Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Windows gesperrt. Trojaner! will 50 € (https://www.trojaner-board.de/112099-windows-gesperrt-trojaner-will-50-a.html)

Andrija 22.03.2012 13:38
Windows gesperrt. Trojaner! will 50 €
 
Hallo zusammen!

hab mir gestern ein Bild auf Google angeschaut und dieses hat mich direkt auf eine Seite verlinkt und hat halt ewig geladen. War wahrscheinlich der Fehler. Plötzlich Blackscreen und die Meldung dass aus Sicherheitsgründen, da der PC unendlich viele Viren hat, der PC gesperrt wird. PayPall Überweisung müsste man tätigen und 50 € zahlen. Kennt ihr bestimmt. Hab hier auch einen Tread gelesen. Hab mir OTL heruntergeladen aber weiß nciht genau was ich tun soll. Bitte um Hilfe.

Vielen vielen Dank im vorraus.

Andrija

markusg 22.03.2012 16:24
hi,
neustart, f8 drücken abgesicherter modus mit netzwerk wählen, im betroffenen konto anmelden, internet verbindung herstellen.
Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Kopiere
    nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread

Andrija 22.03.2012 18:02
Code:
OTL logfile created on: 22.03.2012 17:19:13 - Run 1
OTL by OldTimer - Version 3.2.39.2    Folder = C:\Users\Andrija\Downloads
64bit- Ultimate Edition  (Version = 6.1.7100) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7100.0)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,99 Gb Total Physical Memory | 1,33 Gb Available Physical Memory | 67,01% Memory free
3,98 Gb Paging File | 3,36 Gb Available in Paging File | 84,41% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 230,87 Gb Total Space | 21,92 Gb Free Space | 9,50% Space Free | Partition Type: NTFS
 
Computer Name: FUJITSU-SIEMENS | User Name: Andrija | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.03.22 13:33:17 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Andrija\Downloads\OTL.exe
 
 
========== Modules (No Company Name) ==========
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2012.03.19 14:18:18 | 000,302,592 | ---- | M] (Works Ltd.) [Auto | Running] -- C:\Windows\SysNative\aptwj0qdl.dll -- (LanmanWorkstation)
SRV:64bit: - [2009.04.22 06:38:59 | 000,193,024 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012.02.15 13:30:18 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.02.10 17:56:24 | 000,109,064 | ---- | M] (Wajam) [Auto | Stopped] -- C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe -- (WajamUpdater)
SRV - [2012.01.03 14:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.11.11 13:16:32 | 000,114,000 | ---- | M] (Joosoft.com GmbH) [Auto | Stopped] -- C:\Windows\SysWOW64\UpdSvc.dll -- (Update-Service)
SRV - [2011.10.11 13:59:49 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.10.11 13:59:37 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.04.27 17:21:18 | 000,288,272 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Programme\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV - [2011.04.27 17:21:18 | 000,012,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2011.03.28 20:11:06 | 002,292,096 | ---- | M] (Microsoft Corp.) [Auto | Stopped] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2010.09.22 17:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2010.09.16 13:49:28 | 000,216,576 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\SmartSVN 6.6\bin\statuscached.exe -- (statuscached)
SRV - [2010.02.19 12:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2010.01.09 20:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2009.10.07 13:50:26 | 000,185,640 | ---- | M] (TeamViewer GmbH) [Auto | Stopped] -- C:\Program Files (x86)\TeamViewer\Version4\TeamViewer_Service.exe -- (TeamViewer4)
SRV - [2009.04.04 21:05:06 | 000,067,424 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2005.11.17 15:18:52 | 001,527,900 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Program Files (x86)\MAGIX\Common\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.02.18 21:47:03 | 000,132,320 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2011.11.29 03:28:28 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2011.10.26 21:02:19 | 000,294,232 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\Treiber\VMM.sys -- (vmm)
DRV:64bit: - [2011.10.11 14:00:01 | 000,097,312 | ---- | M] (Avira GmbH) [File_System | Auto | Stopped] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2011.10.11 14:00:01 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2011.08.02 17:38:56 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011.04.27 15:25:24 | 000,084,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2010.09.22 23:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2010.01.16 15:23:07 | 000,834,544 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2009.09.23 18:23:02 | 006,180,832 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009.05.18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009.04.22 06:53:06 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.04.22 06:53:04 | 000,105,040 | ---- | M] (AMD) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009.04.22 06:52:53 | 000,028,752 | ---- | M] (AMD) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009.04.22 06:48:16 | 000,077,904 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009.04.22 06:48:15 | 000,065,616 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.04.22 06:48:04 | 000,023,120 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009.04.22 06:45:20 | 000,024,640 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.04.09 03:09:06 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) Intel(R)
DRV:64bit: - [2009.03.28 05:44:59 | 000,416,768 | ---- | M] (Realtek Semiconductor Corporation                          ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RTL8187B.sys -- (RTL8187B)
DRV:64bit: - [2009.03.17 05:35:14 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.03.06 08:43:48 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.03.01 22:05:32 | 000,187,392 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009.02.06 04:41:49 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.01.24 05:08:24 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008.06.27 06:51:10 | 000,088,632 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\adfs.sys -- (adfs)
DRV:64bit: - [2007.01.29 05:20:34 | 000,079,760 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VMNetSrv.sys -- (VPCNetS2)
DRV:64bit: - [2006.08.11 17:53:36 | 012,263,552 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\snp2sxp.sys -- (SNP2STD) USB2.0 PC Camera (SNP2STD)
DRV - [2012.03.22 12:49:47 | 000,035,664 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{808DCF1E-409B-415F-99C0-139031D6F147}\MpKslb2fd3f3c.sys -- (MpKslb2fd3f3c)
DRV - [2010.01.29 11:40:16 | 000,115,600 | ---- | M] (EZB Systems, Inc.) [File_System | System | Stopped] -- C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys -- (ISODrive)
DRV - [2009.04.22 06:23:43 | 000,019,024 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2006.08.11 17:52:50 | 011,985,920 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\snp2sxp.sys -- (SNP2STD) USB2.0 PC Camera (SNP2STD)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://start.facemoods.com/?a=gppc&s={searchTerms}&f=4
IE - HKLM\..\URLSearchHook:  - No CLSID value found
IE - HKLM\..\URLSearchHook: {69b6939f-c70d-45c5-9bbd-e2e2cc3dd8e5} - C:\Program Files (x86)\Eazel-DE\prxtbEaz0.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found
IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT1703539
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.babylon.com/?babsrc=HP_ss&affID=110482&mntrId=5c685913000000000000001cbf549d61
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 3B 3B 81 42 25 E3 CC 01  [binary data]
IE - HKCU\..\URLSearchHook: {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgHelper.dll (SweetIM Technologies Ltd.)
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/web/{searchTerms}?babsrc=SP_ss&affID=110482&mntrId=5c685913000000000000001cbf549d61
IE - HKCU\..\SearchScopes\{30ACB990-690D-456F-8F8F-400448D3DB8E}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=PTV&o=15184&src=crm&q={searchTerms}&locale=en_US&apn_ptnrs=RY&apn_dtid=YYYYYYYYDE&apn_uid=98FB32C9-11E6-4F29-A28B-8DF224E36214&apn_sauid=85B70F50-A889-4486-BB03-6DA384F38E86&
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7SKPB_de
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Search the web"
FF - prefs.js..browser.search.order.1: "Search the web"
FF - prefs.js..browser.search.selectedEngine: "Search the web"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - prefs.js..keyword.URL: "hxxp://www.browsersafesearch.com?client=mozilla-firefox&cd=UTF-8&search=1&q="
 
FF - user.js..browser.search.selectedEngine: "Search the web"
FF - user.js..browser.search.order.1: "Search the web"
FF - user.js..browser.search.defaultenginename: "Search the web"
FF - user.js..keyword.URL: "hxxp://www.browsersafesearch.com?client=mozilla-firefox&cd=UTF-8&search=1&q="
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.448: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/npracplug;version=1.0.0.0: C:\Program Files (x86)\Real\RealArcade\Plugins\Mozilla\npracplug.dll (RealNetworks)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.448: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\@thrixxx.com/WebLaunch: C:\Program Files (x86)\thriXXX\WebLaunch\Binaries\npWebLaunch.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Program Files (x86)\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKLM\Software\MozillaPlugins\@zylom.com/ZylomGamesPlayer: C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll (Zylom)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\MICROSOFT.NET\FRAMEWORK64\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION\ [2009.04.22 10:45:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2012.02.18 21:53:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}: C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2011.09.22 12:57:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.02.16 17:18:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.02.24 20:21:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.02.18 21:54:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Sunbird 1.0b1\extensions\\Components: C:\Program Files (x86)\Mozilla Sunbird\components [2011.10.08 12:05:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Sunbird 1.0b1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Sunbird\plugins [2012.02.18 21:54:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 10.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2011.11.22 16:53:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 10.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
 
[2012.02.28 19:55:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Andrija\AppData\Roaming\mozilla\Extensions
[2012.02.28 19:53:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Andrija\AppData\Roaming\mozilla\Firefox\Profiles\6g9tuyxg.default\extensions
[2012.02.28 19:54:02 | 000,000,000 | ---D | M] (Babylon) -- C:\Users\Andrija\AppData\Roaming\mozilla\Firefox\Profiles\6g9tuyxg.default\extensions\ffxtlbr@babylon.com
[2012.02.16 17:13:30 | 000,000,000 | ---D | M] (toolplugin) -- C:\Users\Andrija\AppData\Roaming\mozilla\Firefox\Profiles\6g9tuyxg.default\extensions\welcome@toolmin.com
[2012.02.27 22:01:28 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2009.09.22 17:18:53 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2012.02.27 22:01:30 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012.02.24 20:21:48 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.02.02 20:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2009.10.09 12:26:06 | 000,024,576 | ---- | M] (RealNetworks) -- C:\Program Files (x86)\mozilla firefox\plugins\npgcplug.dll
[2005.04.27 21:10:49 | 000,102,400 | ---- | M] (RealNetworks) -- C:\Program Files (x86)\mozilla firefox\plugins\npracplug.dll
[2006.08.09 11:16:08 | 000,030,408 | ---- | M] ( ) -- C:\Program Files (x86)\mozilla firefox\plugins\npWebLaunch.dll
[2006.09.26 11:03:14 | 000,098,304 | ---- | M] (Zylom) -- C:\Program Files (x86)\mozilla firefox\plugins\npzylomgamesplayer.dll
[2012.02.11 15:03:02 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.02.28 19:53:59 | 000,002,288 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
[2012.02.11 15:03:02 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.02.11 15:03:02 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011.05.14 10:35:38 | 000,002,047 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrch.xml
[2012.02.11 15:03:02 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.02.16 17:13:30 | 000,000,158 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\Search the web.src
[2012.02.11 15:03:02 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.02.11 15:03:02 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\17.0.963.46\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\17.0.963.46\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\17.0.963.46\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Wajam (Enabled) = C:\Users\Andrija\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp\1.21_0\plugins/WajamNPAPI.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U24 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit)  (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: RealArcade Mozilla Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npracplug.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: thriXXX WebLaunch (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npWebLaunch.dll
CHR - plugin: Zylom Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npzylomgamesplayer.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll
CHR - plugin: Unity Player (Enabled) = C:\Program Files (x86)\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Windows Activation Technologies (Enabled) = C:\Windows\system32\Wat\npWatWeb.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\Andrija\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\
CHR - Extension: Google-Suche = C:\Users\Andrija\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\
CHR - Extension: Wajam = C:\Users\Andrija\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp\1.21_0\
CHR - Extension: Mehr Leistung und Videoformate f\u00FCr dein HTML5 \u003Cvideo\u003E = C:\Users\Andrija\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
CHR - Extension: Facecons = C:\Users\Andrija\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiabdeiamlolpdknhnpflnijogclooij\1.0_0\
CHR - Extension: Google Mail = C:\Users\Andrija\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\
 
O1 HOSTS File: ([2011.09.26 16:59:38 | 000,412,715 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1        www.007guard.com
O1 - Hosts: 127.0.0.1        007guard.com
O1 - Hosts: 127.0.0.1        008i.com
O1 - Hosts: 127.0.0.1        www.008k.com
O1 - Hosts: 127.0.0.1        008k.com
O1 - Hosts: 127.0.0.1        www.00hq.com
O1 - Hosts: 127.0.0.1        00hq.com
O1 - Hosts: 127.0.0.1        010402.com
O1 - Hosts: 127.0.0.1        www.032439.com
O1 - Hosts: 127.0.0.1        032439.com
O1 - Hosts: 127.0.0.1        www.0scan.com
O1 - Hosts: 127.0.0.1        0scan.com
O1 - Hosts: 127.0.0.1        1000gratisproben.com
O1 - Hosts: 127.0.0.1        www.1000gratisproben.com
O1 - Hosts: 127.0.0.1        1001namen.com
O1 - Hosts: 127.0.0.1        www.1001namen.com
O1 - Hosts: 127.0.0.1        100888290cs.com
O1 - Hosts: 127.0.0.1        www.100888290cs.com
O1 - Hosts: 127.0.0.1        www.100sexlinks.com
O1 - Hosts: 127.0.0.1        100sexlinks.com
O1 - Hosts: 127.0.0.1        10sek.com
O1 - Hosts: 127.0.0.1        www.10sek.com
O1 - Hosts: 127.0.0.1        www.1-2005-search.com
O1 - Hosts: 127.0.0.1        1-2005-search.com
O1 - Hosts: 127.0.0.1        123fporn.info
O1 - Hosts: 14258 more lines...
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.7.7227.1100\swg64.dll (Google Inc.)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Dealio Toolbar) - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files (x86)\Dealio Toolbar\IE\4.6\dealioToolbarIE.dll (Spigot, Inc.)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll (Babylon BHO)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files (x86)\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Eazel-DE Toolbar) - {69b6939f-c70d-45c5-9bbd-e2e2cc3dd8e5} - C:\Program Files (x86)\Eazel-DE\prxtbEaz0.dll (Conduit Ltd.)
O2 - BHO: (CmjBrowserHelperObject Object) - {6FE6A929-59D1-4763-91AD-29B61CFFB35B} - C:\Program Files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll (Mindjet)
O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
O2 - BHO: (Wajam) - {A7A6995D-6EE1-4FD1-A258-49395D5BF99C} - C:\Program Files (x86)\Wajam\IE\wajam.dll (Wajam)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O2 - BHO: (FACECONS Class) - {B2A44031-7EAD-434C-AC9E-7F1DA176BA8C} - C:\Program Files (x86)\Facecons\facecons.dll (Facecons)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (SweetIM Toolbar Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Yontoo Layers) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo Layers Runtime\YontooIEClient.dll (Yontoo LLC)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Dealio Toolbar) - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files (x86)\Dealio Toolbar\IE\4.6\dealioToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
O3 - HKLM\..\Toolbar: (Eazel-DE Toolbar) - {69b6939f-c70d-45c5-9bbd-e2e2cc3dd8e5} - C:\Program Files (x86)\Eazel-DE\prxtbEaz0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll (Babylon Ltd.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (toolplugin) - {DFEFCDEE-CF1A-4FC8-89AF-189327213627} - C:\Users\Andrija\AppData\Roaming\toolplugin\toolbar.dll File not found
O3 - HKLM\..\Toolbar: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Eazel-DE Toolbar) - {69B6939F-C70D-45C5-9BBD-E2E2CC3DD8E5} - C:\Program Files (x86)\Eazel-DE\prxtbEaz0.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Program Files (x86)\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [snp2std] C:\Windows\vsnp2std.exe (Sonix)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [MMReminderService] C:\Program Files (x86)\Mindjet\MindManager 10\MMReminderService.exe (Mindjet)
O4 - HKLM..\Run: [TrayServer] C:\PROGRA~2\MAGIX\VIDEO_~1\TrayServer.exe File not found
O4 - HKCU..\Run: [Media Finder] "C:\Program Files (x86)\Media Finder\MF.exe" /opentotray File not found
O4 - HKCU..\Run: [SkypePM] C:\Users\Andrija\AppData\Local\Skype\SkypePM.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Andrija\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: Nzzv = C:\Windows\SysWOW64\svchost9.exe
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105 File not found
O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Download with &Media Finder - C:\Program Files (x86)\Media Finder\hook.html File not found
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Send Image To MindManager - C:\Program Files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll (Mindjet)
O8:64bit: - Extra context menu item: Send Link To MindManager - C:\Program Files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll (Mindjet)
O8:64bit: - Extra context menu item: Send Page To MindManager - C:\Program Files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll (Mindjet)
O8:64bit: - Extra context menu item: Send Text To MindManager - C:\Program Files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll (Mindjet)
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Download with &Media Finder - C:\Program Files (x86)\Media Finder\hook.html File not found
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Send Image To MindManager - C:\Program Files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll (Mindjet)
O8 - Extra context menu item: Send Link To MindManager - C:\Program Files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll (Mindjet)
O8 - Extra context menu item: Send Page To MindManager - C:\Program Files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll (Mindjet)
O8 - Extra context menu item: Send Text To MindManager - C:\Program Files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll (Mindjet)
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Send to Mindjet MindManager - {2F72393D-2472-4F82-B600-ED77F354B7FF} - C:\Program Files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll (Mindjet)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Windows\SysWOW64\d3dy7248a.dll ()
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.1.71.0.cab (Reg Error: Key error.)
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} file:///C:/Program%20Files%20(x86)/Monopoly/Images/stg_drm.ocx (SpinTop DRM Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///C:/Program%20Files%20(x86)/Monopoly/Images/armhelper.ocx (ArmHelper Control)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6B0A2152-7DC9-41D3-8EC1-4334BA59DE6D}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F1734F42-7695-4657-8DA4-05501C20C3F8}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\ipp - No CLSID value found
O18:64bit: - Protocol\Handler\ipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -  File not found
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -  File not found
O20 - HKLM Winlogon: UserInit - (userinit.exe) -  File not found
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -  File not found
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) -  File not found
O29:64bit: - HKLM SecurityProviders - (credssp.dll) -  File not found
O29 - HKLM SecurityProviders - (credssp.dll) -  File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4885A41B-7D7D-4C18-9F83-8755AF9A206D} - Microsoft Windows Media Player
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6599E014-44BA-499D-09CD-88F2ADBAFFB7} - .NET Framework
ActiveX: {69D8F580-5871-2A6D-3767-D935946518AF} - Microsoft Windows Media Player
ActiveX: {6B8FA703-E218-4449-7F10-571B07C5E654} - Browser Customizations
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {90EF4A5E-85DB-4825-96F5-1AB93C2A8EEB} - C:\Program Files (x86)\Mindjet\MindManager 10\sys\MmInternetExplorerActiveSetup.vbs
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {DAE9DB07-AF9C-81CC-E4AF-7A16A26F7586} - Microsoft Windows Media Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
 
MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan.lnk - C:\PROGRA~2\MCAFEE~1\10DF39~1.150\SSSCHE~1.EXE - (McAfee, Inc.)
MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^SmartSVN 6.6 (background).lnk -  - File not found
MsConfig:64bit - StartUpFolder: C:^Users^Andy.Fujitsu-Siemens^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk -  - File not found
MsConfig:64bit - StartUpFolder: C:^Users^Andy.Fujitsu-Siemens^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.1.lnk - C:\PROGRA~2\OPENOF~1.ORG\program\QUICKS~1.EXE - ()
MsConfig:64bit - StartUpFolder: C:^Users^Andy.Fujitsu-Siemens^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Terminkalender2.lnk -  - File not found
MsConfig:64bit - StartUpReg: Acrobat Assistant 8.0 - hkey= - key= - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
MsConfig:64bit - StartUpReg: Adobe Acrobat Speed Launcher - hkey= - key= - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: AdobeAAMUpdater-1.0 - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: AdobeCS4ServiceManager - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: AdobeCS5.5ServiceManager - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: DAEMON Tools Lite - hkey= - key= - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
MsConfig:64bit - StartUpReg: DivXUpdate - hkey= - key= - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
MsConfig:64bit - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files (x86)\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig:64bit - StartUpReg: msnmsgr - hkey= - key= - C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
MsConfig:64bit - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files (x86)\QuickTime\QTTask.exe (Apple Inc.)
MsConfig:64bit - StartUpReg: SearchSettings - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
MsConfig:64bit - StartUpReg: svchospt - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: SweetIM - hkey= - key= - C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.)
MsConfig:64bit - StartUpReg: swg - hkey= - key= - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
MsConfig:64bit - StartUpReg: SwitchBoard - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: TkBellExe - hkey= - key= - C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
MsConfig:64bit - StartUpReg: tsnp2std - hkey= - key= -  File not found
MsConfig:64bit - State: "bootini" - Reg Error: Key error.
MsConfig:64bit - State: "services" - Reg Error: Key error.
MsConfig:64bit - State: "startup" - Reg Error: Key error.
 
CREATERESTOREPOINT
Error creating restore point.
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.03.22 13:26:37 | 000,000,000 | ---D | C] -- C:\Users\Andrija\AppData\Local\ElevatedDiagnostics
[2012.03.21 19:56:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
[2012.03.19 14:18:17 | 000,302,592 | ---- | C] (Works Ltd.) -- C:\Windows\SysNative\aptwj0qdl.dll
[2012.03.17 12:56:45 | 000,000,000 | ---D | C] -- C:\Users\Andrija\Desktop\VP
[2012.03.15 18:48:25 | 000,000,000 | ---D | C] -- C:\Users\Andrija\AppData\Roaming\iSpring Solutions
[2012.03.13 12:03:06 | 000,000,000 | ---D | C] -- C:\Users\Andrija\Documents\CSF Data
[2012.03.13 12:01:44 | 000,098,304 | ---- | C] (Sony DADC Austria AG.) -- C:\Windows\SysWow64\CmdLineExt.dll
[2012.03.13 12:00:52 | 000,000,000 | ---D | C] -- C:\Users\Andrija\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GameShadow
[2012.03.13 12:00:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GameShadow
[2012.03.10 11:32:12 | 000,000,000 | ---D | C] -- C:\Users\Andrija\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\JoWooD
[2012.03.10 11:31:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\JoWooD
[2012.03.10 11:10:54 | 000,000,000 | ---D | C] -- C:\Users\Andrija\AppData\Roaming\OpenOffice.org
[2012.03.07 16:14:16 | 000,000,000 | ---D | C] -- C:\Users\Andrija\AppData\Roaming\ArcSoft
[2012.03.06 19:09:58 | 000,000,000 | ---D | C] -- C:\ProgramData\WEBREG
[2012.03.06 19:09:57 | 000,000,000 | ---D | C] -- C:\Users\Andrija\AppData\Roaming\HP
[2012.03.06 19:09:33 | 000,000,000 | ---D | C] -- C:\Users\Andrija\AppData\Local\HP
[2012.03.06 19:06:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Yahoo! Companion
[2012.03.06 19:06:52 | 000,000,000 | ---D | C] -- C:\Users\Andrija\AppData\Roaming\Yahoo!
[2012.03.06 19:06:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Yahoo!
[2012.03.06 18:59:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Hewlett-Packard
[2012.03.06 18:59:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
[2012.03.06 18:56:47 | 000,000,000 | -H-D | C] -- C:\Config.Msi
[2012.03.06 18:56:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HP
[2012.03.06 18:54:40 | 000,000,000 | ---D | C] -- C:\Program Files\HP
[2012.03.06 18:52:48 | 000,000,000 | ---D | C] -- C:\ProgramData\HP
[2012.02.28 19:55:05 | 000,000,000 | ---D | C] -- C:\Users\Andrija\AppData\Roaming\Media Finder
[2012.02.28 19:55:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Finder
[2012.02.28 19:54:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BabylonToolbar
[2012.02.28 19:22:41 | 000,000,000 | ---D | C] -- C:\Users\Andrija\AppData\Roaming\FinalTorrent
[2012.02.27 22:00:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012.02.27 22:00:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[5 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Andrija\AppData\Roaming\*.tmp files -> C:\Users\Andrija\AppData\Roaming\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.03.22 14:17:52 | 001,552,336 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.03.22 14:17:52 | 000,678,342 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.03.22 14:17:52 | 000,635,500 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.03.22 14:17:52 | 000,135,374 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.03.22 14:17:52 | 000,110,944 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.03.22 13:29:41 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.03.22 13:29:29 | 1603,084,288 | -HS- | M] () -- C:\hiberfil.sys
[2012.03.22 12:55:02 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.03.22 12:42:45 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.03.22 09:25:17 | 000,023,312 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.03.22 09:25:17 | 000,023,312 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.03.21 22:38:55 | 005,128,576 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.03.21 20:12:55 | 000,352,256 | ---- | M] () -- C:\Users\Andrija\Documents\Database1.accdb
[2012.03.19 14:18:18 | 000,302,592 | ---- | M] (Works Ltd.) -- C:\Windows\SysNative\aptwj0qdl.dll
[2012.03.16 17:24:00 | 000,000,446 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for Ruza.job
[2012.03.13 12:01:44 | 000,098,304 | ---- | M] (Sony DADC Austria AG.) -- C:\Windows\SysWow64\CmdLineExt.dll
[2012.03.10 11:32:12 | 000,000,185 | ---- | M] () -- C:\Windows\dievölkergold.ini
[2012.03.10 11:11:36 | 000,001,241 | ---- | M] () -- C:\Users\Andrija\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk
[2012.02.28 19:54:10 | 000,000,237 | ---- | M] () -- C:\user.js
[5 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Andrija\AppData\Roaming\*.tmp files -> C:\Users\Andrija\AppData\Roaming\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.03.21 19:51:49 | 000,352,256 | ---- | C] () -- C:\Users\Andrija\Documents\Database1.accdb
[2012.03.10 11:32:12 | 000,000,185 | ---- | C] () -- C:\Windows\dievölkergold.ini
[2012.03.10 11:11:36 | 000,001,241 | ---- | C] () -- C:\Users\Andrija\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk
[2012.03.08 13:36:03 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2012.02.28 19:54:07 | 000,000,237 | ---- | C] () -- C:\user.js
[2011.11.25 13:56:11 | 000,001,456 | ---- | C] () -- C:\Users\Andrija\AppData\Local\Adobe Für Web speichern 12.0 Prefs
[2011.11.25 13:52:28 | 000,000,022 | ---- | C] () -- C:\Windows\SysWow64\winStudio.bin
[2011.11.25 13:29:24 | 000,000,132 | ---- | C] () -- C:\Users\Andrija\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2011.10.07 22:06:20 | 000,000,000 | ---- | C] () -- C:\Windows\PowerReg.dat
[2011.05.04 11:47:43 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2011.05.04 11:47:42 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2011.05.04 11:47:39 | 000,631,808 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2011.05.04 11:47:39 | 000,243,200 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2011.05.04 11:47:38 | 000,080,896 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2011.04.12 16:16:45 | 001,578,654 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
 
========== LOP Check ==========
 
[2012.02.16 17:20:09 | 000,000,000 | ---D | M] -- C:\Users\Andrija\AppData\Roaming\Babylon
[2012.01.23 13:56:26 | 000,000,000 | ---D | M] -- C:\Users\Andrija\AppData\Roaming\Blender Foundation
[2011.11.25 13:36:25 | 000,000,000 | ---D | M] -- C:\Users\Andrija\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012.02.28 19:22:41 | 000,000,000 | ---D | M] -- C:\Users\Andrija\AppData\Roaming\FinalTorrent
[2012.02.04 18:06:07 | 000,000,000 | ---D | M] -- C:\Users\Andrija\AppData\Roaming\GetRightToGo
[2012.03.15 18:48:25 | 000,000,000 | ---D | M] -- C:\Users\Andrija\AppData\Roaming\iSpring Solutions
[2012.02.28 19:57:10 | 000,000,000 | ---D | M] -- C:\Users\Andrija\AppData\Roaming\Media Finder
[2012.03.10 11:10:54 | 000,000,000 | ---D | M] -- C:\Users\Andrija\AppData\Roaming\OpenOffice.org
[2012.01.16 20:03:13 | 000,000,000 | ---D | M] -- C:\Users\Andrija\AppData\Roaming\Origin
[2011.11.28 19:09:48 | 000,000,000 | ---D | M] -- C:\Users\Andrija\AppData\Roaming\Registry Mechanic
[2012.01.11 17:33:25 | 000,000,000 | ---D | M] -- C:\Users\Andrija\AppData\Roaming\Stellarium
[2011.11.22 16:38:34 | 000,000,000 | ---D | M] -- C:\Users\Andrija\AppData\Roaming\Thunderbird
[2012.02.17 18:55:11 | 000,000,000 | ---D | M] -- C:\Users\Andrija\AppData\Roaming\toolplugin
[2012.02.05 11:46:27 | 000,000,000 | ---D | M] -- C:\Users\Andrija\AppData\Roaming\YoudaGames
[2012.03.19 14:28:43 | 000,032,604 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*. >
[2011.11.22 15:14:42 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2012.02.03 13:03:49 | 000,000,000 | ---D | M] -- C:\93c742743d25b19058b86d55
[2010.02.05 23:08:36 | 000,000,000 | ---D | M] -- C:\ArchitekturDesigner
[2011.06.24 21:49:00 | 000,000,000 | ---D | M] -- C:\Bilder1
[2010.02.06 14:24:25 | 000,000,000 | -HSD | M] -- C:\Boot
[2011.04.30 11:53:44 | 000,000,000 | ---D | M] -- C:\Casino
[2012.03.21 22:38:16 | 000,000,000 | -H-D | M] -- C:\Config.Msi
[2008.12.21 08:48:26 | 000,000,000 | ---D | M] -- C:\Corel
[2010.01.10 10:36:56 | 000,000,000 | ---D | M] -- C:\diplomski
[2008.05.17 19:08:58 | 000,000,000 | ---D | M] -- C:\divx
[2009.04.22 10:23:22 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2009.04.21 22:00:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen
[2012.01.24 14:18:12 | 000,000,000 | ---D | M] -- C:\Downloads
[2008.09.26 12:59:24 | 000,000,000 | ---D | M] -- C:\driver
[2008.12.10 09:54:07 | 000,000,000 | ---D | M] -- C:\fsc.tmp
[2008.03.01 17:01:58 | 000,000,000 | ---D | M] -- C:\Fujitsu Siemens Computers
[2008.04.30 13:43:52 | 000,000,000 | ---D | M] -- C:\HammerAutosave
[2011.05.01 12:35:59 | 000,000,000 | ---D | M] -- C:\inetpub
[2008.12.10 09:54:52 | 000,000,000 | ---D | M] -- C:\Intel
[2009.01.27 18:13:05 | 000,000,000 | ---D | M] -- C:\MAGIX
[2011.04.19 15:16:50 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2009.10.09 12:27:54 | 000,000,000 | ---D | M] -- C:\My Games
[2009.09.05 23:00:26 | 000,000,000 | ---D | M] -- C:\NVIDIA
[2009.04.22 08:16:38 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2012.03.06 18:54:40 | 000,000,000 | R--D | M] -- C:\Program Files
[2012.03.13 12:00:42 | 000,000,000 | R--D | M] -- C:\Program Files (x86)
[2012.03.06 19:47:08 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2008.12.10 18:40:22 | 000,000,000 | -HSD | M] -- C:\Programme
[2009.06.13 15:15:18 | 000,000,000 | -HSD | M] -- C:\Recovery
[2012.03.08 19:17:39 | 000,000,000 | ---D | M] -- C:\s-winprosa
[2010.01.02 21:03:14 | 000,000,000 | ---D | M] -- C:\SIA
[2008.11.21 16:20:26 | 000,000,000 | ---D | M] -- C:\Sierra
[2012.03.18 20:30:27 | 000,000,000 | ---D | M] -- C:\System Volume Information
[2011.10.02 09:32:29 | 000,000,000 | ---D | M] -- C:\TEMP
[2009.01.20 15:24:50 | 000,000,000 | ---D | M] -- C:\trueSpace76
[2012.03.07 21:02:28 | 000,000,000 | R--D | M] -- C:\Users
[2012.03.22 13:20:30 | 000,000,000 | ---D | M] -- C:\Windows
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
< MD5 for: AGP440.SYS  >
[2009.04.22 06:52:58 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=3D530DBF2154679DD0B0D47CA42CE90C -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.04.22 06:52:58 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=3D530DBF2154679DD0B0D47CA42CE90C -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_5a774c2b239a352c\AGP440.sys
[2009.04.22 06:52:58 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=3D530DBF2154679DD0B0D47CA42CE90C -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7100.0_none_87248120cc241bf9\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.04.22 06:52:52 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=F57B8BB59FB27784B67D54D9161D3CD9 -- C:\Windows\SysNative\drivers\atapi.sys
[2009.04.22 06:52:52 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=F57B8BB59FB27784B67D54D9161D3CD9 -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_6240958557aee151\atapi.sys
[2009.04.22 06:52:52 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=F57B8BB59FB27784B67D54D9161D3CD9 -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7100.0_none_aa49bbff2efd111b\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.04.22 06:39:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=85703F94D6830B69EA30CD1EBB6289B8 -- C:\Windows\SysNative\cngaudit.dll
[2009.04.22 06:39:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=85703F94D6830B69EA30CD1EBB6289B8 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7100.0_none_b5757f0a3d07c039\cngaudit.dll
[2009.04.22 06:20:04 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=EC9930C8CDF46295A1354256435CB5DE -- C:\Windows\SysWOW64\cngaudit.dll
[2009.04.22 06:20:04 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=EC9930C8CDF46295A1354256435CB5DE -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7100.0_none_5956e38684aa4f03\cngaudit.dll
 
< MD5 for: EXPLORER.EXE  >
[2009.04.22 06:38:05 | 002,858,496 | ---- | M] (Microsoft Corporation) MD5=0C817F3E033335EDB2DD069EFA84045E -- C:\Windows\explorer.exe
[2009.04.22 06:38:05 | 002,858,496 | ---- | M] (Microsoft Corporation) MD5=0C817F3E033335EDB2DD069EFA84045E -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7100.0_none_1ec63af7872fb13e\explorer.exe
[2009.04.22 06:19:02 | 002,607,616 | ---- | M] (Microsoft Corporation) MD5=C133788B393EEC01439AD997D24E66ED -- C:\Windows\SysWOW64\explorer.exe
[2009.04.22 06:19:02 | 002,607,616 | ---- | M] (Microsoft Corporation) MD5=C133788B393EEC01439AD997D24E66ED -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7100.0_none_291ae549bb907339\explorer.exe
 
< MD5 for: IASTORV.SYS  >
[2009.04.22 06:48:29 | 000,410,704 | ---- | M] (Intel Corporation) MD5=100D70F4650864A12E6D34B5FAA15068 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2009.04.22 06:48:29 | 000,410,704 | ---- | M] (Intel Corporation) MD5=100D70F4650864A12E6D34B5FAA15068 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_18cccb83b34e1453\iaStorV.sys
[2009.04.22 06:48:29 | 000,410,704 | ---- | M] (Intel Corporation) MD5=100D70F4650864A12E6D34B5FAA15068 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7100.0_none_7c22e65d953b3d0e\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.04.22 06:40:41 | 000,690,688 | ---- | M] (Microsoft Corporation) MD5=527F726F895A94F040DF2605BFF8F32E -- C:\Windows\SysNative\netlogon.dll
[2009.04.22 06:40:41 | 000,690,688 | ---- | M] (Microsoft Corporation) MD5=527F726F895A94F040DF2605BFF8F32E -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7100.0_none_cac94b28456d2ad6\netlogon.dll
[2009.04.22 06:21:18 | 000,561,152 | ---- | M] (Microsoft Corporation) MD5=A3EA8619FBBC2D270D79C241CE426618 -- C:\Windows\SysWOW64\netlogon.dll
[2009.04.22 06:21:18 | 000,561,152 | ---- | M] (Microsoft Corporation) MD5=A3EA8619FBBC2D270D79C241CE426618 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7100.0_none_d51df57a79cdecd1\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2009.04.22 06:48:24 | 000,167,504 | ---- | M] (NVIDIA Corporation) MD5=1C09D38432424726932E5B1D62FA561B -- C:\Windows\SysNative\drivers\nvstor.sys
[2009.04.22 06:48:24 | 000,167,504 | ---- | M] (NVIDIA Corporation) MD5=1C09D38432424726932E5B1D62FA561B -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_4d1b6b7b67c54c8c\nvstor.sys
[2009.04.22 06:48:24 | 000,167,504 | ---- | M] (NVIDIA Corporation) MD5=1C09D38432424726932E5B1D62FA561B -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7100.0_none_06ec570ccc71e6e6\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.04.22 06:21:47 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=686BAFE6AF35AF1C8D5EB536A8500430 -- C:\Windows\SysWOW64\scecli.dll
[2009.04.22 06:21:47 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=686BAFE6AF35AF1C8D5EB536A8500430 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7100.0_none_0f7420931aef738c\scecli.dll
[2009.04.22 06:41:00 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=BDBED21EC7818C2AA12A55697572C283 -- C:\Windows\SysNative\scecli.dll
[2009.04.22 06:41:00 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=BDBED21EC7818C2AA12A55697572C283 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7100.0_none_051f7640e68eb191\scecli.dll
 
< MD5 for: USER32.DLL  >
[2009.05.13 07:39:17 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=0F7B8291A7A558E3D9C6A32E25A45E70 -- C:\Windows\SysNative\user32.dll
[2009.05.13 07:39:17 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=0F7B8291A7A558E3D9C6A32E25A45E70 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7100.19_none_020d18c2c6148263\user32.dll
[2009.05.13 07:23:41 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=4F6713BACEF16A84D80110DE1CD46C81 -- C:\Windows\SysWOW64\user32.dll
[2009.05.13 07:23:41 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=4F6713BACEF16A84D80110DE1CD46C81 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7100.19_none_0c61c314fa75445e\user32.dll
[2009.05.13 08:00:52 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=8C6CCA1D44DC3D764D7FF7B610746A55 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7100.4108_none_690444c7f1ac7c4d\user32.dll
[2009.05.13 09:03:45 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=A3CADEC8E08271F4FFF034C5E272995F -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7100.4108_none_5eaf9a75bd4bba52\user32.dll
[2009.04.22 06:11:36 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=ADCBEAE40A6E714BA4E0CF257EA6BFEA -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7100.0_none_a49eaa78af3083ac\user32.dll
[2009.04.22 06:41:30 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=BBD85B4D52566D8600A1062A1607555E -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7100.0_none_9a4a00267acfc1b1\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2009.04.22 06:38:42 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=03F541FCFD3A950CE4E0AFB64A4AE4DC -- C:\Windows\SysNative\userinit.exe
[2009.04.22 06:38:42 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=03F541FCFD3A950CE4E0AFB64A4AE4DC -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7100.0_none_a93a4dfadf233a8a\userinit.exe
[2009.04.22 06:19:37 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=50771CA86FF1ADAF5FD1920F8CB5665E -- C:\Windows\SysWOW64\userinit.exe
[2009.04.22 06:19:37 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=50771CA86FF1ADAF5FD1920F8CB5665E -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7100.0_none_4d1bb27726c5c954\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.04.22 06:38:46 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=007CFB4BF1BE9D43E605FB4CFDFE5D01 -- C:\Windows\SysNative\winlogon.exe
[2009.04.22 06:38:46 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=007CFB4BF1BE9D43E605FB4CFDFE5D01 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7100.0_none_3cd494fbe264be74\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.04.22 05:19:10 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=DD7803B0B23EAB319DC359F02DBFDC5D -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009.04.22 05:19:10 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=DD7803B0B23EAB319DC359F02DBFDC5D -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7100.0_none_1c9834b9d540e8c0\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\system32\*.dll /lockedfiles >
[5 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]
 
< %USERPROFILE%\*.* >
[2012.03.22 17:38:33 | 003,670,016 | -HS- | M] () -- C:\Users\Andrija\NTUSER.DAT
[2012.03.22 17:38:32 | 000,262,144 | -HS- | M] () -- C:\Users\Andrija\ntuser.dat.LOG1
[2011.11.22 15:14:25 | 000,000,000 | -HS- | M] () -- C:\Users\Andrija\ntuser.dat.LOG2
[2011.11.22 16:39:40 | 000,065,536 | -HS- | M] () -- C:\Users\Andrija\NTUSER.DAT{87b498e0-2d68-11de-80f1-001e0bcde3ec}.TM.blf
[2011.11.22 16:39:40 | 000,524,288 | -HS- | M] () -- C:\Users\Andrija\NTUSER.DAT{87b498e0-2d68-11de-80f1-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
[2011.11.22 16:39:40 | 000,524,288 | -HS- | M] () -- C:\Users\Andrija\NTUSER.DAT{87b498e0-2d68-11de-80f1-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
[2011.11.22 15:14:26 | 000,000,020 | -HS- | M] () -- C:\Users\Andrija\ntuser.ini
 
< %USERPROFILE%\Local Settings\Temp\*.exe >
 
< %USERPROFILE%\Local Settings\Temp\*.dll >
 
< %USERPROFILE%\Application Data\*.exe >
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 177 bytes -> C:\ProgramData\TEMP:96EE29A3
@Alternate Data Stream - 175 bytes -> C:\ProgramData\TEMP:A4AF8D0D
@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:588B60C7
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:AFFC859A
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:52B72A7C
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:D1B5B4F1
@Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:CB0AACC9

< End of report >

Andrija 22.03.2012 18:04
Code:
OTL Extras logfile created on: 22.03.2012 17:19:13 - Run 1
OTL by OldTimer - Version 3.2.39.2    Folder = C:\Users\Andrija\Downloads
64bit- Ultimate Edition  (Version = 6.1.7100) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7100.0)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,99 Gb Total Physical Memory | 1,33 Gb Available Physical Memory | 67,01% Memory free
3,98 Gb Paging File | 3,36 Gb Available in Paging File | 84,41% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 230,87 Gb Total Space | 21,92 Gb Free Space | 9,50% Space Free | Partition Type: NTFS
 
Computer Name: FUJITSU-SIEMENS | User Name: Andrija | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
.reg [@ = regfile] -- regedit.exe "%1"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.reg [@ = regfile] -- regedit.exe "%1"
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office\WINWORD.EXE" /n
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office\WINWORD.EXE" /x /n
http [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [open] -- regedit.exe "%1"
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- "C:\Program Files (x86)\File Type Assistant\tsassist.exe" "%1" (Trusted Software ApS)
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V"
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office\WINWORD.EXE" /n
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office\WINWORD.EXE" /x /n
http [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [open] -- regedit.exe "%1"
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- "C:\Program Files (x86)\File Type Assistant\tsassist.exe" "%1" (Trusted Software ApS)
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V"
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = E7 3D 5E 41 2C C3 C9 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 
"AntiVirusOverride" = 0
"FirewallDisableNotify" = 
"FirewallOverride" = 0
"FirstRunDisabled" = 
"UpdatesDisableNotify" = 
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware
"{11BA2B00-1495-47B8-BFA8-D08C605AB2CC}" = Windows Live Family Safety
"{1280E900-35DA-4E08-A700-B79A5B2B8532}" = Microsoft Antimalware Service DE-DE Language Pack
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{42738DB0-FC3E-4672-A99B-9372F5696E30}" = Microsoft Security Client
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{55D55008-E5F6-47D6-B16F-B2A40D4D145F}" = 64 Bit HP CIO Components Installer
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{75104836-CAC7-444E-A39E-3F54151942F5}" = Apple Mobile Device Support
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo Layers Runtime 1.10.01
"{8A7CAA24-7B23-410B-A7C3-F994B0944160}" = Microsoft Virtual PC 2007
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{90BF0360-A1DB-4599-A643-95AB90A52C1E}" = Microsoft_VC90_MFCLOC_x86_x64
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{94D70749-4281-39AC-AD90-B56A0E0A402E}" = Microsoft Visual C++ 2010  x64 Runtime - 10.0.30319
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{CEA21F20-DBF4-464C-8B81-28B8508AFDDD}" = Windows Live Family Safety
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D66F0C3C-24F2-4463-9E2F-4381E5C40A26}" = iTunes
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DC911ADF-7B60-40F2-A112-FB1EB6402D07}" = Microsoft Security Client DE-DE Language Pack
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"Blender" = Blender
"D2D60C36F6B56A6053B40E1E128FB248EDF468BC" = Windows Driver Package - Realtek Semiconductor Corp. (RTL8187B) Net  (05/04/2007 6.1082.0504.2007)
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"Microsoft Security Client" = Microsoft Security Essentials
"PDF-XChange 3_is1" = PDF-XChange 3
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{024521CF-C07E-4F8E-8481-0D75695E03AF}" = PxMergeModule
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{03534DA5-2F88-4B8E-A978-849B979E1B8F}" = TuxGuitar
"{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{0F53B203-C6A9-4FB0-9086-A2D61396BE5F}" = STRATO Backup Manager
"{10404646-77C5-4f07-947E-58E5FA78A8BE}" = Dealio Toolbar v4.6
"{117B6BF6-82C3-420C-B284-9247C8568E53}" = Die Sims™ 3 Design-Garten-Accessoires
"{11CFEF6B-6B50-49CC-96AA-BD9BD7FE3A23}" = Youda Sushi Chef
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{141FBF87-4FB4-41E1-80B4-E1389268D541}" = GameShadow
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1D301950-EA2F-4882-9AA0-49467756842A}" = SweetIM for Messenger 3.3
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1F77C418-2C90-459C-BD33-B56A4182B9FA}" = System Requirements Lab CYRI
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20B1B020-DEAE-48D1-9960-D4C3185D758B}" = Phase 5 HTML-Editor
"{20FA8AEE-E785-4F79-98EB-2067A8F395F4}" = Monopoly
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{24ECFEDB-6CE0-48D0-8C34-EE4C5BC275BF}" = Die Völker Gold Edition
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 24
"{29976EFB-EFF5-43D1-AE49-F62552D1B966}" = iSpring Free 6
"{2FAAECD0-1929-11DA-6784-006853A418BE}" = LoveChess Age Of Egypt
"{32D4851C-399A-4C02-A961-6A56178004B9}" = Hama Webcam Suite
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{342126E1-173C-4585-BFBE-3EBDD20E3E9E}" = Mobipocket Reader 6.2
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{3521BDBD-D453-5D9F-AA55-44B75D214629}" = Adobe Community Help
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{37D422FE-0E44-4595-9ADF-BE4C1B70318F}" = Armed and Dangerous
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{4422D20B-F530-4E65-8504-31396C9BC066}" = Google SketchUp 8
"{45057FCE-5784-48BE-8176-D9D00AF56C3C}" = Die Sims™ 3 Late Night
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E33D05D-76CF-5D3C-4D5D-7727530FA161}" = Adobe Content Viewer
"{4E973CA9-5674-4FB4-8D83-3D8C5EB44AB3}" = Mindjet MindManager 2012
"{544DB849-AB59-4C12-A333-2F214E24870F}" = Commandos Strike Force
"{56780980-C930-4775-88B8-85301EDBEBE6}_is1" = Transport Manager
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{606A0AC5-5F90-4379-81AE-11B44707E094}" = Adobe After Effects CS5.5 Third Party Content
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{66E375C5-CF5E-4706-B23B-93B52DB754BB}" = AutoSketch Release 8
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A86554B-8928-30E4-A53C-D7337689134D}" = Microsoft Visual C++ 2010  x86 Runtime - 10.0.30319
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71828142-5A24-4BD0-97E7-976DA08CE6CF}" = Die Sims™ 3 Luxus-Accessoires
"{75438C0E-9925-412E-AD85-D0E71C6CE2ED}" = Hama MX Pro II Webcam
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7B11296A-F894-449C-8DF6-6AAAA7D4D118}" = Die Sims™ 3 Stadt-Accessoires
"{7B63B2922B174135AFC0E1377DD81EC2}" =
"{7C5B4583-7CBF-4289-B195-03B553959DEA}" = VoiceOver Kit
"{823D0051-9B7A-46C3-A29B-AA4D765960ED}" = Google SketchUp Pro 7
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{84C176F9-1DAE-803C-5993-CF8703AE5841}" = Adobe Download Assistant
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{870815CA-6B60-47B6-88DD-A67F42D2F03E}" = GPL MPEG-1/2 DirectShow Decoder Filter
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8CC8D1F6-B529-4626-B00A-CC829FACD483}" = Architektur Designer 2010 1.1.0.5
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.PRJPRO_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PRJPRO_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PRJPRO_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.PRJPRO_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PRJPRO_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.PRJPRO_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.SingleImage_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.PRJPRO_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.SingleImage_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003B-0000-0000-0000000FF1CE}" = Microsoft Office Project Professional 2010
"{90140000-003B-0000-0000-0000000FF1CE}_Office14.PRJPRO_{8A8F117F-8EDB-440D-B679-F08909D729F7}" = Microsoft Project 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.PRJPRO_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00B4-0407-0000-0000000FF1CE}" = Microsoft Office Project MUI (German) 2010
"{90140000-00B4-0407-0000-0000000FF1CE}_Office14.PRJPRO_{86D01646-1942-4253-B11F-68F5ED259B17}" = Microsoft Project 2010 Service Pack 1 (SP1)
"{910F4A29-1134-49E0-AD8B-56E4A3152BD1}" = Die Sims™ 3 Traumkarrieren
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{9475016C-F7F1-4F45-9246-A9170F9DB0AC}" = 802.11g Wireless USB 2.0 Adapter HW.14
"{94B8E8AF-7F52-4AEB-8731-450942059E89}" = Boost Libraries for C++Builder 2010
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{99E862CC-6F69-4D39-99AA-DBF71BF3B585}" = OpenOffice.org 3.1
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9E1BAB75-EB78-440D-94C0-A3857BE2E733}" = System Requirements Lab
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-1033-F400-7760-000000000005}" = Adobe Acrobat X Pro - English, Français, Deutsch
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.2) - Deutsch
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{B7E38540-E355-3503-AFD7-635B2F2F76E1}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
"{BA26FFA5-6D47-47DB-BE56-34C357B5F8CC}" = Die Sims™ 3 Reiseabenteuer
"{BDE646E8-86E0-50E1-37BC-0AEBB2185D76}" = Adobe Widget Browser
"{BF67F764-95B6-4360-BB57-B2E5AA6C814B}" = SweetIM Toolbar for Internet Explorer 4.0
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = Die Sims™ 3
"{C270BC04-1540-4673-960F-A546B2C860CD}" = Commandos 3 - Destination Berlin
"{C28DD992-5B7B-D195-6841-4EC57DF512BD}" = Adobe Story
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{CC38D00B-3038-43C7-BF3E-A871A2A95E53}" = SmartSVN 6.6
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D3507473-2CE3-4073-A6BA-A0846B5CC687}" = Namo WebEditor 8
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D57FC112-312E-4D70-860F-2DB8FB6858F0}" = Adobe Creative Suite 5.5 Master Collection
"{D5A029B5-36A7-427E-AD6B-5A669962368B}" = Commandos Strike Force Demo
"{D7D50E0C-27DD-4999-BC05-E026B580F93A}" = Electronic Arts Product Registration
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DCFF9230-22DC-40ED-BBCC-0F260B85734C}" = Tsunami-Filter-Pack
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E6B88BD6-E4B2-4701-A648-B6DAC6E491CC}" = Die Sims™ 3 Lebensfreude
"{E9E34215-82EF-4909-BE2F-F581F0DC9062}" = DirectX for Managed Code Update (Summer 2004)
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8
"{EFC1B35C-FFF2-41D8-A70A-CE6037F8040B}" = AGEIA PhysX v7.07.24
"{EFD0BFEB-980E-491B-833B-A8848E5E0F0F}" = Hyplay
"{F00221DA-CEAC-4FF3-9B67-2B0BCAB0EDA5}" = VokabelTrainer vT
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F4FC05EB-94A9-418A-ABC4-A2FBBB4F6C15}" = Embarcadero Delphi and C++Builder 2010 Help System
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"{FF29527A-44CD-3422-945E-981A13584000}" = VC Runtimes MSI
"8458-4195-6614-3708" = Vektoris3D 2.0
"AC3Filter_is1" = AC3Filter 1.63b
"Adobe AIR" = Adobe AIR
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Artisteer 2" = Artisteer 2
"Ashampoo Burning Studio Elements_is1" = Ashampoo Burning Studio Elements 10.0.9
"Audiograbber" = Audiograbber 1.83 SE
"Avi Player" = Avi Player
"Avira AntiVir Desktop" = Avira Free Antivirus
"AviSynth" = AviSynth 2.5
"BabylonToolbar" = Babylon toolbar on IE
"Boost Libraries for C++Builder 2010" = Boost Libraries for C++Builder 2010
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.AdobeStory.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Story
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.dmp.contentviewer" = Adobe Content Viewer
"com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant
"com.adobe.WidgetBrowser.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1" = Adobe Widget Browser
"DFTools" = DFTools
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup" = DivX-Setup
"DVDVideoSoftTB Toolbar" = DVDVideoSoftTB Toolbar
"Eazel-DE Toolbar" = Eazel-DE Toolbar
"ElsterFormular für Privatanwender 12.2.1.6570p" = ElsterFormular für Privatanwender
"Embarcadero Delphi and C++Builder 2010 Help System" = Embarcadero Delphi and C++Builder 2010 Help System
"EMX Javascript Professional_is1" = EMX Javascript Professional 2.0
"Facecons" = Facecons
"Firebird SQL Server D" = Firebird SQL Server - MAGIX Edition
"FOCUS-Online-Screensaver-MAIN Screensaver" = FOCUS-Online-Screensaver-MAIN Screensaver
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.3
"Free CD to MP3 Converter" = Free CD to MP3 Converter
"Free FLV Converter_is1" = Free FLV Converter V 6.8.0
"Free Studio_is1" = Free Studio version 4.8
"Free YouTube Download_is1" = Free YouTube Download 2.7
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.5
"GameSpy Arcade" = GameSpy Arcade
"GeoGebra" = GeoGebra
"Google Chrome" = Google Chrome
"Guitar Pro 5_is1" = Guitar Pro 5.2
"IconCool Studio 7 Pro" = IconCool Studio 7 Pro
"InstallShield_{D7D50E0C-27DD-4999-BC05-E026B580F93A}" = Electronic Arts Product Registration
"isfree_is1" = iSpring Free 4.3
"JoJoThumb_is1" = JoJoThumb 2.11.2
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 7.1.0
"Live 8.0.3" = Live 8.0.3
"Live 8.1.1" = Live 8.1.1
"MAGIX 3D Maker D" = MAGIX 3D Maker (embeded)
"McAfee Security Scan" = McAfee Security Scan
"Monopoly" = Monopoly
"Monopoly Deluxe" = Monopoly Deluxe
"Mozilla Firefox 10.0.2 (x86 de)" = Mozilla Firefox 10.0.2 (x86 de)
"Mozilla Thunderbird 10.0.2 (x86 de)" = Mozilla Thunderbird 10.0.2 (x86 de)
"NSS" = Norton Security Scan
"Office14.PRJPRO" = Microsoft Project Professional 2010
"Office14.SingleImage" = Microsoft Office Professional 2010
"OpenAL" = OpenAL
"Origin" = Origin
"PricePeep" = PricePeep for FireFox
"RealArcade 1.2" = RealArcade
"RealPlayer 12.0" = RealPlayer
"RouterControl" = RouterControl 2.0
"save2pc Light_is1" = save2pc Light 4.07
"ST6UNST #1" = CompuLearn Franzoesisch
"ST6UNST #2" = Ordner Icon V2.1
"Stellarium_is1" = Stellarium 0.10.6.1
"Super Mario World_is1" = Super Mario World
"Teachmaster 4.3" = Teachmaster 4.3 (nur Entfernen)
"TeamViewer 4" = TeamViewer 4
"Terminkalender2" = Softwarenetz Terminkalender2
"The KMPlayer" = The KMPlayer (remove only)
"toolplugin" = toolplugin
"Trusted Software Assistant_is1" = File Type Assistant
"UltraISO_is1" = UltraISO Premium V9.52
"Uninstall_is1" = Uninstall 1.0.0.1
"UnityWebPlayer" = Unity Web Player (All users)
"VLC media player" = VLC media player 1.1.5
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"Yahoo! Companion" = Yahoo! Toolbar
"YTdetect" = Yahoo! Detect
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"GeoGebraPrim" = GeoGebraPrim
"Wajam" = Wajam
 
========== Last 10 Event Log Errors ==========
 
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
 
< End of report >
Hier die Extra.TXT Datei. Vielen Dank für die Antwort!

markusg 22.03.2012 19:52
hi

dieses script sowie evtl. folgende scripts sind nur für den jeweiligen user.
wenn ihr probleme habt, eröffnet eigene topics und wartet auf, für euch angepasste scripts.


• Starte bitte die OTL.exe
• Kopiere nun das Folgende in die Textbox.



Code:
:OTL
O4 - HKCU..\Run: [SkypePM] C:\Users\Andrija\AppData\Local\Skype\SkypePM.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: Nzzv = C:\Windows\SysWOW64\svchost9.exe
[2012.03.19 14:18:17 | 000,302,592 | ---- | C] (Works Ltd.) -- C:\Windows\SysNative\aptwj0qdl.dll
[2012.03.16 17:24:00 | 000,000,446 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for Ruza.job
 :Files
C:\Users\Andrija\AppData\Local\Skype
C:\Windows\SysWOW64\svchost9.exe
:Commands
[purity]
[EMPTYFLASH]
[emptytemp]
[Reboot]


• Schliesse bitte nun alle Programme.
• Klicke nun bitte auf den Fix Button.
• OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
• Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren.
starte in den normalen modus.

falls du keine symbole hast, dann rechtsklick, ansicht, desktop symbole einblenden

Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang
in den Thread posten!



Drücke bitte die http://larusso.trojaner-board.de/Images/windows.jpg + E Taste.
  • Öffne dein Systemlaufwerk ( meistens C: )
  • Suche nun
    folgenden Ordner: _OTL und öffne diesen.
  • Mache einen Rechtsklick auf den Ordner Movedfiles --> Senden an --> Zip-Komprimierter Ordner

  • Dies wird eine Movedfiles.zip Datei in _OTL erstellen
  • Lade diese bitte in unseren Uploadchannel
    hoch. ( Durchsuchen --> C:\_OTL\Movedfiles.zip )
Teile mir mit ob der Upload problemlos geklappt hat. Danke im voraus :)

Andrija 22.03.2012 22:20
Hallo!

Danke schon mal für die Hilfe bis hier her!

Hab nach dem Neustart die den Ordner _OTL aufgesucht. Beim Senden an ZIP-komprimierter Ordner hat mein Virusprogramm "AntiVir" ein Virus im Ordner "MovedFiles/[...]/SkypePM.exe" gefunden. Was soll ich tun?

Danke.

markusg 23.03.2012 11:43
rechtsklick avira schirm, deaktivieren.
dann datei erstellen, hochlaeden, avira einschalten.

Andrija 23.03.2012 14:28
Hallo!

Der Upload hat geklappt. Hier die Textdatei die das Programm rausgegeben hat.

Code:
All processes killed
========== OTL ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\SkypePM deleted successfully.
C:\Users\Andrija\AppData\Local\Skype\SkypePM.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\\Nzzv deleted successfully.
C:\Windows\SysNative\aptwj0qdl.dll moved successfully.
C:\Windows\Tasks\Norton Security Scan for Ruza.job moved successfully.
========== COMMANDS ==========
 
[EMPTYFLASH]
 
User: All Users
 
User: Andrija
->Flash cache emptied: 78181 bytes
 
User: Andy
->Flash cache emptied: 90168 bytes
 
User: Andy.Fujitsu-Siemens
->Flash cache emptied: 3413039 bytes
 
User: AppData
 
User: Default
->Flash cache emptied: 56509 bytes
 
User: Default User
->Flash cache emptied: 0 bytes
 
User: Gast
->Flash cache emptied: 81748 bytes
 
User: laura
 
User: Public
 
User: Ruza
->Flash cache emptied: 57100 bytes
 
User: tomi
 
Total Flash Files Cleaned = 4,00 mb
 
 
[EMPTYTEMP]
 
User: All Users
 
User: Andrija
->Temp folder emptied: 1179938655 bytes
->Temporary Internet Files folder emptied: 68776765 bytes
->Java cache emptied: 17580012 bytes
->FireFox cache emptied: 58667602 bytes
->Google Chrome cache emptied: 7423010 bytes
->Flash cache emptied: 0 bytes
 
User: Andy
->Temp folder emptied: 273604285 bytes
->Temporary Internet Files folder emptied: 79820240 bytes
->Java cache emptied: 25843188 bytes
->FireFox cache emptied: 114845913 bytes
->Google Chrome cache emptied: 21737859 bytes
->Flash cache emptied: 0 bytes
 
User: Andy.Fujitsu-Siemens
->Temp folder emptied: 281567149 bytes
->Temporary Internet Files folder emptied: 122933221 bytes
->Java cache emptied: 62935924 bytes
->FireFox cache emptied: 220281827 bytes
->Google Chrome cache emptied: 27420518 bytes
->Flash cache emptied: 0 bytes
 
User: AppData
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Gast
->Temp folder emptied: 312838119 bytes
->Temporary Internet Files folder emptied: 380883703 bytes
->Java cache emptied: 51534697 bytes
->FireFox cache emptied: 73927219 bytes
->Google Chrome cache emptied: 364697563 bytes
->Flash cache emptied: 0 bytes
 
User: laura
 
User: Public
 
User: Ruza
->Temp folder emptied: 745801633 bytes
->Temporary Internet Files folder emptied: 47648846 bytes
->Java cache emptied: 40567739 bytes
->FireFox cache emptied: 758515216 bytes
->Google Chrome cache emptied: 70824869 bytes
->Flash cache emptied: 0 bytes
 
User: tomi
 
%systemdrive% .tmp files removed: 23253808 bytes
%systemroot% .tmp files removed: 155648 bytes
%systemroot%\System32 .tmp files removed: 3129344 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 898666470 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50434 bytes
RecycleBin emptied: 302988974 bytes
 
Total Files Cleaned = 6.331,00 mb
 
 
OTL by OldTimer - Version 3.2.39.2 log created on 03222012_220117

Files\Folders moved on Reboot...
C:\Users\Andrija\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File\Folder C:\Users\Andy.Fujitsu-Siemens\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\FCJ93Q7R\UACAGZ2R9FCAOAFU33CALF1N83CAUGUMXECADL5F97CAVIBRKJCAMWXC4XCA0EP7QKCAPOP6OHCA2QGH7ECA8VSTAXCAB7QXHOCAN6X8R6CAZWBLV0CA2BDJ7MCA16J2DECAJSAWN3CAMNDJIECAFE9JXSCA1N0HCH.htm not found!
File\Folder C:\Users\Ruza\AppData\Local\Temp\OICE_F0FD7636-5DE7-4E68-82A0-145A0935DBE0.0\898644C7. not found!
File\Folder C:\Users\Ruza\AppData\Local\Temp\OICE_D649D924-5A54-44B0-8B45-654AB76E6D82.0\310109ED. not found!
File\Folder C:\Users\Ruza\AppData\Local\Temp\OICE_AA2DE057-6BF9-4A55-898A-6D2950D914CD.0\22FAA8E6. not found!
File\Folder C:\Users\Ruza\AppData\Local\Temp\OICE_996A31D8-B4A2-4E22-82B9-745C83C0E761.0\D1986564. not found!
File\Folder C:\Users\Ruza\AppData\Local\Temp\OICE_8BC41E2C-342D-4D2A-950A-15AB25099D59.0\11292BC4. not found!
File\Folder C:\Users\Ruza\AppData\Local\Temp\OICE_6C2F2031-9556-45CA-8EB0-B4F7055093B1.0\9242F644. not found!
File\Folder C:\Users\Ruza\AppData\Local\Temp\OICE_438F3F58-8E49-45CA-9C62-3152FAADC195.0\6581D6EC. not found!
File\Folder C:\Users\Ruza\AppData\Local\Temp\OICE_1A054D34-7DFB-4274-A2B9-BE06C087BC43.0\AB0C9B88. not found!

Registry entries deleted on Reboot...
Danke!!!

markusg 23.03.2012 17:29
danke für den upload
File-Upload.net - GetInfo.exe
lade bitte getinfo.exe.
im selben verzeichniss entsteht eine
summary-info.txt
deren inhalt hier posten bitte.

Andrija 23.03.2012 23:01
Der Inhalt von "summary-info.txt"

Code:
System volume information:        dwHighDateTime = 0x1c7f150,dwLowDateTime = 0x1ccd6910
System32:                        dwHighDateTime = 0x1c9c31a,dwLowDateTime = 0x49378321
dwSerialNumber = 0x5c685913

markusg 24.03.2012 16:54
hab dank :-)
Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich
ziehen und eine Bereinigung der Infektion noch erschweren.

Bitte downloade dir Combofix.exe und speichere es unbedingt auf deinem Desktop.
  • Besuche folgende Seite für Downloadlinks und Anweisungen für dieses
    Tool

    Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Hinweis:
    Gehe sicher das all deine Anti Virus und Anti Malware Programme abgeschalten sind, damit diese Combofix nicht bei der Arbeit stören.
  • Poste bitte die C:\Combofix.txt in deiner nächsten Antwort.

Andrija 24.03.2012 17:18
Es kommt beim Ausführen von ComboFix folgende Meldung:

"Warning!
Do not run ComboFix in Compability Mode.
Doing so may damagethe machine."

Ich hab mehrere Dinge versucht. Kompabilitätsmodus. Ausführen als Administrator.

Was soll ich tun???

LG

markusg 24.03.2012 17:20
probieren wir erst mal dies:

malwarebytes:
Downloade Dir bitte Malwarebytes
  • Installiere
    das Programm in den vorgegebenen Pfad.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Starte Malwarebytes, klicke auf Aktualisierung --> Suche
    nach Aktualisierung
  • Wenn das Update beendet wurde, aktiviere vollständiger Scan durchführen und drücke auf Scannen.
  • Wenn der Scan beendet
    ist, klicke auf Ergebnisse anzeigen.
  • Versichere Dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
  • Poste
    das Logfile, welches sich in Notepad öffnet, hier in den Thread.
  • Nachträglich kannst du den Bericht unter "Log Dateien" finden.

Andrija 24.03.2012 20:34
Hier die Log-Datei

Code:
Malwarebytes Anti-Malware (Test) 1.60.1.1000
www.malwarebytes.org

Datenbank Version: v2012.03.24.01

Windows 7 x64 NTFS
Internet Explorer 8.0.7100.0
Andrija :: FUJITSU-SIEMENS [Administrator]

Schutz: Aktiviert

24.03.2012 17:26:47
mbam-log-2012-03-24 (17-26-47).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 750732
Laufzeit: 2 Stunde(n), 36 Minute(n), 11 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 3
C:\$Recycle.Bin\S-1-5-21-437589503-3552584052-1919312049-501\$REOL9M3.exe (PUP.SmsPay.pns) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Andrija\Desktop\Programme\Downloader\cryptload\router\FRITZ!Box\nc.exe (PUP.Netcat) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Ruza\Dikigerät\Desktop\installer_youtube_downloader_3_53_Deutsch_Deutsch.exe (PUP.SmsPay.pns) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

markusg 25.03.2012 18:55
lade den CCleaner standard:
CCleaner Download - CCleaner 3.16.1666
falls der CCleaner
bereits instaliert, überspringen.
instalieren, öffnen, extras, liste der instalierten programme, als txt speichern. öffnen.
hinter, jedes von dir benötigte programm, schreibe notwendig.
hinter, jedes, von dir nicht benötigte, unnötig.
hinter, dir unbekannte, unbekannt.
liste posten.

Andrija 25.03.2012 23:13
Hier die Programme:

Code:
802.11g Wireless USB 2.0 Adapter HW.14                                unbekannt
Adobe Acrobat X Pro - English, Français, Deutsch                notwendig
Adobe After Effects CS5.5 Third Party Content                        notwendig
Adobe AIR                                                        notwendig
Adobe Community Help                                                notwendig
Adobe Content Viewer                                                notwendig
Adobe Creative Suite 5.5 Master Collection                        notwendig
Adobe Download Assistant                                        notwendig
Adobe Flash Player 11 ActiveX 64-bit                                notwendig
Adobe Flash Player 11 Plugin 64-bit                                notwendig
Adobe Media Player                                                notwendig
Adobe Reader X (10.1.2) - Deutsch                                notwendig
Adobe Shockwave Player 11.5                                        notwendig
Adobe Story                                                        notwendig
Adobe Widget Browser                                                notwendig
AGEIA PhysX v7.07.24                                                unbekannt
Apple Application Support                                        notwendig
Apple Mobile Device Support                                        notwendig
Apple Software Update                                                notwendig
Armed and Dangerous                                                unnötig
Artisteer 2        Extensoft                                        unbekannt
Ashampoo Burning Studio Elements 10.0.9                                notwendig
Ask Toolbar                                                        unnötig
Audiograbber 1.83 SE                                                unbekannt
Avi Player                                                        notwendig
Avira Free Antivirus        Avira                                        notwendig
AviSynth 2.5                                                        unbekannt
Blender        Blender Foundation                                        unbekannt
Bonjour        Apple Inc.                                                unnötig
Boost Libraries for C++Builder 2010                                notwendig       
CCleaner                                                        notwendig
Commandos 3 - Destination Berlin                                notwendig
Commandos Strike Force        Pyro Studios                                notwendig
Commandos Strike Force Demo        Pyro Studio                        unnötig
Compatibility Pack for the 2007 Office system                        unbekannt
CompuLearn Franzoesisch                                                unnötig
Dealio Toolbar v4.6                                                unnötig
DFTools                                                                unbekannt
Die Sims™ 3                                                        notwendig
Die Sims™ 3 Design-Garten-Accessoires                                notwendig
Die Sims™ 3 Late Night        Electronic Arts                                notwendig
Die Sims™ 3 Lebensfreude                                        notwendig
Die Sims™ 3 Luxus-Accessoires                                        notwendig
Die Sims™ 3 Reiseabenteuer                                        notwendig
Die Sims™ 3 Stadt-Accessoires                                        notwendig
Die Sims™ 3 Traumkarrieren                                        notwendig
Die Völker Gold Edition        JoWooD Studio Vienna                        notwendig
DivX Converter        DivX, Inc.                                        notwendig
DivX Player        DivX                                                notwendig
DivX Plus DirectShow Filters                                        unnötig
DivX-Setup        DivX, LLC                                        unnötig
DVDVideoSoftTB Toolbar                02.02.2010                        unnötig
Electronic Arts Product Registration                                notwendig
ElsterFormular für Privatanwendung                                unbekannt
Embarcadero Delphi and C++Builder 2010 Help System                notwendig               
EMX Javascript Professional 2.0        eMatrixSoft, Inc.                notwendig       
Facecons        Facecons                                        unnötig
File Type Assistant        Trusted Software                        unbekannt
Firebird SQL Server - MAGIX Edition        MAGIX AG                notwendig
FOCUS-Online-Screensaver-MAIN Screensaver                        unnötig       
Free Audio CD Burner version 1.3                                unnötig       
Free CD to MP3 Converter                                        unnötig
Free FLV Converter V 6.8.0                                        unnötig
Free Studio version 4.8        DVDVideoSoft Limited.                        nbekannt
GameShadow                                                        unbekannt
GameSpy Arcade                                                        unbekannt
GeoGebra        International GeoGebra Institute                notwendig
GeoGebraPrim        International GeoGebra Institute                unnötig       
Google Chrome        Google Inc.                                        unnötig
Google Earth        Google                                                notwendig
Google SketchUp 8        Google, Inc.                                notwendig
Google SketchUp Pro 7        Google, Inc.                                notwendig
Guitar Pro 5.2        Arobas Music        26.09.2009                        unnötig
Hama MX Pro II Webcam                11.12.2009                        unnötig
Hama Webcam Suite        ArcSoft        11.12.2009                        unnötig
HP Update        Hewlett-Packard        05.03.2012                        unnötig
Hyplay                                                                unbekannt
IconCool Studio 7 Pro        Newera Software Technology Inc.                notwendig
Intel(R) Graphics Media Accelerator Driver                        notwendig
iSpring Free 4.3        iSpring Solutions Inc.                        unbekannt
iSpring Free 6        iSpring Solutions Inc.                                unbekannt
iTunes        Apple Inc.                                                notwendig
Java(TM) 6 Update 31                                                notwendig
Java(TM) 7 Update 3 (64-bit)                                        notwendig
Java(TM) SE Development Kit 7 Update 3 (64-bit)        Oracle                notwendig
JavaFX 2.0.3 (64-bit)        Oracle Corporation                        notwendig
JavaFX 2.0.3 SDK (64-bit)        Oracle Corporation                notwendig
JoJoThumb 2.11.2        Johannes Tschebisch                        unbekannt               
K-Lite Mega Codec Pack 7.1.0                                        unnötig
Live 8.0.3                08.01.2010                                unbekannt
Live 8.1.1                04.01.2010                                unbekannt
LoveChess Age Of Egypt        Artmunk VOF, The Netherland                unnötig
MAGIX 3D Maker (embeded)                                        notwendig
Malwarebytes Anti-Malware Version 1.60.1.1000                        notwendig
Microsoft Office Professional 2010        Microsoft Corporation        notwendig
Microsoft Project Professional 2010        Microsoft Corporation        notwendig
Microsoft Security Essentials        Microsoft Corporation                notwendig
Microsoft Silverlight        Microsoft Corporation        15.02.2012        notwendig
Microsoft SQL Server 2005 Compact Edition [ENU]        Microsoft        unbekannt
Microsoft Virtual PC 2007        Microsoft Corporation                notwendig
Microsoft Visual C++ 2005 ATL Update kb973923                        notwendig
Microsoft Visual C++ 2005 Redistributable                        notwendig
Microsoft Visual C++ 2008 Redistributable - x86                notwendig
Microsoft Visual C++ 2008 Redistributable - x86                notwendig
Microsoft Visual C++ 2008 Redistributable - x86                        notwendig
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219        notwendig
Microsoft Visual C++ 2010  x64 Runtime - 10.0.30319                notwendig
Microsoft Visual C++ 2010                                          notwendig
Microsoft Visual C++ 2010                                        notwendig
Microsoft WSE 3.0 Runtime                                        unbekannt
Mindjet MindManager 2012                                        notwendig
Mobipocket Reader 6.2                                                unbekannt
Monopoly                                                        unnötig
Monopoly                                                        unnötig
Monopoly Deluxe        Zylom Games                                        unnötig
Mozilla Firefox 10.0.2 (x86 de)                                        notwendig
Mozilla Thunderbird 11.0 (x86 de)                                notwendig
Namo WebEditor 8                                                unbekannt
Norton Security Scan                                                unnötig
OpenAL                                                                unbekannt
OpenOffice.org 3.1                                                notwendig
Ordner Icon V2.1                                                notwendig
Origin        Electronic Arts                                                unbekannt
PDF-XChange 3                                                        notwendig
PDFCreator                                                        notwendig
QuickTime                                                        notwendig
RealArcade                                                        unbekannt
RealPlayer                                                        unbekannt
RouterControl 2.0                                                notwendig
save2pc Light 4.07                                                unbekannt
Skype Click to Call                                                notwendig
Skype™ 5.8        Skype Technologies                                notwendig
SmartSVN 6.6                                                        unnötig
Softwarenetz Terminkalender2                                        notwendig
Stellarium 0.10.6.1                                                notwendig
Super Mario World                                                notwendig
SweetIM for Messenger 3.3                                        unnötig
SweetIM Toolbar for Internet Explorer 4.0                        unnötig
System Requirements Lab        Husdawg                                        unbekannt
System Requirements Lab CYRI                                        unbekannt
Teachmaster 4.3 (nur Entfernen)                                        unnötig
TeamViewer 4                                                        unnötig
The KMPlayer (remove only)                                        unnötig
toolplugin                                                        unbekannt
Transport Manager                                                unnötig
Tsunami-Filter-Pack                                                unbekannt
TuxGuitar        Herac                                                unnötig
UltraISO Premium V9.52                                                notwendig
Uninstall 1.0.0.1                                                unbekannt
Unity Web Player (All users)                                        unbekannt       
Vektoris3D 2.0        kapieren.de                                        notwendig
VLC media player 1.1.5                                                notwendig
VoiceOver Kit        Apple Inc.                                        unbekannt
Wajam        Wajam                                                        unnötig
Windows Driver Package - Realtek Semiconductor Corp.                unbekannt
Windows Live Essentials        Microsoft Corporation                        notwendig
Windows Live Mesh ActiveX control for remote connections        unbekannt
Windows Live Sync                                                unbekannt
WinRAR                                                                notwendig       
Yontoo Layers Runtime                                                unbekannt
Youda Sushi Chef                                                unnötig

markusg 26.03.2012 09:52
deinstaliere:
Armed
Ask
Audiograbber
AviSynth
Bonjour
Commandos Strike Force Demo
CompuLearn
Dealio
DVDVideoSoftTB
ElsterFormular
Facecons
File Type Assistant
FOCUS-Online
Free Audio
Free CD
Free FLV
Free Studio
GameShadow
GameSpy
GeoGebraPrim International
Google Chrome
Guitar Pro
Hama : beide
HP Update
Java(TM) 6 Update 31
K-Lite
Live : beide
LoveChess
Mobipocket
Monopoly : alle
Namo WebEditor
Norton
Origin
RealPlayer
save2pc
SmartSVN
SweetIM : beide
Teachmaster
TeamViewer
The KMPlayer
toolplugin
Transport Manager
Tsunami
TuxGuitar
Unity
VoiceOver
Wajam
Yontoo
Youda

öffne otl bereinigen neustart.
öffne ccleaner analysieren bereinigen neustart.
testen wie der pc läuft

Andrija 26.03.2012 20:19
Danke für die bisherigen Anforderungen. Der PC läuft sehr gut.

Probleme beim Deinstallieren:

Code:
CompuLearn konnte nicht geöffnet werden
Facecons konnte nicht gefunden werden
LoveChess konnte nicht geöffnet werden
toolplugin konnte nicht gefunden werden

markusg 26.03.2012 20:25
dann deinstaliere bitte mal mit rewo:
http://www.hijackthis-forum.de/tipps...installer.html

sei dann aber noch mal so gut, und lösche otl noch nicht, erstelle bitte, wie auf seite 1 beschrieben, noch mal ein logfile.

Andrija 26.03.2012 20:30
Meinst du damit deine erste Anweisung?

markusg 26.03.2012 20:43
genau, anweisung aus post 2.
abgesicherter modus ist aber nicht nötig

Andrija 26.03.2012 21:29
Hier die Log-Dateien:

OTL:

Code:
OTL logfile created on: 26.03.2012 21:55:13 - Run 1
OTL by OldTimer - Version 3.2.39.2    Folder = C:\Users\Andrija\Downloads
64bit- Ultimate Edition  (Version = 6.1.7100) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7100.0)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,99 Gb Total Physical Memory | 0,68 Gb Available Physical Memory | 33,94% Memory free
3,98 Gb Paging File | 2,28 Gb Available in Paging File | 57,19% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 230,87 Gb Total Space | 43,92 Gb Free Space | 19,02% Space Free | Partition Type: NTFS
 
Computer Name: FUJITSU-SIEMENS | User Name: Andrija | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.03.26 21:54:56 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Andrija\Downloads\OTL.exe
PRC - [2012.03.25 15:32:20 | 000,399,512 | ---- | M] (Mozilla Messaging) -- C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
PRC - [2012.02.24 21:21:47 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012.01.13 15:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.01.13 15:53:18 | 000,460,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.01.03 15:10:50 | 000,815,512 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
PRC - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011.10.11 14:59:49 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2011.10.11 14:59:37 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011.10.11 14:59:37 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.09.14 13:54:56 | 000,037,728 | ---- | M] (Mindjet) -- C:\Program Files (x86)\Mindjet\MindManager 10\MmReminderService.exe
PRC - [2011.07.29 01:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2009.04.23 06:47:48 | 007,418,368 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
PRC - [2009.04.23 06:46:40 | 007,424,000 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
PRC - [2007.10.01 19:00:58 | 000,413,696 | ---- | M] () -- C:\Program Files (x86)\802.11 Wireless LAN\802.11g USB 2.0 WLAN Dongle\WlanCU.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.03.25 15:32:27 | 001,968,280 | ---- | M] () -- C:\Program Files (x86)\Mozilla Thunderbird\mozjs.dll
MOD - [2012.03.25 15:32:26 | 000,161,944 | ---- | M] () -- C:\Program Files (x86)\Mozilla Thunderbird\NSLDAP32V60.dll
MOD - [2012.03.25 15:32:26 | 000,021,144 | ---- | M] () -- C:\Program Files (x86)\Mozilla Thunderbird\NSLDAPPR32V60.dll
MOD - [2012.02.24 21:21:47 | 001,911,768 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2012.02.04 12:13:43 | 008,527,008 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
MOD - [2012.01.03 15:10:54 | 000,019,968 | ---- | M] () -- C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\locale\de_de\acrotray.deu
MOD - [2011.09.27 08:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011.09.27 08:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011.09.14 13:54:12 | 000,150,856 | ---- | M] () -- C:\Program Files (x86)\Mindjet\MindManager 10\zlib.dll
MOD - [2011.07.29 01:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011.07.29 01:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
MOD - [2009.04.22 05:26:47 | 000,286,720 | ---- | M] () -- C:\Windows\SysWOW64\d3dy7248a.dll
MOD - [2009.04.16 13:02:16 | 000,970,752 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
MOD - [2007.10.01 19:00:58 | 000,413,696 | ---- | M] () -- C:\Program Files (x86)\802.11 Wireless LAN\802.11g USB 2.0 WLAN Dongle\WlanCU.exe
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2012.03.23 15:17:27 | 000,305,664 | ---- | M] (Works Ltd.) [Auto | Running] -- C:\Windows\SysNative\aptwj0qdl.dll -- (LanmanWorkstation)
SRV:64bit: - [2009.04.22 07:38:59 | 000,193,024 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012.02.15 14:30:18 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.01.13 15:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.11.11 14:16:32 | 000,114,000 | ---- | M] (Joosoft.com GmbH) [Auto | Running] -- C:\Windows\SysWOW64\UpdSvc.dll -- (Update-Service)
SRV - [2011.10.11 14:59:49 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.10.11 14:59:37 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.04.27 18:21:18 | 000,288,272 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Programme\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV - [2011.04.27 18:21:18 | 000,012,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2011.03.28 21:11:06 | 002,292,096 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2010.09.22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2010.02.19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2010.01.09 21:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2009.04.04 22:05:06 | 000,067,424 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2005.11.17 16:18:52 | 001,527,900 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Program Files (x86)\MAGIX\Common\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.02.18 22:47:03 | 000,132,320 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2011.12.10 16:24:08 | 000,023,152 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2011.11.29 04:28:28 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2011.10.26 22:02:19 | 000,294,232 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Treiber\VMM.sys -- (vmm)
DRV:64bit: - [2011.10.11 15:00:01 | 000,097,312 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2011.10.11 15:00:01 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2011.08.02 18:38:56 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011.04.27 16:25:24 | 000,084,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2010.09.23 00:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2010.01.16 16:23:07 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2009.09.23 19:23:02 | 006,180,832 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009.05.18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009.04.22 07:53:06 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.04.22 07:53:04 | 000,105,040 | ---- | M] (AMD) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009.04.22 07:52:53 | 000,028,752 | ---- | M] (AMD) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009.04.22 07:48:16 | 000,077,904 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009.04.22 07:48:15 | 000,065,616 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.04.22 07:48:04 | 000,023,120 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009.04.22 07:45:20 | 000,024,640 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.04.09 04:09:06 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) Intel(R)
DRV:64bit: - [2009.03.28 06:44:59 | 000,416,768 | ---- | M] (Realtek Semiconductor Corporation                          ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RTL8187B.sys -- (RTL8187B)
DRV:64bit: - [2009.03.17 06:35:14 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.03.06 09:43:48 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.03.01 23:05:32 | 000,187,392 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009.02.06 05:41:49 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.01.24 06:08:24 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008.06.27 07:51:10 | 000,088,632 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\adfs.sys -- (adfs)
DRV:64bit: - [2007.01.29 06:20:34 | 000,079,760 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VMNetSrv.sys -- (VPCNetS2)
DRV - [2010.01.29 12:40:16 | 000,115,600 | ---- | M] (EZB Systems, Inc.) [File_System | System | Running] -- C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys -- (ISODrive)
DRV - [2009.04.22 07:23:43 | 000,019,024 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKLM\..\URLSearchHook:  - No CLSID value found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT1703539
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.babylon.com/?babsrc=HP_ss&affID=110482&mntrId=5c685913000000000000001cbf549d61
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 3B 3B 81 42 25 E3 CC 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/web/{searchTerms}?babsrc=SP_ss&affID=110482&mntrId=5c685913000000000000001cbf549d61
IE - HKCU\..\SearchScopes\{30ACB990-690D-456F-8F8F-400448D3DB8E}: "URL" = hxxp://websearch.ask.com/custom/java/redirect?client=ie&tb=ORJ&o=100000026&src=crm&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=OSJ000
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7SKPB_de
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Search the web"
FF - prefs.js..browser.search.order.1: "Search the web"
FF - prefs.js..browser.search.selectedEngine: "Search the web"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - prefs.js..keyword.URL: "hxxp://www.browsersafesearch.com?client=mozilla-firefox&cd=UTF-8&search=1&q="
 
FF - user.js..browser.search.selectedEngine: "Search the web"
FF - user.js..browser.search.order.1: "Search the web"
FF - user.js..browser.search.defaultenginename: "Search the web"
FF - user.js..keyword.URL: "hxxp://www.browsersafesearch.com?client=mozilla-firefox&cd=UTF-8&search=1&q="
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.3.1: C:\Windows\system32\npDeployJava1.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Oracle\JavaFX 2.0 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.3.1: C:\Program Files\Oracle\JavaFX 2.0 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/npracplug;version=1.0.0.0: C:\Program Files (x86)\Real\RealArcade\Plugins\Mozilla\npracplug.dll (RealNetworks)
FF - HKLM\Software\MozillaPlugins\@thrixxx.com/WebLaunch: C:\Program Files (x86)\thriXXX\WebLaunch\Binaries\npWebLaunch.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@zylom.com/ZylomGamesPlayer: C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll (Zylom)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\MICROSOFT.NET\FRAMEWORK64\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION\ [2009.04.22 11:45:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2012.02.18 22:53:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}: C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2011.09.22 13:57:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.02.16 18:18:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.03.26 19:20:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.03.26 19:21:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Sunbird 1.0b1\extensions\\Components: C:\Program Files (x86)\Mozilla Sunbird\components [2011.10.08 13:05:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Sunbird 1.0b1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Sunbird\plugins [2012.02.18 22:54:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 11.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2011.11.22 17:53:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 11.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
 
[2012.02.28 20:55:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Andrija\AppData\Roaming\mozilla\Extensions
[2012.03.22 18:55:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Andrija\AppData\Roaming\mozilla\Firefox\Profiles\6g9tuyxg.default\extensions
[2012.02.28 20:54:02 | 000,000,000 | ---D | M] (Babylon) -- C:\Users\Andrija\AppData\Roaming\mozilla\Firefox\Profiles\6g9tuyxg.default\extensions\ffxtlbr@babylon.com
[2012.02.16 18:13:30 | 000,000,000 | ---D | M] (toolplugin) -- C:\Users\Andrija\AppData\Roaming\mozilla\Firefox\Profiles\6g9tuyxg.default\extensions\welcome@toolmin.com
[2012.03.24 14:58:13 | 000,002,306 | ---- | M] () -- C:\Users\Andrija\AppData\Roaming\Mozilla\Firefox\Profiles\6g9tuyxg.default\searchplugins\askcomsearch.xml
[2012.03.26 19:06:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2009.09.22 18:18:53 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2012.02.27 23:01:30 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012.02.24 21:21:48 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.03.24 14:57:16 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2009.10.09 13:26:06 | 000,024,576 | ---- | M] (RealNetworks) -- C:\Program Files (x86)\mozilla firefox\plugins\npgcplug.dll
[2005.04.27 22:10:49 | 000,102,400 | ---- | M] (RealNetworks) -- C:\Program Files (x86)\mozilla firefox\plugins\npracplug.dll
[2006.08.09 12:16:08 | 000,030,408 | ---- | M] ( ) -- C:\Program Files (x86)\mozilla firefox\plugins\npWebLaunch.dll
[2006.09.26 12:03:14 | 000,098,304 | ---- | M] (Zylom) -- C:\Program Files (x86)\mozilla firefox\plugins\npzylomgamesplayer.dll
[2012.02.11 16:03:02 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.02.28 20:53:59 | 000,002,288 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
[2012.02.11 16:03:02 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.02.11 16:03:02 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011.05.14 11:35:38 | 000,002,047 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrch.xml
[2012.02.11 16:03:02 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.02.16 18:13:30 | 000,000,158 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\Search the web.src
[2012.02.11 16:03:02 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.02.11 16:03:02 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2011.09.26 17:59:38 | 000,412,715 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1        www.007guard.com
O1 - Hosts: 127.0.0.1        007guard.com
O1 - Hosts: 127.0.0.1        008i.com
O1 - Hosts: 127.0.0.1        www.008k.com
O1 - Hosts: 127.0.0.1        008k.com
O1 - Hosts: 127.0.0.1        www.00hq.com
O1 - Hosts: 127.0.0.1        00hq.com
O1 - Hosts: 127.0.0.1        010402.com
O1 - Hosts: 127.0.0.1        www.032439.com
O1 - Hosts: 127.0.0.1        032439.com
O1 - Hosts: 127.0.0.1        www.0scan.com
O1 - Hosts: 127.0.0.1        0scan.com
O1 - Hosts: 127.0.0.1        1000gratisproben.com
O1 - Hosts: 127.0.0.1        www.1000gratisproben.com
O1 - Hosts: 127.0.0.1        1001namen.com
O1 - Hosts: 127.0.0.1        www.1001namen.com
O1 - Hosts: 127.0.0.1        100888290cs.com
O1 - Hosts: 127.0.0.1        www.100888290cs.com
O1 - Hosts: 127.0.0.1        www.100sexlinks.com
O1 - Hosts: 127.0.0.1        100sexlinks.com
O1 - Hosts: 127.0.0.1        10sek.com
O1 - Hosts: 127.0.0.1        www.10sek.com
O1 - Hosts: 127.0.0.1        www.1-2005-search.com
O1 - Hosts: 127.0.0.1        1-2005-search.com
O1 - Hosts: 127.0.0.1        123fporn.info
O1 - Hosts: 14258 more lines...
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Oracle\JavaFX 2.0 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (CmjBrowserHelperObject Object) - {6FE6A929-59D1-4763-91AD-29B61CFFB35B} - C:\Program Files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll (Mindjet)
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No CLSID value found.
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll File not found
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
O3 - HKLM\..\Toolbar: (toolplugin) - {DFEFCDEE-CF1A-4FC8-89AF-189327213627} - C:\Users\Andrija\AppData\Roaming\toolplugin\toolbar.dll File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [snp2std] C:\Windows\vsnp2std.exe File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MMReminderService] C:\Program Files (x86)\Mindjet\MindManager 10\MMReminderService.exe (Mindjet)
O4 - HKLM..\Run: [TrayServer] C:\PROGRA~2\MAGIX\VIDEO_~1\TrayServer.exe File not found
O4 - HKCU..\Run: [Media Finder] "C:\Program Files (x86)\Media Finder\MF.exe" /opentotray File not found
O4 - Startup: C:\Users\Andrija\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105 File not found
O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Download with &Media Finder - C:\Program Files (x86)\Media Finder\hook.html File not found
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Send Image To MindManager - C:\Program Files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll (Mindjet)
O8:64bit: - Extra context menu item: Send Link To MindManager - C:\Program Files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll (Mindjet)
O8:64bit: - Extra context menu item: Send Page To MindManager - C:\Program Files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll (Mindjet)
O8:64bit: - Extra context menu item: Send Text To MindManager - C:\Program Files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll (Mindjet)
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Download with &Media Finder - C:\Program Files (x86)\Media Finder\hook.html File not found
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Send Image To MindManager - C:\Program Files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll (Mindjet)
O8 - Extra context menu item: Send Link To MindManager - C:\Program Files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll (Mindjet)
O8 - Extra context menu item: Send Page To MindManager - C:\Program Files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll (Mindjet)
O8 - Extra context menu item: Send Text To MindManager - C:\Program Files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll (Mindjet)
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Send to Mindjet MindManager - {2F72393D-2472-4F82-B600-ED77F354B7FF} - C:\Program Files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll (Mindjet)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Windows\SysWOW64\d3dy7248a.dll ()
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.1.71.0.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 10.3.1)
O16 - DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03)
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} file:///C:/Program%20Files%20(x86)/Monopoly/Images/stg_drm.ocx (SpinTop DRM Control)
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///C:/Program%20Files%20(x86)/Monopoly/Images/armhelper.ocx (ArmHelper Control)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F1734F42-7695-4657-8DA4-05501C20C3F8}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\ipp - No CLSID value found
O18:64bit: - Protocol\Handler\ipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4885A41B-7D7D-4C18-9F83-8755AF9A206D} - Microsoft Windows Media Player
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6599E014-44BA-499D-09CD-88F2ADBAFFB7} - .NET Framework
ActiveX: {69D8F580-5871-2A6D-3767-D935946518AF} - Microsoft Windows Media Player
ActiveX: {6B8FA703-E218-4449-7F10-571B07C5E654} - Browser Customizations
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {90EF4A5E-85DB-4825-96F5-1AB93C2A8EEB} - C:\Program Files (x86)\Mindjet\MindManager 10\sys\MmInternetExplorerActiveSetup.vbs
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {DAE9DB07-AF9C-81CC-E4AF-7A16A26F7586} - Microsoft Windows Media Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
 
MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan.lnk -  - File not found
MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^SmartSVN 6.6 (background).lnk -  - File not found
MsConfig:64bit - StartUpFolder: C:^Users^Andy.Fujitsu-Siemens^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk -  - File not found
MsConfig:64bit - StartUpFolder: C:^Users^Andy.Fujitsu-Siemens^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.1.lnk - C:\PROGRA~2\OPENOF~1.ORG\program\QUICKS~1.EXE - ()
MsConfig:64bit - StartUpFolder: C:^Users^Andy.Fujitsu-Siemens^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Terminkalender2.lnk -  - File not found
MsConfig:64bit - StartUpReg: Acrobat Assistant 8.0 - hkey= - key= - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
MsConfig:64bit - StartUpReg: Adobe Acrobat Speed Launcher - hkey= - key= - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: AdobeAAMUpdater-1.0 - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: AdobeCS4ServiceManager - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: AdobeCS5.5ServiceManager - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: DAEMON Tools Lite - hkey= - key= - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
MsConfig:64bit - StartUpReg: DivXUpdate - hkey= - key= - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
MsConfig:64bit - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files (x86)\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig:64bit - StartUpReg: msnmsgr - hkey= - key= - C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
MsConfig:64bit - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files (x86)\QuickTime\QTTask.exe (Apple Inc.)
MsConfig:64bit - StartUpReg: SearchSettings - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: SunJavaUpdateSched - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: svchospt - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: SweetIM - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: swg - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: SwitchBoard - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: TkBellExe - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: tsnp2std - hkey= - key= -  File not found
MsConfig:64bit - State: "bootini" - Reg Error: Key error.
MsConfig:64bit - State: "services" - Reg Error: Key error.
MsConfig:64bit - State: "startup" - Reg Error: Key error.
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.03.26 21:33:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VS Revo Group
[2012.03.26 21:33:26 | 000,000,000 | ---D | C] -- C:\Users\Andrija\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
[2012.03.26 19:22:25 | 000,000,000 | ---D | C] -- C:\Users\Andrija\AppData\Roaming\syntevo
[2012.03.26 19:13:09 | 000,000,000 | ---D | C] -- C:\Users\Andrija\Documents\My eBooks
[2012.03.26 19:13:09 | 000,000,000 | ---D | C] -- C:\Users\Andrija\AppData\Roaming\Mobipocket
[2012.03.25 23:43:38 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012.03.25 03:06:05 | 000,000,000 | ---D | C] -- C:\Program Files\Oracle
[2012.03.25 02:44:15 | 000,000,000 | ---D | C] -- C:\Users\Andrija\AppData\Local\DOSBox
[2012.03.24 18:25:41 | 000,000,000 | ---D | C] -- C:\Users\Andrija\AppData\Roaming\Malwarebytes
[2012.03.24 18:25:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.03.24 18:25:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.03.24 18:04:34 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW
[2012.03.24 14:58:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Ask
[2012.03.24 00:47:15 | 000,000,000 | ---D | C] -- C:\Users\Andrija\AppData\Local\Eclipse
[2012.03.24 00:35:17 | 000,000,000 | ---D | C] -- C:\eclipse
[2012.03.24 00:00:21 | 000,000,000 | ---D | C] -- C:\Users\Andrija\Desktop\Trojaner
[2012.03.23 15:17:26 | 000,305,664 | ---- | C] (Works Ltd.) -- C:\Windows\SysNative\aptwj0qdl.dll
[2012.03.22 14:26:37 | 000,000,000 | ---D | C] -- C:\Users\Andrija\AppData\Local\ElevatedDiagnostics
[2012.03.21 20:56:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
[2012.03.17 13:56:45 | 000,000,000 | ---D | C] -- C:\Users\Andrija\Desktop\VP
[2012.03.15 19:48:25 | 000,000,000 | ---D | C] -- C:\Users\Andrija\AppData\Roaming\iSpring Solutions
[2012.03.13 13:03:06 | 000,000,000 | ---D | C] -- C:\Users\Andrija\Documents\CSF Data
[2012.03.13 13:01:44 | 000,098,304 | ---- | C] (Sony DADC Austria AG.) -- C:\Windows\SysWow64\CmdLineExt.dll
[2012.03.10 12:32:12 | 000,000,000 | ---D | C] -- C:\Users\Andrija\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\JoWooD
[2012.03.10 12:31:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\JoWooD
[2012.03.10 12:10:54 | 000,000,000 | ---D | C] -- C:\Users\Andrija\AppData\Roaming\OpenOffice.org
[2012.03.07 17:14:16 | 000,000,000 | ---D | C] -- C:\Users\Andrija\AppData\Roaming\ArcSoft
[2012.03.06 20:09:58 | 000,000,000 | ---D | C] -- C:\ProgramData\WEBREG
[2012.03.06 20:09:57 | 000,000,000 | ---D | C] -- C:\Users\Andrija\AppData\Roaming\HP
[2012.03.06 20:09:33 | 000,000,000 | ---D | C] -- C:\Users\Andrija\AppData\Local\HP
[2012.03.06 20:06:52 | 000,000,000 | ---D | C] -- C:\Users\Andrija\AppData\Roaming\Yahoo!
[2012.03.06 20:06:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Yahoo!
[2012.03.06 19:59:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Hewlett-Packard
[2012.03.06 19:56:47 | 000,000,000 | -H-D | C] -- C:\Config.Msi
[2012.03.06 19:56:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HP
[2012.03.06 19:54:40 | 000,000,000 | ---D | C] -- C:\Program Files\HP
[2012.03.06 19:52:48 | 000,000,000 | ---D | C] -- C:\ProgramData\HP
[2012.02.28 20:55:05 | 000,000,000 | ---D | C] -- C:\Users\Andrija\AppData\Roaming\Media Finder
[2012.02.28 20:55:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Finder
[2012.02.28 20:22:41 | 000,000,000 | ---D | C] -- C:\Users\Andrija\AppData\Roaming\FinalTorrent
[2012.02.27 23:00:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012.02.27 23:00:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[1 C:\Users\Andrija\AppData\Roaming\*.tmp files -> C:\Users\Andrija\AppData\Roaming\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.03.26 21:55:02 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.03.26 21:33:27 | 000,001,270 | ---- | M] () -- C:\Users\Andrija\Desktop\Revo Uninstaller.lnk
[2012.03.26 21:24:18 | 000,023,312 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.03.26 21:24:18 | 000,023,312 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.03.26 21:16:04 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.03.26 21:15:29 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.03.26 21:15:21 | 1603,084,288 | -HS- | M] () -- C:\hiberfil.sys
[2012.03.26 19:44:26 | 001,552,336 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.03.26 19:44:26 | 000,680,294 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.03.26 19:44:26 | 000,636,410 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.03.26 19:44:26 | 000,136,334 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.03.26 19:44:26 | 000,111,854 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.03.26 19:35:43 | 005,125,712 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.03.26 12:22:21 | 000,139,017 | ---- | M] () -- C:\Users\Andrija\Desktop\Taube.pdf
[2012.03.26 12:22:02 | 000,024,924 | ---- | M] () -- C:\Users\Andrija\Desktop\Taube.png
[2012.03.26 12:22:00 | 000,000,132 | ---- | M] () -- C:\Users\Andrija\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2012.03.23 15:17:27 | 000,305,664 | ---- | M] (Works Ltd.) -- C:\Windows\SysNative\aptwj0qdl.dll
[2012.03.21 21:12:55 | 000,352,256 | ---- | M] () -- C:\Users\Andrija\Documents\Database1.accdb
[2012.03.13 13:01:44 | 000,098,304 | ---- | M] (Sony DADC Austria AG.) -- C:\Windows\SysWow64\CmdLineExt.dll
[2012.03.10 12:32:12 | 000,000,185 | ---- | M] () -- C:\Windows\dievölkergold.ini
[2012.03.10 12:11:36 | 000,001,241 | ---- | M] () -- C:\Users\Andrija\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk
[2012.02.28 20:54:10 | 000,000,237 | ---- | M] () -- C:\user.js
[1 C:\Users\Andrija\AppData\Roaming\*.tmp files -> C:\Users\Andrija\AppData\Roaming\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.03.26 21:33:27 | 000,001,270 | ---- | C] () -- C:\Users\Andrija\Desktop\Revo Uninstaller.lnk
[2012.03.26 12:22:15 | 000,139,017 | ---- | C] () -- C:\Users\Andrija\Desktop\Taube.pdf
[2012.03.26 12:21:57 | 000,024,924 | ---- | C] () -- C:\Users\Andrija\Desktop\Taube.png
[2012.03.21 20:51:49 | 000,352,256 | ---- | C] () -- C:\Users\Andrija\Documents\Database1.accdb
[2012.03.10 12:32:12 | 000,000,185 | ---- | C] () -- C:\Windows\dievölkergold.ini
[2012.03.10 12:11:36 | 000,001,241 | ---- | C] () -- C:\Users\Andrija\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk
[2012.03.08 14:36:03 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2012.02.28 20:54:07 | 000,000,237 | ---- | C] () -- C:\user.js
[2011.11.25 14:56:11 | 000,001,456 | ---- | C] () -- C:\Users\Andrija\AppData\Local\Adobe Für Web speichern 12.0 Prefs
[2011.11.25 14:52:28 | 000,000,022 | ---- | C] () -- C:\Windows\SysWow64\winStudio.bin
[2011.11.25 14:29:24 | 000,000,132 | ---- | C] () -- C:\Users\Andrija\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2011.10.07 23:06:20 | 000,000,000 | ---- | C] () -- C:\Windows\PowerReg.dat
[2011.05.04 12:47:43 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2011.04.12 17:16:45 | 001,578,654 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
 
========== LOP Check ==========
 
[2012.02.16 18:20:09 | 000,000,000 | ---D | M] -- C:\Users\Andrija\AppData\Roaming\Babylon
[2012.01.23 14:56:26 | 000,000,000 | ---D | M] -- C:\Users\Andrija\AppData\Roaming\Blender Foundation
[2011.11.25 14:36:25 | 000,000,000 | ---D | M] -- C:\Users\Andrija\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012.02.28 20:22:41 | 000,000,000 | ---D | M] -- C:\Users\Andrija\AppData\Roaming\FinalTorrent
[2012.02.04 19:06:07 | 000,000,000 | ---D | M] -- C:\Users\Andrija\AppData\Roaming\GetRightToGo
[2012.03.15 19:48:25 | 000,000,000 | ---D | M] -- C:\Users\Andrija\AppData\Roaming\iSpring Solutions
[2012.02.28 20:57:10 | 000,000,000 | ---D | M] -- C:\Users\Andrija\AppData\Roaming\Media Finder
[2012.03.26 19:13:09 | 000,000,000 | ---D | M] -- C:\Users\Andrija\AppData\Roaming\Mobipocket
[2012.03.10 12:10:54 | 000,000,000 | ---D | M] -- C:\Users\Andrija\AppData\Roaming\OpenOffice.org
[2012.01.16 21:03:13 | 000,000,000 | ---D | M] -- C:\Users\Andrija\AppData\Roaming\Origin
[2011.11.28 20:09:48 | 000,000,000 | ---D | M] -- C:\Users\Andrija\AppData\Roaming\Registry Mechanic
[2012.01.11 18:33:25 | 000,000,000 | ---D | M] -- C:\Users\Andrija\AppData\Roaming\Stellarium
[2012.03.26 19:22:25 | 000,000,000 | ---D | M] -- C:\Users\Andrija\AppData\Roaming\syntevo
[2011.11.22 17:38:34 | 000,000,000 | ---D | M] -- C:\Users\Andrija\AppData\Roaming\Thunderbird
[2012.03.26 21:52:42 | 000,000,000 | ---D | M] -- C:\Users\Andrija\AppData\Roaming\toolplugin
[2012.02.05 12:46:27 | 000,000,000 | ---D | M] -- C:\Users\Andrija\AppData\Roaming\YoudaGames
[2012.03.26 19:36:31 | 000,032,604 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*. >
[2011.11.22 16:14:42 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2012.03.24 18:17:01 | 000,000,000 | --SD | M] -- C:\32788R22FWJFW
[2012.02.03 14:03:49 | 000,000,000 | ---D | M] -- C:\93c742743d25b19058b86d55
[2010.02.06 00:08:36 | 000,000,000 | ---D | M] -- C:\ArchitekturDesigner
[2011.06.24 22:49:00 | 000,000,000 | ---D | M] -- C:\Bilder1
[2010.02.06 15:24:25 | 000,000,000 | -HSD | M] -- C:\Boot
[2011.04.30 12:53:44 | 000,000,000 | ---D | M] -- C:\Casino
[2012.03.26 19:35:11 | 000,000,000 | -H-D | M] -- C:\Config.Msi
[2008.12.21 09:48:26 | 000,000,000 | ---D | M] -- C:\Corel
[2010.01.10 11:36:56 | 000,000,000 | ---D | M] -- C:\diplomski
[2008.05.17 20:08:58 | 000,000,000 | ---D | M] -- C:\divx
[2009.04.22 11:23:22 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2009.04.21 23:00:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen
[2012.01.24 15:18:12 | 000,000,000 | ---D | M] -- C:\Downloads
[2008.09.26 13:59:24 | 000,000,000 | ---D | M] -- C:\driver
[2011.09.09 17:32:46 | 000,000,000 | ---D | M] -- C:\eclipse
[2008.03.01 18:01:58 | 000,000,000 | ---D | M] -- C:\Fujitsu Siemens Computers
[2008.04.30 14:43:52 | 000,000,000 | ---D | M] -- C:\HammerAutosave
[2011.05.01 13:35:59 | 000,000,000 | ---D | M] -- C:\inetpub
[2008.12.10 10:54:52 | 000,000,000 | ---D | M] -- C:\Intel
[2009.01.27 19:13:05 | 000,000,000 | ---D | M] -- C:\MAGIX
[2011.04.19 16:16:50 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2009.10.09 13:27:54 | 000,000,000 | ---D | M] -- C:\My Games
[2009.09.06 00:00:26 | 000,000,000 | ---D | M] -- C:\NVIDIA
[2009.04.22 09:16:38 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2012.03.26 18:57:14 | 000,000,000 | R--D | M] -- C:\Program Files
[2012.03.26 21:33:26 | 000,000,000 | R--D | M] -- C:\Program Files (x86)
[2012.03.24 14:58:00 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2008.12.10 19:40:22 | 000,000,000 | -HSD | M] -- C:\Programme
[2009.06.13 16:15:18 | 000,000,000 | -HSD | M] -- C:\Recovery
[2012.03.08 20:17:39 | 000,000,000 | ---D | M] -- C:\s-winprosa
[2010.01.02 22:03:14 | 000,000,000 | ---D | M] -- C:\SIA
[2008.11.21 17:20:26 | 000,000,000 | ---D | M] -- C:\Sierra
[2012.03.26 21:58:32 | 000,000,000 | ---D | M] -- C:\System Volume Information
[2011.10.02 10:32:29 | 000,000,000 | ---D | M] -- C:\TEMP
[2009.01.20 16:24:50 | 000,000,000 | ---D | M] -- C:\trueSpace76
[2012.03.07 22:02:28 | 000,000,000 | R--D | M] -- C:\Users
[2012.03.26 21:15:32 | 000,000,000 | ---D | M] -- C:\Windows
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
< MD5 for: AGP440.SYS  >
[2009.04.22 07:52:58 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=3D530DBF2154679DD0B0D47CA42CE90C -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.04.22 07:52:58 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=3D530DBF2154679DD0B0D47CA42CE90C -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_5a774c2b239a352c\AGP440.sys
[2009.04.22 07:52:58 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=3D530DBF2154679DD0B0D47CA42CE90C -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7100.0_none_87248120cc241bf9\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.04.22 07:52:52 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=F57B8BB59FB27784B67D54D9161D3CD9 -- C:\Windows\SysNative\drivers\atapi.sys
[2009.04.22 07:52:52 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=F57B8BB59FB27784B67D54D9161D3CD9 -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_6240958557aee151\atapi.sys
[2009.04.22 07:52:52 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=F57B8BB59FB27784B67D54D9161D3CD9 -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7100.0_none_aa49bbff2efd111b\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.04.22 07:39:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=85703F94D6830B69EA30CD1EBB6289B8 -- C:\Windows\SysNative\cngaudit.dll
[2009.04.22 07:39:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=85703F94D6830B69EA30CD1EBB6289B8 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7100.0_none_b5757f0a3d07c039\cngaudit.dll
[2009.04.22 07:20:04 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=EC9930C8CDF46295A1354256435CB5DE -- C:\Windows\SysWOW64\cngaudit.dll
[2009.04.22 07:20:04 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=EC9930C8CDF46295A1354256435CB5DE -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7100.0_none_5956e38684aa4f03\cngaudit.dll
 
< MD5 for: EXPLORER.EXE  >
[2009.04.22 07:38:05 | 002,858,496 | ---- | M] (Microsoft Corporation) MD5=0C817F3E033335EDB2DD069EFA84045E -- C:\Windows\explorer.exe
[2009.04.22 07:38:05 | 002,858,496 | ---- | M] (Microsoft Corporation) MD5=0C817F3E033335EDB2DD069EFA84045E -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7100.0_none_1ec63af7872fb13e\explorer.exe
[2009.04.22 07:19:02 | 002,607,616 | ---- | M] (Microsoft Corporation) MD5=C133788B393EEC01439AD997D24E66ED -- C:\Windows\SysWOW64\explorer.exe
[2009.04.22 07:19:02 | 002,607,616 | ---- | M] (Microsoft Corporation) MD5=C133788B393EEC01439AD997D24E66ED -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7100.0_none_291ae549bb907339\explorer.exe
 
< MD5 for: IASTORV.SYS  >
[2009.04.22 07:48:29 | 000,410,704 | ---- | M] (Intel Corporation) MD5=100D70F4650864A12E6D34B5FAA15068 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2009.04.22 07:48:29 | 000,410,704 | ---- | M] (Intel Corporation) MD5=100D70F4650864A12E6D34B5FAA15068 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_18cccb83b34e1453\iaStorV.sys
[2009.04.22 07:48:29 | 000,410,704 | ---- | M] (Intel Corporation) MD5=100D70F4650864A12E6D34B5FAA15068 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7100.0_none_7c22e65d953b3d0e\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.04.22 07:40:41 | 000,690,688 | ---- | M] (Microsoft Corporation) MD5=527F726F895A94F040DF2605BFF8F32E -- C:\Windows\SysNative\netlogon.dll
[2009.04.22 07:40:41 | 000,690,688 | ---- | M] (Microsoft Corporation) MD5=527F726F895A94F040DF2605BFF8F32E -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7100.0_none_cac94b28456d2ad6\netlogon.dll
[2009.04.22 07:21:18 | 000,561,152 | ---- | M] (Microsoft Corporation) MD5=A3EA8619FBBC2D270D79C241CE426618 -- C:\Windows\SysWOW64\netlogon.dll
[2009.04.22 07:21:18 | 000,561,152 | ---- | M] (Microsoft Corporation) MD5=A3EA8619FBBC2D270D79C241CE426618 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7100.0_none_d51df57a79cdecd1\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2009.04.22 07:48:24 | 000,167,504 | ---- | M] (NVIDIA Corporation) MD5=1C09D38432424726932E5B1D62FA561B -- C:\Windows\SysNative\drivers\nvstor.sys
[2009.04.22 07:48:24 | 000,167,504 | ---- | M] (NVIDIA Corporation) MD5=1C09D38432424726932E5B1D62FA561B -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_4d1b6b7b67c54c8c\nvstor.sys
[2009.04.22 07:48:24 | 000,167,504 | ---- | M] (NVIDIA Corporation) MD5=1C09D38432424726932E5B1D62FA561B -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7100.0_none_06ec570ccc71e6e6\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.04.22 07:21:47 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=686BAFE6AF35AF1C8D5EB536A8500430 -- C:\Windows\SysWOW64\scecli.dll
[2009.04.22 07:21:47 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=686BAFE6AF35AF1C8D5EB536A8500430 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7100.0_none_0f7420931aef738c\scecli.dll
[2009.04.22 07:41:00 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=BDBED21EC7818C2AA12A55697572C283 -- C:\Windows\SysNative\scecli.dll
[2009.04.22 07:41:00 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=BDBED21EC7818C2AA12A55697572C283 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7100.0_none_051f7640e68eb191\scecli.dll
 
< MD5 for: USER32.DLL  >
[2009.05.13 08:39:17 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=0F7B8291A7A558E3D9C6A32E25A45E70 -- C:\Windows\SysNative\user32.dll
[2009.05.13 08:39:17 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=0F7B8291A7A558E3D9C6A32E25A45E70 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7100.19_none_020d18c2c6148263\user32.dll
[2009.05.13 08:23:41 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=4F6713BACEF16A84D80110DE1CD46C81 -- C:\Windows\SysWOW64\user32.dll
[2009.05.13 08:23:41 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=4F6713BACEF16A84D80110DE1CD46C81 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7100.19_none_0c61c314fa75445e\user32.dll
[2009.05.13 09:00:52 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=8C6CCA1D44DC3D764D7FF7B610746A55 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7100.4108_none_690444c7f1ac7c4d\user32.dll
[2009.05.13 10:03:45 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=A3CADEC8E08271F4FFF034C5E272995F -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7100.4108_none_5eaf9a75bd4bba52\user32.dll
[2009.04.22 07:11:36 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=ADCBEAE40A6E714BA4E0CF257EA6BFEA -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7100.0_none_a49eaa78af3083ac\user32.dll
[2009.04.22 07:41:30 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=BBD85B4D52566D8600A1062A1607555E -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7100.0_none_9a4a00267acfc1b1\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2009.04.22 07:38:42 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=03F541FCFD3A950CE4E0AFB64A4AE4DC -- C:\Windows\SysNative\userinit.exe
[2009.04.22 07:38:42 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=03F541FCFD3A950CE4E0AFB64A4AE4DC -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7100.0_none_a93a4dfadf233a8a\userinit.exe
[2009.04.22 07:19:37 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=50771CA86FF1ADAF5FD1920F8CB5665E -- C:\Windows\SysWOW64\userinit.exe
[2009.04.22 07:19:37 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=50771CA86FF1ADAF5FD1920F8CB5665E -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7100.0_none_4d1bb27726c5c954\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.04.22 07:38:46 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=007CFB4BF1BE9D43E605FB4CFDFE5D01 -- C:\Windows\SysNative\winlogon.exe
[2009.04.22 07:38:46 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=007CFB4BF1BE9D43E605FB4CFDFE5D01 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7100.0_none_3cd494fbe264be74\winlogon.exe
[2012.01.13 15:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.04.22 06:19:10 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=DD7803B0B23EAB319DC359F02DBFDC5D -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009.04.22 06:19:10 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=DD7803B0B23EAB319DC359F02DBFDC5D -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7100.0_none_1c9834b9d540e8c0\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
< %USERPROFILE%\*.* >
[2012.03.26 22:13:44 | 003,670,016 | -HS- | M] () -- C:\Users\Andrija\NTUSER.DAT
[2012.03.26 22:13:43 | 000,262,144 | -HS- | M] () -- C:\Users\Andrija\ntuser.dat.LOG1
[2011.11.22 16:14:25 | 000,000,000 | -HS- | M] () -- C:\Users\Andrija\ntuser.dat.LOG2
[2011.11.22 17:39:40 | 000,065,536 | -HS- | M] () -- C:\Users\Andrija\NTUSER.DAT{87b498e0-2d68-11de-80f1-001e0bcde3ec}.TM.blf
[2011.11.22 17:39:40 | 000,524,288 | -HS- | M] () -- C:\Users\Andrija\NTUSER.DAT{87b498e0-2d68-11de-80f1-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
[2011.11.22 17:39:40 | 000,524,288 | -HS- | M] () -- C:\Users\Andrija\NTUSER.DAT{87b498e0-2d68-11de-80f1-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
[2011.11.22 16:14:26 | 000,000,020 | -HS- | M] () -- C:\Users\Andrija\ntuser.ini
 
< %USERPROFILE%\Local Settings\Temp\*.exe >
 
< %USERPROFILE%\Local Settings\Temp\*.dll >
 
< %USERPROFILE%\Application Data\*.exe >
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
 
<          >
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 177 bytes -> C:\ProgramData\TEMP:96EE29A3
@Alternate Data Stream - 175 bytes -> C:\ProgramData\TEMP:A4AF8D0D
@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:588B60C7
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:AFFC859A
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:52B72A7C
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:D1B5B4F1
@Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:CB0AACC9

< End of report >

Andrija 26.03.2012 21:30
Extra.txt

Code:
OTL Extras logfile created on: 26.03.2012 21:55:13 - Run 1
OTL by OldTimer - Version 3.2.39.2    Folder = C:\Users\Andrija\Downloads
64bit- Ultimate Edition  (Version = 6.1.7100) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7100.0)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,99 Gb Total Physical Memory | 0,68 Gb Available Physical Memory | 33,94% Memory free
3,98 Gb Paging File | 2,28 Gb Available in Paging File | 57,19% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 230,87 Gb Total Space | 43,92 Gb Free Space | 19,02% Space Free | Partition Type: NTFS
 
Computer Name: FUJITSU-SIEMENS | User Name: Andrija | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl[@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html[@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\SysWow64\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office\WINWORD.EXE" /n
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office\WINWORD.EXE" /x /n
http [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\SysWow64\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office\WINWORD.EXE" /n
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office\WINWORD.EXE" /x /n
http [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = E7 3D 5E 41 2C C3 C9 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 
"AntiVirusOverride" = 0
"FirewallDisableNotify" = 
"FirewallOverride" = 0
"FirstRunDisabled" = 
"UpdatesDisableNotify" = 
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware
"{1111706F-666A-4037-7777-203648764D10}" = JavaFX 2.0.3 (64-bit)
"{11BA2B00-1495-47B8-BFA8-D08C605AB2CC}" = Windows Live Family Safety
"{1280E900-35DA-4E08-A700-B79A5B2B8532}" = Microsoft Antimalware Service DE-DE Language Pack
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{2222706F-666A-4037-7777-203648764D10}" = JavaFX 2.0.3 SDK (64-bit)
"{26A24AE4-039D-4CA4-87B4-2F86417003FF}" = Java(TM) 7 Update 3 (64-bit)
"{42738DB0-FC3E-4672-A99B-9372F5696E30}" = Microsoft Security Client
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{55D55008-E5F6-47D6-B16F-B2A40D4D145F}" = 64 Bit HP CIO Components Installer
"{64A3A4F4-B792-11D6-A78A-00B0D0170030}" = Java(TM) SE Development Kit 7 Update 3 (64-bit)
"{75104836-CAC7-444E-A39E-3F54151942F5}" = Apple Mobile Device Support
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{8A7CAA24-7B23-410B-A7C3-F994B0944160}" = Microsoft Virtual PC 2007
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{90BF0360-A1DB-4599-A643-95AB90A52C1E}" = Microsoft_VC90_MFCLOC_x86_x64
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{94D70749-4281-39AC-AD90-B56A0E0A402E}" = Microsoft Visual C++ 2010  x64 Runtime - 10.0.30319
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{CEA21F20-DBF4-464C-8B81-28B8508AFDDD}" = Windows Live Family Safety
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D66F0C3C-24F2-4463-9E2F-4381E5C40A26}" = iTunes
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DC911ADF-7B60-40F2-A112-FB1EB6402D07}" = Microsoft Security Client DE-DE Language Pack
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"Blender" = Blender
"CCleaner" = CCleaner
"D2D60C36F6B56A6053B40E1E128FB248EDF468BC" = Windows Driver Package - Realtek Semiconductor Corp. (RTL8187B) Net  (05/04/2007 6.1082.0504.2007)
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"Microsoft Security Client" = Microsoft Security Essentials
"PDF-XChange 3_is1" = PDF-XChange 3
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{024521CF-C07E-4F8E-8481-0D75695E03AF}" = PxMergeModule
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{0F53B203-C6A9-4FB0-9086-A2D61396BE5F}" = STRATO Backup Manager
"{117B6BF6-82C3-420C-B284-9247C8568E53}" = Die Sims™ 3 Design-Garten-Accessoires
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1F77C418-2C90-459C-BD33-B56A4182B9FA}" = System Requirements Lab CYRI
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20B1B020-DEAE-48D1-9960-D4C3185D758B}" = Phase 5 HTML-Editor
"{24ECFEDB-6CE0-48D0-8C34-EE4C5BC275BF}" = Die Völker Gold Edition
"{29976EFB-EFF5-43D1-AE49-F62552D1B966}" = iSpring Free 6
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{3521BDBD-D453-5D9F-AA55-44B75D214629}" = Adobe Community Help
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{4422D20B-F530-4E65-8504-31396C9BC066}" = Google SketchUp 8
"{45057FCE-5784-48BE-8176-D9D00AF56C3C}" = Die Sims™ 3 Late Night
"{4E33D05D-76CF-5D3C-4D5D-7727530FA161}" = Adobe Content Viewer
"{4E973CA9-5674-4FB4-8D83-3D8C5EB44AB3}" = Mindjet MindManager 2012
"{544DB849-AB59-4C12-A333-2F214E24870F}" = Commandos Strike Force
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{606A0AC5-5F90-4379-81AE-11B44707E094}" = Adobe After Effects CS5.5 Third Party Content
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{66E375C5-CF5E-4706-B23B-93B52DB754BB}" = AutoSketch Release 8
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A86554B-8928-30E4-A53C-D7337689134D}" = Microsoft Visual C++ 2010  x86 Runtime - 10.0.30319
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71828142-5A24-4BD0-97E7-976DA08CE6CF}" = Die Sims™ 3 Luxus-Accessoires
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7B11296A-F894-449C-8DF6-6AAAA7D4D118}" = Die Sims™ 3 Stadt-Accessoires
"{7B63B2922B174135AFC0E1377DD81EC2}" =
"{823D0051-9B7A-46C3-A29B-AA4D765960ED}" = Google SketchUp Pro 7
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{84C176F9-1DAE-803C-5993-CF8703AE5841}" = Adobe Download Assistant
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{870815CA-6B60-47B6-88DD-A67F42D2F03E}" = GPL MPEG-1/2 DirectShow Decoder Filter
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8CC8D1F6-B529-4626-B00A-CC829FACD483}" = Architektur Designer 2010 1.1.0.5
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.PRJPRO_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PRJPRO_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PRJPRO_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.PRJPRO_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PRJPRO_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.PRJPRO_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.SingleImage_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.PRJPRO_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.SingleImage_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003B-0000-0000-0000000FF1CE}" = Microsoft Office Project Professional 2010
"{90140000-003B-0000-0000-0000000FF1CE}_Office14.PRJPRO_{8A8F117F-8EDB-440D-B679-F08909D729F7}" = Microsoft Project 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.PRJPRO_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00B4-0407-0000-0000000FF1CE}" = Microsoft Office Project MUI (German) 2010
"{90140000-00B4-0407-0000-0000000FF1CE}_Office14.PRJPRO_{86D01646-1942-4253-B11F-68F5ED259B17}" = Microsoft Project 2010 Service Pack 1 (SP1)
"{910F4A29-1134-49E0-AD8B-56E4A3152BD1}" = Die Sims™ 3 Traumkarrieren
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{9475016C-F7F1-4F45-9246-A9170F9DB0AC}" = 802.11g Wireless USB 2.0 Adapter HW.14
"{94B8E8AF-7F52-4AEB-8731-450942059E89}" = Boost Libraries for C++Builder 2010
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{99E862CC-6F69-4D39-99AA-DBF71BF3B585}" = OpenOffice.org 3.1
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9E1BAB75-EB78-440D-94C0-A3857BE2E733}" = System Requirements Lab
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-1033-F400-7760-000000000005}" = Adobe Acrobat X Pro - English, Français, Deutsch
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.2) - Deutsch
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{B7E38540-E355-3503-AFD7-635B2F2F76E1}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
"{BA26FFA5-6D47-47DB-BE56-34C357B5F8CC}" = Die Sims™ 3 Reiseabenteuer
"{BDE646E8-86E0-50E1-37BC-0AEBB2185D76}" = Adobe Widget Browser
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = Die Sims™ 3
"{C270BC04-1540-4673-960F-A546B2C860CD}" = Commandos 3 - Destination Berlin
"{C28DD992-5B7B-D195-6841-4EC57DF512BD}" = Adobe Story
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D57FC112-312E-4D70-860F-2DB8FB6858F0}" = Adobe Creative Suite 5.5 Master Collection
"{D7D50E0C-27DD-4999-BC05-E026B580F93A}" = Electronic Arts Product Registration
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E6B88BD6-E4B2-4701-A648-B6DAC6E491CC}" = Die Sims™ 3 Lebensfreude
"{E9E34215-82EF-4909-BE2F-F581F0DC9062}" = DirectX for Managed Code Update (Summer 2004)
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8
"{EFC1B35C-FFF2-41D8-A70A-CE6037F8040B}" = AGEIA PhysX v7.07.24
"{EFD0BFEB-980E-491B-833B-A8848E5E0F0F}" = Hyplay
"{F00221DA-CEAC-4FF3-9B67-2B0BCAB0EDA5}" = VokabelTrainer vT
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F4FC05EB-94A9-418A-ABC4-A2FBBB4F6C15}" = Embarcadero Delphi and C++Builder 2010 Help System
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"{FF29527A-44CD-3422-945E-981A13584000}" = VC Runtimes MSI
"8458-4195-6614-3708" = Vektoris3D 2.0
"Adobe AIR" = Adobe AIR
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Artisteer 2" = Artisteer 2
"Ashampoo Burning Studio Elements_is1" = Ashampoo Burning Studio Elements 10.0.9
"Avi Player" = Avi Player
"Avira AntiVir Desktop" = Avira Free Antivirus
"Boost Libraries for C++Builder 2010" = Boost Libraries for C++Builder 2010
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.AdobeStory.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Story
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.dmp.contentviewer" = Adobe Content Viewer
"com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant
"com.adobe.WidgetBrowser.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1" = Adobe Widget Browser
"DFTools" = DFTools
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup" = DivX-Setup
"ElsterFormular für Privatanwender 12.2.1.6570p" = ElsterFormular für Privatanwender
"Embarcadero Delphi and C++Builder 2010 Help System" = Embarcadero Delphi and C++Builder 2010 Help System
"EMX Javascript Professional_is1" = EMX Javascript Professional 2.0
"Firebird SQL Server D" = Firebird SQL Server - MAGIX Edition
"GeoGebra" = GeoGebra
"IconCool Studio 7 Pro" = IconCool Studio 7 Pro
"InstallShield_{D7D50E0C-27DD-4999-BC05-E026B580F93A}" = Electronic Arts Product Registration
"isfree_is1" = iSpring Free 4.3
"JoJoThumb_is1" = JoJoThumb 2.11.2
"MAGIX 3D Maker D" = MAGIX 3D Maker (embeded)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.60.1.1000
"Mozilla Firefox 10.0.2 (x86 de)" = Mozilla Firefox 10.0.2 (x86 de)
"Mozilla Thunderbird 11.0 (x86 de)" = Mozilla Thunderbird 11.0 (x86 de)
"Office14.PRJPRO" = Microsoft Project Professional 2010
"Office14.SingleImage" = Microsoft Office Professional 2010
"OpenAL" = OpenAL
"RealArcade 1.2" = RealArcade
"Revo Uninstaller" = Revo Uninstaller 1.93
"RouterControl" = RouterControl 2.0
"ST6UNST #2" = Ordner Icon V2.1
"Stellarium_is1" = Stellarium 0.10.6.1
"Super Mario World_is1" = Super Mario World
"Terminkalender2" = Softwarenetz Terminkalender2
"UltraISO_is1" = UltraISO Premium V9.52
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 1.1.5
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"YTdetect" = Yahoo! Detect
 
========== Last 10 Event Log Errors ==========
 
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
 
< End of report >

markusg 27.03.2012 09:35
noch irgendwelche probleme festzustellen?

Andrija 27.03.2012 15:54
Nein keine mehr :)

markusg 27.03.2012 16:49
dann otl öffnen, bereinigen klicken, nach neustart sind die von uns verwendeten tools weg.
pc absichern:
als antimalware programm würde ich emsisoft empfehlen.
diese haben für mich den besten schutz kostet aber etwas.
http://www.trojaner-board.de/103809-...i-malware.html
testversion:
Meine Antivirus-Empfehlung: Emsisoft Anti-Malware
insbesondere wenn du onlinebanking, einkäufe, sonstige zahlungsabwicklungen oder ähnlich wichtiges, wie zb berufliches machst, also sensible daten zu schützen sind, solltest du in sicherheitssoftware investieren.
vor dem aktivieren der lizenz die 30 tage testzeitraum ausnutzen.

kostenlos, aber eben nicht ganz so gut wäre avast zu empfehlen.
http://www.trojaner-board.de/110895-...antivirus.html
sag mir welches du nutzt, dann gebe ich konfigurationshinweise.
bitte dein bisheriges av deinstalieren
die folgende anleitung ist umfangreich, dass ist mir klar, sie sollte aber umgesetzt werden, da nur dann dein pc sicher ist. stelle so viele fragen wie nötig, ich arbeite gern alles mit dir durch!

http://www.trojaner-board.de/96344-a...-rechners.html
Starte bitte mit der Passage, Windows Vista und Windows 7
Bitte beginne damit, Windows Updates zu instalieren.
Am besten geht dies, wenn du über Start, Suchen gehst, und dort Windows Updates eingibst.
Prüfe unter "Einstellungen ändern" dass folgendes ausgewählt ist:
- Updates automatisch Instalieren,
- Täglich
- Uhrzeit wählen
- Bitte den gesammten rest anhaken, außer:
- detailierte benachichtungen anzeigen, wenn neue Microsoft software verfügbar ist.
Klicke jetzt die Schaltfläche "OK"
Klicke jetzt "nach Updates suchen".
Bitte instaliere zunächst wichtige Updates.
Es wird nötig sein, den PC zwischendurch neu zu starten. falls dies der Fall ist, musst du erneut über Start, Suchen, Windows Update aufrufen, auf Updates suchen klicken und die nächsten instalieren.
Mache das selbe bitte mit den optionalen Updates.
Bitte übernimm den rest so, wie es im Abschnitt windows 7 / Vista zu lesen ist.
aus dem Abschnitt xp, bitte den punkt "datenausführungsverhinderung, dep" übernehmen.
als browser rate ich dir zu chrome:
Installation von Google Chrome für mehrere Nutzerkonten - Google Chrome-Hilfe
anleitung lesen bitte
falls du nen andern nutzen willst, sags mir dann muss ich teile der nun folgenden anleitung


Sandboxie
Die devinition einer Sandbox ist hier nachzulesen:
Sandbox
Kurz gesagt, man kann Programme fast 100 %ig isuliert vom System ausführen.

Der Vorteil liegt klar auf der Hand, wenn über den Browser Schadcode eingeschläust wird, kann dieser nicht nach außen dringen.
Download Link:
http://filepony.de/download-sandboxie/
anleitung:
http://www.trojaner-board.de/71542-a...sandboxie.html
ausführliche anleitung als pdf, auch abarbeiten:
Sandbox Einstellungen |

bitte folgende zusatz konfiguration machen:
sandboxie control öffnen, menü sandbox anklicken, defauldbox wählen.
dort klicke auf sandbox einstellungen.
beschrenkungen, bei programm start und internet zugriff schreibe:
chrome.exe
dann gehe auf anwendungen, webbrowser, chrome.
dort aktiviere alles außer gesammten profil ordner freigeben.
Wie du evtl. schon gesehen hast, kannst du einige Funktionen nicht nutzen.
Dies ist nur in der Vollversion nötig, zu deren Kauf ich dir rate.
Du kannst zb unter "Erzwungene Programmstarts" festlegen, dass alle Browser in der Sandbox starten.
Ansonsten musst du immer auf "Sandboxed webbrowser" klicken bzw Rechtsklick, in Sandboxie starten.
Eine lebenslange Lizenz kostet 30 €, und ist auf allen deinen PC's nutzbar.

Weiter mit:
Maßnahmen für ALLE Windows-Versionen
alles komplett durcharbeiten
anmerkung zu file hippo.
in den settings zusätzlich auswählen:
Run updateChecker
when Windows starts

Backup Programm:
in meiner Anleitung ist bereits ein Backup Programm verlinkt, als Alternative bietet sich auch das Windows eigene Backup Programm an:
Windows 7 Systemabbild erstellen (Backup)
Dies ist aber leider nur für Windows 7 Nutzer vernünftig nutzbar.
Alle Anderen sollten sich aber auf jeden fall auch ein Backup Programm instalieren, denn dies kann unter Umständen sehr wichtig sein, zum Beispiel, wenn die Festplatte einmal kaputt ist.

Zum Schluss, die allgemeinen sicherheitstipps beachten, wenn es dich betrifft, den Tipp zum Onlinebanking beachten und alle Passwörter ändern
bitte auch lesen, wie mache ich programme für alle sichtbar:
Programme für alle Konten nutzbar machen - PCtipp.ch - Praxis & Hilfe
surfe jetzt also nur noch im standard nutzer konto und dort in der sandbox.
wenn du die kostenlose version nutzt, dann mit klick auf sandboxed web browser, wenn du die bezahlversion hast, kannst du erzwungene programm starts festlegen, dann wird sandboxie immer gestartet wenn du nen browser aufrufst.
wenn du mit der maus über den browser fährst sollte der eingerahmt sein, dann bist du im sandboxed web browser

Andrija 28.03.2012 16:11
Vielen Dank für deine Führung durch die Behebung meines Problems. Hat alles super geklappt :). Ich werde euch garantiert unterstützen.

Ich habe noch ein paar Fragen:

Ich habe gelesen, dass man NIE zwei Virenschutzprogramme gleichzeitig laufen lassen soll. Wieso? Ich habe Avira und Microsoft Security Essential. Welches würdest du empfehlen?

markusg 28.03.2012 16:26
hi,
du hast aber schon meine empfehlungen zum antimalware programm gelesen?
danke für die spende :-)
2 antimalware programme verlangsamen das system, und können, wenn sie beide versuchen ein problem zu beheben dem system mehr schaden.
ich möchte erst mal anhand einer checkliste prüfen ob du alles hast.
- instalieren von optionalen und wichtigen updates.
- konfigurieren von windows updates.
- dep für alle prozesse aktivieren.
- sehop aktivieren.
- emsisoft oder avast instalieren (teile mir mit welches)
- chrome instalieren.
- sandboxie instalieren.
- autorun deaktivieren.
- panda vaccine instalieren.
- secunia instalieren.
- file hippo instalieren.
beachte:
secunia und file hippo bieten englische updates, überall wo du auf die nutzeroberfläche zugreifst, wie zb reader, browser, etc benötigst du deutsche updates, also hier die hersteller seiten in den favoriten deines browsers speichern und wenn ein update gezeigt wird, von dort hohlen, bei java, flash quicktime, ist es egal ob deutsch oder englisch.
- backup software instalieren, backup und rettungsdvd erstellen.
hier ne kurze anleitung:
Anleitung: Systemabbild mit Paragon Drive Backup - NETZWELT

- wenn du onlinebanking machst, kann ich noch kurz was über die vorteile von card reader und banking software sagen.

Andrija 28.03.2012 16:30
Ich bin gerade dabei die Checkliste durchzugehen :) Deine Empfehlung habe ich auch gelesen, doch muss ich mir noch überlegen ob ich die software kaufe. Tendiere eher gegen "Ja" :). Meine Mutter macht immer online-banking. Kannst du mir bitte was dazu sagen :)

Danke

markusg 28.03.2012 16:32
hi,
wenn du nichts dagegen hast, würde ich das gern zum ende tun, wenn wir die liste durch haben.
ich geb dir schon mal die konfiguration für emsisoft:

emsisoft öffnen, einstellungen klicken.
geplanter scan.
wähle starten um, ich persönlich hab monatlich, kannst aber auch wöchendlich einstellen.
uhrzeit, und bei monatlich ebenfalls datum wählen.
unsichtbar, falls du das scan fenster nicht sehen möchtest.
und verpasste scans nachholen.
auto update:
intervall, täglich, stündlich von 00.00 bis 23.59
heißt jede stunde updates.
einstellung: update
am antimalware network teilnemen.
die andern beiden haken, beta updates und zusätzliche sprachen, nicht setzen.

rest bleibt.
klicke jetzt auf wächter:
dort auf wächter.
verhaltensanalyse aktivieren, alles selektieren.
jetzt auf alarme:
aktiviere dort comunety basierte alarm reduktion.
unter anderem dafür gibt es das antimalware network.
die comunety basierte alarm reduktion betrifft die verhaltensanalyse.
emsisoft gibt, bei einigen programmen, meldungen raus, weil das verhalten des programmes dies notwendig macht.
da manche user sich damit nicht auskennen, was keine schande ist, :-) wird hier geprüft, wie viele nutzer haben programm x erlaubt oder blockiert.
hier haben wir im moment 90 % eingestellt, also wenn 90 % sagen, das programm ist io, wird ne erlauben regel angelegt, wenn sie sagen, programm x ist bösartig, automatisch blockiert.
wenn du dir das allein zutraust, musst du den haken nicht setzen.
wenn zb nur 70 % aller user sagen programm x ist gut oder bösartig, wird dir dies in einer grafik angezeigt
jetzt auf datei wächter.
standard atkion für erkannte objekte, alarmieren.
surf schutz:
hier alles auf blockieren mit info.
wenn es eine seite gibt, die versehens blockiert wird, kanns du die direkt über das popup erlauben was es bei der blockierung gibt, oder über host regeln.
wenn dir diese info popups nicht gefallen musst du alles auf unsichtbar blockieren stellen, aber drann denken, zu prüfen wenn du ne seite hast, die nicht geladen wird, ob emsi sie geblockt hatt.

das wäre es, hoffe es war verständlich.

Andrija 28.03.2012 16:55
Klar ist es verständlich danke :) Ich habe bloß ein Problem bei der Installation. Wieso fragt er nach Service Pack 1?

markusg 28.03.2012 17:08
weil du windows 7 servicepack 1 benötigst.
mache erst mal weiter mit den windows updates.

Andrija 28.03.2012 17:10
Updates sind alle abgehakt :)

kannst du mir bitte helfen? Ich brauche Hilfe beim aktivieren von DEP. Hab schon den cmd Modus ausgeführt und die bcdedit.exe ausgeführt aber weiter komm ich nicht.

markusg 29.03.2012 10:29
lies mal bitte bei der anleitung für dep den abschnitt windows 2000, du kannst es genauso über die systemsteuerung machen.

Andrija 29.03.2012 16:15
Okay Checkliste abgehackt. Habe nur Mozilla als Browser gewählt, da ich auch Thunderbird verwende. http://www.trojaner-board.de/96344-a...rechners.html. Dieser Link hat auch Mozilla Firefox empfohlen. Ich habe die empfohlenen AddOns installiert.

markusg 29.03.2012 16:40
jo aber zeiten endern sich :-)
chrome schon mal angesehen? er ist sicheer und sollte auch schneller sein.
ging das mit emsisoft jetzt?

Andrija 31.03.2012 17:20
Alles klar :) Ich wähle Google Chrome. Das mit Emsisoft hat leider nicht funktioniert. Windows verlangt das Service Pack 1. Hab unter Windows Updates jedoch kein solches gesehen. Daraufhin hab ich dieses Update bei Chip.de gesucht. Es konnte jedoch nicht installiert werden, da meine Windows Version angeblich eine Vorabversion ist. Hab im Internet recherchiert jedoch nichts sinnvolles gefunden. Woran kann dies liegen? Kannst du mir bitte helfen?

Danke

markusg 01.04.2012 18:32
hi,
von wo stammt deine windows version, vor instaliert, selbst gekauft?

Andrija 02.04.2012 16:58
Sie war schon installiert bevor ich meinen Laptop gekauft habe.

markusg 02.04.2012 17:07
hast du denn sämmtliche windows updates instaliert? wenn du jetzt dort auf suchen klickst, wird in den beiden kategorieen keines mehr angezeigt?

Andrija 03.04.2012 15:58
Nein keines mehr. Nur eine ungarische Spracherweiterung welche ich nicht benötige. Ist es nötig diese zu installieren um da Service Pack 1 zu installieren?

markusg 03.04.2012 16:41
ne, die kann man ausblenden :-)
mach mal nen rechtsklick auf computer, dort auf eigenschaften und guck mal ob da windows 7 bzw windows 7 servicepack 1 (sp1) steht

Andrija 03.04.2012 16:52
Ne steht nichts dran :heulen:

markusg 04.04.2012 10:33
ist ja komisch.
weis ich jetzt nicht ob ich das gefragt hatte, aber hast du noch garantie?
ich würd den hersteller mal direkt fragen wie sie sich das gedacht haben, dass du mit deiner windows version alle updates bekommst.

Andrija 04.04.2012 16:11
echt ist es so schlimm :S

markusg 04.04.2012 19:40
naja, du kannst davon ausgehen das die programme in zukunft für servicepack 1 entwickelt werden.
außerdem endet die unterstützung für nicht geupdatete windows versionen meist früher.
dann enthalten servicepacks immer bugfixes etc.

Andrija 06.04.2012 18:44
Toll. Wie soll ich des jetzt hinbekommen. Ich muss ja jetzt ein neues Windows 7 installieren, weil anscheinend diese Version einen Fehler enthält. Im Internet finde ich auch keine Lösung zu diesem Problem. Gibt es eine Möglichkeit, um die Version zu aktualisieren ohne meine ganzen Daten davor zu sichern um das Windows neu zu installieren.

Danke für deine Hilfe!

markusg 11.04.2012 08:54
ich hab ja gesagt, den hersteller deines pcs anschreiben.


Alle Zeitangaben in WEZ +1. Es ist jetzt 13:59 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131