victoria 4.2 Morphs++ DAZ Studio Content ps_pe070_V4MorphsDS" = Victoria 4.2 Morphs++ DAZ Studio Content
"Victoria 4.2 Morphs++ ps_pe070_V4Morphs" = Victoria 4.2 Morphs++
"virtualPhotographer_is1" = virtualPhotographer 1.5.6
"VLC media player" = VLC media player 1.1.11
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"fc6d9d64ce333d98" = BibleReader
"Google Chrome" = Google Chrome
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 29.08.2012 13:50:14 | Computer Name = Johannes-PC2 | Source = Steam Client Service | ID = 1
Description = Error: Invalid file signature: C:\Program Files (x86)\bin\SteamService.dll
 
Error - 29.08.2012 13:50:24 | Computer Name = Johannes-PC2 | Source = Steam Client Service | ID = 1
Description = Error: Invalid file signature: C:\Program Files (x86)\bin\SteamService.dll
 
Error - 29.08.2012 13:51:54 | Computer Name = Johannes-PC2 | Source = Steam Client Service | ID = 1
Description = Error: Invalid file signature: C:\Program Files (x86)\bin\SteamService.dll
 
Error - 29.08.2012 13:51:54 | Computer Name = Johannes-PC2 | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: VT4.exe, Version: 1.0.0.1, Zeitstempel:
 0x4de8f45c  Name des fehlerhaften Moduls: VT4.exe, Version: 1.0.0.1, Zeitstempel:
 0x4de8f45c  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00027205  ID des fehlerhaften Prozesses:
 0x5c0  Startzeit der fehlerhaften Anwendung: 0x01cd860ef90941cf  Pfad der fehlerhaften
 Anwendung: C:\Program Files (x86)\Steam\steamapps\common\Virtua Tennis 4\VT4.exe
Pfad
 des fehlerhaften Moduls: C:\Program Files (x86)\Steam\steamapps\common\Virtua Tennis
 4\VT4.exe  Berichtskennung: 37c8bf41-f202-11e1-ae3b-f46d04b04223
 
Error - 29.08.2012 13:52:00 | Computer Name = Johannes-PC2 | Source = Steam Client Service | ID = 1
Description = Error: Invalid file signature: C:\Program Files (x86)\bin\SteamService.dll
 
Error - 29.08.2012 13:56:52 | Computer Name = Johannes-PC2 | Source = Steam Client Service | ID = 1
Description = Error: Invalid file signature: C:\Program Files (x86)\bin\SteamService.dll
 
Error - 29.08.2012 13:56:53 | Computer Name = Johannes-PC2 | Source = Steam Client Service | ID = 1
Description = Error: Invalid file signature: C:\Program Files (x86)\bin\SteamService.dll
 
Error - 29.08.2012 13:56:54 | Computer Name = Johannes-PC2 | Source = Steam Client Service | ID = 1
Description = Error: Invalid file signature: C:\Program Files (x86)\bin\SteamService.dll
 
Error - 29.08.2012 14:15:46 | Computer Name = Johannes-PC2 | Source = Avira Antivirus | ID = 4110
Description = Während der Initialisierung der Suchengine trat ein unbekannter Fehler
 auf!  Fehlercode: 0x35
 
Error - 29.08.2012 14:17:19 | Computer Name = Johannes-PC2 | Source = WinMgmt | ID = 10
Description = 
 
[ System Events ]
Error - 20.06.2012 06:18:10 | Computer Name = Johannes-PC2 | Source = bowser | ID = 8003
Description = 
 
Error - 20.06.2012 06:30:12 | Computer Name = Johannes-PC2 | Source = bowser | ID = 8003
Description = 
 
Error - 20.06.2012 06:54:16 | Computer Name = Johannes-PC2 | Source = bowser | ID = 8003
Description = 
 
Error - 20.06.2012 07:30:21 | Computer Name = Johannes-PC2 | Source = bowser | ID = 8003
Description = 
 
Error - 20.06.2012 08:06:28 | Computer Name = Johannes-PC2 | Source = bowser | ID = 8003
Description = 
 
Error - 20.06.2012 08:30:33 | Computer Name = Johannes-PC2 | Source = bowser | ID = 8003
Description = 
 
Error - 20.06.2012 09:06:40 | Computer Name = Johannes-PC2 | Source = bowser | ID = 8003
Description = 
 
Error - 20.06.2012 09:42:36 | Computer Name = Johannes-PC2 | Source = bowser | ID = 8003
Description = 
 
Error - 20.06.2012 10:06:40 | Computer Name = Johannes-PC2 | Source = bowser | ID = 8003
Description = 
 
Error - 20.06.2012 10:42:56 | Computer Name = Johannes-PC2 | Source = bowser | ID = 8003
Description = 
 
 
< End of report >

--- --- ---

Das wärs erstmal.

Sieht das jetzt ok aus? Oder muss ich noch etwas tun?
Vielen Dank für deine Mühe!
LG

kira · 18.10.2012, 05:21

Zitat:

Achtung wichtig!:
Falls Du selber im Logfile Änderungen vorgenommen hast, musst Du durch die Originalbezeichnung ersetzen und so in Script einfügen! sonst funktioniert nicht!
(Benutzerordner, dein Name oder sonstige Änderungen durch X, Stern oder andere Namen ersetzt)

Fixen mit OTL

Starte die OTL.exe.
Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
Kopiere folgendes Skript also - nach dem "Code", alles was in der Codebox steht - (also beginnend mit :OTL und am Ende [emptytemp]), alles was in der Codebox steht (ohne "code"!) :

Code:

ATTFilter

:OTL
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE - HKCU\..\SearchScopes,DefaultScope = {28D19648-2FD8-4E6E-B7BF-E0608E47C46E}
IE - HKCU\..\SearchScopes\{28D19648-2FD8-4E6E-B7BF-E0608E47C46E}: "URL" = http://www.google.at/search?q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
CHR - homepage: http://isearch.babylon.com/?babsrc=HP_ss&mntrId=ba010ec9000000000000f46d04b04223
CHR - homepage: http://isearch.babylon.com/?babsrc=HP_ss&mntrId=ba010ec9000000000000f46d04b04223
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No CLSID value found.
O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.

:Files
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]

und füge es hier ein:
Schließe alle Programme.
Klicke auf den Fix Button.
Klick auf .
OTL verlangt einen Neustart. Bitte zulassen.
Nach dem Neustart findest Du ein Textdokument.
Kopiere den Inhalt hier in Deinen Thread.

► berichte erneut über den Zustand des Computers. Ob noch Probleme auftreten, wenn ja, welche?

eagle_j · 18.10.2012, 08:07

Hallo!

Gerade gemacht:
Textdokument nach OTL Fix:

Code:

ATTFilter

All processes killed
========== OTL ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{28D19648-2FD8-4E6E-B7BF-E0608E47C46E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{28D19648-2FD8-4E6E-B7BF-E0608E47C46E}\ not found.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
Use Chrome's Settings page to change the HomePage.
Use Chrome's Settings page to change the HomePage.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ not found.
========== FILES ==========
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\Johannes\Desktop\cmd.bat deleted successfully.
C:\Users\Johannes\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Johannes
->Temp folder emptied: 208653 bytes
->Temporary Internet Files folder emptied: 236877257 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 12774967 bytes
->Google Chrome cache emptied: 6754407 bytes
->Apple Safari cache emptied: 2299904 bytes
->Flash cache emptied: 2283 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 247,00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 10182012_082729

Files\Folders moved on Reboot...
C:\Users\Johannes\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

Änderungen die mir aufgefallen sind:

1. Jetzt kommt wieder das Addon-Einstellungs Fenster beim IE9 Start.

2. Auf einer Website (ist mir bis jetzt nur da aufgefallen) kommt es zu Textdarstellungsfehlern (Sie funktioniert auf meinem Laptop mit Win7 und IE9 perfekt - und hat früher auch auf diesem PC funktioniert)
Alle Browser auf diesem PC nach den Fixes haben Probleme damit: IE9 und Firefox zeigen bestimmte Überschriften nicht mehr richtig an (siehe Anhang). Chrome und Safari zeigen sie an, aber in einer seltsamen Schrift (z.B. €- Zeichen wird nicht richtig angezeigt).
Hat das etwas mit den Fixes oder CCleaner zu tun?
Es betrifft den ganzen Webauftritt von www.propellerheads.se
Die eingekreiste Schrift sollte dieselbe sein, wie auch sonst im Shop vorhanden.
Ich will nur sicher gehen, deshalb frage ich (und weil ich die Website öfters mal verwende)

Vielen Dank für die Hilfe.
LG

kira · 19.10.2012, 02:53

JavaScript im Browser aktiviert?

Zitat:

Zitat von eagle_j

Hat das etwas mit den Fixes oder CCleaner zu tun?

Internet Explorer & Co:
nein, sicherlich nicht! Die Start und Suchseite des Browsers hat sich durch Adware & Spyware geändert, auch einige unerwünschte Erweiterungen wie z.B Babylon, Sweetim usw. Nachdem wir sie entfernt haben, leider die vorgenommenen Einstellungen auch weg sind.

eagle_j · 19.10.2012, 09:43

Hallo, danke für deine nächtliche Antwort.
Ja, JavaScript (Active Scripting) ist aktiviert.
Das Addon-Einstellungsfenster kam diesmal eh nur einmal - danach nicht mehr.
Die eingestellte Start- und Suchseite hatte ich eigentlich selbst so eingestellt.

Das Darstellungsproblem mit der einen Webseite scheint wohl etwas mit einer fehlenden oder defekten Schriftart zu tun zu haben oder mit einem CSS Problem. Wenn ich nämlich im IE9 bei der Barrierefreiheit "Schriftangaben auf Webseiten ignorieren" anklicke, dann wird der sonst fehlende oder weiße - und daher nicht sichtbare - Text ganz normal in der von mir eingestellten Standardschriftart angezeigt.
Dies könnte auch erklären, warum auch die anderen Browser damit Probleme haben (Chrome und Safari verwenden eine alternative Schriftart - sieht seltsam aus, Firefox alte Verion verwendete die selbe Schriftart, nach der Aktualisierung zeigt er die gleichen Darstellungsprobleme wie der IE9)
Den IE9 hab ich schon zurückgesetzt (nicht neu intalliert) - aber die Einstellungen zurückgesetzt.
Was kann ich nun sicher tun?
Eine Systemwiederherstellung auf vor einigen Wochen wird wohl nicht in Frage kommen, oder?
Oder sollte ich Windows irgendwie reparieren?
Ist jetzt generell mal mein PC soweit gesäubert? Soll ich noch etwas tun?
Vielen Dank für deine Hilfe!
LG

kira · 19.10.2012, 14:38

Zitat:

Das Darstellungsproblem mit der einen Webseite scheint wohl etwas mit einer fehlenden oder defekten Schriftart zu tun zu haben oder mit einem CSS Problem. Wenn ich nämlich im IE9 bei der Barrierefreiheit "Schriftangaben auf Webseiten ignorieren" anklicke, dann wird der sonst fehlende oder weiße - und daher nicht sichtbare - Text ganz normal in der von mir eingestellten Standardschriftart angezeigt.

glaube irgendwo habe darüber gelesen, durch einen Fehler im IE9 selbst oder ähnliches?

Zitat:

Was kann ich nun sicher tun?
Eine Systemwiederherstellung auf vor einigen Wochen wird wohl nicht in Frage kommen, oder?

kannst Du ja machen, aber wir müssen die ganze Prozedur neu anfangen bzw dein system auf Malware erneut untersuchen

Zitat:

Ist jetzt generell mal mein PC soweit gesäubert?

ansonsten momentan soll ales im grünen Bereich sein

eagle_j · 20.10.2012, 19:36

Hallo und vielen Dank für deine Hilfe.
Natürlich mach ich keine Systemwiederherstellung.

Das Internet Explorer Problem hab ich inzwischen auch eruiert, tatsächlich wars ein Konflikt mit einer installierten Schriftart. Hatte ich noch nie, aber nun klappts wieder.
Hab nun zwecks Surfsicherheit noch Sandboxie installiert.
Danke nochmal für deine Hilfe!

kira · 21.10.2012, 07:43

** Lass dein System in der nächste Zeit noch unter Beobachtung!
wenn alles gut verlaufen ist und dein System läuft stabil,mache folgendes:

1.
Programme deinstallieren/entfernen, die wir verwendet haben und nicht brauchst, bis auf:

Code:

ATTFilter

CCleaner

- Zeitweise laufen lassen:-> Anleitung

2.
Tool-Bereinigung mit OTL

Wir werden nun die CleanUp!-Funktion von OTL nutzen, um die meisten Programme, die wir zur Bereinigung installiert haben, wieder von Deinem System zu löschen.

Bitte lade Dir (falls noch nicht vorhanden) OTL von OldTimer herunter.
Speichere es auf Deinem Desktop.
Doppelklick auf OTL.exe um das Programm auszuführen.
Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
Klicke auf den Button "Bereinigung"
OTL fragt eventuell nach einem Neustart.
Sollte es dies tun, so lasse dies bitte zu.

Anmerkung: Nach dem Neustart werden OTL und andere Helferprogramme, die Du im Laufe der Bereinigung heruntergeladen hast, nicht mehr vorhanden sein. Sie wurden entfernt. Es ist daher Ok, wenn diese Programme nicht mehr vorhanden sind. Sollten noch welche übrig geblieben sein, lösche sie manuell.

3.
Windows legt beispielsweise regelmäßig Schattenkopien an (mindestens einmal täglich), die im Notfall zur Wiederherstellung des Systems und zum Zugriff auf ältere Dateiversionen dienen. Diese Funktion belegt sehr viel Speicherplatz. Standardmäßig beträgt der für Schattenkopien reservierte Speicherplatz 15 % der Volumegröße, so dass die Systemleistung auch beeinträchtigt wird. Außerdem gelöschte und ev. schädliche Objekte, die in der Systemwiederherstellung sitzen, müssen auch entfernt werden:
Also mach bitte folgendes:

*Systemwiederherstellung deaktivieren: Windows 7 und Vista*
PC runterfahren
wieder einschalten
Systemwiederherstellung aktivieren

also zuerst deaktivieren-> dann aktivieren - also am Ende soll wieder "aktiviert" sein!

4.
Ich würde Dir vorsichtshalber raten, dein Passwort zu ändern (man sollte alle 3-4 Monate machen)
z.B. Login-, Mail- oder Website-Passwörter
Tipps:
Die sichere Passwort-Wahl - (sollte man eigentlich regelmäßigen Abständen ca. alle 3-5 Monate ändern)
auch noch hier unter: Sicheres Kennwort (Password)

5.
► Schaue bitte nach, ob für Windows neue Update gibt?!:-> - Microsoft Update hält Ihren Computer auf dem neuesten Stand!
-> Installiere jedes Update das Dir angeboten wird, wiederhole den Vorgang so oft, bis nicht mehr gibt

Lesestoff Nr.1:
Gib Kriminellen Handlungen keine Chance!

Zitat:

Sichere regelmäßig deine Daten (Bilder Musik, Dokumente, Mails (als Textdatei), im Browser Lesezeichen usw) auf CD/DVD, USB-Sticks oder externe Festplatten! Am besten 2x an verschiedenen Orten sichern!

Wie erstelle ich ein eingeschränktes Benutzerkonto?
Software immer auf dem neuesten Stand halten!:
ALLE auf dem System installierten Programme und Treiber, sollten regelmäßig upgedatet werden um Sicherheitslücken zu vermeiden und um das reibungslose Arbeitsabläufe zu erreichen!
Firefox - FirefoxWiki/Einstellungen - Erweiterungen für Firefox
Sichere eMail Clients z.B. Thunderbird-->Erweiterungen für Mozilla Thunderbird
- Unbekannten E-Mail-Anhang NICHT öffnen!
- Mails besonders mit Anhang, nicht anklicken, sondern als Text oder in Druckversion anzeigen lassen
Sichere Paswort - Die sichere Passwort-Wahl - (sollte man eigentlich regelmäßigen Abständen ca. alle 3-5 Monate ändern)
auch noch hier unter: Sicheres Kennwort (Password)
Die fünf häufigsten Passwort-Fehler

"Never accept software from strangers" - Installiere grundsätzlich immer nur Programme, die Du auch wirklich benötigst und von denen Du überzeugt bist, dass sie seriös sind.
Du hast die Wahl!, welche zusätzlichen Komponenten noch installiert werden sollen? -> Während der Installation immer mitlesen, Sponsoren und Partnerprogramme, Toolbars oder eventuell noch andere extra angebotene Programme möglichst abwählen!
so wird oft Art von Adware/Spyware mitinstalliert!

NICHT irgendwelche Programme aus dem Netz laden, wenn nicht zu 100% fest steht, dass es sich dabei um saubere Software handelt. Nette Versprechen der Hersteller garantieren noch lange keine einwandfreie Funktionsweise, also vorher blättere die Seiten bei GOOGLE, da kannst Du Dir wertvolle Informationen holen!!!

Programme und Treiber:
Nur vom Hersteller!

Onlinebanking:
Gib deine Passwörter niemals preis!
Seriöse Bankinstitute, E- Mail- Provider oder Online- Shops versenden grundsätzlich keine E- Mails, in denen Kunden aufgefordert werden, vertrauliche Daten wie Passwörter, Verfügernummer, PINs oder TANs preiszugeben. Bei dieser Art von E- Mails handelt es sich immer um Betrugsversuche, weshalb entsprechende Anfragen nicht beantwortet werden sollten. Sobald der Verdacht auf Betrug entsteht, melde deinen Verdacht der jeweiligen Bank- Hotline.

Computer, anderen (Gästen/Freunden) zur Nutzung überlassen überlassen - Nutze nur vertrauenswürdige Computer!
Vergewissere dich, dass nur Personen deines Vertrauens deinen Computer nutzen oder verwalten und wickel niemals Bankgeschäfte über nicht vertrauenswürdige Computer - beispielsweise aus einem Internetcafé während des Urlaubs - ab

Wichtige Daten Regelmäßig sichern! - aber denk daran: dein Hauptsystem ist doch kein Lagerhalle!

Vorsicht bei der Nutzung fremder Computer und anschliessbare Externe Speichermedien wie Festplatte, USB Sticks, Speicherkarten usw![/color] - auch zeitweise anschließen und scannen lassen (sehe unter `kostenlose Online-Viren-Scanner`)
Webseiten ohne Gültiges Impressum nicht besuchen
- Externe Geräte (Festplatte USB-Stick) nicht ständig am PC anschließen, sondern nur kurzfristig während Du etwas sichern möchtest
Lizenzkosten sparen? - Vorsicht bei Dateien/Programmen aus nicht vertrauenswürdigen Quellen! - "full Keygen, Crack, Serial, Warez, keygenerators" etc.
Sind immer verseucht mit diverse Malware/Schadprogramme/Code, es gibt keine seite wo Viren frei ist. (Man sollte nicht absitlich der Teufel holen) Eine weitere höchst unsichere Quelle ist das File-Sharing der sog. (Musik-)Tauschbörse.
► Ausserdem machst Du dich damit strafbar!
Nur eine Firewall sowie ein Antiviren Programm verwenden, welche sich immer auf dem aktuellsten Stand befinden sollten!
Das Installieren von `zuviel` Software beeinträchtigt die Systemleistung und Sicherheit, verlangsamt den Start-Vorgang enorm und belastet den Arbeitsspeicher (weil laufen ja die Programme nebeneinander gleichzeitig, die viel Performance fressen, aber wenig Qualität bringen). Im Laufe der Zeit wird der rechner durch zu viel unnötigen Ballast immer langsamer, und unsicherer. Um so mehr Programme installiert sind, um so häufiger treten Probleme auf, die dann unter Umständen nur schwer lösen können. Dazu kommt noch, das einige Programme große Sicherheitsrisiken mit sich bringen
Virenscanner
BSI für Bürger
SETI@home - [Sicherheit] Sicherheitskonzept

** Der gesunde Menschenverstand, Windows und Internet-Software sicher konfigurieren ist der beste Weg zur Sicherheit im Webverkehr ist !!

Zitat:

Da der Bestand der Datenbank wird täglich ergänzt und erweitert bzw werden mit der aktuellen Virendefinition die Informationen über den betroffenen Virus aufgenommen, empfehle ich dir mindestens einmal pro Woche (später genügt es sicherlich einmal im Monat) dein System Online Scannen lassen (immer mit einen anderen Scanner), um eine zweite Meinung einzuholen - Die auf dem Speichermedium gesicherten Daten sollten auch mit einbezogen werden!
(benutzen meist ActiveX und/oder Java): Kostenlose Online Scanner -

Lesestoff Nr.2:
► Kann sich auf Dauer eine Menge Datenmüll ansammeln, sich Fehlermeldungen häufen, der PC ist wahrscheinlich nicht mehr so schnell, wie früher:

Verlauf, Cache und Cookies: Spuren beseitigen nach dem Surfen
hier nachlesen und hier microsoft.com
Wenn dein System reibungslos läuft, kannst zeitweise die alte Wiederherstellungspunkte entfernen: -> Alle Systemwiederherstellungspunkte bis auf den Letzten löschen
Oft den PC zu optimieren nütz wenig, der braucht jetzt eine Radikalkur (nach ca. 3-4 jahren, aber hängt von der Häufigkeit der Nutzung bzw Belastung ab): Anleitung: Neuaufsetzen des Systems + Absicherung
Staub, Fingerabdrücke, Handschweiß – PC und Peripherie sehen mit der Zeit ganz schön eklig aus, ausserdem laut, reagiert langsam und wird schnell heiß:
-> Frühjahrsputz für den PC: Tipps zur Reinigung und Entrümpelung

wünsch Dir alles Gute

Wenn Du uns unterstützen möchtest→ Spendekonto

gruß
kira

Ihr Computer wurde gesperrt ...

Plagegeister aller Art und deren Bekämpfung: Ihr Computer wurde gesperrt ...