Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Download Converter --> Absturz Mozilla-Programme nach mehrfacher Neuinstallation

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 16.05.2013, 15:34   #1
Conzo
 
Download Converter --> Absturz Mozilla-Programme nach mehrfacher Neuinstallation - Frage

Download Converter --> Absturz Mozilla-Programme nach mehrfacher Neuinstallation



Sehr geehrte Helfer und Mitarbeiter dieses wunderbaren Forums,


ich bin über Google zu euch gestoßen.
Ein anderer User hatte offenbar schon ein sehr ähnliches Problem wie ich:
http://www.trojaner-board.de/132335-...-download.html

Leider wurden mit dem heruntergeladenen MP3-Converter namens "FreeMp3WmaOggConverter.exe" auch Tuneuputilities, mehrere Toolbars und "Iminent" installiert, sehr ähnlich wie bei dem oben erwähnten User.

Nachdem Firefox erst nach 2-3 Tagen nach Installation dieses Audio-Converters das erste Mal abgestürtzt ist, begann ich mir Sorgen zu machen.
Dann bemerkte ich dass auch im Internetexplorer plötzlich die Startseite zu kryptischen japanischen Zeichen verändert wurde. Dieser funktioniert nun aber wieder.
Ich habe sämtliche verdächtige Programme deinstalliert und auch Firefox deinstalliert und neuinstalliert. Firefox habe ich mir über einen anderen Rechner installiert.
Ich habe auch CC-Cleaner installiert, weil der schonmal Registry-Probleme gelöst hatte.
Doch leider hat dieser scheinbar auch meine Systemwiederherstellungspunkte gelöscht. (Das wäre der nächste Schritt, den ich probiert hätte.)
Ich habe nun Firefox 3 mal deinstalliert und neuinstalliert, bei den letzten 2 Malen auch mit Neustart und CC-Cleaner dazwischen. Doch das Problem bleibt bestehen. Und zuguterletzt habe ich nun auch noch bemerkt, dass Thunderbird ebenfalls nicht mehr funktioniert.
Nicht funktionieren bedeutet in meinem Fall = Doppelklick auf Mozilla-Programm --> Freeze / Windows7-Rädchen ... --> ich muss es mit Gewalt beenden!

Ich bin völlig neu hier und weiß nicht genau welche Anleitungen ich hier befolgen muss um mein Problem eindeutig und umfangreich genug zu beschreiben/ zu posten/ hochzuladen.

Ich wäre erst einmal schon dankbar einen Link zu der für mein Problem passenden Anleitung zu erhalten.


Auf meinem Rechner ist folgende Hardware installiert:
- MSI Z68A-GD80 (G3), Intel Z68, ATX, DDR3
- Intel Core i7-2600K Box, LGA1155
- Gainward GeForce GTX 570 Phantom, 1.25GB GDDR5
- 2 x 8GB-Kit G.Skill Sniper PC3-10667U CL9-9-9-24 (DDR3-1333)

- Windows 7 Professional 64bit wurde auf folgender SSD installiert:
- Crucial m4 SSD 128GB, 2.5


Vielen Dank schon mal im Voraus für eine Antwort.


Beste Grüße,
Constantin

Ich habe nun doch noch folgende Anleitung hier gefunden und diese befolgt:

http://www.trojaner-board.de/69886-a...-beachten.html


Inhalt von defogger_disable.txt:
Zitat:
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 17:00 on 16/05/2013 (Constantin Kilian)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-
Inhalt von OTL.exe:
OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 16.05.2013 17:38:11 - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\***\Desktop\Zur Reparatur des befallenen PCs
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
15,91 Gb Total Physical Memory | 13,65 Gb Available Physical Memory | 85,78% Memory free
31,82 Gb Paging File | 29,70 Gb Available in Paging File | 93,34% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 119,14 Gb Total Space | 19,83 Gb Free Space | 16,65% Space Free | Partition Type: NTFS
Drive D: | 931,51 Gb Total Space | 700,44 Gb Free Space | 75,19% Space Free | Partition Type: NTFS
Drive E: | 931,51 Gb Total Space | 844,62 Gb Free Space | 90,67% Space Free | Partition Type: NTFS
 
Computer Name: VID-WORKSTATION | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.05.16 16:44:02 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\Zur Reparatur des befallenen PCs\OTL.exe
PRC - [2013.02.10 05:25:27 | 001,266,464 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2013.02.09 19:43:48 | 000,383,264 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012.06.11 01:07:44 | 000,305,152 | ---- | M] () -- C:\Users\***\AppData\Roaming\Uwbio\vaexv.exe
PRC - [2011.10.30 13:48:36 | 003,246,040 | ---- | M] (Acronis) -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
PRC - [2011.06.06 13:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011.02.22 06:19:12 | 002,656,280 | R--- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2011.02.22 06:19:08 | 000,326,168 | R--- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2010.11.18 20:33:34 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013.02.10 05:25:27 | 000,004,096 | ---- | M] () -- C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll
MOD - [2012.06.11 01:07:44 | 000,305,152 | ---- | M] () -- C:\Users\***\AppData\Roaming\Uwbio\vaexv.exe
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2013.05.15 16:01:29 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.05.12 00:26:17 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.02.10 05:25:27 | 001,266,464 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2013.02.09 19:43:48 | 000,383,264 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2013.01.27 12:34:32 | 000,379,360 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2013.01.27 12:34:32 | 000,022,056 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2012.07.13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011.10.30 13:48:36 | 003,246,040 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe -- (afcdpsrv)
SRV - [2011.06.06 13:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.05.25 00:19:48 | 001,114,280 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2011.02.22 06:19:12 | 002,656,280 | R--- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2011.02.22 06:19:08 | 000,326,168 | R--- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010.11.29 16:00:56 | 000,149,504 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Programme\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost)
SRV - [2010.11.18 20:33:34 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2010.05.14 15:02:54 | 000,246,256 | ---- | M] (CyberLink) [Auto | Stopped] -- C:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe -- (CLKMSVC10_9EC60124)
SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.02.19 14:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2010.01.09 22:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2010.01.09 22:20:56 | 000,174,440 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose64)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013.01.20 16:59:04 | 000,130,008 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012.12.19 07:41:52 | 000,194,488 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2012.04.25 12:11:36 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.02.28 12:16:56 | 000,270,912 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2011.10.30 13:48:36 | 001,263,200 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tdrpm273.sys -- (tdrpman273)
DRV:64bit: - [2011.10.30 13:48:36 | 000,970,336 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\timntr.sys -- (timounter)
DRV:64bit: - [2011.10.30 13:48:36 | 000,285,280 | ---- | M] (Acronis) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\afcdp.sys -- (afcdp)
DRV:64bit: - [2011.10.30 13:48:35 | 000,277,088 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\snapman.sys -- (snapman)
DRV:64bit: - [2011.08.31 20:53:22 | 012,306,848 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011.06.10 08:34:52 | 000,539,240 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011.03.14 11:29:46 | 000,313,136 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mvs91xx.sys -- (mvs91xx)
DRV:64bit: - [2011.03.14 11:29:46 | 000,024,880 | ---- | M] (Marvell Semiconductor Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mv91cons.sys -- (mv91cons)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.02.10 15:52:34 | 000,181,760 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2011.02.10 15:52:34 | 000,082,432 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2010.11.29 16:00:04 | 000,016,120 | ---- | M] (Intel(R) Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB)
DRV:64bit: - [2010.11.21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.21 05:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010.11.18 20:25:50 | 000,551,448 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010.10.19 10:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2009.11.18 01:12:00 | 000,032,344 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\MBfilt64.sys -- (MBfilt)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.09 04:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2011.01.06 12:06:56 | 000,011,888 | ---- | M] (MSI) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Setup Files\Ms7672vI50\NTIOLib_X64.sys -- (NTIOLib_1_0_6)
DRV - [2010.07.12 18:54:26 | 000,014,136 | ---- | M] (MSI) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\MSI\Super-Charger\NTIOLib_X64.sys -- (NTIOLib_1_0_3)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=287&systemid=406&sr=0&q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE - HKLM\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:1926905636&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=287&systemid=406&sr=0&q={searchTerms}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:1926905636&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:1926905636&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 03 BA 9B 9E C5 96 CC 01  [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:1926905636&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:1926905636&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com
IE - HKCU\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE - HKCU\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:1926905636&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://mixidj.delta-search.com/?q={searchTerms}&affID=121136&tt=gc_&babsrc=SP_ss&mntrId=BA248C89A55A2CA9
IE - HKCU\..\SearchScopes\{18EB8B19-5EB3-4AE4-8338-F5B3A0D1223C}: "URL" = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searcerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=287&systemid=406&sr=0&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_202.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.05.15 14:49:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.05.15 14:49:14 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
 
[2013.05.16 15:38:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2013.05.16 15:11:44 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2013.04.12 09:47:14 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013.05.16 15:36:07 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions
[2013.05.16 15:36:07 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2012.04.26 16:42:15 | 000,002,313 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
[2012.09.10 23:08:36 | 000,002,519 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\Search_Results.xml
 
========== Chrome  ==========
 
CHR - homepage: 
CHR - default_search_provider:  ()
CHR - default_search_provider: search_url = 
CHR - default_search_provider: suggest_url = 
CHR - homepage: 
CHR - Extension: No name found = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: No name found = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.17_0\
CHR - Extension: No name found = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpepfkjapeclaafmhoelccknpfedainn\1.0_0\
CHR - Extension: No name found = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\
CHR - Extension: No name found = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2011.10.30 13:15:13 | 000,000,856 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 activate.adobe.com
O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKCU..\Run: [AdobeBridge]  File not found
O4 - HKCU..\Run: [Nurey] C:\Users\***\AppData\Roaming\Uwbio\vaexv.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8:64bit: - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{53344D21-706C-4D3E-A826-0143CB1DE9EC}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9862E735-7C9B-4128-A50C-DAE099331211}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18 - Protocol\Handler\ms-help - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (c:\windows\syswow64\nvinit.dll) - c:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{1a8e85a1-61dd-11e1-b65a-8c89a55a2ca9}\Shell - "" = AutoRun
O33 - MountPoints2\{1a8e85a1-61dd-11e1-b65a-8c89a55a2ca9}\Shell\AutoRun\command - "" = L:\start.exe
O33 - MountPoints2\{caf3b4cc-02b9-11e1-be2c-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{caf3b4cc-02b9-11e1-be2c-806e6f6e6963}\Shell\AutoRun\command - "" = D:\DVDSetup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.05.16 16:46:31 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Zur Reparatur des befallenen PCs
[2013.05.16 15:49:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2013.05.16 15:49:49 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2013.05.16 15:38:50 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Mozilla
[2013.05.16 15:30:23 | 003,309,368 | ---- | C] (Piriform Ltd) -- C:\Users\***\Desktop\ccsetup401_slim.exe
[2013.05.16 15:23:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MozBackup
[2013.05.16 15:23:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MozBackup
[2013.05.16 15:13:01 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Alte Firefox-Daten
[2013.05.16 09:41:23 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Ycepy
[2013.05.16 09:41:23 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Xunu
[2013.05.16 09:41:23 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Uwbio
[2013.05.16 09:41:13 | 000,000,000 | ---D | C] -- C:\Users\***\Local Settings
[2013.05.15 14:49:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird
[2013.05.13 15:02:56 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\TuneUp Software
[2013.05.13 15:02:53 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software
[2013.05.13 15:02:52 | 000,000,000 | -HSD | C] -- C:\ProgramData\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
[2013.05.13 15:02:52 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2013.05.13 15:02:16 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Free MP3 WMA OGG Converter
[2013.05.13 14:59:05 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Programs
[2013.05.13 14:58:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Iminent
 
========== Files - Modified Within 30 Days ==========
 
[2013.05.16 17:23:00 | 000,001,132 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.05.16 17:23:00 | 000,001,128 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.05.16 17:01:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.05.16 17:00:22 | 000,032,000 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.05.16 17:00:22 | 000,032,000 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.05.16 16:57:51 | 001,498,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.05.16 16:57:51 | 000,654,150 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.05.16 16:57:51 | 000,616,032 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.05.16 16:57:51 | 000,130,022 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.05.16 16:57:51 | 000,106,412 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.05.16 16:56:02 | 000,000,000 | ---- | M] () -- C:\Users\***\defogger_reenable
[2013.05.16 16:53:12 | 004,978,088 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.05.16 16:53:06 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.05.16 16:52:07 | 4223,848,446 | -HS- | M] () -- C:\hiberfil.sys
[2013.05.16 15:49:50 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013.05.16 15:44:05 | 000,001,405 | ---- | M] () -- C:\Users\***\Desktop\Internet Explorer (64-bit).lnk
[2013.05.16 15:36:16 | 000,001,147 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013.05.16 15:29:46 | 003,309,368 | ---- | M] (Piriform Ltd) -- C:\Users\***\Desktop\ccsetup401_slim.exe
[2013.05.16 15:24:04 | 006,073,026 | ---- | M] () -- C:\Users\***\Desktop\Firefox 21.0 (de) - 2013-05-16.pcv
[2013.05.16 15:23:23 | 000,001,027 | ---- | M] () -- C:\Users\Public\Desktop\MozBackup.lnk
[2013.05.16 15:22:10 | 001,035,926 | ---- | M] () -- C:\Users\***\Desktop\MozBackup-1.5.1-EN.exe
[2013.05.16 14:55:33 | 000,000,898 | ---- | M] () -- C:\Windows\SysWow64\InstallUtil.InstallLog
[2013.05.13 15:51:24 | 003,024,540 | ---- | M] () -- C:\Users\***\Documents\CD41224317-TRACK24.wma
[2013.05.13 15:51:22 | 002,022,940 | ---- | M] () -- C:\Users\***\Documents\CD41224317-TRACK23.wma
[2013.05.13 15:51:21 | 003,811,740 | ---- | M] () -- C:\Users\***\Documents\CD41224317-TRACK22.wma
[2013.05.13 15:51:19 | 003,254,940 | ---- | M] () -- C:\Users\***\Documents\CD41224317-TRACK21.wma
[2013.05.13 15:51:17 | 004,605,340 | ---- | M] () -- C:\Users\***\Documents\CD41224317-TRACK20.wma
[2013.05.13 15:51:14 | 003,005,340 | ---- | M] () -- C:\Users\***\Documents\CD41224317-TRACK19.wma
[2013.05.13 15:51:12 | 003,018,140 | ---- | M] () -- C:\Users\***\Documents\CD41224317-TRACK18.wma
[2013.05.13 15:51:10 | 004,326,940 | ---- | M] () -- C:\Users\***\Documents\CD41224317-TRACK17.wma
[2013.05.13 15:51:08 | 004,051,740 | ---- | M] () -- C:\Users\***\Documents\CD41224317-TRACK16.wma
[2013.05.13 15:51:06 | 003,901,340 | ---- | M] () -- C:\Users\***\Documents\CD41224317-TRACK15.wma
[2013.05.13 15:51:03 | 003,053,340 | ---- | M] () -- C:\Users\***\Documents\CD41224317-TRACK14.wma
[2013.05.13 15:51:01 | 002,387,740 | ---- | M] () -- C:\Users\***\Documents\CD41224317-TRACK13.wma
[2013.05.13 15:51:00 | 002,269,340 | ---- | M] () -- C:\Users\***\Documents\CD41224317-TRACK12.wma
[2013.05.13 15:50:58 | 004,749,340 | ---- | M] () -- C:\Users\***\Documents\CD41224317-TRACK11.wma
[2013.05.13 15:50:56 | 003,926,940 | ---- | M] () -- C:\Users\***\Documents\CD41224317-TRACK10.wma
[2013.05.13 15:50:53 | 003,046,940 | ---- | M] () -- C:\Users\***\Documents\CD41224317-TRACK09.wma
[2013.05.13 15:50:51 | 003,258,140 | ---- | M] () -- C:\Users\***\Documents\CD41224317-TRACK08.wma
[2013.05.13 15:50:49 | 003,661,340 | ---- | M] () -- C:\Users\***\Documents\CD41224317-TRACK07.wma
[2013.05.13 15:13:10 | 005,926,940 | ---- | M] () -- C:\Users\***\Documents\CD58761131-TRACK01.wma
 
========== Files Created - No Company Name ==========
 
[2013.05.16 16:56:02 | 000,000,000 | ---- | C] () -- C:\Users\***\defogger_reenable
[2013.05.16 15:49:50 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013.05.16 15:44:05 | 000,001,405 | ---- | C] () -- C:\Users\***\Desktop\Internet Explorer (64-bit).lnk
[2013.05.16 15:36:16 | 000,001,159 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2013.05.16 15:36:16 | 000,001,147 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013.05.16 15:24:01 | 006,073,026 | ---- | C] () -- C:\Users\***\Desktop\Firefox 21.0 (de) - 2013-05-16.pcv
[2013.05.16 15:23:23 | 000,001,027 | ---- | C] () -- C:\Users\Public\Desktop\MozBackup.lnk
[2013.05.16 15:23:13 | 001,035,926 | ---- | C] () -- C:\Users\***\Desktop\MozBackup-1.5.1-EN.exe
[2013.05.13 15:50:35 | 004,749,340 | ---- | C] () -- C:\Users\***\Documents\CD41224317-TRACK11.wma
[2013.05.13 15:50:35 | 004,605,340 | ---- | C] () -- C:\Users\***\Documents\CD41224317-TRACK20.wma
[2013.05.13 15:50:35 | 004,326,940 | ---- | C] () -- C:\Users\***\Documents\CD41224317-TRACK17.wma
[2013.05.13 15:50:35 | 004,051,740 | ---- | C] () -- C:\Users\***\Documents\CD41224317-TRACK16.wma
[2013.05.13 15:50:35 | 003,926,940 | ---- | C] () -- C:\Users\***\Documents\CD41224317-TRACK10.wma
[2013.05.13 15:50:35 | 003,901,340 | ---- | C] () -- C:\Users\***\Documents\CD41224317-TRACK15.wma
[2013.05.13 15:50:35 | 003,811,740 | ---- | C] () -- C:\Users\***\Documents\CD41224317-TRACK22.wma
[2013.05.13 15:50:35 | 003,661,340 | ---- | C] () -- C:\Users\***\Documents\CD41224317-TRACK07.wma
[2013.05.13 15:50:35 | 003,258,140 | ---- | C] () -- C:\Users\***\Documents\CD41224317-TRACK08.wma
[2013.05.13 15:50:35 | 003,254,940 | ---- | C] () -- C:\Users\***\Documents\CD41224317-TRACK21.wma
[2013.05.13 15:50:35 | 003,053,340 | ---- | C] () -- C:\Users\***\Documents\CD41224317-TRACK14.wma
[2013.05.13 15:50:35 | 003,046,940 | ---- | C] () -- C:\Users\***\Documents\CD41224317-TRACK09.wma
[2013.05.13 15:50:35 | 003,024,540 | ---- | C] () -- C:\Users\***\Documents\CD41224317-TRACK24.wma
[2013.05.13 15:50:35 | 003,018,140 | ---- | C] () -- C:\Users\***\Documents\CD41224317-TRACK18.wma
[2013.05.13 15:50:35 | 003,005,340 | ---- | C] () -- C:\Users\***\Documents\CD41224317-TRACK19.wma
[2013.05.13 15:50:35 | 002,387,740 | ---- | C] () -- C:\Users\***\Documents\CD41224317-TRACK13.wma
[2013.05.13 15:50:35 | 002,269,340 | ---- | C] () -- C:\Users\***\Documents\CD41224317-TRACK12.wma
[2013.05.13 15:50:35 | 002,022,940 | ---- | C] () -- C:\Users\***\Documents\CD41224317-TRACK23.wma
[2013.05.13 15:13:06 | 005,926,940 | ---- | C] () -- C:\Users\***\Documents\CD58761131-TRACK01.wma
[2013.05.13 14:58:15 | 000,000,898 | ---- | C] () -- C:\Windows\SysWow64\InstallUtil.InstallLog
[2013.03.16 14:41:31 | 000,001,156 | ---- | C] () -- C:\Users\***\Dokumente - Verknüpfung.lnk
[2012.10.17 10:04:36 | 000,060,864 | ---- | C] () -- C:\Users\***\g2mdlhlpx.exe
[2012.07.05 12:05:05 | 001,526,976 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.04.05 17:22:43 | 000,000,132 | ---- | C] () -- C:\Users\***\AppData\Roaming\Adobe GIF Format CS5 Prefs
[2012.04.03 13:35:38 | 000,000,132 | ---- | C] () -- C:\Users\***\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2011.08.31 20:51:16 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2011.08.31 20:51:16 | 000,216,000 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2011.08.31 20:51:16 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2011.08.31 20:46:00 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2011.08.31 20:26:20 | 013,903,872 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2011.12.29 18:42:46 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Acronis
[2012.01.27 00:02:52 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\AnvSoft
[2012.04.26 16:42:11 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Babylon
[2011.10.31 18:37:35 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012.09.18 13:27:19 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\com.adobe.DC3Module.AdobeADC
[2013.05.16 15:32:54 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DAEMON Tools Lite
[2013.05.16 15:32:54 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FileZilla
[2013.05.13 15:02:16 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Free MP3 WMA OGG Converter
[2012.01.26 23:49:48 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\GetRightToGo
[2011.10.30 13:01:13 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MSI
[2013.05.13 15:02:09 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\OpenCandy
[2011.10.30 14:52:34 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PACE Anti-Piracy
[2011.11.05 17:41:31 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ResourceCentral.E6E1B28A311BC518DB6C6883EA3757FDE0E90ADC.1
[2011.10.30 20:09:57 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2011.10.30 21:11:38 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Thunderbird
[2013.05.13 15:02:56 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TuneUp Software
[2013.05.16 09:41:23 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Uwbio
[2013.05.16 09:41:23 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Xunu
[2013.05.16 09:52:03 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Ycepy
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 978 bytes -> C:\Users\***\AppData\Local\gcjEVvIeJqi:XJmuQrYgHca0mlOcOYSvqNO

< End of report >
         
--- --- ---


Inhalt von Extras.exe:
OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 16.05.2013 17:01:56 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\***\Desktop\Zur Reparatur des befallenen PCs
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
15,91 Gb Total Physical Memory | 14,00 Gb Available Physical Memory | 88,01% Memory free
31,82 Gb Paging File | 29,84 Gb Available in Paging File | 93,77% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 119,14 Gb Total Space | 19,87 Gb Free Space | 16,68% Space Free | Partition Type: NTFS
Drive D: | 931,51 Gb Total Space | 700,44 Gb Free Space | 75,19% Space Free | Partition Type: NTFS
Drive E: | 931,51 Gb Total Space | 844,62 Gb Free Space | 90,67% Space Free | Partition Type: NTFS
 
Computer Name: VID-WORKSTATION | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- Reg Error: Key error. File not found
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03E3409B-CC1F-4EE8-B6B3-6B7BDFACFA5D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{07C18587-E058-488E-87A3-7C87E23A8C65}" = rport=138 | protocol=17 | dir=out | app=system | 
"{260FB986-CAF3-4EBB-9B0C-34FEF43C6207}" = lport=445 | protocol=6 | dir=in | app=system | 
"{3A6ECD6E-F25A-41D0-8554-8324F7170053}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{3E8AD4A7-C107-4C3F-95AA-ECCED443A6C2}" = lport=139 | protocol=6 | dir=in | app=system | 
"{4B1A58C3-3D56-4109-A94E-102C32286BD0}" = rport=139 | protocol=6 | dir=out | app=system | 
"{53E4C151-3CA2-4162-9D50-AFAFA9C98579}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{54A73064-03C0-47C7-8630-6A0BCCB40665}" = rport=445 | protocol=6 | dir=out | app=system | 
"{58B81479-DC02-4BE8-83EA-3CB75DBDCADA}" = rport=137 | protocol=17 | dir=out | app=system | 
"{78903264-FE74-46A5-A670-47AD00917393}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{7E144B37-6A7A-41D2-8D24-00A52031735E}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{897BF67D-4B8B-4015-B7E4-DCA7B079BB5E}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{9C6B8BBA-E656-4824-AA67-51328D06E4B9}" = lport=138 | protocol=17 | dir=in | app=system | 
"{9E30472D-29EA-4AA7-BC38-387326433930}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{A0B3A444-37FA-46AF-9B32-E0C5F017A759}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{A73AB642-2E17-43D7-ACCB-EA59DDD540F2}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{A7E5E6BE-D09F-4C7E-B911-271EBFD635FA}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{B244E672-5569-4438-B7C3-8B9922609C0F}" = lport=137 | protocol=17 | dir=in | app=system | 
"{B550D9A7-2BB3-487A-8AE8-978C8D65446D}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{E2831346-3D76-4987-80F6-D99C3F9C6B79}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{E785421F-AED4-4059-A771-7199453DCA98}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{EA217EEE-5646-4D93-AF2C-EE144ABD359C}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{EA9E5D12-9EAB-4D74-BC5E-91894A09D6C0}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{059E3DAE-43F0-4660-AC0B-BB63FAA77137}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{173794E0-B59D-4D93-93A1-0DA782064D43}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{1D7A5795-E8B1-4CE2-8021-4F137058D6D0}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{232402E3-785B-413B-96D6-99F3C97163F5}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd9\powerdvd cinema\powerdvdcinema.exe | 
"{2618B299-5DCD-4E03-B669-9BF1C29C9C61}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{2A889567-DD92-479C-A82E-5F9DEB5992D2}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | 
"{34EA9BD3-DF71-4A64-9B5E-DC23A3ECC85E}" = protocol=6 | dir=out | app=system | 
"{55E7D330-A4E1-4E6B-972F-65E865BEF986}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{5AE1555E-3444-491C-8F65-A2B9972D44D9}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{5ECCEF56-EC92-43BD-BB72-119346F37733}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{629C302B-E33C-462A-9A1D-E00AA736144A}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | 
"{6349E350-F62C-4E79-946E-074A29BD7D9D}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{637016FD-ACB1-4B6F-ADC8-05C3D1B8870B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{659FD5B3-2952-4861-8A9E-A9B6526B58A5}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe | 
"{6BDC61BC-1737-48C3-B83A-47AA550C30A4}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{6CD40C95-714A-4488-BBA5-A6222D31D2BE}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd9\powerdvd9.exe | 
"{6E43E651-73AD-4678-8699-17713B412424}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe | 
"{7757E0D1-9457-449E-AC0B-FF4751DA086E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{7E6C4C64-F816-41A3-A33F-F0A1B62D35F7}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{84C5C689-04A1-4BFD-803E-F4338132C168}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{8BE7C44C-9A34-446C-A047-5AA817AD04C7}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{902BB4BB-C937-4EC9-90D5-32E240D8E512}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{9466039E-4686-4A3D-B8AF-0C19FAB1F4B8}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{97EF1B7A-E2A6-4D42-A7D1-1053D5E69748}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{ACF042A1-2415-416C-B6D9-45C20A4668F5}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{BA454113-B2C2-4B8E-9E84-02F9566A34D7}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{BDB41BF8-B0CA-492B-8F41-2BBBDC4B90F0}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{CA5848DE-246C-4ADB-94A7-32D7502D0197}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{D032C795-6EE3-4DE4-8820-5E89AB89AC5E}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{DF113B99-1BE3-4B04-A8AF-EBEFB2A3497F}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{EF5D044E-0110-4067-8FC8-8CC56C9414ED}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{F76C0577-88D5-413C-8561-FFA9CCD7BEAC}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | 
"TCP Query User{731E7C4B-AE40-41EB-8BE4-61896F91FCB1}C:\users\***\appdata\roaming\uwbio\vaexv.exe" = protocol=6 | dir=in | app=c:\users\***\appdata\roaming\uwbio\vaexv.exe | 
"TCP Query User{AF31FB6C-591B-4F12-ACB9-7624A723DCB9}C:\program files\microsoft office\office14\groove.exe" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe | 
"TCP Query User{D308913A-55A5-4253-B44E-AEA7263EE6D5}C:\users\***\appdata\roaming\uwbio\vaexv.exe" = protocol=6 | dir=in | app=c:\users\***\appdata\roaming\uwbio\vaexv.exe | 
"UDP Query User{421A3288-086E-4C79-891F-1604EC38F70C}C:\users\***\appdata\roaming\uwbio\vaexv.exe" = protocol=17 | dir=in | app=c:\users\***\appdata\roaming\uwbio\vaexv.exe | 
"UDP Query User{C3345276-3558-400B-BD16-01AF5F7363A0}C:\program files\microsoft office\office14\groove.exe" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe | 
"UDP Query User{E36C6641-975C-479A-8FA8-A4E62AEB9004}C:\users\***\appdata\roaming\uwbio\vaexv.exe" = protocol=17 | dir=in | app=c:\users\***\appdata\roaming\uwbio\vaexv.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{6A76BEAF-6D1F-4273-A79B-DA8410A2E56B}" = Apple Mobile Device Support
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{840A3BAA-4C68-4581-9C7A-6F8D6CF531B9}" = iTunes
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{90140000-0011-0000-1000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{7BC9B5EB-125A-4E9B-97E1-8D85B5E960B8}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0015-0407-1000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-1000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-1000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-1000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-1000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-1000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-1000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-1000-0000000FF1CE}_Office14.PROPLUS_{70A3169E-288F-454F-A08D-20DF66639B50}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-1000-0000000FF1CE}_Office14.PROPLUS_{0242505C-4E90-407F-9299-B5B275F50D86}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-1000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-1000-0000000FF1CE}_Office14.PROPLUS_{B51389C8-2890-4633-81D8-47D2A7402274}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-1000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-1000-0000000FF1CE}_Office14.PROPLUS_{3013A793-10A7-4D1F-B8B4-2FAA82F4D259}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-1000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-1000-0000000FF1CE}_Office14.PROPLUS_{98782D5D-A9EE-43C6-88AD-B50AD8530E78}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0043-0000-1000-0000000FF1CE}" = Microsoft Office Office 32-bit Components 2010
"{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{E8B6D35B-0B6F-4DCE-9493-859BF3809A7F}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0043-0407-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (German) 2010
"{90140000-0043-0407-1000-0000000FF1CE}_Office14.PROPLUS_{8DFD91C7-66AE-4E54-9901-5D5F401AD329}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0407-1000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0044-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-1000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-1000-0000000FF1CE}_Office14.PROPLUS_{8299B64F-1537-4081-974C-033EAB8F098E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-1000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0407-1000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140000-00BA-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90BF0360-A1DB-4599-A643-95AB90A52C1E}" = Microsoft_VC90_MFCLOC_x86_x64
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 314.07
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 314.07
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 314.07
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 314.07
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.1031
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.12.12
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.23.1
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B77EFA0B-9BD3-4122-9F9A-15A963B5EA24}" = Überwachungstool für die Intel® Turbo-Boost-Technik 2.0
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{D954C6C2-544B-4091-A47F-11E77162883E}" = Microsoft Security Client
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft Security Client" = Microsoft Security Essentials
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{024521CF-C07E-4F8E-8481-0D75695E03AF}" = PxMergeModule
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{0497EAED-70DA-4BBE-BEB3-AF77FD8788EA}" = Adobe Premiere Pro CS5.5
"{04A3A6B0-8E19-49BB-82FF-65C5A55F917D}" = Acronis*True*Image*Home 2011
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink Blu-ray Disc Suite
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 9
"{2D2D8FE2-605C-4D3C-B706-36E981E7EEF0}" = CyberLink BD Advisor 2.0
"{3521BDBD-D453-5D9F-AA55-44B75D214629}" = Adobe Community Help
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink LG Burning Tool
"{468D22C0-8080-11E2-B86E-B8AC6F98CCE3}" = Google Earth
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{698B7D8B-0F43-4A19-8B9B-47F1EFEB858F}_is1" = ControlCenter
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{81CF5153-38CF-41e2-AC3C-3D477C987D96}_is1" = Winki
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}" = NVIDIA PhysX
"{9158FF30-78D7-40EF-B83E-451AC5334640}" = Adobe Photoshop CS5.1
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.1) - Deutsch
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{C28DD992-5B7B-D195-6841-4EC57DF512BD}" = Adobe Story
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DD1097DD-FC1C-45AA-88BA-093F919CAFF2}_is1" = CLICKBIOSII
"{E82097B9-A3B8-404A-9A92-AC16A8AC9576}" = Adobe After Effects CS5.5
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AudioGenie_is1" = AudioGenie
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.AdobeStory.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Story
"DAEMON Tools Lite" = DAEMON Tools Lite
"FileZilla Client" = FileZilla Client 3.5.3
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink Blu-ray Disc Suite
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink LG Burning Tool
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"MagniDriver" = marvell 91xx driver
"MozBackup" = MozBackup 1.5.1
"Mozilla Firefox 21.0 (x86 de)" = Mozilla Firefox 21.0 (x86 de)
"Mozilla Thunderbird 17.0.6 (x86 de)" = Mozilla Thunderbird 17.0.6 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Picasa 3" = Picasa 3
"Super-Charger_is1" = Super-Charger
"VLC media player" = VLC media player 1.1.11
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Uncompressor" = Uncompressor
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 25.02.2013 05:24:54 | Computer Name = Vid-Workstation | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 25.02.2013 05:24:54 | Computer Name = Vid-Workstation | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 15584
 
Error - 25.02.2013 05:24:54 | Computer Name = Vid-Workstation | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 15584
 
Error - 26.02.2013 03:44:39 | Computer Name = Vid-Workstation | Source = WinMgmt | ID = 10
Description = 
 
Error - 26.02.2013 05:34:55 | Computer Name = Vid-Workstation | Source = WinMgmt | ID = 10
Description = 
 
Error - 26.02.2013 07:26:10 | Computer Name = Vid-Workstation | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
 (x86)\BMWi\BMWi Updater\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei
 "C:\Program Files (x86)\BMWi\BMWi Updater\DelZip179.dll" in Zeile 8.  Der Wert "*"
 des "language"-Attributs im assemblyIdentity-Element ist ungültig.
 
Error - 26.02.2013 08:49:31 | Computer Name = Vid-Workstation | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: AcroRd32.exe, Version: 10.1.1.33,
 Zeitstempel: 0x4e64e4e2  Name des fehlerhaften Moduls: AcroRd32.dll, Version: 10.1.1.33,
 Zeitstempel: 0x4e64f98b  Ausnahmecode: 0xc0000005  Fehleroffset: 0x000218f8  ID des fehlerhaften
 Prozesses: 0xb34  Startzeit der fehlerhaften Anwendung: 0x01ce140a86364b01  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe
Pfad
 des fehlerhaften Moduls: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.dll
Berichtskennung:
 f638b17d-8012-11e2-b62a-8c89a55a2ca9
 
Error - 26.02.2013 09:50:29 | Computer Name = Vid-Workstation | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 26.02.2013 09:50:29 | Computer Name = Vid-Workstation | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 15585
 
Error - 26.02.2013 09:50:29 | Computer Name = Vid-Workstation | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 15585
 
[ System Events ]
Error - 16.05.2013 09:30:16 | Computer Name = Vid-Workstation | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk7\DR7 gefunden.
 
Error - 16.05.2013 09:30:17 | Computer Name = Vid-Workstation | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk7\DR7 gefunden.
 
Error - 16.05.2013 09:35:06 | Computer Name = Vid-Workstation | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk7\DR8 gefunden.
 
Error - 16.05.2013 09:35:07 | Computer Name = Vid-Workstation | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk7\DR8 gefunden.
 
Error - 16.05.2013 09:35:07 | Computer Name = Vid-Workstation | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk7\DR8 gefunden.
 
Error - 16.05.2013 09:37:29 | Computer Name = Vid-Workstation | Source = volsnap | ID = 393241
Description = Die Schattenkopien von Volume "C:" wurden gelöscht, weil der Schattenkopiespeicher
 nicht rechtzeitig vergrößert wurde. Sie sollten die E/A-Last auf dem System verringern
 oder ein Schattenkopie-Speichervolume, von dem keine Schattenkopie erstellt wird,
 auswählen.
 
Error - 16.05.2013 10:46:24 | Computer Name = Vid-Workstation | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk3\DR8 gefunden.
 
Error - 16.05.2013 10:46:25 | Computer Name = Vid-Workstation | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk3\DR8 gefunden.
 
Error - 16.05.2013 10:46:26 | Computer Name = Vid-Workstation | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk3\DR8 gefunden.
 
Error - 16.05.2013 10:46:54 | Computer Name = Vid-Workstation | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
 nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
 
 
< End of report >
         
--- --- ---


Inhalt von gmer.txt:
GMER Logfile:
Code:
ATTFilter
GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-05-16 18:03:29
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk2\DR2 -> \Device\00000066 M4-CT128 rev.0009 119,24GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\CONSTA~1\AppData\Local\Temp\kfrdypog.sys


---- User code sections - GMER 2.1 ----

.text  C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1852] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW                                                                                                                               000000007782efe0 5 bytes JMP 000000016fff0148
.text  C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1852] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx                                                                                                                             00000000778599b0 7 bytes JMP 000000016fff00d8
.text  C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1852] C:\Windows\system32\kernel32.dll!K32GetModuleInformation                                                                                                                             00000000778694d0 5 bytes JMP 000000016fff0180
.text  C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1852] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW                                                                                                                             0000000077869640 5 bytes JMP 000000016fff0110
.text  C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1852] C:\Windows\system32\kernel32.dll!RegSetValueExA                                                                                                                                      000000007788a500 7 bytes JMP 000000016fff01b8
.text  C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1852] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW                                                                                                                                  000007fefe1c3460 7 bytes JMP 000007fffe1700d8
.text  C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1852] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW                                                                                                                                    000007fefe1c9940 6 bytes JMP 000007fffe170148
.text  C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1852] C:\Windows\system32\KERNELBASE.dll!FreeLibrary                                                                                                                                       000007fefe1c9fb0 5 bytes JMP 000007fffe170180
.text  C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1852] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW                                                                                                                                000007fefe1ca150 5 bytes JMP 000007fffe170110
.text  C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1852] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo                                                                                                                                 000007fefe6c89e0 8 bytes JMP 000007fffe1701f0
.text  C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1852] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList                                                                                                                               000007fefe6cbe40 8 bytes JMP 000007fffe1701b8
.text  C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1852] C:\Windows\system32\ole32.dll!CoCreateInstance                                                                                                                                       000007feff8c7490 11 bytes JMP 000007fffe170228
.text  C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1852] C:\Windows\system32\ole32.dll!CoSetProxyBlanket                                                                                                                                      000007feff8dbf00 7 bytes JMP 000007fffe170260
.text  C:\Windows\system32\Dwm.exe[2080] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW                                                                                                                                                               000007fefe1c3460 7 bytes JMP 000007fffe1700d8
.text  C:\Windows\system32\Dwm.exe[2080] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW                                                                                                                                                                 000007fefe1c9940 6 bytes JMP 000007fffe170148
.text  C:\Windows\system32\Dwm.exe[2080] C:\Windows\system32\KERNELBASE.dll!FreeLibrary                                                                                                                                                                    000007fefe1c9fb0 5 bytes JMP 000007fffe170180
.text  C:\Windows\system32\Dwm.exe[2080] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW                                                                                                                                                             000007fefe1ca150 5 bytes JMP 000007fffe170110
.text  C:\Windows\system32\Dwm.exe[2080] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo                                                                                                                                                              000007fefe6c89e0 8 bytes JMP 000007fffe1701f0
.text  C:\Windows\system32\Dwm.exe[2080] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList                                                                                                                                                            000007fefe6cbe40 8 bytes JMP 000007fffe1701b8
.text  C:\Windows\system32\Dwm.exe[2080] C:\Windows\system32\dxgi.dll!CreateDXGIFactory                                                                                                                                                                    000007fef9394da4 7 bytes JMP 000007fff93800d8
.text  C:\Windows\system32\Dwm.exe[2080] C:\Windows\system32\dxgi.dll!CreateDXGIFactory1                                                                                                                                                                   000007fef93b9af4 7 bytes JMP 000007fff9380110
.text  C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2500] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                                                                                                                          0000000075e91401 2 bytes JMP 000000010679a47b
.text  C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2500] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                                                                                                                            0000000075e91419 2 bytes JMP 000000010679a493
.text  C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2500] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                                                                                                                          0000000075e91431 2 bytes JMP 000000010679a4ab
.text  C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2500] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                                                                                                                          0000000075e9144a 2 bytes JMP 0000000075f5fcc4
.text  ...                                                                                                                                                                                                                                                 * 9
.text  C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2500] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                                                                                                                             0000000075e914dd 2 bytes JMP 000000010679a557
.text  C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2500] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                                                                                                                      0000000075e914f5 2 bytes JMP 000000010679a56f
.text  C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2500] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                                                                                                                             0000000075e9150d 2 bytes JMP 000000010679a587
.text  C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2500] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                                                                                                                      0000000075e91525 2 bytes JMP 000000010679a59f
.text  C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2500] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                                                                                                                            0000000075e9153d 2 bytes JMP 000000010679a5b7
.text  C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2500] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                                                                                                                 0000000075e91555 2 bytes JMP 000000010679a5cf
.text  C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2500] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                                                                                                                          0000000075e9156d 2 bytes JMP 000000010679a5e7
.text  C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2500] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                                                                                                                            0000000075e91585 2 bytes JMP 000000010679a5ff
.text  C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2500] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                                                                                                               0000000075e9159d 2 bytes JMP 000000010679a617
.text  C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2500] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                                                                                                                            0000000075e915b5 2 bytes JMP 000000010679a62f
.text  C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2500] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                                                                                                                          0000000075e915cd 2 bytes JMP 000000015c37ce47
.text  C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2500] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                                                                                                                      0000000075e916b2 2 bytes JMP 000000010679a72c
.text  C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2500] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                                                                                                                      0000000075e916bd 2 bytes JMP 000000010679a737
.text  C:\Windows\System32\igfxpers.exe[2976] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW                                                                                                                                                       000000007782efe0 5 bytes JMP 000000016fff0148
.text  C:\Windows\System32\igfxpers.exe[2976] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx                                                                                                                                                     00000000778599b0 7 bytes JMP 000000016fff00d8
.text  C:\Windows\System32\igfxpers.exe[2976] C:\Windows\system32\kernel32.dll!K32GetModuleInformation                                                                                                                                                     00000000778694d0 5 bytes JMP 000000016fff0180
.text  C:\Windows\System32\igfxpers.exe[2976] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW                                                                                                                                                     0000000077869640 5 bytes JMP 000000016fff0110
.text  C:\Windows\System32\igfxpers.exe[2976] C:\Windows\system32\kernel32.dll!RegSetValueExA                                                                                                                                                              000000007788a500 7 bytes JMP 000000016fff01b8
.text  C:\Windows\System32\igfxpers.exe[2976] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW                                                                                                                                                          000007fefe1c3460 7 bytes JMP 000007fffe1700d8
.text  C:\Windows\System32\igfxpers.exe[2976] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW                                                                                                                                                            000007fefe1c9940 6 bytes JMP 000007fffe170148
.text  C:\Windows\System32\igfxpers.exe[2976] C:\Windows\system32\KERNELBASE.dll!FreeLibrary                                                                                                                                                               000007fefe1c9fb0 5 bytes JMP 000007fffe170180
.text  C:\Windows\System32\igfxpers.exe[2976] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW                                                                                                                                                        000007fefe1ca150 5 bytes JMP 000007fffe170110
.text  C:\Windows\System32\igfxpers.exe[2976] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo                                                                                                                                                         000007fefe6c89e0 8 bytes JMP 000007fffe1701f0
.text  C:\Windows\System32\igfxpers.exe[2976] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList                                                                                                                                                       000007fefe6cbe40 8 bytes JMP 000007fffe1701b8
.text  C:\Windows\System32\igfxpers.exe[2976] C:\Windows\system32\ole32.dll!CoCreateInstance                                                                                                                                                               000007feff8c7490 11 bytes JMP 000007fffe170228
.text  C:\Windows\System32\igfxpers.exe[2976] C:\Windows\system32\ole32.dll!CoSetProxyBlanket                                                                                                                                                              000007feff8dbf00 7 bytes JMP 000007fffe170260
.text  C:\Program Files\Microsoft Security Client\msseces.exe[3048] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW                                                                                                                                    000007fefe1c3460 7 bytes JMP 000007fffe1700d8
.text  C:\Program Files\Microsoft Security Client\msseces.exe[3048] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW                                                                                                                                      000007fefe1c9940 6 bytes JMP 000007fffe170148
.text  C:\Program Files\Microsoft Security Client\msseces.exe[3048] C:\Windows\system32\KERNELBASE.dll!FreeLibrary                                                                                                                                         000007fefe1c9fb0 5 bytes JMP 000007fffe170180
.text  C:\Program Files\Microsoft Security Client\msseces.exe[3048] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW                                                                                                                                  000007fefe1ca150 5 bytes JMP 000007fffe170110
.text  C:\Program Files\Microsoft Security Client\msseces.exe[3048] C:\Windows\system32\ole32.dll!CoCreateInstance                                                                                                                                         000007feff8c7490 11 bytes JMP 000007fffe170228
.text  C:\Program Files\Microsoft Security Client\msseces.exe[3048] C:\Windows\system32\ole32.dll!CoSetProxyBlanket                                                                                                                                        000007feff8dbf00 7 bytes JMP 000007fffe170260
.text  C:\Program Files\Microsoft Security Client\msseces.exe[3048] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo                                                                                                                                   000007fefe6c89e0 8 bytes JMP 000007fffe1701f0
.text  C:\Program Files\Microsoft Security Client\msseces.exe[3048] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList                                                                                                                                 000007fefe6cbe40 8 bytes JMP 000007fffe1701b8
.text  C:\Users\***\AppData\Roaming\Uwbio\vaexv.exe[3356] C:\Windows\syswow64\kernel32.dll!RegSetValueExA                                                                                                                                    0000000075921429 7 bytes JMP 0000000171a012ad
.text  C:\Users\***\AppData\Roaming\Uwbio\vaexv.exe[3356] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW                                                                                                                           000000007593b223 5 bytes JMP 0000000171a015be
.text  C:\Users\***\AppData\Roaming\Uwbio\vaexv.exe[3356] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx                                                                                                                           00000000759b88f4 7 bytes JMP 0000000171a01357
.text  C:\Users\***\AppData\Roaming\Uwbio\vaexv.exe[3356] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation                                                                                                                           00000000759b8979 5 bytes JMP 0000000171a016e0
.text  C:\Users\***\AppData\Roaming\Uwbio\vaexv.exe[3356] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW                                                                                                                             00000000759b8ccf 5 bytes JMP 0000000171a01028
.text  C:\Users\***\AppData\Roaming\Uwbio\vaexv.exe[3356] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW                                                                                                                                0000000075a21d1b 5 bytes JMP 0000000171a011ef
.text  C:\Users\***\AppData\Roaming\Uwbio\vaexv.exe[3356] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW                                                                                                                              0000000075a21dc9 5 bytes JMP 0000000171a01023
.text  C:\Users\***\AppData\Roaming\Uwbio\vaexv.exe[3356] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW                                                                                                                                  0000000075a22aa4 5 bytes JMP 0000000171a0156e
.text  C:\Users\***\AppData\Roaming\Uwbio\vaexv.exe[3356] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary                                                                                                                                     0000000075a22d0a 5 bytes JMP 0000000171a01294
.text  C:\Users\***\AppData\Roaming\Uwbio\vaexv.exe[3356] C:\Windows\syswow64\USER32.dll!CreateWindowExW                                                                                                                                     0000000075398a29 5 bytes JMP 0000000171a01050
.text  C:\Users\***\AppData\Roaming\Uwbio\vaexv.exe[3356] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA                                                                                                                                 00000000753a4572 5 bytes JMP 0000000171a010d2
.text  C:\Users\***\AppData\Roaming\Uwbio\vaexv.exe[3356] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList                                                                                                                             00000000754ae9a2 5 bytes JMP 0000000171a015d7
.text  C:\Users\***\AppData\Roaming\Uwbio\vaexv.exe[3356] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo                                                                                                                               00000000754aebdc 5 bytes JMP 0000000171a011b8
.text  C:\Users\***\AppData\Roaming\Uwbio\vaexv.exe[3356] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket                                                                                                                                    00000000763e5ea5 5 bytes JMP 0000000171a01609
.text  C:\Users\***\AppData\Roaming\Uwbio\vaexv.exe[3356] C:\Windows\syswow64\ole32.dll!CoCreateInstance                                                                                                                                     0000000076419d0b 5 bytes JMP 0000000171a01249
.text  C:\Users\***\AppData\Roaming\Uwbio\vaexv.exe[3356] C:\Windows\syswow64\WS2_32.dll!getaddrinfo                                                                                                                                         0000000075824296 6 bytes [68, F0, BB, 41, 00, C3]
.text  C:\Users\***\AppData\Roaming\Uwbio\vaexv.exe[3356] C:\Windows\syswow64\WS2_32.dll!gethostbyname                                                                                                                                       0000000075837673 6 bytes [68, 80, BB, 41, 00, C3]
.text  C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3636] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW                                                                                                                                 000000007782efe0 5 bytes JMP 000000016fff0148
.text  C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3636] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx                                                                                                                               00000000778599b0 7 bytes JMP 000000016fff00d8
.text  C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3636] C:\Windows\system32\kernel32.dll!K32GetModuleInformation                                                                                                                               00000000778694d0 5 bytes JMP 000000016fff0180
.text  C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3636] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW                                                                                                                               0000000077869640 5 bytes JMP 000000016fff0110
.text  C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3636] C:\Windows\system32\kernel32.dll!RegSetValueExA                                                                                                                                        000000007788a500 7 bytes JMP 000000016fff01b8
.text  C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3636] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW                                                                                                                                    000007fefe1c3460 7 bytes JMP 000007fffe1700d8
.text  C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3636] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW                                                                                                                                      000007fefe1c9940 6 bytes JMP 000007fffe170148
.text  C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3636] C:\Windows\system32\KERNELBASE.dll!FreeLibrary                                                                                                                                         000007fefe1c9fb0 5 bytes JMP 000007fffe170180
.text  C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3636] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW                                                                                                                                  000007fefe1ca150 5 bytes JMP 000007fffe170110
.text  C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3636] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo                                                                                                                                   000007fefe6c89e0 8 bytes JMP 000007fffe1701f0
.text  C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3636] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList                                                                                                                                 000007fefe6cbe40 8 bytes JMP 000007fffe1701b8
.text  C:\Users\***\Desktop\Zur Reparatur des befallenen PCs\gmer_2.1.19163.exe[3084] C:\Windows\syswow64\kernel32.dll!RegSetValueExA                                                                                                        0000000075921429 7 bytes JMP 0000000171a012ad
.text  C:\Users\***\Desktop\Zur Reparatur des befallenen PCs\gmer_2.1.19163.exe[3084] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW                                                                                               000000007593b223 5 bytes JMP 0000000171a015be
.text  C:\Users\***\Desktop\Zur Reparatur des befallenen PCs\gmer_2.1.19163.exe[3084] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx                                                                                               00000000759b88f4 7 bytes JMP 0000000171a01357
.text  C:\Users\***\Desktop\Zur Reparatur des befallenen PCs\gmer_2.1.19163.exe[3084] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation                                                                                               00000000759b8979 5 bytes JMP 0000000171a016e0
.text  C:\Users\***\Desktop\Zur Reparatur des befallenen PCs\gmer_2.1.19163.exe[3084] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW                                                                                                 00000000759b8ccf 5 bytes JMP 0000000171a01028
.text  C:\Users\***\Desktop\Zur Reparatur des befallenen PCs\gmer_2.1.19163.exe[3084] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW                                                                                                    0000000075a21d1b 5 bytes JMP 0000000171a011ef
.text  C:\Users\***\Desktop\Zur Reparatur des befallenen PCs\gmer_2.1.19163.exe[3084] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW                                                                                                  0000000075a21dc9 5 bytes JMP 0000000171a01023
.text  C:\Users\***\Desktop\Zur Reparatur des befallenen PCs\gmer_2.1.19163.exe[3084] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW                                                                                                      0000000075a22aa4 5 bytes JMP 0000000171a0156e
.text  C:\Users\***\Desktop\Zur Reparatur des befallenen PCs\gmer_2.1.19163.exe[3084] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary                                                                                                         0000000075a22d0a 5 bytes JMP 0000000171a01294
.text  C:\Users\***\Desktop\Zur Reparatur des befallenen PCs\gmer_2.1.19163.exe[3084] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList                                                                                                 00000000754ae9a2 5 bytes JMP 0000000171a015d7
.text  C:\Users\***\Desktop\Zur Reparatur des befallenen PCs\gmer_2.1.19163.exe[3084] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo                                                                                                   00000000754aebdc 5 bytes JMP 0000000171a011b8
.text  C:\Users\***\Desktop\Zur Reparatur des befallenen PCs\gmer_2.1.19163.exe[3084] C:\Windows\syswow64\USER32.dll!CreateWindowExW                                                                                                         0000000075398a29 5 bytes JMP 0000000171a01050
.text  C:\Users\***\Desktop\Zur Reparatur des befallenen PCs\gmer_2.1.19163.exe[3084] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA                                                                                                     00000000753a4572 5 bytes JMP 0000000171a010d2
.text  C:\Users\***\Desktop\Zur Reparatur des befallenen PCs\gmer_2.1.19163.exe[3084] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket                                                                                                        00000000763e5ea5 5 bytes JMP 0000000171a01609
.text  C:\Users\***\Desktop\Zur Reparatur des befallenen PCs\gmer_2.1.19163.exe[3084] C:\Windows\syswow64\ole32.dll!CoCreateInstance                                                                                                         0000000076419d0b 5 bytes JMP 0000000171a01249

---- Registry - GMER 2.1 ----

Reg    HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted@C:\Users\***\Downloads\Gainward GeForce\xae GTX 570 1280MB Phantom\280.26-desktop-win7-winvista-64bit-international-whql.exe       1
Reg    HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted@C:\Users\***\Downloads\Gainward GeForce\xae GTX 570 1280MB Phantom\285.62-desktop-win7-winvista-64bit-international-whql.exe       1
Reg    HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted@C:\Users\***\Downloads\Gainward GeForce\xae GTX 570 1280MB Phantom\301.42-desktop-win7-winvista-64bit-international-whql.exe       1
Reg    HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted@C:\Users\***\Downloads\Gainward GeForce\xae GTX 570 1280MB Phantom\306.97-desktop-win8-win7-winvista-64bit-international-whql.exe  1
Reg    HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted@C:\Users\***\Downloads\Gainward GeForce\xae GTX 570 1280MB Phantom\314.07-desktop-win8-win7-winvista-64bit-international-whql.exe  1

---- EOF - GMER 2.1 ----
         
--- --- ---


Vielen Dank schonmal im Voraus für Eure Hilfe!!!!

Alt 16.05.2013, 22:07   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Download Converter --> Absturz Mozilla-Programme nach mehrfacher Neuinstallation - Standard

Download Converter --> Absturz Mozilla-Programme nach mehrfacher Neuinstallation



Code:
ATTFilter
O1 - Hosts: 127.0.0.1 activate.adobe.com
         


Diese Einträge in der Hosts dienen dazu, raubkopierte (gecrackte) Software lauffähig zu machen

Siehe auch => http://www.trojaner-board.de/95393-c...-software.html

Falls wir Hinweise auf illegal erworbene Software finden, werden wir den Support ohne jegliche Diskussion beenden.

Cracks/Keygens sind zu 99,9% gefährliche Schädlinge, mit denen man nicht spaßen sollte. Ausserdem sind diese illegal und wir unterstützen die Verwendung von geklauter Software nicht. Somit beschränkt sich der Support auf Anleitung zur kompletten Neuinstallation!!

Dass illegale Cracks und Keygens im Wesentlichen dazu dienen, Malware zu verbreiten ist kein Geheimnis und muss jedem klar sein!

In Zukunft Finger weg von: Softonic, Registry-Bereinigern und illegalem Zeugs Cracks/Keygens/Serials
__________________

__________________

Antwort

Themen zu Download Converter --> Absturz Mozilla-Programme nach mehrfacher Neuinstallation
7-zip, absturz, adobe after effects, anti, beenden, ccsetup, converter, download, explorer, firefox, firefox absturz, freeze, funktionieren, funktioniert, geforce, google, hardware, install.exe, installation, link, neuinstallation, neustart, nicht mehr, plug-in, plötzlich, problem, programme, rechner, richtlinie, seite, startseite, thunderbird, windows, windows 7




Ähnliche Themen: Download Converter --> Absturz Mozilla-Programme nach mehrfacher Neuinstallation


  1. Nach Bluestacksroot Download installieren sich dauernd Programme
    Plagegeister aller Art und deren Bekämpfung - 22.09.2015 (12)
  2. trovi.com wegen download von samsung converter
    Plagegeister aller Art und deren Bekämpfung - 16.08.2015 (18)
  3. Malwarebyte: 5 potenz. Bedrohungen Antivensoftware 1 in Quarantäne nach download von converter freeware
    Plagegeister aller Art und deren Bekämpfung - 26.10.2014 (15)
  4. Win7/32 Bit- Mozilla Absturz/Diverse aufforderungen zur Aktualisierung von diversen Programmen etc.
    Log-Analyse und Auswertung - 01.07.2014 (15)
  5. win 7 neu afgesetzt internet und download zuuu langsam nach neuinstallation
    Netzwerk und Hardware - 27.02.2014 (20)
  6. Download- und Updateprobleme trotz Formatierung +Neuinstallation WIN 7
    Plagegeister aller Art und deren Bekämpfung - 20.02.2014 (13)
  7. Windows 8: potentieller Virus/Trojaner nach Download von "Free m4a to mp3 converter" von chip.de - Einblendungen in Firefox und am Desktop
    Log-Analyse und Auswertung - 30.10.2013 (9)
  8. Mozilla Firefoxe langsam / Chrome auch und Flashplayer absturz
    Plagegeister aller Art und deren Bekämpfung - 14.10.2013 (3)
  9. Windows 7: qv06 als Startseite/Tab im Mozilla Firefox (nach download von softonic)
    Plagegeister aller Art und deren Bekämpfung - 07.09.2013 (9)
  10. mozilla absturz unter windows xp
    Plagegeister aller Art und deren Bekämpfung - 03.04.2013 (44)
  11. (2x) Nach Systemwiederherstellung öffnen sich einige Programme nicht mehr, wie Mozilla Firefox usw.
    Mülltonne - 19.03.2012 (1)
  12. 4-5 FIREFOXPROZESSE inkl mehrfacher Absturz beim Startup
    Plagegeister aller Art und deren Bekämpfung - 15.06.2011 (5)
  13. Programme nach Download nicht ausführbar
    Plagegeister aller Art und deren Bekämpfung - 16.11.2008 (4)
  14. Nach Download Firefox Absturz, Trojanerfund und erhebl. Verlust Speicherkapazität
    Log-Analyse und Auswertung - 26.06.2008 (10)
  15. Absturz bei Windows XP Neuinstallation
    Plagegeister aller Art und deren Bekämpfung - 15.08.2007 (8)
  16. Ad Aware läuft nicht mehr trotz mehrfacher Neuinstallation
    Antiviren-, Firewall- und andere Schutzprogramme - 20.06.2006 (3)
  17. Mozilla-Mail. Komm nach Neuinstallation nicht an meine alten Mails ran.
    Alles rund um Windows - 07.10.2003 (1)

Zum Thema Download Converter --> Absturz Mozilla-Programme nach mehrfacher Neuinstallation - Sehr geehrte Helfer und Mitarbeiter dieses wunderbaren Forums, ich bin über Google zu euch gestoßen. Ein anderer User hatte offenbar schon ein sehr ähnliches Problem wie ich: http://www.trojaner-board.de/132335-...-download.html Leider wurden - Download Converter --> Absturz Mozilla-Programme nach mehrfacher Neuinstallation...
Archiv
Du betrachtest: Download Converter --> Absturz Mozilla-Programme nach mehrfacher Neuinstallation auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.