Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   incredibar entfernen? (https://www.trojaner-board.de/124014-incredibar-entfernen.html)

osterhase081 13.09.2012 14:24
incredibar entfernen?
 
Hallo allerseits,

auch ich bin leider Opfer der incredibar geworden (Memo an mich selbst: Ich lasse nie wieder meine Freundin unbeobachtet an meinen Laptop :stirn: ).

Ich habe ein Thread gelesen, in dem ein anderer User das gleiche Problem hatte. Ich habe also schon mal adwcleaner einen Suchlauf machen lassen, hier die Log-Datei:

Code:
# AdwCleaner v2.001 - Datei am 09/13/2012 um 15:22:04 erstellt
# Aktualisiert am 09/09/2012 von Xplode
# Betriebssystem : Windows 7 Ultimate Service Pack 1 (64 bits)
# Benutzer : * - *
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\*\Desktop\adwcleaner.exe
# Option [Suche]


**** [Dienste] ****


***** [Dateien / Ordner] *****


***** [Registrierungsdatenbank] *****


***** [Internet Browser] *****

-\\ Internet Explorer v8.0.7601.17514

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v15.0.1 (de)

Profilname : default
Datei : C:\Users\*\AppData\Roaming\Mozilla\Firefox\Profiles\8vo2kksq.default\prefs.js

Gefunden : user_pref("browser.newtab.url", "hxxp://mystart.incredibar.com/mb155?a=6PQFa1KfEy&loc=FF_NT");

*************************

AdwCleaner[R1].txt - [19585 octets] - [13/09/2012 15:00:17]
AdwCleaner[S1].txt - [19425 octets] - [13/09/2012 15:01:04]
AdwCleaner[R2].txt - [967 octets] - [13/09/2012 15:22:04]

########## EOF - C:\AdwCleaner[R2].txt - [1026 octets] ##########
schon mal ein herzlichstes :dankeschoen: im Voraus!

sorry habe ich vergessen, und hier noch das Logfile von Malwarebytes Antimalware:

Code:
Malwarebytes Anti-Malware (Test) 1.65.0.1400
www.malwarebytes.org

Datenbank Version: v2012.09.13.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
* :: * [limitiert]

Schutz: Aktiviert

13.09.2012 15:54:53
mbam-log-2012-09-13 (15-54-53).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 366537
Laufzeit: 2 Stunde(n), 3 Minute(n), 55 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
und hier das Logfile von eset:

Code:
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=1b4350d425b12a4b86c30ba07f754f35
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2012-09-14 11:01:50
# local_time=2012-09-14 01:01:50 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1792 16777215 100 0 0 0 0 0
# compatibility_mode=5893 16776573 100 94 0 99240437 0 0
# compatibility_mode=8192 67108863 100 0 191 191 0 0
# scanned=182030
# found=11
# cleaned=0
# scan_time=9923
C:\Users\*\AppData\Local\Temp\53e83dd5315bfb1f928441c9b4618b68.exe        Win32/OpenCandy application (unable to clean)        00000000000000000000000000000000        I
C:\Users\*\AppData\Local\Temp\DTLite4453-0297.exe        Win32/OpenCandy application (unable to clean)        00000000000000000000000000000000        I
C:\Users\*\AppData\Local\Temp\DTLite4454-0315.exe        Win32/OpenCandy application (unable to clean)        00000000000000000000000000000000        I
C:\Users\*\AppData\Local\Temp\{09E950AA-7DEB-4EED-B9E6-FE8A9B56BF64}\{7644E42D-B096-457F-8B5B-901238FC81AE}\OCSetupHlp.dll        Win32/OpenCandy application (unable to clean)        00000000000000000000000000000000        I
C:\Users\*\AppData\Local\Temp\{B803AB8B-039C-4E96-B3E5-8E70B3A5CF6C}\{7644E42D-B096-457F-8B5B-901238FC81AE}\OCSetupHlp.dll        Win32/OpenCandy application (unable to clean)        00000000000000000000000000000000        I
C:\Users\*\AppData\Local\Temp\{C907D8B6-26A8-4130-9F1A-3D249388BCA1}\{7644E42D-B096-457F-8B5B-901238FC81AE}\OCSetupHlp.dll        Win32/OpenCandy application (unable to clean)        00000000000000000000000000000000        I
C:\Users\*\Desktop\krims\Age of Empires 2 Windows 7 Patch\Aoe2wide.zip        Win32/PrcView application (unable to clean)        00000000000000000000000000000000        I
C:\Users\*\Desktop\krims\Age of Empires 2 Windows 7 Patch\AoE2WideSetup.msi        Win32/PrcView application (unable to clean)        00000000000000000000000000000000        I
C:\Users\*\Downloads\videora-ipod-600-setup.exe        Win32/OpenCandy application (unable to clean)        00000000000000000000000000000000        I
D:\*\Desktop\DriverSweeper_3.1.0.exe        Win32/OpenCandy application (unable to clean)        00000000000000000000000000000000        I
D:\*\Desktop\DriverSweeper_3.1.0.exe.part        Win32/OpenCandy application (unable to clean)        00000000000000000000000000000000        I
und hier noch OTL:

OTL Logfile:
Code:
OTL logfile created on: 14.09.2012 13:20:06 - Run 1
OTL by OldTimer - Version 3.2.55.0    Folder = C:\Users\*\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,01 Gb Available Physical Memory | 50,18% Memory free
7,99 Gb Paging File | 5,79 Gb Available in Paging File | 72,41% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 95,92 Gb Total Space | 22,01 Gb Free Space | 22,95% Space Free | Partition Type: NTFS
Drive D: | 202,07 Gb Total Space | 75,02 Gb Free Space | 37,13% Space Free | Partition Type: NTFS
 
Computer Name: * | User Name: * | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 60 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\*\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe (Adobe Systems, Inc.)
PRC - d:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - D:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - D:\Program Files (x86)\Avira\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - D:\Program Files (x86)\Avira\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - D:\Program Files (x86)\Avira\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - D:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
PRC - C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
PRC - C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - d:\Program Files (x86)\1&1 Surf-Stick\UIMain.exe ()
PRC - D:\Program Files (x86)\1&1 Surf-Stick\CMUpdater.exe ()
PRC - d:\Program Files (x86)\1&1 Surf-Stick\AssistantServices.exe ()
PRC - d:\Program Files (x86)\1&1 Surf-Stick\UIExec.exe ()
PRC - C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG)
PRC - D:\Program Files (x86)\Nuance\PDF Professional 7\PdfPro7Hook.exe (Nuance Communications, Inc.)
PRC - D:\Program Files\Folding@Home\FahCore_a4.exe ()
PRC - D:\Program Files (x86)\HD Tune Pro\HDTunePro.exe (EFD Software)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe (Acresso Corporation)
PRC - D:\Program Files\Folding@Home\Folding@home-Win32-x86.exe ()
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll ()
MOD - D:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - d:\Program Files (x86)\1&1 Surf-Stick\UIMain.exe ()
MOD - d:\Program Files (x86)\1&1 Surf-Stick\UIPlugin\UISetting.dll ()
MOD - d:\Program Files (x86)\1&1 Surf-Stick\UIPlugin\UISms.dll ()
MOD - D:\Program Files (x86)\1&1 Surf-Stick\CMUpdater.exe ()
MOD - d:\Program Files (x86)\1&1 Surf-Stick\UIPlugin\UIPhoneBook.dll ()
MOD - d:\Program Files (x86)\1&1 Surf-Stick\UIPlugin\UIConnectRecord.dll ()
MOD - d:\Program Files (x86)\1&1 Surf-Stick\UIPlugin\UIMms.dll ()
MOD - d:\Program Files (x86)\1&1 Surf-Stick\UISkin.dll ()
MOD - d:\Program Files (x86)\1&1 Surf-Stick\UIPlugin\UIUssd.dll ()
MOD - d:\Program Files (x86)\1&1 Surf-Stick\UIPlugin\UIStk.dll ()
MOD - d:\Program Files (x86)\1&1 Surf-Stick\Component\BIDataBase.dll ()
MOD - d:\Program Files (x86)\1&1 Surf-Stick\Component\BISetting.dll ()
MOD - d:\Program Files (x86)\1&1 Surf-Stick\UICommonDlg.dll ()
MOD - d:\Program Files (x86)\1&1 Surf-Stick\Component\BKService.dll ()
MOD - d:\Program Files (x86)\1&1 Surf-Stick\Component\BIConfig.dll ()
MOD - d:\Program Files (x86)\1&1 Surf-Stick\Component\BISms.dll ()
MOD - d:\Program Files (x86)\1&1 Surf-Stick\Component\BICodec.dll ()
MOD - d:\Program Files (x86)\1&1 Surf-Stick\Component\BIXml.dll ()
MOD - d:\Program Files (x86)\1&1 Surf-Stick\Component\BIPhoneBook.dll ()
MOD - d:\Program Files (x86)\1&1 Surf-Stick\Component\BIOptimizationClient.dll ()
MOD - d:\Program Files (x86)\1&1 Surf-Stick\Component\BIRas.dll ()
MOD - d:\Program Files (x86)\1&1 Surf-Stick\UIExec.exe ()
MOD - d:\Program Files (x86)\1&1 Surf-Stick\Component\BIService.dll ()
MOD - d:\Program Files (x86)\1&1 Surf-Stick\Component\BIDevManager.dll ()
MOD - d:\Program Files (x86)\1&1 Surf-Stick\Component\BILog.dll ()
MOD - d:\Program Files (x86)\1&1 Surf-Stick\Component\BIConnectRecord.dll ()
MOD - d:\Program Files (x86)\1&1 Surf-Stick\Component\BIVoice.dll ()
MOD - d:\Program Files (x86)\1&1 Surf-Stick\Component\BIStk.dll ()
MOD - d:\Program Files (x86)\1&1 Surf-Stick\Component\BIUssd.dll ()
MOD - d:\Program Files (x86)\1&1 Surf-Stick\Component\SysService.dll ()
MOD - d:\Program Files (x86)\1&1 Surf-Stick\Component\BICallRecord.dll ()
MOD - D:\Program Files (x86)\1&1 Surf-Stick\UpdateAgent.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf ()
MOD - C:\Windows\SysWOW64\msjetoledb40.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (AMD FUEL Service) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MBAMService) -- d:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- d:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (Hamachi2Svc) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
SRV - (AntiVirService) -- D:\Program Files (x86)\Avira\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirSchedulerService) -- D:\Program Files (x86)\Avira\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (TeamViewer7) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (Sony PC Companion) -- C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe (Avanquest Software)
SRV - (UI Assistant Service) -- d:\Program Files (x86)\1&1 Surf-Stick\AssistantServices.exe ()
SRV - (NAUpdate) -- C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG)
SRV - (OODefragAgent) -- D:\Program Files\OO Software\Defrag\oodag.exe (O&O Software GmbH)
SRV - (Microsoft SharePoint Workspace Audit Service) -- D:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE (Microsoft Corporation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV - (Virtual Router) -- C:\Program Files (x86)\Virtual Router\VirtualRouterService.exe (Chris Pietschmann (hxxp://pietschsoft.com))
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (Folding@home-CPU-[1]) -- D:\Program Files\Folding@Home\Folding@home-Win32-x86.exe ()
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (ggsemc) -- C:\Windows\SysNative\drivers\ggsemc.sys (Sony Ericsson Mobile Communications)
DRV:64bit: - (ggflt) -- C:\Windows\SysNative\drivers\ggflt.sys (Sony Ericsson Mobile Communications)
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices)
DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys (Duplex Secure Ltd.)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH)
DRV:64bit: - (Netaapl) -- C:\Windows\SysNative\drivers\netaapl64.sys (Apple Inc.)
DRV:64bit: - (ZTEusbser6k) -- C:\Windows\SysNative\drivers\ZTEusbser6k.sys (ZTE Incorporated)
DRV:64bit: - (ZTEusbnmea) -- C:\Windows\SysNative\drivers\ZTEusbnmea.sys (ZTE Incorporated)
DRV:64bit: - (ZTEusbmdm6k) -- C:\Windows\SysNative\drivers\ZTEusbmdm6k.sys (ZTE Incorporated)
DRV:64bit: - (massfilter) -- C:\Windows\SysNative\drivers\massfilter.sys (MBB Incorporated)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (tsusbhub) -- C:\Windows\SysNative\drivers\tsusbhub.sys (Microsoft Corporation)
DRV:64bit: - (Synth3dVsc) -- C:\Windows\SysNative\drivers\Synth3dVsc.sys (Microsoft Corporation)
DRV:64bit: - (dmvsc) -- C:\Windows\SysNative\drivers\dmvsc.sys (Microsoft Corporation)
DRV:64bit: - (terminpt) -- C:\Windows\SysNative\drivers\terminpt.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (ivusb) -- C:\Windows\SysNative\drivers\ivusb.sys (Initio Corporation)
DRV:64bit: - (amdiox64) -- C:\Windows\SysNative\drivers\amdiox64.sys (Advanced Micro Devices)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (L1C) -- C:\Windows\SysNative\drivers\L1C62x64.sys (Atheros Communications, Inc.)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (hamachi) -- C:\Windows\SysNative\drivers\hamachi.sys (LogMeIn, Inc.)
DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ATK64AMD.sys ()
DRV - (AODDriver4.1) -- C:\Programme\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys (Advanced Micro Devices)
DRV - (AODDriver4.01) -- C:\Programme\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys (Advanced Micro Devices)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
 
IE - HKU\S-1-5-21-2108739104-3107430099-1915606239-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://yahoo.de/
IE - HKU\S-1-5-21-2108739104-3107430099-1915606239-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-2108739104-3107430099-1915606239-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-2108739104-3107430099-1915606239-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 65 78 07 DD CA 4E CC 01  [binary data]
IE - HKU\S-1-5-21-2108739104-3107430099-1915606239-1000\..\URLSearchHook:  - No CLSID value found
IE - HKU\S-1-5-21-2108739104-3107430099-1915606239-1000\..\URLSearchHook: {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - No CLSID value found
IE - HKU\S-1-5-21-2108739104-3107430099-1915606239-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-2108739104-3107430099-1915606239-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-2108739104-3107430099-1915606239-1000\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKU\S-1-5-21-2108739104-3107430099-1915606239-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "hxxp://de.yahoo.com/"
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_265.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: D:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: D:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: D:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@playstation.com/PsndlCheck,version=1.00: C:\Program Files (x86)\Sony\PLAYSTATION Network Downloader\nppsndl.dll (Sony Computer Entertainment Inc.)
FF - HKLM\Software\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0: C:\Program Files (x86)\Sony\Media Go\npmediago.dll (Sony Network Entertainment International LLC)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: D:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: d:\Program Files (x86)\Mozilla Firefox\components [2012.09.12 11:29:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: d:\Program Files (x86)\Mozilla Firefox\plugins [2012.07.11 17:58:31 | 000,000,000 | ---D | M]
 
[2012.07.24 16:02:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*\AppData\Roaming\mozilla\Extensions
[2012.08.27 08:31:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*\AppData\Roaming\mozilla\Firefox\Profiles\8vo2kksq.default\extensions
[2012.08.16 06:55:03 | 000,000,000 | ---D | M] (Flagfox) -- C:\Users\*\AppData\Roaming\mozilla\Firefox\Profiles\8vo2kksq.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
[2012.05.21 15:45:57 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\*\AppData\Roaming\mozilla\Firefox\Profiles\8vo2kksq.default\extensions\ich@maltegoetz.de
[2012.08.01 07:12:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*\AppData\Roaming\mozilla\Firefox\Profiles\sk0l8w1k.default\extensions
[2012.08.27 08:31:23 | 000,270,021 | ---- | M] () (No name found) -- C:\USERS\*\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8VO2KKSQ.DEFAULT\EXTENSIONS\{E4A8A97B-F2ED-450B-B12D-EE082BA24781}.XPI
[2012.08.22 13:54:18 | 000,000,000 | ---D | M] (PDF Converter 7.1) -- D:\PROGRAM FILES (X86)\NUANCE\PDF PROFESSIONAL 7\FIREFOX
 
O1 HOSTS File: ([2012.01.15 20:00:20 | 000,000,878 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (SteadyVideoBHO Class) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Programme\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (SteadyVideoBHO Class) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - D:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (ZeonIEEventHelper Class) - {DA986D7D-CCAF-47B2-84FE-BFA1549BEBF9} - D:\Program Files (x86)\Nuance\PDF Professional 7\bin\ZeonIEFavClient.dll (Zeon Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (Nuance PDF) - {E3286BF1-E654-42FF-B4A6-5E111731DF6B} - D:\Program Files (x86)\Nuance\PDF Professional 7\bin\ZeonIEFavClient.dll (Zeon Corporation)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O4:64bit: - HKLM..\Run: [OODefragTray] D:\Program Files\OO Software\Defrag\oodtray.exe (O&O Software GmbH)
O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] D:\Program Files (x86)\Avira\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [BCSSync] D:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [HD Tune Pro] D:\Program Files (x86)\HD Tune Pro\HDTunePro.exe (EFD Software)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [PDF7 Registry Controller] D:\Program Files (x86)\Nuance\PDF Professional 7\RegistryController.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PDFProHook] D:\Program Files (x86)\Nuance\PDF Professional 7\PdfPro7Hook.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [UIExec] d:\Program Files (x86)\1&1 Surf-Stick\UIExec.exe ()
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2108739104-3107430099-1915606239-1000..\Run: [DAEMON Tools Lite] D:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-2108739104-3107430099-1915606239-1000..\Run: [ICQ] d:\Program Files (x86)\ICQ7.6\ICQ.exe (ICQ, LLC.)
O4 - HKU\S-1-5-21-2108739104-3107430099-1915606239-1000..\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe (Acresso Corporation)
O4 - HKU\S-1-5-21-2108739104-3107430099-1915606239-1000..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] d:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: An OneNote s&enden - D:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - D:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8:64bit: - Extra context menu item: Open with Nuance PDF Converter 7 - D:\Program Files (x86)\Nuance\PDF Professional 7\cnvres_eng.dll (Nuance Communications, Inc.)
O8 - Extra context menu item: An OneNote s&enden - D:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - D:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Open with Nuance PDF Converter 7 - D:\Program Files (x86)\Nuance\PDF Professional 7\cnvres_eng.dll (Nuance Communications, Inc.)
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - d:\Program Files (x86)\ICQ7.6\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - d:\Program Files (x86)\ICQ7.6\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - D:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - D:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{24764378-0C4A-436A-AC70-FD84A931BC07}: NameServer = 139.7.30.126 139.7.30.125
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7F90062A-0C59-4146-8AE6-8C198C4CD8FD}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{ACCD6DDD-3DB9-4E91-A51C-2421A157DEDF}: DhcpNameServer = 212.23.115.132 212.23.115.148
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O18:64bit: - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Programme\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18:64bit: - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Programme\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18 - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18 - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - D:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{1ce14d40-bb9a-11e0-9cea-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{1ce14d40-bb9a-11e0-9cea-806e6f6e6963}\Shell\AutoRun\command - "" = F:\aoesetup.exe /autorun
O33 - MountPoints2\{1ce14d40-bb9a-11e0-9cea-806e6f6e6963}\Shell\directx\command - "" = F:\DirectX\dxsetup.exe
O33 - MountPoints2\{1ce14d40-bb9a-11e0-9cea-806e6f6e6963}\Shell\dplay\command - "" = F:\DirectX\dplay61a.exe
O33 - MountPoints2\{1ce14d40-bb9a-11e0-9cea-806e6f6e6963}\Shell\dxdiag\command - "" = F:\goodies\ar40deu.exe
O33 - MountPoints2\{1ce14d40-bb9a-11e0-9cea-806e6f6e6963}\Shell\dxinfo\command - "" = F:\goodies\DirectX\dxinfo.exe
O33 - MountPoints2\{1ce14d40-bb9a-11e0-9cea-806e6f6e6963}\Shell\dxtest\command - "" = F:\DirectX\dxdiag.exe
O33 - MountPoints2\{1ce14d40-bb9a-11e0-9cea-806e6f6e6963}\Shell\dxtool\command - "" = F:\goodies\DirectX\dxtool.exe
O33 - MountPoints2\{1ce14d40-bb9a-11e0-9cea-806e6f6e6963}\Shell\log\command - "" = F:\goodies\machine\machine.exe -l
O33 - MountPoints2\{1ce14d40-bb9a-11e0-9cea-806e6f6e6963}\Shell\machine\command - "" = F:\goodies\machine\machine.exe
O33 - MountPoints2\{1ce14d40-bb9a-11e0-9cea-806e6f6e6963}\Shell\setup\command - "" = F:\aoesetup.exe /autorun
O33 - MountPoints2\{1ce14d40-bb9a-11e0-9cea-806e6f6e6963}\Shell\zone\command - "" = F:\goodies\mszone\zonea600.exe
O33 - MountPoints2\{23223ebe-860c-11e1-bbb9-485b399c3e6e}\Shell - "" = AutoRun
O33 - MountPoints2\{23223ebe-860c-11e1-bbb9-485b399c3e6e}\Shell\AutoRun\command - "" = G:\Startme.exe
O33 - MountPoints2\{28bace54-babc-11e0-a37d-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{28bace54-babc-11e0-a37d-806e6f6e6963}\Shell\AutoRun\command - "" = E:\autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (6)\*)
O34 - HKLM BootExecute: (O\*)
O34 - HKLM BootExecute: (OOD)
O34 - HKLM BootExecute: (OODBS)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 60 Days ==========
 
[2012.09.14 13:17:17 | 000,597,504 | ---- | C] (OldTimer Tools) -- C:\Users\*\Desktop\OTL.exe
[2012.09.14 10:13:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012.09.14 10:12:55 | 002,322,184 | ---- | C] (ESET) -- C:\Users\*\Desktop\esetsmartinstaller_enu.exe
[2012.09.14 09:38:40 | 000,123,520 | ---- | C] (ZTE Incorporated) -- C:\Windows\SysNative\drivers\ZTEusbser6k.sys
[2012.09.14 09:38:40 | 000,123,520 | ---- | C] (ZTE Incorporated) -- C:\Windows\SysNative\drivers\ZTEusbnmea.sys
[2012.09.14 09:38:40 | 000,123,520 | ---- | C] (ZTE Incorporated) -- C:\Windows\SysNative\drivers\ZTEusbmdm6k.sys
[2012.09.14 09:38:40 | 000,011,776 | ---- | C] (MBB Incorporated) -- C:\Windows\SysNative\drivers\massfilter.sys
[2012.09.14 09:38:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\1&1 Surf-Stick
[2012.09.13 15:52:08 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Roaming\Malwarebytes
[2012.09.13 15:51:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.09.13 15:51:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.09.13 15:51:16 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.09.13 15:49:09 | 010,524,080 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\*\Desktop\malware (3).exe
[2012.09.13 15:04:45 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{BA1FD8C4-17B0-4503-9F27-634B0EFE0A52}
[2012.09.12 11:29:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2012.09.12 11:29:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012.09.12 11:26:29 | 017,653,976 | ---- | C] (Mozilla) -- C:\Users\*\Desktop\malware (1).exe
[2012.09.12 08:47:26 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{E9EDE448-3830-436F-B1C6-E602769228A9}
[2012.09.12 02:01:44 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\RNDISMP.sys
[2012.09.12 02:01:43 | 000,574,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll
[2012.09.12 02:01:41 | 000,376,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\netio.sys
[2012.09.12 02:01:41 | 000,288,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS
[2012.09.08 13:15:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Virtual Router
[2012.09.08 13:15:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Virtual Router
[2012.08.28 21:10:38 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\Chris_Pietschmann_(http__
[2012.08.28 21:08:41 | 000,000,000 | ---D | C] -- C:\UserData
[2012.08.28 20:47:03 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\SupportAppCB
[2012.08.27 08:46:17 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Roaming\Zeon
[2012.08.26 16:05:59 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Roaming\FLEXnet
[2012.08.22 13:54:58 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Roaming\Nuance
[2012.08.22 13:54:52 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2012.08.22 13:54:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Nuance
[2012.08.22 13:54:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nuance PDF Converter Professional 7
[2012.08.22 13:54:22 | 000,000,000 | ---D | C] -- C:\Windows\PIXTRAN
[2012.08.22 13:53:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ScanSoft Shared
[2012.08.22 13:53:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Zeon
[2012.08.22 13:53:29 | 000,000,000 | ---D | C] -- C:\ProgramData\FLEXnet
[2012.08.16 06:54:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite
[2012.08.16 06:53:30 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{463A350C-1AC3-4D0C-B327-87FCBAC00764}
[2012.08.16 06:53:12 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{5A722665-B236-4EC4-8411-393767937BAA}
[2012.08.15 10:17:39 | 000,751,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll
[2012.08.15 10:17:39 | 000,492,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll
[2012.08.15 10:17:39 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\splwow64.exe
[2012.08.15 10:17:33 | 000,503,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\srcore.dll
[2012.08.15 10:17:30 | 000,911,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012.08.15 10:17:29 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012.08.15 10:17:29 | 000,609,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2012.08.15 10:17:27 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netapi32.dll
[2012.08.15 10:17:27 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\browcli.dll
[2012.08.15 10:17:27 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\browcli.dll
[2012.08.15 10:17:13 | 000,735,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012.08.15 10:17:13 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012.08.15 10:17:13 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012.08.15 10:17:13 | 000,134,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012.08.15 10:17:13 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012.08.15 10:17:13 | 000,097,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012.08.15 10:17:13 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012.08.15 10:16:50 | 000,956,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\localspl.dll
[2012.08.14 09:17:47 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{3FECEA40-17D1-4B9A-8152-C2612C40CF75}
[2012.08.14 09:17:14 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{79D0E910-6A90-4CCD-9FCD-67D13AF3B8EB}
[2012.08.12 07:38:44 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{DB5C4CB0-A938-415E-A4A3-7C5D065675D6}
[2012.08.11 19:37:56 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{1D0B88CF-2B7B-4B24-9C3C-DC67265A890D}
[2012.08.11 19:37:21 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{FB8DE1CE-92D2-4DD5-A855-5E66ABDD6CA9}
[2012.08.04 10:10:12 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{E87E9169-9EDE-4DC6-8CCC-CC2D8277F5BB}
[2012.08.03 22:09:26 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{F9353D21-C635-43D7-BA10-4ED51AE80AAF}
[2012.08.03 10:08:41 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{AF06A3C4-F55C-4F7E-A40A-35057035A76B}
[2012.08.02 22:07:52 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{B6C7207D-8B92-4901-8456-E232835A4911}
[2012.08.02 10:07:04 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{93E5EF85-06A7-4FF7-BA79-360671AF956A}
[2012.08.01 07:13:06 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Roaming\TuneUp Software
[2012.08.01 07:12:55 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software
[2012.08.01 07:12:44 | 000,000,000 | -HSD | C] -- C:\ProgramData\{32364CEA-7855-4A3C-B674-53D8E9B97936}
[2012.08.01 07:12:44 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2012.08.01 07:11:38 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Roaming\DVDVideoSoft
[2012.07.31 21:16:50 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{F68C03EF-C01D-4B56-932E-A6F7BDB6AC0F}
[2012.07.31 21:16:16 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{FBB03146-993C-4042-A546-0ABBC75F7D1D}
[2012.07.31 21:07:53 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2012.07.29 17:30:15 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\Macromedia
[2012.07.29 17:29:36 | 000,696,520 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012.07.29 17:28:20 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{8128FB8D-D4D9-4138-9FCF-456F939A63D9}
[2012.07.29 17:27:45 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{6EDB73E5-39A2-4EDE-B8BD-4B0110D6D715}
[2012.07.29 15:33:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012.07.29 15:33:31 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012.07.29 15:33:30 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[18 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[12 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
 
========== Files - Modified Within 60 Days ==========
 
[2012.09.14 13:17:24 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\*\Desktop\OTL.exe
[2012.09.14 12:44:13 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.09.14 10:12:57 | 002,322,184 | ---- | M] (ESET) -- C:\Users\*\Desktop\esetsmartinstaller_enu.exe
[2012.09.14 09:42:46 | 002,373,432 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.09.14 09:42:46 | 001,160,724 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.09.14 09:42:46 | 000,686,066 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.09.14 09:42:46 | 000,605,762 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.09.14 09:42:46 | 000,006,264 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.09.14 09:38:35 | 000,000,707 | ---- | M] () -- C:\Users\Public\Desktop\1&1 Surf-Stick.lnk
[2012.09.13 15:51:17 | 000,000,790 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.09.13 15:50:44 | 010,524,080 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\*\Desktop\malware (3).exe
[2012.09.13 15:10:33 | 000,021,072 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.09.13 15:10:33 | 000,021,072 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.09.13 15:03:13 | 000,000,432 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.ics
[2012.09.13 15:02:32 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.09.13 15:02:29 | 3219,513,344 | -HS- | M] () -- C:\hiberfil.sys
[2012.09.13 15:02:28 | 000,084,165 | ---- | M] () -- C:\Windows\SysNative\oodbs.lor
[2012.09.13 14:59:31 | 000,512,399 | ---- | M] () -- C:\Users\*\Desktop\malware (2).exe
[2012.09.13 11:24:14 | 009,081,315 | ---- | M] () -- C:\Users\*\Desktop\malware (1).mp3
[2012.09.12 11:26:56 | 017,653,976 | ---- | M] (Mozilla) -- C:\Users\*\Desktop\malware (1).exe
[2012.09.12 11:10:38 | 000,696,520 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012.09.12 11:10:38 | 000,073,416 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012.09.08 13:15:45 | 000,002,619 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Virtual Router Manager.lnk
[2012.09.07 17:04:46 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.08.28 20:51:01 | 001,059,840 | ---- | M] () -- C:\Users\*\Desktop\malware (1).msi
[2012.08.22 20:12:40 | 000,376,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\netio.sys
[2012.08.22 20:12:33 | 000,288,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS
[2012.08.22 13:54:24 | 000,000,838 | ---- | M] () -- C:\Users\Public\Desktop\PDF Converter Professional.lnk
[2012.08.16 06:54:18 | 000,000,857 | ---- | M] () -- C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
[2012.08.16 03:22:06 | 000,416,408 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.08.13 11:34:14 | 000,036,862 | ---- | M] () -- C:\Users\*\Desktop\tumblr_m5zv21VF6H1r12333.jpg
[2012.08.02 19:58:52 | 000,574,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll
[2012.08.01 07:12:42 | 000,000,009 | ---- | M] () -- C:\END
[2012.07.29 15:33:46 | 000,001,572 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[18 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[12 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.09.14 09:38:27 | 000,000,707 | ---- | C] () -- C:\Users\Public\Desktop\1&1 Surf-Stick.lnk
[2012.09.13 15:51:17 | 000,000,790 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.09.13 14:59:22 | 000,512,399 | ---- | C] () -- C:\Users\*\Desktop\malware (2).exe
[2012.09.13 11:22:28 | 009,081,315 | ---- | C] () -- C:\Users\*\Desktop\malware (1).mp3
[2012.09.12 11:29:23 | 000,000,799 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012.09.08 13:15:45 | 000,002,619 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Virtual Router Manager.lnk
[2012.08.28 21:08:41 | 000,000,557 | ---- | C] () -- C:\NetworkCfg.xml
[2012.08.28 20:50:48 | 001,059,840 | ---- | C] () -- C:\Users\*\Desktop\malware (1).msi
[2012.08.22 13:54:24 | 000,000,838 | ---- | C] () -- C:\Users\Public\Desktop\PDF Converter Professional.lnk
[2012.08.16 06:54:18 | 000,000,857 | ---- | C] () -- C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
[2012.08.13 11:34:13 | 000,036,862 | ---- | C] () -- C:\Users\*\Desktop\tumblr_m5zv21VF6H1r12333.jpg
[2012.08.01 07:12:41 | 000,000,009 | ---- | C] () -- C:\END
[2012.07.29 17:29:45 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.07.29 15:33:46 | 000,001,572 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012.05.10 16:35:16 | 000,029,184 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2012.05.01 11:59:36 | 000,040,960 | R--- | C] () -- C:\Windows\IGLobbyReg.exe
[2012.04.22 11:44:54 | 001,604,982 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.02.15 04:36:36 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012.02.15 04:36:36 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2011.10.25 22:21:34 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\OVDecoder.dll
[2011.09.13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011.09.09 00:00:58 | 000,001,745 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBPowerAMP Mp2 and BwfMp2 codec.dat
[2011.09.09 00:00:49 | 000,001,241 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp Dalet Codec.dat
[2011.09.09 00:00:40 | 000,003,024 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp FLAC Codec.dat
[2011.09.09 00:00:23 | 000,003,297 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp m4a Codec.dat
[2011.09.09 00:00:08 | 000,003,149 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp Monkeys Audio Codec.dat
[2011.09.08 23:59:51 | 000,003,009 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp Ogg Vorbis Codec.dat
[2011.09.08 23:59:35 | 000,003,018 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp WavPack Codec.dat
[2011.09.08 23:59:17 | 000,003,190 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp Windows Media Audio 10 Codec.dat
[2011.09.08 23:56:01 | 000,011,412 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBPowerAMP Real Audio (Helix) Encoder.dat
[2011.09.08 23:55:09 | 000,013,082 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp DSP Effects.dat
[2011.09.08 23:55:04 | 000,513,200 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall.exe
[2011.09.08 23:55:04 | 000,018,038 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp Music Converter.dat
[2011.07.31 19:38:07 | 000,000,977 | ---- | C] () -- C:\Windows\eReg.dat
[2011.07.31 18:11:22 | 000,015,873 | ---- | C] () -- C:\Windows\SysWow64\Inetde.dll
[2011.07.30 17:24:37 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
 
========== LOP Check ==========
 
[2012.05.19 14:51:01 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\ASCON Installer
[2012.07.29 21:18:05 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\BOM
[2012.08.16 06:54:30 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\DAEMON Tools Lite
[2012.08.02 13:13:06 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\DVDVideoSoft
[2011.08.30 18:15:51 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\HD Tune Pro
[2012.09.06 10:42:42 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\ICQ
[2012.08.27 11:06:54 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Nuance
[2011.11.06 22:21:17 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\redsn0w
[2012.05.13 21:54:03 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Sony
[2011.08.28 17:15:10 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\TeamViewer
[2011.09.17 10:27:41 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Thinstall
[2011.07.31 21:56:50 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\TS3Client
[2012.08.01 07:13:06 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\TuneUp Software
[2012.08.27 08:46:17 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Zeon
[2009.07.14 07:08:49 | 000,021,546 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >
--- --- ---


OTL Logfile:
Code:
OTL Extras logfile created on: 14.09.2012 13:20:06 - Run 1
OTL by OldTimer - Version 3.2.55.0    Folder = C:\Users\*\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,01 Gb Available Physical Memory | 50,18% Memory free
7,99 Gb Paging File | 5,79 Gb Available in Paging File | 72,41% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 95,92 Gb Total Space | 22,01 Gb Free Space | 22,95% Space Free | Partition Type: NTFS
Drive D: | 202,07 Gb Total Space | 75,02 Gb Free Space | 37,13% Space Free | Partition Type: NTFS
 
Computer Name: * | User Name: * | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 60 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-2108739104-3107430099-1915606239-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- d:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "D:\Program Files (x86)\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "D:\Program Files (x86)\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "D:\Program Files (x86)\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "D:\Program Files (x86)\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0EDA83B0-27FA-432D-BC55-A5E3F6624E89}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{11C2953C-8A09-4752-ABC3-DFF2F67AC620}" = rport=137 | protocol=17 | dir=out | app=system |
"{142BD99D-EEA4-488D-B1EF-993DE5037FBA}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{1AB28611-F8C8-43B1-8BC5-AEEA4B48D81F}" = rport=138 | protocol=17 | dir=out | app=system |
"{1E8F0BD9-8BFD-42CC-80F1-8B7A425A5A03}" = lport=139 | protocol=6 | dir=in | app=system |
"{21B7DB3B-1294-4962-94B5-DBB035B98F10}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{2E83DBF8-7AAA-43C2-A5E1-385953B3DE6E}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{32B8D5C5-B0E6-40FF-9615-55BD4FBC4A95}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{39F90102-78D5-4CA3-A9E8-D5637089880B}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{592D1880-9092-46E6-9D55-FD8768BD5E2D}" = lport=137 | protocol=17 | dir=in | app=system |
"{63E37F15-8F55-4C7F-917B-83DD52396C0D}" = lport=2869 | protocol=6 | dir=in | app=system |
"{641B1646-02C8-4B4A-8404-C8F0E7A6E1C1}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{77A4B856-3874-40F0-B0F9-77C4E608B4A3}" = lport=445 | protocol=6 | dir=in | app=system |
"{78F1B588-6447-468B-8C4F-2A1F367AE9BF}" = lport=6004 | protocol=17 | dir=in | app=d:\program files (x86)\microsoft office\office14\outlook.exe |
"{7CCE254C-C526-4D09-815A-28C219BD2190}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{839F8424-C177-458D-AE0C-7F8E48CC02E3}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{85D535D4-552A-42C1-A80B-DF825F4526DD}" = lport=10243 | protocol=6 | dir=in | app=system |
"{9402DE2B-AF9A-410B-85AB-58798DD82F31}" = rport=445 | protocol=6 | dir=out | app=system |
"{AD7C0946-47EC-4CB8-8837-DDD8C3D458EB}" = rport=2869 | protocol=6 | dir=out | app=system |
"{AF0E0674-CB7D-4DB1-98D6-5B886DD506E5}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B7A388F0-64B0-4321-B5EE-C4D903B25C82}" = lport=2869 | protocol=6 | dir=in | app=system |
"{BB6AAB5D-39B0-4887-9EE6-27C6E018CE52}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{BB9A8162-5BBB-4267-81A3-CF0F66887C1E}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{C61E4086-4B74-4955-9AE1-497BAC9A3479}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{DA565AB0-7B60-4562-8516-594349DE98D4}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{DF8F2213-AEDD-4676-B365-BAC7A8DCA73A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E11849E7-1823-4612-98CC-BAB229565FE6}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{E6629363-C61B-4193-9F5F-089A676FA7A3}" = rport=10243 | protocol=6 | dir=out | app=system |
"{F28DB96F-3DFC-4588-91EF-688B98A48BB4}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F627736A-9C07-4E74-B7A4-B933102C72CC}" = rport=139 | protocol=6 | dir=out | app=system |
"{FA2BE645-E9CB-404D-947C-216FDD55352D}" = lport=138 | protocol=17 | dir=in | app=system |
"{FFF1CF93-F39A-4493-8FE4-205057936DC4}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00335AD6-9D52-422F-BB4A-4EDACA2EBD94}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{01C67AC3-DA4A-427A-AA33-63691E6B2A21}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{0283E26D-0198-43BB-ADF7-3D2824DAB2AB}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{04BE022C-00E8-4917-B65B-0FDE163AEEAC}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{06414655-B036-4C2C-89AF-ED94410E8128}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{093B7FDE-52ED-4F8E-A47D-64433859B5A0}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{16A3165C-21B9-415C-8BB1-58A8FE9D7CC7}" = protocol=17 | dir=in | app=c:\program files (x86)\easy downloads\easydownloads.exe |
"{279F2BE1-C74D-4258-BB01-C2CC18D93E69}" = protocol=17 | dir=in | app=d:\program files (x86)\icq7.6\icq.exe |
"{2AE1BFEE-E110-4F50-BCF3-4DDB6E90E3CE}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{34FC590E-6696-46C0-A88C-69154452F74E}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe |
"{36FC5ED4-EC32-4A9A-88AB-23C13B75249C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{37CD80CF-639D-4A94-98A2-CC327BD7DA89}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 |
"{3A7EC22D-4AF7-4FB1-BB80-6187FD3C61C7}" = protocol=6 | dir=in | app=c:\program files (x86)\easy downloads\easydownloads.exe |
"{51A1807D-81C2-49E1-8C2D-EFEB5A171A3A}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{5AD1A7F5-9E7D-4C66-86C3-60D0930C5C14}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{5D67BD0C-7324-4CD0-8E79-89FE4855E038}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{6178BA41-7D8D-4D7E-ADA6-090CAA6A1B70}" = protocol=17 | dir=in | app=c:\program files (x86)\easy downloads\easydl.exe |
"{672051A8-4011-48F2-8F4B-290FB7F10CDC}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe |
"{682953B7-AE56-4E25-BF71-1E67E43C65B8}" = protocol=17 | dir=in | app=d:\program files (x86)\ps3 media server\pms.exe |
"{704F7AE3-9138-42E4-8C2C-E120C852B9A2}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{73E0BB44-3A36-46E7-8CCC-56E98EC1370E}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{766008AF-E49C-4DC8-964E-553EBA32C59C}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{787D0C2A-2943-44B6-8194-55B21438E82B}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{79B494BD-05F4-4078-B23E-7F8BB7F3B930}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{7BB14A4F-EDC1-42CC-8F9F-C3B9E9584960}" = protocol=6 | dir=in | app=d:\program files (x86)\ps3 media server\pms.exe |
"{7F875149-9A43-483E-B98F-2645755B1266}" = dir=in | app=d:\program files (x86)\itunes\itunes.exe |
"{876E6A99-2FCA-47C5-8BBE-EDB591DEE538}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 |
"{896C4C03-8AD8-496E-8DF0-19E403DA1E99}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{8AFB2DAA-E1E9-4E7A-B618-6E828817427F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{8CCD9234-F593-41C2-B1B4-B2B7773D0212}" = protocol=6 | dir=out | app=system |
"{8E0B24AC-A7DD-4E7A-9217-58CA3AA2D1BB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8E214F9F-23CB-4E24-AE02-73C4AEE997C3}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{903A6FAE-1D4A-45A4-92C8-325F579E3FEE}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{90C263B9-6C45-4CDB-B033-7AC002DA29AE}" = protocol=6 | dir=in | app=d:\program files (x86)\microsoft office\office14\groove.exe |
"{9EA99183-507A-4152-AD62-F96F9DDF1DB6}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A01770D8-4147-45AB-9DFD-33857FF2D698}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe |
"{A61CC20E-270F-441F-8486-8376F4E49754}" = protocol=17 | dir=in | app=d:\program files (x86)\microsoft office\office14\onenote.exe |
"{A7CDCAD7-9205-4655-893E-F55B954E0716}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe |
"{AE9544A0-ACB0-4873-A798-EA1B319C96FB}" = protocol=17 | dir=in | app=d:\program files (x86)\icq7.6\icq.exe |
"{B072EF32-2E13-4326-B0C8-FDF8C8382D3A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B34D98D1-FC6B-4441-A622-D6506A4717AC}" = protocol=17 | dir=in | app=d:\program files (x86)\microsoft office\office14\groove.exe |
"{C586B53B-B964-4113-94A2-7C4DF96F9ED8}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{C7BC6012-DFE4-44C3-A488-B8D00331F4DA}" = protocol=17 | dir=in | app=c:\program files (x86)\sony ericsson\update engine\sony ericsson update engine.exe |
"{CC3A49F6-31DE-46DF-B05D-31F78321905B}" = protocol=6 | dir=in | app=d:\program files (x86)\microsoft office\office14\onenote.exe |
"{CF6399B2-620C-45C1-9F36-E376C23F7EF6}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{D11951E6-C703-4FC7-B327-C0C1753B4E3B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{D9F80F44-7349-4EA1-96C5-01D5E954F865}" = protocol=6 | dir=in | app=d:\program files (x86)\icq7.6\icq.exe |
"{E28D0E79-C552-411F-9DD8-77D92F3DF39E}" = protocol=58 | dir=in | app=system |
"{EA77DC6E-939A-4BB3-B362-62C3EAEEBB88}" = protocol=6 | dir=in | app=c:\program files (x86)\sony ericsson\update engine\sony ericsson update engine.exe |
"{EE7AAC3A-6060-4B2F-9EDD-2DCCEF3EA97B}" = protocol=6 | dir=in | app=d:\program files (x86)\icq7.6\icq.exe |
"{FAE5915E-A1F0-4FF7-9085-75484590B986}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{FDF3374F-6ED2-42B8-8903-4D16DDE3FBB2}" = protocol=6 | dir=in | app=c:\program files (x86)\easy downloads\easydl.exe |
"TCP Query User{36910637-98BE-47F9-BC8A-4410B057F05C}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
"TCP Query User{4240073D-316F-4C7F-9986-9BFA276588E9}D:\program files (x86)\ea games\command & conquer generals zero hour\game.dat" = protocol=6 | dir=in | app=d:\program files (x86)\ea games\command & conquer generals zero hour\game.dat |
"TCP Query User{5C08ED59-AC5B-41CB-AE82-5E7EC50DC078}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"TCP Query User{BCCB8D2C-E2C9-4696-90ED-BC6AD76E0C7D}D:\program files (x86)\microsoft games\age of empires ii\empires2.icd" = protocol=6 | dir=in | app=d:\program files (x86)\microsoft games\age of empires ii\empires2.icd |
"UDP Query User{11E37A08-E842-4D80-A226-795D76C3A086}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
"UDP Query User{17FF11C0-2014-4D2F-87BA-C02C7577A481}D:\program files (x86)\microsoft games\age of empires ii\empires2.icd" = protocol=17 | dir=in | app=d:\program files (x86)\microsoft games\age of empires ii\empires2.icd |
"UDP Query User{3C6FCD97-55B6-4B6D-90EF-25611139CD6C}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"UDP Query User{427D142D-94DB-4C38-B378-D08F73C27ED5}D:\program files (x86)\ea games\command & conquer generals zero hour\game.dat" = protocol=17 | dir=in | app=d:\program files (x86)\ea games\command & conquer generals zero hour\game.dat |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00CE7326-01AA-44C5-A323-45E52C5D4D0D}" = O&O Defrag Professional
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{0CB2E2BC-A312-5821-C5C7-A295A1BEFD08}" = AMD Catalyst Install Manager
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1934BCF7-A63A-4C1F-809D-2B33C8F03B8F}" = O&O PartitionManager Professional
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{21D0374C-C358-0748-CAF9-7CBE65EB6FFF}" = AMD Fuel
"{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1" = Media Player Classic - Home Cinema v1.5.0.2827 x64
"{42A2440F-7A5D-6956-3EF0-815814399EAA}" = AMD Accelerated Video Transcoding
"{4E021D2A-16ED-4FFF-87CB-774F4F62A1A1}" = ccc-utility64
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{572788F2-0AB7-FA0E-6E91-B98044F4B7E6}" = AMD Media Foundation Decoders
"{6A76BEAF-6D1F-4273-A79B-DA8410A2E56B}" = Apple Mobile Device Support
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{840A3BAA-4C68-4581-9C7A-6F8D6CF531B9}" = iTunes
"{8B485965-8EFE-464A-842F-CF8F18C3DFD7}" = iCloud
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{ADED6869-D6D1-671E-9653-3782C21FA809}" = AMD Drag and Drop Transcoding
"{DA2737A4-B639-96F4-1CC2-30D2919EE1FB}" = AMD Steady Video Plug-In
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F84EB50D-0FCA-4E59-B18A-44CFA6BD7687}" = Nuance PDF Converter Professional 7
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"WinRAR archiver" = WinRAR 4.01 (64-Bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01E9B2FF-DAF4-4529-9CC9-2101625517C7}" = nero.prerequisites.msi
"{034DCAF9-96E7-4936-9A07-712F80B5181E}" = Nero RescueAgent 11
"{068724F8-D8BE-4B43-8DDD-B9FE9E49FD76}" = Scansoft PDF Professional
"{06F80017-8F98-4C94-B868-52358569FC32}" = Command & Conquer Generals
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}" = PlayStation(R)Store
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{11D3EF85-63E1-4AE4-A7C1-9241BDB16B51}" = Nero ControlCenter 11
"{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
"{14DDF23F-414A-46DB-4762-56569080292C}" = CCC Help Russian
"{1A4E47DC-6701-4A85-AA16-C1F99A44598C}" = SpellForce 2 - Shadow Wars
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FCC8C70-66B9-420D-942C-2C2A8441C744}" = Imperial Glory
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{21D6A73A-48E6-2195-C408-2158273A914E}" = Catalyst Control Center Localization All
"{2596DB11-997F-FC5B-F5C2-737623D9D8B6}" = AMD VISION Engine Control Center
"{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java(TM) 7 Update 5
"{28904D9A-13A6-ECA2-48D8-21542759D998}" = CCC Help Polish
"{2C8BBDA6-79A7-B2DE-3E5B-287E7F667C67}" = CCC Help Danish
"{2E119961-E99B-C147-9AC3-A93683172DC1}" = CCC Help Swedish
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{44ED90A1-453B-5C9A-D9ED-80D8AB0258B8}" = CCC Help Thai
"{45E00595-897E-64B6-28F9-5D0927EBA4A5}" = CCC Help Chinese Standard
"{46DE5F4E-BA8B-AC9E-0EED-05B7D93AD215}" = CCC Help Spanish
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{53F7746A-96AA-49A5-86B8-59989680DAC5}" = Nero Burning ROM 11 Help (CHM)
"{5B04E832-4530-B8FF-F742-8BE25ADD43BD}" = CCC Help German
"{5D58EACA-0317-4CFF-9E13-53CCD525DE32}" = Catalyst Control Center InstallProxy
"{5ED93D68-5EAA-9343-9B74-B1E276217264}" = CCC Help Dutch
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6D185295-DE89-9C39-18E6-310C148836EB}" = CCC Help Chinese Traditional
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71A8F958-D272-E262-7C9A-7B8F713EE0C3}" = CCC Help French
"{7513D3F0-55BC-273C-7A53-488394EDBFCC}" = CCC Help Italian
"{7644E42D-B096-457F-8B5B-901238FC81AE}" = ICQ7.6
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79AA9BFA-F962-A1E9-71CE-D0887A92444C}" = CCC Help Portuguese
"{7ACEF1BF-9306-5AD7-5F30-ECE72A81E924}" = CCC Help Finnish
"{7FA1DAFD-AF55-E915-FD92-F269443A2ADF}" = Media Go Video Playback Engine 1.88.110.12050
"{7FB413C8-3CAD-49F7-A67C-6EFEB4B04050}" = LogMeIn Hamachi
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{8927E07C-97F7-4A54-88FB-D976F50DD46E}" = Turbo Lister 2
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DB05F7E-1F7A-4CC0-882F-375B97F04CD4}" = Virtual Router v0.9 Beta
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C1EC871-05B9-03B7-96F6-9BD5C0D8F41D}" = Catalyst Control Center Graphics Previews Common
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{A9E5EDA7-2E6C-49E7-924B-A32B89C24A04}" = 1&1 Surf-Stick
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.1) - Deutsch
"{B1846721-A8E6-46C7-83B6-0DCF7ADB4267}" = Nero Burning ROM 11
"{B6659DD8-00A7-4A24-BBFB-C1F6982E5D66}" = PlayStation(R)Network Downloader
"{BEBEE34D-84A2-4EDD-8BEA-96CC54371263}" = Nero Core Components 11
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C4129D57-5C83-3BF0-A11A-3798C008C6C7}" = CCC Help Greek
"{C82C515A-CAE3-44B3-B5CC-81C5E4A92E8F}" = Nero Prerequisite Installer 1.0
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D01CE99A-8802-483C-A79F-298B691EB432}" = Nero RescueAgent 11 Help (CHM)
"{D0BC4101-6C30-ECFF-F693-63408134F29B}" = CCC Help Czech
"{D2402DAD-B180-A4A0-261D-4A8933BFBFEE}" = CCC Help Japanese
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D4D66270-9147-4BDF-9946-FCA2B303AA8F}" = Nero ControlCenter 11 Help (CHM)
"{DA7E8D81-2B14-415B-8FC5-02CE4CF9F839}" = CCC Help Hungarian
"{DB3FBD3C-A061-34C9-0A2B-6CCDD8C96640}" = CCC Help Turkish
"{DBF1AE39-DA30-4B89-A7EB-3BDA675C5D9E}" = Media Go
"{E086E914-2928-48F9-364B-0C715DFF6A45}" = CCC Help Korean
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E656D89A-8CBB-497F-918F-8361A4071C26}" = Nero Burning ROM 11
"{E8F30BD6-ABAB-C24E-E9A7-BF67EB96152C}" = CCC Help Norwegian
"{E9A5B6CD-7ABB-F295-2E11-F25BC322FF80}" = CCC Help English
"{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}" = Sony PC Companion 2.10.053
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F3E9C243-122E-4D6B-ACC1-E1FEC02F6CA1}" = Command and ConquerTM Generals Zero Hour
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Age of Empires 2.0" = Microsoft Age of Empires II
"Avira AntiVir Desktop" = Avira Free Antivirus
"AviSynth" = AviSynth 2.5
"Biet-O-Matic v2.14.8" = Biet-O-Matic v2.14.8
"DAEMON Tools Lite" = DAEMON Tools Lite
"DAEMON Tools Toolbar" = DAEMON Tools Toolbar
"dBpoweramp Dalet Codec" = dBpoweramp Dalet Codec
"dBpoweramp DSP Effects" = dBpoweramp DSP Effects
"dBpoweramp FLAC Codec" = dBpoweramp FLAC Codec
"dBpoweramp m4a Codec" = dBpoweramp m4a Codec
"dBpoweramp Monkeys Audio Codec" = dBpoweramp Monkeys Audio Codec
"dBPowerAMP Mp2 and BwfMp2 codec" = dBPowerAMP Mp2 and BwfMp2 codec
"dBpoweramp Music Converter" = dBpoweramp Music Converter
"dBpoweramp Ogg Vorbis Codec" = dBpoweramp Ogg Vorbis Codec
"dBPowerAMP Real Audio (Helix) Encoder" = dBPowerAMP Real Audio (Helix) Encoder
"dBpoweramp WavPack Codec" = dBpoweramp WavPack Codec
"dBpoweramp Windows Media Audio 10 Codec" = dBpoweramp Windows Media Audio 10 Codec
"ESET Online Scanner" = ESET Online Scanner v3
"FLAC To MP3_is1" = FLAC To MP3 V4.0.4
"HD Tune Pro_is1" = HD Tune Pro 4.61
"InstallShield_{06F80017-8F98-4C94-B868-52358569FC32}" = Command & Conquer Generals
"InstallShield_{F3E9C243-122E-4D6B-ACC1-E1FEC02F6CA1}" = Command and ConquerTM Generals Zero Hour
"LogMeIn Hamachi" = LogMeIn Hamachi
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.0.1400
"Mozilla Firefox 15.0.1 (x86 de)" = Mozilla Firefox 15.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NeroVision!UninstallKey" = Nero Digital
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"TeamViewer 7" = TeamViewer 7
"Update Engine" = Sony Ericsson Update Engine
"Videora iPod Converter" = Videora iPod Converter 6
"WinLiveSuite" = Windows Live Essentials
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 14.09.2012 03:37:18 | Computer Name = * | Source = RasClient | ID = 20227
Description =
 
Error - 14.09.2012 03:37:30 | Computer Name = * | Source = RasClient | ID = 20227
Description =
 
Error - 14.09.2012 03:39:25 | Computer Name = * | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "d:\Program Files
 (x86)\1&1 Surf-Stick\Component\BKATProtocol.dll".  Die abhängige Assemblierung "Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 14.09.2012 03:39:25 | Computer Name = * | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "d:\Program Files
 (x86)\1&1 Surf-Stick\Component\BKATProtocol.dll".  Die abhängige Assemblierung "Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 14.09.2012 03:42:43 | Computer Name = * | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung
 werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter
 ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste
 DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich
 und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
 
Error - 14.09.2012 03:42:43 | Computer Name = * | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung
 werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter
 ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste
 DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich
 und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
 
Error - 14.09.2012 03:42:43 | Computer Name = * | Source = Microsoft-Windows-LoadPerf | ID = 3011
Description = Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren
 für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich.
 
Error - 14.09.2012 04:12:56 | Computer Name = * | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\*\Desktop\esetsmartinstaller_enu.exe". Fehler in  Manifest- oder Richtliniendatei
 "" in Zeile .  Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt
 mit  einer anderen, bereits aktiven Komponentenversion.  In Konflikt stehende Komponenten:.
Komponente
 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error - 14.09.2012 04:12:57 | Computer Name = * | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\*\Desktop\esetsmartinstaller_enu.exe". Fehler in  Manifest- oder Richtliniendatei
 "" in Zeile .  Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt
 mit  einer anderen, bereits aktiven Komponentenversion.  In Konflikt stehende Komponenten:.
Komponente
 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error - 14.09.2012 04:13:01 | Computer Name = * | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\*\Desktop\esetsmartinstaller_enu.exe". Fehler in  Manifest- oder Richtliniendatei
 "" in Zeile .  Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt
 mit  einer anderen, bereits aktiven Komponentenversion.  In Konflikt stehende Komponenten:.
Komponente
 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
[ System Events ]
Error - 13.09.2012 10:24:42 | Computer Name = * | Source = atapi | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden.
 
Error - 13.09.2012 10:24:42 | Computer Name = * | Source = atapi | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden.
 
Error - 13.09.2012 10:24:42 | Computer Name = * | Source = atapi | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden.
 
Error - 13.09.2012 10:24:42 | Computer Name = * | Source = atapi | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden.
 
Error - 13.09.2012 10:24:42 | Computer Name = * | Source = atapi | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden.
 
Error - 13.09.2012 10:24:42 | Computer Name = * | Source = atapi | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden.
 
Error - 13.09.2012 10:24:42 | Computer Name = * | Source = atapi | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden.
 
Error - 13.09.2012 14:28:39 | Computer Name = * | Source = ipnathlp | ID = 31004
Description =
 
Error - 14.09.2012 03:38:49 | Computer Name = * | Source = Service Control Manager | ID = 7030
Description = Der Dienst "UI Assistant Service" ist als interaktiver Dienst gekennzeichnet.
 Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich
 sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
 
Error - 14.09.2012 03:41:14 | Computer Name = Lappy | Source = ipnathlp | ID = 31004
Description =
 
 
< End of report >
--- --- ---

schrauber 16.09.2012 07:33
Hi,

Sorry für die Verspätung. Brauchst Du immer noch Hilfe?

osterhase081 16.09.2012 08:13
morgen,

macht doch nichts, ich vermute mal ich bin nicht der Einzige mit nem Wehwehchen :lach:

ja brauche noch Hilfe, ich habe mal bei adwcleaner auf Löschen geklickt, aber das brachte keine Besserung. Bei mir ist konkret das Problem, dass im Firefox die Startseite bei neuen Tabs immer wieder auf incredibar umgestellt wird.

Ich hoffe es gibt Rettung für mich :lach:

schrauber 16.09.2012 08:27
Ok :)

Bitte poste ein neues OTL logfile, dann kümmern wir uns darum :)

osterhase081 16.09.2012 09:16
vielen lieben Dank :) Hier kommen die guten Stücke:

OTL Logfile:
Code:
OTL logfile created on: 16.09.2012 09:49:03 - Run 1
OTL by OldTimer - Version 3.2.55.0    Folder = C:\Users\*\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 1,74 Gb Available Physical Memory | 43,46% Memory free
7,99 Gb Paging File | 5,59 Gb Available in Paging File | 69,98% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 95,92 Gb Total Space | 21,66 Gb Free Space | 22,58% Space Free | Partition Type: NTFS
Drive D: | 202,07 Gb Total Space | 76,61 Gb Free Space | 37,91% Space Free | Partition Type: NTFS
 
Computer Name: * | User Name: * | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 60 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\*\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe (Adobe Systems, Inc.)
PRC - d:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - D:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - D:\Program Files (x86)\Avira\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - D:\Program Files (x86)\Avira\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - D:\Program Files (x86)\Avira\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - D:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
PRC - C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
PRC - C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - d:\Program Files (x86)\1&1 Surf-Stick\UIMain.exe ()
PRC - D:\Program Files (x86)\1&1 Surf-Stick\CMUpdater.exe ()
PRC - d:\Program Files (x86)\1&1 Surf-Stick\AssistantServices.exe ()
PRC - d:\Program Files (x86)\1&1 Surf-Stick\UIExec.exe ()
PRC - C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG)
PRC - D:\Program Files (x86)\Nuance\PDF Professional 7\PdfPro7Hook.exe (Nuance Communications, Inc.)
PRC - D:\Program Files\Folding@Home\FahCore_a4.exe ()
PRC - D:\Program Files (x86)\HD Tune Pro\HDTunePro.exe (EFD Software)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe (Acresso Corporation)
PRC - D:\Program Files\Folding@Home\Folding@home-Win32-x86.exe ()
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll ()
MOD - D:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - d:\Program Files (x86)\1&1 Surf-Stick\UIMain.exe ()
MOD - d:\Program Files (x86)\1&1 Surf-Stick\UIPlugin\UISetting.dll ()
MOD - d:\Program Files (x86)\1&1 Surf-Stick\UIPlugin\UISms.dll ()
MOD - D:\Program Files (x86)\1&1 Surf-Stick\CMUpdater.exe ()
MOD - d:\Program Files (x86)\1&1 Surf-Stick\UIPlugin\UIPhoneBook.dll ()
MOD - d:\Program Files (x86)\1&1 Surf-Stick\UIPlugin\UIConnectRecord.dll ()
MOD - d:\Program Files (x86)\1&1 Surf-Stick\UIPlugin\UIMms.dll ()
MOD - d:\Program Files (x86)\1&1 Surf-Stick\UISkin.dll ()
MOD - d:\Program Files (x86)\1&1 Surf-Stick\UIPlugin\UIUssd.dll ()
MOD - d:\Program Files (x86)\1&1 Surf-Stick\UIPlugin\UIStk.dll ()
MOD - d:\Program Files (x86)\1&1 Surf-Stick\Component\BIDataBase.dll ()
MOD - d:\Program Files (x86)\1&1 Surf-Stick\Component\BISetting.dll ()
MOD - d:\Program Files (x86)\1&1 Surf-Stick\UICommonDlg.dll ()
MOD - d:\Program Files (x86)\1&1 Surf-Stick\Component\BKService.dll ()
MOD - d:\Program Files (x86)\1&1 Surf-Stick\Component\BIConfig.dll ()
MOD - d:\Program Files (x86)\1&1 Surf-Stick\Component\BISms.dll ()
MOD - d:\Program Files (x86)\1&1 Surf-Stick\Component\BICodec.dll ()
MOD - d:\Program Files (x86)\1&1 Surf-Stick\Component\BIXml.dll ()
MOD - d:\Program Files (x86)\1&1 Surf-Stick\Component\BIPhoneBook.dll ()
MOD - d:\Program Files (x86)\1&1 Surf-Stick\Component\BIOptimizationClient.dll ()
MOD - d:\Program Files (x86)\1&1 Surf-Stick\Component\BIRas.dll ()
MOD - d:\Program Files (x86)\1&1 Surf-Stick\UIExec.exe ()
MOD - d:\Program Files (x86)\1&1 Surf-Stick\Component\BIService.dll ()
MOD - d:\Program Files (x86)\1&1 Surf-Stick\Component\BIDevManager.dll ()
MOD - d:\Program Files (x86)\1&1 Surf-Stick\Component\BILog.dll ()
MOD - d:\Program Files (x86)\1&1 Surf-Stick\Component\BIConnectRecord.dll ()
MOD - d:\Program Files (x86)\1&1 Surf-Stick\Component\BIVoice.dll ()
MOD - d:\Program Files (x86)\1&1 Surf-Stick\Component\BIStk.dll ()
MOD - d:\Program Files (x86)\1&1 Surf-Stick\Component\BIUssd.dll ()
MOD - d:\Program Files (x86)\1&1 Surf-Stick\Component\SysService.dll ()
MOD - d:\Program Files (x86)\1&1 Surf-Stick\Component\BICallRecord.dll ()
MOD - D:\Program Files (x86)\1&1 Surf-Stick\UpdateAgent.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf ()
MOD - C:\Windows\SysWOW64\msjetoledb40.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (AMD FUEL Service) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MBAMService) -- d:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- d:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (Hamachi2Svc) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
SRV - (AntiVirService) -- D:\Program Files (x86)\Avira\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirSchedulerService) -- D:\Program Files (x86)\Avira\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (TeamViewer7) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (Sony PC Companion) -- C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe (Avanquest Software)
SRV - (UI Assistant Service) -- d:\Program Files (x86)\1&1 Surf-Stick\AssistantServices.exe ()
SRV - (NAUpdate) -- C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG)
SRV - (OODefragAgent) -- D:\Program Files\OO Software\Defrag\oodag.exe (O&O Software GmbH)
SRV - (Microsoft SharePoint Workspace Audit Service) -- D:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE (Microsoft Corporation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV - (Virtual Router) -- C:\Program Files (x86)\Virtual Router\VirtualRouterService.exe (Chris Pietschmann (hxxp://pietschsoft.com))
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (Folding@home-CPU-[1]) -- D:\Program Files\Folding@Home\Folding@home-Win32-x86.exe ()
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (ggsemc) -- C:\Windows\SysNative\drivers\ggsemc.sys (Sony Ericsson Mobile Communications)
DRV:64bit: - (ggflt) -- C:\Windows\SysNative\drivers\ggflt.sys (Sony Ericsson Mobile Communications)
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices)
DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys (Duplex Secure Ltd.)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH)
DRV:64bit: - (Netaapl) -- C:\Windows\SysNative\drivers\netaapl64.sys (Apple Inc.)
DRV:64bit: - (ZTEusbser6k) -- C:\Windows\SysNative\drivers\ZTEusbser6k.sys (ZTE Incorporated)
DRV:64bit: - (ZTEusbnmea) -- C:\Windows\SysNative\drivers\ZTEusbnmea.sys (ZTE Incorporated)
DRV:64bit: - (ZTEusbmdm6k) -- C:\Windows\SysNative\drivers\ZTEusbmdm6k.sys (ZTE Incorporated)
DRV:64bit: - (massfilter) -- C:\Windows\SysNative\drivers\massfilter.sys (MBB Incorporated)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (tsusbhub) -- C:\Windows\SysNative\drivers\tsusbhub.sys (Microsoft Corporation)
DRV:64bit: - (Synth3dVsc) -- C:\Windows\SysNative\drivers\Synth3dVsc.sys (Microsoft Corporation)
DRV:64bit: - (dmvsc) -- C:\Windows\SysNative\drivers\dmvsc.sys (Microsoft Corporation)
DRV:64bit: - (terminpt) -- C:\Windows\SysNative\drivers\terminpt.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (ivusb) -- C:\Windows\SysNative\drivers\ivusb.sys (Initio Corporation)
DRV:64bit: - (amdiox64) -- C:\Windows\SysNative\drivers\amdiox64.sys (Advanced Micro Devices)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (L1C) -- C:\Windows\SysNative\drivers\L1C62x64.sys (Atheros Communications, Inc.)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (hamachi) -- C:\Windows\SysNative\drivers\hamachi.sys (LogMeIn, Inc.)
DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ATK64AMD.sys ()
DRV - (AODDriver4.1) -- C:\Programme\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys (Advanced Micro Devices)
DRV - (AODDriver4.01) -- C:\Programme\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys (Advanced Micro Devices)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
 
IE - HKU\S-1-5-21-2108739104-3107430099-1915606239-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://yahoo.de/
IE - HKU\S-1-5-21-2108739104-3107430099-1915606239-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-2108739104-3107430099-1915606239-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-2108739104-3107430099-1915606239-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 65 78 07 DD CA 4E CC 01  [binary data]
IE - HKU\S-1-5-21-2108739104-3107430099-1915606239-1000\..\URLSearchHook:  - No CLSID value found
IE - HKU\S-1-5-21-2108739104-3107430099-1915606239-1000\..\URLSearchHook: {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - No CLSID value found
IE - HKU\S-1-5-21-2108739104-3107430099-1915606239-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-2108739104-3107430099-1915606239-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-2108739104-3107430099-1915606239-1000\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKU\S-1-5-21-2108739104-3107430099-1915606239-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "hxxp://de.yahoo.com/"
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_265.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: D:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: D:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: D:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@playstation.com/PsndlCheck,version=1.00: C:\Program Files (x86)\Sony\PLAYSTATION Network Downloader\nppsndl.dll (Sony Computer Entertainment Inc.)
FF - HKLM\Software\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0: C:\Program Files (x86)\Sony\Media Go\npmediago.dll (Sony Network Entertainment International LLC)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: D:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: d:\Program Files (x86)\Mozilla Firefox\components [2012.09.12 11:29:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: d:\Program Files (x86)\Mozilla Firefox\plugins [2012.07.11 17:58:31 | 000,000,000 | ---D | M]
 
[2012.07.24 16:02:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*\AppData\Roaming\mozilla\Extensions
[2012.09.14 15:09:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*\AppData\Roaming\mozilla\Firefox\Profiles\8vo2kksq.default\extensions
[2012.08.16 06:55:03 | 000,000,000 | ---D | M] (Flagfox) -- C:\Users\*\AppData\Roaming\mozilla\Firefox\Profiles\8vo2kksq.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
[2012.05.21 15:45:57 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\*\AppData\Roaming\mozilla\Firefox\Profiles\8vo2kksq.default\extensions\ich@maltegoetz.de
[2012.09.14 15:09:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*\AppData\Roaming\mozilla\Firefox\Profiles\8vo2kksq.default\extensions\staged
[2012.08.01 07:12:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*\AppData\Roaming\mozilla\Firefox\Profiles\sk0l8w1k.default\extensions
[2012.08.01 07:12:08 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\*\AppData\Roaming\mozilla\Firefox\Profiles\sk0l8w1k.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.08.27 08:31:23 | 000,270,021 | ---- | M] () (No name found) -- C:\USERS\*\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8VO2KKSQ.DEFAULT\EXTENSIONS\{E4A8A97B-F2ED-450B-B12D-EE082BA24781}.XPI
[2012.08.22 13:54:18 | 000,000,000 | ---D | M] (PDF Converter 7.1) -- D:\PROGRAM FILES (X86)\NUANCE\PDF PROFESSIONAL 7\FIREFOX
 
O1 HOSTS File: ([2012.01.15 20:00:20 | 000,000,878 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (SteadyVideoBHO Class) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Programme\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (SteadyVideoBHO Class) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - D:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (ZeonIEEventHelper Class) - {DA986D7D-CCAF-47B2-84FE-BFA1549BEBF9} - D:\Program Files (x86)\Nuance\PDF Professional 7\bin\ZeonIEFavClient.dll (Zeon Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (Nuance PDF) - {E3286BF1-E654-42FF-B4A6-5E111731DF6B} - D:\Program Files (x86)\Nuance\PDF Professional 7\bin\ZeonIEFavClient.dll (Zeon Corporation)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O4:64bit: - HKLM..\Run: [OODefragTray] D:\Program Files\OO Software\Defrag\oodtray.exe (O&O Software GmbH)
O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] D:\Program Files (x86)\Avira\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [BCSSync] D:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [FILSHtray] d:\Program Files (x86)\FILSHtray\FILSHtray.exe (FILSH Media GmbH)
O4 - HKLM..\Run: [HD Tune Pro] D:\Program Files (x86)\HD Tune Pro\HDTunePro.exe (EFD Software)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [PDF7 Registry Controller] D:\Program Files (x86)\Nuance\PDF Professional 7\RegistryController.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PDFProHook] D:\Program Files (x86)\Nuance\PDF Professional 7\PdfPro7Hook.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [UIExec] d:\Program Files (x86)\1&1 Surf-Stick\UIExec.exe ()
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2108739104-3107430099-1915606239-1000..\Run: [DAEMON Tools Lite] D:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-2108739104-3107430099-1915606239-1000..\Run: [ICQ] d:\Program Files (x86)\ICQ7.6\ICQ.exe (ICQ, LLC.)
O4 - HKU\S-1-5-21-2108739104-3107430099-1915606239-1000..\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe (Acresso Corporation)
O4 - HKU\S-1-5-21-2108739104-3107430099-1915606239-1000..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] d:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: An OneNote s&enden - D:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\*\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - D:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8:64bit: - Extra context menu item: Open with Nuance PDF Converter 7 - D:\Program Files (x86)\Nuance\PDF Professional 7\cnvres_eng.dll (Nuance Communications, Inc.)
O8 - Extra context menu item: An OneNote s&enden - D:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\*\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - D:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Open with Nuance PDF Converter 7 - D:\Program Files (x86)\Nuance\PDF Professional 7\cnvres_eng.dll (Nuance Communications, Inc.)
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - d:\Program Files (x86)\ICQ7.6\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - d:\Program Files (x86)\ICQ7.6\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - D:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - D:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{24764378-0C4A-436A-AC70-FD84A931BC07}: NameServer = 139.7.30.126 139.7.30.125
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7F90062A-0C59-4146-8AE6-8C198C4CD8FD}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{ACCD6DDD-3DB9-4E91-A51C-2421A157DEDF}: DhcpNameServer = 212.23.115.132 212.23.115.148
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O18:64bit: - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Programme\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18:64bit: - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Programme\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18 - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18 - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - D:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{1ce14d40-bb9a-11e0-9cea-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{1ce14d40-bb9a-11e0-9cea-806e6f6e6963}\Shell\AutoRun\command - "" = F:\aoesetup.exe /autorun
O33 - MountPoints2\{1ce14d40-bb9a-11e0-9cea-806e6f6e6963}\Shell\directx\command - "" = F:\DirectX\dxsetup.exe
O33 - MountPoints2\{1ce14d40-bb9a-11e0-9cea-806e6f6e6963}\Shell\dplay\command - "" = F:\DirectX\dplay61a.exe
O33 - MountPoints2\{1ce14d40-bb9a-11e0-9cea-806e6f6e6963}\Shell\dxdiag\command - "" = F:\goodies\ar40deu.exe
O33 - MountPoints2\{1ce14d40-bb9a-11e0-9cea-806e6f6e6963}\Shell\dxinfo\command - "" = F:\goodies\DirectX\dxinfo.exe
O33 - MountPoints2\{1ce14d40-bb9a-11e0-9cea-806e6f6e6963}\Shell\dxtest\command - "" = F:\DirectX\dxdiag.exe
O33 - MountPoints2\{1ce14d40-bb9a-11e0-9cea-806e6f6e6963}\Shell\dxtool\command - "" = F:\goodies\DirectX\dxtool.exe
O33 - MountPoints2\{1ce14d40-bb9a-11e0-9cea-806e6f6e6963}\Shell\log\command - "" = F:\goodies\machine\machine.exe -l
O33 - MountPoints2\{1ce14d40-bb9a-11e0-9cea-806e6f6e6963}\Shell\machine\command - "" = F:\goodies\machine\machine.exe
O33 - MountPoints2\{1ce14d40-bb9a-11e0-9cea-806e6f6e6963}\Shell\setup\command - "" = F:\aoesetup.exe /autorun
O33 - MountPoints2\{1ce14d40-bb9a-11e0-9cea-806e6f6e6963}\Shell\zone\command - "" = F:\goodies\mszone\zonea600.exe
O33 - MountPoints2\{23223ebe-860c-11e1-bbb9-485b399c3e6e}\Shell - "" = AutoRun
O33 - MountPoints2\{23223ebe-860c-11e1-bbb9-485b399c3e6e}\Shell\AutoRun\command - "" = G:\Startme.exe
O33 - MountPoints2\{28bace54-babc-11e0-a37d-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{28bace54-babc-11e0-a37d-806e6f6e6963}\Shell\AutoRun\command - "" = E:\autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (6)\*)
O34 - HKLM BootExecute: (O\*)
O34 - HKLM BootExecute: (OOD)
O34 - HKLM BootExecute: (OODBS)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 60 Days ==========
 
[2012.09.14 13:17:17 | 000,597,504 | ---- | C] (OldTimer Tools) -- C:\Users\*\Desktop\OTL.exe
[2012.09.14 10:13:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012.09.14 10:12:55 | 002,322,184 | ---- | C] (ESET) -- C:\Users\*\Desktop\esetsmartinstaller_enu.exe
[2012.09.14 09:38:40 | 000,123,520 | ---- | C] (ZTE Incorporated) -- C:\Windows\SysNative\drivers\ZTEusbser6k.sys
[2012.09.14 09:38:40 | 000,123,520 | ---- | C] (ZTE Incorporated) -- C:\Windows\SysNative\drivers\ZTEusbnmea.sys
[2012.09.14 09:38:40 | 000,123,520 | ---- | C] (ZTE Incorporated) -- C:\Windows\SysNative\drivers\ZTEusbmdm6k.sys
[2012.09.14 09:38:40 | 000,011,776 | ---- | C] (MBB Incorporated) -- C:\Windows\SysNative\drivers\massfilter.sys
[2012.09.14 09:38:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\1&1 Surf-Stick
[2012.09.13 15:52:08 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Roaming\Malwarebytes
[2012.09.13 15:51:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.09.13 15:51:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.09.13 15:51:16 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.09.13 15:49:09 | 010,524,080 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\*\Desktop\malware (3).exe
[2012.09.13 15:04:45 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{BA1FD8C4-17B0-4503-9F27-634B0EFE0A52}
[2012.09.12 11:29:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2012.09.12 11:29:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012.09.12 11:26:29 | 017,653,976 | ---- | C] (Mozilla) -- C:\Users\*\Desktop\malware (1).exe
[2012.09.12 08:47:26 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{E9EDE448-3830-436F-B1C6-E602769228A9}
[2012.09.12 02:01:44 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\RNDISMP.sys
[2012.09.12 02:01:43 | 000,574,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll
[2012.09.12 02:01:41 | 000,376,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\netio.sys
[2012.09.12 02:01:41 | 000,288,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS
[2012.09.08 13:15:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Virtual Router
[2012.09.08 13:15:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Virtual Router
[2012.08.28 21:10:38 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\Chris_Pietschmann_(http__
[2012.08.28 21:08:41 | 000,000,000 | ---D | C] -- C:\UserData
[2012.08.28 20:47:03 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\SupportAppCB
[2012.08.27 08:46:17 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Roaming\Zeon
[2012.08.26 16:05:59 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Roaming\FLEXnet
[2012.08.22 13:54:58 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Roaming\Nuance
[2012.08.22 13:54:52 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2012.08.22 13:54:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Nuance
[2012.08.22 13:54:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nuance PDF Converter Professional 7
[2012.08.22 13:54:22 | 000,000,000 | ---D | C] -- C:\Windows\PIXTRAN
[2012.08.22 13:53:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ScanSoft Shared
[2012.08.22 13:53:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Zeon
[2012.08.22 13:53:29 | 000,000,000 | ---D | C] -- C:\ProgramData\FLEXnet
[2012.08.16 06:54:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite
[2012.08.16 06:53:30 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{463A350C-1AC3-4D0C-B327-87FCBAC00764}
[2012.08.16 06:53:12 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{5A722665-B236-4EC4-8411-393767937BAA}
[2012.08.15 10:17:39 | 000,751,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll
[2012.08.15 10:17:39 | 000,492,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll
[2012.08.15 10:17:39 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\splwow64.exe
[2012.08.15 10:17:33 | 000,503,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\srcore.dll
[2012.08.15 10:17:30 | 000,911,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012.08.15 10:17:29 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012.08.15 10:17:29 | 000,609,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2012.08.15 10:17:27 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netapi32.dll
[2012.08.15 10:17:27 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\browcli.dll
[2012.08.15 10:17:27 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\browcli.dll
[2012.08.15 10:17:13 | 000,735,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012.08.15 10:17:13 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012.08.15 10:17:13 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012.08.15 10:17:13 | 000,134,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012.08.15 10:17:13 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012.08.15 10:17:13 | 000,097,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012.08.15 10:17:13 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012.08.15 10:16:50 | 000,956,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\localspl.dll
[2012.08.14 09:17:47 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{3FECEA40-17D1-4B9A-8152-C2612C40CF75}
[2012.08.14 09:17:14 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{79D0E910-6A90-4CCD-9FCD-67D13AF3B8EB}
[2012.08.12 07:38:44 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{DB5C4CB0-A938-415E-A4A3-7C5D065675D6}
[2012.08.11 19:37:56 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{1D0B88CF-2B7B-4B24-9C3C-DC67265A890D}
[2012.08.11 19:37:21 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{FB8DE1CE-92D2-4DD5-A855-5E66ABDD6CA9}
[2012.08.04 10:10:12 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{E87E9169-9EDE-4DC6-8CCC-CC2D8277F5BB}
[2012.08.03 22:09:26 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{F9353D21-C635-43D7-BA10-4ED51AE80AAF}
[2012.08.03 10:08:41 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{AF06A3C4-F55C-4F7E-A40A-35057035A76B}
[2012.08.02 22:07:52 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{B6C7207D-8B92-4901-8456-E232835A4911}
[2012.08.02 10:07:04 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{93E5EF85-06A7-4FF7-BA79-360671AF956A}
[2012.08.01 07:13:06 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Roaming\TuneUp Software
[2012.08.01 07:12:55 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software
[2012.08.01 07:12:44 | 000,000,000 | -HSD | C] -- C:\ProgramData\{32364CEA-7855-4A3C-B674-53D8E9B97936}
[2012.08.01 07:12:44 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2012.08.01 07:11:38 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Roaming\DVDVideoSoft
[2012.07.31 21:16:50 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{F68C03EF-C01D-4B56-932E-A6F7BDB6AC0F}
[2012.07.31 21:16:16 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{FBB03146-993C-4042-A546-0ABBC75F7D1D}
[2012.07.31 21:07:53 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2012.07.29 17:30:15 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\Macromedia
[2012.07.29 17:29:36 | 000,696,520 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012.07.29 17:28:20 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{8128FB8D-D4D9-4138-9FCF-456F939A63D9}
[2012.07.29 17:27:45 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{6EDB73E5-39A2-4EDE-B8BD-4B0110D6D715}
[2012.07.29 15:33:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012.07.29 15:33:31 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012.07.29 15:33:30 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012.07.28 12:59:27 | 000,000,000 | ---D | C] -- C:\Users\*\Desktop\ Spiele
[18 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[12 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
 
========== Files - Modified Within 60 Days ==========
 
[2012.09.16 09:47:27 | 002,417,808 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.09.16 09:47:27 | 001,174,110 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.09.16 09:47:27 | 000,700,274 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.09.16 09:47:27 | 000,618,572 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.09.16 09:47:27 | 000,006,264 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.09.16 09:44:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.09.14 13:17:24 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\*\Desktop\OTL.exe
[2012.09.14 10:12:57 | 002,322,184 | ---- | M] (ESET) -- C:\Users\*\Desktop\esetsmartinstaller_enu.exe
[2012.09.14 09:38:35 | 000,000,707 | ---- | M] () -- C:\Users\Public\Desktop\1&1 Surf-Stick.lnk
[2012.09.13 15:51:17 | 000,000,790 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.09.13 15:50:44 | 010,524,080 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\*\Desktop\malware (3).exe
[2012.09.13 15:10:33 | 000,021,072 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.09.13 15:10:33 | 000,021,072 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.09.13 15:03:13 | 000,000,432 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.ics
[2012.09.13 15:02:32 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.09.13 15:02:29 | 3219,513,344 | -HS- | M] () -- C:\hiberfil.sys
[2012.09.13 15:02:28 | 000,084,165 | ---- | M] () -- C:\Windows\SysNative\oodbs.lor
[2012.09.13 14:59:31 | 000,512,399 | ---- | M] () -- C:\Users\*\Desktop\adwcleaner.exe
[2012.09.13 11:24:14 | 009,081,315 | ---- | M] () -- C:\Users\*\Desktop\malware (1).mp3
[2012.09.12 11:26:56 | 017,653,976 | ---- | M] (Mozilla) -- C:\Users\*\Desktop\malware (1).exe
[2012.09.12 11:10:38 | 000,696,520 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012.09.12 11:10:38 | 000,073,416 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012.09.08 13:15:45 | 000,002,619 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Virtual Router Manager.lnk
[2012.09.07 17:04:46 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.08.28 20:51:01 | 001,059,840 | ---- | M] () -- C:\Users\*\Desktop\virtualrouter.msi
[2012.08.22 20:12:40 | 000,376,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\netio.sys
[2012.08.22 20:12:33 | 000,288,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS
[2012.08.22 13:54:24 | 000,000,838 | ---- | M] () -- C:\Users\Public\Desktop\PDF Converter Professional.lnk
[2012.08.16 06:54:18 | 000,000,857 | ---- | M] () -- C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
[2012.08.16 03:22:06 | 000,416,408 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.08.13 11:34:14 | 000,036,862 | ---- | M] () -- C:\Users\*\Desktop\tumblr_m5zv21VF6H1r12333.jpg
[2012.08.02 19:58:52 | 000,574,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll
[2012.08.01 07:12:42 | 000,000,009 | ---- | M] () -- C:\END
[2012.07.29 15:33:46 | 000,001,572 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012.07.28 13:12:20 | 003,910,192 | ---- | M] () -- C:\Users\*\Desktop\des 0.9.7.zip
[18 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[12 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.09.14 09:38:27 | 000,000,707 | ---- | C] () -- C:\Users\Public\Desktop\1&1 Surf-Stick.lnk
[2012.09.13 15:51:17 | 000,000,790 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.09.13 14:59:22 | 000,512,399 | ---- | C] () -- C:\Users\*\Desktop\adwcleaner.exe
[2012.09.13 11:22:28 | 009,081,315 | ---- | C] () -- C:\Users\*\Desktop\malware (1).mp3
[2012.09.12 11:29:23 | 000,000,799 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012.09.08 13:15:45 | 000,002,619 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Virtual Router Manager.lnk
[2012.09.03 19:42:50 | 000,095,872 | ---- | C] () -- C:\Users\*\Desktop\schneller Kotzer.3gp
[2012.08.28 21:08:41 | 000,000,557 | ---- | C] () -- C:\NetworkCfg.xml
[2012.08.28 20:50:48 | 001,059,840 | ---- | C] () -- C:\Users\*\Desktop\virtualrouter.msi
[2012.08.26 11:16:13 | 000,096,625 | ---- | C] () -- C:\Users\*\Desktop\Harter Stoff.3gp
[2012.08.26 11:16:13 | 000,045,596 | ---- | C] () -- C:\Users\*\Desktop\Fast gekotzt.3gp
[2012.08.22 13:54:24 | 000,000,838 | ---- | C] () -- C:\Users\Public\Desktop\PDF Converter Professional.lnk
[2012.08.16 06:54:18 | 000,000,857 | ---- | C] () -- C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
[2012.08.13 11:34:13 | 000,036,862 | ---- | C] () -- C:\Users\*\Desktop\tumblr_m5zv21VF6H1r12333.jpg
[2012.08.01 07:12:41 | 000,000,009 | ---- | C] () -- C:\END
[2012.07.29 17:29:45 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.07.29 15:33:46 | 000,001,572 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012.07.28 13:12:20 | 003,910,192 | ---- | C] () -- C:\Users\*\Desktop\des 0.9.7.zip
[2012.05.10 16:35:16 | 000,029,184 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2012.05.01 11:59:36 | 000,040,960 | R--- | C] () -- C:\Windows\IGLobbyReg.exe
[2012.04.22 11:44:54 | 001,604,982 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.02.15 04:36:36 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012.02.15 04:36:36 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2011.10.25 22:21:34 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\OVDecoder.dll
[2011.09.13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011.09.09 00:00:58 | 000,001,745 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBPowerAMP Mp2 and BwfMp2 codec.dat
[2011.09.09 00:00:49 | 000,001,241 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp Dalet Codec.dat
[2011.09.09 00:00:40 | 000,003,024 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp FLAC Codec.dat
[2011.09.09 00:00:23 | 000,003,297 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp m4a Codec.dat
[2011.09.09 00:00:08 | 000,003,149 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp Monkeys Audio Codec.dat
[2011.09.08 23:59:51 | 000,003,009 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp Ogg Vorbis Codec.dat
[2011.09.08 23:59:35 | 000,003,018 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp WavPack Codec.dat
[2011.09.08 23:59:17 | 000,003,190 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp Windows Media Audio 10 Codec.dat
[2011.09.08 23:56:01 | 000,011,412 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBPowerAMP Real Audio (Helix) Encoder.dat
[2011.09.08 23:55:09 | 000,013,082 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp DSP Effects.dat
[2011.09.08 23:55:04 | 000,513,200 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall.exe
[2011.09.08 23:55:04 | 000,018,038 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp Music Converter.dat
[2011.07.31 19:38:07 | 000,000,977 | ---- | C] () -- C:\Windows\eReg.dat
[2011.07.31 18:11:22 | 000,015,873 | ---- | C] () -- C:\Windows\SysWow64\Inetde.dll
[2011.07.30 17:24:37 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
 
========== LOP Check ==========
 
[2012.05.19 14:51:01 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\ASCON Installer
[2012.07.29 21:18:05 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\BOM
[2012.08.16 06:54:30 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\DAEMON Tools Lite
[2012.08.02 13:13:06 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\DVDVideoSoft
[2011.08.30 18:15:51 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\HD Tune Pro
[2012.09.06 10:42:42 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\ICQ
[2012.08.27 11:06:54 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Nuance
[2011.11.06 22:21:17 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\redsn0w
[2012.05.13 21:54:03 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Sony
[2011.08.28 17:15:10 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\TeamViewer
[2011.09.17 10:27:41 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Thinstall
[2011.07.31 21:56:50 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\TS3Client
[2012.08.01 07:13:06 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\TuneUp Software
[2012.08.27 08:46:17 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Zeon
[2009.07.14 07:08:49 | 000,021,546 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >
--- --- ---


OTL Logfile:
Code:
OTL Extras logfile created on: 16.09.2012 09:49:03 - Run 1
OTL by OldTimer - Version 3.2.55.0    Folder = C:\Users\*\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 1,74 Gb Available Physical Memory | 43,46% Memory free
7,99 Gb Paging File | 5,59 Gb Available in Paging File | 69,98% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 95,92 Gb Total Space | 21,66 Gb Free Space | 22,58% Space Free | Partition Type: NTFS
Drive D: | 202,07 Gb Total Space | 76,61 Gb Free Space | 37,91% Space Free | Partition Type: NTFS
 
Computer Name: * | User Name: * | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 60 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-2108739104-3107430099-1915606239-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- d:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "D:\Program Files (x86)\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "D:\Program Files (x86)\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "D:\Program Files (x86)\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "D:\Program Files (x86)\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0EDA83B0-27FA-432D-BC55-A5E3F6624E89}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{11C2953C-8A09-4752-ABC3-DFF2F67AC620}" = rport=137 | protocol=17 | dir=out | app=system |
"{142BD99D-EEA4-488D-B1EF-993DE5037FBA}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{1AB28611-F8C8-43B1-8BC5-AEEA4B48D81F}" = rport=138 | protocol=17 | dir=out | app=system |
"{1E8F0BD9-8BFD-42CC-80F1-8B7A425A5A03}" = lport=139 | protocol=6 | dir=in | app=system |
"{21B7DB3B-1294-4962-94B5-DBB035B98F10}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{2E83DBF8-7AAA-43C2-A5E1-385953B3DE6E}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{32B8D5C5-B0E6-40FF-9615-55BD4FBC4A95}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{39F90102-78D5-4CA3-A9E8-D5637089880B}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{592D1880-9092-46E6-9D55-FD8768BD5E2D}" = lport=137 | protocol=17 | dir=in | app=system |
"{63E37F15-8F55-4C7F-917B-83DD52396C0D}" = lport=2869 | protocol=6 | dir=in | app=system |
"{641B1646-02C8-4B4A-8404-C8F0E7A6E1C1}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{77A4B856-3874-40F0-B0F9-77C4E608B4A3}" = lport=445 | protocol=6 | dir=in | app=system |
"{78F1B588-6447-468B-8C4F-2A1F367AE9BF}" = lport=6004 | protocol=17 | dir=in | app=d:\program files (x86)\microsoft office\office14\outlook.exe |
"{7CCE254C-C526-4D09-815A-28C219BD2190}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{839F8424-C177-458D-AE0C-7F8E48CC02E3}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{85D535D4-552A-42C1-A80B-DF825F4526DD}" = lport=10243 | protocol=6 | dir=in | app=system |
"{9402DE2B-AF9A-410B-85AB-58798DD82F31}" = rport=445 | protocol=6 | dir=out | app=system |
"{AD7C0946-47EC-4CB8-8837-DDD8C3D458EB}" = rport=2869 | protocol=6 | dir=out | app=system |
"{AF0E0674-CB7D-4DB1-98D6-5B886DD506E5}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B7A388F0-64B0-4321-B5EE-C4D903B25C82}" = lport=2869 | protocol=6 | dir=in | app=system |
"{BB6AAB5D-39B0-4887-9EE6-27C6E018CE52}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{BB9A8162-5BBB-4267-81A3-CF0F66887C1E}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{C61E4086-4B74-4955-9AE1-497BAC9A3479}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{DA565AB0-7B60-4562-8516-594349DE98D4}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{DF8F2213-AEDD-4676-B365-BAC7A8DCA73A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E11849E7-1823-4612-98CC-BAB229565FE6}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{E6629363-C61B-4193-9F5F-089A676FA7A3}" = rport=10243 | protocol=6 | dir=out | app=system |
"{F28DB96F-3DFC-4588-91EF-688B98A48BB4}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F627736A-9C07-4E74-B7A4-B933102C72CC}" = rport=139 | protocol=6 | dir=out | app=system |
"{FA2BE645-E9CB-404D-947C-216FDD55352D}" = lport=138 | protocol=17 | dir=in | app=system |
"{FFF1CF93-F39A-4493-8FE4-205057936DC4}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00335AD6-9D52-422F-BB4A-4EDACA2EBD94}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{01C67AC3-DA4A-427A-AA33-63691E6B2A21}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{0283E26D-0198-43BB-ADF7-3D2824DAB2AB}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{04BE022C-00E8-4917-B65B-0FDE163AEEAC}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{06414655-B036-4C2C-89AF-ED94410E8128}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{093B7FDE-52ED-4F8E-A47D-64433859B5A0}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{16A3165C-21B9-415C-8BB1-58A8FE9D7CC7}" = protocol=17 | dir=in | app=c:\program files (x86)\easy downloads\easydownloads.exe |
"{279F2BE1-C74D-4258-BB01-C2CC18D93E69}" = protocol=17 | dir=in | app=d:\program files (x86)\icq7.6\icq.exe |
"{2AE1BFEE-E110-4F50-BCF3-4DDB6E90E3CE}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{34FC590E-6696-46C0-A88C-69154452F74E}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe |
"{36FC5ED4-EC32-4A9A-88AB-23C13B75249C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{37CD80CF-639D-4A94-98A2-CC327BD7DA89}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 |
"{3A7EC22D-4AF7-4FB1-BB80-6187FD3C61C7}" = protocol=6 | dir=in | app=c:\program files (x86)\easy downloads\easydownloads.exe |
"{51A1807D-81C2-49E1-8C2D-EFEB5A171A3A}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{5AD1A7F5-9E7D-4C66-86C3-60D0930C5C14}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{5D67BD0C-7324-4CD0-8E79-89FE4855E038}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{6178BA41-7D8D-4D7E-ADA6-090CAA6A1B70}" = protocol=17 | dir=in | app=c:\program files (x86)\easy downloads\easydl.exe |
"{672051A8-4011-48F2-8F4B-290FB7F10CDC}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe |
"{682953B7-AE56-4E25-BF71-1E67E43C65B8}" = protocol=17 | dir=in | app=d:\program files (x86)\ps3 media server\pms.exe |
"{704F7AE3-9138-42E4-8C2C-E120C852B9A2}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{73E0BB44-3A36-46E7-8CCC-56E98EC1370E}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{766008AF-E49C-4DC8-964E-553EBA32C59C}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{787D0C2A-2943-44B6-8194-55B21438E82B}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{79B494BD-05F4-4078-B23E-7F8BB7F3B930}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{7BB14A4F-EDC1-42CC-8F9F-C3B9E9584960}" = protocol=6 | dir=in | app=d:\program files (x86)\ps3 media server\pms.exe |
"{7F875149-9A43-483E-B98F-2645755B1266}" = dir=in | app=d:\program files (x86)\itunes\itunes.exe |
"{896C4C03-8AD8-496E-8DF0-19E403DA1E99}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{8AFB2DAA-E1E9-4E7A-B618-6E828817427F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{8CCD9234-F593-41C2-B1B4-B2B7773D0212}" = protocol=6 | dir=out | app=system |
"{8E0B24AC-A7DD-4E7A-9217-58CA3AA2D1BB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8E214F9F-23CB-4E24-AE02-73C4AEE997C3}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{903A6FAE-1D4A-45A4-92C8-325F579E3FEE}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{90C263B9-6C45-4CDB-B033-7AC002DA29AE}" = protocol=6 | dir=in | app=d:\program files (x86)\microsoft office\office14\groove.exe |
"{9EA99183-507A-4152-AD62-F96F9DDF1DB6}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A01770D8-4147-45AB-9DFD-33857FF2D698}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe |
"{A61CC20E-270F-441F-8486-8376F4E49754}" = protocol=17 | dir=in | app=d:\program files (x86)\microsoft office\office14\onenote.exe |
"{A7CDCAD7-9205-4655-893E-F55B954E0716}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe |
"{AE9544A0-ACB0-4873-A798-EA1B319C96FB}" = protocol=17 | dir=in | app=d:\program files (x86)\icq7.6\icq.exe |
"{B072EF32-2E13-4326-B0C8-FDF8C8382D3A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B34D98D1-FC6B-4441-A622-D6506A4717AC}" = protocol=17 | dir=in | app=d:\program files (x86)\microsoft office\office14\groove.exe |
"{C586B53B-B964-4113-94A2-7C4DF96F9ED8}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{C7BC6012-DFE4-44C3-A488-B8D00331F4DA}" = protocol=17 | dir=in | app=c:\program files (x86)\sony ericsson\update engine\sony ericsson update engine.exe |
"{CC3A49F6-31DE-46DF-B05D-31F78321905B}" = protocol=6 | dir=in | app=d:\program files (x86)\microsoft office\office14\onenote.exe |
"{CF6399B2-620C-45C1-9F36-E376C23F7EF6}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{D11951E6-C703-4FC7-B327-C0C1753B4E3B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{D9F80F44-7349-4EA1-96C5-01D5E954F865}" = protocol=6 | dir=in | app=d:\program files (x86)\icq7.6\icq.exe |
"{EA77DC6E-939A-4BB3-B362-62C3EAEEBB88}" = protocol=6 | dir=in | app=c:\program files (x86)\sony ericsson\update engine\sony ericsson update engine.exe |
"{EE7AAC3A-6060-4B2F-9EDD-2DCCEF3EA97B}" = protocol=6 | dir=in | app=d:\program files (x86)\icq7.6\icq.exe |
"{F96E646B-58AC-42D8-BE93-08924E0A60F7}" = protocol=58 | dir=in | app=system |
"{FAE5915E-A1F0-4FF7-9085-75484590B986}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{FDF3374F-6ED2-42B8-8903-4D16DDE3FBB2}" = protocol=6 | dir=in | app=c:\program files (x86)\easy downloads\easydl.exe |
"{FDFE809D-7953-4A42-A01D-3D243CE0D4D0}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 |
"TCP Query User{36910637-98BE-47F9-BC8A-4410B057F05C}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
"TCP Query User{4240073D-316F-4C7F-9986-9BFA276588E9}D:\program files (x86)\ea games\command & conquer generals zero hour\game.dat" = protocol=6 | dir=in | app=d:\program files (x86)\ea games\command & conquer generals zero hour\game.dat |
"TCP Query User{5C08ED59-AC5B-41CB-AE82-5E7EC50DC078}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"TCP Query User{BCCB8D2C-E2C9-4696-90ED-BC6AD76E0C7D}D:\program files (x86)\microsoft games\age of empires ii\empires2.icd" = protocol=6 | dir=in | app=d:\program files (x86)\microsoft games\age of empires ii\empires2.icd |
"UDP Query User{11E37A08-E842-4D80-A226-795D76C3A086}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
"UDP Query User{17FF11C0-2014-4D2F-87BA-C02C7577A481}D:\program files (x86)\microsoft games\age of empires ii\empires2.icd" = protocol=17 | dir=in | app=d:\program files (x86)\microsoft games\age of empires ii\empires2.icd |
"UDP Query User{3C6FCD97-55B6-4B6D-90EF-25611139CD6C}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"UDP Query User{427D142D-94DB-4C38-B378-D08F73C27ED5}D:\program files (x86)\ea games\command & conquer generals zero hour\game.dat" = protocol=17 | dir=in | app=d:\program files (x86)\ea games\command & conquer generals zero hour\game.dat |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00CE7326-01AA-44C5-A323-45E52C5D4D0D}" = O&O Defrag Professional
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{0CB2E2BC-A312-5821-C5C7-A295A1BEFD08}" = AMD Catalyst Install Manager
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1934BCF7-A63A-4C1F-809D-2B33C8F03B8F}" = O&O PartitionManager Professional
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{21D0374C-C358-0748-CAF9-7CBE65EB6FFF}" = AMD Fuel
"{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1" = Media Player Classic - Home Cinema v1.5.0.2827 x64
"{42A2440F-7A5D-6956-3EF0-815814399EAA}" = AMD Accelerated Video Transcoding
"{4E021D2A-16ED-4FFF-87CB-774F4F62A1A1}" = ccc-utility64
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{572788F2-0AB7-FA0E-6E91-B98044F4B7E6}" = AMD Media Foundation Decoders
"{6A76BEAF-6D1F-4273-A79B-DA8410A2E56B}" = Apple Mobile Device Support
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{840A3BAA-4C68-4581-9C7A-6F8D6CF531B9}" = iTunes
"{8B485965-8EFE-464A-842F-CF8F18C3DFD7}" = iCloud
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{ADED6869-D6D1-671E-9653-3782C21FA809}" = AMD Drag and Drop Transcoding
"{DA2737A4-B639-96F4-1CC2-30D2919EE1FB}" = AMD Steady Video Plug-In
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F84EB50D-0FCA-4E59-B18A-44CFA6BD7687}" = Nuance PDF Converter Professional 7
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"WinRAR archiver" = WinRAR 4.01 (64-Bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01E9B2FF-DAF4-4529-9CC9-2101625517C7}" = nero.prerequisites.msi
"{034DCAF9-96E7-4936-9A07-712F80B5181E}" = Nero RescueAgent 11
"{068724F8-D8BE-4B43-8DDD-B9FE9E49FD76}" = Scansoft PDF Professional
"{06F80017-8F98-4C94-B868-52358569FC32}" = Command & Conquer Generals
"{0844CC2A-512E-4BA1-872B-02887E7A2672}" = FILSHtray
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}" = PlayStation(R)Store
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{11D3EF85-63E1-4AE4-A7C1-9241BDB16B51}" = Nero ControlCenter 11
"{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
"{14DDF23F-414A-46DB-4762-56569080292C}" = CCC Help Russian
"{1A4E47DC-6701-4A85-AA16-C1F99A44598C}" = SpellForce 2 - Shadow Wars
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FCC8C70-66B9-420D-942C-2C2A8441C744}" = Imperial Glory
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{21D6A73A-48E6-2195-C408-2158273A914E}" = Catalyst Control Center Localization All
"{2596DB11-997F-FC5B-F5C2-737623D9D8B6}" = AMD VISION Engine Control Center
"{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java(TM) 7 Update 5
"{28904D9A-13A6-ECA2-48D8-21542759D998}" = CCC Help Polish
"{2C8BBDA6-79A7-B2DE-3E5B-287E7F667C67}" = CCC Help Danish
"{2E119961-E99B-C147-9AC3-A93683172DC1}" = CCC Help Swedish
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{44ED90A1-453B-5C9A-D9ED-80D8AB0258B8}" = CCC Help Thai
"{45E00595-897E-64B6-28F9-5D0927EBA4A5}" = CCC Help Chinese Standard
"{46DE5F4E-BA8B-AC9E-0EED-05B7D93AD215}" = CCC Help Spanish
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{53F7746A-96AA-49A5-86B8-59989680DAC5}" = Nero Burning ROM 11 Help (CHM)
"{5928359F-BF46-4646-BF19-B64E55171EB5}_is1" = FILSHtray Version 0.11
"{5B04E832-4530-B8FF-F742-8BE25ADD43BD}" = CCC Help German
"{5D58EACA-0317-4CFF-9E13-53CCD525DE32}" = Catalyst Control Center InstallProxy
"{5ED93D68-5EAA-9343-9B74-B1E276217264}" = CCC Help Dutch
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6D185295-DE89-9C39-18E6-310C148836EB}" = CCC Help Chinese Traditional
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71A8F958-D272-E262-7C9A-7B8F713EE0C3}" = CCC Help French
"{7513D3F0-55BC-273C-7A53-488394EDBFCC}" = CCC Help Italian
"{7644E42D-B096-457F-8B5B-901238FC81AE}" = ICQ7.6
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79AA9BFA-F962-A1E9-71CE-D0887A92444C}" = CCC Help Portuguese
"{7ACEF1BF-9306-5AD7-5F30-ECE72A81E924}" = CCC Help Finnish
"{7FA1DAFD-AF55-E915-FD92-F269443A2ADF}" = Media Go Video Playback Engine 1.88.110.12050
"{7FB413C8-3CAD-49F7-A67C-6EFEB4B04050}" = LogMeIn Hamachi
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{8927E07C-97F7-4A54-88FB-D976F50DD46E}" = Turbo Lister 2
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DB05F7E-1F7A-4CC0-882F-375B97F04CD4}" = Virtual Router v0.9 Beta
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C1EC871-05B9-03B7-96F6-9BD5C0D8F41D}" = Catalyst Control Center Graphics Previews Common
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{A9E5EDA7-2E6C-49E7-924B-A32B89C24A04}" = 1&1 Surf-Stick
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.1) - Deutsch
"{B1846721-A8E6-46C7-83B6-0DCF7ADB4267}" = Nero Burning ROM 11
"{B6659DD8-00A7-4A24-BBFB-C1F6982E5D66}" = PlayStation(R)Network Downloader
"{BEBEE34D-84A2-4EDD-8BEA-96CC54371263}" = Nero Core Components 11
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C4129D57-5C83-3BF0-A11A-3798C008C6C7}" = CCC Help Greek
"{C82C515A-CAE3-44B3-B5CC-81C5E4A92E8F}" = Nero Prerequisite Installer 1.0
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D01CE99A-8802-483C-A79F-298B691EB432}" = Nero RescueAgent 11 Help (CHM)
"{D0BC4101-6C30-ECFF-F693-63408134F29B}" = CCC Help Czech
"{D2402DAD-B180-A4A0-261D-4A8933BFBFEE}" = CCC Help Japanese
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D4D66270-9147-4BDF-9946-FCA2B303AA8F}" = Nero ControlCenter 11 Help (CHM)
"{DA7E8D81-2B14-415B-8FC5-02CE4CF9F839}" = CCC Help Hungarian
"{DB3FBD3C-A061-34C9-0A2B-6CCDD8C96640}" = CCC Help Turkish
"{DBF1AE39-DA30-4B89-A7EB-3BDA675C5D9E}" = Media Go
"{E086E914-2928-48F9-364B-0C715DFF6A45}" = CCC Help Korean
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E656D89A-8CBB-497F-918F-8361A4071C26}" = Nero Burning ROM 11
"{E8F30BD6-ABAB-C24E-E9A7-BF67EB96152C}" = CCC Help Norwegian
"{E9A5B6CD-7ABB-F295-2E11-F25BC322FF80}" = CCC Help English
"{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}" = Sony PC Companion 2.10.053
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F3E9C243-122E-4D6B-ACC1-E1FEC02F6CA1}" = Command and ConquerTM Generals Zero Hour
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"1489-3350-5074-6281" = JDownloader 0.9
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Age of Empires 2.0" = Microsoft Age of Empires II
"Avira AntiVir Desktop" = Avira Free Antivirus
"AviSynth" = AviSynth 2.5
"Biet-O-Matic v2.14.8" = Biet-O-Matic v2.14.8
"DAEMON Tools Lite" = DAEMON Tools Lite
"DAEMON Tools Toolbar" = DAEMON Tools Toolbar
"dBpoweramp Dalet Codec" = dBpoweramp Dalet Codec
"dBpoweramp DSP Effects" = dBpoweramp DSP Effects
"dBpoweramp FLAC Codec" = dBpoweramp FLAC Codec
"dBpoweramp m4a Codec" = dBpoweramp m4a Codec
"dBpoweramp Monkeys Audio Codec" = dBpoweramp Monkeys Audio Codec
"dBPowerAMP Mp2 and BwfMp2 codec" = dBPowerAMP Mp2 and BwfMp2 codec
"dBpoweramp Music Converter" = dBpoweramp Music Converter
"dBpoweramp Ogg Vorbis Codec" = dBpoweramp Ogg Vorbis Codec
"dBPowerAMP Real Audio (Helix) Encoder" = dBPowerAMP Real Audio (Helix) Encoder
"dBpoweramp WavPack Codec" = dBpoweramp WavPack Codec
"dBpoweramp Windows Media Audio 10 Codec" = dBpoweramp Windows Media Audio 10 Codec
"ESET Online Scanner" = ESET Online Scanner v3
"FLAC To MP3_is1" = FLAC To MP3 V4.0.4
"HD Tune Pro_is1" = HD Tune Pro 4.61
"InstallShield_{06F80017-8F98-4C94-B868-52358569FC32}" = Command & Conquer Generals
"InstallShield_{F3E9C243-122E-4D6B-ACC1-E1FEC02F6CA1}" = Command and ConquerTM Generals Zero Hour
"LogMeIn Hamachi" = LogMeIn Hamachi
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.0.1400
"Mozilla Firefox 15.0.1 (x86 de)" = Mozilla Firefox 15.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NeroVision!UninstallKey" = Nero Digital
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"TeamViewer 7" = TeamViewer 7
"Update Engine" = Sony Ericsson Update Engine
"Videora iPod Converter" = Videora iPod Converter 6
"WinLiveSuite" = Windows Live Essentials
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 14.09.2012 13:55:52 | Computer Name = Lappy | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung
 werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter
 ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste
 DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich
 und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
 
Error - 14.09.2012 13:55:52 | Computer Name = Lappy | Source = Microsoft-Windows-LoadPerf | ID = 3011
Description = Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren
 für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich.
 
Error - 14.09.2012 18:32:26 | Computer Name = Lappy | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "c:\program files
 (x86)\ESET\eset online scanner\ESETSmartInstaller.exe". Fehler in  Manifest- oder
 Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche Komponentenversion
 steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.  In Konflikt
 stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error - 14.09.2012 18:34:37 | Computer Name = Lappy | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "c:\Users\*\Desktop\esetsmartinstaller_enu.exe". Fehler in  Manifest- oder Richtliniendatei
 "" in Zeile .  Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt
 mit  einer anderen, bereits aktiven Komponentenversion.  In Konflikt stehende Komponenten:.
Komponente
 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error - 16.09.2012 03:11:28 | Computer Name = Lappy | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung
 werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter
 ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste
 DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich
 und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
 
Error - 16.09.2012 03:11:28 | Computer Name = Lappy | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung
 werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter
 ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste
 DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich
 und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
 
Error - 16.09.2012 03:11:28 | Computer Name = Lappy | Source = Microsoft-Windows-LoadPerf | ID = 3011
Description = Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren
 für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich.
 
Error - 16.09.2012 03:47:24 | Computer Name = Lappy | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung
 werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter
 ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste
 DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich
 und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
 
Error - 16.09.2012 03:47:24 | Computer Name = Lappy | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung
 werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter
 ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste
 DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich
 und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
 
Error - 16.09.2012 03:47:24 | Computer Name = Lappy | Source = Microsoft-Windows-LoadPerf | ID = 3011
Description = Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren
 für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich.
 
[ System Events ]
Error - 15.09.2012 14:01:39 | Computer Name = Lappy | Source = atapi | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden.
 
Error - 15.09.2012 14:01:39 | Computer Name = Lappy | Source = atapi | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden.
 
Error - 15.09.2012 14:06:01 | Computer Name = Lappy | Source = atapi | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden.
 
Error - 15.09.2012 14:06:01 | Computer Name = Lappy | Source = atapi | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden.
 
Error - 15.09.2012 14:06:01 | Computer Name = Lappy | Source = atapi | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden.
 
Error - 15.09.2012 14:06:01 | Computer Name = Lappy | Source = atapi | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden.
 
Error - 15.09.2012 14:06:01 | Computer Name = Lappy | Source = atapi | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden.
 
Error - 15.09.2012 14:06:01 | Computer Name = Lappy | Source = atapi | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden.
 
Error - 15.09.2012 14:06:01 | Computer Name = Lappy | Source = atapi | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden.
 
Error - 15.09.2012 14:06:01 | Computer Name = Lappy | Source = atapi | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden.
 
 
< End of report >
--- --- ---

schrauber 16.09.2012 09:27
Hi,

ComboFix
  • Lade dir das Tool hier herunter auf den Desktop -> KLICK
Das Programm jedoch noch nicht starten sondern zuerst folgendes tun:
  • Schliesse alle Anwendungen und Programme, vor allem deine Antiviren-Software und andere Hintergrundwächter, sowie deinen Internetbrowser.
    Vermeide es auch explizit während das Combofix läuft die Maus und Tastatur zu benutzen.
  • Starte nun die combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen und lass dein System durchsuchen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte abkopieren und in deinen Beitrag einfügen. Das log findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.
Hinweis: Combofix verhindert die Autostart Funktion aller CD / DVD und USB - Laufwerken um so eine Verbeitung einzudämmen. Wenn es hierdurch zu Problemen kommt, diese im Thread posten.

(ausführliche Anleitung -> Ein Leitfaden und Tutorium zur Nutzung von ComboFix)

osterhase081 16.09.2012 09:34
Hi,

kurze Zwischenfrage, damit nichts schief läuft: Sind Combofix und CCleaner das Gleiche? (Frage weil Combofix downloaden aber Anleitung von CCleaner)

liebe Grüße

schrauber 16.09.2012 09:42
Nee laut anleitung sollst du ccleaner vorher noch laufen lassen, kannst du aber weg lassen. lade combofix und lass es direkt laufen :)

osterhase081 16.09.2012 10:49
ich glaube hier ist leider was schief gegangen... Ich bin auf meinen PC ausgewichen, weil seitdem combofix auf meinem Laptop fertig war, kann ich keine Datien und Programme mehr öffnen.

Die Fehlermeldung lautet "Es wurde versucht, einen Registrierungsschlüssel einem unzulässigen Vorgang zu unterziehen, der zum Löschen markiert wurde."

Ich konnte das Logfile aber auf einen Stick kopieren, hier ist es:

[code]
Combofix Logfile:
Code:
ComboFix 12-09-15.02 - * 16.09.2012  10:47:04.1.2 - x64
Microsoft Windows 7 Ultimate  6.1.7601.1.1252.49.1031.18.4094.2363 [GMT 2:00]
ausgeführt von:: c:\users\*\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Outdated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Outdated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\SysWow64\SET3405.tmp
c:\windows\SysWow64\SET356E.tmp
c:\windows\SysWow64\SET4D1E.tmp
c:\windows\SysWow64\SET531C.tmp
c:\windows\SysWow64\SET536C.tmp
c:\windows\SysWow64\SET55B5.tmp
c:\windows\SysWow64\SET5707.tmp
c:\windows\SysWow64\SET5AD0.tmp
c:\windows\SysWow64\SET65E0.tmp
c:\windows\SysWow64\SET7041.tmp
c:\windows\SysWow64\SET70DF.tmp
c:\windows\SysWow64\SET7348.tmp
.
.
(((((((((((((((((((((((  Dateien erstellt von 2012-08-16 bis 2012-09-16  ))))))))))))))))))))))))))))))
.
.
2012-09-16 08:58 . 2012-09-16 08:58        --------        d-----w-        c:\users\Default\AppData\Local\temp
2012-09-14 10:20 . 2012-08-23 08:26        9310152        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{F1509450-77D2-48DF-A09B-D5489B3D1501}\mpengine.dll
2012-09-14 08:13 . 2012-09-14 08:13        --------        d-----w-        c:\program files (x86)\ESET
2012-09-14 07:38 . 2011-03-26 08:37        123520        ----a-w-        c:\windows\system32\drivers\ZTEusbser6k.sys
2012-09-14 07:38 . 2011-03-26 08:37        123520        ----a-w-        c:\windows\system32\drivers\ZTEusbnmea.sys
2012-09-14 07:38 . 2011-03-26 08:37        123520        ----a-w-        c:\windows\system32\drivers\ZTEusbmdm6k.sys
2012-09-14 07:38 . 2011-03-26 08:37        11776        ----a-w-        c:\windows\system32\drivers\massfilter.sys
2012-09-13 13:52 . 2012-09-13 13:52        --------        d-----w-        c:\users\*\AppData\Roaming\Malwarebytes
2012-09-13 13:51 . 2012-09-13 13:51        --------        d-----w-        c:\programdata\Malwarebytes
2012-09-13 13:51 . 2012-09-07 15:04        25928        ----a-w-        c:\windows\system32\drivers\mbam.sys
2012-09-12 09:29 . 2012-09-12 09:29        --------        d-----w-        c:\program files (x86)\Mozilla Maintenance Service
2012-09-12 00:01 . 2012-08-22 18:12        950128        ----a-w-        c:\windows\system32\drivers\ndis.sys
2012-09-12 00:01 . 2012-07-04 20:26        41472        ----a-w-        c:\windows\system32\drivers\RNDISMP.sys
2012-09-12 00:01 . 2012-08-02 17:58        574464        ----a-w-        c:\windows\system32\d3d10level9.dll
2012-09-12 00:01 . 2012-08-02 16:57        490496        ----a-w-        c:\windows\SysWow64\d3d10level9.dll
2012-09-12 00:01 . 2012-08-22 18:12        1913200        ----a-w-        c:\windows\system32\drivers\tcpip.sys
2012-09-12 00:01 . 2012-08-22 18:12        376688        ----a-w-        c:\windows\system32\drivers\netio.sys
2012-09-12 00:01 . 2012-08-22 18:12        288624        ----a-w-        c:\windows\system32\drivers\FWPKCLNT.SYS
2012-09-08 11:15 . 2012-09-08 11:15        --------        d-----w-        c:\program files (x86)\Virtual Router
2012-08-28 19:10 . 2012-09-08 11:20        --------        d-----w-        c:\users\*\AppData\Local\Chris_Pietschmann_(http__
2012-08-28 19:08 . 2012-08-28 19:08        --------        d-----w-        C:\UserData
2012-08-28 18:47 . 2012-09-14 07:38        --------        d-----w-        c:\windows\SysWow64\SupportAppCB
2012-08-27 06:46 . 2012-08-27 06:46        --------        d-----w-        c:\users\*\AppData\Roaming\Zeon
2012-08-26 14:05 . 2012-08-26 14:05        --------        d-----w-        c:\users\*\AppData\Roaming\FLEXnet
2012-08-22 11:54 . 2012-08-27 09:06        --------        d-----w-        c:\users\*\AppData\Roaming\Nuance
2012-08-22 11:54 . 2012-08-27 06:46        --------        d-----w-        c:\programdata\Nuance
2012-08-22 11:54 . 2012-08-22 11:54        --------        d-----w-        c:\windows\PIXTRAN
2012-08-22 11:53 . 2012-08-22 11:53        --------        d-----w-        c:\program files (x86)\Common Files\ScanSoft Shared
2012-08-22 11:53 . 2012-08-22 11:53        --------        d-----w-        c:\programdata\Zeon
2012-08-22 11:53 . 2012-08-22 11:53        --------        d-----w-        c:\programdata\FLEXnet
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-12 09:10 . 2012-07-29 15:29        696520        ----a-w-        c:\windows\SysWow64\FlashPlayerApp.exe
2012-09-12 09:10 . 2011-07-30 22:21        73416        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-09-12 01:01 . 2011-08-01 13:45        64462936        ----a-w-        c:\windows\system32\MRT.exe
2012-07-18 18:15 . 2012-08-15 08:16        3148800        ----a-w-        c:\windows\system32\win32k.sys
2012-07-05 10:14 . 2012-07-05 10:14        45056        ----a-r-        c:\users\*\AppData\Roaming\Microsoft\Installer\{1A4E47DC-6701-4A85-AA16-C1F99A44598C}\NewShortcut5_1A4E47DC67014A85AA16C1F99A44598C.exe
2012-07-05 10:14 . 2012-07-05 10:14        45056        ----a-r-        c:\users\*\AppData\Roaming\Microsoft\Installer\{1A4E47DC-6701-4A85-AA16-C1F99A44598C}\NewShortcut1_1A4E47DC67014A85AA16C1F99A44598C.exe
2012-07-04 22:16 . 2012-08-15 08:17        73216        ----a-w-        c:\windows\system32\netapi32.dll
2012-07-04 22:13 . 2012-08-15 08:17        59392        ----a-w-        c:\windows\system32\browcli.dll
2012-07-04 22:13 . 2012-08-15 08:17        136704        ----a-w-        c:\windows\system32\browser.dll
2012-07-04 21:14 . 2012-08-15 08:17        41984        ----a-w-        c:\windows\SysWow64\browcli.dll
2012-06-27 07:06 . 2012-08-15 08:17        1188864        ----a-w-        c:\windows\system32\wininet.dll
2012-06-27 07:06 . 2012-08-15 08:17        1494016        ----a-w-        c:\windows\system32\urlmon.dll
2012-06-27 07:06 . 2012-08-15 08:17        134144        ----a-w-        c:\windows\system32\url.dll
2012-06-27 07:03 . 2012-08-15 08:17        9059840        ----a-w-        c:\windows\system32\mshtml.dll
2012-06-27 07:03 . 2012-08-15 08:17        97792        ----a-w-        c:\windows\system32\mshtmled.dll
2012-06-27 07:03 . 2012-08-15 08:17        735744        ----a-w-        c:\windows\system32\msfeeds.dll
2012-06-27 07:02 . 2012-08-15 08:17        64512        ----a-w-        c:\windows\system32\jsproxy.dll
2012-06-27 07:02 . 2012-08-15 08:17        247808        ----a-w-        c:\windows\system32\ieui.dll
2012-06-27 07:02 . 2012-08-15 08:17        2453504        ----a-w-        c:\windows\system32\iertutil.dll
2012-06-27 07:02 . 2012-08-15 08:17        12297216        ----a-w-        c:\windows\system32\ieframe.dll
2012-06-27 05:53 . 2012-08-15 08:17        981504        ----a-w-        c:\windows\SysWow64\wininet.dll
2012-06-27 04:53 . 2012-08-15 08:17        1638912        ----a-w-        c:\windows\system32\mshtml.tlb
2012-06-27 04:10 . 2012-08-15 08:17        1638912        ----a-w-        c:\windows\SysWow64\mshtml.tlb
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ICQ"="d:\program files (x86)\ICQ7.6\ICQ.exe" [2011-10-10 127040]
"MobileDocuments"="c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
"DAEMON Tools Lite"="d:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2012-04-17 3671872]
"ISUSPM"="c:\programdata\FLEXnet\Connect\11\ISUSPM.exe" [2009-05-05 222496]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"BCSSync"="d:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-30 59280]
"FILSHtray"="d:\program files (x86)\FILSHtray\FILSHtray.exe" [2012-04-18 594432]
"avgnt"="d:\program files (x86)\Avira\Avira\AntiVir Desktop\avgnt.exe" [2012-08-08 348664]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-18 421888]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-06-11 641704]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-06-27 1996200]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
"iTunesHelper"="d:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-07 421776]
"PDF7 Registry Controller"="d:\program files (x86)\Nuance\PDF Professional 7\RegistryController.exe" [2011-09-09 141160]
"PDFProHook"="d:\program files (x86)\Nuance\PDF Professional 7\pdfpro7hook.exe" [2011-09-09 1787752]
"UIExec"="d:\program files (x86)\1&1 Surf-Stick\UIExec.exe" [2012-01-17 153424]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
FILSHtray.lnk - d:\program files (x86)\FILSHtray\FILSHtray.exe [2012-4-18 594432]
Virtual Router Manager.lnk - c:\windows\Installer\{8DB05F7E-1F7A-4CC0-882F-375B97F04CD4}\_E6D9769DD20AF384865041.exe [2012-9-8 22486]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute        REG_MULTI_SZ          autocheck autochk *\06)\*\0O\*\0OOD\0OODBS
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages        REG_MULTI_SZ          kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 AODDriver4.1;AODDriver4.1;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-03-05 53888]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-12 250568]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [2012-05-13 13352]
R3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys [2010-07-28 29720]
R3 massfilter;Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [2011-03-26 11776]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;d:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-09-06 114144]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys [2011-05-10 22528]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-21 20992]
R3 Sony PC Companion;Sony PC Companion;c:\program files (x86)\Sony\Sony PC Companion\PCCService.exe [2012-01-18 155320]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [2010-11-21 88960]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2010-11-21 34816]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-21 117248]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2011-09-16 27760]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-06-11 239616]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-06-11 361984]
S2 AntiVirSchedulerService;Avira Planer;d:\program files (x86)\Avira\Avira\AntiVir Desktop\sched.exe [2012-05-08 86224]
S2 AODDriver4.01;AODDriver4.01;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-03-05 53888]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-06-27 2369960]
S2 MBAMScheduler;MBAMScheduler;d:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-07 399432]
S2 MBAMService;MBAMService;d:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-07 676936]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2011-09-23 641832]
S2 OODefragAgent;O&O Defrag;d:\program files\OO Software\Defrag\oodag.exe [2011-09-18 3271496]
S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-01-19 3027840]
S2 UI Assistant Service;UI Assistant Service;d:\program files (x86)\1&1 Surf-Stick\AssistantServices.exe [2012-01-17 270672]
S2 Virtual Router;VirtualRouterService;c:\program files (x86)\Virtual Router\VirtualRouterService.exe [2009-11-18 12288]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2012-06-11 10248192]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2012-06-11 367616]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-02-23 95760]
S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x64.sys [2009-06-10 57344]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-07 25928]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
.
.
Inhalt des "geplante Tasks" Ordners
.
2012-09-16 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-29 09:10]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OODefragTray"="d:\program files\OO Software\Defrag\oodtray.exe" [2011-09-18 3993416]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://yahoo.de/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: An OneNote s&enden - d:\progra~1\MICROS~1\Office14\ONBttnIE.dll/105
IE: Free YouTube to MP3 Converter - c:\users\*\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft E&xcel exportieren - d:\progra~1\MICROS~1\Office14\EXCEL.EXE/3000
IE: Open with Nuance PDF Converter 7 - d:\program files (x86)\Nuance\PDF Professional 7\cnvres_eng.dll /100
IE: {{7644E42D-B096-457F-8B5B-901238FC81AE} - d:\program files (x86)\ICQ7.6\ICQ.exe
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\*\AppData\Roaming\Mozilla\Firefox\Profiles\8vo2kksq.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://de.yahoo.com/
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
URLSearchHooks-{0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - (no file)
Toolbar-10 - (no file)
Toolbar-10 - (no file)
AddRemove-DAEMON Tools Toolbar - c:\program files (x86)\DAEMON Tools Toolbar\uninst.exe
AddRemove-dBpoweramp Dalet Codec - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp DSP Effects - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp FLAC Codec - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp m4a Codec - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp Monkeys Audio Codec - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBPowerAMP Mp2 and BwfMp2 codec - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp Music Converter - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp Ogg Vorbis Codec - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBPowerAMP Real Audio (Helix) Encoder - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp WavPack Codec - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp Windows Media Audio 10 Codec - c:\windows\system32\SpoonUninstall.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OOPM03.00.00.01PRO"="2E07381C400BD9A8F6D1D03099BC9D23CA4E2C88CE6FF3B6B56E3323BB06BA26CC5452C20273BDC113B0DE41881780FC25AD4AF15A3C5CA03D7027954D9FE9FD83A67D5BFB01C3BC2E26F0F30ACC09376E1AFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B9808A6A0AC4980AC7933FEBC9E127BECC74CA2D97226D213B555A3D7771CAC1FC3E8DE303256923E454E6A727D09D4027A3ACEF6E2DC488C2198D4B0B165887C0A6A26B9524D82C70EE7C2F7570953AACCCA4651E79E729B3D93FDEAF7FA315C8AEE477FD3DC830F4BA04C3DF1C49EE4FE80023BA38065535B8E807D89BD25E5F28CA3815837A01320AD85E97760EEA7C754BC26673725446B64F3BEF91355E2081DCFA25A8FD9F5C3091F09E401F011F480E4E553F82BA2EDAFA5EEB16228BF1DBC1428A522207E80737F898C52C2DFE5049C33DF8364C8F5CF932DEA9977901E4CECBBDCAB5C9837EB40BF1581FB778E213A2AD615B2322F6AF10138A7928909F18B6E726EE9525ABAAEE2F64321E07861C94CD571E98056E728D2FA82B9856F1653B0B12F165F7169CA0E01CD3047BD0D887CD26054F93CF250706B22A40279675DD7B5B6259597454C41D3DA187A90B6E803912D2E84C5FC3D0A9604FB215F54F5216ED44D70FB611CDEE5A93E6E36AE928EAF2828AE6EB86F365BA75EA870149EA923D93A8FE214D7AF027CF8BB840CDEAC19A4E7AAC0209FED6C92DC038E9F8A736A9B0BB3A1F6505D431A961DE72CDCD3117A864A5FEE398ED24E7FBC3133A3653374D14625E80B791E4D547362ACCFDAB08410897F245C596B65BE09605185CA3CC017506C8A41F457E4684387F0AC0061A486036A04DAF3646A89BCBC3E80CF1BE3D48289C3622908B379B2FEA09E62E03B5E797C97BDE7C0EF4053F6039908B741F92E253D8FD01F10248F85A58507C23281D028AB41225A90BAE8D56C8969D0446A4AFA669B8BDD5379476BB0F1546EF44D91724E53F55BE74341B38D3C5075DA7BF2D8F0135C5A5E7B701433AA991E7210E874D59795C41795417EB852780B75FA66A1D232AAFD1323C0F9662B06DF1F1228DB58659D69436571B90A2106CA8925874FC66B4206D75D952744A12E98F20A44E8B3C988F193D802F9DB30FDC092AEDC6AC9E1D10597086E3D0C700A7CE72756F20802B9D93689446AD13CCCCE8BBD12141FF26DE0C0F96FEFC0AEF6187E871BE0380576EFDA06AD49CFB63FA7F8EEF47ECB280C5346F8DF87A9A5B3C8BA4372316D76665936CE58687E4387D5DE4E7AF09BC50AE99DC1ABE052D5E543A461E17513B4190E015B812FCBB93D35C66137C69A402685C284636B096F168C46DF9251D9CD7F57F8950C9669A75AF7BE9FE6701D41835DB4E53A2B61DA2F01312F52"
"OODEFRAG14.00.00.01PROFESSIONAL"="FC5523A3D9F765DDA4262A395C5DC11BF8E5126BCEEC4546742F6F65993EB000FE67BC9A13323D95518E007BECA4FBD2ECD6EFF53472CDB3A4952CC45C51DFD1B0FE0D8FFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B9808A6A0AC4980AC7933FEBC9E127BECC74CC038D530D6EB3452523DA9E16EDBFBC600F051436EF2F132C337CCCC1879E69ABF1DA27472933479D8774BE4BBD34C1FC4B7B67481EEFAD0279460EA414F47BAC178EB9FA8EB5BAC34CADDDB54767DB1C701DB18A95C1CE94F077D013C0B6B3E14EF31D3441409DE57FCAE022795BB965E6FF42E0976BCEA123064737AF59187ACC3DB79A8057686F80AEC6526F459FB9FDA9C8B4371E5D58865B7F971501C9045E2B650BBAB7E3393202E6ACB4E4A23E7CF4E5782F1C5C110AD7DA19C4C12E1DD74F168E866210267A1E946924E28DF588C6D8D71142CD849C59E4C76119E1D36D09EA71E0A0329F7A5FC84F8962F9CD3843EFCC1E392D91A1FEB2D83B910F3D68636C8CEDD6BEF0BF4288385BB41D602E0EA4AA8639016ABDD964E48D55B2E08D61358F11FC6B22D100F75BC47E120D1FA806D5D8AE4F3E9D9340CCD679426D737F53A01FCA4E22D29BB632D35BA9BEFE3F0321EC071EE8620C097A2E6F74D1AD100A17B9CB8031D2618A563F61906D3DD90382BE6BB93F7711A75D83DE4A464023A99E2155CACD421F6EBF573ECA933E119F1484C6E05F44282FC054B5DC410DB1180BFF1090CEF698AB97A004CE88A9A28A9BDB8D5F87D3BA0DD41E309D83C2452879AB3DF604D016DE40DEC6E399A683F79DA65E43BD0B8FE96AACCB19FC953303304CE257F8F1F9A184EF9322368DDC351EC80B2A874CA0B7C6442C76C601845DF0D2BC0501F2FF15261DB16C53A427EF3CBACF6B3B13697B712F25C2868538A394E243D4FA5CC3966EC3C42CF9D129EFBCC7F116316F35B47DE82A8CB121CE0C1DF8ACC0E134D98FB9E37FC88617C33D2CF8281D17130717978078567CEB909CF6222C0AE1AB51C0DA3DF34C89BE4B33A33B4702DDA4B56F38F0B731FD3AA2E8B782393EBB241B4E83239F87D22627744DB87A436A95AEE30DA8F14289C2059F44739DF10185EB5B07F3C7F2793423ED7B3608F457CA5FE7A9285AED0E5807B5CFA0565FB48AED7DC49D7215DCE02A6B3271AC0C3B229B2F2F5D52EF533E4E567421907A4878938B74E6A5A4777D5B8E42683EEB07396981045D9A18B491BD090CE7ECE125CF9D6DF524BCCA2F526DC51A5DDF39DA7D1219847E1BB99B32458A4D632E76012BD19C79C43BC40F68C60AF9D5ECC30FA72A4AAC430D4BABFB5FBC716A222BE37C64538F88E1487EA5B738B0C309CA4DEC55D360C7B651D01B81EEC4B35F1F220BD89C8B7DDDD6F0613AD44"
"OODEFRAG15.00.00.01PROFESSIONAL"="30EEDEA95207436E397DDEA6F70B72F617DECE23F6113ED2CD369DD72CE1A85DA9ABB4CA2292E3B89EC00EB35A1FF9C6F9AD01F4E993D2246E5AF01FE9C806B261D9470830AD753F1384B4745D2042AA9393D1C9B85B0D29055882575D6F8314B2FAB0AEB54BC444F1D2D28549DA0E03DA42472FD72C3F0749AA7B2147312A06B374610F6002AD4D4E9B3D09583C2FF67ED03C372FEE54A42534D920DE1096CE2B909D7DD28AA3A2E9AE1D24B8590CEF61BBDC79FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B9808A6A0AC4980AC79335D575E7D6A3B9808FEBC9E127BECC74C787376447A447E3B6C67441FD3D27FBC396BD2F0F12A36FD74261051DBB6C1EEED59A6F6D50F5A7FFB7B2DA40C4F2C999DE525A29D93FD27608DD0D8F0742826A04E4B60D41DE2D39544823DF46D555E2E34EE13262908AEB90B2BFBEDBF953CEA66CEE1721A39769F2DA36D2AFE22B87EBAA306DE082053E21BC8E1051E18209BD52F9F6192D1A7F4C405F8F63D0CDB17804C80D3AF63DAB0DF676F207A944874F6FE82047AF62F653E2D6CDDC25FFE74B384CF4306C78C6B9CD7D2D8A041ABAAC763B8F42843D4B2EFB793948E405B06A27C819FD190B251BAFEFB7F432BC8E8E998B3FED5A86895D6D282048323B0B0C278E9103FDB1E9248581E1776B01ECCA3EA27A3216B38368EC30F4A6BD1C0CB29D1206E6195215474ED32D73408B2685EBD8D170D251DB65C6052B8EE6A53A293F3FD49290295AF1563752D5AB60EC2290623C200C16F29A693AB549FDEB1F5E15FA4E3F1B6D532A3EC65B6A9193CD434D0E9C044828C1378DC3CD7EFF3AB7A18A7F4B376A0415B3CD3C7C7C7DFCE0E56B9276588FB57717F51EA3036C494575DF51863567C3CA21F76A567BD0ED94D8AF3E231DF96B4339016E1FDAF3EC0287E0677D298DD2DEEB2C448517AFA76EB6C46E95FBE908D39A1E70F97FAA20C7E6A29C312A3AB819D7FC4C2754D54C033BF0B4F5B80F8CF5DCC1523079B87555D36C2EEEAC4A02701B18FE777EC175A5FE8AF67C56435ED6851009609F8D57FBC184A31D4ABCA13DC1B52D02EF21967A47336CAF38B7EDD1B93A22310DD4DF009ED4E0680EC8E3C6AAF4E5826DA818FA78C36576D7D6197271985C541FA7D142136ECAACE81A09E5688599E1E09CB818385D82EEE24BE9A348DCAC1F462CD58DB16DB2458C48D3AC2635C0909C0C8EBC5555DB369CCCAE6DC3F239CB90CF7AE7DD36138E47933914420543F902C9A84EF159511012C8E8331A0D5A05154080F45DCDC73F4C044ADE3C3D22D0E57BA83F782E6B48ED6E6F93349C0DCB078627361BFBB233BA4C8199DF87C0312B5F3A549804DCE9D4805D6D9F451A1819DBADB77B1845C9C1399E3E30A0CB4"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
d:\program files (x86)\Avira\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
d:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-09-16  11:20:08 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-09-16 09:20
.
Vor Suchlauf: 12 Verzeichnis(se), 23.170.428.928 Bytes frei
Nach Suchlauf: 18 Verzeichnis(se), 25.035.165.696 Bytes frei
.
- - End Of File - - B870288E035AC54D039380C019BE6AE2
--- --- ---

schrauber 16.09.2012 10:53
Rechner einmal neustarten, dann ist der fehler weg :). Bitte um Rückmeldung wenn es so ist :)

osterhase081 16.09.2012 11:05
puuuh Glück gehabt :) Es lässt sich wieder alles öffnen :) Ich hatte schon die Hosen voll :lach: Die Startseite der Firefox-Tabs ist aber leider immer noch incredibar :/

schrauber 16.09.2012 11:07
Poste mal bitte ein frisches OTL logfile :)

osterhase081 16.09.2012 11:31
hier das frische :)

OTL Logfile:
Code:
OTL logfile created on: 16.09.2012 12:10:15 - Run 2
OTL by OldTimer - Version 3.2.55.0    Folder = C:\Users\*\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,50 Gb Available Physical Memory | 62,41% Memory free
7,99 Gb Paging File | 6,10 Gb Available in Paging File | 76,29% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 95,92 Gb Total Space | 23,19 Gb Free Space | 24,18% Space Free | Partition Type: NTFS
Drive D: | 202,07 Gb Total Space | 76,61 Gb Free Space | 37,91% Space Free | Partition Type: NTFS
 
Computer Name: LAPPY | User Name: * | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 60 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\*\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe (Adobe Systems, Inc.)
PRC - d:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - d:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - d:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - D:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - D:\Program Files (x86)\Avira\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
PRC - D:\Program Files (x86)\Avira\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - D:\Program Files (x86)\Avira\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - D:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
PRC - C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
PRC - C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - D:\Program Files (x86)\1&1 Surf-Stick\UIMain.exe ()
PRC - D:\Program Files (x86)\1&1 Surf-Stick\CMUpdater.exe ()
PRC - d:\Program Files (x86)\1&1 Surf-Stick\AssistantServices.exe ()
PRC - D:\Program Files (x86)\1&1 Surf-Stick\UIExec.exe ()
PRC - C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG)
PRC - D:\Program Files (x86)\Nuance\PDF Professional 7\PdfPro7Hook.exe (Nuance Communications, Inc.)
PRC - D:\Program Files\Folding@Home\FahCore_a4.exe ()
PRC - D:\Program Files (x86)\HD Tune Pro\HDTunePro.exe (EFD Software)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe (Acresso Corporation)
PRC - D:\Program Files\Folding@Home\Folding@home-Win32-x86.exe ()
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll ()
MOD - D:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - D:\Program Files (x86)\1&1 Surf-Stick\UIMain.exe ()
MOD - D:\Program Files (x86)\1&1 Surf-Stick\UIPlugin\UISetting.dll ()
MOD - D:\Program Files (x86)\1&1 Surf-Stick\UIPlugin\UISms.dll ()
MOD - D:\Program Files (x86)\1&1 Surf-Stick\CMUpdater.exe ()
MOD - D:\Program Files (x86)\1&1 Surf-Stick\UIPlugin\UIPhoneBook.dll ()
MOD - D:\Program Files (x86)\1&1 Surf-Stick\UIPlugin\UIConnectRecord.dll ()
MOD - D:\Program Files (x86)\1&1 Surf-Stick\UIPlugin\UIMms.dll ()
MOD - D:\Program Files (x86)\1&1 Surf-Stick\UISkin.dll ()
MOD - D:\Program Files (x86)\1&1 Surf-Stick\UIPlugin\UIUssd.dll ()
MOD - D:\Program Files (x86)\1&1 Surf-Stick\UIPlugin\UIStk.dll ()
MOD - d:\Program Files (x86)\1&1 Surf-Stick\Component\BIDataBase.dll ()
MOD - d:\Program Files (x86)\1&1 Surf-Stick\Component\BISetting.dll ()
MOD - D:\Program Files (x86)\1&1 Surf-Stick\UICommonDlg.dll ()
MOD - d:\Program Files (x86)\1&1 Surf-Stick\Component\BKService.dll ()
MOD - d:\Program Files (x86)\1&1 Surf-Stick\Component\BIConfig.dll ()
MOD - d:\Program Files (x86)\1&1 Surf-Stick\Component\BISms.dll ()
MOD - d:\Program Files (x86)\1&1 Surf-Stick\Component\BICodec.dll ()
MOD - d:\Program Files (x86)\1&1 Surf-Stick\Component\BIXml.dll ()
MOD - d:\Program Files (x86)\1&1 Surf-Stick\Component\BIPhoneBook.dll ()
MOD - d:\Program Files (x86)\1&1 Surf-Stick\Component\BIOptimizationClient.dll ()
MOD - d:\Program Files (x86)\1&1 Surf-Stick\Component\BIRas.dll ()
MOD - D:\Program Files (x86)\1&1 Surf-Stick\UIExec.exe ()
MOD - d:\Program Files (x86)\1&1 Surf-Stick\Component\BIService.dll ()
MOD - d:\Program Files (x86)\1&1 Surf-Stick\Component\BIDevManager.dll ()
MOD - d:\Program Files (x86)\1&1 Surf-Stick\Component\BILog.dll ()
MOD - d:\Program Files (x86)\1&1 Surf-Stick\Component\BIConnectRecord.dll ()
MOD - d:\Program Files (x86)\1&1 Surf-Stick\Component\BIVoice.dll ()
MOD - d:\Program Files (x86)\1&1 Surf-Stick\Component\BIStk.dll ()
MOD - d:\Program Files (x86)\1&1 Surf-Stick\Component\BIUssd.dll ()
MOD - d:\Program Files (x86)\1&1 Surf-Stick\Component\SysService.dll ()
MOD - d:\Program Files (x86)\1&1 Surf-Stick\Component\BICallRecord.dll ()
MOD - D:\Program Files (x86)\1&1 Surf-Stick\UpdateAgent.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf ()
MOD - C:\Windows\SysWOW64\msjetoledb40.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (AMD FUEL Service) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MBAMService) -- d:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- d:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (Hamachi2Svc) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
SRV - (AntiVirService) -- D:\Program Files (x86)\Avira\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirSchedulerService) -- D:\Program Files (x86)\Avira\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (TeamViewer7) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (Sony PC Companion) -- C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe (Avanquest Software)
SRV - (UI Assistant Service) -- d:\Program Files (x86)\1&1 Surf-Stick\AssistantServices.exe ()
SRV - (NAUpdate) -- C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG)
SRV - (OODefragAgent) -- D:\Program Files\OO Software\Defrag\oodag.exe (O&O Software GmbH)
SRV - (Microsoft SharePoint Workspace Audit Service) -- D:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE (Microsoft Corporation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV - (Virtual Router) -- C:\Program Files (x86)\Virtual Router\VirtualRouterService.exe (Chris Pietschmann (hxxp://pietschsoft.com))
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (Folding@home-CPU-[1]) -- D:\Program Files\Folding@Home\Folding@home-Win32-x86.exe ()
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (ggsemc) -- C:\Windows\SysNative\drivers\ggsemc.sys (Sony Ericsson Mobile Communications)
DRV:64bit: - (ggflt) -- C:\Windows\SysNative\drivers\ggflt.sys (Sony Ericsson Mobile Communications)
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices)
DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys (Duplex Secure Ltd.)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH)
DRV:64bit: - (Netaapl) -- C:\Windows\SysNative\drivers\netaapl64.sys (Apple Inc.)
DRV:64bit: - (ZTEusbser6k) -- C:\Windows\SysNative\drivers\ZTEusbser6k.sys (ZTE Incorporated)
DRV:64bit: - (ZTEusbnmea) -- C:\Windows\SysNative\drivers\ZTEusbnmea.sys (ZTE Incorporated)
DRV:64bit: - (ZTEusbmdm6k) -- C:\Windows\SysNative\drivers\ZTEusbmdm6k.sys (ZTE Incorporated)
DRV:64bit: - (massfilter) -- C:\Windows\SysNative\drivers\massfilter.sys (MBB Incorporated)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (tsusbhub) -- C:\Windows\SysNative\drivers\tsusbhub.sys (Microsoft Corporation)
DRV:64bit: - (Synth3dVsc) -- C:\Windows\SysNative\drivers\Synth3dVsc.sys (Microsoft Corporation)
DRV:64bit: - (dmvsc) -- C:\Windows\SysNative\drivers\dmvsc.sys (Microsoft Corporation)
DRV:64bit: - (terminpt) -- C:\Windows\SysNative\drivers\terminpt.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (ivusb) -- C:\Windows\SysNative\drivers\ivusb.sys (Initio Corporation)
DRV:64bit: - (amdiox64) -- C:\Windows\SysNative\drivers\amdiox64.sys (Advanced Micro Devices)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (L1C) -- C:\Windows\SysNative\drivers\L1C62x64.sys (Atheros Communications, Inc.)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (hamachi) -- C:\Windows\SysNative\drivers\hamachi.sys (LogMeIn, Inc.)
DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ATK64AMD.sys ()
DRV - (AODDriver4.1) -- C:\Programme\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys (Advanced Micro Devices)
DRV - (AODDriver4.01) -- C:\Programme\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys (Advanced Micro Devices)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
 
IE - HKU\S-1-5-21-2108739104-3107430099-1915606239-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://yahoo.de/
IE - HKU\S-1-5-21-2108739104-3107430099-1915606239-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-2108739104-3107430099-1915606239-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 65 78 07 DD CA 4E CC 01  [binary data]
IE - HKU\S-1-5-21-2108739104-3107430099-1915606239-1000\..\URLSearchHook:  - No CLSID value found
IE - HKU\S-1-5-21-2108739104-3107430099-1915606239-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-2108739104-3107430099-1915606239-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-2108739104-3107430099-1915606239-1000\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKU\S-1-5-21-2108739104-3107430099-1915606239-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "hxxp://de.yahoo.com/"
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_265.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: D:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: D:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: D:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@playstation.com/PsndlCheck,version=1.00: C:\Program Files (x86)\Sony\PLAYSTATION Network Downloader\nppsndl.dll (Sony Computer Entertainment Inc.)
FF - HKLM\Software\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0: C:\Program Files (x86)\Sony\Media Go\npmediago.dll (Sony Network Entertainment International LLC)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: D:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: d:\Program Files (x86)\Mozilla Firefox\components [2012.09.12 11:29:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: d:\Program Files (x86)\Mozilla Firefox\plugins [2012.07.11 17:58:31 | 000,000,000 | ---D | M]
 
[2012.07.24 16:02:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*\AppData\Roaming\mozilla\Extensions
[2012.09.16 11:58:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*\AppData\Roaming\mozilla\Firefox\Profiles\8vo2kksq.default\extensions
[2012.09.16 11:58:30 | 000,000,000 | ---D | M] (Flagfox) -- C:\Users\*\AppData\Roaming\mozilla\Firefox\Profiles\8vo2kksq.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
[2012.05.21 15:45:57 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\*\AppData\Roaming\mozilla\Firefox\Profiles\8vo2kksq.default\extensions\ich@maltegoetz.de
[2012.08.01 07:12:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*\AppData\Roaming\mozilla\Firefox\Profiles\sk0l8w1k.default\extensions
[2012.08.01 07:12:08 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\*\AppData\Roaming\mozilla\Firefox\Profiles\sk0l8w1k.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.09.16 11:58:30 | 000,270,876 | ---- | M] () (No name found) -- C:\USERS\*\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8VO2KKSQ.DEFAULT\EXTENSIONS\{E4A8A97B-F2ED-450B-B12D-EE082BA24781}.XPI
[2012.08.22 13:54:18 | 000,000,000 | ---D | M] (PDF Converter 7.1) -- D:\PROGRAM FILES (X86)\NUANCE\PDF PROFESSIONAL 7\FIREFOX
 
O1 HOSTS File: ([2012.09.16 10:59:03 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O2:64bit: - BHO: (SteadyVideoBHO Class) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Programme\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (SteadyVideoBHO Class) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - D:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (ZeonIEEventHelper Class) - {DA986D7D-CCAF-47B2-84FE-BFA1549BEBF9} - D:\Program Files (x86)\Nuance\PDF Professional 7\bin\ZeonIEFavClient.dll (Zeon Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Nuance PDF) - {E3286BF1-E654-42FF-B4A6-5E111731DF6B} - D:\Program Files (x86)\Nuance\PDF Professional 7\bin\ZeonIEFavClient.dll (Zeon Corporation)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O4:64bit: - HKLM..\Run: [OODefragTray] D:\Program Files\OO Software\Defrag\oodtray.exe (O&O Software GmbH)
O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] D:\Program Files (x86)\Avira\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [BCSSync] D:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [FILSHtray] d:\Program Files (x86)\FILSHtray\FILSHtray.exe (FILSH Media GmbH)
O4 - HKLM..\Run: [HD Tune Pro] D:\Program Files (x86)\HD Tune Pro\HDTunePro.exe (EFD Software)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [PDF7 Registry Controller] D:\Program Files (x86)\Nuance\PDF Professional 7\RegistryController.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PDFProHook] D:\Program Files (x86)\Nuance\PDF Professional 7\PdfPro7Hook.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [UIExec] d:\Program Files (x86)\1&1 Surf-Stick\UIExec.exe ()
O4 - HKU\S-1-5-21-2108739104-3107430099-1915606239-1000..\Run: [DAEMON Tools Lite] D:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-2108739104-3107430099-1915606239-1000..\Run: [ICQ] d:\Program Files (x86)\ICQ7.6\ICQ.exe (ICQ, LLC.)
O4 - HKU\S-1-5-21-2108739104-3107430099-1915606239-1000..\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe (Acresso Corporation)
O4 - HKU\S-1-5-21-2108739104-3107430099-1915606239-1000..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2108739104-3107430099-1915606239-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2108739104-3107430099-1915606239-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: An OneNote s&enden - D:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\*\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - D:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8:64bit: - Extra context menu item: Open with Nuance PDF Converter 7 - D:\Program Files (x86)\Nuance\PDF Professional 7\cnvres_eng.dll (Nuance Communications, Inc.)
O8 - Extra context menu item: An OneNote s&enden - D:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\*\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - D:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Open with Nuance PDF Converter 7 - D:\Program Files (x86)\Nuance\PDF Professional 7\cnvres_eng.dll (Nuance Communications, Inc.)
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - d:\Program Files (x86)\ICQ7.6\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - d:\Program Files (x86)\ICQ7.6\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - D:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - D:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{24764378-0C4A-436A-AC70-FD84A931BC07}: NameServer = 139.7.30.126 139.7.30.125
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7F90062A-0C59-4146-8AE6-8C198C4CD8FD}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{ACCD6DDD-3DB9-4E91-A51C-2421A157DEDF}: DhcpNameServer = 212.23.115.132 212.23.115.148
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O18:64bit: - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Programme\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18:64bit: - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Programme\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18 - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18 - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - D:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (6)\*)
O34 - HKLM BootExecute: (O\*)
O34 - HKLM BootExecute: (OOD)
O34 - HKLM BootExecute: (OODBS)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 60 Days ==========
 
[2012.09.16 11:20:28 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012.09.16 11:02:03 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2012.09.16 10:44:59 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012.09.16 10:44:59 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012.09.16 10:44:59 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012.09.16 10:44:53 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012.09.16 10:44:38 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012.09.16 10:28:46 | 004,754,503 | R--- | C] (Swearware) -- C:\Users\*\Desktop\ComboFix.exe
[2012.09.14 13:17:17 | 000,597,504 | ---- | C] (OldTimer Tools) -- C:\Users\*\Desktop\OTL.exe
[2012.09.14 10:13:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012.09.14 10:12:55 | 002,322,184 | ---- | C] (ESET) -- C:\Users\*\Desktop\esetsmartinstaller_enu.exe
[2012.09.14 09:38:40 | 000,123,520 | ---- | C] (ZTE Incorporated) -- C:\Windows\SysNative\drivers\ZTEusbser6k.sys
[2012.09.14 09:38:40 | 000,123,520 | ---- | C] (ZTE Incorporated) -- C:\Windows\SysNative\drivers\ZTEusbnmea.sys
[2012.09.14 09:38:40 | 000,123,520 | ---- | C] (ZTE Incorporated) -- C:\Windows\SysNative\drivers\ZTEusbmdm6k.sys
[2012.09.14 09:38:40 | 000,011,776 | ---- | C] (MBB Incorporated) -- C:\Windows\SysNative\drivers\massfilter.sys
[2012.09.14 09:38:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\1&1 Surf-Stick
[2012.09.13 15:52:08 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Roaming\Malwarebytes
[2012.09.13 15:51:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.09.13 15:51:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.09.13 15:51:16 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.09.13 15:49:09 | 010,524,080 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\*\Desktop\malware (3).exe
[2012.09.13 15:04:45 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{BA1FD8C4-17B0-4503-9F27-634B0EFE0A52}
[2012.09.12 11:29:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2012.09.12 11:29:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012.09.12 11:26:29 | 017,653,976 | ---- | C] (Mozilla) -- C:\Users\*\Desktop\malware (1).exe
[2012.09.12 08:47:26 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{E9EDE448-3830-436F-B1C6-E602769228A9}
[2012.09.12 02:01:44 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\RNDISMP.sys
[2012.09.12 02:01:43 | 000,574,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll
[2012.09.12 02:01:41 | 000,376,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\netio.sys
[2012.09.12 02:01:41 | 000,288,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS
[2012.09.08 13:15:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Virtual Router
[2012.09.08 13:15:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Virtual Router
[2012.08.28 21:10:38 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\Chris_Pietschmann_(http__
[2012.08.28 21:08:41 | 000,000,000 | ---D | C] -- C:\UserData
[2012.08.28 20:47:03 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\SupportAppCB
[2012.08.27 08:46:17 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Roaming\Zeon
[2012.08.26 16:05:59 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Roaming\FLEXnet
[2012.08.22 13:54:58 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Roaming\Nuance
[2012.08.22 13:54:52 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2012.08.22 13:54:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Nuance
[2012.08.22 13:54:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nuance PDF Converter Professional 7
[2012.08.22 13:54:22 | 000,000,000 | ---D | C] -- C:\Windows\PIXTRAN
[2012.08.22 13:53:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ScanSoft Shared
[2012.08.22 13:53:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Zeon
[2012.08.22 13:53:29 | 000,000,000 | ---D | C] -- C:\ProgramData\FLEXnet
[2012.08.16 06:54:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite
[2012.08.16 06:53:30 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{463A350C-1AC3-4D0C-B327-87FCBAC00764}
[2012.08.16 06:53:12 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{5A722665-B236-4EC4-8411-393767937BAA}
[2012.08.15 10:17:39 | 000,751,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll
[2012.08.15 10:17:39 | 000,492,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll
[2012.08.15 10:17:39 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\splwow64.exe
[2012.08.15 10:17:33 | 000,503,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\srcore.dll
[2012.08.15 10:17:30 | 000,911,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012.08.15 10:17:29 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012.08.15 10:17:29 | 000,609,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2012.08.15 10:17:27 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netapi32.dll
[2012.08.15 10:17:27 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\browcli.dll
[2012.08.15 10:17:27 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\browcli.dll
[2012.08.15 10:17:13 | 000,735,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012.08.15 10:17:13 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012.08.15 10:17:13 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012.08.15 10:17:13 | 000,134,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012.08.15 10:17:13 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012.08.15 10:17:13 | 000,097,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012.08.15 10:17:13 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012.08.15 10:16:50 | 000,956,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\localspl.dll
[2012.08.14 09:17:47 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{3FECEA40-17D1-4B9A-8152-C2612C40CF75}
[2012.08.14 09:17:14 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{79D0E910-6A90-4CCD-9FCD-67D13AF3B8EB}
[2012.08.12 07:38:44 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{DB5C4CB0-A938-415E-A4A3-7C5D065675D6}
[2012.08.11 19:37:56 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{1D0B88CF-2B7B-4B24-9C3C-DC67265A890D}
[2012.08.11 19:37:21 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{FB8DE1CE-92D2-4DD5-A855-5E66ABDD6CA9}
[2012.08.04 10:10:12 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{E87E9169-9EDE-4DC6-8CCC-CC2D8277F5BB}
[2012.08.03 22:09:26 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{F9353D21-C635-43D7-BA10-4ED51AE80AAF}
[2012.08.03 10:08:41 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{AF06A3C4-F55C-4F7E-A40A-35057035A76B}
[2012.08.02 22:07:52 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{B6C7207D-8B92-4901-8456-E232835A4911}
[2012.08.02 10:07:04 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{93E5EF85-06A7-4FF7-BA79-360671AF956A}
[2012.08.01 07:13:06 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Roaming\TuneUp Software
[2012.08.01 07:12:55 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software
[2012.08.01 07:12:44 | 000,000,000 | -HSD | C] -- C:\ProgramData\{32364CEA-7855-4A3C-B674-53D8E9B97936}
[2012.08.01 07:12:44 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2012.08.01 07:11:38 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Roaming\DVDVideoSoft
[2012.07.31 21:16:50 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{F68C03EF-C01D-4B56-932E-A6F7BDB6AC0F}
[2012.07.31 21:16:16 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{FBB03146-993C-4042-A546-0ABBC75F7D1D}
[2012.07.31 21:07:53 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2012.07.29 17:30:15 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\Macromedia
[2012.07.29 17:29:36 | 000,696,520 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012.07.29 17:28:20 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{8128FB8D-D4D9-4138-9FCF-456F939A63D9}
[2012.07.29 17:27:45 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{6EDB73E5-39A2-4EDE-B8BD-4B0110D6D715}
[2012.07.29 15:33:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012.07.29 15:33:31 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012.07.29 15:33:30 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012.07.28 12:59:27 | 000,000,000 | ---D | C] -- C:\Users\*\Desktop\Spiele
[18 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
 
========== Files - Modified Within 60 Days ==========
 
[2012.09.16 12:04:04 | 000,021,072 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.09.16 12:04:04 | 000,021,072 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.09.16 12:02:40 | 002,462,184 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.09.16 12:02:40 | 001,187,496 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.09.16 12:02:40 | 000,714,482 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.09.16 12:02:40 | 000,631,382 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.09.16 12:02:39 | 000,006,264 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.09.16 11:56:55 | 000,000,432 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.ics
[2012.09.16 11:55:37 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.09.16 11:55:34 | 3219,513,344 | -HS- | M] () -- C:\hiberfil.sys
[2012.09.16 11:55:33 | 000,086,715 | ---- | M] () -- C:\Windows\SysNative\oodbs.lor
[2012.09.16 11:44:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.09.16 10:59:03 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012.09.16 10:29:09 | 004,754,503 | R--- | M] (Swearware) -- C:\Users\*\Desktop\ComboFix.exe
[2012.09.14 13:17:24 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\*\Desktop\OTL.exe
[2012.09.14 10:12:57 | 002,322,184 | ---- | M] (ESET) -- C:\Users\*\Desktop\esetsmartinstaller_enu.exe
[2012.09.14 09:38:35 | 000,000,707 | ---- | M] () -- C:\Users\Public\Desktop\1&1 Surf-Stick.lnk
[2012.09.13 15:51:17 | 000,000,790 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.09.13 15:50:44 | 010,524,080 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\*\Desktop\malware (3).exe
[2012.09.13 14:59:31 | 000,512,399 | ---- | M] () -- C:\Users\*\Desktop\adwcleaner.exe
[2012.09.13 11:24:14 | 009,081,315 | ---- | M] () -- C:\Users\*\Desktop\malware (1).mp3
[2012.09.12 11:26:56 | 017,653,976 | ---- | M] (Mozilla) -- C:\Users\*\Desktop\malware (1).exe
[2012.09.12 11:10:38 | 000,696,520 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012.09.12 11:10:38 | 000,073,416 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012.09.08 13:15:45 | 000,002,619 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Virtual Router Manager.lnk
[2012.09.07 17:04:46 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.08.28 20:51:01 | 001,059,840 | ---- | M] () -- C:\Users\*\Desktop\virtualrouter.msi
[2012.08.22 20:12:40 | 000,376,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\netio.sys
[2012.08.22 20:12:33 | 000,288,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS
[2012.08.22 13:54:24 | 000,000,838 | ---- | M] () -- C:\Users\Public\Desktop\PDF Converter Professional.lnk
[2012.08.16 06:54:18 | 000,000,857 | ---- | M] () -- C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
[2012.08.16 03:22:06 | 000,416,408 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.08.13 11:34:14 | 000,036,862 | ---- | M] () -- C:\Users\*\Desktop\tumblr_m5zv21VF6H1r12333.jpg
[2012.08.02 19:58:52 | 000,574,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll
[2012.08.01 07:12:42 | 000,000,009 | ---- | M] () -- C:\END
[2012.07.29 15:33:46 | 000,001,572 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012.07.28 13:12:20 | 003,910,192 | ---- | M] () -- C:\Users\*\Desktop\desmume 0.9.7.zip
[18 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.09.16 10:44:59 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012.09.16 10:44:59 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012.09.16 10:44:59 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012.09.16 10:44:59 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012.09.16 10:44:59 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012.09.14 09:38:27 | 000,000,707 | ---- | C] () -- C:\Users\Public\Desktop\1&1 Surf-Stick.lnk
[2012.09.13 15:51:17 | 000,000,790 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.09.13 14:59:22 | 000,512,399 | ---- | C] () -- C:\Users\*\Desktop\adwcleaner.exe
[2012.09.13 11:22:28 | 009,081,315 | ---- | C] () -- C:\Users\*\Desktop\malware (1).mp3
[2012.09.12 11:29:23 | 000,000,799 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012.09.08 13:15:45 | 000,002,619 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Virtual Router Manager.lnk
[2012.09.03 19:42:50 | 000,095,872 | ---- | C] () -- C:\Users\*\Desktop\schneller Kotzer.3gp
[2012.08.28 21:08:41 | 000,000,557 | ---- | C] () -- C:\NetworkCfg.xml
[2012.08.28 20:50:48 | 001,059,840 | ---- | C] () -- C:\Users\*\Desktop\virtualrouter.msi
[2012.08.26 11:16:13 | 000,096,625 | ---- | C] () -- C:\Users\*\Desktop\Harter Stoff.3gp
[2012.08.26 11:16:13 | 000,045,596 | ---- | C] () -- C:\Users\*\Desktop\Fast gekotzt.3gp
[2012.08.22 13:54:24 | 000,000,838 | ---- | C] () -- C:\Users\Public\Desktop\PDF Converter Professional.lnk
[2012.08.16 06:54:18 | 000,000,857 | ---- | C] () -- C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
[2012.08.13 11:34:13 | 000,036,862 | ---- | C] () -- C:\Users\*\Desktop\tumblr_m5zv21VF6H1r12333.jpg
[2012.08.01 07:12:41 | 000,000,009 | ---- | C] () -- C:\END
[2012.07.29 17:29:45 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.07.29 15:33:46 | 000,001,572 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012.07.28 13:12:20 | 003,910,192 | ---- | C] () -- C:\Users\*\Desktop\desmume 0.9.7.zip
[2012.05.10 16:35:16 | 000,029,184 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2012.05.01 11:59:36 | 000,040,960 | R--- | C] () -- C:\Windows\IGLobbyReg.exe
[2012.04.22 11:44:54 | 001,604,982 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.02.15 04:36:36 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012.02.15 04:36:36 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2011.10.25 22:21:34 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\OVDecoder.dll
[2011.09.13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011.09.09 00:00:58 | 000,001,745 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBPowerAMP Mp2 and BwfMp2 codec.dat
[2011.09.09 00:00:49 | 000,001,241 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp Dalet Codec.dat
[2011.09.09 00:00:40 | 000,003,024 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp FLAC Codec.dat
[2011.09.09 00:00:23 | 000,003,297 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp m4a Codec.dat
[2011.09.09 00:00:08 | 000,003,149 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp Monkeys Audio Codec.dat
[2011.09.08 23:59:51 | 000,003,009 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp Ogg Vorbis Codec.dat
[2011.09.08 23:59:35 | 000,003,018 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp WavPack Codec.dat
[2011.09.08 23:59:17 | 000,003,190 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp Windows Media Audio 10 Codec.dat
[2011.09.08 23:56:01 | 000,011,412 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBPowerAMP Real Audio (Helix) Encoder.dat
[2011.09.08 23:55:09 | 000,013,082 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp DSP Effects.dat
[2011.09.08 23:55:04 | 000,513,200 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall.exe
[2011.09.08 23:55:04 | 000,018,038 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp Music Converter.dat
[2011.07.31 19:38:07 | 000,000,977 | ---- | C] () -- C:\Windows\eReg.dat
[2011.07.31 18:11:22 | 000,015,873 | ---- | C] () -- C:\Windows\SysWow64\Inetde.dll
[2011.07.30 17:24:37 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
 
========== LOP Check ==========
 
[2012.05.19 14:51:01 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\ASCON Installer
[2012.07.29 21:18:05 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\BOM
[2012.08.16 06:54:30 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\DAEMON Tools Lite
[2012.08.02 13:13:06 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\DVDVideoSoft
[2011.08.30 18:15:51 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\HD Tune Pro
[2012.09.06 10:42:42 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\ICQ
[2012.08.27 11:06:54 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Nuance
[2011.11.06 22:21:17 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\redsn0w
[2012.05.13 21:54:03 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Sony
[2011.08.28 17:15:10 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\TeamViewer
[2011.09.17 10:27:41 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Thinstall
[2011.07.31 21:56:50 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\TS3Client
[2012.08.01 07:13:06 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\TuneUp Software
[2012.08.27 08:46:17 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Zeon
[2009.07.14 07:08:49 | 000,022,050 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >
--- --- ---

OTL Logfile:
Code:
OTL Extras logfile created on: 16.09.2012 12:10:15 - Run 2
OTL by OldTimer - Version 3.2.55.0    Folder = C:\Users\*\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,50 Gb Available Physical Memory | 62,41% Memory free
7,99 Gb Paging File | 6,10 Gb Available in Paging File | 76,29% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 95,92 Gb Total Space | 23,19 Gb Free Space | 24,18% Space Free | Partition Type: NTFS
Drive D: | 202,07 Gb Total Space | 76,61 Gb Free Space | 37,91% Space Free | Partition Type: NTFS
 
Computer Name: LAPPY | User Name: * | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 60 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-2108739104-3107430099-1915606239-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- D:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "D:\Program Files (x86)\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "D:\Program Files (x86)\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0EDA83B0-27FA-432D-BC55-A5E3F6624E89}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{11C2953C-8A09-4752-ABC3-DFF2F67AC620}" = rport=137 | protocol=17 | dir=out | app=system |
"{142BD99D-EEA4-488D-B1EF-993DE5037FBA}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{1AB28611-F8C8-43B1-8BC5-AEEA4B48D81F}" = rport=138 | protocol=17 | dir=out | app=system |
"{1E8F0BD9-8BFD-42CC-80F1-8B7A425A5A03}" = lport=139 | protocol=6 | dir=in | app=system |
"{21B7DB3B-1294-4962-94B5-DBB035B98F10}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{2E83DBF8-7AAA-43C2-A5E1-385953B3DE6E}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{32B8D5C5-B0E6-40FF-9615-55BD4FBC4A95}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{39F90102-78D5-4CA3-A9E8-D5637089880B}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{592D1880-9092-46E6-9D55-FD8768BD5E2D}" = lport=137 | protocol=17 | dir=in | app=system |
"{63E37F15-8F55-4C7F-917B-83DD52396C0D}" = lport=2869 | protocol=6 | dir=in | app=system |
"{641B1646-02C8-4B4A-8404-C8F0E7A6E1C1}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{77A4B856-3874-40F0-B0F9-77C4E608B4A3}" = lport=445 | protocol=6 | dir=in | app=system |
"{78F1B588-6447-468B-8C4F-2A1F367AE9BF}" = lport=6004 | protocol=17 | dir=in | app=d:\program files (x86)\microsoft office\office14\outlook.exe |
"{7CCE254C-C526-4D09-815A-28C219BD2190}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{839F8424-C177-458D-AE0C-7F8E48CC02E3}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{85D535D4-552A-42C1-A80B-DF825F4526DD}" = lport=10243 | protocol=6 | dir=in | app=system |
"{9402DE2B-AF9A-410B-85AB-58798DD82F31}" = rport=445 | protocol=6 | dir=out | app=system |
"{AD7C0946-47EC-4CB8-8837-DDD8C3D458EB}" = rport=2869 | protocol=6 | dir=out | app=system |
"{AF0E0674-CB7D-4DB1-98D6-5B886DD506E5}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B7A388F0-64B0-4321-B5EE-C4D903B25C82}" = lport=2869 | protocol=6 | dir=in | app=system |
"{BB6AAB5D-39B0-4887-9EE6-27C6E018CE52}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{BB9A8162-5BBB-4267-81A3-CF0F66887C1E}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{C61E4086-4B74-4955-9AE1-497BAC9A3479}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{DA565AB0-7B60-4562-8516-594349DE98D4}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{DF8F2213-AEDD-4676-B365-BAC7A8DCA73A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E11849E7-1823-4612-98CC-BAB229565FE6}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{E6629363-C61B-4193-9F5F-089A676FA7A3}" = rport=10243 | protocol=6 | dir=out | app=system |
"{F28DB96F-3DFC-4588-91EF-688B98A48BB4}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F627736A-9C07-4E74-B7A4-B933102C72CC}" = rport=139 | protocol=6 | dir=out | app=system |
"{FA2BE645-E9CB-404D-947C-216FDD55352D}" = lport=138 | protocol=17 | dir=in | app=system |
"{FFF1CF93-F39A-4493-8FE4-205057936DC4}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00335AD6-9D52-422F-BB4A-4EDACA2EBD94}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{01C67AC3-DA4A-427A-AA33-63691E6B2A21}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{0283E26D-0198-43BB-ADF7-3D2824DAB2AB}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{04BE022C-00E8-4917-B65B-0FDE163AEEAC}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{06414655-B036-4C2C-89AF-ED94410E8128}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{093B7FDE-52ED-4F8E-A47D-64433859B5A0}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{16A3165C-21B9-415C-8BB1-58A8FE9D7CC7}" = protocol=17 | dir=in | app=c:\program files (x86)\easy downloads\easydownloads.exe |
"{279F2BE1-C74D-4258-BB01-C2CC18D93E69}" = protocol=17 | dir=in | app=d:\program files (x86)\icq7.6\icq.exe |
"{2AE1BFEE-E110-4F50-BCF3-4DDB6E90E3CE}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{34FC590E-6696-46C0-A88C-69154452F74E}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe |
"{36FC5ED4-EC32-4A9A-88AB-23C13B75249C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{37CD80CF-639D-4A94-98A2-CC327BD7DA89}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 |
"{3A7EC22D-4AF7-4FB1-BB80-6187FD3C61C7}" = protocol=6 | dir=in | app=c:\program files (x86)\easy downloads\easydownloads.exe |
"{51A1807D-81C2-49E1-8C2D-EFEB5A171A3A}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{5AD1A7F5-9E7D-4C66-86C3-60D0930C5C14}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{5D67BD0C-7324-4CD0-8E79-89FE4855E038}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{6178BA41-7D8D-4D7E-ADA6-090CAA6A1B70}" = protocol=17 | dir=in | app=c:\program files (x86)\easy downloads\easydl.exe |
"{672051A8-4011-48F2-8F4B-290FB7F10CDC}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe |
"{682953B7-AE56-4E25-BF71-1E67E43C65B8}" = protocol=17 | dir=in | app=d:\program files (x86)\ps3 media server\pms.exe |
"{704F7AE3-9138-42E4-8C2C-E120C852B9A2}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{73E0BB44-3A36-46E7-8CCC-56E98EC1370E}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{766008AF-E49C-4DC8-964E-553EBA32C59C}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{787D0C2A-2943-44B6-8194-55B21438E82B}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{79B494BD-05F4-4078-B23E-7F8BB7F3B930}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{7BB14A4F-EDC1-42CC-8F9F-C3B9E9584960}" = protocol=6 | dir=in | app=d:\program files (x86)\ps3 media server\pms.exe |
"{7F875149-9A43-483E-B98F-2645755B1266}" = dir=in | app=d:\program files (x86)\itunes\itunes.exe |
"{896C4C03-8AD8-496E-8DF0-19E403DA1E99}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{8AFB2DAA-E1E9-4E7A-B618-6E828817427F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{8BED79F2-992D-49B8-9D87-902E30C5A392}" = protocol=58 | dir=in | app=system |
"{8CCD9234-F593-41C2-B1B4-B2B7773D0212}" = protocol=6 | dir=out | app=system |
"{8E0B24AC-A7DD-4E7A-9217-58CA3AA2D1BB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8E214F9F-23CB-4E24-AE02-73C4AEE997C3}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{903A6FAE-1D4A-45A4-92C8-325F579E3FEE}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{90C263B9-6C45-4CDB-B033-7AC002DA29AE}" = protocol=6 | dir=in | app=d:\program files (x86)\microsoft office\office14\groove.exe |
"{9EA99183-507A-4152-AD62-F96F9DDF1DB6}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A01770D8-4147-45AB-9DFD-33857FF2D698}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe |
"{A61CC20E-270F-441F-8486-8376F4E49754}" = protocol=17 | dir=in | app=d:\program files (x86)\microsoft office\office14\onenote.exe |
"{A7CDCAD7-9205-4655-893E-F55B954E0716}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe |
"{AE9544A0-ACB0-4873-A798-EA1B319C96FB}" = protocol=17 | dir=in | app=d:\program files (x86)\icq7.6\icq.exe |
"{B072EF32-2E13-4326-B0C8-FDF8C8382D3A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B34D98D1-FC6B-4441-A622-D6506A4717AC}" = protocol=17 | dir=in | app=d:\program files (x86)\microsoft office\office14\groove.exe |
"{C586B53B-B964-4113-94A2-7C4DF96F9ED8}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{C7BC6012-DFE4-44C3-A488-B8D00331F4DA}" = protocol=17 | dir=in | app=c:\program files (x86)\sony ericsson\update engine\sony ericsson update engine.exe |
"{CC3A49F6-31DE-46DF-B05D-31F78321905B}" = protocol=6 | dir=in | app=d:\program files (x86)\microsoft office\office14\onenote.exe |
"{CCF1C21F-4DAE-4D2B-BE12-1F2321876B13}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 |
"{CF6399B2-620C-45C1-9F36-E376C23F7EF6}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{D11951E6-C703-4FC7-B327-C0C1753B4E3B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{D9F80F44-7349-4EA1-96C5-01D5E954F865}" = protocol=6 | dir=in | app=d:\program files (x86)\icq7.6\icq.exe |
"{EA77DC6E-939A-4BB3-B362-62C3EAEEBB88}" = protocol=6 | dir=in | app=c:\program files (x86)\sony ericsson\update engine\sony ericsson update engine.exe |
"{EE7AAC3A-6060-4B2F-9EDD-2DCCEF3EA97B}" = protocol=6 | dir=in | app=d:\program files (x86)\icq7.6\icq.exe |
"{FAE5915E-A1F0-4FF7-9085-75484590B986}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{FDF3374F-6ED2-42B8-8903-4D16DDE3FBB2}" = protocol=6 | dir=in | app=c:\program files (x86)\easy downloads\easydl.exe |
"TCP Query User{36910637-98BE-47F9-BC8A-4410B057F05C}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
"TCP Query User{4240073D-316F-4C7F-9986-9BFA276588E9}D:\program files (x86)\ea games\command & conquer generals zero hour\game.dat" = protocol=6 | dir=in | app=d:\program files (x86)\ea games\command & conquer generals zero hour\game.dat |
"TCP Query User{5C08ED59-AC5B-41CB-AE82-5E7EC50DC078}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"TCP Query User{BCCB8D2C-E2C9-4696-90ED-BC6AD76E0C7D}D:\program files (x86)\microsoft games\age of empires ii\empires2.icd" = protocol=6 | dir=in | app=d:\program files (x86)\microsoft games\age of empires ii\empires2.icd |
"UDP Query User{11E37A08-E842-4D80-A226-795D76C3A086}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
"UDP Query User{17FF11C0-2014-4D2F-87BA-C02C7577A481}D:\program files (x86)\microsoft games\age of empires ii\empires2.icd" = protocol=17 | dir=in | app=d:\program files (x86)\microsoft games\age of empires ii\empires2.icd |
"UDP Query User{3C6FCD97-55B6-4B6D-90EF-25611139CD6C}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"UDP Query User{427D142D-94DB-4C38-B378-D08F73C27ED5}D:\program files (x86)\ea games\command & conquer generals zero hour\game.dat" = protocol=17 | dir=in | app=d:\program files (x86)\ea games\command & conquer generals zero hour\game.dat |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00CE7326-01AA-44C5-A323-45E52C5D4D0D}" = O&O Defrag Professional
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{0CB2E2BC-A312-5821-C5C7-A295A1BEFD08}" = AMD Catalyst Install Manager
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1934BCF7-A63A-4C1F-809D-2B33C8F03B8F}" = O&O PartitionManager Professional
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{21D0374C-C358-0748-CAF9-7CBE65EB6FFF}" = AMD Fuel
"{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1" = Media Player Classic - Home Cinema v1.5.0.2827 x64
"{42A2440F-7A5D-6956-3EF0-815814399EAA}" = AMD Accelerated Video Transcoding
"{4E021D2A-16ED-4FFF-87CB-774F4F62A1A1}" = ccc-utility64
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{572788F2-0AB7-FA0E-6E91-B98044F4B7E6}" = AMD Media Foundation Decoders
"{6A76BEAF-6D1F-4273-A79B-DA8410A2E56B}" = Apple Mobile Device Support
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{840A3BAA-4C68-4581-9C7A-6F8D6CF531B9}" = iTunes
"{8B485965-8EFE-464A-842F-CF8F18C3DFD7}" = iCloud
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{ADED6869-D6D1-671E-9653-3782C21FA809}" = AMD Drag and Drop Transcoding
"{DA2737A4-B639-96F4-1CC2-30D2919EE1FB}" = AMD Steady Video Plug-In
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F84EB50D-0FCA-4E59-B18A-44CFA6BD7687}" = Nuance PDF Converter Professional 7
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"WinRAR archiver" = WinRAR 4.01 (64-Bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01E9B2FF-DAF4-4529-9CC9-2101625517C7}" = nero.prerequisites.msi
"{034DCAF9-96E7-4936-9A07-712F80B5181E}" = Nero RescueAgent 11
"{068724F8-D8BE-4B43-8DDD-B9FE9E49FD76}" = Scansoft PDF Professional
"{06F80017-8F98-4C94-B868-52358569FC32}" = Command & Conquer Generals
"{0844CC2A-512E-4BA1-872B-02887E7A2672}" = FILSHtray
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}" = PlayStation(R)Store
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{11D3EF85-63E1-4AE4-A7C1-9241BDB16B51}" = Nero ControlCenter 11
"{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
"{14DDF23F-414A-46DB-4762-56569080292C}" = CCC Help Russian
"{1A4E47DC-6701-4A85-AA16-C1F99A44598C}" = SpellForce 2 - Shadow Wars
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FCC8C70-66B9-420D-942C-2C2A8441C744}" = Imperial Glory
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{21D6A73A-48E6-2195-C408-2158273A914E}" = Catalyst Control Center Localization All
"{2596DB11-997F-FC5B-F5C2-737623D9D8B6}" = AMD VISION Engine Control Center
"{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java(TM) 7 Update 5
"{28904D9A-13A6-ECA2-48D8-21542759D998}" = CCC Help Polish
"{2C8BBDA6-79A7-B2DE-3E5B-287E7F667C67}" = CCC Help Danish
"{2E119961-E99B-C147-9AC3-A93683172DC1}" = CCC Help Swedish
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{44ED90A1-453B-5C9A-D9ED-80D8AB0258B8}" = CCC Help Thai
"{45E00595-897E-64B6-28F9-5D0927EBA4A5}" = CCC Help Chinese Standard
"{46DE5F4E-BA8B-AC9E-0EED-05B7D93AD215}" = CCC Help Spanish
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{53F7746A-96AA-49A5-86B8-59989680DAC5}" = Nero Burning ROM 11 Help (CHM)
"{5928359F-BF46-4646-BF19-B64E55171EB5}_is1" = FILSHtray Version 0.11
"{5B04E832-4530-B8FF-F742-8BE25ADD43BD}" = CCC Help German
"{5D58EACA-0317-4CFF-9E13-53CCD525DE32}" = Catalyst Control Center InstallProxy
"{5ED93D68-5EAA-9343-9B74-B1E276217264}" = CCC Help Dutch
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6D185295-DE89-9C39-18E6-310C148836EB}" = CCC Help Chinese Traditional
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71A8F958-D272-E262-7C9A-7B8F713EE0C3}" = CCC Help French
"{7513D3F0-55BC-273C-7A53-488394EDBFCC}" = CCC Help Italian
"{7644E42D-B096-457F-8B5B-901238FC81AE}" = ICQ7.6
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79AA9BFA-F962-A1E9-71CE-D0887A92444C}" = CCC Help Portuguese
"{7ACEF1BF-9306-5AD7-5F30-ECE72A81E924}" = CCC Help Finnish
"{7FA1DAFD-AF55-E915-FD92-F269443A2ADF}" = Media Go Video Playback Engine 1.88.110.12050
"{7FB413C8-3CAD-49F7-A67C-6EFEB4B04050}" = LogMeIn Hamachi
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{8927E07C-97F7-4A54-88FB-D976F50DD46E}" = Turbo Lister 2
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DB05F7E-1F7A-4CC0-882F-375B97F04CD4}" = Virtual Router v0.9 Beta
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C1EC871-05B9-03B7-96F6-9BD5C0D8F41D}" = Catalyst Control Center Graphics Previews Common
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{A9E5EDA7-2E6C-49E7-924B-A32B89C24A04}" = 1&1 Surf-Stick
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.1) - Deutsch
"{B1846721-A8E6-46C7-83B6-0DCF7ADB4267}" = Nero Burning ROM 11
"{B6659DD8-00A7-4A24-BBFB-C1F6982E5D66}" = PlayStation(R)Network Downloader
"{BEBEE34D-84A2-4EDD-8BEA-96CC54371263}" = Nero Core Components 11
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C4129D57-5C83-3BF0-A11A-3798C008C6C7}" = CCC Help Greek
"{C82C515A-CAE3-44B3-B5CC-81C5E4A92E8F}" = Nero Prerequisite Installer 1.0
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D01CE99A-8802-483C-A79F-298B691EB432}" = Nero RescueAgent 11 Help (CHM)
"{D0BC4101-6C30-ECFF-F693-63408134F29B}" = CCC Help Czech
"{D2402DAD-B180-A4A0-261D-4A8933BFBFEE}" = CCC Help Japanese
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D4D66270-9147-4BDF-9946-FCA2B303AA8F}" = Nero ControlCenter 11 Help (CHM)
"{DA7E8D81-2B14-415B-8FC5-02CE4CF9F839}" = CCC Help Hungarian
"{DB3FBD3C-A061-34C9-0A2B-6CCDD8C96640}" = CCC Help Turkish
"{DBF1AE39-DA30-4B89-A7EB-3BDA675C5D9E}" = Media Go
"{E086E914-2928-48F9-364B-0C715DFF6A45}" = CCC Help Korean
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E656D89A-8CBB-497F-918F-8361A4071C26}" = Nero Burning ROM 11
"{E8F30BD6-ABAB-C24E-E9A7-BF67EB96152C}" = CCC Help Norwegian
"{E9A5B6CD-7ABB-F295-2E11-F25BC322FF80}" = CCC Help English
"{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}" = Sony PC Companion 2.10.053
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F3E9C243-122E-4D6B-ACC1-E1FEC02F6CA1}" = Command and ConquerTM Generals Zero Hour
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"1489-3350-5074-6281" = JDownloader 0.9
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Age of Empires 2.0" = Microsoft Age of Empires II
"Avira AntiVir Desktop" = Avira Free Antivirus
"AviSynth" = AviSynth 2.5
"Biet-O-Matic v2.14.8" = Biet-O-Matic v2.14.8
"DAEMON Tools Lite" = DAEMON Tools Lite
"DAEMON Tools Toolbar" = DAEMON Tools Toolbar
"dBpoweramp Dalet Codec" = dBpoweramp Dalet Codec
"dBpoweramp DSP Effects" = dBpoweramp DSP Effects
"dBpoweramp FLAC Codec" = dBpoweramp FLAC Codec
"dBpoweramp m4a Codec" = dBpoweramp m4a Codec
"dBpoweramp Monkeys Audio Codec" = dBpoweramp Monkeys Audio Codec
"dBPowerAMP Mp2 and BwfMp2 codec" = dBPowerAMP Mp2 and BwfMp2 codec
"dBpoweramp Music Converter" = dBpoweramp Music Converter
"dBpoweramp Ogg Vorbis Codec" = dBpoweramp Ogg Vorbis Codec
"dBPowerAMP Real Audio (Helix) Encoder" = dBPowerAMP Real Audio (Helix) Encoder
"dBpoweramp WavPack Codec" = dBpoweramp WavPack Codec
"dBpoweramp Windows Media Audio 10 Codec" = dBpoweramp Windows Media Audio 10 Codec
"ESET Online Scanner" = ESET Online Scanner v3
"FLAC To MP3_is1" = FLAC To MP3 V4.0.4
"HD Tune Pro_is1" = HD Tune Pro 4.61
"InstallShield_{06F80017-8F98-4C94-B868-52358569FC32}" = Command & Conquer Generals
"InstallShield_{F3E9C243-122E-4D6B-ACC1-E1FEC02F6CA1}" = Command and ConquerTM Generals Zero Hour
"LogMeIn Hamachi" = LogMeIn Hamachi
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.0.1400
"Mozilla Firefox 15.0.1 (x86 de)" = Mozilla Firefox 15.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NeroVision!UninstallKey" = Nero Digital
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"TeamViewer 7" = TeamViewer 7
"Update Engine" = Sony Ericsson Update Engine
"Videora iPod Converter" = Videora iPod Converter 6
"WinLiveSuite" = Windows Live Essentials
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 16.09.2012 05:05:36 | Computer Name = Lappy | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung
 werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter
 ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste
 DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich
 und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
 
Error - 16.09.2012 05:05:36 | Computer Name = Lappy | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung
 werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter
 ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste
 DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich
 und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
 
Error - 16.09.2012 05:05:36 | Computer Name = Lappy | Source = Microsoft-Windows-LoadPerf | ID = 3011
Description = Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren
 für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich.
 
Error - 16.09.2012 05:37:44 | Computer Name = Lappy | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung
 werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter
 ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste
 DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich
 und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
 
Error - 16.09.2012 05:37:44 | Computer Name = Lappy | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung
 werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter
 ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste
 DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich
 und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
 
Error - 16.09.2012 05:37:44 | Computer Name = Lappy | Source = Microsoft-Windows-LoadPerf | ID = 3011
Description = Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren
 für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich.
 
Error - 16.09.2012 05:57:24 | Computer Name = Lappy | Source = WinMgmt | ID = 10
Description =
 
Error - 16.09.2012 06:02:36 | Computer Name = Lappy | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung
 werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter
 ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste
 DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich
 und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
 
Error - 16.09.2012 06:02:36 | Computer Name = Lappy | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung
 werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter
 ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste
 DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich
 und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
 
Error - 16.09.2012 06:02:36 | Computer Name = Lappy | Source = Microsoft-Windows-LoadPerf | ID = 3011
Description = Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren
 für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich.
 
[ System Events ]
Error - 16.09.2012 04:47:01 | Computer Name = Lappy | Source = Service Control Manager | ID = 7034
Description = Dienst "Folding@home-CPU-[1]" wurde unerwartet beendet. Dies ist bereits
 1 Mal passiert.
 
Error - 16.09.2012 04:49:50 | Computer Name = Lappy | Source = Service Control Manager | ID = 7030
Description = Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet.
 Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich
 sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
 
Error - 16.09.2012 04:53:16 | Computer Name = Lappy | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\ComboFix\catchme.sys
 nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
 des Treibers zu erhalten.
 
Error - 16.09.2012 04:59:19 | Computer Name = Lappy | Source = Service Control Manager | ID = 7030
Description = Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet.
 Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich
 sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
 
Error - 16.09.2012 05:00:37 | Computer Name = Lappy | Source = Service Control Manager | ID = 7000
Description = Der Dienst "AODDriver4.1" wurde aufgrund folgenden Fehlers nicht gestartet:
  %%2
 
Error - 16.09.2012 05:01:00 | Computer Name = Lappy | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Windows Defender" wurde mit folgendem Fehler beendet:
  %%126
 
Error - 16.09.2012 05:01:40 | Computer Name = Lappy | Source = Service Control Manager | ID = 7034
Description = Dienst "Folding@home-CPU-[1]" wurde unerwartet beendet. Dies ist bereits
 1 Mal passiert.
 
Error - 16.09.2012 05:02:41 | Computer Name = Lappy | Source = ipnathlp | ID = 31004
Description =
 
Error - 16.09.2012 05:55:41 | Computer Name = Lappy | Source = Service Control Manager | ID = 7000
Description = Der Dienst "AODDriver4.1" wurde aufgrund folgenden Fehlers nicht gestartet:
  %%2
 
Error - 16.09.2012 05:56:48 | Computer Name = Lappy | Source = Service Control Manager | ID = 7000
Description = Der Dienst "AODDriver4.1" wurde aufgrund folgenden Fehlers nicht gestartet:
  %%2
 
 
< End of report >
--- --- ---


liebe Grüße :)

schrauber 16.09.2012 12:03
Hi,

Fixen mit OTL
  • Starte die OTL.exe.
  • Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
  • Kopiere folgendes Skript:
Code:
:OTL
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-2108739104-3107430099-1915606239-1000\..\URLSearchHook:  - No CLSID value found
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.

:files
c:\users\*\AppData\Roaming\Microsoft\Installer\{1A4E47DC-6701-4A85-AA16-C1F99A44598C}

:Commands
[emptytemp]

osterhase081 16.09.2012 12:10
gehört das "[list][*]" mit in das Feld "Benutzerdefinierte Scans/Fixes"?

schrauber 16.09.2012 12:16
nee das war en fehler im baustein, habs editiert :)

osterhase081 16.09.2012 12:23
achso okay :)

hier das Logfile :)
Code:
All processes killed
========== OTL ==========
HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-2108739104-3107430099-1915606239-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 deleted successfully.
========== FILES ==========
c:\users\*\AppData\Roaming\Microsoft\Installer\{1A4E47DC-6701-4A85-AA16-C1F99A44598C} folder moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: *
->Temp folder emptied: 1682 bytes
->Temporary Internet Files folder emptied: 31710978 bytes
->Java cache emptied: 4496101 bytes
->FireFox cache emptied: 569560248 bytes
->Flash cache emptied: 1069 bytes
 
User: Public
->Temp folder emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 38829056 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 645 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67832 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 615,00 mb
 
 
OTL by OldTimer - Version 3.2.55.0 log created on 09162012_131718

Files\Folders moved on Reboot...
C:\Users\*\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...
File C:\Users\*\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!

Registry entries deleted on Reboot...

schrauber 16.09.2012 12:33
Was macht die Startseite?

osterhase081 16.09.2012 14:58
ist leider immer noch incredibar :(

schrauber 16.09.2012 15:03
Das is ja blöd :)

Startseite festlegen | Anleitung | Firefox-Hilfe

Folge mal dieser Anleitung, mach ne andere Startseite, und reboote. Erfolg?

osterhase081 16.09.2012 15:08
den Verdacht hatte ich auch und wir bzw. Du hattest recht, Problem gelöst! :) Riesengroßes Dankeschön für Deine Hilfe schrauber, du hast mir wirklich sehr geholfen! :) Ihr Jungs habt's echt drauf und seit wirklich empfehlenswert, Daumen hoch, macht weiter so! :applaus:

Einen schönen Sonntag noch und liebe Grüße

schrauber 16.09.2012 15:29
Ok :)

Start > Ausführen

Combofix /Uninstall und Enter drücken. OTL öffnen und Cleanup button drücken.



Hier noch ein paar Tipps zur Absicherung deines Systems.


Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
  • Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.
  • Software Updates
    Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
    Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.


Anti- Viren Software
  • Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.


Zusätzlicher Schutz
  • MalwareBytes Anti Malware
    Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
    Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
    Ein Tutorial zur Verwendung findest Du hier.
  • WinPatrol
    Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.


Sicheres Browsen
  • SpywareBlaster
    Eine kurze Einführung findest du Hier
  • MVPs hosts file
    Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
  • WOT (Web of trust)
    Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.


Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
  • Opera
  • Mozilla Firefox.
    • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
    • NoScript
      Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
    • AdblockPlus
      Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
      Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )



Don'ts
  • Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
  • verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe
Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.

osterhase081 16.09.2012 18:57
habe die letzten Schritte noch ausgeführt :) Alles erledigt und keine Fragen mehr :)

Nochmals 1000 Dank schrauber :daumenhoc

schrauber 16.09.2012 18:57
Gern geschehen :)


Alle Zeitangaben in WEZ +1. Es ist jetzt 08:32 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132