Trojaner-Board
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Gvu Trojaner eingefangen :( (https://www.trojaner-board.de/128102-gvu-trojaner-eingefangen.html)

Apolskis 13.12.2012 09:05
Gvu Trojaner eingefangen :(
 
Guten morgen! Ich habe mir heute morgen in Herrgotts früher einen richtig ekligen Trojaner eingefangen. Unstete den guten Gvu mit Webcamerpressung . Ich steh jetzt da ohne Laptop ,den ich aber noch für die Arbeit und die Schule brauche. Kann mir da jemand helfen ? MfG Apolskis

Psychotic 13.12.2012 09:23
Um eine genauere Analyse zu ermöglichen, befolge bitte diesen Link:

An alle Hilfesuchenden! Was muss ich vor Eröffnung eines Themas beachten?

Hinweis: Poste die erstellten Logfiles hier in deinem Thema - erstelle kein neues!

Falls bereits installierte Antivirensoftware Funde gemeldet hat: Füge unbedingt die entsprechenden Logdateien bei!

Apolskis 13.12.2012 09:23
Hier mein Logfile:

Malwarebytes Anti-Malware (Test) 1.65.1.1000
Malwarebytes : Free anti-malware download

Datenbank Version: v2012.12.13.02

Windows 7 x64 NTFS (Abgesichertenmodus/Netzwerkfähig)
Internet Explorer 9.0.8112.16421
Kevin :: BELLAKIWI-PC [Administrator]

Schutz: Deaktiviert

13.12.2012 09:15:30
mbam-log-2012-12-13 (09-15-30).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 244835
Laufzeit: 3 Minute(n), 30 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run| (Trojan.Ransom) -> Daten: C:\Users\Kevin\AppData\Local\Temp\wpbt0.dll -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 1
C:\Recycle.Bin (Trojan.Spyeyes) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateien: 4
C:\Users\Kevin\AppData\Local\Temp\wpbt0.dll (Trojan.Ransom) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\BellaKiwi\AppData\Local\Temp\2F88.tmp (Exploit.Drop.GS) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk (Trojan.Ransom.SUGen) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Recycle.Bin\485D930B87815E6 (Trojan.Spyeyes) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

Psychotic 13.12.2012 09:26
Machst du mit dem Rechner Onlinebanking oder tätigst du damit andere finanzielle Transaktionen, wie zum Beispiel PayPal, Interneteinkäufe oder Kreditkartenzahlungen?

Apolskis 13.12.2012 09:41
Nur Interneteinkäufe via Amazon oder Ebay. Aber ohne Paypal und Kreditkartenzahlung.

Psychotic 13.12.2012 09:51
Einer der Schädlinge auf dem Rechner stiehlt Daten über finanzielle Transaktionen.
Ich würde dir aus Sicherheitsgründen dringend zu einer Neuinstallation und anschließender Absicherung raten!

Apolskis 13.12.2012 10:12
Gibt es noch eine andere Möglichkeit als eine Neuinstalation?

Psychotic 13.12.2012 11:29
Ja, wir können den Rechner bereinigen. Allerdings wäre eine Neuinstallation hier die sicherste Variante, da wir dir nie eine Garantie geben können.

Apolskis 13.12.2012 11:38
Also ein bekannter hatte seinen PC damals glaub ich auch bei gleichen Problem nur bereinigt. Wie müsste ich dann Vorgehen ? Ich würde das Risiko dann eingehen .

Psychotic 13.12.2012 11:41
:hallo:

Mein Name ist Marius und ich werde dir bei deinem Problem helfen.

Eines vorneweg:

Hinweis: Wir können hier nie dafür garantieren, dass wir sämtliche Reste von Schadsoftware gefunden haben. Eine Formatierung ist meist der schnellste und immer der sicherste Weg.

Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass dein Rechner clean ist.

Eine Bereinigung ist mitunter mit viel Arbeit für dich verbunden.
  1. Bitte arbeite alle Schritte der Reihe nach ab.
  2. Lese die Anleitungen sorgfältig. Solltest du irgendwo nicht weiterkommen, stoppe an diesem Punkt und beschreibe dein Problem hier!
  3. Nur Scans durchführen, zu denen du von einem Helfer aufgefordert wirst.
  4. Bitte kein Crossposting (posten in mehreren Foren) - wenn du die Anweisungen mehrere Helfer ausführst, kann das schwere Probleme nach sich ziehen!.
  5. Installiere oder Deinstalliere während der Bereinigung keine Software (ausser, du wurdest dazu aufgefordert).
  6. Wenn etwas unklar ist: Frage, bevor du etwas "blind" machst!

    ...und ganz wichtig:

  7. Poste die Logfiles mit code-tags (das #-Symbol oben im Antwortfenster) in deinen Thread! Nicht anhängen, außer, ich fordere dich dazu auf. (Erschwert mir nämlich das Auswerten).


Vista und Win7 User
Alle Tools mit Rechtsklick --> "als Administrator ausführen" starten.




Schritt 1: defogger



Downloade Dir bitte defogger von jpshortstuff auf Deinem Desktop.
  • Starte das Tool mit Doppelklick.
    Vista und Win7 User mit Rechtsklick "als Administrator starten".
  • Klicke nun auf den Disable Button um die Treiber gewisser Emulatoren zu deaktivieren.
  • Wenn der Scan beendet wurde ( Finished ), klicke auf OK.
  • Defogger fordert gegebenfalls zum Neustart auf. Bestätige dies mit OK.
Sollte Defogger eine Fehlermeldung ausgeben, poste bitte die defogger_disable Log von deinem Desktop.
Klicke den Re-enable Button nicht ohne Anweisung.




Schritt 2: Scan mit TDSS-Killer




Lese bitte folgende Anweisungen genau. Wir wollen hier noch nichts "fixen" sondern nur einen Scan Report sehen.

 Downloade dir bitte TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und speichere das Logfile. TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern ( Meistens C:\ ) Als Beispiel: C:\TDSSKiller.<version_date_time>log.txt
Poste den Inhalt bitte hier in deinen Thread.




Schritt 3: OTL



Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop ( falls noch nicht vorhanden)
  • Doppelklick auf die OTL.exe
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in den Thread.

Apolskis 13.12.2012 12:54
Bei 1, kam keine fehlermeldung aber ich poste es trotzdem. Bei Schritt 2 wird mir gesagt, das nichts gefunden wurde? Ist das Normal?
Code:
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 12:46 on 13/12/2012 (Kevin)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-

Psychotic 13.12.2012 13:52
Wenn kein rootkit am System ist, kann es auch nicht gefunden werden! ;)

Poste mir dennoch das Logfile

Apolskis 13.12.2012 17:37
Code:
OTL logfile created on: 12/13/2012 5:14:25 PM - Run 1
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\Kevin\Downloads
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.97 Gb Total Physical Memory | 2.28 Gb Available Physical Memory | 57.54% Memory free
7.93 Gb Paging File | 6.03 Gb Available in Paging File | 75.99% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 113.00 Gb Total Space | 14.69 Gb Free Space | 13.00% Space Free | Partition Type: NTFS
Drive D: | 167.10 Gb Total Space | 145.52 Gb Free Space | 87.09% Space Free | Partition Type: NTFS
Drive E: | 4.15 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
 
Computer Name: BELLAKIWI-PC | User Name: Kevin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC -  File not found
PRC - C:\Users\Kevin\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Origin\Origin.exe (Electronic Arts)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Samsung\Samsung Update Plus\SUPBackground.exe (Samsung Electronics)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe (SAMSUNG Electronics)
PRC - C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe (SEC)
PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Program Files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe (Samsung Electronics Co., Ltd.)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Program Files (x86)\Origin\tufao.dll ()
MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\Resdll.dll ()
MOD - C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll ()
MOD - C:\Program Files (x86)\Samsung\Easy Display Manager\HookDllPS2.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (CGVPNCliSrvc) -- C:\Program Files\CyberGhost VPN\CGVPNCliService.exe (mobile concepts GmbH)
SRV:64bit: - (Samsung UPD Service) -- C:\Windows\SysNative\SUPDSvc.exe (Samsung Electronics CO., LTD.)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (NOBU) -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe (Symantec Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (tap0901) -- C:\Windows\SysNative\drivers\tap0901.sys (The OpenVPN Project)
DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation)
DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation)
DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation)
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation)
DRV:64bit: - (ETD) -- C:\Windows\SysNative\drivers\ETD.sys (ELAN Microelectronics Corp.)
DRV:64bit: - (yukonw7) -- C:\Windows\SysNative\drivers\yk62x64.sys (Marvell)
DRV:64bit: - (Netaapl) -- C:\Windows\SysNative\drivers\netaapl64.sys (Apple Inc.)
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atipmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek Corporation                                            )
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (SABI) -- C:\Windows\SysNative\drivers\SABI.sys (SAMSUNG ELECTRONICS)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (rtport) -- C:\Windows\SysWOW64\drivers\rtport.sys (Windows (R) 2003 DDK 3790 provider)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://samsung.msn.com
IE - HKLM\..\URLSearchHook:  - No CLSID value found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found
IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=SMSTDF&pc=MASM&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://samsung.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://eu.ask.com/web?l=dis&o=APN10234&gct=hp&apn_dtid=^YYYYYY^YY^DE&apn_ptnrs=^A8B&apn_uid=4225280570824854&p2=^A8B^YYYYYY^YY^DE
IE - HKCU\..\URLSearchHook:  - No CLSID value found
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKCU\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
IE - HKCU\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKCU\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = hxxp://websearch.ask.com/custom/java/redirect?client=ie&tb=ORJ&o=100000026&src=kw&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=OSJ000
IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
IE - HKCU\..\SearchScopes\{B9C7CE32-DA91-43C2-B7E9-0E9AAFC675CD}: "URL" = hxxp://eu.ask.com/web?l=dis&o=APN10234&gct=sb&qsrc=2869&apn_dtid=^YYYYYY^YY^DE&apn_ptnrs=^A8B&apn_uid=4225280570824854&p2=^A8B^YYYYYY^YY^DE&q={searchTerms}
IE - HKCU\..\SearchScopes\{DF5DDE09-898D-4B11-9493-A23F477393AD}: "URL" = hxxp://www.bing.com/search?FORM=WLETDF&PC=WLEM&q={searchTerms}&src=IE-SearchBox
IE - HKCU\..\SearchScopes\Plasmoo: "URL" = hxxp://plasmoo.com/index.htm?SearchMashine=true&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.defaultthis.engineName: "Plasmoo"
FF - prefs.js..browser.search.defaulturl: "hxxp://plasmoo.com/index.htm?SearchMashine=true&amp;q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://plasmoo.com"
FF - prefs.js..extensions.enabledAddons: engine%40plasmoo.com:1.0.0.32
FF - prefs.js..extensions.enabledAddons: %7B800b5000-a755-47e1-992b-48a1c1357f07%7D:1.5.3
FF - prefs.js..extensions.enabledAddons: %7B872b5b88-9db5-4310-bdd0-ac189557e5f5%7D:3.16.0.3
FF - prefs.js..extensions.enabledAddons: %7BACAA314B-EEBA-48e4-AD47-84E31C44796C%7D:4.2.1.9
FF - prefs.js..extensions.enabledAddons: toolbar%40ask.com:3.9.1.100005
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:2.7.2.0
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.9
FF - prefs.js..extensions.enabledItems: engine@plasmoo.com:1.0.0.32
FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&q="
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Program Files (x86)\TVUPlayer\npTVUAx.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/12/07 20:10:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/12/07 20:09:57 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/12/07 20:10:01 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/12/07 20:09:57 | 000,000,000 | ---D | M]
 
[2011/01/11 22:32:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kevin\AppData\Roaming\mozilla\Extensions
[2012/12/12 08:26:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kevin\AppData\Roaming\mozilla\Firefox\Profiles\hzwf6iww.default\extensions
[2012/07/30 19:57:55 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\Kevin\AppData\Roaming\mozilla\Firefox\Profiles\hzwf6iww.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2012/11/15 20:42:41 | 000,000,000 | ---D | M] (DVDVideoSoftTB Community Toolbar) -- C:\Users\Kevin\AppData\Roaming\mozilla\Firefox\Profiles\hzwf6iww.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2011/05/04 12:51:31 | 000,000,000 | ---D | M] (Plasmoo Search Engine) -- C:\Users\Kevin\AppData\Roaming\mozilla\Firefox\Profiles\hzwf6iww.default\extensions\engine@plasmoo.com
[2011/07/06 14:14:57 | 000,000,000 | ---D | M] ("Ask Toolbar") -- C:\Users\Kevin\AppData\Roaming\mozilla\Firefox\Profiles\hzwf6iww.default\extensions\toolbar@ask.com
[2012/12/12 08:26:21 | 000,036,098 | ---- | M] () (No name found) -- C:\Users\Kevin\AppData\Roaming\mozilla\firefox\profiles\hzwf6iww.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi
[2011/07/05 12:33:06 | 000,002,395 | ---- | M] () -- C:\Users\Kevin\AppData\Roaming\mozilla\firefox\profiles\hzwf6iww.default\searchplugins\askcom.xml
[2012/11/20 11:35:16 | 000,002,306 | ---- | M] () -- C:\Users\Kevin\AppData\Roaming\mozilla\firefox\profiles\hzwf6iww.default\searchplugins\askcomsearch.xml
[2011/04/04 20:46:12 | 000,001,832 | ---- | M] () -- C:\Users\Kevin\AppData\Roaming\mozilla\firefox\profiles\hzwf6iww.default\searchplugins\bing.xml
[2011/03/26 15:29:00 | 000,000,873 | ---- | M] () -- C:\Users\Kevin\AppData\Roaming\mozilla\firefox\profiles\hzwf6iww.default\searchplugins\conduit.xml
[2012/12/10 19:48:24 | 000,000,950 | ---- | M] () -- C:\Users\Kevin\AppData\Roaming\mozilla\firefox\profiles\hzwf6iww.default\searchplugins\icqplugin-1.xml
[2011/11/28 12:07:49 | 000,000,950 | ---- | M] () -- C:\Users\Kevin\AppData\Roaming\mozilla\firefox\profiles\hzwf6iww.default\searchplugins\icqplugin-10.xml
[2011/11/28 22:29:54 | 000,000,950 | ---- | M] () -- C:\Users\Kevin\AppData\Roaming\mozilla\firefox\profiles\hzwf6iww.default\searchplugins\icqplugin-11.xml
[2011/12/24 15:10:56 | 000,000,950 | ---- | M] () -- C:\Users\Kevin\AppData\Roaming\mozilla\firefox\profiles\hzwf6iww.default\searchplugins\icqplugin-12.xml
[2012/01/09 01:09:15 | 000,000,950 | ---- | M] () -- C:\Users\Kevin\AppData\Roaming\mozilla\firefox\profiles\hzwf6iww.default\searchplugins\icqplugin-13.xml
[2012/01/26 22:19:26 | 000,000,950 | ---- | M] () -- C:\Users\Kevin\AppData\Roaming\mozilla\firefox\profiles\hzwf6iww.default\searchplugins\icqplugin-14.xml
[2012/02/13 23:42:36 | 000,000,950 | ---- | M] () -- C:\Users\Kevin\AppData\Roaming\mozilla\firefox\profiles\hzwf6iww.default\searchplugins\icqplugin-15.xml
[2012/02/22 20:36:51 | 000,000,950 | ---- | M] () -- C:\Users\Kevin\AppData\Roaming\mozilla\firefox\profiles\hzwf6iww.default\searchplugins\icqplugin-16.xml
[2012/03/26 16:15:36 | 000,000,950 | ---- | M] () -- C:\Users\Kevin\AppData\Roaming\mozilla\firefox\profiles\hzwf6iww.default\searchplugins\icqplugin-17.xml
[2012/04/14 15:50:53 | 000,000,950 | ---- | M] () -- C:\Users\Kevin\AppData\Roaming\mozilla\firefox\profiles\hzwf6iww.default\searchplugins\icqplugin-18.xml
[2012/05/03 18:03:53 | 000,000,950 | ---- | M] () -- C:\Users\Kevin\AppData\Roaming\mozilla\firefox\profiles\hzwf6iww.default\searchplugins\icqplugin-19.xml
[2011/06/22 13:43:08 | 000,000,950 | ---- | M] () -- C:\Users\Kevin\AppData\Roaming\mozilla\firefox\profiles\hzwf6iww.default\searchplugins\icqplugin-2.xml
[2012/06/19 20:00:54 | 000,000,950 | ---- | M] () -- C:\Users\Kevin\AppData\Roaming\mozilla\firefox\profiles\hzwf6iww.default\searchplugins\icqplugin-20.xml
[2012/07/15 18:33:52 | 000,000,950 | ---- | M] () -- C:\Users\Kevin\AppData\Roaming\mozilla\firefox\profiles\hzwf6iww.default\searchplugins\icqplugin-21.xml
[2012/09/02 17:55:39 | 000,000,950 | ---- | M] () -- C:\Users\Kevin\AppData\Roaming\mozilla\firefox\profiles\hzwf6iww.default\searchplugins\icqplugin-22.xml
[2012/09/10 14:45:19 | 000,000,950 | ---- | M] () -- C:\Users\Kevin\AppData\Roaming\mozilla\firefox\profiles\hzwf6iww.default\searchplugins\icqplugin-23.xml
[2012/09/13 13:29:28 | 000,000,950 | ---- | M] () -- C:\Users\Kevin\AppData\Roaming\mozilla\firefox\profiles\hzwf6iww.default\searchplugins\icqplugin-24.xml
[2012/10/28 14:31:46 | 000,000,950 | ---- | M] () -- C:\Users\Kevin\AppData\Roaming\mozilla\firefox\profiles\hzwf6iww.default\searchplugins\icqplugin-25.xml
[2012/12/08 16:35:45 | 000,000,950 | ---- | M] () -- C:\Users\Kevin\AppData\Roaming\mozilla\firefox\profiles\hzwf6iww.default\searchplugins\icqplugin-26.xml
[2011/07/05 12:32:46 | 000,000,950 | ---- | M] () -- C:\Users\Kevin\AppData\Roaming\mozilla\firefox\profiles\hzwf6iww.default\searchplugins\icqplugin-3.xml
[2011/08/21 19:29:55 | 000,000,950 | ---- | M] () -- C:\Users\Kevin\AppData\Roaming\mozilla\firefox\profiles\hzwf6iww.default\searchplugins\icqplugin-4.xml
[2011/08/22 22:56:54 | 000,000,950 | ---- | M] () -- C:\Users\Kevin\AppData\Roaming\mozilla\firefox\profiles\hzwf6iww.default\searchplugins\icqplugin-5.xml
[2011/09/06 14:06:42 | 000,000,950 | ---- | M] () -- C:\Users\Kevin\AppData\Roaming\mozilla\firefox\profiles\hzwf6iww.default\searchplugins\icqplugin-6.xml
[2011/09/08 21:08:32 | 000,000,950 | ---- | M] () -- C:\Users\Kevin\AppData\Roaming\mozilla\firefox\profiles\hzwf6iww.default\searchplugins\icqplugin-7.xml
[2011/09/29 21:59:08 | 000,000,950 | ---- | M] () -- C:\Users\Kevin\AppData\Roaming\mozilla\firefox\profiles\hzwf6iww.default\searchplugins\icqplugin-8.xml
[2011/11/09 21:41:53 | 000,000,950 | ---- | M] () -- C:\Users\Kevin\AppData\Roaming\mozilla\firefox\profiles\hzwf6iww.default\searchplugins\icqplugin-9.xml
[2012/07/24 13:48:30 | 000,000,168 | ---- | M] () -- C:\Users\Kevin\AppData\Roaming\mozilla\firefox\profiles\hzwf6iww.default\searchplugins\icqplugin.gif
[2012/07/24 13:48:30 | 000,000,618 | ---- | M] () -- C:\Users\Kevin\AppData\Roaming\mozilla\firefox\profiles\hzwf6iww.default\searchplugins\icqplugin.src
[2011/05/01 20:48:03 | 000,001,056 | ---- | M] () -- C:\Users\Kevin\AppData\Roaming\mozilla\firefox\profiles\hzwf6iww.default\searchplugins\icqplugin.xml
[2011/04/28 18:42:58 | 000,001,975 | ---- | M] () -- C:\Users\Kevin\AppData\Roaming\mozilla\firefox\profiles\hzwf6iww.default\searchplugins\plasmoo.xml
[2012/12/07 20:09:57 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012/12/07 20:10:01 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/01/25 20:06:09 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012/04/14 15:35:15 | 000,002,274 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\ask.xml
[2012/09/02 17:35:29 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/01/25 20:06:09 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012/01/25 20:06:09 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012/01/25 20:06:09 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012/01/25 20:06:09 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - homepage: hxxp://www.google.com
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR - homepage: hxxp://www.google.com
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.95\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.95\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.95\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.200.2 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U20 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - Extension: YouTube = C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: Google-Suche = C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: Google Mail = C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2009/06/10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll File not found
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
O2 - BHO: (W2PBrowser Class) - {AA609D72-8482-4076-8991-8CDAE5B93BCB} - C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll ()
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Program Files (x86)\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O4:64bit: - HKLM..\Run: [ETDCtrl] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKCU..\Run: [EADM] C:\Program Files (x86)\Origin\Origin.exe (Electronic Arts)
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10v_Plugin.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Users\Kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Kevin\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Kevin\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra Button: Samsung AnyWeb Print - {328ECD19-C167-40eb-A0C7-16FE7634105E} - C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll ()
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 10.9.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{293E4C71-3F51-4DA6-8C34-3AA2FF358123}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4E1C882B-78B4-4F4D-8871-859D401E4680}: DhcpNameServer = 139.7.30.126 139.7.30.125
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9635E531-82D0-4FA9-8DE4-0E9934334F78}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012/12/13 12:47:39 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Kevin\Desktop\tdsskiller.exe
[2012/12/13 09:14:06 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Roaming\Malwarebytes
[2012/12/13 09:14:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/12/13 09:14:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/12/13 09:14:01 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/12/13 09:14:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/12/07 20:09:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012/11/20 11:34:47 | 000,246,760 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2012/11/20 11:34:34 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2012/11/20 11:34:34 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2012/11/20 11:34:34 | 000,095,208 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2012/11/17 12:33:41 | 000,054,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\WdfLdr.sys
[2012/11/17 12:33:41 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Wdfres.dll
[2012/11/17 12:32:05 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/11/17 12:32:05 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/11/17 12:32:04 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/11/17 12:32:04 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/11/17 12:32:03 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/11/17 12:32:03 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/11/17 12:32:03 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012/11/17 12:32:03 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012/11/17 12:32:02 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/11/17 12:32:02 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/11/17 12:32:02 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/11/17 12:32:02 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012/11/17 12:32:00 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/11/17 12:32:00 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/11/17 12:32:00 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2012/11/17 12:30:56 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFPlatform.dll
[2012/11/17 12:30:54 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFCoinstaller.dll
[2012/11/17 12:30:53 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFx.dll
[2012/11/17 12:30:53 | 000,229,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFHost.exe
[2012/11/16 05:01:54 | 000,095,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\synceng.dll
[2012/11/16 05:01:54 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\synceng.dll
 
========== Files - Modified Within 30 Days ==========
 
[2012/12/13 17:08:09 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/12/13 17:07:59 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/12/13 12:48:19 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Kevin\Desktop\tdsskiller.exe
[2012/12/13 12:46:34 | 000,000,000 | ---- | M] () -- C:\Users\Kevin\defogger_reenable
[2012/12/13 12:45:06 | 000,050,477 | ---- | M] () -- C:\Users\Kevin\Desktop\Defogger.exe
[2012/12/13 10:37:24 | 000,013,936 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/12/13 10:37:23 | 000,013,936 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/12/13 10:30:12 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/12/13 10:29:05 | 4257,861,632 | -HS- | M] () -- C:\hiberfil.sys
[2012/12/13 09:14:02 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/12/13 08:18:55 | 095,023,320 | ---- | M] () -- C:\ProgramData\0tbpw.pad
[2012/12/13 08:04:12 | 000,003,288 | ---- | M] () -- C:\bootsqm.dat
[2012/12/12 13:26:31 | 000,133,322 | ---- | M] () -- C:\Users\Kevin\Desktop\8284230-lachend-santa-claus.jpg
[2012/12/11 13:32:08 | 001,653,204 | ---- | M] () -- C:\Users\Kevin\Desktop\download.jpg
[2012/12/05 20:05:25 | 000,106,021 | ---- | M] () -- C:\Users\Kevin\Desktop\dortmund-champions-league-2012-13-f4g-QJsB.jpg
[2012/12/05 19:58:37 | 000,060,514 | ---- | M] () -- C:\Users\Kevin\Desktop\Borussia-Dortmund-Manchester-City-Live-Fussball.jpg
[2012/11/20 11:34:28 | 000,095,208 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2012/11/20 11:34:27 | 000,246,760 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2012/11/20 11:34:27 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2012/11/20 11:34:27 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2012/11/20 11:34:26 | 000,821,736 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll
[2012/11/20 11:34:26 | 000,746,984 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll
[2012/11/17 22:42:03 | 000,290,704 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/11/17 12:33:20 | 000,649,952 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012/11/17 12:33:20 | 000,612,490 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/11/17 12:33:20 | 000,127,836 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012/11/17 12:33:20 | 000,104,810 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
 
========== Files Created - No Company Name ==========
 
[2012/12/13 12:46:34 | 000,000,000 | ---- | C] () -- C:\Users\Kevin\defogger_reenable
[2012/12/13 12:45:04 | 000,050,477 | ---- | C] () -- C:\Users\Kevin\Desktop\Defogger.exe
[2012/12/13 09:14:02 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/12/13 08:04:12 | 000,003,288 | ---- | C] () -- C:\bootsqm.dat
[2012/12/13 07:58:11 | 095,023,320 | ---- | C] () -- C:\ProgramData\0tbpw.pad
[2012/12/12 13:26:28 | 000,133,322 | ---- | C] () -- C:\Users\Kevin\Desktop\8284230-lachend-santa-claus.jpg
[2012/12/11 13:32:04 | 001,653,204 | ---- | C] () -- C:\Users\Kevin\Desktop\download.jpg
[2012/12/05 20:05:25 | 000,106,021 | ---- | C] () -- C:\Users\Kevin\Desktop\dortmund-champions-league-2012-13-f4g-QJsB.jpg
[2012/12/05 19:58:32 | 000,060,514 | ---- | C] () -- C:\Users\Kevin\Desktop\Borussia-Dortmund-Manchester-City-Live-Fussball.jpg
[2012/11/17 12:33:45 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2012/11/17 12:30:52 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2012/07/05 10:54:10 | 000,000,841 | ---- | C] () -- C:\Users\Kevin\.recently-used.xbel
[2012/03/28 19:40:37 | 001,526,948 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/06/11 00:58:52 | 000,421,200 | ---- | C] () -- C:\Windows\SysWow64\msvcp100.dll
[2011/06/11 00:58:52 | 000,081,744 | ---- | C] () -- C:\Windows\SysWow64\mfcm100.dll
[2011/06/11 00:58:52 | 000,051,024 | ---- | C] () -- C:\Windows\SysWow64\vcomp100.dll
[2011/02/09 18:32:59 | 000,000,432 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2011/02/09 18:32:59 | 000,000,034 | ---- | C] () -- C:\Windows\SysWow64\BD2030.DAT
 
========== ZeroAccess Check ==========
 
[2009/07/14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 06:30:56 | 014,165,504 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 05:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/07/14 02:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >
Code:
OTL Extras logfile created on: 12/13/2012 5:14:26 PM - Run 1
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\Kevin\Downloads
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.97 Gb Total Physical Memory | 2.28 Gb Available Physical Memory | 57.54% Memory free
7.93 Gb Paging File | 6.03 Gb Available in Paging File | 75.99% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 113.00 Gb Total Space | 14.69 Gb Free Space | 13.00% Space Free | Partition Type: NTFS
Drive D: | 167.10 Gb Total Space | 145.52 Gb Free Space | 87.09% Space Free | Partition Type: NTFS
Drive E: | 4.15 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
 
Computer Name: BELLAKIWI-PC | User Name: Kevin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{10925601-0300-4F4F-ADD0-9B005B920543}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{1C6D839B-338D-44C1-84A0-C48F901E90F5}" = rport=139 | protocol=6 | dir=out | app=system |
"{261C3491-0BA6-4E72-BFAC-51D51037E4AF}" = rport=10243 | protocol=6 | dir=out | app=system |
"{284CDE85-5CD9-4C31-838A-A7CB4F755433}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{2DFCFCE3-EFD2-4BD7-8EA9-A14010BE8F4A}" = rport=137 | protocol=17 | dir=out | app=system |
"{30E114D5-6258-4C15-9A78-87C6F10143D9}" = rport=445 | protocol=6 | dir=out | app=system |
"{3D869EA7-D953-42B1-9E9B-23E5EFAC1B2F}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{7C2B9194-586F-4A3B-BC44-9B8696204CC9}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{9A8C45A8-737C-48F4-A9BB-0F52507BA38F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{9B4C47BF-D8C5-4689-885E-F5F00CD223AE}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{A22E1B97-36AD-4B72-AD58-D526B7EA8721}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{A76F4895-1A1B-45CE-80E1-34AFDFD1BF44}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A939D9C8-723E-4A25-A765-6DEE976F829F}" = lport=139 | protocol=6 | dir=in | app=system |
"{AF818A10-7809-4811-B3E5-CEE65E7131F2}" = lport=445 | protocol=6 | dir=in | app=system |
"{B79371D4-19B5-4190-B966-4E44018B219F}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B832D47E-56B2-47B2-9346-86946A219E2A}" = lport=137 | protocol=17 | dir=in | app=system |
"{C31D7CBF-2E84-4886-9E63-27E9C8A265B8}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C44475C7-D739-4F49-A3F7-25868A89AFFE}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{D4C10A50-8508-4C08-824A-041014E189DC}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{D674D2A1-E1E3-4356-A946-43AF8B835E76}" = lport=138 | protocol=17 | dir=in | app=system |
"{DB675B7F-D6A6-4A3E-966B-2F89F422AB6E}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{DD1221E5-7B88-4432-86FD-540C28BAFAC5}" = rport=138 | protocol=17 | dir=out | app=system |
"{DFC8B9EF-DBED-4B3D-8412-806F9522C14A}" = lport=10243 | protocol=6 | dir=in | app=system |
"{E354D63B-AA0D-4CCD-83E0-E9429200D15E}" = lport=2869 | protocol=6 | dir=in | app=system |
"{EA155835-4102-499D-B2CA-EF02929EF4C0}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{EFF14B26-8199-4FBE-B1B7-52163BAD298F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{F9817694-7A9D-476F-AC87-E44AB0E25226}" = lport=2869 | protocol=6 | dir=in | app=system |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01A6368A-8E90-47E7-AE8A-76BA91CFB2F3}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{0263D2D6-034A-4F3A-BEE0-CFD5D2BE3CC3}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{161C59E0-4791-4392-BF28-86DE119BC492}" = protocol=6 | dir=in | app=c:\windows\system32\supdsvc.exe |
"{181AEA45-1A65-4639-9757-16C93737058E}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{19BCF9A4-E52B-4148-AE20-005027080A4E}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{1BB98181-4F3D-4C00-936F-6B7D6EBA04B0}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1E59F07B-5183-47C9-A978-76092B2D099A}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{21793806-4420-4C46-9CCE-1E16454DDC90}" = protocol=6 | dir=in | app=c:\program files (x86)\pplive\pplive.exe |
"{26B4E415-0706-4A12-8F71-FE5B8D713348}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{29577C1F-A0E5-49C2-BE34-E0C298F2CBF4}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\fifa manager 13 demo\manager13demo.exe |
"{3ADBE937-FFFA-4AB0-8751-04A8C241ADAD}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{56F57D97-5992-4791-B3E5-105ADF45E540}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{5E70F99F-42C5-4510-B162-552DFB4843F5}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{63BE9870-C6A5-4F93-B133-3A9F9183055B}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{6D57F4E8-C481-4BB8-A91A-48FED02088A0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{6E3E5E81-3426-4D70-94A9-CC3345CDB00F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{712ACAAD-CE55-4E41-8EE7-ED05AAD74EE3}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{785F9657-B3D6-44A3-AEAA-C65838CB02CE}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7A1986B8-5F2F-476B-8241-47D45BFDB249}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{7AF65343-6474-468E-A1C3-2E3BDC857E0C}" = protocol=17 | dir=in | app=c:\windows\system32\supdsvc.exe |
"{8AD80880-772A-41A9-8E98-EC0F1B438641}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{8C8D988B-FA87-44F1-A3AD-2E06706B8EA2}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{8CE19E44-0B25-45EB-854B-171EAE725CCF}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\fifa manager 13 demo\manager13demo.exe |
"{938CB2B7-9CEB-484D-8F53-29B4A62B6125}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\fifa manager 13\manager13.exe |
"{A62E987A-1097-44A9-B52B-7DD33DEF2C48}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\fifa manager 13\manager13.exe |
"{BF0822BE-AAD8-4AE8-8E9E-441F7E74C3E2}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{CBA365D4-F88F-45F7-8095-2D977F15B0A7}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{D784E473-6371-40BB-8EB4-ACA052836267}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{D7A94EB4-40CD-43B9-BFCF-EB8BDD4D446B}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{D851DFF4-6581-4B1C-8BFF-6E86A40F52EB}" = protocol=17 | dir=in | app=c:\program files (x86)\pplive\pplive.exe |
"{DA1F4AA7-7422-4590-95F7-2BF0A031B1B6}" = protocol=6 | dir=out | app=system |
"{DF1582F1-C53E-4DA4-840E-B7BB549F1F52}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E2C9330E-04F9-42C9-9DE4-D2EDC584618E}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{EC696F96-3534-4015-ACEB-309693F15FDC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"TCP Query User{57A28289-7176-49C8-B2CA-7AFDC1EE1AA3}C:\program files (x86)\emule\emule.exe" = protocol=6 | dir=in | app=c:\program files (x86)\emule\emule.exe |
"UDP Query User{28F4485A-E651-4A9F-8818-85A82FACE321}C:\program files (x86)\emule\emule.exe" = protocol=17 | dir=in | app=c:\program files (x86)\emule\emule.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{14EA5C26-7C19-0C8C-B9AC-B2113DD87FF9}" = ccc-utility64
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{1C55470A-7C9E-4C63-B466-6AFFC69E94E9}" = Windows Live Family Safety
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{46A5FBE9-ADB3-4493-A1CC-B4CFFD24D26A}" = Windows Live Family Safety
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8F473675-D702-45F9-8EBC-342B40C17BF5}" = Apple Mobile Device Support
"{90140000-006D-0407-1000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{B24A47E5-F196-461E-A7A4-AADB72CB19DD}" = iTunes
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DEE23A32-ABA7-F376-C5C0-6350214D22C8}" = ATI Catalyst Install Manager
"{E4F5E48E-7155-4CF9-88CD-7F377EC9AC54}" = Bonjour
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Broadcom 802.11 Network Adapter" = Broadcom 802.11 Network Adapter
"CCleaner" = CCleaner
"CyberGhost VPN_is1" = CyberGhost VPN
"Elantech" = ETDWare PS/2-X64 8.0.7.0_WHQL
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"WinRAR archiver" = WinRAR 4.00 (64-Bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion
"{09B88695-3386-0D37-A828-AEC3BD17051B}" = CCC Help Italian
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0C6D2F9F-D613-5FFD-E175-80391492A4C7}" = Catalyst Control Center Graphics Full Existing
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{142D8CA7-2C6F-45A7-83E3-099AAFD99133}" = Samsung Update Plus
"{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Samsung Recovery Solution 5
"{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Display Manager
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1DF9729D-2A51-4CA1-B4CE-2B432D7ABA7C}" = Samsung AnyWeb Print
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 20
"{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 9
"{2DC94AFD-A6E2-4AB4-9132-4A3F8E07B386}" = Apple Application Support
"{318DBE01-1E6B-4243-84B0-210391FE789A}" = Samsung AnyWeb Print
"{321856A0-F2F9-29E5-72E3-AEC3EDEB6931}" = CCC Help Spanish
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{362A8C2E-48D3-AB68-26CA-386F7017A22D}" = CCC Help Czech
"{37AC9F3D-E14E-24CD-21CD-458E3B43ABD0}" = Catalyst Control Center Graphics Previews Vista
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3C553F0F-DF82-A400-E1D2-A21A266A4743}" = CCC Help Chinese Traditional
"{3E422642-B872-26DE-0B7F-93799613D2A6}" = CCC Help Dutch
"{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}" = Norton Online Backup
"{43DD0D3E-0673-3601-49D4-109B22AD655C}" = Catalyst Control Center Graphics Light
"{4687A6A5-7244-EAD9-E9E6-6BA31B3F1E94}" = Catalyst Control Center Graphics Full New
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A331D24-A9E8-484F-835E-1BA7B139689C}" = EasyBatteryManager
"{4C89EF52-CB06-B03A-50D7-68DA2809CED0}" = CCC Help Russian
"{556EAB35-CD1F-4E94-83CA-D5C9FA2CDA5B}" = Easy Network Manager
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{5B33A0FD-DB64-AC15-63F7-33CB652334D4}" = ccc-core-static
"{67C9804E-7030-6C9B-9C12-8C1384CA12A3}" = CCC Help Polish
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6B25872F-2744-1B95-7870-CC7065C6874B}" = CCC Help Portuguese
"{74A579FB-EB06-497D-B194-01590D6FE51A}" = BatteryLifeExtender
"{74CE02FA-7BAA-5B97-9985-696E434EFEEA}" = CCC Help Norwegian
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7D7410AC-2E4C-38F7-43BF-28E009D7FFD3}" = Catalyst Control Center InstallProxy
"{80AF0300-866F-400F-A350-D53E3C3E34E0}" = FUSSBALL MANAGER 13
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{8599586F-3527-4C42-94FC-FCD0F8A6C91B}" = FUSSBALL MANAGER 13 Demo
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9CC73BB0-8595-2855-5E63-0BCDD4902411}" = CCC Help German
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A18E2CED-CB98-80F3-596C-B702248FDCF0}" = CCC Help Thai
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A89E9504-A216-9677-BED1-CFD14EAC4D2B}" = CCC Help Turkish
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-1031-7B44-A91000000001}" = Adobe Reader 9.1 - Deutsch
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6D8DC8C-F077-4631-A221-4D5E1D8E87E7}" = Catalyst Control Center - Branding
"{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}" = User Guide
"{BED66CF3-46A0-6D00-F6E3-FC7240BCE323}" = CCC Help Korean
"{C0297F21-E330-D7CB-5EA5-22EAFC7BCB57}" = CCC Help Hungarian
"{C1F6DEAD-615D-74DC-DB99-5722A3E24707}" = CCC Help Japanese
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C71E6B17-C4EB-0768-277F-B3FAB5C3A753}" = CCC Help Greek
"{CB354CC7-D2E0-6F9D-1CFB-A8E0001A5347}" = CCC Help English
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CF40931A-5146-A8DF-2362-4CC6EF28930B}" = Catalyst Control Center Localization All
"{D04A98AD-33DF-DE2A-4D8B-1AB279C9F3BB}" = CCC Help Swedish
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D0F7C8B5-8FB0-6B6B-5F44-3BF9A68999EF}" = CCC Help Finnish
"{D1434266-0486-4469-B338-A60082CC04E1}" = Atheros Client Installation Program
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D5BA11D4-20D1-58C2-29CA-51F8D66A5C55}" = CCC Help Danish
"{D94C8BB8-343B-F29A-BB1D-3478AD80D397}" = Catalyst Control Center Core Implementation
"{DFFC0648-BC4B-47D1-93D2-6CA6B9457641}" = OpenOffice.org 3.2
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E8C595F7-AC6F-7009-C512-2C63DE1DC671}" = CCC Help French
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{ECDD4346-D610-EA49-1BAC-46D3BCB2FFD5}" = CCC Help Chinese Standard
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{EF367AA4-070B-493C-9575-85BE59D789C9}" = Easy SpeedUp Manager
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F687E657-F636-44DF-8125-9FEEA2C362F5}" = Samsung Support Center
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FFB768E4-E427-4553-BC36-A11F5E62A94D}" = Adobe Flash Player 10 ActiveX
"7-Zip" = 7-Zip 9.20
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"DVDVideoSoftTB Toolbar" = DVDVideoSoftTB Toolbar
"eMule" = eMule
"Fraps" = Fraps
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.8
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.9.37.426
"FUSSBALL MANAGER 12" = FUSSBALL MANAGER 12
"Game Console - WildGames" = WildTangent ORB Game Console
"Google Chrome" = Google Chrome
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000
"Marvell Miniport Driver" = Marvell Miniport Driver
"Mozilla Firefox 17.0.1 (x86 de)" = Mozilla Firefox 17.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"Origin" = Origin
"Samsung Universal Print Driver" = Samsung Universal Print Driver
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 1.1.5
"WildTangent wildgames Master Uninstall" = WildTangent Games
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.00 (32-bit)
"WT085559" = Diner Dash 2 Restaurant Rescue
"WT085567" = Chuzzle Deluxe
"WT085580" = John Deere Drive Green
"WT085581" = Penguins!
"WT085583" = Polar Golfer
"WT085587" = Agatha Christie - Death on the Nile
"WT085597" = Build-a-lot
"WT085618" = Farm Frenzy
"WT085622" = Insaniquarium Deluxe
"WT085663" = Peggle
"WT085669" = Plants vs. Zombies
"WT089285" = Zuma Deluxe
"WT089286" = Bejeweled 2 Deluxe
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"3D-Gameplaypatch" = 3D-Gameplaypatch
"Logos der kontinentalen Wettbewerbe" = Logos der kontinentalen Wettbewerbe
"PhotoFiltre" = PhotoFiltre
"Spielerbilder 3. Liga" = Spielerbilder 3. Liga
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 6/28/2012 2:24:44 PM | Computer Name = BellaKiwi-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2044
 
Error - 6/28/2012 2:24:45 PM | Computer Name = BellaKiwi-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 6/28/2012 2:24:45 PM | Computer Name = BellaKiwi-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 3198
 
Error - 6/28/2012 2:24:45 PM | Computer Name = BellaKiwi-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 3198
 
Error - 6/28/2012 2:24:46 PM | Computer Name = BellaKiwi-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 6/28/2012 2:24:46 PM | Computer Name = BellaKiwi-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 4259
 
Error - 6/28/2012 2:24:46 PM | Computer Name = BellaKiwi-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 4259
 
Error - 6/28/2012 2:24:47 PM | Computer Name = BellaKiwi-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 6/28/2012 2:24:47 PM | Computer Name = BellaKiwi-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 5273
 
Error - 6/28/2012 2:24:47 PM | Computer Name = BellaKiwi-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 5273
 
[ System Events ]
Error - 12/13/2012 12:08:01 PM | Computer Name = BellaKiwi-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Peer Name Resolution-Protokoll" wurde mit folgendem Fehler
 beendet:  %%-2140993535
 
Error - 12/13/2012 12:11:50 PM | Computer Name = BellaKiwi-PC | Source = PNRPSvc | ID = 102
Description =
 
Error - 12/13/2012 12:11:50 PM | Computer Name = BellaKiwi-PC | Source = PNRPSvc | ID = 102
Description =
 
Error - 12/13/2012 12:11:50 PM | Computer Name = BellaKiwi-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name
 Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet
wurde:  %%-2140993535
 
Error - 12/13/2012 12:11:50 PM | Computer Name = BellaKiwi-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Peer Name Resolution-Protokoll" wurde mit folgendem Fehler
 beendet:  %%-2140993535
 
Error - 12/13/2012 12:11:50 PM | Computer Name = BellaKiwi-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Peer Name Resolution-Protokoll" wurde mit folgendem Fehler
 beendet:  %%-2140993535
 
Error - 12/13/2012 12:11:50 PM | Computer Name = BellaKiwi-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name
 Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet
wurde:  %%-2140993535
 
Error - 12/13/2012 12:11:52 PM | Computer Name = BellaKiwi-PC | Source = PNRPSvc | ID = 102
Description =
 
Error - 12/13/2012 12:11:52 PM | Computer Name = BellaKiwi-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name
 Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet
wurde:  %%-2140993535
 
Error - 12/13/2012 12:11:52 PM | Computer Name = BellaKiwi-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Peer Name Resolution-Protokoll" wurde mit folgendem Fehler
 beendet:  %%-2140993535
 
 
< End of report >

Apolskis 16.12.2012 17:49
Guten Abend! Entschuldigung das ich nochmal nachfrage, aber ich ist das jetzt mit meinem System in ordnung oder muss ich nun noch etwas machen? Ich bin mir ganz unsicher.

Psychotic 17.12.2012 07:39
Ich bin erst seit heute wieder zuhause, werde es mir gleich anschauen und dann Bescheid geben!


Alle Zeitangaben in WEZ +1. Es ist jetzt 14:49 Uhr.
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131