Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   PC sehr langsam - Virusverdacht (https://www.trojaner-board.de/111804-pc-sehr-langsam-virusverdacht.html)

urbi28 18.03.2012 21:30
PC sehr langsam - Virusverdacht
 
Schönen guten Abend,

seit einiger Zeit ist mein PC sehr langsam geworden, woraufhin ich versucht habe ihn etwas zu entmüllen und ein Virusprogramm(ESET) durchlaufen zu lassen, was auch ein paar Funde hatte, welche ich daraufhin vom virusporgramm löschen ließ. Seitdem ist es jedoch kein bisschen besser geworden, hab eher das Gefühl das es ein wenig schlechter geworden ist. Zum entmüllen nutze ich ccleaner. Ich lasse auch darin mein PC nach Registry-fehlern überprüfen und behebe diese, falls notwendig. Ist das eventuell ein Problem?
Weiterhin erscheint seit 2 Tagen nach dem Hochfahren eine Fundmeldung von ESET über WlanGUI.exe. Diese soll ein möglicher Trojaner sein und Probleme im Arbeitsspeicher verursachen. Ein säubern der Datei ist nicht möglich. Diese Exe ist von meinem Fritz WLan Stick.
Meine Bitte ist, ob sich vielleicht ein kluger Kopf kurz meine Logfiles anschauen kann (die ich gemäß der Anleitung in diesem Board erstellt habe) und mir vielleicht einen Rat geben könnte, wie ich vorgehen kann, um mein PC wieder flott zu kriegen.
Über konstruktive Kommentare bin ich sehr dankbar :)

DDS.txt

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.6001.19190 BrowserJavaVersion: 1.6.0_29
Run by Urbi at 20:47:04 on 2012-03-18
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.6141.4699 [GMT 1:00]
.
AV: ESET NOD32 Antivirus 5.0 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET NOD32 Antivirus 5.0 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\spool\DRIVERS\x64\3\HP1006MC.EXE
C:\Program Files (x86)\ABBYY PDF Transformer 3.0\NetworkLicenseServer.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\avmwlanstick\WlanNetService.exe
C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Program Files\ESET\x86\ekrn.exe
C:\Program Files (x86)\Nero\Update\NASvc.exe
C:\Program Files\Common Files\Nitro PDF\Reader\1.0\NitroPDFReaderDriverServicex64.exe
C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\SysWOW64\PSIService.exe
C:\Program Files\ESET\egui.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Dell\DellDock\DellDock.exe
C:\Program Files (x86)\avmwlanstick\WLanGUI.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\System32\mobsync.exe
C:\Windows\SysWOW64\TSTheme.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\SysWOW64\conime.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page =
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2269050
uInternet Settings,ProxyOverride = fritz.box
uURLSearchHooks: DVDVideoSoft Toolbar: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files (x86)\DVDVideoSoft\tbDVDV.dll
mURLSearchHooks: DVDVideoSoft Toolbar: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files (x86)\DVDVideoSoft\tbDVDV.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
BHO: IE5BarLauncherBHO Class: {78f3a323-798e-4aea-9a57-88f4b05fd5dd} - C:\Program Files (x86)\vShare.tv plugin\BarLcher.dll
BHO: Windows Live Anmelde-Hilfsprogramm: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: DVDVideoSoft Toolbar: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files (x86)\DVDVideoSoft\tbDVDV.dll
BHO: dossec.dossec.dossec: {ee1babcf-cbe2-4c07-8e18-dfe6fc08c30a} - mscoree.dll
TB: DVDVideoSoft Toolbar: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files (x86)\DVDVideoSoft\tbDVDV.dll
TB: VShareToolBar: {7ac3e13b-3bca-4158-b330-f66dbb03c1b5} - C:\Program Files (x86)\vShare.tv plugin\BarLcher.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB: {EEE6C35B-6118-11DC-9C72-001320C79847} - No File
uRun: [Userinit] C:\Users\Urbi\AppData\Roaming\appconf32.exe
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun: [AVMWlanClient] "C:\Program Files (x86)\avmwlanstick\wlangui.exe"
mRun: [<NO NAME>]
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\Users\Urbi\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\DELLDO~1.LNK - C:\Program Files (x86)\Dell\DellDock\DellDock.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\UPDATE~1.LNK - C:\Program Files (x86)\ESET\MiNODLogin\MiNODLogin.exe
uPolicies-explorer: TaskbarNoNotification = 1 (0x1)
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: EnableLinkedConnections = 1 (0x1)
IE: An OneNote s&enden - C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: Free YouTube Download - C:\Users\Urbi\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Free YouTube to Mp3 Converter - C:\Users\Urbi\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm
IE: Nach Microsoft E&xcel exportieren - C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
TCP: DhcpNameServer = 213.191.74.18 62.109.123.196 192.168.0.1
TCP: Interfaces\{A98E5A04-EDD5-446B-A108-44249A35FAD2} : DhcpNameServer = 213.191.74.18 62.109.123.196 192.168.0.1
TCP: Interfaces\{C734FC4C-9BA2-47E7-BE95-35087AA68768} : DhcpNameServer = 192.168.42.129
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
mASetup: {9C450606-ED24-4958-92BA-B8940C99D441} - C:\Program Files (x86)\PixiePack Codec Pack\InstallerHelper.exe
{18DF081C-E8AD-4283-A596-FA578C2EBDC3}
{326E768D-4182-46FD-9C16-1449A49795F4}
BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
{72853161-30C5-4D22-B7F9-0BBC1D38A37E}
{78F3A323-798E-4AEA-9A57-88F4B05FD5DD}
{9030D464-4C02-4ABF-8ECC-5164760863C6}
{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
{B4F3A835-0E21-4959-BA22-42B3008E02FF}
{d2ce3e00-f94a-4740-988e-03dc2f38c34f}
{DBC80044-A445-435b-BC74-9C25C1C588A9}
{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}
{ee1babcf-cbe2-4c07-8e18-dfe6fc08c30a}
{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}
{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5}
{8dcb7100-df86-4384-8842-8fa844297b3f}
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB-X64: {EEE6C35B-6118-11DC-9C72-001320C79847} - No File
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun-x64: [AVMWlanClient] "C:\Program Files (x86)\avmwlanstick\wlangui.exe"
mRun-x64: [(Standard)]
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
IE-X64: {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe
SEH-X64: {B5A7F190-DDA6-4420-B3BA-52453494E6CD}: Groove GFS Stub Execution Hook
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Urbi\AppData\Roaming\Mozilla\Firefox\Profiles\qwhto5xt.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - www.google.de
FF - plugin: C:\Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Firefox\plugins\nplv86win32.dll
FF - plugin: C:\Firefox\plugins\npvsharetvplg.dll
FF - plugin: C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\npBrowserPlugin.dll
FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 NBVol;Nero Backup Volume Filter Driver;C:\Windows\system32\DRIVERS\NBVol.sys --> C:\Windows\system32\DRIVERS\NBVol.sys [?]
R0 NBVolUp;Nero Backup Volume Upper Filter Driver;C:\Windows\system32\DRIVERS\NBVolUp.sys --> C:\Windows\system32\DRIVERS\NBVolUp.sys [?]
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R1 ehdrv;ehdrv;C:\Windows\system32\DRIVERS\ehdrv.sys --> C:\Windows\system32\DRIVERS\ehdrv.sys [?]
R1 mfehidk;McAfee Inc. mfehidk;C:\Windows\system32\drivers\mfehidk.sys --> C:\Windows\system32\drivers\mfehidk.sys [?]
R1 VBoxDrv;VirtualBox Service;C:\Windows\system32\DRIVERS\VBoxDrv.sys --> C:\Windows\system32\DRIVERS\VBoxDrv.sys [?]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver;C:\Windows\system32\DRIVERS\VBoxUSBMon.sys --> C:\Windows\system32\DRIVERS\VBoxUSBMon.sys [?]
R2 ABBYY.Licensing.PDFTransformer.Classic.3.0;ABBYY PDF Transformer 3.0 - Lizenzierungsdienst;C:\Program Files (x86)\ABBYY PDF Transformer 3.0\NetworkLicenseServer.exe [2009-4-27 759048]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
R2 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-10-21 196176]
R2 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-10-13 249648]
R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2008-12-18 155648]
R2 eamonm;eamonm;C:\Windows\system32\DRIVERS\eamonm.sys --> C:\Windows\system32\DRIVERS\eamonm.sys [?]
R2 ekrn;ESET Service;C:\Program Files\ESET\x86\ekrn.exe [2011-9-22 974944]
R2 FontCache;Windows-Dienst für Schriftartencache;C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]
R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2011-11-25 687400]
R2 NitroReaderDriverReadSpool;NitroPDFReaderDriverCreatorReadSpool;C:\Program Files\Common Files\Nitro PDF\Reader\1.0\NitroPDFReaderDriverServicex64.exe [2010-12-3 341296]
R2 PassThru Service;Internet Pass-Through Service;C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2010-9-16 80896]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2009-9-16 648432]
R3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?]
R3 FWLANUSB;AVM FRITZ!WLAN;C:\Windows\system32\DRIVERS\fwlanusb.sys --> C:\Windows\system32\DRIVERS\fwlanusb.sys [?]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;C:\Windows\system32\DRIVERS\VBoxNetAdp.sys --> C:\Windows\system32\DRIVERS\VBoxNetAdp.sys [?]
R3 VBoxNetFlt;VBoxNetFlt Service;C:\Windows\system32\DRIVERS\VBoxNetFlt.sys --> C:\Windows\system32\DRIVERS\VBoxNetFlt.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-11-8 136176]
S3 avmeject;AVM Eject;C:\Windows\system32\drivers\avmeject.sys --> C:\Windows\system32\drivers\avmeject.sys [?]
S3 gupdatem;Google Update-Dienst (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-11-8 136176]
S3 HTCAND64;HTC Device Driver;C:\Windows\system32\Drivers\ANDROIDUSB.sys --> C:\Windows\system32\Drivers\ANDROIDUSB.sys [?]
S3 htcnprot;HTC NDIS Protocol Driver;C:\Windows\system32\DRIVERS\htcnprot.sys --> C:\Windows\system32\DRIVERS\htcnprot.sys [?]
S3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\system32\drivers\mfeavfk.sys --> C:\Windows\system32\drivers\mfeavfk.sys [?]
S3 mfebopk;McAfee Inc. mfebopk;C:\Windows\system32\drivers\mfebopk.sys --> C:\Windows\system32\drivers\mfebopk.sys [?]
S3 mferkdk;McAfee Inc. mferkdk;C:\Windows\system32\drivers\mferkdk.sys --> C:\Windows\system32\drivers\mferkdk.sys [?]
S3 mfesmfk;McAfee Inc. mfesmfk;C:\Windows\system32\drivers\mfesmfk.sys --> C:\Windows\system32\drivers\mfesmfk.sys [?]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 51740536]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 PerfHost;Leistungsindikator-DLL-Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-21 19968]
S3 VBoxUSB;VirtualBox USB;C:\Windows\system32\Drivers\VBoxUSB.sys --> C:\Windows\system32\Drivers\VBoxUSB.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-11-23 89920]
.
=============== File Associations ===============
.
JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
.
=============== Created Last 30 ================
.
2012-03-18 18:42:59 -------- dc-h--w- C:\ProgramData\{83C3B2FD-37EA-4C06-A228-E9B5E32FF0B1}
2012-03-18 18:42:58 -------- d-----w- C:\Program Files (x86)\Uniblue
2012-03-18 18:42:48 -------- d-----w- C:\Users\Urbi\AppData\Local\PackageAware
2012-03-18 14:29:01 -------- d-----w- C:\Program Files\ESET
2012-03-17 23:32:35 -------- d-----w- C:\Users\Urbi\AppData\Roaming\UAs
2012-03-17 23:30:54 5624 ----a-w- C:\Users\Urbi\AppData\Roaming\BAcroIEHelpe.dll
2012-03-17 23:30:54 390648 ----a-w- C:\Users\Urbi\AppData\Roaming\AcroIEHelpe.dll
2012-03-17 23:30:47 -------- d-----w- C:\Users\Urbi\AppData\Roaming\08016
2012-03-17 23:30:35 136 ----a-w- C:\Users\Urbi\AppData\Roaming\srvblck2.tmp
2012-03-17 23:30:27 -------- d-----w- C:\Users\Urbi\AppData\Roaming\xmldm
2012-03-17 23:30:26 -------- d-----w- C:\Users\Urbi\AppData\Roaming\kock
2012-03-17 21:43:41 8643640 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{55CDB382-8FF6-4409-9B5B-ADE0C34F17A4}\mpengine.dll
2012-03-14 15:50:05 -------- d-----w- C:\TEMP
2012-03-14 15:34:54 708096 ----a-w- C:\Windows\System32\rdpencom.dll
2012-03-14 15:34:53 613376 ----a-w- C:\Windows\SysWow64\rdpencom.dll
2012-03-14 15:34:53 209920 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-03-05 20:24:29 -------- d-----w- C:\mafia 2
.
==================== Find3M ====================
.
2012-03-14 15:50:22 3140 --sha-w- C:\Windows\SysWow64\KGyGaAvL.sys
2012-03-14 15:50:20 88 --sh--r- C:\Windows\SysWow64\013E07AF38.sys
2012-02-23 08:18:36 279656 ------w- C:\Windows\System32\MpSigStub.exe
2012-02-22 12:14:20 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-02-14 16:49:43 327680 ----a-w- C:\Windows\System32\d3d10_1core.dll
2012-02-14 16:49:43 196096 ----a-w- C:\Windows\System32\d3d10_1.dll
2012-02-14 15:45:30 219648 ----a-w- C:\Windows\SysWow64\d3d10_1core.dll
2012-02-14 15:45:30 160768 ----a-w- C:\Windows\SysWow64\d3d10_1.dll
2012-02-13 14:38:31 2002944 ----a-w- C:\Windows\System32\d3d10warp.dll
2012-02-13 14:12:08 1172480 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
2012-02-13 14:06:48 834048 ----a-w- C:\Windows\System32\d2d1.dll
2012-02-13 14:03:11 1555968 ----a-w- C:\Windows\System32\DWrite.dll
2012-02-13 13:47:57 683008 ----a-w- C:\Windows\SysWow64\d2d1.dll
2012-02-13 13:44:40 1068544 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-02-02 15:34:25 2765824 ----a-w- C:\Windows\System32\win32k.sys
2012-01-04 00:48:42 354176 ----a-w- C:\Windows\SysWow64\DivXControlPanelApplet.cpl
2012-01-03 14:25:21 404992 ----a-w- C:\Windows\System32\drivers\afd.sys
2011-10-23 14:45:14 584192 ----a-w- C:\Program Files\OTL.exe
2011-10-23 14:40:19 50477 ----a-w- C:\Program Files\Defogger.exe
.
============= FINISH: 20:47:41,03 ===============


Defogger_disable

defogger_disable by jpshortstuff (23.02.10.1)
Log created at 20:46 on 18/03/2012 (Urbi)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...
SPTD -> Already disabled


-=E.O.F=-

kira 19.03.2012 10:40
Hallo und Herzlich Willkommen! :)

Bevor wir unsere Zusammenarbeit beginnen, [Bitte Vollständig lesen]:
Zitat:
  • "Fernbehandlungen/Fernhilfe" und die damit verbundenen Haftungsrisken:
    - da die Fehlerprüfung und Handlung werden über große Entfernungen durchgeführt, besteht keine Haftung unsererseits für die daraus entstehenden Folgen.
    - also, jede Haftung für die daraus entstandene Schäden wird ausgeschlossen, ANWEISUNGEN UND DEREN BEFOLGUNG, ERFOLGT AUF DEINE EIGENE VERANTWORTUNG!
  • Charakteristische Merkmale/Profilinformationen:
    - aus der verwendeten Loglisten oder Logdateien - wie z.B. deinen Realnamen, Seriennummer in Programm etc)- kannst Du herauslöschen oder durch [X] oder Sternchen (*) ersetzen
  • Die Systemprüfung und Bereinigung:
    - kann einige Zeit in Anspruch nehmen (je nach Art der Infektion), kann aber sogar so stark kompromittiert sein, so dass eine wirkungsvolle technische Säuberung ist nicht mehr möglich bzw Du es neu installieren musst
  • Ich empfehle Dir die Anweisungen erst einmal komplett durchzulesen, bevor du es anwendest, weil wenn du etwas falsch machst, kann es wirklich gefährlich werden. Wenn du meinen Anweisungen Schritt für Schritt folgst, kann eigentlich nichts schief gehen.
  • Innerhalb der Betreuungszeit:
    - ohne Abspräche bitte nicht auf eigene Faust handeln!- bei Problemen nachfragen.
  • Die Reihenfolge:
    - genau so wie beschrieben bitte einhalten, nicht selbst die Reihenfolge wählen!
  • GECRACKTE SOFTWARE werden hier nicht geduldet!!!!
  • Ansonsten unsere Forumsregeln:
    - Bitte erst lesen, dann posten!-> Für alle Hilfesuchenden! Was muss ich vor der Eröffnung eines Themas beachten?
  • Alle Logfile mit einem vBCode Tag eingefügen, das bietet hier eine gute Übersicht, erleichtert mir die Arbeit! Falls das Logfile zu groß, teile es in mehrere Teile auf.

Sobald Du diesen Einführungstext gelesen hast, kannst Du beginnen:)
► Erster Teil des 3-teiligen Verfahren, werden wir dein System auf Viren untersuchen, bzw nach einem anderen Verursacher suchen:
Für Vista und Win7:
Wichtig: Alle Befehle bitte als Administrator ausführen! rechte Maustaste auf die Eingabeaufforderung und "als Administrator ausführen" auswählen
Auf der angewählten Anwendung einen Rechtsklick (rechte Maustaste) und "Als Administrator ausführen" wählen!

► Kannst Du vielleicht den Bericht von Eset/Nod32 (nur den Auszug wo der [FUND] steht) hier posten?

1.
Lade Dir Malwarebytes Anti-Malware von→ malwarebytes.org
  • Installieren und per Doppelklick starten.
  • Deutsch einstellen und gleich mal die Datenbanken zu aktualisieren - online updaten
  • "Komplett Scan durchführen" wählen (überall Haken setzen)
  • wenn der Scanvorgang beendet ist, klicke auf "Zeige Resultate"
  • Alle Funde - falls MBAM meldet in C:\System Volume Information - den Haken bitte entfernen - markieren und auf "Löschen" - "Ausgewähltes entfernen") klicken.
  • Poste das Ergebnis hier in den Thread - den Bericht findest Du unter "Scan-Berichte"
eine bebilderte Anleitung findest Du hier: Anleitung

2.
Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt - OTL.txt und Extras.txt
  • Poste die Logfiles in Code-Tags hier in den Thread.

3.
Um festzustellen, ob veraltete oder schädliche Software unter Programme installiert sind, ich würde gerne noch all deine installierten Programme sehen:
  • Download den CCleaner - Installer herunter
  • Software-Lizenzvereinbarung lesen, falls irgendeine Toolbar angeboten wird, bitte abwählen!-> starten -> Falls nötig, auf "Deutsch" einstellen.
  • starten-> klick auf `Extras` (um auf deinem System installierte Software zu anzeigen)-> dann auf `Als Textdatei speichern...`
  • ein Textdatei wird automatisch erstellt, poste auch dieses Logfile (also die Liste alle installierten Programme...eine Textdatei)

Zitat:
Damit dein Thread übersichtlicher und schön lesbar bleibt, am besten nutze den Code-Tags für deinen Post:
→ vor dein Log schreibst Du (also am Anfang des Logfiles):[code]
hier kommt dein Logfile rein - z.B OTL-Logfile o. sonstiges
→ dahinter - also am Ende der Logdatei: [/code]
** Möglichst nicht ins internet gehen, kein Online-Banking, File-sharing, Chatprogramme usw
gruß
kira

urbi28 19.03.2012 16:20
Vielen Dank für deine Antwort, ich habe deine Anleitung Schritt für Schritt abgearbeitet und poste mal eben die Ergebnisse. Aufällig war beim heutigen hochfahren eine Fundmeldung von ESET über /Spy.Baker.WZJ Trojaner und /Spy.Baker.WBU Trojaner. Eins davon hat es gelöscht. Ich habe noch ein ESET durchlauf gemacht und poste auch davon mal das Logfile.

ESET
Code:
Log
Version der Signaturdatenbank: 6978 (20120319)
Datum: 19.03.2012  Uhrzeit: 12:18:06
Geprüfte Laufwerke, Ordner und Dateien: Arbeitsspeicher;C:\Bootsektor;D:\Bootsektor;C:\;D:\
Arbeitsspeicher » TSTheme.exe(4076) - möglicherweise Variante von Win32/Spy.Banker.WBU Trojaner - Säubern nicht möglich
C:\pagefile.sys - Fehler beim Öffnen  [4]
C:\Boot\BCD - Fehler beim Öffnen  [4]
C:\Boot\BCD.LOG - Fehler beim Öffnen  [4]
C:\mafia 2\MAF.II.MULTI5.part01.rar » RAR » MAF.II.MULTI5\Mafia.II.Update.3-SKIDROW\Mafia.II.Update.3.exe - Falsche Prüfsumme (CRC). Datei ist möglicherweise passwortgeschützt.
C:\mafia 2\MAF.II.MULTI5.part01.rar » RAR » MAF.II.MULTI5\Mafia.II.Update.3-SKIDROW\SKIDROW\pc\mafia2.exe - Falsche Prüfsumme (CRC). Datei ist möglicherweise passwortgeschützt.
C:\mafia 2\MAF.II.MULTI5.part01.rar » RAR » MAF.II.MULTI5\Mafia.II.Update.3-SKIDROW\SKIDROW\pc\Skidrow.ini - Falsche Prüfsumme (CRC). Datei ist möglicherweise passwortgeschützt.
C:\mafia 2\MAF.II.MULTI5.part01.rar » RAR » MAF.II.MULTI5\Mafia.II.Update.3-SKIDROW\SKIDROW\pc\Steamclient.dll - Falsche Prüfsumme (CRC). Datei ist möglicherweise passwortgeschützt.
C:\mafia 2\MAF.II.MULTI5.part01.rar » RAR » MAF.II.MULTI5\Mafia.II.Update.3-SKIDROW\SKIDROW\pc\steam_appid.txt - Falsche Prüfsumme (CRC). Datei ist möglicherweise passwortgeschützt.
C:\mafia 2\MAF.II.MULTI5.part01.rar » RAR » MAF.II.MULTI5\Mafia.II.Update.3-SKIDROW\skidrow.nfo - Falsche Prüfsumme (CRC). Datei ist möglicherweise passwortgeschützt.
C:\mafia 2\MAF.II.MULTI5.part01.rar » RAR »  - Falsche Prüfsumme (CRC). Datei ist möglicherweise passwortgeschützt.
C:\mafia 2\MAF.II.MULTI5.part01.rar » RAR »  - Teildatei des gesplitteten Archivs nicht gefunden
C:\MSOCache\All Users\{90140000-0011-0000-1000-0000000FF1CE}-C\ProPsWW2.cab » CAB » HIRING_REQUISITION_CUSTOMIZED.FDT » MIME - - OK (eingebettete Archive NICHT geprüft)
C:\MSOCache\All Users\{90140000-0011-0000-1000-0000000FF1CE}-C\ProPsWW2.cab » CAB » PROCESS_LIBRARY.FDT » MIME - - OK (eingebettete Archive NICHT geprüft)
C:\MSOCache\All Users\{90140000-0011-0000-1000-0000000FF1CE}-C\ProPsWW2.cab » CAB » TRACK_ISSUES.FDT » MIME - - OK (eingebettete Archive NICHT geprüft)
C:\Program Files\ESET.Smart.Security.v5.0.93.18\ESET MiNODLogin v3981.rar » RAR » bdl3981.exe » NSIS » MiNODLogin.exe - Win32/RiskWare.HackAV.DD Anwendung
C:\Program Files\ESET.Smart.Security.v5.0.93.18\ESET MiNODLogin v3981.rar » RAR » bdl3981.exe » NSIS » MiNODLogin.jar » ZIP » gs/eset/ESETAntivirus.class - Variante von Java/HackAV.B Anwendung
C:\Program Files\ESET.Smart.Security.v5.0.93.18\ESET MiNODLogin v3981.rar » RAR » bdl3981.exe » NSIS » MiNODLogin.jar » ZIP » gs/minodlogin/Licencia.class - Variante von Java/HackAV.B Anwendung
C:\Program Files\ESET.Smart.Security.v5.0.93.18\ESET MiNODLogin v3981.rar » RAR » bdl3981.exe » NSIS » MiNODLoginLib.dll - Win32/RiskWare.HackAV.GI Anwendung
C:\Program Files\Latex\MiKTeX\tm\packages\smallcap.cab » CAB » texmf\doc\latex\smallcap\README » MIME - - OK (eingebettete Archive NICHT geprüft)
C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\Hiring Requisition - Customized.fdt » MIME - - OK (eingebettete Archive NICHT geprüft)
C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\Hiring Requisition.fdt » MIME - - OK (eingebettete Archive NICHT geprüft)
C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\POLICIES.FDT » MIME - - OK (eingebettete Archive NICHT geprüft)
C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\Process Library.fdt » MIME - - OK (eingebettete Archive NICHT geprüft)
C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\Track Issues.fdt » MIME - - OK (eingebettete Archive NICHT geprüft)
C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\Python Libraries\Lib\email\test\data\msg_01.txt » MIME - - OK (eingebettete Archive NICHT geprüft)
C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\Python Libraries\Lib\email\test\data\msg_02.txt » MIME - - OK (eingebettete Archive NICHT geprüft)
C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\Python Libraries\Lib\email\test\data\msg_03.txt » MIME - - OK (eingebettete Archive NICHT geprüft)
C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\Python Libraries\Lib\email\test\data\msg_04.txt » MIME - - OK (eingebettete Archive NICHT geprüft)
C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\Python Libraries\Lib\email\test\data\msg_05.txt » MIME - - OK (eingebettete Archive NICHT geprüft)
C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\Python Libraries\Lib\email\test\data\msg_06.txt » MIME - - OK (eingebettete Archive NICHT geprüft)
C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\Python Libraries\Lib\email\test\data\msg_07.txt » MIME - - OK (eingebettete Archive NICHT geprüft)
C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\Python Libraries\Lib\email\test\data\msg_08.txt » MIME - - OK (eingebettete Archive NICHT geprüft)
C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\Python Libraries\Lib\email\test\data\msg_09.txt » MIME - - OK (eingebettete Archive NICHT geprüft)
C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\Python Libraries\Lib\email\test\data\msg_10.txt » MIME - - OK (eingebettete Archive NICHT geprüft)
C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\Python Libraries\Lib\email\test\data\msg_11.txt » MIME - - OK (eingebettete Archive NICHT geprüft)
C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\Python Libraries\Lib\email\test\data\msg_12.txt » MIME - - OK (eingebettete Archive NICHT geprüft)
C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\Python Libraries\Lib\email\test\data\msg_12a.txt » MIME - - OK (eingebettete Archive NICHT geprüft)
C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\Python Libraries\Lib\email\test\data\msg_13.txt » MIME - - OK (eingebettete Archive NICHT geprüft)
C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\Python Libraries\Lib\email\test\data\msg_14.txt » MIME - - OK (eingebettete Archive NICHT geprüft)
C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\Python Libraries\Lib\email\test\data\msg_15.txt » MIME - - OK (eingebettete Archive NICHT geprüft)
C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\Python Libraries\Lib\email\test\data\msg_16.txt » MIME - - OK (eingebettete Archive NICHT geprüft)
C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\Python Libraries\Lib\email\test\data\msg_17.txt » MIME - - OK (eingebettete Archive NICHT geprüft)
C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\Python Libraries\Lib\email\test\data\msg_18.txt » MIME - - OK (eingebettete Archive NICHT geprüft)
C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\Python Libraries\Lib\email\test\data\msg_20.txt » MIME - - OK (eingebettete Archive NICHT geprüft)
C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\Python Libraries\Lib\email\test\data\msg_21.txt » MIME - - OK (eingebettete Archive NICHT geprüft)
C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\Python Libraries\Lib\email\test\data\msg_22.txt » MIME - - OK (eingebettete Archive NICHT geprüft)
C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\Python Libraries\Lib\email\test\data\msg_23.txt » MIME - - OK (eingebettete Archive NICHT geprüft)
C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\Python Libraries\Lib\email\test\data\msg_24.txt » MIME - - OK (eingebettete Archive NICHT geprüft)
C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\Python Libraries\Lib\email\test\data\msg_25.txt » MBOX - - OK (eingebettete Archive NICHT geprüft)
C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\Python Libraries\Lib\email\test\data\msg_26.txt » MIME - - OK (eingebettete Archive NICHT geprüft)
C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\Python Libraries\Lib\email\test\data\msg_27.txt » MIME - - OK (eingebettete Archive NICHT geprüft)
C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\Python Libraries\Lib\email\test\data\msg_28.txt » MIME - - OK (eingebettete Archive NICHT geprüft)
C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\Python Libraries\Lib\email\test\data\msg_29.txt » MIME - - OK (eingebettete Archive NICHT geprüft)
C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\Python Libraries\Lib\email\test\data\msg_30.txt » MIME - - OK (eingebettete Archive NICHT geprüft)
C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\Python Libraries\Lib\email\test\data\msg_31.txt » MIME - - OK (eingebettete Archive NICHT geprüft)
C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\Python Libraries\Lib\email\test\data\msg_34.txt » MIME - - OK (eingebettete Archive NICHT geprüft)
C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\Python Libraries\Lib\email\test\data\msg_35.txt » MIME - - OK (eingebettete Archive NICHT geprüft)
C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\Python Libraries\Lib\email\test\data\msg_36.txt » MIME - - OK (eingebettete Archive NICHT geprüft)
C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\Python Libraries\Lib\email\test\data\msg_37.txt » MIME - - OK (eingebettete Archive NICHT geprüft)
C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\Python Libraries\Lib\email\test\data\msg_38.txt » MIME - - OK (eingebettete Archive NICHT geprüft)
C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\Python Libraries\Lib\email\test\data\msg_39.txt » MIME - - OK (eingebettete Archive NICHT geprüft)
C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\Python Libraries\Lib\email\test\data\msg_40.txt » MIME - - OK (eingebettete Archive NICHT geprüft)
C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\Python Libraries\Lib\email\test\data\msg_41.txt » MIME - - OK (eingebettete Archive NICHT geprüft)
C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\Python Libraries\Lib\email\test\data\msg_42.txt » MIME - - OK (eingebettete Archive NICHT geprüft)
C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\Python Libraries\Lib\email\test\data\msg_43.txt » MBOX - - OK (eingebettete Archive NICHT geprüft)
C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\Python Libraries\Lib\email\test\data\msg_44.txt » MIME - - OK (eingebettete Archive NICHT geprüft)
C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\Python Libraries\Lib\test\testtar.tar » TAR »  - Archiv beschädigt
C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2 - Installation Files\Data1.cab » CAB » testtar.tar.0160FC08_F3D9_4869_9D41_C611C16F42D5 » TAR »  - Archiv beschädigt
C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2 - Installation Files\Data1.cab » CAB » msg_09.txt.0160FC08_F3D9_4869_9D41_C611C16F42D5 » MIME - - OK (eingebettete Archive NICHT geprüft)
C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2 - Installation Files\Data1.cab » CAB » msg_08.txt.0160FC08_F3D9_4869_9D41_C611C16F42D5 » MIME - - OK (eingebettete Archive NICHT geprüft)
C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2 - Installation Files\Data1.cab » CAB » msg_07.txt.0160FC08_F3D9_4869_9D41_C611C16F42D5 » MIME - - OK (eingebettete Archive NICHT geprüft)
C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2 - Installation Files\Data1.cab » CAB » msg_06.txt.0160FC08_F3D9_4869_9D41_C611C16F42D5 » MIME - - OK (eingebettete Archive NICHT geprüft)
C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2 - Installation Files\Data1.cab » CAB » msg_05.txt.0160FC08_F3D9_4869_9D41_C611C16F42D5 » MIME - - OK (eingebettete Archive NICHT geprüft)
C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2 - Installation Files\Data1.cab » CAB » msg_04.txt.0160FC08_F3D9_4869_9D41_C611C16F42D5 » MIME - - OK (eingebettete Archive NICHT geprüft)
C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2 - Installation Files\Data1.cab » CAB » msg_03.txt.0160FC08_F3D9_4869_9D41_C611C16F42D5 » MIME - - OK (eingebettete Archive NICHT geprüft)
C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2 - Installation Files\Data1.cab » CAB » msg_02.txt.0160FC08_F3D9_4869_9D41_C611C16F42D5 » MIME - - OK (eingebettete Archive NICHT geprüft)
C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2 - Installation Files\Data1.cab » CAB » msg_01.txt.0160FC08_F3D9_4869_9D41_C611C16F42D5 » MIME - - OK (eingebettete Archive NICHT geprüft)
C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2 - Installation Files\Data1.cab » CAB » msg_44.txt.0160FC08_F3D9_4869_9D41_C611C16F42D5 » MIME - - OK (eingebettete Archive NICHT geprüft)
C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2 - Installation Files\Data1.cab » CAB » msg_43.txt.0160FC08_F3D9_4869_9D41_C611C16F42D5 » MBOX - - OK (eingebettete Archive NICHT geprüft)
C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2 - Installation Files\Data1.cab » CAB » msg_42.txt.0160FC08_F3D9_4869_9D41_C611C16F42D5 » MIME - - OK (eingebettete Archive NICHT geprüft)
C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2 - Installation Files\Data1.cab » CAB » msg_41.txt.0160FC08_F3D9_4869_9D41_C611C16F42D5 » MIME - - OK (eingebettete Archive NICHT geprüft)
C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2 - Installation Files\Data1.cab » CAB » msg_40.txt.0160FC08_F3D9_4869_9D41_C611C16F42D5 » MIME - - OK (eingebettete Archive NICHT geprüft)
C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2 - Installation Files\Data1.cab » CAB » msg_39.txt.0160FC08_F3D9_4869_9D41_C611C16F42D5 » MIME - - OK (eingebettete Archive NICHT geprüft)
C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2 - Installation Files\Data1.cab » CAB » msg_38.txt.0160FC08_F3D9_4869_9D41_C611C16F42D5 » MIME - - OK (eingebettete Archive NICHT geprüft)
C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2 - Installation Files\Data1.cab » CAB » msg_37.txt.0160FC08_F3D9_4869_9D41_C611C16F42D5 » MIME - - OK (eingebettete Archive NICHT geprüft)
C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2 - Installation Files\Data1.cab » CAB » msg_36.txt.0160FC08_F3D9_4869_9D41_C611C16F42D5 » MIME - - OK (eingebettete Archive NICHT geprüft)
C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2 - Installation Files\Data1.cab » CAB » msg_35.txt.0160FC08_F3D9_4869_9D41_C611C16F42D5 » MIME - - OK (eingebettete Archive NICHT geprüft)
C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2 - Installation Files\Data1.cab » CAB » msg_34.txt.0160FC08_F3D9_4869_9D41_C611C16F42D5 » MIME - - OK (eingebettete Archive NICHT geprüft)
C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2 - Installation Files\Data1.cab » CAB » msg_31.txt.0160FC08_F3D9_4869_9D41_C611C16F42D5 » MIME - - OK (eingebettete Archive NICHT geprüft)
C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2 - Installation Files\Data1.cab » CAB » msg_30.txt.0160FC08_F3D9_4869_9D41_C611C16F42D5 » MIME - - OK (eingebettete Archive NICHT geprüft)
C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2 - Installation Files\Data1.cab » CAB » msg_29.txt.0160FC08_F3D9_4869_9D41_C611C16F42D5 » MIME - - OK (eingebettete Archive NICHT geprüft)
C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2 - Installation Files\Data1.cab » CAB » msg_28.txt.0160FC08_F3D9_4869_9D41_C611C16F42D5 » MIME - - OK (eingebettete Archive NICHT geprüft)
C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2 - Installation Files\Data1.cab » CAB » msg_27.txt.0160FC08_F3D9_4869_9D41_C611C16F42D5 » MIME - - OK (eingebettete Archive NICHT geprüft)
C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2 - Installation Files\Data1.cab » CAB » msg_26.txt.0160FC08_F3D9_4869_9D41_C611C16F42D5 » MIME - - OK (eingebettete Archive NICHT geprüft)
C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2 - Installation Files\Data1.cab » CAB » msg_25.txt.0160FC08_F3D9_4869_9D41_C611C16F42D5 » MBOX - - OK (eingebettete Archive NICHT geprüft)
C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2 - Installation Files\Data1.cab » CAB » msg_24.txt.0160FC08_F3D9_4869_9D41_C611C16F42D5 » MIME - - OK (eingebettete Archive NICHT geprüft)
C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2 - Installation Files\Data1.cab » CAB » msg_23.txt.0160FC08_F3D9_4869_9D41_C611C16F42D5 » MIME - - OK (eingebettete Archive NICHT geprüft)
C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2 - Installation Files\Data1.cab » CAB » msg_22.txt.0160FC08_F3D9_4869_9D41_C611C16F42D5 » MIME - - OK (eingebettete Archive NICHT geprüft)
C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2 - Installation Files\Data1.cab » CAB » msg_21.txt.0160FC08_F3D9_4869_9D41_C611C16F42D5 » MIME - - OK (eingebettete Archive NICHT geprüft)
C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2 - Installation Files\Data1.cab » CAB » msg_20.txt.0160FC08_F3D9_4869_9D41_C611C16F42D5 » MIME - - OK (eingebettete Archive NICHT geprüft)
C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2 - Installation Files\Data1.cab » CAB » msg_18.txt.0160FC08_F3D9_4869_9D41_C611C16F42D5 » MIME - - OK (eingebettete Archive NICHT geprüft)
C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2 - Installation Files\Data1.cab » CAB » msg_17.txt.0160FC08_F3D9_4869_9D41_C611C16F42D5 » MIME - - OK (eingebettete Archive NICHT geprüft)
C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2 - Installation Files\Data1.cab » CAB » msg_16.txt.0160FC08_F3D9_4869_9D41_C611C16F42D5 » MIME - - OK (eingebettete Archive NICHT geprüft)
C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2 - Installation Files\Data1.cab » CAB » msg_15.txt.0160FC08_F3D9_4869_9D41_C611C16F42D5 » MIME - - OK (eingebettete Archive NICHT geprüft)
C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2 - Installation Files\Data1.cab » CAB » msg_14.txt.0160FC08_F3D9_4869_9D41_C611C16F42D5 » MIME - - OK (eingebettete Archive NICHT geprüft)
C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2 - Installation Files\Data1.cab » CAB » msg_13.txt.0160FC08_F3D9_4869_9D41_C611C16F42D5 » MIME - - OK (eingebettete Archive NICHT geprüft)
C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2 - Installation Files\Data1.cab » CAB » msg_12a.txt.0160FC08_F3D9_4869_9D41_C611C16F42D5 » MIME - - OK (eingebettete Archive NICHT geprüft)
C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2 - Installation Files\Data1.cab » CAB » msg_12.txt.0160FC08_F3D9_4869_9D41_C611C16F42D5 » MIME - - OK (eingebettete Archive NICHT geprüft)
C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2 - Installation Files\Data1.cab » CAB » msg_11.txt.0160FC08_F3D9_4869_9D41_C611C16F42D5 » MIME - - OK (eingebettete Archive NICHT geprüft)
C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2 - Installation Files\Data1.cab » CAB » msg_10.txt.0160FC08_F3D9_4869_9D41_C611C16F42D5 » MIME - - OK (eingebettete Archive NICHT geprüft)
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.dat » ZIP » _TUProj.dat - Fehler - Datei ist passwortgeschützt
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.dat » ZIP » _TUProjDT.dat - Fehler - Datei ist passwortgeschützt
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.dat » ZIP » DataSafe_Green.ico - Fehler - Datei ist passwortgeschützt
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.dat » ZIP » IRIMG1.BMP - Fehler - Datei ist passwortgeschützt
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.dat » ZIP » IRIMG1.JPG - Fehler - Datei ist passwortgeschützt
C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXDownloadManagerPlugin.dll » PECompact v2.xx - Fehler beim Entpacken
C:\Program Files (x86)\MiKTeX 2.9\doc\latex\arabtex\txt\miktex.mai » MBOX - - OK (eingebettete Archive NICHT geprüft)
C:\Program Files (x86)\MiKTeX 2.9\doc\latex\cjk\chinese\emTeXb5.txt » MBOX - - OK (eingebettete Archive NICHT geprüft)
C:\Program Files (x86)\MiKTeX 2.9\doc\latex\feynmf\Announce » MIME - - OK (eingebettete Archive NICHT geprüft)
C:\Program Files (x86)\MiKTeX 2.9\doc\latex\ginpenc\news-message.txt » MIME - - OK (eingebettete Archive NICHT geprüft)
C:\Program Files (x86)\MiKTeX 2.9\doc\latex\recycle\README » MIME - - OK (eingebettete Archive NICHT geprüft)
C:\Program Files (x86)\MiKTeX 2.9\doc\latex\smallcap\README » MIME - - OK (eingebettete Archive NICHT geprüft)
C:\Program Files (x86)\MiKTeX 2.9\doc\plain\figflow\README.figflow » MIME - - OK (eingebettete Archive NICHT geprüft)
C:\Program Files (x86)\MiKTeX 2.9\source\rmannot-src.tar.bz2 » BZ2 » rmannot-src.tar » TAR » latex/rmannot/RMfiles/AcroFlex3_demo_skin.swf » CWS » file.swf - Archiv beschädigt - Datei kann nicht extrahiert werden
C:\Program Files (x86)\openOffice\openofficeorg1.cab » CAB » testtar.tar » TAR »  - Archiv beschädigt
C:\Program Files (x86)\OpenOffice.org 3\Basis\program\python-core-2.6.1\lib\test\testtar.tar » TAR »  - Archiv beschädigt
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.log - Fehler beim Öffnen  [4]
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\tmp.edb - Fehler beim Öffnen  [4]
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb - Fehler beim Öffnen  [4]
C:\System Volume Information\{1869db2c-64a1-11e1-9131-001f3f09796e}{3808876b-c176-4e48-b7ae-04046e6cc752} - Fehler beim Öffnen  [4]
C:\System Volume Information\{1a1c5211-57f6-11e1-97aa-001f3f09796e}{3808876b-c176-4e48-b7ae-04046e6cc752} - Fehler beim Öffnen  [4]
C:\System Volume Information\{1bd8fb6a-5277-11e1-a1c6-001f3f09796e}{3808876b-c176-4e48-b7ae-04046e6cc752} - Fehler beim Öffnen  [4]
C:\System Volume Information\{26440def-5a21-11e1-adb6-001f3f09796e}{3808876b-c176-4e48-b7ae-04046e6cc752} - Fehler beim Öffnen  [4]
C:\System Volume Information\{31808bc4-5409-11e1-b7f9-001f3f09796e}{3808876b-c176-4e48-b7ae-04046e6cc752} - Fehler beim Öffnen  [4]
C:\System Volume Information\{33b14ccf-6162-11e1-879a-001f3f09796e}{3808876b-c176-4e48-b7ae-04046e6cc752} - Fehler beim Öffnen  [4]
C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752} - Fehler beim Öffnen  [4]
C:\System Volume Information\{3a0b31f0-62b5-11e1-aff6-001f3f09796e}{3808876b-c176-4e48-b7ae-04046e6cc752} - Fehler beim Öffnen  [4]
C:\System Volume Information\{4ac27b4f-6785-11e1-be68-001f3f09796e}{3808876b-c176-4e48-b7ae-04046e6cc752} - Fehler beim Öffnen  [4]
C:\System Volume Information\{5b91854f-596d-11e1-adb4-001f3f09796e}{3808876b-c176-4e48-b7ae-04046e6cc752} - Fehler beim Öffnen  [4]
C:\System Volume Information\{5c66f771-6841-11e1-8b6e-001f3f09796e}{3808876b-c176-4e48-b7ae-04046e6cc752} - Fehler beim Öffnen  [4]
C:\System Volume Information\{5ef023b0-6dea-11e1-8234-001f3f09796e}{3808876b-c176-4e48-b7ae-04046e6cc752} - Fehler beim Öffnen  [4]
C:\System Volume Information\{5ef023b5-6dea-11e1-8234-001f3f09796e}{3808876b-c176-4e48-b7ae-04046e6cc752} - Fehler beim Öffnen  [4]
C:\System Volume Information\{5f0f180d-56e7-11e1-8451-001f3f09796e}{3808876b-c176-4e48-b7ae-04046e6cc752} - Fehler beim Öffnen  [4]
C:\System Volume Information\{68dde72f-7079-11e1-998e-001f3f09796e}{3808876b-c176-4e48-b7ae-04046e6cc752} - Fehler beim Öffnen  [4]
C:\System Volume Information\{6eb4f24f-6ae0-11e1-b23e-001f3f09796e}{3808876b-c176-4e48-b7ae-04046e6cc752} - Fehler beim Öffnen  [4]
C:\System Volume Information\{7b9d304f-621a-11e1-b799-001f3f09796e}{3808876b-c176-4e48-b7ae-04046e6cc752} - Fehler beim Öffnen  [4]
C:\System Volume Information\{90b4c1ad-5adb-11e1-9979-001f3f09796e}{3808876b-c176-4e48-b7ae-04046e6cc752} - Fehler beim Öffnen  [4]
C:\System Volume Information\{9615254c-5586-11e1-b81d-001f3f09796e}{3808876b-c176-4e48-b7ae-04046e6cc752} - Fehler beim Öffnen  [4]
C:\System Volume Information\{abf8ca4f-6d02-11e1-960e-001f3f09796e}{3808876b-c176-4e48-b7ae-04046e6cc752} - Fehler beim Öffnen  [4]
C:\System Volume Information\{ad536d6a-5d4d-11e1-9f64-001f3f09796e}{3808876b-c176-4e48-b7ae-04046e6cc752} - Fehler beim Öffnen  [4]
C:\System Volume Information\{cb72a20d-70ff-11e1-b6fa-001f3f09796e}{3808876b-c176-4e48-b7ae-04046e6cc752} - Fehler beim Öffnen  [4]
C:\System Volume Information\{dabe1397-7130-11e1-b6e9-001f3f09796e}{3808876b-c176-4e48-b7ae-04046e6cc752} - Fehler beim Öffnen  [4]
C:\System Volume Information\{db677cac-5ed3-11e1-83f1-001f3f09796e}{3808876b-c176-4e48-b7ae-04046e6cc752} - Fehler beim Öffnen  [4]
C:\System Volume Information\{e409bd6f-638c-11e1-8a78-001f3f09796e}{3808876b-c176-4e48-b7ae-04046e6cc752} - Fehler beim Öffnen  [4]
C:\System Volume Information\{e7fffc2d-6b86-11e1-9403-001f3f09796e}{3808876b-c176-4e48-b7ae-04046e6cc752} - Fehler beim Öffnen  [4]
C:\Users\All Users\Microsoft\Search\Data\Applications\Windows\MSS.log - Fehler beim Öffnen  [4]
C:\Users\All Users\Microsoft\Search\Data\Applications\Windows\tmp.edb - Fehler beim Öffnen  [4]
C:\Users\All Users\Microsoft\Search\Data\Applications\Windows\Windows.edb - Fehler beim Öffnen  [4]
C:\Users\Urbi\NTUSER.DAT - Fehler beim Öffnen  [4]
C:\Users\Urbi\ntuser.dat.LOG1 - Fehler beim Öffnen  [4]
C:\Users\Urbi\ntuser.dat.LOG2 - Fehler beim Öffnen  [4]
C:\Users\Urbi\AppData\Local\Microsoft\Windows\UsrClass.dat - Fehler beim Öffnen  [4]
C:\Users\Urbi\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG1 - Fehler beim Öffnen  [4]
C:\Users\Urbi\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG2 - Fehler beim Öffnen  [4]
C:\Users\Urbi\AppData\Local\Microsoft\Windows Live Mail\Sentinel\WLMailSearchSentinel.eml » MIME - - OK (eingebettete Archive NICHT geprüft)
C:\Users\Urbi\AppData\Local\Microsoft\Windows Mail\Local Folders\Inbox\02B86709-00000001.eml » MIME - - OK (eingebettete Archive NICHT geprüft)
C:\Users\Urbi\AppData\Roaming\appconf32.exe - Fehler beim Öffnen  [4]
C:\Users\Urbi\AppData\Roaming\Mozilla\Firefox\Profiles\qwhto5xt.default\parent.lock - Fehler beim Öffnen  [4]
C:\Users\Urbi\AppData\Roaming\Mozilla\Firefox\Profiles\qwhto5xt.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}\chrome\dvdvideosoft.jar » ZIP » skin/skin.rar.txt » RAR »  - Archiv beschädigt
C:\Users\Urbi\Downloads\MEN.OF.WAR.ASSAULT.SQUAD-BB.part1(1).rar » RAR »  - Archiv beschädigt
C:\Users\Urbi\Downloads\MEN.OF.WAR.ASSAULT.SQUAD-BB.part1.rar » RAR »  - Archiv beschädigt
C:\Users\Urbi\Downloads\nitro_pdf_1321reader_64.exe » INDIGOROSE - Archiv beschädigt
C:\Users\Urbi\Downloads\nitro_pdf_professional6_ocr_de.exe » INDIGOROSE - Archiv beschädigt
C:\Users\Urbi\Downloads\plz_OPP2010x64de.part01.rar » RAR - Fehler - Datei ist passwortgeschützt
C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT - Fehler beim Öffnen  [4]
C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1 - Fehler beim Öffnen  [4]
C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG2 - Fehler beim Öffnen  [4]
C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat - Fehler beim Öffnen  [4]
C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat - Fehler beim Öffnen  [4]
C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT - Fehler beim Öffnen  [4]
C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1 - Fehler beim Öffnen  [4]
C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG2 - Fehler beim Öffnen  [4]
Geprüfte Objekte: 709487
Erkannte Bedrohungen: 5
Anzahl gesäuberter Objekte: 0
Abgeschlossen: 13:18:26  Benötigte Zeit: 3620 Sek. (01:00:20)

Hinweise:
[4] Objekt kann nicht geöffnet werden. Möglicherweise in Benutzung durch eine andere Anwendung oder das Betriebssystem.
Malwarebytes

Code:
Malwarebytes Anti-Malware (Test) 1.60.1.1000
www.malwarebytes.org

Datenbank Version: v2012.03.19.02

Windows Vista Service Pack 2 x64 NTFS
Internet Explorer 8.0.6001.19190
Urbi :: URBI-PC [Administrator]

Schutz: Aktiviert

19.03.2012 13:24:49
mbam-log-2012-03-19 (13-24-49).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 540001
Laufzeit: 2 Stunde(n), 14 Minute(n), 24 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 1
C:\Users\Urbi\AppData\Roaming\AcroIEHelpe089.dll (Trojan.Banker) -> Löschen bei Neustart.

Infizierte Registrierungsschlüssel: 19
HKCR\CLSID\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\TypeLib\{BB7256DD-EBA9-480B-8441-A00388C2BEC3} (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\Interface\{3D782BB2-F2A5-11D3-BF4C-000000000000} (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\MyNewsBarLauncher.IE5BarLauncherBHO.1 (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\MyNewsBarLauncher.IE5BarLauncherBHO (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\CLSID\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\MyNewsBarLauncher.IE5BarLauncher.1 (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\MyNewsBarLauncher.IE5BarLauncher (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\CLSID\{975670D0-7EFB-4fa8-90FA-3AE575B9FB77} (Trojan.Banker) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{975670D0-7EFB-4FA8-90FA-3AE575B9FB77} (Trojan.Banker) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{975670D0-7EFB-4FA8-90FA-3AE575B9FB77} (Trojan.Banker) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MiNODLogin (Riskware.KG) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Registrierungswerte: 5
HKCU\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser|{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Daten: ;áÃzÊ;XA³0öm»Áµ -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Daten: VShareTB -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Daten:  -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Daten:  -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Userinit (Backdoor.Agent) -> Daten: C:\Users\Urbi\AppData\Roaming\appconf32.exe -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 6
C:\Program Files (x86)\vShare.tv plugin\BarLcher.dll (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Urbi\AppData\Roaming\AcroIEHelpe089.dll (Trojan.Banker) -> Löschen bei Neustart.
C:\Program Files\ESET.Smart.Security.v5.0.93.18\bdl3981.exe (Riskware.KG) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\ESET\MiNODLogin\MiNODLogin.exe (Riskware.KG) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\ESET\MiNODLogin\MiNODLoginUninst.exe (Riskware.KG) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Urbi\AppData\Roaming\appconf32.exe (Backdoor.Agent) -> Löschen bei Neustart.

(Ende)
OTL

OTL Logfile:
Code:
OTL logfile created on: 19.03.2012 15:50:35 - Run 2
OTL by OldTimer - Version 3.2.39.1    Folder = C:\Users\Urbi\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19190)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
6,00 Gb Total Physical Memory | 4,23 Gb Available Physical Memory | 70,58% Memory free
12,10 Gb Paging File | 10,32 Gb Available in Paging File | 85,21% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 450,68 Gb Total Space | 252,77 Gb Free Space | 56,09% Space Free | Partition Type: NTFS
Drive D: | 15,00 Gb Total Space | 5,66 Gb Free Space | 37,73% Space Free | Partition Type: NTFS
 
Computer Name: URBI-PC | User Name: Urbi | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Urbi\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG)
PRC - C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.)
PRC - C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
PRC - C:\Programme\ESET\x86\ekrn.exe (ESET)
PRC - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe ()
PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE (SoftThinks)
PRC - C:\Program Files (x86)\ABBYY PDF Transformer 3.0\NetworkLicenseServer.exe (ABBYY)
PRC - C:\Program Files (x86)\avmwlanstick\WLanGUI.exe (AVM Berlin)
PRC - C:\Program Files (x86)\avmwlanstick\WlanNetService.exe (AVM Berlin)
PRC - C:\Programme\Dell\DellDock\DockLogin.exe (Stardock Corporation)
PRC - C:\Windows\SysWOW64\PSIService.exe ()
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Firefox\mozjs.dll ()
MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll ()
MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
MOD - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (Ati External Event Utility) -- C:\Windows\SysNative\Ati2evxx.exe (ATI Technologies Inc.)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (NAUpdate) @C:\Program Files (x86) -- C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG)
SRV - (BBSvc) -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.)
SRV - (BBUpdate) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
SRV - (ekrn) -- C:\Programme\ESET\x86\ekrn.exe (ESET)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (NitroReaderDriverReadSpool) -- C:\Programme\Common Files\Nitro PDF\Reader\1.0\NitroPDFReaderDriverServicex64.exe (Nitro PDF Software)
SRV - (PassThru Service) -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe ()
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV - (ose64) -- C:\Programme\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (SftService) -- C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE (SoftThinks)
SRV - (ABBYY.Licensing.PDFTransformer.Classic.3.0) -- C:\Program Files (x86)\ABBYY PDF Transformer 3.0\NetworkLicenseServer.exe (ABBYY)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (AVM WLAN Connection Service) -- C:\Program Files (x86)\avmwlanstick\WlanNetService.exe (AVM Berlin)
SRV - (DockLoginService) -- C:\Programme\Dell\DellDock\DockLogin.exe (Stardock Corporation)
SRV - (ProtexisLicensing) -- C:\Windows\SysWOW64\PSIService.exe ()
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (NBVol) -- C:\Windows\SysNative\DRIVERS\NBVol.sys (Nero AG)
DRV:64bit: - (NBVolUp) -- C:\Windows\SysNative\DRIVERS\NBVolUp.sys (Nero AG)
DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\DRIVERS\dtsoftbus01.sys (DT Soft Ltd)
DRV:64bit: - (eamonm) -- C:\Windows\SysNative\DRIVERS\eamonm.sys (ESET)
DRV:64bit: - (ehdrv) -- C:\Windows\SysNative\DRIVERS\ehdrv.sys (ESET)
DRV:64bit: - (VBoxNetAdp) -- C:\Windows\SysNative\DRIVERS\VBoxNetAdp.sys (Oracle Corporation)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\Drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (htcnprot) -- C:\Windows\SysNative\DRIVERS\htcnprot.sys (Windows (R) Win 7 DDK provider)
DRV:64bit: - (sptd) -- C:\Windows\SysNative\Drivers\sptd.sys (Duplex Secure Ltd.)
DRV:64bit: - (mfehidk) -- C:\Windows\SysNative\drivers\mfehidk.sys (McAfee, Inc.)
DRV:64bit: - (mfeavfk) -- C:\Windows\SysNative\drivers\mfeavfk.sys (McAfee, Inc.)
DRV:64bit: - (mfesmfk) -- C:\Windows\SysNative\drivers\mfesmfk.sys (McAfee, Inc.)
DRV:64bit: - (mferkdk) -- C:\Windows\SysNative\drivers\mferkdk.sys (McAfee, Inc.)
DRV:64bit: - (mfebopk) -- C:\Windows\SysNative\drivers\mfebopk.sys (McAfee, Inc.)
DRV:64bit: - (HTCAND64) -- C:\Windows\SysNative\Drivers\ANDROIDUSB.sys (HTC, Corporation)
DRV:64bit: - (usb_rndisx) -- C:\Windows\SysNative\DRIVERS\usb8023x.sys (Microsoft Corporation)
DRV:64bit: - (R300) -- C:\Windows\SysNative\DRIVERS\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\DRIVERS\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (FWLANUSB) -- C:\Windows\SysNative\DRIVERS\fwlanusb.sys (AVM GmbH)
DRV:64bit: - (avmeject) -- C:\Windows\SysNative\drivers\avmeject.sys (AVM Berlin)
DRV:64bit: - (RTL8169) -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys (Realtek Corporation                                            )
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iastor.sys (Intel Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (e1express) Intel(R) -- C:\Windows\SysNative\DRIVERS\e1e6032e.sys (Intel Corporation)
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files (x86)\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/USCON/8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2269050
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files (x86)\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)
IE - HKCU\..\SearchScopes,DefaultScope = {6799BAC7-C7B2-4385-8870-1743E01ABAAC}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&Form=DLCDF7&pc=MDDC&src=IE-SearchBox
IE - HKCU\..\SearchScopes\{1D2AD974-616E-4ba1-A714-FE5EC5194E7F}: "URL" = hxxp://www.google.com/search?hl=en&q={searchTerms}&meta=
IE - HKCU\..\SearchScopes\{2D8B5C3D-E75A-46d2-AE42-6D9FD4ADB708}: "URL" = hxxp://search.msdn.microsoft.com/search/Default.aspx?query={searchTerms}&brand=msdn&locale=&refinement=00&lang=en-us
IE - HKCU\..\SearchScopes\{6799BAC7-C7B2-4385-8870-1743E01ABAAC}: "URL" = hxxp://www.google.de/search?q={searchTerms}
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = fritz.box
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultthis.engineName: "Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {b749fc7c-e949-447f-926c-3f4eed6accfe}:0.7.0.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..network.proxy.backup.ftp: ""
FF - prefs.js..network.proxy.backup.ftp_port: 0
FF - prefs.js..network.proxy.backup.socks: ""
FF - prefs.js..network.proxy.backup.socks_port: 0
FF - prefs.js..network.proxy.backup.ssl: ""
FF - prefs.js..network.proxy.backup.ssl_port: 0
FF - prefs.js..network.proxy.ftp: "        74.95.66.34"
FF - prefs.js..network.proxy.ftp_port: 80
FF - prefs.js..network.proxy.http: "        74.95.66.34"
FF - prefs.js..network.proxy.http_port: 80
FF - prefs.js..network.proxy.no_proxies_on: "fritz.box"
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "        74.95.66.34"
FF - prefs.js..network.proxy.socks_port: 80
FF - prefs.js..network.proxy.ssl: "        74.95.66.34"
FF - prefs.js..network.proxy.ssl_port: 80
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Nero.com/KM: C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\PROGRAM FILES\ESET\MOZILLA THUNDERBIRD [2012.03.18 15:29:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011.12.30 15:54:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Firefox\components [2012.02.17 20:50:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Firefox\plugins [2012.01.12 19:15:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\Mozilla Thunderbird [2012.03.18 15:29:45 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\{184AA5E6-741D-464a-820E-94B3ABC2F3B4}: C:\Users\Urbi\AppData\Roaming\08017 [2012.03.19 12:12:23 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Firefox\components [2012.02.17 20:50:03 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Firefox\plugins [2012.01.12 19:15:05 | 000,000,000 | ---D | M]
 
[2009.12.29 21:51:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Urbi\AppData\Roaming\mozilla\Extensions
[2011.12.09 11:17:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Urbi\AppData\Roaming\mozilla\Firefox\Profiles\qwhto5xt.default\extensions
[2010.06.24 13:36:52 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Urbi\AppData\Roaming\mozilla\Firefox\Profiles\qwhto5xt.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.11.08 21:59:35 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\Urbi\AppData\Roaming\mozilla\Firefox\Profiles\qwhto5xt.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2010.01.17 19:37:36 | 000,000,000 | ---D | M] (DVDVideoSoft Toolbar) -- C:\Users\Urbi\AppData\Roaming\mozilla\Firefox\Profiles\qwhto5xt.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}
[2010.01.18 15:18:30 | 000,000,881 | ---- | M] () -- C:\Users\Urbi\AppData\Roaming\Mozilla\Firefox\Profiles\qwhto5xt.default\searchplugins\conduit.xml
[2011.12.30 15:54:00 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 &lt;video&gt;) -- C:\PROGRAM FILES (X86)\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5
() (No name found) -- C:\USERS\URBI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWHTO5XT.DEFAULT\EXTENSIONS\{1FC895A6-2042-46EC-A61B-233165B4C218}.XPI
() (No name found) -- C:\USERS\URBI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWHTO5XT.DEFAULT\EXTENSIONS\{B749FC7C-E949-447F-926C-3F4EED6ACCFE}.XPI
 
========== Chrome  ==========
 
CHR - default_search_provider: Google ()
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
 
O1 HOSTS File: ([2006.09.18 22:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: ::1            localhost
O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (DVDVideoSoft Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files (x86)\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)
O2 - BHO: (no name) - {ee1babcf-cbe2-4c07-8e18-dfe6fc08c30a}  - No CLSID value found.
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (DVDVideoSoft Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files (x86)\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoft Toolbar) - {E9911EC6-1BCC-40B0-9993-E0EEA7F6953F} - C:\Program Files (x86)\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [egui] C:\Program Files\ESET\egui.exe (ESET)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [AVMWlanClient] C:\Program Files (x86)\avmwlanstick\wlangui.exe (AVM Berlin)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - Startup: C:\Users\Urbi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk =  File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: TaskbarNoNotification = 1
O8:64bit: - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Urbi\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8:64bit: - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Urbi\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm ()
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Free YouTube Download - C:\Users\Urbi\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Urbi\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm ()
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: fritz.box ([]* in Lokales Intranet)
O15 - HKCU\..Trusted Ranges: Range1 ([*] in Lokales Intranet)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} Reg Error: Value error. (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 213.191.74.19 62.109.123.197 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A98E5A04-EDD5-446B-A108-44249A35FAD2}: DhcpNameServer = 213.191.74.19 62.109.123.197 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C734FC4C-9BA2-47E7-BE95-35087AA68768}: DhcpNameServer = 192.168.42.129
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help - No CLSID value found
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Urbi\Pictures\IMG-20120306-WA0001.jpg
O24 - Desktop BackupWallPaper: C:\Users\Urbi\Pictures\IMG-20120306-WA0001.jpg
O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004.04.30 16:01:00 | 000,000,053 | -HS- | M] () - D:\AUTORUN.INF -- [ NTFS ]
O33 - MountPoints2\{030a3962-c947-11de-b221-8bc314ea6853}\Shell - "" = AutoRun
O33 - MountPoints2\{030a3962-c947-11de-b221-8bc314ea6853}\Shell\AutoRun\command - "" = G:\pushinst.exe
O33 - MountPoints2\{1f471d54-eb15-11de-861d-001f3f09796e}\Shell - "" = AutoRun
O33 - MountPoints2\{1f471d54-eb15-11de-861d-001f3f09796e}\Shell\AutoRun\command - "" = F:\setup.exe
O33 - MountPoints2\{1f471d54-eb15-11de-861d-001f3f09796e}\Shell\install\command - "" = F:\setup.exe
O33 - MountPoints2\{532d52fd-0953-11e1-ab4e-001f3f09796e}\Shell - "" = AutoRun
O33 - MountPoints2\{532d52fd-0953-11e1-ab4e-001f3f09796e}\Shell\AutoRun\command - "" = F:\setup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.03.19 15:49:21 | 000,594,432 | ---- | C] (OldTimer Tools) -- C:\Users\Urbi\Desktop\OTL.exe
[2012.03.19 13:22:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.03.19 13:22:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.03.19 13:22:03 | 009,502,424 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\Urbi\Desktop\mbam--setup-1.60.1.1000.exe
[2012.03.19 12:12:23 | 000,000,000 | ---D | C] -- C:\Users\Urbi\AppData\Roaming\08017
[2012.03.18 21:13:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2012.03.18 21:13:34 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2012.03.18 20:46:33 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Urbi\Desktop\dds.com
[2012.03.18 19:42:59 | 000,000,000 | -H-D | C] -- C:\ProgramData\{83C3B2FD-37EA-4C06-A228-E9B5E32FF0B1}
[2012.03.18 19:42:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Uniblue
[2012.03.18 19:42:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Uniblue
[2012.03.18 19:42:48 | 000,000,000 | ---D | C] -- C:\Users\Urbi\AppData\Local\PackageAware
[2012.03.18 15:29:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
[2012.03.18 15:29:01 | 000,000,000 | ---D | C] -- C:\ProgramData\ESET
[2012.03.18 15:29:01 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012.03.18 00:32:35 | 000,000,000 | ---D | C] -- C:\Users\Urbi\AppData\Roaming\UAs
[2012.03.18 00:30:47 | 000,000,000 | ---D | C] -- C:\Users\Urbi\AppData\Roaming\08016
[2012.03.18 00:30:27 | 000,000,000 | ---D | C] -- C:\Users\Urbi\AppData\Roaming\xmldm
[2012.03.18 00:30:26 | 000,000,000 | ---D | C] -- C:\Users\Urbi\AppData\Roaming\kock
[2012.03.14 16:50:05 | 000,000,000 | ---D | C] -- C:\TEMP
[2012.03.14 16:35:24 | 002,002,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll
[2012.03.14 16:35:24 | 001,555,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2012.03.14 16:35:24 | 000,834,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
[2012.03.14 16:35:24 | 000,327,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll
[2012.03.14 16:35:24 | 000,196,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll
[2012.03.14 16:34:54 | 000,708,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpencom.dll
[2012.03.14 16:34:53 | 000,613,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpencom.dll
[2012.03.05 21:24:29 | 000,000,000 | ---D | C] -- C:\mafia 2
[2012.02.27 19:41:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2011.10.23 15:45:08 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Program Files\OTL.exe
[1 C:\Users\Urbi\AppData\Roaming\*.tmp files -> C:\Users\Urbi\AppData\Roaming\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.03.19 15:49:22 | 000,594,432 | ---- | M] (OldTimer Tools) -- C:\Users\Urbi\Desktop\OTL.exe
[2012.03.19 15:45:49 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.03.19 15:45:32 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.03.19 15:45:32 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.03.19 15:45:28 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.03.19 15:12:16 | 000,000,034 | ---- | M] () -- C:\Users\Urbi\AppData\Roaming\blckdom.res
[2012.03.19 14:58:00 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.03.19 13:22:12 | 009,502,424 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\Urbi\Desktop\mbam--setup-1.60.1.1000.exe
[2012.03.19 12:12:27 | 000,005,624 | ---- | M] () -- C:\Users\Urbi\AppData\Roaming\BAcroIEHelpe089.dll
[2012.03.18 21:14:10 | 000,002,964 | ---- | M] () -- C:\Users\Urbi\Desktop\Attach.zip
[2012.03.18 20:46:33 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Urbi\Desktop\dds.com
[2012.03.18 19:52:26 | 000,050,477 | ---- | M] () -- C:\Users\Urbi\Desktop\Defogger.exe
[2012.03.18 19:46:16 | 000,004,098 | ---- | M] () -- C:\Users\Urbi\Documents\cc_20120318_194613.reg
[2012.03.18 19:42:59 | 000,001,635 | ---- | M] () -- C:\Users\Urbi\Desktop\Uniblue RegistryBooster.lnk
[2012.03.18 17:24:31 | 000,000,907 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Update ESET's license.lnk
[2012.03.15 18:36:51 | 000,001,976 | ---- | M] () -- C:\Users\Urbi\Documents\cc_20120315_183649.reg
[2012.03.15 11:34:33 | 000,406,496 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.03.14 16:50:22 | 000,003,140 | -HS- | M] () -- C:\Windows\SysWow64\KGyGaAvL.sys
[2012.03.14 16:50:20 | 000,000,088 | RHS- | M] () -- C:\Windows\SysWow64\013E07AF38.sys
[2012.03.09 14:05:22 | 004,208,096 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.03.09 14:05:22 | 001,720,492 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.03.09 14:05:22 | 001,281,808 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.03.09 14:05:22 | 001,127,038 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.03.09 14:05:22 | 000,007,056 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.03.06 14:22:47 | 000,001,418 | ---- | M] () -- C:\Users\Urbi\Documents\cc_20120306_142245.reg
[2012.02.26 13:51:54 | 000,003,832 | ---- | M] () -- C:\Users\Urbi\Documents\cc_20120226_135152.reg
[2012.02.22 13:14:20 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[1 C:\Users\Urbi\AppData\Roaming\*.tmp files -> C:\Users\Urbi\AppData\Roaming\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.03.19 12:12:27 | 000,005,624 | ---- | C] () -- C:\Users\Urbi\AppData\Roaming\BAcroIEHelpe089.dll
[2012.03.18 21:14:10 | 000,002,964 | ---- | C] () -- C:\Users\Urbi\Desktop\Attach.zip
[2012.03.18 19:52:26 | 000,050,477 | ---- | C] () -- C:\Users\Urbi\Desktop\Defogger.exe
[2012.03.18 19:46:14 | 000,004,098 | ---- | C] () -- C:\Users\Urbi\Documents\cc_20120318_194613.reg
[2012.03.18 19:42:59 | 000,001,635 | ---- | C] () -- C:\Users\Urbi\Desktop\Uniblue RegistryBooster.lnk
[2012.03.18 17:17:33 | 000,000,907 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Update ESET's license.lnk
[2012.03.18 00:30:44 | 000,000,034 | ---- | C] () -- C:\Users\Urbi\AppData\Roaming\blckdom.res
[2012.03.15 18:36:50 | 000,001,976 | ---- | C] () -- C:\Users\Urbi\Documents\cc_20120315_183649.reg
[2012.03.06 14:22:46 | 000,001,418 | ---- | C] () -- C:\Users\Urbi\Documents\cc_20120306_142245.reg
[2012.02.26 13:51:53 | 000,003,832 | ---- | C] () -- C:\Users\Urbi\Documents\cc_20120226_135152.reg
[2011.10.23 15:40:19 | 000,050,477 | ---- | C] () -- C:\Program Files\Defogger.exe
[2011.08.24 15:55:24 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011.06.22 19:10:56 | 000,005,038 | ---- | C] () -- C:\Windows\MC9DEMO.INI
[2011.06.20 19:24:15 | 000,000,056 | ---- | C] () -- C:\Windows\MC10demo.INI
[2011.02.14 21:02:52 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.11.30 15:01:42 | 000,000,088 | RHS- | C] () -- C:\Windows\SysWow64\013E07AF38.sys
[2010.11.30 14:36:14 | 000,003,140 | -HS- | C] () -- C:\Windows\SysWow64\KGyGaAvL.sys
[2010.10.17 17:58:40 | 000,000,096 | -HS- | C] () -- C:\Windows\WSYS049.SYS
[2010.10.17 17:58:21 | 000,204,295 | ---- | C] () -- C:\Windows\Photo Pos Pro Uninstaller.exe
[2010.07.25 12:31:02 | 000,000,680 | ---- | C] () -- C:\Users\Urbi\AppData\Local\d3d9caps.dat
[2010.06.22 11:52:49 | 000,001,914 | ---- | C] () -- C:\Users\Urbi\AppData\Roaming\wklnhst.dat
[2010.06.15 18:16:45 | 000,009,216 | ---- | C] () -- C:\Users\Urbi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.06.12 12:11:25 | 000,001,302 | ---- | C] () -- C:\ProgramData\ss.ini
[2010.04.06 11:10:15 | 000,225,411 | ---- | C] () -- C:\Windows\SysWow64\PosPrKpLib.dll
[2010.04.06 11:10:07 | 000,020,480 | ---- | C] () -- C:\Windows\SysWow64\PosTickerLib.dll
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:8B4F37E5

< End of report >
--- --- ---

urbi28 19.03.2012 16:23
OTL-Extra

OTL EXTRAS Logfile:
Code:
OTL Extras logfile created on: 19.03.2012 15:50:35 - Run 2
OTL by OldTimer - Version 3.2.39.1    Folder = C:\Users\Urbi\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19190)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
6,00 Gb Total Physical Memory | 4,23 Gb Available Physical Memory | 70,58% Memory free
12,10 Gb Paging File | 10,32 Gb Available in Paging File | 85,21% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 450,68 Gb Total Space | 252,77 Gb Free Space | 56,09% Space Free | Partition Type: NTFS
Drive D: | 15,00 Gb Total Space | 5,66 Gb Free Space | 37,73% Space Free | Partition Type: NTFS
 
Computer Name: URBI-PC | User Name: Urbi | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [runas] -- cmd.exe /c takeown /f "%1" /r /d j && icacls "%1" /grant administratoren:F /t &&  icacls "%1" /grant "authentifizierte benutzer":F /t (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [runas] -- cmd.exe /c takeown /f "%1" /r /d j && icacls "%1" /grant administratoren:F /t &&  icacls "%1" /grant "authentifizierte benutzer":F /t (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01  [binary data]
"VistaSp2" = 65 B1 89 89 56 6C CA 01  [binary data]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{10D490EE-B0E6-4E31-BA7D-427DD9DB011E}" = lport=2869 | protocol=6 | dir=in | app=system |
"{398B8C02-F454-4F96-A3EB-C6D62A43A280}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe |
"{E55E8D3B-7574-472E-A2BE-FBE1E50D518E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0DBF1A3D-3886-4DDB-9369-292D54EA65D3}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{10FD4B05-E808-4495-93E2-F8EC5A3B9416}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe |
"{1391A1F6-582C-44E4-AA79-75D979A29DD3}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{155C710A-8F1F-4E71-B8FC-12CE16CEA2CC}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{19D10588-B6EA-4E0E-BD36-A4A2C169DE81}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe |
"{1F54E8EA-81C6-450D-B436-DD42C10377DC}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe |
"{20F310E7-BE07-497A-BD7A-80B98D59340C}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe |
"{250F7D4E-C5B0-4C48-96DB-936D504F996D}" = protocol=6 | dir=in | app=c:\program files (x86)\easy downloads\easydl.exe |
"{2888FB0C-A339-40B1-B511-2711FAE8EF79}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{2C626B09-36D9-4C70-A306-3B73F23F38AE}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\hp1006mc.exe |
"{2F2315EE-A7FF-49EA-A860-D5F090F67E1D}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe |
"{3F47BFED-56B9-4A60-9B49-1AEB3F5A7EBD}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{4F3A86BA-B103-4508-A676-02CAF2539B9D}" = protocol=17 | dir=in | app=c:\program files (x86)\easy downloads\easydl.exe |
"{76189A5C-9F02-4722-9FE2-A441DB71E718}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe |
"{8782F0EC-8F90-40C6-94B8-D796FB225BA1}" = protocol=17 | dir=in | app=c:\program files (x86)\easy downloads\easydownloads.exe |
"{91D86DEB-85F6-4FA0-AE83-9C635E87B324}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{9770529D-480E-408D-AFE2-5F5AB1D50D33}" = protocol=6 | dir=in | app=c:\program files (x86)\easy downloads\easydownloads.exe |
"{97E3610E-E2A9-4C89-AB4E-8973F71E46E8}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\hp1006mc.exe |
"{9F616DA5-F8F7-41C1-8A4B-F41F73E9415E}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe |
"{A1BB417E-6CD4-4446-BD81-20B543E9B819}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe |
"{B0FFF4A7-3EBC-4F1C-A56C-E5F9636FEFFC}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\dseatze_moaf_gagga\counter-strike\hl.exe |
"{B64D4728-AFC1-4B35-90E9-3213DDCAD776}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{C5D93ECF-C364-46FB-B80E-95544BD66A43}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe |
"{CD22AC1C-56F1-4404-AEB0-22DD9B2968F1}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe |
"{D2CF1B24-CFE1-4CC1-BF36-A121D67F7397}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{DFA17C94-6302-42D2-8A34-41824E77D8AC}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe |
"{E78A5198-094D-42A7-B6D2-204DE8F02EE8}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe |
"{EA840450-621D-477E-80B6-B96F31D9A42C}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe |
"{EF99D71F-D3B5-47D0-86E9-161A0CE9C423}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\dseatze_moaf_gagga\counter-strike\hl.exe |
"{FE713204-E473-430F-B76B-6A10728431BB}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"TCP Query User{0AB746F6-9589-4E3D-A339-0DBF0FF71FB6}C:\firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\firefox\plugin-container.exe |
"TCP Query User{0C80F2E6-3CC9-434B-8E91-9419472161D5}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{26B157A6-9E98-42A7-B0D1-248EA68E8780}C:\users\urbi\appdata\local\temp\rarsfx0\bie_kms.exe" = protocol=6 | dir=in | app=c:\users\urbi\appdata\local\temp\rarsfx0\bie_kms.exe |
"TCP Query User{3B9F3B71-5AC6-4F2E-85E5-D49B6C55C49A}C:\program files (x86)\azureus\azureus.exe" = protocol=6 | dir=in | app=c:\program files (x86)\azureus\azureus.exe |
"TCP Query User{4B9FA84B-A932-49D9-963B-D7AA0152B517}C:\program files (x86)\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe |
"TCP Query User{9833256D-89EE-4272-850D-1ADE472002A5}C:\program files (x86)\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sopcast\adv\sopadver.exe |
"TCP Query User{B35F996A-1CCF-4963-80BE-FA98EC5E2B29}C:\users\urbi\appdata\local\temp\rarsfx1\bie_kms.exe" = protocol=6 | dir=in | app=c:\users\urbi\appdata\local\temp\rarsfx1\bie_kms.exe |
"TCP Query User{B66B3988-C1A3-49A1-A0F1-5A43D0C8CED3}C:\program files (x86)\call of duty - black ops\blackops.exe" = protocol=6 | dir=in | app=c:\program files (x86)\call of duty - black ops\blackops.exe |
"UDP Query User{0794A955-ACE5-4CBE-B801-C1E33C8D39BC}C:\program files (x86)\azureus\azureus.exe" = protocol=17 | dir=in | app=c:\program files (x86)\azureus\azureus.exe |
"UDP Query User{6F698CD9-3720-4DA1-B200-957AD689FA8B}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{B03D0B39-F8A8-4802-B23D-BA488F610E70}C:\users\urbi\appdata\local\temp\rarsfx1\bie_kms.exe" = protocol=17 | dir=in | app=c:\users\urbi\appdata\local\temp\rarsfx1\bie_kms.exe |
"UDP Query User{C759552C-3DF1-485A-B525-7FF3E58AD8C2}C:\program files (x86)\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sopcast\adv\sopadver.exe |
"UDP Query User{D6EB7F0E-ECBD-4C88-ABC6-21B44C669C14}C:\program files (x86)\call of duty - black ops\blackops.exe" = protocol=17 | dir=in | app=c:\program files (x86)\call of duty - black ops\blackops.exe |
"UDP Query User{EC883BC2-D666-4FFB-BBF3-4D47D377AF55}C:\users\urbi\appdata\local\temp\rarsfx0\bie_kms.exe" = protocol=17 | dir=in | app=c:\users\urbi\appdata\local\temp\rarsfx0\bie_kms.exe |
"UDP Query User{EE2EF21D-6902-4656-943B-8980A4250C6E}C:\firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\firefox\plugin-container.exe |
"UDP Query User{FFEE815B-718D-4EA7-8DDF-C6A5197693D3}C:\program files (x86)\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{06088E65-A95F-4926-897F-D86FB7A9C6D9}" = Nitro PDF Reader
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{23170F69-40C1-2702-0457-000001000000}" = 7-Zip 4.57 (x64 edition)
"{26A24AE4-039D-4CA4-87B4-2F86416013FF}" = Java(TM) 6 Update 13 (64-bit)
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{61A177CE-86A3-433F-BFE2-41AB9123A268}" = ESET NOD32 Antivirus
"{64A3A4F4-B792-11D6-A78A-00B0D0160100}" = Java(TM) SE Development Kit 6 Update 10 (64-bit)
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{850C7AF6-7376-464D-A69C-E8419EC7ACA7}" = Microsoft IntelliType Pro 7.0
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
"{90140000-0011-0000-1000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{7BC9B5EB-125A-4E9B-97E1-8D85B5E960B8}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0015-0407-1000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-1000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-1000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-1000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-1000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-1000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-1000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-1000-0000000FF1CE}_Office14.PROPLUS_{70A3169E-288F-454F-A08D-20DF66639B50}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-1000-0000000FF1CE}_Office14.PROPLUS_{0242505C-4E90-407F-9299-B5B275F50D86}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-1000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-1000-0000000FF1CE}_Office14.PROPLUS_{B51389C8-2890-4633-81D8-47D2A7402274}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-1000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-1000-0000000FF1CE}_Office14.PROPLUS_{3013A793-10A7-4D1F-B8B4-2FAA82F4D259}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{90140000-002C-0407-1000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-1000-0000000FF1CE}_Office14.PROPLUS_{98782D5D-A9EE-43C6-88AD-B50AD8530E78}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0043-0000-1000-0000000FF1CE}" = Microsoft Office Office 32-bit Components 2010
"{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{E8B6D35B-0B6F-4DCE-9493-859BF3809A7F}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0043-0407-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (German) 2010
"{90140000-0043-0407-1000-0000000FF1CE}_Office14.PROPLUS_{8DFD91C7-66AE-4E54-9901-5D5F401AD329}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0407-1000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0044-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-1000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-1000-0000000FF1CE}_Office14.PROPLUS_{8299B64F-1537-4081-974C-033EAB8F098E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-1000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0407-1000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140000-00BA-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D285FC5F-3021-32E9-9C59-24CA325BDC5C}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729
"{D600D357-5CB9-4DE9-8FD4-14E208BD1970}" = Nero Backup Drivers
"{E4C229B2-51E3-49E7-3A42-A3B695B4E56E}" = ccc-utility64
"{E60B7350-EA5F-41E0-9D6F-E508781E36D2}" = Dell Dock
"{EAFC065C-0576-4DE9-8FDB-4D943367506E}" = Oracle VM VirtualBox 3.2.10
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FA300000-0001-6400-0000-074957833700}" = ABBYY PDF Transformer 3.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"CCleaner" = CCleaner
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"WinRAR archiver" = WinRAR
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{01E9B2FF-DAF4-4529-9CC9-2101625517C7}" = nero.prerequisites.msi
"{034DCAF9-96E7-4936-9A07-712F80B5181E}" = Nero RescueAgent 11
"{03534DA5-2F88-4B8E-A978-849B979E1B8F}" = TuxGuitar
"{04D5E56E-F323-27F2-C075-EF1AE9A3CF2B}" = Catalyst Control Center Graphics Light
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{0713D1F9-DD77-42C1-8C7D-54D479E2E743}" = Nero SoundTrax 11
"{07288267-318E-9B78-B04E-984F9149EE24}" = Catalyst Control Center Graphics Previews Common
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{095B1DCF-5E8B-47EC-9B18-481918A731DB}" = Microsoft Default Manager
"{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE
"{0B23ACC5-88A6-FEE4-0131-8777A1BA0B68}" = Catalyst Control Center Graphics Previews Vista
"{0CD81D7E-94E2-D230-E37E-C9B16E90D01C}" = CCC Help Italian
"{0D7A4289-99CF-4B8D-B812-86BE50A54552}" = Nero Video 11
"{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell DataSafe Local Backup
"{11D3EF85-63E1-4AE4-A7C1-9241BDB16B51}" = Nero ControlCenter 11
"{13766F76-6C8C-4E57-A9F3-3212D1C6E0D1}" = Dell DataSafe Online
"{13F00518-807A-4B3A-83B0-A7CD90F3A398}" = MarketResearch
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{16A7FAD8-EE4F-C413-8359-833A3B2D39FB}" = CCC Help Portuguese
"{18364179-C5E5-F826-E2FC-D99D575AF997}" = Catalyst Control Center Localization All
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 29
"{26A24AE4-039D-4CA4-87B4-2F83216020F0}" = Java(TM) 6 Update 20
"{2767DEDE-EA9D-4FCE-A06A-40F4DD293330}" = hppusgP1000
"{2CA7225D-CB12-462A-9DD1-50319E158BA5}" = Nero 11 PiP Effects Basic
"{30228022-6558-412B-82C4-B1949F90273F}_is1" = Call of Duty - Modern Warfare 2
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{31A559C1-9E4D-423B-9DD3-34A6C5398752}" = HTC BMP USB Driver
"{390757AA-8830-43DC-AEE0-4E5B6F8439EB}" = Nero SoundTrax 11 Help (CHM)
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{44A69352-33DD-405E-ADB8-2D768643BBAE}_is1" = AnyBizSoft PDF to Word (Build 3.0.0)
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{47C72DA6-E7AC-984C-5475-15A65F9B41BE}" = Catalyst Control Center Graphics Full New
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A918155-6399-4673-0D08-85A0DBEC1389}" = CCC Help Chinese Traditional
"{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}" = Junk Mail filter update
"{501451DE-5808-4599-B544-8BD0915B6B24}_is1" = FreeRIP v3.2
"{537791BE-B032-D116-0C59-13541E17BFEA}" = CCC Help English
"{53F7746A-96AA-49A5-86B8-59989680DAC5}" = Nero Burning ROM 11 Help (CHM)
"{55C2143E-FBA5-442F-9AFA-726FF068F39D}" = Nero CoverDesigner 11 Help (CHM)
"{57F80ECF-E27C-4EEE-AB58-E971BACE2639}" = Nero Recode 11 Help (CHM)
"{58ECE031-9AAD-4011-B34A-BC78E77527E2}" = hppMSRedist
"{5A166C0B-9557-4364-A057-F946D674E6AC}" = Windows Live Mail
"{5A212B2D-140D-46F4-B625-2D1CA5A00594}" = Nero 11 Kwik Themes Basic
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{64E72FB1-2343-4977-B4A8-262CD53D0BD3}" = Corel Paint Shop Pro Photo X2
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{66DAE8D7-D5F7-462F-5815-102EE4B191C4}" = CCC Help Korean
"{67DAF4C3-58CA-4EDB-B734-D97684FC379E}" = General Runtime Files for Nemetschek Allplan 2009
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6AB2427E-A18F-4809-9A12-29F5EBABBB3A}" = Nero BackItUp 11 Help (CHM)
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6B3CA80E-6AC0-4725-BABF-9B0FEF880CB3}" = Power Tab Editor 1.7
"{6B96DADA-1A27-4A04-8CB2-CC45168D05FA}" = Windows Live Fotogalerie
"{6D6664A9-3342-4948-9B7E-034EFE366F0F}" = HTC Driver Installer
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7262D0C8-41CC-4F75-8383-A6C7C61D7FC6}" = Nemetschek SoftLock 2006
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{74656168-CF28-40BD-9D87-700B07BAF9B6}" = HTC Sync
"{763B809A-6874-5979-CD69-39491392262C}" = Catalyst Control Center InstallProxy
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7902E313-FF0F-4493-ACB1-A8147B78DCD0}" = HPSSupply
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{7E4413BB-CE31-4E01-A1C0-E37BDD0187CE}" = Nero 11
"{7FE440D8-8F16-24CA-81B6-7DEB4D6BF92D}" = CCC Help Hungarian
"{8014FACB-1D1D-48C2-94AA-E29EE2E6B9CE}" = Nero WaveEditor 11
"{81821BF8-DA20-4F8C-AA87-F70A274828D4}" = Windows Live Writer
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 2.9.0
"{835686C5-8650-49EB-8CA0-4528B4035495}" = Windows Live Call
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{837B6259-6FF5-4E66-87C1-A5A15ED36FF4}" = Windows Live Messenger
"{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60}" = Windows Live Anmelde-Assistent
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{88D3B829-DBA4-D839-33BF-9A5794CC21EB}" = CCC Help Chinese Standard
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8C1E2925-14F8-45AA-B999-1E2A74BF5607}" = Windows Live Sync
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{9044B9A5-B7D7-3EA2-B20B-49A47853D62F}" = CCC Help Spanish
"{9193490D-5229-4FC4-9BB9-A6D63C09574A}" = High-Definition Video Playback
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C450606-ED24-4958-92BA-B8940C99D441}" = PixiePack Codec Pack
"{A69D7B32-2BE9-42BF-B576-69B5E0FF7394}" = Catalyst Control Center - Branding
"{A7A0BF2E-31CC-49E3-9913-52C503EB969D}" = Nero Audio Pack 1
"{A7F37935-A880-8657-79CE-F98BF3A358E1}" = CCC Help Turkish
"{A82D052A-0806-42DF-80CD-1730A1AC0ED3}" = MrvlUsgTracking
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell DataSafe Local Backup - Support Software
"{AA388319-08DE-4943-A739-5BC257F50B61}" = NI LabVIEW Run-Time Engine 8.6
"{AB2BBC64-8AC8-4E66-BBF3-E22D5EACEECA}" = Nero BackItUp 11
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.2) - Deutsch
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B1846721-A8E6-46C7-83B6-0DCF7ADB4267}" = Nero Burning ROM 11
"{B297076F-905F-7E13-57EF-7D254EBB7589}" = CCC Help Japanese
"{B4089055-D468-45A4-A6BA-5A138DD715FC}" = Bing Bar
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{B9B1BA7F-7E07-49DD-A713-5B397A5BB66B}" = Nero Kwik Media Help (CHM)
"{BAED3957-C271-4670-A50D-8D7438701917}" = Nemetschek Allplan 2009
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BE814218-3919-4EA3-868A-2F60BC135CB4}" = Nero Kwik Media
"{BEBEE34D-84A2-4EDD-8BEA-96CC54371263}" = Nero Core Components 11
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCE210DF-7EEF-4A76-A63C-3EB091FDB992}" = welcome
"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
"{D01CE99A-8802-483C-A79F-298B691EB432}" = Nero RescueAgent 11 Help (CHM)
"{D1B8C6AC-C4F8-E8AF-E157-AF3E16B97903}" = CCC Help French
"{D2CBEFA4-F2D3-4E97-A171-8BFD6A31A5EC}" = Nero Express 11 Help (CHM)
"{D4D66270-9147-4BDF-9946-FCA2B303AA8F}" = Nero ControlCenter 11 Help (CHM)
"{D9EB0916-F277-4C54-830A-772833FD20A4}" = Micro-Cap 10 Evaluation
"{DC702FC1-4746-CD99-0578-02839474C2F8}" = Skins
"{DF5F687F-8018-4542-9F98-7084E9022917}" = Windows Live Essentials
"{DF6F459C-8B89-4F88-B63F-A2E136BB6B79}" = SweetIM for Messenger 2.8
"{DFAA3C20-5968-46A3-B7B0-0AF72D758A59}" = HTC Sync
"{DFFC0648-BC4B-47D1-93D2-6CA6B9457641}" = OpenOffice.org 3.2
"{E10AAE4A-98B8-420A-BD93-E0520C23D624}" = Nero Express 11
"{E51BC4B0-EA5E-49CC-AF3B-93B5C627EC22}" = Nero 11 Effects Basic
"{E59145A6-2D21-9E5C-6551-ACA2539CDE50}" = ccc-core-static
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1
"{E89371A0-2FCD-F518-EECB-09AB27724CEE}" = CCC Help German
"{EB8DED20-A887-4A9C-BB5A-F3E7523DFB44}" = Nero WaveEditor 11 Help (CHM)
"{ED06F22F-DADB-E713-2E49-EEB154950285}" = Catalyst Control Center Graphics Full Existing
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F3743A2C-5D5F-4456-8F98-5DF36A954C50}" = Nero 11 Image Samples
"{F49EF443-B2BD-4F10-8A46-87AFCDB90EDD}" = Nero 11 Disc Menus Basic
"{F6706DF9-B0B6-8496-F302-BF511197A32F}" = Catalyst Control Center Core Implementation
"{F69E83CF-B440-43F8-89E6-6EA80712109B}" = Windows Live Communications Platform
"{F69FB940-5031-4FE8-AFAD-085802D0BF63}" = Nero Recode 11
"{FAC3C37E-EDAB-4F3A-A173-A7C70CC88F09}" = Nero Video 11 Help (CHM)
"{FF44BCE5-5A18-4051-85F0-BC172D7B4695}" = Nero CoverDesigner 11
"5513-1208-7298-9440" = JDownloader 0.9
"ABBYY PDF Transformer 3.0" = ABBYY PDF Transformer 3.0
"Acoustica Effects Pack" = Acoustica Effects Pack
"Acoustica Mixcraft 4.5" = Acoustica Mixcraft 4.5
"Acoustica Mixcraft 5" = Acoustica Mixcraft 5
"Adobe AIR" = Adobe AIR
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Advanced PDF-to-Word 1.0 Demo" = Advanced PDF-to-Word 1.0 Demo
"Advanced RAR Repair v1.2" = Advanced RAR Repair v1.2
"AVMWLANCLI" = AVM FRITZ!WLAN
"BlueJ_is1" = BlueJ 2.5.3
"Call of Duty: Black Ops_is1" = Call of Duty: Black Ops
"DAEMON Tools Lite" = DAEMON Tools Lite
"Dev-C++" = Dev-C++ 5 beta 9 release (4.9.9.2)
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup" = DivX-Setup
"DVD Flick_is1" = DVD Flick 1.3.0.7
"DVDVideoSoft Toolbar" = DVDVideoSoft Toolbar
"EAGLE 5.10.0" = EAGLE 5.10.0
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4
"Free PDF to Word Doc Converter_is1" = Free PDF to Word Doc Converter v1.1
"Free YouTube Download_is1" = Free YouTube Download version 2.10.31
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.8
"Google Chrome" = Google Chrome
"Guitar Pro 5_is1" = Guitar Pro 5.0
"HP LaserJet P1000 series" = HP LaserJet P1000 series
"IrfanView" = IrfanView (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.60.1.1000
"Micro-Cap Evaluation 9.0" = Micro-Cap Evaluation 9.0
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"MiKTeX 2.9" = MiKTeX 2.9
"Mozilla Firefox 8.0 (x86 de)" = Mozilla Firefox 8.0 (x86 de)
"PDF Blender" = PDF Blender
"Photo Pos Pro" = Photo Pos Pro
"Security Task Manager" = Security Task Manager 1.8d
"Stronghold 3 (c) THQ_is1" = Stronghold 3 (c) THQ version 1
"TexMakerX_is1" = TexMakerX 2.1
"TmNationsForever_is1" = TmNationsForever
"TuxGuitar 1.1" = TuxGuitar
"TuxGuitar_0" = TuxGuitar 1.2
"Uniblue RegistryBooster" = Uniblue RegistryBooster
"Uninstall_is1" = Uninstall 1.0.0.1
"vShare.tv plugin" = vShare.tv plugin 1.3
"WinLiveSuite_Wave3" = Windows Live Essentials
"Zip Repair Pro_is1" = Zip Repair Pro
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Mozilla Firefox 10.0.2 (x86 de)" = Mozilla Firefox 10.0.2 (x86 de)
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 20.01.2012 11:45:22 | Computer Name = Urbi-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 20.01.2012 11:49:00 | Computer Name = Urbi-PC | Source = LoadPerf | ID = 3012
Description =
 
Error - 20.01.2012 11:49:00 | Computer Name = Urbi-PC | Source = LoadPerf | ID = 3012
Description =
 
Error - 20.01.2012 11:49:00 | Computer Name = Urbi-PC | Source = LoadPerf | ID = 3011
Description =
 
Error - 20.01.2012 15:03:13 | Computer Name = Urbi-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung Stronghold3.exe, Version 0.0.0.0, Zeitstempel
 0x4ed9324c, fehlerhaftes Modul StrongholdBase.dll, Version 0.0.0.0, Zeitstempel
 0x4ed93246, Ausnahmecode 0xc0000005, Fehleroffset 0x0007f7ab,  Prozess-ID 0x1098,
 Anwendungsstartzeit 01ccd79e3b65b9d0.
 
Error - 20.01.2012 18:16:29 | Computer Name = Urbi-PC | Source = EventSystem | ID = 4621
Description =
 
Error - 21.01.2012 06:15:15 | Computer Name = Urbi-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 21.01.2012 06:19:47 | Computer Name = Urbi-PC | Source = LoadPerf | ID = 3012
Description =
 
Error - 21.01.2012 06:19:47 | Computer Name = Urbi-PC | Source = LoadPerf | ID = 3012
Description =
 
Error - 21.01.2012 06:19:47 | Computer Name = Urbi-PC | Source = LoadPerf | ID = 3011
Description =
 
[ System Events ]
Error - 12.03.2012 07:10:07 | Computer Name = Urbi-PC | Source = Dhcp | ID = 1000
Description = Die Lease dieses Computers zu der IP-Adresse 192.168.0.2 über die
Netzwerkkarte mit der Netzwerkadresse 001F3F09796E ist verloren gegangen.
 
Error - 15.03.2012 11:29:26 | Computer Name = Urbi-PC | Source = Dhcp | ID = 1001
Description = Diesem Computer konnte keine Netzwerkadresse durch den DHCP-Server
 für die Netzwerkkarte mit der Netzwerkadresse 001F3F09796E zugeteilt werden. Der
 folgende Fehler ist aufgetreten:  %%1223. Es wird weiterhin im Hintergrund versucht,
 eine Adresse vom Netzwerkadressserver (DHCP) zugeteilt zu bekommen.
 
Error - 16.03.2012 07:39:57 | Computer Name = Urbi-PC | Source = Service Control Manager | ID = 7009
Description =
 
Error - 16.03.2012 07:39:57 | Computer Name = Urbi-PC | Source = Service Control Manager | ID = 7000
Description =
 
Error - 16.03.2012 07:40:27 | Computer Name = Urbi-PC | Source = Service Control Manager | ID = 7009
Description =
 
Error - 16.03.2012 07:40:27 | Computer Name = Urbi-PC | Source = Service Control Manager | ID = 7000
Description =
 
Error - 18.03.2012 09:40:09 | Computer Name = Urbi-PC | Source = VDS Dynamic Provider | ID = 16908298
Description =
 
Error - 18.03.2012 15:31:25 | Computer Name = Urbi-PC | Source = VDS Dynamic Provider | ID = 16908298
Description =
 
Error - 18.03.2012 18:25:38 | Computer Name = Urbi-PC | Source = Dhcp | ID = 1001
Description = Diesem Computer konnte keine Netzwerkadresse durch den DHCP-Server
 für die Netzwerkkarte mit der Netzwerkadresse 001F3F09796E zugeteilt werden. Der
 folgende Fehler ist aufgetreten:  %%1223. Es wird weiterhin im Hintergrund versucht,
 eine Adresse vom Netzwerkadressserver (DHCP) zugeteilt zu bekommen.
 
Error - 19.03.2012 10:45:47 | Computer Name = Urbi-PC | Source = VDS Dynamic Provider | ID = 16908298
Description =
 
 
< End of report >
--- --- ---


Installierte Programme

Code:
7-Zip 4.57 (x64 edition)        Igor Pavlov        17.03.2012        3,71MB        4.57.00.0
ABBYY PDF Transformer 3.0        ABBYY        19.01.2010        457MB        3.00.117.6804
Acoustica Effects Pack        Acoustica, Inc        12.04.2010        5,84MB        1.0
Acoustica Mixcraft 4.5        Acoustica        12.04.2010        89,1MB       
Acoustica Mixcraft 5        Acoustica        10.04.2010        176,8MB       
Adobe AIR        Adobe Systems Inc.        28.11.2010        29,4MB        2.5.0.16600
Adobe Flash Player 11 ActiveX 64-bit        Adobe Systems Incorporated        14.01.2012                11.1.102.55
Adobe Flash Player 11 Plugin 64-bit        Adobe Systems Incorporated        21.02.2012                11.1.102.62
Adobe Reader X (10.1.2) - Deutsch        Adobe Systems Incorporated        11.01.2012        165,9MB        10.1.2
Adobe Shockwave Player 11.5        Adobe Systems, Inc.        16.02.2011                11.5.9.620
Advanced PDF-to-Word 1.0 Demo                01.08.2010        0,70MB       
Advanced RAR Repair v1.2                02.01.2012        0,77MB       
AnyBizSoft PDF to Word (Build 3.0.0)        AnyBizSoft Software        01.08.2010        17,9MB       
ATI Catalyst Control Center                15.09.2009        16,00KB        2.009.0213.2137
AVM FRITZ!WLAN        AVM Berlin        07.11.2009               
Bing Bar        Microsoft Corporation        09.12.2011        26,9MB        7.0.850.0
BlueJ 2.5.3        Deakin University        28.04.2010        9,32MB       
Call of Duty - Modern Warfare 2                16.12.2009        13.210MB       
Call of Duty: Black Ops                15.08.2011        8.905MB       
CCleaner        Piriform        29.11.2010        2,73MB        3.01
Corel Paint Shop Pro Photo X2        Corel Corporation        29.11.2010        348MB        12.001.0000
DAEMON Tools Lite        DT Soft Ltd        06.11.2011        24,6MB        4.41.3.0173
Dell DataSafe Local Backup        Dell        15.09.2009        365MB        9.3.24
Dell DataSafe Local Backup - Support Software        Dell        15.09.2009        1,41MB        2.25
Dell DataSafe Online        Dell, Inc.        15.09.2009                1.1.0029
Dell Dock        Dell        15.09.2009                2.0.0
Dell Getting Started Guide        Dell Inc.        15.09.2009                1.00.0000
Dev-C++ 5 beta 9 release (4.9.9.2)                08.05.2011               
DivX Converter        DivX, Inc.        14.11.2011        45,3MB        7.1.0
DivX Plus DirectShow Filters        DivX, Inc.        14.11.2011        1,58MB       
DivX-Setup        DivX, LLC        29.12.2011        3,56MB        2.6.1.3
DVD Flick 1.3.0.7        Dennis Meuwissen        16.12.2011        43,2MB        1.3.0.7
DVDVideoSoft Toolbar                16.01.2010        7,75MB       
EAGLE 5.10.0        CadSoft Computer GmbH        02.11.2010                5.10.0
ESET NOD32 Antivirus        ESET, spol. s r.o.        17.03.2012        68,2MB        5.0.95.0
Free Audio CD Burner version 1.4        DVDVideoSoft Limited.        07.11.2010        2,60MB       
Free PDF to Word Doc Converter v1.1        www.hellopdf.com        01.08.2010        2,74MB        1.1
Free YouTube Download version 2.10.31        DVDVideoSoft Limited.        01.03.2011        3,32MB       
Free YouTube to MP3 Converter version 3.8        DVDVideoSoft Limited.        07.11.2010        2,66MB       
FreeRIP v3.2        MGShareware        11.06.2010        5,66MB        3.2
Google Chrome        Google Inc.        26.02.2012        158,0MB        17.0.963.79
Google Earth        Google        20.11.2011        92,8MB        6.1.0.5001
Guitar Pro 5.0        Arobas Music        26.10.2009        363MB       
HiJackThis        Trend Micro        13.11.2010        0,36MB        1.0.0
HP LaserJet P1000 series                10.01.2010        4,56MB       
HPSSupply        Ihr Firmenname        10.01.2010        0,96MB        2.1.1.0000
HTC BMP USB Driver        HTC        28.11.2010        0,28MB        1.0.5375
HTC Driver Installer        HTC Corporation        28.11.2010        2,03MB        3.0.0.005
HTC Sync        HTC Corporation        28.11.2010        32,0MB        2.0.40
ICQ7.2        ICQ        03.07.2010        47,4MB        7.2
IrfanView (remove only)        Irfan Skiljan        18.07.2010        1,93MB        4.27
Java(TM) 6 Update 13 (64-bit)        Sun Microsystems, Inc.        15.09.2009        89,7MB        6.0.130
Java(TM) 6 Update 20        Sun Microsystems, Inc.        30.11.2010        97,2MB        6.0.200
Java(TM) 6 Update 29        Sun Microsystems, Inc.        15.09.2009        97,0MB        6.0.290
Java(TM) SE Development Kit 6 Update 10 (64-bit)        Sun Microsystems, Inc.        28.04.2010        130,6MB        1.6.0.100
JDownloader 0.9        AppWork GmbH        31.10.2011        61,1MB        0.9
Malwarebytes Anti-Malware Version 1.60.1.1000        Malwarebytes Corporation        18.03.2012        4,09MB        1.60.1.1000
Micro-Cap 10 Evaluation        Spectrum Software        19.06.2011        40,8MB        10
Micro-Cap Evaluation 9.0                21.06.2011               
Microsoft .NET Framework 1.1                12.01.2010               
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU        Microsoft Corporation        27.10.2009        42,2MB       
Microsoft .NET Framework 3.5 SP1        Microsoft Corporation        29.04.2009        42,2MB       
Microsoft .NET Framework 4 Client Profile        Microsoft Corporation        23.11.2010        189,3MB        4.0.30319
Microsoft .NET Framework 4 Client Profile DEU Language Pack        Microsoft Corporation        23.11.2010        46,5MB        4.0.30319
Microsoft .NET Framework 4 Extended        Microsoft Corporation        05.01.2012        46,4MB        4.0.30319
Microsoft .NET Framework 4 Extended DEU Language Pack        Microsoft Corporation        05.01.2012        12,0MB        4.0.30319
Microsoft Default Manager        Microsoft Corporation        15.09.2009                2.0.69.0
Microsoft IntelliType Pro 7.0        Microsoft        26.11.2009        31,6MB        7.0.260.0
Microsoft Office Professional Plus 2010        Microsoft Corporation        14.11.2011        1.072MB        14.0.6029.1000
Microsoft SQL Server 2005 Compact Edition [ENU]        Microsoft Corporation        15.09.2009        1,74MB        3.1.0000
Microsoft Sync Framework Runtime Native v1.0 (x86)        Microsoft Corporation        15.09.2009        0,61MB        1.0.1215.0
Microsoft Sync Framework Services Native v1.0 (x86)        Microsoft Corporation        15.09.2009        1,45MB        1.0.1215.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053        Microsoft Corporation        14.12.2009        0,24MB        8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable        Microsoft Corporation        15.06.2011        0,29MB        8.0.59193
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148        Microsoft Corporation        14.12.2009        0,21MB        9.0.30729.4148
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148        Microsoft Corporation        14.12.2009        0,19MB        9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570        Microsoft Corporation        13.04.2011        0,77MB        9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570        Microsoft Corporation        13.04.2011        0,58MB        9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022        Microsoft Corporation        30.11.2010        1,70MB        9.0.21022
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729        Microsoft Corporation        22.11.2009        0,77MB        9.0.30729
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161        Microsoft Corporation        15.06.2011        0,76MB        9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729        Microsoft Corporation        22.11.2009        0,59MB        9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17        Microsoft Corporation        09.12.2009        0,57MB        9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148        Microsoft Corporation        07.11.2010        0,58MB        9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161        Microsoft Corporation        15.06.2011        0,58MB        9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219        Microsoft Corporation        18.12.2011        13,8MB        10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219        Microsoft Corporation        18.12.2011        15,0MB        10.0.40219
MiKTeX 2.9        MiKTeX.org        25.11.2011        2.251MB        2.9
Mozilla Firefox 10.0.2 (x86 de)        Mozilla        16.02.2012        38,5MB        10.0.2
Mozilla Firefox 8.0 (x86 de)        Mozilla        08.11.2011        37,9MB        8.0
MrvlUsgTracking        Marvell        10.01.2010        0,14MB        1.0.7
MSXML 4.0 SP3 Parser        Microsoft Corporation        28.11.2010        1,48MB        4.30.2100.0
MSXML 4.0 SP3 Parser (KB973685)        Microsoft Corporation        29.11.2010        1,54MB        4.30.2107.0
Nemetschek Allplan 2009                30.11.2009        439MB        2009.0
Nemetschek SoftLock 2006                30.11.2009        18,7MB        1.00.0000
Nero 11        Nero AG        18.12.2011        1.763MB        11.0.11200
Nero Backup Drivers        Nero AG        18.12.2011        95,00KB        1.0.11100.8.0
NI LabVIEW Run-Time Engine 8.6        National Instruments        08.07.2010        90,5MB        8.6.342.0
Nitro PDF Reader        Nitro PDF Software        24.01.2011        88,0MB        1.3.2.1
OpenOffice.org 3.2        OpenOffice.org        30.11.2010        379MB        3.2.9502
Oracle VM VirtualBox 3.2.10        Oracle Corporation        02.11.2010                3.2.10
PDF Blender                24.01.2011        1,28MB       
PDF24 Creator 2.9.0        PDF24.org        24.01.2011        26,2MB       
Photo Pos Pro        PowerOfSoftware Ltd.        16.10.2010        60,2MB        1.82
PixiePack Codec Pack        None        15.12.2009        16,4MB        1.1.400.0
Power Tab Editor 1.7        Power Tab Software        12.12.2009        3,59MB        1.7.0
Roxio Creator DE        Roxio        15.09.2009        18,1MB        10.1
Security Task Manager 1.8d        Neuber Software        16.08.2011        2,75MB        1.8d
Skype Toolbars        Skype Technologies S.A.        13.02.2011        7,10MB        5.0.4137
Skype™ 5.1        Skype Technologies S.A.        13.02.2011        22,7MB        5.1.112
Stronghold 3 (c) THQ version 1                05.01.2012        3.733MB        1
SweetIM for Messenger 2.8        SweetIM Technologies Ltd.        22.11.2009        3,80MB        2.8.0012
TexMakerX 2.1        Benito van der Zander        25.11.2011        61,5MB        2.1
TmNationsForever        Nadeo        15.12.2009        717MB       
TuxGuitar        Herac        10.02.2010        10,6MB        1.2
TuxGuitar        Name of your company        26.10.2009        13,5MB        1.1
TuxGuitar 1.2                09.01.2010               
Uniblue RegistryBooster        Uniblue Systems Ltd        17.03.2012        18,0MB        6.0.10.8
Uninstall 1.0.0.1                01.03.2011        17,7MB       
vShare.tv plugin 1.3        vShare.tv, Inc.        22.10.2011        0,58MB        1.3
Windows Live Anmelde-Assistent        Microsoft Corporation        14.12.2009        1,93MB        5.000.818.6
Windows Live Essentials        Microsoft Corporation        15.09.2009        139,4MB        14.0.8050.1202
Windows Live Sync        Microsoft Corporation        15.09.2009        2,80MB        14.0.8050.1202
Windows Live-Uploadtool        Microsoft Corporation        15.09.2009        0,22MB        14.0.8014.1029
Windows Media Player Firefox Plugin        Microsoft Corp        25.01.2010        0,29MB        1.0.0.8
WinRAR                16.12.2009        4,36MB       
Zip Repair Pro        GetData Pty Ltd        01.11.2009        3,93MB        4.2.0.1113

kira 20.03.2012 07:33
1.
Zitat:
Achtung wichtig!:
Falls Du selber im Logfile Änderungen vorgenommen hast, musst Du durch die Originalbezeichnung ersetzen und so in Script einfügen! sonst funktioniert nicht!
(Benutzerordner, dein Name oder sonstige Änderungen durch X, Stern oder andere Namen ersetzt)
Fixen mit OTL
  • Starte die OTL.exe.
  • Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
  • Kopiere folgendes Skript:
Code:
:OTL
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\URLSearchHook: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files (x86)\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/USCON/8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT2269050
IE - HKCU\..\URLSearchHook: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files (x86)\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)
IE - HKCU\..\SearchScopes,DefaultScope = {6799BAC7-C7B2-4385-8870-1743E01ABAAC}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&Form=DLCDF7&pc=MDDC&src=IE-SearchBox
IE - HKCU\..\SearchScopes\{1D2AD974-616E-4ba1-A714-FE5EC5194E7F}: "URL" = http://www.google.com/search?hl=en&q={searchTerms}&meta=
IE - HKCU\..\SearchScopes\{2D8B5C3D-E75A-46d2-AE42-6D9FD4ADB708}: "URL" = http://search.msdn.microsoft.com/search/Default.aspx?query={searchTerms}&brand=msdn&locale=&refinement=00&lang=en-us
IE - HKCU\..\SearchScopes\{6799BAC7-C7B2-4385-8870-1743E01ABAAC}: "URL" = http://www.google.de/search?q={searchTerms}
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
FF - prefs.js..browser.search.defaultthis.engineName: "Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}"
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
[2010.01.18 15:18:30 | 000,000,881 | ---- | M] () -- C:\Users\Urbi\AppData\Roaming\Mozilla\Firefox\Profiles\qwhto5xt.default\searchplugins\conduit.xml
O2 - BHO: (no name) - {ee1babcf-cbe2-4c07-8e18-dfe6fc08c30a}  - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4 - HKLM..\Run: []  File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004.04.30 16:01:00 | 000,000,053 | -HS- | M] () - D:\AUTORUN.INF -- [ NTFS ]
O33 - MountPoints2\{030a3962-c947-11de-b221-8bc314ea6853}\Shell - "" = AutoRun
O33 - MountPoints2\{030a3962-c947-11de-b221-8bc314ea6853}\Shell\AutoRun\command - "" = G:\pushinst.exe
O33 - MountPoints2\{1f471d54-eb15-11de-861d-001f3f09796e}\Shell - "" = AutoRun
O33 - MountPoints2\{1f471d54-eb15-11de-861d-001f3f09796e}\Shell\AutoRun\command - "" = F:\setup.exe
O33 - MountPoints2\{1f471d54-eb15-11de-861d-001f3f09796e}\Shell\install\command - "" = F:\setup.exe
O33 - MountPoints2\{532d52fd-0953-11e1-ab4e-001f3f09796e}\Shell - "" = AutoRun
O33 - MountPoints2\{532d52fd-0953-11e1-ab4e-001f3f09796e}\Shell\AutoRun\command - "" = F:\setup.exe
[2012.03.18 00:32:35 | 000,000,000 | ---D | C] -- C:\Users\Urbi\AppData\Roaming\UAs
[2012.03.18 00:30:47 | 000,000,000 | ---D | C] -- C:\Users\Urbi\AppData\Roaming\08016
[2012.03.18 00:30:27 | 000,000,000 | ---D | C] -- C:\Users\Urbi\AppData\Roaming\xmldm
[2012.03.18 00:30:26 | 000,000,000 | ---D | C] -- C:\Users\Urbi\AppData\Roaming\kock
[2012.03.19 15:45:49 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.03.19 14:58:00 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:8B4F37E5

:Files
C:\Users\Urbi\AppData\Roaming\UAs
C:\Users\Urbi\AppData\Roaming\08016
C:\Users\Urbi\AppData\Roaming\xmldm
C:\Users\Urbi\AppData\Roaming\kock
C:\Users\Urbi\AppData\Roaming\BAcroIEHelpe089.dll
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]

2.
Deinstalliere, unter Systemsteuerung-> Software/Programme:
Code:
Bing Bar <- unnötig, <- oft aus Unwissenheit oder Ignoranz wird mitinstalliert
DVDVideoSoftTB Toolbar <- unnötig, meistens aus Unwissenheit oder Ignoranz wird mitinstalliert
SweetIM <- Magnet für Malware

vShare.tv plugin:
Hinweis: Das Add-on versucht nach der Installation die Standard-Suchengine und die Startseite Ihres Browser zu verändern. Dies sollten Sie verhindern, indem Sie die gesetzten Häkchen wieder entfernen.
Leider oft tragen sich "ungebetene Gäste direkt in die Suchleiste, Startseite und unter Erweiterungen ein" und sie können schon wirklich lästig sein... meistens aus Unwissenheit oder Ignoranz wird mitinstalliert, manche davon gehört sogar zur gefährlichsten Art der Adware , oder auch zum eine "Foistware-Gruppe".

Immer die benutzerdefinierte Installation wählen, nicht die Standardinstallation, weil dann oft Sachen mitinstalliert werden, die man nicht braucht oder nicht möchte.
Bei Installation bitte die Lizenzbestimmungen immer lesen, und nicht sofort überall den Haken setzen bzw gesetzten Haken belassen, weil damit stimmt man nämlich zu, dass andere "Fremdprogramm", oder sogar Adware (Werbe-Pop-ups) durch Partnerprogrammen, Sponsoren etc - mitinstalliert wird, weil sich Freeware damit finanziert.

Zitat:
Daher ist es ratsam, nach jeder Installation in alle installierten Browser zu kontrollieren, ob:
die aktuelle Webseite als Startseite unter die Lupe nehmen
unter Extras ⇒ Erweiterungen nach ungewollte AddOns/PlugIns, Toolbars schauen
In der Liste Zurzeit installierte Programme (unter Systemsteuerung) nachsehen, ob sich so etwas "ungewoltes" (Programm, Toolbar etc) eingenistet hat!
3.
Deine Javaversion ist nicht aktuell!
Da aufgrund alter Sicherheitslücken ist Java sehr anfällig, deinstalliere zunächst alle vorhandenen Java-Versionen:
→ Systemsteuerung → Software → deinstallieren...
→ Rechner neu aufstarten
→ Downloade nun die Offline-Version von Java "Empfohlen Version 6 Update 31 " von Oracle herunter
Achte darauf, eventuell angebotene Toolbars abwählen (den Haken bei der Toolbar entfernen)!

4.
reinige dein System mit CCleaner:
  • "CCleaner"→ "Analysieren"→ Klick auf den Button "Start CCleaner"
  • "Registry""Fehler suchen"→ "Fehler beheben"→ "Alle beheben"
  • Starte dein System neu auf

5.
  • lade Dir SUPERAntiSpyware FREE Edition herunter.
    Achte darauf, eventuell angebotene Toolbar nicht mitzuinstallieren, also während der Installation den Haken bei der Toolbar (falls nötig), entfernen.
  • installiere das Programm und update online.
  • starte SUPERAntiSpyware und klicke auf "Ihren Computer durchsuchen"
  • setze ein Häkchen bei "Kompletter Scan" und klicke auf "Weiter"
  • anschließend alle gefundenen Schadprogramme werden aufgelistet, bei alle Funde Häkchen setzen und mit "OK" bestätigen
  • auf "Weiter" klicken dann "OK" und auf "Fertig stellen"
  • um die Ergebnisse anzuzeigen: auf "Präferenzen" dann auf den "Statistiken und Protokolle" klicken
  • drücke auf "Protokoll anzeigen" - anschließend diesen Bericht bitte speichern und hier posten

6.
erneut einen Scan mit OTL:
  • Doppelklick auf die OTL.exe
  • Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
  • Oben findest Du ein Kästchen mit Ausgabe.
    Wähle bitte Standard-Ausgabe
  • Unter Extra-Registrierung wähle bitte Benutze SafeList.
  • Mache Häckchen bei LOP- und Purity-Prüfung.
  • Klicke nun auf Scan links oben.
  • Wenn der Scan beendet wurde werden zwei Logfiles erstellt.
    Du findest die Logfiles auf Deinem Desktop => OTL.txt und Extras.txt
  • Poste die Logfiles in Code-Tags hier in den Thread.

Zitat:
► Berichte mir kurz über alle Umsetzungsschritte, die Du erledigt hast!

urbi28 20.03.2012 14:56
Hi,
läuft schon deutlich besser der PC nachdem ich deine Schritte alle befolgt habe, dafür schon einmal recht herzlichen Dank :)
Die Programme die du mir empfohlen hast und ich heruntergeladen habe, sind das auch passive programme, also die stets meinen Computer durchsuchen und wenn ja ist das problematisch wenn ich diese parallel zu ESET laufen habe? Hab ma gehört, dass man immer nur ein Antivirusprogramm haben soll.
Okay zur Auswertung:
Lief alles problemlos so wie du es beschrieben hast. SuperAntiSpyware hat 8 Adwares gefunden. Von ESET habe ich heute keine Meldung bekommen nach dem Hochfahren, dass es was gefunden hat.
Achso, empfielst du mir auch das Vshare tv plugin zu deinstallieren? Aber ich glaube das brauch ich.

Fixen mit OTL

Code:
All processes killed
========== OTL ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}\ deleted successfully.
C:\Program Files (x86)\DVDVideoSoft\tbDVDV.dll moved successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}\ not found.
File C:\Program Files (x86)\DVDVideoSoft\tbDVDV.dll not found.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{1D2AD974-616E-4ba1-A714-FE5EC5194E7F}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1D2AD974-616E-4ba1-A714-FE5EC5194E7F}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2D8B5C3D-E75A-46d2-AE42-6D9FD4ADB708}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2D8B5C3D-E75A-46d2-AE42-6D9FD4ADB708}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6799BAC7-C7B2-4385-8870-1743E01ABAAC}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6799BAC7-C7B2-4385-8870-1743E01ABAAC}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
Prefs.js: "Search" removed from browser.search.defaultthis.engineName
Prefs.js: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}" removed from browser.search.defaulturl
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@tools.google.com/Google Update;version=3\ deleted successfully.
C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@tools.google.com/Google Update;version=9\ deleted successfully.
File C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll not found.
C:\Users\Urbi\AppData\Roaming\Mozilla\Firefox\Profiles\qwhto5xt.default\searchplugins\conduit.xml moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ee1babcf-cbe2-4c07-8e18-dfe6fc08c30a}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ee1babcf-cbe2-4c07-8e18-dfe6fc08c30a}\ deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
D:\AUTORUN.INF moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{030a3962-c947-11de-b221-8bc314ea6853}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{030a3962-c947-11de-b221-8bc314ea6853}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{030a3962-c947-11de-b221-8bc314ea6853}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{030a3962-c947-11de-b221-8bc314ea6853}\ not found.
File G:\pushinst.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1f471d54-eb15-11de-861d-001f3f09796e}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1f471d54-eb15-11de-861d-001f3f09796e}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1f471d54-eb15-11de-861d-001f3f09796e}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1f471d54-eb15-11de-861d-001f3f09796e}\ not found.
File F:\setup.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1f471d54-eb15-11de-861d-001f3f09796e}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1f471d54-eb15-11de-861d-001f3f09796e}\ not found.
File F:\setup.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{532d52fd-0953-11e1-ab4e-001f3f09796e}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{532d52fd-0953-11e1-ab4e-001f3f09796e}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{532d52fd-0953-11e1-ab4e-001f3f09796e}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{532d52fd-0953-11e1-ab4e-001f3f09796e}\ not found.
File F:\setup.exe not found.
C:\Users\Urbi\AppData\Roaming\UAs folder moved successfully.
C:\Users\Urbi\AppData\Roaming\08016\components folder moved successfully.
C:\Users\Urbi\AppData\Roaming\08016 folder moved successfully.
C:\Users\Urbi\AppData\Roaming\xmldm folder moved successfully.
C:\Users\Urbi\AppData\Roaming\kock folder moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job moved successfully.
ADS C:\ProgramData\TEMP:8B4F37E5 deleted successfully.
========== FILES ==========
File\Folder C:\Users\Urbi\AppData\Roaming\UAs not found.
File\Folder C:\Users\Urbi\AppData\Roaming\08016 not found.
File\Folder C:\Users\Urbi\AppData\Roaming\xmldm not found.
File\Folder C:\Users\Urbi\AppData\Roaming\kock not found.
C:\Users\Urbi\AppData\Roaming\BAcroIEHelpe089.dll moved successfully.
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\Urbi\Desktop\cmd.bat deleted successfully.
C:\Users\Urbi\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: Administrator
->Temp folder emptied: 590747 bytes
->Temporary Internet Files folder emptied: 11917947 bytes
->Flash cache emptied: 57234 bytes
 
User: All Users
 
User: AppData
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56502 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Public
 
User: Urbi
->Temp folder emptied: 75118541 bytes
->Temporary Internet Files folder emptied: 111063859 bytes
->Java cache emptied: 18949018 bytes
->FireFox cache emptied: 291686571 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 65664 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 10232567 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 52922 bytes
RecycleBin emptied: 1551360 bytes
 
Total Files Cleaned = 497,00 mb
 
 
OTL by OldTimer - Version 3.2.39.1 log created on 03202012_111444

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
SUPERAntiSpyware

Code:
SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 03/20/2012 at 01:57 PM

Application Version : 5.0.1146

Core Rules Database Version : 8353
Trace Rules Database Version: 6165

Scan type      : Complete Scan
Total Scan Time : 01:21:33

Operating System Information
Windows Vista Home Premium 64-bit, Service Pack 2 (Build 6.00.6002)
UAC On - Limited User

Memory items scanned      : 625
Memory threats detected  : 0
Registry items scanned    : 91674
Registry threats detected : 0
File items scanned        : 94902
File threats detected    : 8

Adware.Tracking Cookie
        C:\USERS\ADMINISTRATOR\AppData\Roaming\Microsoft\Windows\Cookies\KE9SU2VX.txt [ Cookie:administrator@atdmt.com/ ]
        C:\USERS\ADMINISTRATOR\AppData\Roaming\Microsoft\Windows\Cookies\32BDIZ5A.txt [ Cookie:administrator@2o7.net/ ]
        C:\USERS\ADMINISTRATOR\AppData\Roaming\Microsoft\Windows\Cookies\55AWYTHJ.txt [ Cookie:administrator@kontera.com/ ]
        C:\USERS\ADMINISTRATOR\AppData\Roaming\Microsoft\Windows\Cookies\XFODXI4Q.txt [ Cookie:administrator@doubleclick.net/ ]
        C:\USERS\ADMINISTRATOR\Cookies\KE9SU2VX.txt [ Cookie:administrator@atdmt.com/ ]
        C:\USERS\ADMINISTRATOR\Cookies\32BDIZ5A.txt [ Cookie:administrator@2o7.net/ ]
        C:\USERS\ADMINISTRATOR\Cookies\55AWYTHJ.txt [ Cookie:administrator@kontera.com/ ]
        C:\USERS\ADMINISTRATOR\Cookies\XFODXI4Q.txt [ Cookie:administrator@doubleclick.net/ ]
OTL

OTL Logfile:
OTL EXTRAS Logfile:
Code:
OTL logfile created on: 20.03.2012 14:17:14 - Run 3
OTL by OldTimer - Version 3.2.39.1    Folder = C:\Users\Urbi\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19190)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
6,00 Gb Total Physical Memory | 4,23 Gb Available Physical Memory | 70,52% Memory free
12,10 Gb Paging File | 10,15 Gb Available in Paging File | 83,89% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 450,68 Gb Total Space | 253,60 Gb Free Space | 56,27% Space Free | Partition Type: NTFS
Drive D: | 15,00 Gb Total Space | 5,66 Gb Free Space | 37,73% Space Free | Partition Type: NTFS
 
Computer Name: URBI-PC | User Name: Urbi | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.03.19 15:49:22 | 000,594,432 | ---- | M] (OldTimer Tools) -- C:\Users\Urbi\Desktop\OTL.exe
PRC - [2012.02.17 20:50:03 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Firefox\firefox.exe
PRC - [2012.02.17 20:50:02 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Firefox\plugin-container.exe
PRC - [2012.01.13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.01.13 14:53:18 | 000,460,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.01.03 14:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011.11.25 16:32:36 | 000,687,400 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\Update\NASvc.exe
PRC - [2011.09.22 12:03:30 | 000,974,944 | ---- | M] (ESET) -- C:\Programme\ESET\x86\ekrn.exe
PRC - [2011.07.29 00:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2010.09.16 14:06:22 | 000,080,896 | ---- | M] () -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
PRC - [2009.07.16 09:59:00 | 000,648,432 | ---- | M] (SoftThinks) -- C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
PRC - [2009.04.27 10:17:13 | 000,759,048 | ---- | M] (ABBYY) -- C:\Program Files (x86)\ABBYY PDF Transformer 3.0\NetworkLicenseServer.exe
PRC - [2009.03.20 01:03:00 | 001,904,640 | R--- | M] (AVM Berlin) -- C:\Program Files (x86)\avmwlanstick\WLanGUI.exe
PRC - [2009.03.20 01:03:00 | 000,368,640 | R--- | M] (AVM Berlin) -- C:\Program Files (x86)\avmwlanstick\WlanNetService.exe
PRC - [2008.12.18 13:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Programme\Dell\DellDock\DockLogin.exe
PRC - [2007.06.05 13:20:32 | 000,177,704 | ---- | M] () -- C:\Windows\SysWOW64\PSIService.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.02.22 13:14:20 | 008,527,008 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
MOD - [2012.02.17 20:50:02 | 001,911,768 | ---- | M] () -- C:\Firefox\mozjs.dll
MOD - [2011.07.29 00:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011.07.29 00:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
MOD - [2011.03.17 00:11:16 | 004,297,568 | ---- | M] () -- C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2009.03.30 12:24:30 | 000,948,736 | ---- | M] (ATI Technologies Inc.) [Auto | Running] -- C:\Windows\SysNative\Ati2evxx.exe -- (Ati External Event Utility)
SRV - [2012.01.13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.01.03 14:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.11.25 16:32:36 | 000,687,400 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate) @C:\Program Files (x86)
SRV - [2011.09.22 12:03:30 | 000,974,944 | ---- | M] (ESET) [Auto | Running] -- C:\Programme\ESET\x86\ekrn.exe -- (ekrn)
SRV - [2011.08.12 00:38:04 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files (x86)\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)
SRV - [2010.12.30 19:59:23 | 000,403,240 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010.12.03 11:18:10 | 000,341,296 | ---- | M] (Nitro PDF Software) [Auto | Running] -- C:\Programme\Common Files\Nitro PDF\Reader\1.0\NitroPDFReaderDriverServicex64.exe -- (NitroReaderDriverReadSpool)
SRV - [2010.09.16 14:06:22 | 000,080,896 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.01.09 21:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2010.01.09 21:20:56 | 000,174,440 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose64)
SRV - [2009.07.16 09:59:00 | 000,648,432 | ---- | M] (SoftThinks) [Auto | Running] -- C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE -- (SftService)
SRV - [2009.04.27 10:17:13 | 000,759,048 | ---- | M] (ABBYY) [Auto | Running] -- C:\Program Files (x86)\ABBYY PDF Transformer 3.0\NetworkLicenseServer.exe -- (ABBYY.Licensing.PDFTransformer.Classic.3.0)
SRV - [2009.03.29 21:42:16 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.03.20 01:03:00 | 000,368,640 | R--- | M] (AVM Berlin) [Auto | Running] -- C:\Program Files (x86)\avmwlanstick\WlanNetService.exe -- (AVM WLAN Connection Service)
SRV - [2008.12.18 13:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Programme\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV - [2007.06.05 13:20:32 | 000,177,704 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PSIService.exe -- (ProtexisLicensing)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2011.12.10 15:24:08 | 000,023,152 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2011.12.01 11:42:44 | 000,072,240 | ---- | M] (Nero AG) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\NBVol.sys -- (NBVol)
DRV:64bit: - [2011.12.01 11:42:44 | 000,015,920 | ---- | M] (Nero AG) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\NBVolUp.sys -- (NBVolUp)
DRV:64bit: - [2011.11.07 19:01:36 | 000,270,912 | ---- | M] (DT Soft Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2011.08.09 14:24:52 | 000,202,576 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\Windows\SysNative\DRIVERS\eamonm.sys -- (eamonm)
DRV:64bit: - [2011.08.04 09:20:38 | 000,146,432 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\ehdrv.sys -- (ehdrv)
DRV:64bit: - [2010.10.08 15:52:38 | 000,144,784 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV:64bit: - [2010.07.12 19:36:10 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2010.06.25 16:08:56 | 000,036,928 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\htcnprot.sys -- (htcnprot)
DRV:64bit: - [2009.12.17 15:03:35 | 000,834,544 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\Drivers\sptd.sys -- (sptd)
DRV:64bit: - [2009.09.16 10:22:40 | 000,308,296 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk)
DRV:64bit: - [2009.09.16 10:22:40 | 000,102,472 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk)
DRV:64bit: - [2009.09.16 10:22:40 | 000,049,480 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mfesmfk.sys -- (mfesmfk)
DRV:64bit: - [2009.09.16 10:15:38 | 000,040,904 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mferkdk.sys -- (mferkdk)
DRV:64bit: - [2009.06.18 15:15:16 | 000,041,032 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mfebopk.sys -- (mfebopk)
DRV:64bit: - [2009.06.10 00:46:06 | 000,031,744 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\ANDROIDUSB.sys -- (HTCAND64)
DRV:64bit: - [2009.04.10 22:43:08 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2009.03.30 12:24:34 | 005,263,872 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (R300)
DRV:64bit: - [2009.03.30 12:24:34 | 005,263,872 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009.03.20 01:03:00 | 000,460,800 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\fwlanusb.sys -- (FWLANUSB)
DRV:64bit: - [2009.03.20 01:03:00 | 000,014,120 | R--- | M] (AVM Berlin) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\avmeject.sys -- (avmeject)
DRV:64bit: - [2009.01.13 13:39:42 | 000,188,416 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169)
DRV:64bit: - [2009.01.13 12:41:32 | 000,406,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\iastor.sys -- (iaStor)
DRV:64bit: - [2008.01.21 03:51:07 | 000,016,384 | ---- | M] (Microsoft Corporation) [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2008.01.21 03:46:55 | 000,317,952 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\e1e6032e.sys -- (e1express) Intel(R)
DRV - [2011.07.22 17:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files (x86)\SUPERAntiSpyware\SASDIFSV64.SYS -- (SASDIFSV)
DRV - [2011.07.12 22:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files (x86)\SUPERAntiSpyware\SASKUTIL64.SYS -- (SASKUTIL)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = fritz.box
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultthis.engineName: ""
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {b749fc7c-e949-447f-926c-3f4eed6accfe}:0.7.0.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..network.proxy.backup.ftp: ""
FF - prefs.js..network.proxy.backup.ftp_port: 0
FF - prefs.js..network.proxy.backup.socks: ""
FF - prefs.js..network.proxy.backup.socks_port: 0
FF - prefs.js..network.proxy.backup.ssl: ""
FF - prefs.js..network.proxy.backup.ssl_port: 0
FF - prefs.js..network.proxy.ftp: "        74.95.66.34"
FF - prefs.js..network.proxy.ftp_port: 80
FF - prefs.js..network.proxy.http: "        74.95.66.34"
FF - prefs.js..network.proxy.http_port: 80
FF - prefs.js..network.proxy.no_proxies_on: "fritz.box"
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "        74.95.66.34"
FF - prefs.js..network.proxy.socks_port: 80
FF - prefs.js..network.proxy.ssl: "        74.95.66.34"
FF - prefs.js..network.proxy.ssl_port: 80
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Nero.com/KM: C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\PROGRAM FILES\ESET\MOZILLA THUNDERBIRD [2012.03.18 15:29:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011.12.30 15:54:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Firefox\components [2012.02.17 20:50:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Firefox\plugins [2012.01.12 19:15:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\Mozilla Thunderbird [2012.03.18 15:29:45 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\{184AA5E6-741D-464a-820E-94B3ABC2F3B4}: C:\Users\Urbi\AppData\Roaming\08017 [2012.03.19 12:12:23 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Firefox\components [2012.02.17 20:50:03 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Firefox\plugins [2012.01.12 19:15:05 | 000,000,000 | ---D | M]
 
[2009.12.29 21:51:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Urbi\AppData\Roaming\mozilla\Extensions
[2011.12.09 11:17:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Urbi\AppData\Roaming\mozilla\Firefox\Profiles\qwhto5xt.default\extensions
[2010.06.24 13:36:52 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Urbi\AppData\Roaming\mozilla\Firefox\Profiles\qwhto5xt.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.11.08 21:59:35 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\Urbi\AppData\Roaming\mozilla\Firefox\Profiles\qwhto5xt.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2010.01.17 19:37:36 | 000,000,000 | ---D | M] (DVDVideoSoft Toolbar) -- C:\Users\Urbi\AppData\Roaming\mozilla\Firefox\Profiles\qwhto5xt.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}
[2011.12.30 15:54:00 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 &lt;video&gt;) -- C:\PROGRAM FILES (X86)\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5
() (No name found) -- C:\USERS\URBI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWHTO5XT.DEFAULT\EXTENSIONS\{1FC895A6-2042-46EC-A61B-233165B4C218}.XPI
() (No name found) -- C:\USERS\URBI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWHTO5XT.DEFAULT\EXTENSIONS\{B749FC7C-E949-447F-926C-3F4EED6ACCFE}.XPI
 
========== Chrome  ==========
 
CHR - default_search_provider: Google ()
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
 
O1 HOSTS File: ([2006.09.18 22:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: ::1            localhost
O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\bin\ssv.dll (Sun Microsystems, Inc.)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (no name) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - No CLSID value found.
O2 - BHO: (no name) - {ee1babcf-cbe2-4c07-8e18-dfe6fc08c30a}  - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - No CLSID value found.
O4:64bit: - HKLM..\Run: [egui] C:\Program Files\ESET\egui.exe (ESET)
O4 - HKLM..\Run: [AVMWlanClient] C:\Program Files (x86)\avmwlanstick\wlangui.exe (AVM Berlin)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files (x86)\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - Startup: C:\Users\Urbi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk =  File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: TaskbarNoNotification = 1
O8:64bit: - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Urbi\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8:64bit: - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Urbi\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm ()
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Free YouTube Download - C:\Users\Urbi\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Urbi\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm ()
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: fritz.box ([]* in Lokales Intranet)
O15 - HKCU\..Trusted Ranges: Range1 ([*] in Lokales Intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} Reg Error: Value error. (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 62.109.123.197 213.191.74.19 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A98E5A04-EDD5-446B-A108-44249A35FAD2}: DhcpNameServer = 62.109.123.197 213.191.74.19 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C734FC4C-9BA2-47E7-BE95-35087AA68768}: DhcpNameServer = 192.168.42.129
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help - No CLSID value found
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Urbi\Pictures\IMG-20120306-WA0001.jpg
O24 - Desktop BackupWallPaper: C:\Users\Urbi\Pictures\IMG-20120306-WA0001.jpg
O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.03.20 12:33:52 | 000,000,000 | ---D | C] -- C:\Users\Urbi\AppData\Roaming\SUPERAntiSpyware.com
[2012.03.20 12:33:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2012.03.20 12:32:57 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2012.03.20 12:32:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SUPERAntiSpyware
[2012.03.20 12:31:15 | 015,433,288 | ---- | C] (SUPERAntiSpyware.com) -- C:\Users\Urbi\Desktop\SUPERAntiSpyware.exe
[2012.03.20 12:15:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012.03.20 12:15:07 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2012.03.20 12:15:07 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2012.03.20 12:15:07 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2012.03.20 12:07:58 | 000,191,264 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\javaws.exe
[2012.03.20 12:07:58 | 000,172,320 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\javaw.exe
[2012.03.20 12:07:58 | 000,172,320 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\java.exe
[2012.03.20 12:07:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2012.03.20 11:56:23 | 000,910,112 | ---- | C] (Sun Microsystems, Inc.) -- C:\Users\Urbi\Desktop\jxpiinstall.exe
[2012.03.20 11:50:15 | 000,525,544 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\deployJava1.dll
[2012.03.20 11:14:44 | 000,000,000 | ---D | C] -- C:\_OTL
[2012.03.19 15:49:21 | 000,594,432 | ---- | C] (OldTimer Tools) -- C:\Users\Urbi\Desktop\OTL.exe
[2012.03.19 13:22:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.03.19 13:22:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.03.19 13:22:03 | 009,502,424 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\Urbi\Desktop\mbam--setup-1.60.1.1000.exe
[2012.03.19 12:12:23 | 000,000,000 | ---D | C] -- C:\Users\Urbi\AppData\Roaming\08017
[2012.03.18 21:13:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2012.03.18 21:13:34 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2012.03.18 20:46:33 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Urbi\Desktop\dds.com
[2012.03.18 19:42:59 | 000,000,000 | -H-D | C] -- C:\ProgramData\{83C3B2FD-37EA-4C06-A228-E9B5E32FF0B1}
[2012.03.18 19:42:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Uniblue
[2012.03.18 19:42:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Uniblue
[2012.03.18 19:42:48 | 000,000,000 | ---D | C] -- C:\Users\Urbi\AppData\Local\PackageAware
[2012.03.18 15:29:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
[2012.03.18 15:29:01 | 000,000,000 | ---D | C] -- C:\ProgramData\ESET
[2012.03.18 15:29:01 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012.03.14 16:50:05 | 000,000,000 | ---D | C] -- C:\TEMP
[2012.03.14 16:35:24 | 002,002,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll
[2012.03.14 16:35:24 | 001,555,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2012.03.14 16:35:24 | 000,834,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
[2012.03.14 16:35:24 | 000,327,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll
[2012.03.14 16:35:24 | 000,196,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll
[2012.03.14 16:34:54 | 000,708,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpencom.dll
[2012.03.14 16:34:53 | 000,613,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpencom.dll
[2012.03.05 21:24:29 | 000,000,000 | ---D | C] -- C:\mafia 2
[2012.02.27 19:41:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2011.10.23 15:45:08 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Program Files\OTL.exe
[1 C:\Users\Urbi\AppData\Roaming\*.tmp files -> C:\Users\Urbi\AppData\Roaming\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.03.20 14:10:21 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.03.20 14:10:21 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.03.20 14:10:17 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.03.20 12:33:17 | 000,001,856 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012.03.20 12:31:34 | 015,433,288 | ---- | M] (SUPERAntiSpyware.com) -- C:\Users\Urbi\Desktop\SUPERAntiSpyware.exe
[2012.03.20 12:17:53 | 000,019,816 | ---- | M] () -- C:\Users\Urbi\Documents\cc_20120320_121749.reg
[2012.03.20 12:14:28 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2012.03.20 12:14:28 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2012.03.20 12:14:28 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2012.03.20 12:14:28 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2012.03.20 12:07:15 | 000,525,544 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\deployJava1.dll
[2012.03.20 12:07:15 | 000,191,264 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\javaws.exe
[2012.03.20 12:07:15 | 000,172,320 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\javaw.exe
[2012.03.20 12:07:15 | 000,172,320 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\java.exe
[2012.03.20 11:56:24 | 000,910,112 | ---- | M] (Sun Microsystems, Inc.) -- C:\Users\Urbi\Desktop\jxpiinstall.exe
[2012.03.19 15:49:22 | 000,594,432 | ---- | M] (OldTimer Tools) -- C:\Users\Urbi\Desktop\OTL.exe
[2012.03.19 15:12:16 | 000,000,034 | ---- | M] () -- C:\Users\Urbi\AppData\Roaming\blckdom.res
[2012.03.19 13:22:12 | 009,502,424 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\Urbi\Desktop\mbam--setup-1.60.1.1000.exe
[2012.03.18 21:14:10 | 000,002,964 | ---- | M] () -- C:\Users\Urbi\Desktop\Attach.zip
[2012.03.18 20:46:33 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Urbi\Desktop\dds.com
[2012.03.18 19:52:26 | 000,050,477 | ---- | M] () -- C:\Users\Urbi\Desktop\Defogger.exe
[2012.03.18 19:46:16 | 000,004,098 | ---- | M] () -- C:\Users\Urbi\Documents\cc_20120318_194613.reg
[2012.03.18 19:42:59 | 000,001,635 | ---- | M] () -- C:\Users\Urbi\Desktop\Uniblue RegistryBooster.lnk
[2012.03.18 17:24:31 | 000,000,907 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Update ESET's license.lnk
[2012.03.15 18:36:51 | 000,001,976 | ---- | M] () -- C:\Users\Urbi\Documents\cc_20120315_183649.reg
[2012.03.15 11:34:33 | 000,406,496 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.03.14 16:50:22 | 000,003,140 | -HS- | M] () -- C:\Windows\SysWow64\KGyGaAvL.sys
[2012.03.14 16:50:20 | 000,000,088 | RHS- | M] () -- C:\Windows\SysWow64\013E07AF38.sys
[2012.03.09 14:05:22 | 004,208,096 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.03.09 14:05:22 | 001,720,492 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.03.09 14:05:22 | 001,281,808 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.03.09 14:05:22 | 001,127,038 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.03.09 14:05:22 | 000,007,056 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.03.06 14:22:47 | 000,001,418 | ---- | M] () -- C:\Users\Urbi\Documents\cc_20120306_142245.reg
[2012.02.26 13:51:54 | 000,003,832 | ---- | M] () -- C:\Users\Urbi\Documents\cc_20120226_135152.reg
[2012.02.22 13:14:20 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[1 C:\Users\Urbi\AppData\Roaming\*.tmp files -> C:\Users\Urbi\AppData\Roaming\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.03.20 12:33:17 | 000,001,856 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012.03.20 12:17:51 | 000,019,816 | ---- | C] () -- C:\Users\Urbi\Documents\cc_20120320_121749.reg
[2012.03.18 21:14:10 | 000,002,964 | ---- | C] () -- C:\Users\Urbi\Desktop\Attach.zip
[2012.03.18 19:52:26 | 000,050,477 | ---- | C] () -- C:\Users\Urbi\Desktop\Defogger.exe
[2012.03.18 19:46:14 | 000,004,098 | ---- | C] () -- C:\Users\Urbi\Documents\cc_20120318_194613.reg
[2012.03.18 19:42:59 | 000,001,635 | ---- | C] () -- C:\Users\Urbi\Desktop\Uniblue RegistryBooster.lnk
[2012.03.18 17:17:33 | 000,000,907 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Update ESET's license.lnk
[2012.03.18 00:30:44 | 000,000,034 | ---- | C] () -- C:\Users\Urbi\AppData\Roaming\blckdom.res
[2012.03.15 18:36:50 | 000,001,976 | ---- | C] () -- C:\Users\Urbi\Documents\cc_20120315_183649.reg
[2012.03.06 14:22:46 | 000,001,418 | ---- | C] () -- C:\Users\Urbi\Documents\cc_20120306_142245.reg
[2012.02.26 13:51:53 | 000,003,832 | ---- | C] () -- C:\Users\Urbi\Documents\cc_20120226_135152.reg
[2011.10.23 15:40:19 | 000,050,477 | ---- | C] () -- C:\Program Files\Defogger.exe
[2011.08.24 15:55:24 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011.06.22 19:10:56 | 000,005,038 | ---- | C] () -- C:\Windows\MC9DEMO.INI
[2011.06.20 19:24:15 | 000,000,056 | ---- | C] () -- C:\Windows\MC10demo.INI
[2011.02.14 21:02:52 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.11.30 15:01:42 | 000,000,088 | RHS- | C] () -- C:\Windows\SysWow64\013E07AF38.sys
[2010.11.30 14:36:14 | 000,003,140 | -HS- | C] () -- C:\Windows\SysWow64\KGyGaAvL.sys
[2010.10.17 17:58:40 | 000,000,096 | -HS- | C] () -- C:\Windows\WSYS049.SYS
[2010.10.17 17:58:21 | 000,204,295 | ---- | C] () -- C:\Windows\Photo Pos Pro Uninstaller.exe
[2010.07.25 12:31:02 | 000,000,680 | ---- | C] () -- C:\Users\Urbi\AppData\Local\d3d9caps.dat
[2010.06.22 11:52:49 | 000,001,914 | ---- | C] () -- C:\Users\Urbi\AppData\Roaming\wklnhst.dat
[2010.06.15 18:16:45 | 000,009,216 | ---- | C] () -- C:\Users\Urbi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.06.12 12:11:25 | 000,001,302 | ---- | C] () -- C:\ProgramData\ss.ini
[2010.04.06 11:10:15 | 000,225,411 | ---- | C] () -- C:\Windows\SysWow64\PosPrKpLib.dll
[2010.04.06 11:10:07 | 000,020,480 | ---- | C] () -- C:\Windows\SysWow64\PosTickerLib.dll
 
========== LOP Check ==========
 
[2012.03.19 12:12:23 | 000,000,000 | ---D | M] -- C:\Users\Urbi\AppData\Roaming\08017
[2010.04.11 16:00:30 | 000,000,000 | ---D | M] -- C:\Users\Urbi\AppData\Roaming\Acoustica
[2011.08.31 15:57:53 | 000,000,000 | ---D | M] -- C:\Users\Urbi\AppData\Roaming\Azureus
[2011.11.26 16:35:50 | 000,000,000 | ---D | M] -- C:\Users\Urbi\AppData\Roaming\benibela
[2010.11.03 11:14:24 | 000,000,000 | ---D | M] -- C:\Users\Urbi\AppData\Roaming\CadSoft
[2009.12.17 15:07:38 | 000,000,000 | ---D | M] -- C:\Users\Urbi\AppData\Roaming\DAEMON Tools Lite
[2009.12.17 14:38:22 | 000,000,000 | ---D | M] -- C:\Users\Urbi\AppData\Roaming\DAEMON Tools Pro
[2011.05.09 21:08:29 | 000,000,000 | ---D | M] -- C:\Users\Urbi\AppData\Roaming\Dev-Cpp
[2011.01.25 17:19:33 | 000,000,000 | ---D | M] -- C:\Users\Urbi\AppData\Roaming\Downloaded Installations
[2011.03.02 19:22:48 | 000,000,000 | ---D | M] -- C:\Users\Urbi\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.09.16 12:20:30 | 000,000,000 | ---D | M] -- C:\Users\Urbi\AppData\Roaming\ElevatedShortcut
[2011.11.09 21:02:53 | 000,000,000 | ---D | M] -- C:\Users\Urbi\AppData\Roaming\ESET
[2011.05.19 18:32:38 | 000,000,000 | ---D | M] -- C:\Users\Urbi\AppData\Roaming\GetRightToGo
[2010.11.29 21:27:24 | 000,000,000 | ---D | M] -- C:\Users\Urbi\AppData\Roaming\HTC
[2010.11.29 21:27:37 | 000,000,000 | ---D | M] -- C:\Users\Urbi\AppData\Roaming\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.1
[2012.03.19 21:52:00 | 000,000,000 | ---D | M] -- C:\Users\Urbi\AppData\Roaming\ICQ
[2011.11.28 19:27:03 | 000,000,000 | ---D | M] -- C:\Users\Urbi\AppData\Roaming\Nitro PDF
[2011.11.07 19:02:26 | 000,000,000 | ---D | M] -- C:\Users\Urbi\AppData\Roaming\OpenCandy
[2010.12.01 15:25:00 | 000,000,000 | ---D | M] -- C:\Users\Urbi\AppData\Roaming\OpenOffice.org
[2011.04.11 18:41:15 | 000,000,000 | ---D | M] -- C:\Users\Urbi\AppData\Roaming\PCDr
[2010.11.29 21:17:29 | 000,000,000 | ---D | M] -- C:\Users\Urbi\AppData\Roaming\Teleca
[2010.06.22 11:52:50 | 000,000,000 | ---D | M] -- C:\Users\Urbi\AppData\Roaming\Template
[2010.12.30 20:49:50 | 000,000,000 | ---D | M] -- C:\Users\Urbi\AppData\Roaming\TS3Client
[2012.03.20 14:09:37 | 000,032,510 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >
--- --- ---

--- --- ---

OTL EXTRAS Logfile:
Code:
OTL Extras logfile created on: 20.03.2012 14:17:14 - Run 3
OTL by OldTimer - Version 3.2.39.1    Folder = C:\Users\Urbi\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19190)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
6,00 Gb Total Physical Memory | 4,23 Gb Available Physical Memory | 70,52% Memory free
12,10 Gb Paging File | 10,15 Gb Available in Paging File | 83,89% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 450,68 Gb Total Space | 253,60 Gb Free Space | 56,27% Space Free | Partition Type: NTFS
Drive D: | 15,00 Gb Total Space | 5,66 Gb Free Space | 37,73% Space Free | Partition Type: NTFS
 
Computer Name: URBI-PC | User Name: Urbi | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [runas] -- cmd.exe /c takeown /f "%1" /r /d j && icacls "%1" /grant administratoren:F /t &&  icacls "%1" /grant "authentifizierte benutzer":F /t (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [runas] -- cmd.exe /c takeown /f "%1" /r /d j && icacls "%1" /grant administratoren:F /t &&  icacls "%1" /grant "authentifizierte benutzer":F /t (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01  [binary data]
"VistaSp2" = 65 B1 89 89 56 6C CA 01  [binary data]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{10D490EE-B0E6-4E31-BA7D-427DD9DB011E}" = lport=2869 | protocol=6 | dir=in | app=system |
"{398B8C02-F454-4F96-A3EB-C6D62A43A280}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe |
"{E55E8D3B-7574-472E-A2BE-FBE1E50D518E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0DBF1A3D-3886-4DDB-9369-292D54EA65D3}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{10FD4B05-E808-4495-93E2-F8EC5A3B9416}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe |
"{1391A1F6-582C-44E4-AA79-75D979A29DD3}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{155C710A-8F1F-4E71-B8FC-12CE16CEA2CC}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{19D10588-B6EA-4E0E-BD36-A4A2C169DE81}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe |
"{1F54E8EA-81C6-450D-B436-DD42C10377DC}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe |
"{20F310E7-BE07-497A-BD7A-80B98D59340C}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe |
"{250F7D4E-C5B0-4C48-96DB-936D504F996D}" = protocol=6 | dir=in | app=c:\program files (x86)\easy downloads\easydl.exe |
"{2888FB0C-A339-40B1-B511-2711FAE8EF79}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{2C626B09-36D9-4C70-A306-3B73F23F38AE}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\hp1006mc.exe |
"{2F2315EE-A7FF-49EA-A860-D5F090F67E1D}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe |
"{3F47BFED-56B9-4A60-9B49-1AEB3F5A7EBD}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{4F3A86BA-B103-4508-A676-02CAF2539B9D}" = protocol=17 | dir=in | app=c:\program files (x86)\easy downloads\easydl.exe |
"{76189A5C-9F02-4722-9FE2-A441DB71E718}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe |
"{8782F0EC-8F90-40C6-94B8-D796FB225BA1}" = protocol=17 | dir=in | app=c:\program files (x86)\easy downloads\easydownloads.exe |
"{91D86DEB-85F6-4FA0-AE83-9C635E87B324}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{9770529D-480E-408D-AFE2-5F5AB1D50D33}" = protocol=6 | dir=in | app=c:\program files (x86)\easy downloads\easydownloads.exe |
"{97E3610E-E2A9-4C89-AB4E-8973F71E46E8}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\hp1006mc.exe |
"{9F616DA5-F8F7-41C1-8A4B-F41F73E9415E}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe |
"{A1BB417E-6CD4-4446-BD81-20B543E9B819}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe |
"{B0FFF4A7-3EBC-4F1C-A56C-E5F9636FEFFC}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\dseatze_moaf_gagga\counter-strike\hl.exe |
"{B64D4728-AFC1-4B35-90E9-3213DDCAD776}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{C5D93ECF-C364-46FB-B80E-95544BD66A43}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe |
"{CD22AC1C-56F1-4404-AEB0-22DD9B2968F1}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe |
"{D2CF1B24-CFE1-4CC1-BF36-A121D67F7397}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{DFA17C94-6302-42D2-8A34-41824E77D8AC}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe |
"{E78A5198-094D-42A7-B6D2-204DE8F02EE8}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe |
"{EA840450-621D-477E-80B6-B96F31D9A42C}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe |
"{EF99D71F-D3B5-47D0-86E9-161A0CE9C423}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\dseatze_moaf_gagga\counter-strike\hl.exe |
"{FE713204-E473-430F-B76B-6A10728431BB}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"TCP Query User{0AB746F6-9589-4E3D-A339-0DBF0FF71FB6}C:\firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\firefox\plugin-container.exe |
"TCP Query User{0C80F2E6-3CC9-434B-8E91-9419472161D5}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{26B157A6-9E98-42A7-B0D1-248EA68E8780}C:\users\urbi\appdata\local\temp\rarsfx0\bie_kms.exe" = protocol=6 | dir=in | app=c:\users\urbi\appdata\local\temp\rarsfx0\bie_kms.exe |
"TCP Query User{3B9F3B71-5AC6-4F2E-85E5-D49B6C55C49A}C:\program files (x86)\azureus\azureus.exe" = protocol=6 | dir=in | app=c:\program files (x86)\azureus\azureus.exe |
"TCP Query User{4B9FA84B-A932-49D9-963B-D7AA0152B517}C:\program files (x86)\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe |
"TCP Query User{9833256D-89EE-4272-850D-1ADE472002A5}C:\program files (x86)\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sopcast\adv\sopadver.exe |
"TCP Query User{B35F996A-1CCF-4963-80BE-FA98EC5E2B29}C:\users\urbi\appdata\local\temp\rarsfx1\bie_kms.exe" = protocol=6 | dir=in | app=c:\users\urbi\appdata\local\temp\rarsfx1\bie_kms.exe |
"TCP Query User{B66B3988-C1A3-49A1-A0F1-5A43D0C8CED3}C:\program files (x86)\call of duty - black ops\blackops.exe" = protocol=6 | dir=in | app=c:\program files (x86)\call of duty - black ops\blackops.exe |
"UDP Query User{0794A955-ACE5-4CBE-B801-C1E33C8D39BC}C:\program files (x86)\azureus\azureus.exe" = protocol=17 | dir=in | app=c:\program files (x86)\azureus\azureus.exe |
"UDP Query User{6F698CD9-3720-4DA1-B200-957AD689FA8B}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{B03D0B39-F8A8-4802-B23D-BA488F610E70}C:\users\urbi\appdata\local\temp\rarsfx1\bie_kms.exe" = protocol=17 | dir=in | app=c:\users\urbi\appdata\local\temp\rarsfx1\bie_kms.exe |
"UDP Query User{C759552C-3DF1-485A-B525-7FF3E58AD8C2}C:\program files (x86)\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sopcast\adv\sopadver.exe |
"UDP Query User{D6EB7F0E-ECBD-4C88-ABC6-21B44C669C14}C:\program files (x86)\call of duty - black ops\blackops.exe" = protocol=17 | dir=in | app=c:\program files (x86)\call of duty - black ops\blackops.exe |
"UDP Query User{EC883BC2-D666-4FFB-BBF3-4D47D377AF55}C:\users\urbi\appdata\local\temp\rarsfx0\bie_kms.exe" = protocol=17 | dir=in | app=c:\users\urbi\appdata\local\temp\rarsfx0\bie_kms.exe |
"UDP Query User{EE2EF21D-6902-4656-943B-8980A4250C6E}C:\firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\firefox\plugin-container.exe |
"UDP Query User{FFEE815B-718D-4EA7-8DDF-C6A5197693D3}C:\program files (x86)\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{06088E65-A95F-4926-897F-D86FB7A9C6D9}" = Nitro PDF Reader
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{23170F69-40C1-2702-0457-000001000000}" = 7-Zip 4.57 (x64 edition)
"{26A24AE4-039D-4CA4-87B4-2F86416031FF}" = Java(TM) 6 Update 31 (64-bit)
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{61A177CE-86A3-433F-BFE2-41AB9123A268}" = ESET NOD32 Antivirus
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{850C7AF6-7376-464D-A69C-E8419EC7ACA7}" = Microsoft IntelliType Pro 7.0
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
"{90140000-0011-0000-1000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{7BC9B5EB-125A-4E9B-97E1-8D85B5E960B8}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0015-0407-1000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-1000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-1000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-1000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-1000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-1000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-1000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-1000-0000000FF1CE}_Office14.PROPLUS_{70A3169E-288F-454F-A08D-20DF66639B50}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-1000-0000000FF1CE}_Office14.PROPLUS_{0242505C-4E90-407F-9299-B5B275F50D86}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-1000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-1000-0000000FF1CE}_Office14.PROPLUS_{B51389C8-2890-4633-81D8-47D2A7402274}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-1000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-1000-0000000FF1CE}_Office14.PROPLUS_{3013A793-10A7-4D1F-B8B4-2FAA82F4D259}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{90140000-002C-0407-1000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-1000-0000000FF1CE}_Office14.PROPLUS_{98782D5D-A9EE-43C6-88AD-B50AD8530E78}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0043-0000-1000-0000000FF1CE}" = Microsoft Office Office 32-bit Components 2010
"{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{E8B6D35B-0B6F-4DCE-9493-859BF3809A7F}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0043-0407-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (German) 2010
"{90140000-0043-0407-1000-0000000FF1CE}_Office14.PROPLUS_{8DFD91C7-66AE-4E54-9901-5D5F401AD329}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0407-1000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0044-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-1000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-1000-0000000FF1CE}_Office14.PROPLUS_{8299B64F-1537-4081-974C-033EAB8F098E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-1000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0407-1000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140000-00BA-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D285FC5F-3021-32E9-9C59-24CA325BDC5C}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729
"{D600D357-5CB9-4DE9-8FD4-14E208BD1970}" = Nero Backup Drivers
"{E4C229B2-51E3-49E7-3A42-A3B695B4E56E}" = ccc-utility64
"{E60B7350-EA5F-41E0-9D6F-E508781E36D2}" = Dell Dock
"{EAFC065C-0576-4DE9-8FDB-4D943367506E}" = Oracle VM VirtualBox 3.2.10
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FA300000-0001-6400-0000-074957833700}" = ABBYY PDF Transformer 3.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"CCleaner" = CCleaner
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"WinRAR archiver" = WinRAR
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{01E9B2FF-DAF4-4529-9CC9-2101625517C7}" = nero.prerequisites.msi
"{034DCAF9-96E7-4936-9A07-712F80B5181E}" = Nero RescueAgent 11
"{03534DA5-2F88-4B8E-A978-849B979E1B8F}" = TuxGuitar
"{04D5E56E-F323-27F2-C075-EF1AE9A3CF2B}" = Catalyst Control Center Graphics Light
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{0713D1F9-DD77-42C1-8C7D-54D479E2E743}" = Nero SoundTrax 11
"{07288267-318E-9B78-B04E-984F9149EE24}" = Catalyst Control Center Graphics Previews Common
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{095B1DCF-5E8B-47EC-9B18-481918A731DB}" = Microsoft Default Manager
"{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE
"{0B23ACC5-88A6-FEE4-0131-8777A1BA0B68}" = Catalyst Control Center Graphics Previews Vista
"{0CD81D7E-94E2-D230-E37E-C9B16E90D01C}" = CCC Help Italian
"{0D7A4289-99CF-4B8D-B812-86BE50A54552}" = Nero Video 11
"{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell DataSafe Local Backup
"{11D3EF85-63E1-4AE4-A7C1-9241BDB16B51}" = Nero ControlCenter 11
"{13766F76-6C8C-4E57-A9F3-3212D1C6E0D1}" = Dell DataSafe Online
"{13F00518-807A-4B3A-83B0-A7CD90F3A398}" = MarketResearch
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{16A7FAD8-EE4F-C413-8359-833A3B2D39FB}" = CCC Help Portuguese
"{18364179-C5E5-F826-E2FC-D99D575AF997}" = Catalyst Control Center Localization All
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{2767DEDE-EA9D-4FCE-A06A-40F4DD293330}" = hppusgP1000
"{2CA7225D-CB12-462A-9DD1-50319E158BA5}" = Nero 11 PiP Effects Basic
"{30228022-6558-412B-82C4-B1949F90273F}_is1" = Call of Duty - Modern Warfare 2
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{31A559C1-9E4D-423B-9DD3-34A6C5398752}" = HTC BMP USB Driver
"{390757AA-8830-43DC-AEE0-4E5B6F8439EB}" = Nero SoundTrax 11 Help (CHM)
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{44A69352-33DD-405E-ADB8-2D768643BBAE}_is1" = AnyBizSoft PDF to Word (Build 3.0.0)
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{47C72DA6-E7AC-984C-5475-15A65F9B41BE}" = Catalyst Control Center Graphics Full New
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A918155-6399-4673-0D08-85A0DBEC1389}" = CCC Help Chinese Traditional
"{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}" = Junk Mail filter update
"{501451DE-5808-4599-B544-8BD0915B6B24}_is1" = FreeRIP v3.2
"{537791BE-B032-D116-0C59-13541E17BFEA}" = CCC Help English
"{53F7746A-96AA-49A5-86B8-59989680DAC5}" = Nero Burning ROM 11 Help (CHM)
"{55C2143E-FBA5-442F-9AFA-726FF068F39D}" = Nero CoverDesigner 11 Help (CHM)
"{57F80ECF-E27C-4EEE-AB58-E971BACE2639}" = Nero Recode 11 Help (CHM)
"{58ECE031-9AAD-4011-B34A-BC78E77527E2}" = hppMSRedist
"{5A166C0B-9557-4364-A057-F946D674E6AC}" = Windows Live Mail
"{5A212B2D-140D-46F4-B625-2D1CA5A00594}" = Nero 11 Kwik Themes Basic
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{64E72FB1-2343-4977-B4A8-262CD53D0BD3}" = Corel Paint Shop Pro Photo X2
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{66DAE8D7-D5F7-462F-5815-102EE4B191C4}" = CCC Help Korean
"{67DAF4C3-58CA-4EDB-B734-D97684FC379E}" = General Runtime Files for Nemetschek Allplan 2009
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6AB2427E-A18F-4809-9A12-29F5EBABBB3A}" = Nero BackItUp 11 Help (CHM)
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6B3CA80E-6AC0-4725-BABF-9B0FEF880CB3}" = Power Tab Editor 1.7
"{6B96DADA-1A27-4A04-8CB2-CC45168D05FA}" = Windows Live Fotogalerie
"{6D6664A9-3342-4948-9B7E-034EFE366F0F}" = HTC Driver Installer
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7262D0C8-41CC-4F75-8383-A6C7C61D7FC6}" = Nemetschek SoftLock 2006
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{74656168-CF28-40BD-9D87-700B07BAF9B6}" = HTC Sync
"{763B809A-6874-5979-CD69-39491392262C}" = Catalyst Control Center InstallProxy
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7902E313-FF0F-4493-ACB1-A8147B78DCD0}" = HPSSupply
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{7E4413BB-CE31-4E01-A1C0-E37BDD0187CE}" = Nero 11
"{7FE440D8-8F16-24CA-81B6-7DEB4D6BF92D}" = CCC Help Hungarian
"{8014FACB-1D1D-48C2-94AA-E29EE2E6B9CE}" = Nero WaveEditor 11
"{81821BF8-DA20-4F8C-AA87-F70A274828D4}" = Windows Live Writer
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 2.9.0
"{835686C5-8650-49EB-8CA0-4528B4035495}" = Windows Live Call
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{837B6259-6FF5-4E66-87C1-A5A15ED36FF4}" = Windows Live Messenger
"{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60}" = Windows Live Anmelde-Assistent
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{88D3B829-DBA4-D839-33BF-9A5794CC21EB}" = CCC Help Chinese Standard
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8C1E2925-14F8-45AA-B999-1E2A74BF5607}" = Windows Live Sync
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{9044B9A5-B7D7-3EA2-B20B-49A47853D62F}" = CCC Help Spanish
"{9193490D-5229-4FC4-9BB9-A6D63C09574A}" = High-Definition Video Playback
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C450606-ED24-4958-92BA-B8940C99D441}" = PixiePack Codec Pack
"{A69D7B32-2BE9-42BF-B576-69B5E0FF7394}" = Catalyst Control Center - Branding
"{A7A0BF2E-31CC-49E3-9913-52C503EB969D}" = Nero Audio Pack 1
"{A7F37935-A880-8657-79CE-F98BF3A358E1}" = CCC Help Turkish
"{A82D052A-0806-42DF-80CD-1730A1AC0ED3}" = MrvlUsgTracking
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell DataSafe Local Backup - Support Software
"{AA388319-08DE-4943-A739-5BC257F50B61}" = NI LabVIEW Run-Time Engine 8.6
"{AB2BBC64-8AC8-4E66-BBF3-E22D5EACEECA}" = Nero BackItUp 11
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.2) - Deutsch
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B1846721-A8E6-46C7-83B6-0DCF7ADB4267}" = Nero Burning ROM 11
"{B297076F-905F-7E13-57EF-7D254EBB7589}" = CCC Help Japanese
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{B9B1BA7F-7E07-49DD-A713-5B397A5BB66B}" = Nero Kwik Media Help (CHM)
"{BAED3957-C271-4670-A50D-8D7438701917}" = Nemetschek Allplan 2009
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BE814218-3919-4EA3-868A-2F60BC135CB4}" = Nero Kwik Media
"{BEBEE34D-84A2-4EDD-8BEA-96CC54371263}" = Nero Core Components 11
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCE210DF-7EEF-4A76-A63C-3EB091FDB992}" = welcome
"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
"{D01CE99A-8802-483C-A79F-298B691EB432}" = Nero RescueAgent 11 Help (CHM)
"{D1B8C6AC-C4F8-E8AF-E157-AF3E16B97903}" = CCC Help French
"{D2CBEFA4-F2D3-4E97-A171-8BFD6A31A5EC}" = Nero Express 11 Help (CHM)
"{D4D66270-9147-4BDF-9946-FCA2B303AA8F}" = Nero ControlCenter 11 Help (CHM)
"{D9EB0916-F277-4C54-830A-772833FD20A4}" = Micro-Cap 10 Evaluation
"{DC702FC1-4746-CD99-0578-02839474C2F8}" = Skins
"{DF5F687F-8018-4542-9F98-7084E9022917}" = Windows Live Essentials
"{DFAA3C20-5968-46A3-B7B0-0AF72D758A59}" = HTC Sync
"{DFFC0648-BC4B-47D1-93D2-6CA6B9457641}" = OpenOffice.org 3.2
"{E10AAE4A-98B8-420A-BD93-E0520C23D624}" = Nero Express 11
"{E51BC4B0-EA5E-49CC-AF3B-93B5C627EC22}" = Nero 11 Effects Basic
"{E59145A6-2D21-9E5C-6551-ACA2539CDE50}" = ccc-core-static
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1
"{E89371A0-2FCD-F518-EECB-09AB27724CEE}" = CCC Help German
"{EB8DED20-A887-4A9C-BB5A-F3E7523DFB44}" = Nero WaveEditor 11 Help (CHM)
"{ED06F22F-DADB-E713-2E49-EEB154950285}" = Catalyst Control Center Graphics Full Existing
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F3743A2C-5D5F-4456-8F98-5DF36A954C50}" = Nero 11 Image Samples
"{F49EF443-B2BD-4F10-8A46-87AFCDB90EDD}" = Nero 11 Disc Menus Basic
"{F6706DF9-B0B6-8496-F302-BF511197A32F}" = Catalyst Control Center Core Implementation
"{F69E83CF-B440-43F8-89E6-6EA80712109B}" = Windows Live Communications Platform
"{F69FB940-5031-4FE8-AFAD-085802D0BF63}" = Nero Recode 11
"{FAC3C37E-EDAB-4F3A-A173-A7C70CC88F09}" = Nero Video 11 Help (CHM)
"{FF44BCE5-5A18-4051-85F0-BC172D7B4695}" = Nero CoverDesigner 11
"5513-1208-7298-9440" = JDownloader 0.9
"ABBYY PDF Transformer 3.0" = ABBYY PDF Transformer 3.0
"Acoustica Effects Pack" = Acoustica Effects Pack
"Acoustica Mixcraft 4.5" = Acoustica Mixcraft 4.5
"Acoustica Mixcraft 5" = Acoustica Mixcraft 5
"Adobe AIR" = Adobe AIR
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Advanced PDF-to-Word 1.0 Demo" = Advanced PDF-to-Word 1.0 Demo
"Advanced RAR Repair v1.2" = Advanced RAR Repair v1.2
"AVMWLANCLI" = AVM FRITZ!WLAN
"BlueJ_is1" = BlueJ 2.5.3
"Call of Duty: Black Ops_is1" = Call of Duty: Black Ops
"DAEMON Tools Lite" = DAEMON Tools Lite
"Dev-C++" = Dev-C++ 5 beta 9 release (4.9.9.2)
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup" = DivX-Setup
"DVD Flick_is1" = DVD Flick 1.3.0.7
"EAGLE 5.10.0" = EAGLE 5.10.0
"Free PDF to Word Doc Converter_is1" = Free PDF to Word Doc Converter v1.1
"Google Chrome" = Google Chrome
"Guitar Pro 5_is1" = Guitar Pro 5.0
"HP LaserJet P1000 series" = HP LaserJet P1000 series
"IrfanView" = IrfanView (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.60.1.1000
"Micro-Cap Evaluation 9.0" = Micro-Cap Evaluation 9.0
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"MiKTeX 2.9" = MiKTeX 2.9
"Mozilla Firefox 8.0 (x86 de)" = Mozilla Firefox 8.0 (x86 de)
"PDF Blender" = PDF Blender
"Photo Pos Pro" = Photo Pos Pro
"Security Task Manager" = Security Task Manager 1.8d
"Stronghold 3 (c) THQ_is1" = Stronghold 3 (c) THQ version 1
"TexMakerX_is1" = TexMakerX 2.1
"TmNationsForever_is1" = TmNationsForever
"TuxGuitar 1.1" = TuxGuitar
"TuxGuitar_0" = TuxGuitar 1.2
"Uniblue RegistryBooster" = Uniblue RegistryBooster
"Uninstall_is1" = Uninstall 1.0.0.1
"vShare.tv plugin" = vShare.tv plugin 1.3
"WinLiveSuite_Wave3" = Windows Live Essentials
"Zip Repair Pro_is1" = Zip Repair Pro
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Mozilla Firefox 10.0.2 (x86 de)" = Mozilla Firefox 10.0.2 (x86 de)
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 19.01.2012 15:37:36 | Computer Name = Urbi-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung Stronghold3.exe, Version 0.0.0.0, Zeitstempel
 0x4ed9324c, fehlerhaftes Modul vision100.dll, Version 8.1.8.0, Zeitstempel 0x4e9ff7c0,
 Ausnahmecode 0xc0000005, Fehleroffset 0x0004c6d4,  Prozess-ID 0x1154, Anwendungsstartzeit
 01ccd6e0ee4e5395.
 
Error - 19.01.2012 15:37:37 | Computer Name = Urbi-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung Stronghold3.exe, Version 0.0.0.0, Zeitstempel
 0x4ed9324c, fehlerhaftes Modul vBase100.dll, Version 8.1.8.0, Zeitstempel 0x4e9ff795,
 Ausnahmecode 0xc0000005, Fehleroffset 0x0005ba8e,  Prozess-ID 0x1154, Anwendungsstartzeit
 01ccd6e0ee4e5395.
 
Error - 19.01.2012 18:26:48 | Computer Name = Urbi-PC | Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 8.0.6001.19170 arbeitet nicht mehr
mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet
 "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen
über das Problem zu suchen.  Prozess-ID: 109c  Anfangszeit: 01ccd6f6c32f2255  Zeitpunkt
 der Beendigung: 10
 
Error - 19.01.2012 18:42:11 | Computer Name = Urbi-PC | Source = EventSystem | ID = 4621
Description =
 
Error - 20.01.2012 11:45:22 | Computer Name = Urbi-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 20.01.2012 11:49:00 | Computer Name = Urbi-PC | Source = LoadPerf | ID = 3012
Description =
 
Error - 20.01.2012 11:49:00 | Computer Name = Urbi-PC | Source = LoadPerf | ID = 3012
Description =
 
Error - 20.01.2012 11:49:00 | Computer Name = Urbi-PC | Source = LoadPerf | ID = 3011
Description =
 
Error - 20.01.2012 15:03:13 | Computer Name = Urbi-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung Stronghold3.exe, Version 0.0.0.0, Zeitstempel
 0x4ed9324c, fehlerhaftes Modul StrongholdBase.dll, Version 0.0.0.0, Zeitstempel
 0x4ed93246, Ausnahmecode 0xc0000005, Fehleroffset 0x0007f7ab,  Prozess-ID 0x1098,
 Anwendungsstartzeit 01ccd79e3b65b9d0.
 
Error - 20.01.2012 18:16:29 | Computer Name = Urbi-PC | Source = EventSystem | ID = 4621
Description =
 
[ System Events ]
Error - 16.03.2012 07:39:57 | Computer Name = Urbi-PC | Source = Service Control Manager | ID = 7000
Description =
 
Error - 16.03.2012 07:40:27 | Computer Name = Urbi-PC | Source = Service Control Manager | ID = 7009
Description =
 
Error - 16.03.2012 07:40:27 | Computer Name = Urbi-PC | Source = Service Control Manager | ID = 7000
Description =
 
Error - 18.03.2012 09:40:09 | Computer Name = Urbi-PC | Source = VDS Dynamic Provider | ID = 16908298
Description =
 
Error - 18.03.2012 15:31:25 | Computer Name = Urbi-PC | Source = VDS Dynamic Provider | ID = 16908298
Description =
 
Error - 18.03.2012 18:25:38 | Computer Name = Urbi-PC | Source = Dhcp | ID = 1001
Description = Diesem Computer konnte keine Netzwerkadresse durch den DHCP-Server
 für die Netzwerkkarte mit der Netzwerkadresse 001F3F09796E zugeteilt werden. Der
 folgende Fehler ist aufgetreten:  %%1223. Es wird weiterhin im Hintergrund versucht,
 eine Adresse vom Netzwerkadressserver (DHCP) zugeteilt zu bekommen.
 
Error - 19.03.2012 10:45:47 | Computer Name = Urbi-PC | Source = VDS Dynamic Provider | ID = 16908298
Description =
 
Error - 19.03.2012 17:21:15 | Computer Name = Urbi-PC | Source = VDS Dynamic Provider | ID = 16908298
Description =
 
Error - 20.03.2012 06:14:44 | Computer Name = Urbi-PC | Source = Service Control Manager | ID = 7034
Description =
 
Error - 20.03.2012 06:42:27 | Computer Name = Urbi-PC | Source = VDS Dynamic Provider | ID = 16908298
Description =
 
 
< End of report >
--- --- ---

kira 21.03.2012 06:59
Zitat:
Zitat von urbi28 (Beitrag 796182)
Die Programme die du mir empfohlen hast und ich heruntergeladen habe, sind das auch passive programme, also die stets meinen Computer durchsuchen und wenn ja ist das problematisch wenn ich diese parallel zu ESET laufen habe? Hab ma gehört, dass man immer nur ein Antivirusprogramm haben soll.
ja, ganz richtig, aber ich achte darauf, dass nicht passiert ist! SUPERAntiSpyware ist nicht "vollwertiger" Antivirusprogramm!

Zitat:
Zitat von urbi28 (Beitrag 796182)
Achso, empfielst du mir auch das Vshare tv plugin zu deinstallieren? Aber ich glaube das brauch ich.
deinstallieren nicht, aber kontrolliere bitte dein Browser nochmal, ob sich Ungewolltes eingenistet hat?:
die Startseite
unter "Erweiterungen"

-> hast Du wissentlich gemacht?:

FF - prefs.js..network.proxy.ftp: " 74.95.66.34"
FF - prefs.js..network.proxy.ftp_port: 80
FF - prefs.js..network.proxy.http: " 74.95.66.34"
FF - prefs.js..network.proxy.http_port: 80
FF - prefs.js..network.proxy.no_proxies_on: "fritz.box"
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: " 74.95.66.34"
FF - prefs.js..network.proxy.socks_port: 80
FF - prefs.js..network.proxy.ssl: " 74.95.66.34"
FF - prefs.js..network.proxy.ssl_port: 80

1.
Zitat:
Achtung wichtig!:
Falls Du selber im Logfile Änderungen vorgenommen hast, musst Du durch die Originalbezeichnung ersetzen und so in Script einfügen! sonst funktioniert nicht!
(Benutzerordner, dein Name oder sonstige Änderungen durch X, Stern oder andere Namen ersetzt)
Fixen mit OTL
  • Starte die OTL.exe.
  • Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
  • Kopiere folgendes Skript:
Code:
:OTL
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}"
O2 - BHO: (no name) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - No CLSID value found.
O2 - BHO: (no name) - {ee1babcf-cbe2-4c07-8e18-dfe6fc08c30a}  - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - No CLSID value found.
O2 - BHO: (no name) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - No CLSID value found.
O2 - BHO: (no name) - {ee1babcf-cbe2-4c07-8e18-dfe6fc08c30a}  - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - No CLSID value found.
[2012.03.19 12:12:23 | 000,000,000 | ---D | C] -- C:\Users\Urbi\AppData\Roaming\08017
[2011.08.31 15:57:53 | 000,000,000 | ---D | M] -- C:\Users\Urbi\AppData\Roaming\Azureus

:Reg
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"TCP Query User{3B9F3B71-5AC6-4F2E-85E5-D49B6C55C49A}C:\program files (x86)\azureus\azureus.exe" =-
"UDP Query User{0794A955-ACE5-4CBE-B801-C1E33C8D39BC}C:\program files (x86)\azureus\azureus.exe" =-

:Files
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]

2.
Überprüfe Dein komplettes System noch mit Panda Active Scan:
Panda ActiveScan

urbi28 21.03.2012 19:05
Hi,
die Browser scheinen alle normal zu sein (wegen vshare tv).
Zu diesen network.proxy....wenn ich da irgendwas verstellt haben sollte, ist es schon lange her. Was bedeutet das denn genau? Das ich die IP manuell eingestellt habe?
Also kann ich die Programme beruhigt auf meine Rechner lassen ja, bzw. ist es sogar zu empfehlen? Also momentan ist neben ESET unten rechts noch Malwarebytes und Superantispyware offen.
Zu den Ergebnissen:

OTL Fix

Code:
All processes killed
========== OTL ==========
Prefs.js: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}" removed from browser.search.defaulturl
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ee1babcf-cbe2-4c07-8e18-dfe6fc08c30a}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ee1babcf-cbe2-4c07-8e18-dfe6fc08c30a}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EEE6C35B-6118-11DC-9C72-001320C79847} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ee1babcf-cbe2-4c07-8e18-dfe6fc08c30a}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ee1babcf-cbe2-4c07-8e18-dfe6fc08c30a}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EEE6C35B-6118-11DC-9C72-001320C79847} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}\ not found.
Folder C:\Users\Urbi\AppData\Roaming\08017\ not found.
Folder C:\Users\Urbi\AppData\Roaming\Azureus\ not found.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{3B9F3B71-5AC6-4F2E-85E5-D49B6C55C49A}C:\program files (x86)\azureus\azureus.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{0794A955-ACE5-4CBE-B801-C1E33C8D39BC}C:\program files (x86)\azureus\azureus.exe not found.
========== FILES ==========
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\Urbi\Desktop\cmd.bat deleted successfully.
C:\Users\Urbi\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: All Users
 
User: AppData
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Public
 
User: Urbi
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 163840 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 32835 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 334 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 0,00 mb
 
 
OTL by OldTimer - Version 3.2.39.1 log created on 03212012_182851

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
PandaactiveScan hat das gefunden:

Code:
Malware. FILE: C:\USERS\URBI\COOKIES\VM0OGKBT.TXT to be deleted.

Malware. FILE: C:\USERS\URBI\COOKIES\NNGB3OS0.TXT to be deleted.

Suspicious Policy. POLICY: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\ADVANCED[SHOWSUPERHIDDEN] to be changed to: 1

Suspicious Policy. POLICY: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\ADVANCED[HIDEFILEEXT] to be changed to: 0
dann hab ich auf "clean" gedrückt und es erschien "successful cleaned".

kira 22.03.2012 08:13
es kann ja mit fritz.box zu tun haben

wie läuft sonst? alles im grünen Bereich?

wenn ja:

1.
Programme deinstallieren/entfernen, die wir verwendet haben und nicht brauchst, bis auf:
Code:
CCleaner
- Zeitweise laufen lassen:-> Anleitung

2.
Tool-Bereinigung mit OTL

Wir werden nun die CleanUp!-Funktion von OTL nutzen, um die meisten Programme, die wir zur Bereinigung installiert haben, wieder von Deinem System zu löschen.
  • Bitte lade Dir (falls noch nicht vorhanden) OTL von OldTimer herunter.
  • Speichere es auf Deinem Desktop.
  • Doppelklick auf OTL.exe um das Programm auszuführen.
  • Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
  • Klicke auf den Button "Bereinigung"
  • OTL fragt eventuell nach einem Neustart.
    Sollte es dies tun, so lasse dies bitte zu.
Anmerkung: Nach dem Neustart werden OTL und andere Helferprogramme, die Du im Laufe der Bereinigung heruntergeladen hast, nicht mehr vorhanden sein. Sie wurden entfernt. Es ist daher Ok, wenn diese Programme nicht mehr vorhanden sind. Sollten noch welche übrig geblieben sein, lösche sie manuell.

3.
Windows legt beispielsweise regelmäßig Schattenkopien an (mindestens einmal täglich), die im Notfall zur Wiederherstellung des Systems und zum Zugriff auf ältere Dateiversionen dienen. Diese Funktion belegt sehr viel Speicherplatz. Standardmäßig beträgt der für Schattenkopien reservierte Speicherplatz 15 % der Volumegröße, so dass die Systemleistung auch beeinträchtigt wird. Außerdem gelöschte und ev. schädliche Objekte, die in der Systemwiederherstellung sitzen, müssen auch entfernt werden:
Also mach bitte folgendes:
  • Rechten Maustaste auf den "Arbeitsplatz"-> auf "Eigenschaften"-> Registerkarte "Systemwiederherstellung"
  • "Systemwiederherstellung deaktivieren"-> "OK"-> alle Fenster schließen
  • PC runterfahren-> dann wieder einschalten
  • die Standardeinstellung wiederherzustellen (SWH wieder "aktivieren")
also zuerst deaktivieren-> dann aktivieren - am Ende soll wieder "aktiviert" sein!

4.
Ich würde Dir vorsichtshalber raten, dein Passwort zu ändern (man sollte alle 3-4 Monate machen)
z.B. Login-, Mail- oder Website-Passwörter
Tipps:
Die sichere Passwort-Wahl - (sollte man eigentlich regelmäßigen Abständen ca. alle 3-5 Monate ändern)
auch noch hier unter: Sicheres Kennwort (Password)

5.
► ► Schaue bitte nach, ob für Windows neue Update gibt?!:-> - Microsoft Update hält Ihren Computer auf dem neuesten Stand!

6.
► der Internet Explorer muss aktualisiert werden! Version 9 ist aktuell...
Du kannst gleich den Internet Explorer 9 installieren, um die vorhandene Version von Internet Explorer zu ersetzen:-> Internet Explorer 9
Software wie Betriebssysteme, Browser und E-Mail Clients werden laufend weiterentwickelt. Gleichzeitig arbeiten jedoch auch Hacker daran, ständig neue Sicherheitslücken zu finden und auszunutzen. Was heute noch keine Schlupflücke für Viren und Würmer ist, kann morgen bereits zur Gefahr werden, wenn der entsprechende Schädling programmiert wurde. Das führt dazu, dass es relativ häufig zu Meldungen über neue Sicherheitsanfälligkeiten kommt, auch wenn diese noch nicht durch Hacker entdeckt wurden. Denn selbstverständlich suchen auch Sicherheitsspezialisten nach potenziellen Angriffsmöglichkeiten. Updates der Softwareentwickler sorgen dafür, dass der User immer die aktuellste und sicherste Version des Betriebssystems und der installierten Software nutzen kann.

urbi28 23.03.2012 00:32
Also läuft alles wieder optimal, wie frisch gekauft. Ich danke dir wirklich sehr für deine Hilfe :)
Meine Passwörter werde ich jetz stück für stück ersetzen.
Vielleicht kannst du mir abschließend noch nen paar tipps geben, wie mein PC auch schnell und sauber bleibt. Und vor allem, wie ich erkenne, dass mein PC mit irgendwas infziert ist.(reicht da ESET?)
Mitgenommen hab ich bis jetz:
- jede neue Installation genau unter die Lupe nehmen und benutzerdefiniert installieren mit anschließenden browser und Programmencheck
- alles so schnell wie möglich updaten, falls verfügbar
- auf gecrackte software verzichten .....wie sieht es allgemein mit filesharing aus?hab ich ne möglichkeit zu erkennen, ob eine fiese datei dabei ist?
- allgemein augen offen halten und auch ma ne AGB durchlesen

kira 23.03.2012 07:28
Lesestoff Nr.1:
  • Wie erstelle ich ein eingeschränktes Benutzerkonto?
  • Software immer auf dem neuesten Stand halten!:
    ALLE auf dem System installierten Programme und Treiber, sollten regelmäßig upgedatet werden um Sicherheitslücken zu vermeiden und um das reibungslose Arbeitsabläufe zu erreichen!
  • Ein sicherer Browser als IE z.B. *Ein Wechsel des Standardbrowsers zu...von SETI@home* - Firefox - FirefoxWiki/Einstellungen - Erweiterungen für Firefox - Standardbrowser
  • Sichere eMail Clients z.B. Thunderbird-->Erweiterungen für Mozilla Thunderbird
    - Unbekannten E-Mail-Anhang NICHT öffnen!
  • Sichere Paswort - Die sichere Passwort-Wahl - (sollte man eigentlich regelmäßigen Abständen ca. alle 3-5 Monate ändern)
    auch noch hier unter: Sicheres Kennwort (Password)
    Die fünf häufigsten Passwort-Fehler[/b[
  • "Never accept software from strangers" - Installiere grundsätzlich immer nur Programme, die Du auch wirklich benötigst und von denen Du überzeugt bist, dass sie seriös sind.
    Du hast die Wahl!, welche zusätzlichen Komponenten noch installiert werden sollen? -> Bei der Installation immer mitlesen, Sponsoren und Partnerprogramme, Toolbars oder eventuell noch andere extra angebotene Programme möglichst abwählen!
    Sponsor-Programm, Toolbars möglist abwählen (so wird oft Art von Adware/Spyware mitinstalliert)
  • NICHT irgendwelche Programme aus dem Netz laden, wenn nicht zu 100% fest steht, dass es sich dabei um saubere Software handelt. Nette Versprechen der Hersteller garantieren noch lange keine einwandfreie Funktionsweise, also vorher blättere die Seiten bei GOOGLE, da kannst Du Dir wertvolle Informationen holen!!!
  • Programme und Treiber:
    Nur vom Hersteller!
  • Onlinebanking:
    Gib deine Passwörter niemals preis!
    Seriöse Bankinstitute, E- Mail- Provider oder Online- Shops versenden grundsätzlich keine E- Mails, in denen Kunden aufgefordert werden, vertrauliche Daten wie Passwörter, Verfügernummer, PINs oder TANs preiszugeben. Bei dieser Art von E- Mails handelt es sich immer um Betrugsversuche, weshalb entsprechende Anfragen nicht beantwortet werden sollten. Sobald der Verdacht auf Betrug entsteht, melde deinen Verdacht der jeweiligen Bank- Hotline.
  • Comnputer, anderen (Gästen/Freunden) zur Nutzung überlassen überlassen - Nutze nur vertrauenswürdige Computer!
    Vergewissere dich, dass nur Personen deines Vertrauens deinen Computer nutzen oder verwalten und wickel niemals Bankgeschäfte über nicht vertrauenswürdige Computer - beispielsweise aus einem Internetcafé während des Urlaubs - ab
  • Vorsicht bei der Nutzung fremder Computer und anschliessbare Externe Speichermedien wie Festplatte, USB Sticks, Speicherkarten usw![/color] - IT-Betrüger machen keinen Urlaub!/bsi-fuer-buerger.de - auch zeitweise anschließen und scannen lassen (sehe unter `kostenlose Online-Viren-Scanner`)
  • Webseiten ohne Gültiges Impressum nicht besuchen
  • Lizenzkosten sparen? - Vorsicht bei Dateien/Programmen aus nicht vertrauenswürdigen Quellen! - "full Keygen, Crack, Serial, Warez, keygenerators" etc.
    Sind immer verseucht mit diverse Malware/Schadprogramme/Code, es gibt keine seite wo Viren frei ist. (Man sollte nicht absitlich der Teufel holen;)) Eine weitere höchst unsichere Quelle ist das File-Sharing der sog. (Musik-)Tauschbörsen.
    ► Ausserdem machst Du dich damit strafbar!
  • Nur eine Firewall sowie ein Antiviren Programm verwenden, welche sich immer auf dem aktuellsten Stand befinden sollten!
    Das Installieren von `zuviel` Software beeinträchtigt die Systemleistung und Sicherheit, verlangsamt den Start-Vorgang enorm und belastet den Arbeitsspeicher (weil laufen ja die Programme nebeneinander gleichzeitig, die viel Performance fressen, aber wenig Qualität bringen). Im Laufe der Zeit wird der rechner durch zu viel unnötigen Ballast immer langsamer, und unsicherer. Um so mehr Programme installiert sind, um so häufiger treten Probleme auf, die dann unter Umständen nur schwer lösen können. Dazu kommt noch, das einige Programme große Sicherheitsrisiken mit sich bringen;)
  • Virenscanner
  • BSI für Bürger
  • SETI@home - [Sicherheit] Sicherheitskonzept
  • Entwicklung schädlicher Websites/viruslist.com
  • Brennpunkt: Bilder und Töne
    Gefährliche Bilder, schräge Töne/BSI

** Der gesunde Menschenverstand, Windows und Internet-Software sicher konfigurieren ist der beste Weg zur Sicherheit im Webverkehr ist !!
Zitat:
Da der Bestand der Datenbank wird täglich ergänzt und erweitert bzw werden mit der aktuellen Virendefinition die Informationen über den betroffenen Virus aufgenommen, empfehle ich dir mindestens einmal pro Woche (später genügt es sicherlich einmal im Monat) dein System Online Scannen lassen (immer mit einen anderen Scanner), um eine zweite Meinung einzuholen - Die auf dem Speichermedium gesicherten Daten sollten auch mit einbezogen werden!
(benutzen meist ActiveX und/oder Java): Kostenlose Online Scanner -
Lesestoff Nr.2:
► Kann sich auf Dauer eine Menge Datenmüll ansammeln, sich Fehlermeldungen häufen, der PC ist wahrscheinlich nicht mehr so schnell, wie früher:wünsch Dir alles Gute:)

Wenn Du uns unterstützen möchtest→ Spendekonto

gruß
kira


Alle Zeitangaben in WEZ +1. Es ist jetzt 03:26 Uhr.

Copyright ©2000-2024, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28