Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Ihr Computer wurde gesperrt ... (https://www.trojaner-board.de/125750-computer-wurde-gesperrt.html)

eagle_j 16.10.2012 13:16
Ihr Computer wurde gesperrt ...
 
Hallo, heute morgen hat es mich erwischt. Plötzlich zeigte mein PC nur mehr eine Seite "Ihr Computer wurde gesperrt, ..." - was dann noch genau stand, weiß ich nicht - ich glaube bka oder österreichische Polizei.
In meinem Schreck hab ich sofort meinen PC heruntergefahren und im abgesichterten Modus gestartet.
Irgendwo las ich von Malwarebytes - und hab das laufen lassen (drei infizierte Files wurden entdeckt und entfernt) - dummerweise auch aus der Quarantäne gelöscht.
Dann hab ich eure Seite (am IPad) gefunden und nach Neustart in den abgesicherten Modus einen erneuten Malwarebytes Scan gemacht (diesmal ohne Funde) und einen ESET-Scan gestartet (der 5 Funde vermeldet hat)
Eins vorweg - ich kann momentan wieder auf dem PC arbeiten, brauche aber Hilfe, um zu checken, ob auch wirklich alles weg ist.

Vielen Dank dafür schon im voraus!!

Hier der erste Malwarebytes Scan mit den infizierten Dateien:
Code:
Malwarebytes Anti-Malware (Test) 1.65.0.1400
www.malwarebytes.org

Datenbank Version: v2012.10.16.03

Windows 7 Service Pack 1 x64 NTFS (Abgesichertenmodus/Netzwerkfähig)
Internet Explorer 9.0.8112.16421
Johannes :: JOHANNES-PC2 [Administrator]

Schutz: Deaktiviert

16.10.2012 09:04:37
mbam-log-2012-10-16 (09-04-37).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 207457
Laufzeit: 4 Minute(n), 7 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 3
C:\Users\Johannes\AppData\Local\Temp\wgsdgsdgdsgsd.exe (Exploit.Drop.GS) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\ProgramData\lsass.exe (Trojan.Delf) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk (Trojan.Ransom.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
Nun folgt der 2. nach der Reinigung:
Code:
Malwarebytes Anti-Malware (Test) 1.65.0.1400
www.malwarebytes.org

Datenbank Version: v2012.10.16.04

Windows 7 Service Pack 1 x64 NTFS (Abgesichertenmodus/Netzwerkfähig)
Internet Explorer 9.0.8112.16421
Johannes :: JOHANNES-PC2 [Administrator]

Schutz: Deaktiviert

16.10.2012 09:13:12
mbam-log-2012-10-16 (09-13-12).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 206865
Laufzeit: 3 Minute(n), 56 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
Nun folgt der ESET - Log:
Code:
ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=7e5d543ba7e4bb44b761396df052d34c
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-10-16 10:40:40
# local_time=2012-10-16 12:40:40 (+0100, Mitteleuropäische Sommerzeit)
# country="Austria"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1792 16777215 100 0 25597648 25597648 0 0
# compatibility_mode=5893 16776573 100 94 3762 102002435 0 0
# compatibility_mode=8192 67108863 100 0 77 77 0 0
# scanned=723002
# found=5
# cleaned=0
# scan_time=11454
C:\Users\Johannes\AppData\Local\Temp\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbar4ie.exe        Win32/Toolbar.Babylon Anwendung (Säubern nicht möglich)        00000000000000000000000000000000        I
C:\Users\Johannes\AppData\Local\Temp\C12E6529-BAB0-7891-9864-B33EEC580518\MyBabylonTB.exe        Win32/Toolbar.Babylon Anwendung (Säubern nicht möglich)        00000000000000000000000000000000        I
D:\Backup\Eigene Webs\Vorlagen\flash\Skripte\PHP\google.zip        PHP/Obfuscated.F Anwendung (Säubern nicht möglich)        00000000000000000000000000000000        I
D:\Downloads\coretemp_1236.exe        Variante von Win32/InstallIQ Anwendung (Säubern nicht möglich)        00000000000000000000000000000000        I
D:\Downloads\CHIP\LOESCHEN.zip        Win32/Adware.ADON Anwendung (Säubern nicht möglich)        00000000000000000000000000000000        I
Momentan scheint der PC normal zu funktionieren.
Für Hilfe und etwaige weitere Anweisungen wäre ich sehr dankbar.

kira 16.10.2012 16:45
Hallo und Herzlich Willkommen! :)

Bevor wir unsere Zusammenarbeit beginnen, [Bitte Vollständig lesen]:
Zitat:
  • "Fernbehandlungen/Fernhilfe" und die damit verbundenen Haftungsrisken:
    - da die Fehlerprüfung und Handlung werden über große Entfernungen durchgeführt, besteht keine Haftung unsererseits für die daraus entstehenden Folgen.
    - also, jede Haftung für die daraus entstandene Schäden wird ausgeschlossen, ANWEISUNGEN UND DEREN BEFOLGUNG, ERFOLGT AUF DEINE EIGENE VERANTWORTUNG!
  • Charakteristische Merkmale/Profilinformationen:
    - aus der verwendeten Loglisten oder Logdateien - wie z.B. deinen Realnamen, Seriennummer in Programm etc)- kannst Du durch [X] oder Sternchen (*) ersetzen
  • Die Systemprüfung und Bereinigung:
    - kann einige Zeit in Anspruch nehmen (je nach Art der Infektion), kann aber sogar so stark kompromittiert sein, so dass eine wirkungsvolle technische Säuberung ist nicht mehr möglich bzw Du es neu installieren musst
  • Ich empfehle Dir die Anweisungen erst einmal komplett durchzulesen, bevor du es anwendest, weil wenn du etwas falsch machst, kann es wirklich gefährlich werden. Wenn du meinen Anweisungen Schritt für Schritt folgst, kann eigentlich nichts schief gehen.
  • Innerhalb der Betreuungszeit:
    - ohne Abspräche bitte nicht auf eigene Faust handeln!- bei Problemen nachfragen.
  • Die Reihenfolge:
    - genau so wie beschrieben bitte einhalten, nicht selbst die Reihenfolge wählen!
  • GECRACKTE SOFTWARE werden hier nicht geduldet!!!!
  • Ansonsten unsere Forumsregeln:
    - Bitte erst lesen, dann posten!-> Für alle Hilfesuchenden! Was muss ich vor der Eröffnung eines Themas beachten?
  • Alle Logfile mit einem vBCode Tag eingefügen, das bietet hier eine gute Übersicht, erleichtert mir die Arbeit! Falls das Logfile zu groß, teile es in mehrere Teile auf.

Sobald Du diesen Einführungstext gelesen hast, kannst Du beginnen:)
Hilfeleistung - geplante Vorgehensweise:
  • Problemsuche
  • Problembeseitigung/Systembereinigung
  • Verwendete Programme deinstallieren/entfernen
  • Thema abschließen: Tipps zur Computersicherheit
Für Vista und Win7:
Wichtig: Alle Befehle bitte als Administrator ausführen! rechte Maustaste auf die Eingabeaufforderung und "als Administrator ausführen" auswählen
Auf der angewählten Anwendung einen Rechtsklick (rechte Maustaste) und "Als Administrator ausführen" wählen!

1.
starte Malwarebytes Anti-Malware im normalen Modus
-> Funde aus Quarantäne löschen
-> Update ziehen
-> Vollständiger Suchlauf wählen
-> Funde löschen lassen
-> Scanergebnis hier posten!

2.
Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Mache Häckchen bei LOP- und Purity-Prüfung
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt - OTL.txt und Extras.txt
  • Poste die Logfiles in Code-Tags hier in den Thread.

3.
Um festzustellen, ob veraltete oder schädliche Software unter Programme installiert sind, ich würde gerne noch all deine installierten Programme sehen:
  • Download den CCleaner herunter
  • Software-Lizenzvereinbarung lesen, falls irgendeine Toolbar angeboten wird, bitte abwählen!-> starten -> Falls nötig, auf "Deutsch" einstellen.
  • starten-> klick auf `Extras` (um auf deinem System installierte Software zu anzeigen)-> dann auf `Als Textdatei speichern...`
  • ein Textdatei wird automatisch erstellt, poste auch dieses Logfile (also die Liste alle installierten Programme...eine Textdatei)

Zitat:
Damit dein Thread übersichtlicher und schön lesbar bleibt, am besten nutze den Code-Tags für deinen Post:
→ vor dein Log schreibst Du (also am Anfang des Logfiles):[code]
hier kommt dein Logfile rein - z.B OTL-Logfile o. sonstiges
→ dahinter - also am Ende der Logdatei: [/code]
** Möglichst nicht ins internet gehen, kein Online-Banking, File-sharing, Chatprogramme usw
gruß
kira

eagle_j 16.10.2012 19:36
Hallo und danke für die Anweisungen, hat ein bisserl gedauert, aber der Suchlauf hat so lange gedauert.
Die Logs folgen nun:
Malwarerbytes
Code:
Malwarebytes Anti-Malware (Test) 1.65.0.1400
www.malwarebytes.org

Datenbank Version: v2012.10.16.08

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Johannes :: JOHANNES-PC2 [Administrator]

Schutz: Aktiviert

16.10.2012 17:34:31
mbam-log-2012-10-16 (17-34-31).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 864747
Laufzeit: 2 Stunde(n), 1 Minute(n), 37 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 3
C:\Program Files (x86)\SmartStore\SmartStore.biz 5\SMResLib.dll (Trojan.Agent.GNI) -> Keine Aktion durchgeführt.
C:\Users\Public\Documents\SmartStore\SmartStore.biz 5\SMResLib.dll (Trojan.Agent.GNI) -> Keine Aktion durchgeführt.
D:\Downloads\coretemp_1236.exe (PUP.BundleOffers.IIQ) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
Die beiden gefundenen Dateien "SMResLib.dll" hab ich manuell umbenannt, gezippt und dann die Originalfiles gelöscht, da bei beiden in Malwarebytes das Häkchen zum Löschen nicht gesetzt war - und ich den 2-stündigen Suchlauf nicht nochmal machen wollte. Ein nachträgliches Verschieben in den Quarantäneordner war nicht möglich.

Nun der OTL - Log
OTL Logfile:
Code:
OTL logfile created on: 16.10.2012 19:56:09 - Run 6
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\Johannes\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000c07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
7,98 Gb Total Physical Memory | 6,19 Gb Available Physical Memory | 77,59% Memory free
15,95 Gb Paging File | 14,04 Gb Available in Paging File | 87,98% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 467,21 Gb Total Space | 168,52 Gb Free Space | 36,07% Space Free | Partition Type: NTFS
Drive D: | 464,21 Gb Total Space | 56,22 Gb Free Space | 12,11% Space Free | Partition Type: NTFS
 
Computer Name: JOHANNES-PC2 | User Name: Johannes | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Johannes\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\ASUS\ASUS Ai Charger\AiChargerAP.exe (ASUSTek Computer Inc.)
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Users\Johannes\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG)
PRC - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (Web Assistant Updater) -- C:\Programme\Web Assistant\ExtensionUpdaterService.exe ()
SRV - (AdobeActiveFileMonitor10.0) -- C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated)
SRV - (Microsoft SharePoint Workspace Audit Service) -- C:\Program Files (x86)\Microsoft Office2010\Office14\GROOVE.EXE (Microsoft Corporation)
SRV - (Fabs) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG)
SRV - (DAZContentManagementService) -- C:\Programme\DAZ 3D\Content Management Service\ContentManagementServer.exe ()
SRV - (FirebirdServerMAGIXInstance) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe (MAGIX®)
SRV - (AtherosSvc) -- C:\Program Files (x86)\Bluetooth Suite\adminservice.exe (Atheros Commnucations)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (truecrypt) -- C:\Windows\SysNative\drivers\truecrypt.sys (TrueCrypt Foundation)
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices)
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH)
DRV:64bit: - (Netaapl) -- C:\Windows\SysNative\drivers\netaapl64.sys (Apple Inc.)
DRV:64bit: - (Point64) -- C:\Windows\SysNative\drivers\point64.sys (Microsoft Corporation)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (Renesas Electronics Corporation)
DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (Renesas Electronics Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (BTATH_A2DP) -- C:\Windows\SysNative\drivers\btath_a2dp.sys (Atheros)
DRV:64bit: - (BtFilter) -- C:\Windows\SysNative\drivers\btfilter.sys (Atheros)
DRV:64bit: - (BTATH_HCRP) -- C:\Windows\SysNative\drivers\btath_hcrp.sys (Atheros)
DRV:64bit: - (BTATH_RCP) -- C:\Windows\SysNative\drivers\btath_rcp.sys (Atheros)
DRV:64bit: - (BTATH_LWFLT) -- C:\Windows\SysNative\drivers\btath_lwflt.sys (Atheros)
DRV:64bit: - (ATHDFU) -- C:\Windows\SysNative\drivers\AthDfu.sys (Windows (R) Win 7 DDK provider)
DRV:64bit: - (AthBTPort) -- C:\Windows\SysNative\drivers\btath_flt.sys (Atheros)
DRV:64bit: - (BTATH_BUS) -- C:\Windows\SysNative\drivers\btath_bus.sys (Atheros)
DRV:64bit: - (AiCharger) -- C:\Windows\SysNative\drivers\AiCharger.sys (ASUSTek Computer Inc.)
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (AiCharger) -- C:\Windows\SysWOW64\drivers\AiCharger.sys (ASUSTek Computer Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://home.sweetim.com/?crg=4.0002002
IE - HKLM\..\SearchScopes,DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}&crg=4.0002002
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.at/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://at.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-AT
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0D 39 6D EF 07 C0 CC 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {1CADBE96-EECC-4F16-A813-60BD2A48DA4B}
IE - HKCU\..\SearchScopes\{1CADBE96-EECC-4F16-A813-60BD2A48DA4B}: "URL" = hxxp://www.google.at/search?q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..browser.search.selectedEngine: "Google.at"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.google.at"
FF - prefs.js..extensions.enabledAddons: {336D0C35-8A85-403a-B9D2-65C292C39087}:2.0.0.430
FF - prefs.js..extensions.enabledAddons: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.9
FF - prefs.js..keyword.URL: "hxxp://search.sweetim.com/search.asp?src=2&q="
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..network.proxy.type: 0
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_265.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Johannes\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Johannes\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll (Amazon.com, Inc.)
FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft)
 
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX [2012.05.03 11:15:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\Web Assistant\Firefox [2012.05.03 11:15:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.02.09 17:55:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2012.02.09 17:55:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Johannes\AppData\Roaming\mozilla\Extensions
[2012.07.30 18:19:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Johannes\AppData\Roaming\mozilla\Firefox\Profiles\79s52rs8.default\extensions
[2012.07.30 18:11:43 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Johannes\AppData\Roaming\mozilla\Firefox\Profiles\79s52rs8.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012.07.30 18:19:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Johannes\AppData\Roaming\mozilla\Firefox\Profiles\79s52rs8.default\extensions\staged
[2012.06.06 12:00:19 | 000,002,467 | ---- | M] () -- C:\Users\Johannes\AppData\Roaming\mozilla\firefox\profiles\79s52rs8.default\searchplugins\googleat.xml
[2012.05.03 11:15:24 | 000,002,203 | ---- | M] () -- C:\Users\Johannes\AppData\Roaming\mozilla\firefox\profiles\79s52rs8.default\searchplugins\MyStart Search.xml
[2012.05.03 11:17:04 | 000,003,934 | ---- | M] () -- C:\Users\Johannes\AppData\Roaming\mozilla\firefox\profiles\79s52rs8.default\searchplugins\sweetim.xml
[2012.05.03 11:17:11 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.05.03 11:17:11 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions\ffxtlbr@babylon.com
[2012.05.03 11:15:26 | 000,000,000 | ---D | M] (Web Assistant) -- C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX
[2012.01.29 18:12:48 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.01.29 16:02:49 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.05.03 11:17:08 | 000,002,298 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
[2012.01.29 15:50:55 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.01.29 16:02:49 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.01.29 16:02:49 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.01.29 16:02:49 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.01.29 16:02:49 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - homepage: hxxp://isearch.babylon.com/?babsrc=HP_ss&mntrId=ba010ec9000000000000f46d04b04223
CHR - default_search_provider: Google \u00D6sterreich (Enabled)
CHR - default_search_provider: search_url = hxxp://www.google.at/search?q={searchTerms}
CHR - default_search_provider: suggest_url =
CHR - homepage: hxxp://isearch.babylon.com/?babsrc=HP_ss&mntrId=ba010ec9000000000000f46d04b04223
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Johannes\AppData\Local\Google\Chrome\Application\20.0.1132.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Johannes\AppData\Local\Google\Chrome\Application\20.0.1132.57\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Johannes\AppData\Local\Google\Chrome\Application\20.0.1132.57\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.300.12 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U30 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Johannes\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\Johannes\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google-Suche = C:\Users\Johannes\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Web Assistant = C:\Users\Johannes\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd\2.0.0.430_0\
CHR - Extension: SweetIM for Facebook = C:\Users\Johannes\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.0.0.0_0\Copy of
CHR - Extension: SweetIM for Facebook = C:\Users\Johannes\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.0.0.0_0\
CHR - Extension: Google Mail = C:\Users\Johannes\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
CHR - Extension: YouTube = C:\Users\Johannes\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google-Suche = C:\Users\Johannes\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Web Assistant = C:\Users\Johannes\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd\2.0.0.430_0\
CHR - Extension: SweetIM for Facebook = C:\Users\Johannes\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.0.0.0_0\Copy of
CHR - Extension: SweetIM for Facebook = C:\Users\Johannes\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.0.0.0_0\
CHR - Extension: Google Mail = C:\Users\Johannes\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Web Assistant) - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Programme\Web Assistant\Extension64.dll ()
O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Web Assistant) - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Programme\Web Assistant\Extension32.dll ()
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ASUS Ai Charger] C:\Program Files (x86)\ASUS\ASUS Ai Charger\AiChargerAP.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - Startup: C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Johannes\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105 File not found
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Johannes\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Free YouTube Download - C:\Users\Johannes\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000 File not found
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - Reg Error: Value error. File not found
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office2010\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office2010\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office2010\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office2010\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7E2423B5-DAB0-4686-B78D-C0557C26D1A9}: DhcpNameServer = 213.94.78.16 213.94.78.17
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{844448C0-194D-41F9-8382-01E5B447EF47}: NameServer = 212.186.211.21,195.34.133.21
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.10.16 17:10:08 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Johannes\Desktop\OTL.exe
[2012.10.16 16:59:34 | 000,000,000 | ---D | C] -- C:\Users\Johannes\Desktop\Musik
[2012.10.16 13:20:05 | 000,000,000 | ---D | C] -- C:\Users\Johannes\Desktop\Logs
[2012.10.16 09:28:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012.10.16 09:03:59 | 000,000,000 | ---D | C] -- C:\Users\Johannes\AppData\Roaming\Malwarebytes
[2012.10.16 09:02:57 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.10.16 09:02:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.10.16 09:02:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.10.16 09:02:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.10.16 09:02:24 | 010,524,080 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\Johannes\Desktop\mbam-setup-1.65.0.1400.exe
[2012.10.10 19:56:50 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012.10.10 19:56:50 | 003,968,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012.10.10 19:56:50 | 003,914,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012.10.10 19:56:49 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll
[2012.10.10 19:56:17 | 001,464,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2012.10.10 19:56:16 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll
[2012.10.05 10:12:42 | 000,000,000 | ---D | C] -- C:\Users\Johannes\Desktop\WW10-2012
[2012.10.02 16:46:01 | 000,014,848 | ---- | C] (ASUSTek Computer Inc.) -- C:\Windows\SysWow64\drivers\AiCharger.sys
[2012.10.02 16:27:35 | 000,014,592 | ---- | C] (ASUSTek Computer Inc.) -- C:\Windows\SysNative\drivers\AiCharger.sys
[2012.10.02 16:26:12 | 000,000,000 | ---D | C] -- C:\Windows\AsDmiHtm
[2012.10.01 19:34:29 | 000,000,000 | ---D | C] -- C:\Users\Johannes\AppData\Roaming\Trine2
[2012.10.01 10:36:30 | 000,028,672 | ---- | C] (ASUSTek Computer Inc.) -- C:\Windows\SysWow64\AsIO.dll
[2012.10.01 10:36:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ASUS
[2012.10.01 02:39:55 | 000,000,000 | ---D | C] -- C:\Users\Johannes\Documents\Crazy Talk
[2012.10.01 01:39:00 | 000,000,000 | ---D | C] -- C:\Users\Johannes\AppData\Roaming\Reallusion
[2012.09.22 09:54:48 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012.09.22 09:54:48 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012.09.22 09:54:46 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012.09.22 09:54:45 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012.09.22 09:54:45 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012.09.22 09:54:45 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012.09.22 09:54:44 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012.09.22 09:54:44 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012.09.22 09:54:43 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012.09.22 09:54:43 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012.09.22 09:54:43 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012.09.22 09:54:43 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012.09.22 09:54:42 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012.09.22 09:54:42 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012.09.22 09:54:42 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2012.09.21 20:16:28 | 000,000,000 | ---D | C] -- C:\Program Files\Serif
[2012.09.19 13:52:46 | 001,034,216 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\npDeployJava1.dll
[2012.09.19 13:52:46 | 000,916,456 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\deployJava1.dll
[2012.09.19 13:52:46 | 000,289,768 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe
[2012.09.19 13:52:35 | 000,189,416 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe
[2012.09.19 13:52:35 | 000,188,904 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\java.exe
[2012.09.19 13:52:35 | 000,108,008 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\WindowsAccessBridge-64.dll
[2012.09.19 13:52:30 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2012.09.19 13:08:35 | 000,000,000 | ---D | C] -- C:\Users\Johannes\AppData\Roaming\.minecraft
[2012.09.19 01:52:11 | 000,503,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\srcore.dll
[2012.09.19 01:52:10 | 000,751,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll
[2012.09.19 01:52:10 | 000,492,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll
[2012.09.19 01:52:10 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\splwow64.exe
[2012.09.19 01:52:09 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\RNDISMP.sys
[2012.09.19 01:51:51 | 000,574,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll
[2012.09.18 13:00:34 | 000,000,000 | ---D | C] -- C:\Program Files\Gehriger Engineering
[2012.09.17 12:46:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012.09.17 12:46:34 | 000,033,240 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys
[2012.09.17 12:46:05 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012.09.17 12:46:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2012.09.17 12:46:05 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012.09.17 12:46:05 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2012.07.18 01:06:51 | 001,242,448 | ---- | C] (Valve Corporation) -- C:\Program Files (x86)\Steam.exe
 
========== Files - Modified Within 30 Days ==========
 
[2012.10.16 19:52:49 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.10.16 19:52:45 | 2129,219,583 | -HS- | M] () -- C:\hiberfil.sys
[2012.10.16 19:18:04 | 000,001,132 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3452236036-1519950677-1972415991-1000UA.job
[2012.10.16 17:33:56 | 000,021,664 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.10.16 17:33:56 | 000,021,664 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.10.16 17:33:31 | 001,612,484 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.10.16 17:33:31 | 000,696,620 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.10.16 17:33:31 | 000,651,938 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.10.16 17:33:31 | 000,147,916 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.10.16 17:33:31 | 000,120,870 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.10.16 17:10:08 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Johannes\Desktop\OTL.exe
[2012.10.16 16:44:23 | 000,000,000 | ---- | M] () -- C:\Users\Johannes\defogger_reenable
[2012.10.16 16:37:47 | 000,050,477 | ---- | M] () -- C:\Users\Johannes\Desktop\Defogger.exe
[2012.10.16 09:02:57 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.10.16 09:02:36 | 010,524,080 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\Johannes\Desktop\mbam-setup-1.65.0.1400.exe
[2012.10.16 08:38:47 | 083,023,306 | ---- | M] () -- C:\ProgramData\dsgsdgdsgdsgw.pad
[2012.10.15 09:18:00 | 000,001,080 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3452236036-1519950677-1972415991-1000Core.job
[2012.10.10 20:18:56 | 000,002,506 | ---- | M] () -- C:\Users\Johannes\Desktop\Google Chrome.lnk
[2012.10.10 19:49:17 | 000,696,760 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012.10.10 19:49:17 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012.10.09 10:25:18 | 000,001,124 | ---- | M] () -- C:\Users\Johannes\Desktop\SongBeamer.lnk
[2012.10.02 18:13:58 | 000,027,946 | ---- | M] () -- C:\Windows\Ascd_tmp.ini
[2012.10.02 18:13:51 | 000,001,769 | ---- | M] () -- C:\Windows\Language_trs.ini
[2012.10.02 17:48:28 | 000,011,832 | ---- | M] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys
[2012.10.02 17:48:28 | 000,010,216 | ---- | M] () -- C:\Windows\SysWow64\drivers\AsInsHelp32.sys
[2012.10.02 17:09:29 | 004,194,304 | ---- | M] () -- C:\P8P67-ASUS-3509.ROM
[2012.10.02 16:46:17 | 000,028,672 | ---- | M] (ASUSTek Computer Inc.) -- C:\Windows\SysWow64\AsIO.dll
[2012.10.02 16:46:17 | 000,013,440 | ---- | M] () -- C:\Windows\SysWow64\drivers\AsIO.sys
[2012.10.01 10:43:22 | 000,001,106 | ---- | M] () -- C:\Users\Johannes\Desktop\MuseScore.lnk
[2012.10.01 01:57:35 | 000,000,075 | RHS- | M] () -- C:\Windows\CT6STET.BIN
[2012.09.22 17:23:51 | 001,404,488 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.09.21 20:16:43 | 000,002,135 | ---- | M] () -- C:\Users\Public\Desktop\Serif CraftArtist 2.lnk
[2012.09.19 13:52:31 | 000,108,008 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\WindowsAccessBridge-64.dll
[2012.09.19 13:52:30 | 001,034,216 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\npDeployJava1.dll
[2012.09.19 13:52:30 | 000,916,456 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\deployJava1.dll
[2012.09.19 13:52:30 | 000,289,768 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe
[2012.09.19 13:52:30 | 000,189,416 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe
[2012.09.19 13:52:30 | 000,188,904 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\java.exe
[2012.09.17 12:46:40 | 000,001,783 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
 
========== Files Created - No Company Name ==========
 
[2012.10.16 16:44:23 | 000,000,000 | ---- | C] () -- C:\Users\Johannes\defogger_reenable
[2012.10.16 16:37:47 | 000,050,477 | ---- | C] () -- C:\Users\Johannes\Desktop\Defogger.exe
[2012.10.16 09:02:57 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.10.16 08:35:43 | 083,023,306 | ---- | C] () -- C:\ProgramData\dsgsdgdsgdsgw.pad
[2012.10.02 17:45:44 | 004,194,304 | ---- | C] () -- C:\P8P67-ASUS-3509.ROM
[2012.10.01 10:43:22 | 000,001,106 | ---- | C] () -- C:\Users\Johannes\Desktop\MuseScore.lnk
[2012.10.01 10:36:30 | 000,013,440 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
[2012.10.01 10:36:28 | 000,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys
[2012.10.01 01:57:35 | 000,000,075 | RHS- | C] () -- C:\Windows\CT6STET.BIN
[2012.09.21 20:16:43 | 000,002,495 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Serif CraftArtist 2.lnk
[2012.09.21 20:16:43 | 000,002,135 | ---- | C] () -- C:\Users\Public\Desktop\Serif CraftArtist 2.lnk
[2012.09.17 12:46:40 | 000,001,783 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012.08.04 00:05:28 | 000,189,248 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012.08.04 00:05:27 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012.03.23 11:30:11 | 000,007,168 | ---- | C] () -- C:\Users\Johannes\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.03.12 13:01:21 | 000,000,218 | ---- | C] () -- C:\Users\Johannes\.recently-used.xbel
[2012.03.09 14:06:14 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2012.02.15 04:36:36 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012.02.15 04:36:36 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012.01.30 02:29:20 | 001,589,442 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.01.09 12:34:09 | 000,601,088 | ---- | C] () -- C:\Users\Johannes\AppData\Roaming\SharedSettings.ccs
[2012.01.01 19:05:27 | 000,000,432 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2012.01.01 19:05:27 | 000,000,034 | ---- | C] () -- C:\Windows\SysWow64\BD2030.DAT
[2011.12.27 20:03:41 | 000,000,931 | ---- | C] () -- C:\Users\Johannes\.jalbum-defaults.jap
[2011.12.27 20:03:41 | 000,000,884 | ---- | C] () -- C:\Users\Johannes\.jalbum-recent-projects.properties
[2011.12.27 20:03:41 | 000,000,423 | ---- | C] () -- C:\Users\Johannes\.jalbum-ftp-accounts.xml
[2011.12.27 04:58:52 | 000,004,441 | ---- | C] () -- C:\Windows\jtzf_sq32.ini
[2011.12.25 15:05:49 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2011.12.21 20:18:20 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011.12.21 19:46:26 | 000,007,597 | ---- | C] () -- C:\Users\Johannes\AppData\Local\Resmon.ResmonCfg
[2011.12.21 19:12:38 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2011.12.21 19:12:32 | 000,027,946 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2011.09.28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011.09.13 01:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011.08.03 14:21:58 | 004,077,568 | ---- | C] () -- C:\Windows\QLMGXRenderer.dll
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012.09.19 13:24:44 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\.minecraft
[2011.12.27 05:04:53 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\AceBIT
[2012.01.07 04:45:51 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\Amazon
[2011.12.26 01:41:39 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\Ashampoo
[2012.05.03 11:17:05 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\Babylon
[2011.12.25 13:57:05 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\bizarre creations
[2012.08.08 18:16:39 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\calibre
[2012.01.13 17:20:51 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\Canon
[2012.04.16 02:34:07 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012.02.27 04:00:18 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\CoffeeCup Software
[2012.01.24 18:01:44 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\ComBib
[2012.02.04 15:19:43 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\DAZ 3D
[2012.07.14 02:52:48 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\DiskAid
[2012.10.16 19:53:34 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\Dropbox
[2012.02.02 13:09:56 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\DVDVideoSoft
[2012.02.02 13:09:48 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.03.12 12:48:13 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\gtk-2.0
[2012.02.18 03:51:21 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\HandBrake
[2011.12.27 05:32:19 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\HDRsoft
[2011.12.27 02:52:40 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\MAGIX
[2012.04.30 12:53:06 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\MakeMusic
[2012.03.16 12:48:20 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\MultiCommander
[2012.02.16 00:04:34 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\MusE
[2011.12.30 18:27:02 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\NeatImage SL 64
[2012.02.18 04:51:40 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\Need for Speed World
[2012.07.10 11:31:39 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\Nik Software
[2012.09.08 18:40:36 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\Origin
[2012.02.04 16:50:30 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\Poser 7
[2012.02.04 16:33:43 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\Poser 7_2008_07_09 10_55_15 AM
[2012.01.03 09:16:44 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\Poser Debut
[2011.12.27 03:59:36 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\proDAD
[2012.01.05 04:32:46 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\Serif
[2011.12.31 17:59:22 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\SmartStore
[2012.07.11 17:58:30 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\Smith Micro
[2012.02.07 12:35:26 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\Software4u
[2012.10.14 03:57:44 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\SongBeamer
[2012.07.16 12:43:41 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\SpeedProject
[2012.10.01 19:34:29 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\Trine2
[2012.06.30 01:41:09 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\TrueCrypt
[2012.03.02 14:50:40 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\Ubisoft
 
========== Purity Check ==========
 
 

< End of report >
--- --- ---


und Extras
OTL Logfile:
Code:
OTL Extras logfile created on: 16.10.2012 19:56:09 - Run 6
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\Johannes\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000c07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
7,98 Gb Total Physical Memory | 6,19 Gb Available Physical Memory | 77,59% Memory free
15,95 Gb Paging File | 14,04 Gb Available in Paging File | 87,98% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 467,21 Gb Total Space | 168,52 Gb Free Space | 36,07% Space Free | Partition Type: NTFS
Drive D: | 464,21 Gb Total Space | 56,22 Gb Free Space | 12,11% Space Free | Partition Type: NTFS
 
Computer Name: JOHANNES-PC2 | User Name: Johannes | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office2010\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office2010\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office2010\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office2010\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{027DA069-7FDC-4DFE-983E-F1ECC84B6AAB}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{03063BC3-A0ED-443E-9742-B22B6552AC3B}" = lport=137 | protocol=17 | dir=in | app=system |
"{05F4FEF1-6442-41A3-8A4E-0B4669D31E93}" = rport=138 | protocol=17 | dir=out | app=system |
"{09E9DB4E-A13F-4E3C-9467-E9031544F660}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{155A2F31-0542-4D6C-8CC5-3287F35011CC}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{162B726E-306A-40C3-A581-B5382133D9C1}" = rport=139 | protocol=6 | dir=out | app=system |
"{1DCC5D25-4403-4C9E-958C-A1444D4D1EBC}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{209BBA11-8CFE-46BB-AA74-F982CA3765A8}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{49988696-5508-4474-9039-A5D562404FBB}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |
"{51A3705B-139A-4A3A-B318-409DF1842A11}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{61C03BFC-2FA0-481C-A791-19CE7C6E2BA0}" = lport=138 | protocol=17 | dir=in | app=system |
"{8F7D1587-3110-4BB8-8D42-EB7B4AD5517C}" = lport=445 | protocol=6 | dir=in | app=system |
"{951D7F7D-04F9-4C0F-8009-BB166DEF38B3}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{9AF1ADE3-074A-4CAC-AAB8-1AF344F49DEF}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{A634EFC9-CB43-4C17-A680-96E61E6D6AA6}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{B3D25FE6-1B1D-45CB-AA2F-DC937C6F454D}" = rport=445 | protocol=6 | dir=out | app=system |
"{BB21617F-03B1-4132-95B8-4FE6CD14A24F}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{BB3EF0E9-8A87-48F8-B46B-607FFB5FB2E3}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{C977078D-FF19-4E03-93D7-46D5EEB3C305}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{C9EBAE05-57CA-4FD5-B25F-A6A53CEFC2B9}" = lport=139 | protocol=6 | dir=in | app=system |
"{EA1B08F8-CC79-44C3-8414-39D0EFEDBC80}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office2010\office14\outlook.exe |
"{F2B8DA3F-F6EC-4189-9111-C3CF1E256B71}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F6FB4B5C-91E3-4052-A0E9-FFF6F8D0B9B6}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{FC75C9F3-7398-4B3E-AFF4-970D0F4FFBD3}" = rport=137 | protocol=17 | dir=out | app=system |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{029A78F1-7394-4583-A7DD-1E054251F2DE}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\prince of persia\launcher\launcher.exe |
"{094AEF80-5B26-4448-AE13-0BCB94436F6E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\lost planet 2\launcher.exe |
"{0A0A62E2-B346-46D0-A9D4-209AD654614C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\star trek online\star trek online.exe |
"{0A9203EF-578B-49C0-A5F7-2AC94FD15570}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\virtua tennis 4\vt4.exe |
"{0AE3D138-1A07-4E00-9676-7215D3524A07}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{0DDAFCC2-2A8B-49D2-A2F0-A4389CD43CA0}" = protocol=6 | dir=in | app=c:\program files (x86)\smith micro\motionartist\motionartist.exe |
"{0EB3BEBA-F3E2-4B03-A0A4-269F564D0E21}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{0F52430D-90B2-4B0D-970F-F4F79C40230A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\lost planet 2\launcher.exe |
"{0F88C5F6-9AF4-4862-B4BF-03D0F79F3434}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{126C1894-E78F-4874-82AC-0616EEE97101}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{16B0B9C8-20C2-46DE-8751-8BE59471D698}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\burnout(tm) paradise the ultimate box\burnoutparadise.exe |
"{16DE49B5-6FE2-4FE4-9533-74F965064981}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\microsoft flight\flight.exe |
"{17E0DB1B-4AC4-43A2-A76D-118217F61601}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\burnout(tm) paradise the ultimate box\support\ea help\electronic_arts_technical_support.htm |
"{18B18EBC-C704-49B3-8CCA-D6D467D2E17A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\assassin's creed 2\assassinscreediigame.exe |
"{19ABE88F-47AA-423A-ADD8-82E90BDBC8F2}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\mass effect 3 demo\binaries\win32\masseffect3demo.exe |
"{25B38EB9-18D6-471B-A7EB-B803AB3131C2}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office2010\office14\groove.exe |
"{264CB953-04DF-4D73-84F7-A17C8A5A569F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\microsoft flight\flight.exe |
"{2674D841-6ABA-4CE0-8FDE-717B2CBCA2C8}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dirt 3\dirt3.exe |
"{27DF8793-1808-4B57-ACDC-5BBC8AB31988}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office2010\office14\groove.exe |
"{28513028-493C-4524-A500-AF3A2E240220}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office2010\office14\onenote.exe |
"{2A4756B7-520C-4B8B-86E4-4490ACFEB3CE}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{2CB7EE0E-CA32-4AB8-9BE7-47D26A2F59A6}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{36671498-1FBE-4434-B412-AC1F6D8619A7}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\portal 2\portal2.exe |
"{3A1E317F-78D5-494E-9A63-0DF0D3A1AB50}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{3C6310D4-61B2-4F0B-BC14-3C63B211FFDB}" = protocol=6 | dir=in | app=c:\users\johannes\appdata\roaming\dropbox\bin\dropbox.exe |
"{408E39CD-BC1E-43A4-B97C-14E65DEB2378}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\crysis\bin32\crysis.exe |
"{454978BD-3652-4724-825C-775222CFA544}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\portal 2\portal2.exe |
"{463B854E-BBB1-4AB2-AF65-1767936BD238}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\prince of persia\launcher\launcher.exe |
"{49C4B5C2-2125-410F-9165-61733D21D5CD}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\burnout(tm) paradise the ultimate box\burnoutparadise.exe |
"{4AA94CED-402C-408B-B79E-DCB9721F47E6}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\assassins creed\assassinscreed_game.exe |
"{55047D4F-CFF2-418F-B9A5-063B3C79913E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\max payne\maxpayne.exe |
"{5ACA05C9-FAD6-4ACF-95E6-895306562478}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\portal 2\portal2.exe |
"{5DECC12F-9F0F-4970-BA04-2AC6B123689C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\max payne\maxpayne.exe |
"{5F9F10B4-079F-410B-90B7-4EBAEF7C1F8E}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\need for speed hot pursuit\launcher.exe |
"{5FA2EDA7-FBB9-4521-B0C7-8387A907E85E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\flight_control_hd\flightcontrol_win32.exe |
"{5FD2686D-250F-41CB-8844-AFC815CED818}" = protocol=6 | dir=in | app=c:\windows\system32\cnac4rpd.exe |
"{60EF82EA-028C-438D-9C0C-9DE25E8990F7}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\virtua tennis 4\vt4.exe |
"{65D75AB7-1180-4CDE-A408-5B19B1089F0A}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{693F664F-0E39-4050-9484-91D5C707D33D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\burnout(tm) paradise the ultimate box\support\ea help\electronic_arts_technical_support.htm |
"{6D1A2BD8-3EE6-4775-BA60-DB897E965DE3}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{72673A37-FC5A-456B-94E5-982F1860C660}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\max payne 2 the fall of max payne\maxpayne2.exe |
"{76739171-6F93-480D-97EC-A5C9BD9B501B}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{7BBFAFDF-8020-4428-9C6F-B4ADAE0C6E3C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\trine 2\trine2_launcher.exe |
"{7E1D8AC7-D5EF-48F5-B2A9-5F9A567B89E3}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{83A91DDA-032A-4E22-B243-FCA45282AC49}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{84574FCA-BDF4-402C-BD7F-AD212ACCDF0F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{86E5DAFA-990E-4AF3-B683-B98F001BBEB5}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\portal 2\portal2.exe |
"{8A20A4B7-0A67-447B-A026-BF77970E29F8}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\assassins creed\assassinscreed_game.exe |
"{8BACA49D-E2C9-4041-9E7E-47D62E38C923}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\assassins creed brotherhood\acbsp.exe |
"{8BB3F9BD-AEDF-41C0-A9D5-B7861E422F72}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\burnout(tm) paradise the ultimate box\burnoutconfigtool.exe |
"{8CDACAE1-E51D-435E-8793-8EFF47A16871}" = protocol=17 | dir=in | app=c:\windows\system32\cnac4rpd.exe |
"{8E355948-2B63-4F03-BD01-47105099ACF7}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{8F548C08-6B1F-4A4F-A90A-D539AA5282F3}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\burnout(tm) paradise the ultimate box\burnoutconfigtool.exe |
"{9A59BF8F-8EDF-4F1F-853F-B2493741ECB4}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\mass effect 3 demo\binaries\win32\masseffect3demo.exe |
"{AC3B3170-5A6D-4C3C-AD32-E22A9F04C61D}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{B1284279-2933-4BD2-80DD-E5AED1F39807}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{B187F61C-5B1C-44A2-84E0-C161FF31888B}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\need for speed hot pursuit\launcher.exe |
"{C053D254-BFF9-4F29-A733-746111636BBB}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\virtua tennis 4\launcher.exe |
"{C278D24A-B23D-4869-9B2D-0EAB9FE58B0B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dirt 3\dirt3.exe |
"{C2E948B8-5580-4F76-AAB9-152A51277888}" = protocol=17 | dir=in | app=c:\users\johannes\appdata\roaming\dropbox\bin\dropbox.exe |
"{C5EE0450-AD8C-4CDA-8310-CFE2333162FD}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\assassin's creed 2\assassinscreediigame.exe |
"{CA6F13FF-AECD-4B89-877F-0B64946B41A8}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{D02A74E4-561E-4424-BFDC-2D04B5CCD093}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office2010\office14\onenote.exe |
"{D0F1FF5B-6843-4CD4-A22F-E4DEC54DEDF3}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\crysis warhead\bin32\crysis.exe |
"{D3817AE0-2A2B-4C2D-AF97-05C818A9C6B8}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\trine 2\trine2_launcher.exe |
"{DA5FB809-1CBA-454D-A8EB-54B6A4EAB89E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\assassins creed brotherhood\acbsp.exe |
"{E35F79D7-4AB6-4D40-AE0C-BB859909F1BA}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{E4C7FDEE-A87C-4BAE-A6A4-F68283A928CE}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\star trek online\star trek online.exe |
"{E774B196-3451-4D50-BA86-F240D115D76B}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{E833ED0A-FC69-431B-80B0-EC1AB1C6D40B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\virtua tennis 4\launcher.exe |
"{E861F3E6-67CC-4EB7-903B-8AE31B5459B0}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\flight_control_hd\flightcontrol_win32.exe |
"{E8BA1094-1A63-46BD-ACA7-B80F6EF12E15}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\crysis\bin32\crysis.exe |
"{E8BD6115-A507-4161-B74B-7C9CF23D61E1}" = protocol=17 | dir=in | app=c:\program files (x86)\smith micro\motionartist\motionartist.exe |
"{F1F649CE-B06A-48EB-B2F2-3A8B70EB4F6D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\max payne 2 the fall of max payne\maxpayne2.exe |
"{FEB5966D-FB07-42F3-B035-B94DF4DCAF4A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\crysis warhead\bin32\crysis.exe |
"TCP Query User{0B553E11-9391-4D17-B510-517CA836C513}C:\program files (x86)\steam\steamapps\common\blur\blur.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\blur\blur.exe |
"TCP Query User{1422B22C-38B7-47B9-B051-ABF41BC8FDAE}C:\program files (x86)\steam\steamapps\common\lost planet 2\lp2dx11.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\lost planet 2\lp2dx11.exe |
"TCP Query User{24596A8E-37B8-48BF-BAC1-02B3DCAAEBF1}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"TCP Query User{2A3E41A3-6DED-4373-9051-A4DFBAEAED01}C:\program files (x86)\smith micro\anime studio debut 8\anime studio.exe" = protocol=6 | dir=in | app=c:\program files (x86)\smith micro\anime studio debut 8\anime studio.exe |
"TCP Query User{4CD0AE45-8A82-4902-9C3C-0185BF9E60A8}C:\program files (x86)\smith micro\poser debut\poserdebut.exe" = protocol=6 | dir=in | app=c:\program files (x86)\smith micro\poser debut\poserdebut.exe |
"TCP Query User{5FEBC81D-6582-4BC5-BDD0-EC918DEE83E4}C:\program files (x86)\steam\steamapps\common\lost planet 2\lp2dx9.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\lost planet 2\lp2dx9.exe |
"TCP Query User{6D512BEA-8A39-4E8C-8DDC-5C157CE3C48A}C:\program files (x86)\origin games\need for speed hot pursuit\nfs11.exe" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\need for speed hot pursuit\nfs11.exe |
"TCP Query User{70744988-3EA2-4449-AC30-DEB23C10DF3B}C:\program files (x86)\tmnationsforever\tmforever.exe" = protocol=6 | dir=in | app=c:\program files (x86)\tmnationsforever\tmforever.exe |
"TCP Query User{81C36F38-DB1F-47FF-BC72-64F085206DF5}C:\program files (x86)\steam\steamapps\common\crysis 2 game of the year\bin32\crysis2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\crysis 2 game of the year\bin32\crysis2.exe |
"TCP Query User{92B05302-6141-40F4-AD4E-894E9BF1C5CD}C:\program files (x86)\e frontier\poser 7\poser.exe" = protocol=6 | dir=in | app=c:\program files (x86)\e frontier\poser 7\poser.exe |
"TCP Query User{94BCCDA7-BE96-4B96-BCB1-02594E1F35C3}C:\program files (x86)\smith micro\anime studio debut 8\anime studio.exe" = protocol=6 | dir=in | app=c:\program files (x86)\smith micro\anime studio debut 8\anime studio.exe |
"TCP Query User{A08B02E7-630C-4DA3-BB0D-180B7837E14A}C:\program files (x86)\tmunitedforever\tmforever.exe" = protocol=6 | dir=in | app=c:\program files (x86)\tmunitedforever\tmforever.exe |
"TCP Query User{A60A2CD4-3381-484B-91D9-A3EEA1FDB184}C:\program files (x86)\steam\steamapps\common\dirt 3\dirt3_game.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dirt 3\dirt3_game.exe |
"TCP Query User{AB31F086-BB51-4F38-98F3-E9984D1D1FD5}C:\program files (x86)\steam\steamapps\common\star trek online\star trek online\live\gameclient.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\star trek online\star trek online\live\gameclient.exe |
"TCP Query User{B5CF2684-C286-4728-962A-4062DD3884E0}C:\users\johannes\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\johannes\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{D89AD2D3-2400-4768-AC22-CE73DBFB768C}C:\program files (x86)\steam\steamapps\common\blur\blur.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\blur\blur.exe |
"TCP Query User{FD09C831-4272-49CF-AFF5-7B71D309B255}C:\program files (x86)\trackmania united\tmunited.exe" = protocol=6 | dir=in | app=c:\program files (x86)\trackmania united\tmunited.exe |
"UDP Query User{1E318440-C16A-4AA9-B00D-B6ED50ED2480}C:\program files (x86)\tmunitedforever\tmforever.exe" = protocol=17 | dir=in | app=c:\program files (x86)\tmunitedforever\tmforever.exe |
"UDP Query User{2A81B791-9659-4F6E-B0B5-51AFCB10488C}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"UDP Query User{4616AF84-C894-4895-9892-F659694E88B1}C:\program files (x86)\tmnationsforever\tmforever.exe" = protocol=17 | dir=in | app=c:\program files (x86)\tmnationsforever\tmforever.exe |
"UDP Query User{476299E9-0394-4233-AAB5-A1614FA1A2CA}C:\program files (x86)\steam\steamapps\common\star trek online\star trek online\live\gameclient.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\star trek online\star trek online\live\gameclient.exe |
"UDP Query User{4A60A829-D9C2-4A72-84E6-2103E7AF4032}C:\program files (x86)\steam\steamapps\common\blur\blur.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\blur\blur.exe |
"UDP Query User{57344D81-AEED-45D8-B8D8-A735AFE76270}C:\program files (x86)\smith micro\poser debut\poserdebut.exe" = protocol=17 | dir=in | app=c:\program files (x86)\smith micro\poser debut\poserdebut.exe |
"UDP Query User{6887CD3A-900F-4C75-91FD-E9EE15FE3C31}C:\program files (x86)\trackmania united\tmunited.exe" = protocol=17 | dir=in | app=c:\program files (x86)\trackmania united\tmunited.exe |
"UDP Query User{81062D8C-8CAE-480E-B8B5-B37FB6F216F3}C:\program files (x86)\smith micro\anime studio debut 8\anime studio.exe" = protocol=17 | dir=in | app=c:\program files (x86)\smith micro\anime studio debut 8\anime studio.exe |
"UDP Query User{8411F21B-8FD0-4C06-917C-50989CEDA70F}C:\program files (x86)\e frontier\poser 7\poser.exe" = protocol=17 | dir=in | app=c:\program files (x86)\e frontier\poser 7\poser.exe |
"UDP Query User{883A3BFA-6596-4C41-AF5C-C448EA41EFE4}C:\program files (x86)\steam\steamapps\common\blur\blur.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\blur\blur.exe |
"UDP Query User{909188C3-AB6D-4279-80C5-20863DE93838}C:\users\johannes\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\johannes\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{ACFA47F0-1460-49BC-A345-88FCCFC3F696}C:\program files (x86)\origin games\need for speed hot pursuit\nfs11.exe" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\need for speed hot pursuit\nfs11.exe |
"UDP Query User{AFFCF98B-D4C5-401A-992C-F793A73653B2}C:\program files (x86)\steam\steamapps\common\lost planet 2\lp2dx9.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\lost planet 2\lp2dx9.exe |
"UDP Query User{C43AC7E2-7BD0-4F8D-BC4C-E4312C53DC1C}C:\program files (x86)\steam\steamapps\common\crysis 2 game of the year\bin32\crysis2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\crysis 2 game of the year\bin32\crysis2.exe |
"UDP Query User{C8265820-5865-4EA2-BE21-2676C929CBB9}C:\program files (x86)\steam\steamapps\common\dirt 3\dirt3_game.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dirt 3\dirt3_game.exe |
"UDP Query User{ED6D745F-3D51-40F3-B6AD-9F940DA5C222}C:\program files (x86)\steam\steamapps\common\lost planet 2\lp2dx11.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\lost planet 2\lp2dx11.exe |
"UDP Query User{F8C69F8A-AB49-48E9-B80B-A800CC7A9114}C:\program files (x86)\smith micro\anime studio debut 8\anime studio.exe" = protocol=17 | dir=in | app=c:\program files (x86)\smith micro\anime studio debut 8\anime studio.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1" = Core Temp 1.0 RC3
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP540_series" = Canon MP540 series MP Drivers
"{1493B2AE-0261-47D2-B1AA-F4DAD0F6C48B}" = iTunes
"{230D1595-57DA-4933-8C4E-375797EBB7E1}" = Bluetooth Win7 Suite (64)
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{26A24AE4-039D-4CA4-87B4-2F86417007FF}" = Java 7 Update 7 (64-bit)
"{26F481C6-8DBE-4F8B-9D8D-715081C23ADE}" = Adobe Premiere Elements 10
"{336D0C35-8A85-403a-B9D2-65C292C39087}_is1" = Web Assistant 2.0.0.430
"{3DAE9A67-DD8D-4EDB-91F7-7B5132B1864D}" = SmartSound Premiere Elements 10 x64 Plugin
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4D533F05-A3F6-F8A9-F1F6-FA6812089D36}" = AMD Drag and Drop Transcoding
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{624C7F0A-89B2-4C49-9CAB-9D69613EC95A}" = Microsoft IntelliPoint 8.2
"{6C2E334F-37F5-C312-53BA-1482F9A6FD4D}" = ccc-utility64
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{7446FE8D-C1F9-4D42-AAAE-5DBCE58605A6}" = Apple Mobile Device Support
"{81D00339-968D-15D1-3499-8431658E896F}" = AMD Catalyst Install Manager
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B9609B6D-9532-E0F8-BE41-DFE18BFAEC22}" = AMD AVIVO64 Codecs
"{BABA4667-CF82-B330-A8E5-6E8A09B2D911}" = AMD Accelerated Video Transcoding
"{C1AC1FED-9E75-42A5-B3EA-CCEC92E75D61}" = Raw Therapee V4.0.7.1 x64
"{D0BE8477-6206-4588-8148-971EDAB6BBAD}" = Serif CraftArtist 2 Professional
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
"{E6F5D8BE-0B00-6DD9-18F9-D4045798FCBE}" = AMD Media Foundation Decoders
"{EB59AEBA-DF0C-4532-9C09-31E7B660EC13}" = EMF Plug-In
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Canon LBP5000" = Canon LBP5000
"CutePDF Writer Installation" = CutePDF Writer 2.8
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft IntelliPoint 8.2" = Microsoft IntelliPoint 8.2
"Neat Image Standalone_is1" = Neat Image v7.1.0 Demo Standalone
"PhotomatixPro41x64_is1" = Photomatix Pro version 4.1.2
"PremElem100" = Adobe Premiere Elements 10
"WinRAR archiver" = WinRAR 4.20 (64-Bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01496C89-6117-AD97-3CB3-98AF2026070C}" = CCC Help German
"{02E43EC2-6B1C-45B5-9E48-941C3E1B204A}_is1" = System.Data.SQLite v1.0.80.0
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0486991B-63F4-5106-06CE-404D7BA55041}" = CCC Help Italian
"{05BBF12D-565E-4212-8BDD-C482C72866DD}" = Vasco da Gama 4 HDPro
"{0834BB26-4019-4BCA-81F9-067FAFBFAE80}" = DaisyTrail Posters Digikit
"{10B1D4F7-6568-48F7-92FD-74D616CD061E}" = Serif CraftArtist Wedding Days Collection
"{11D08055-939C-432b-98C3-E072478A0CD7}" = PSE10 STI Installer
"{15FD2553-F154-4A40-9A2A-226C91AEAED7}" = DaisyTrail Diwali 2011 Digikit
"{177A3BC5-ECD3-BFF1-4D87-C4B417924DF2}" = CCC Help Russian
"{182D9A20-F5AE-4E6C-A4FC-651351DD083E}" = Serif WebPlus: Business Template - Real Estate 1
"{189B9ACF-DBA6-4F52-8726-2E11049FB1F7}" = HydraVision
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{19D368B2-5601-007B-A296-535706E00D97}" = CCC Help English
"{1D273D91-D7D5-4036-8B84-EB4615FF5F81}" = SmartSound Sonicfire Pro 5
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{22D3A614-482C-444A-932C-9DA1B8ECDFD2}" = Elements 10 Organizer
"{2397CAD4-2263-4CD0-96BE-E43A980B9C9A}_is1" = Geeks3D.com FurMark 1.9.2
"{25015AF4-F435-4605-A06F-BA91C0BF6087}" = Serif CraftArtist Scrapbooks Collection
"{26A24AE4-039D-4CA4-87B4-2F83216030FF}" = Java(TM) 6 Update 30
"{27786902-FB5A-484C-8A2E-2501215AE454}" = DaisyTrail Valentine's 2012 Digikit
"{278FA289-F502-D888-A3BA-5FA10308AAAD}" = CCC Help Danish
"{2DC240EA-51B1-4CC4-A0E5-4E4399CD7302}" = Serif PagePlus X4
"{312F775B-EF9B-4456-83C8-4B4596677C13}" = Serif CraftArtist Baby Photos Collection
"{31D888B7-9DA0-4219-9371-9A0037A097C6}" = MAGIX Screenshare
"{340C0246-975B-420F-8ADD-DEA69B16FDEE}" = Adobe Premiere Elements 10 Content 1
"{35EDE682-4AE5-47D6-B44F-103F859951DC}" = Serif PanoramaPlus X4
"{371C9583-5174-4CF8-B10D-D4C3AA7E8CD0}" = Serif PagePlus X5
"{39CF0384-AF7F-4E56-9A8F-6F533C8A6DF4}" = MAGIX Video deluxe 17 Premium Sonderedition Video Plugins
"{3EAF3023-F780-46E5-8220-72F8DB87A7EB}_is1" = WISE-FTP 7
"{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX
"{44F77218-4BBD-1B74-88B7-FC302868F2B3}" = CCC Help Japanese
"{465C892E-BEE0-422F-A992-EA627D1943A3}" = Serif WebPlus: Interest Template - Photography 2
"{489BC3B4-AEF9-E14A-11BC-B70FDE9D543D}" = CCC Help Chinese Traditional
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A85AE1B-9727-261D-9EAF-07C1AECCF977}" = CCC Help Turkish
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4F29521F-7338-4D15-8691-8FEEB987780C}" = Adobe Premiere Elements 10 HD Content 3
"{502699FF-F586-54B1-91E8-E85D9FAE0D6D}" = CCC Help Greek
"{505AFDC0-5E72-4928-8368-5DEA385E3647}" = CorelDRAW Graphics Suite 12
"{53450FA2-F4B6-48C4-805B-751000018201}" = Virtua Tennis 4
"{53EF1C4D-0705-98F2-1889-A69BBF9F03F3}" = CCC Help Thai
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{548A4EF3-BD97-0813-B469-E1E2FC9DE487}" = CCC Help Korean
"{55533224-CAD0-39B5-6297-E1B2D1D8F176}" = Catalyst Control Center
"{590828E0-9BA6-3E4D-8491-A1D9CC3EB8CE}" = CCC Help French
"{5D037ECA-B00A-466F-848C-D21B4DB69DEA}" = Adobe Premiere Elements 10 HD Content 1
"{60CE924D-12CB-4A96-8B75-18F92CE1D585}" = CrazyTalk v6.21 SE
"{61B3CAF9-0C8A-4390-AE72-D6B90FB71C17}" = Serif CraftArtist Professional
"{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Apple Application Support
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{6563FAF5-84F9-0A35-C032-182EBC4C3BDB}" = CCC Help Finnish
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6C5F8503-55D2-4398-858C-362B7A7AF51C}" = Firebird SQL Server - MAGIX Edition
"{6D46F639-5F2F-90F3-4B60-EB2EF264B82E}" = CCC Help Spanish
"{70210CF8-CAB1-8FEB-D964-C33AFE18730B}" = CCC Help Czech
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7430B12A-3B67-4191-B0C5-59E57344CB1F}" = iClone v4.31 PRO
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789567FD-CAA2-4E1C-B38E-9072B3015FFD}" = CrazyTalk Animator PRO Trial
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7B2CC3DF-64FA-44AE-8F57-B0F915147E4F}_is1" = Need For Speed™ World
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7C08721F-AC43-4198-A35B-93442DD10A26}" = Serif CraftArtist Greeting Cards Collection
"{7D427BD1-1C88-4007-BBFB-C2DD2ED48C63}" = Serif WebPlus X5
"{7D775738-C2CC-4E91-9E87-B3F77833A238}" = Serif WebPlus: Business Template - Real Estate 2
"{7FB64E72-9B0E-4460-A821-040C341E414A}" = ASUS Ai Charger
"{7FCBED5C-8C0F-43FA-9880-E3BBCE81FEF0}" = CoffeeCup Web Form Builder
"{7FD8B0C1-CDDA-4B4D-A577-B2E3570EA3A3}_is1" = iExplorer 2.2.1.3
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{83A606F5-BF6F-42ED-9F33-B9F74297CDED}" = Need for Speed(TM) Hot Pursuit
"{83C97249-FB38-4FF0-8480-1D8E367767D8}" = Serif WebPlus: Interest Template - Music 1
"{84228E96-3FBE-4E1F-9161-D55E527687D3}" = Hoffnung für heute
"{85DE30D0-AEC8-4799-A56A-14267C421A76}" = CoffeeCup Web Form Builder Lite
"{875F9A42-D47B-43E6-BA68-29D1895188D5}_is1" = Dynamic Auto-Painter 2.5.3
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8B1AEC85-4507-28BD-F3BA-4A5D732752E7}" = CCC Help Hungarian
"{8C5ACED4-34D3-23BB-F90E-2F90420321BC}" = Catalyst Control Center Localization All
"{8F42D65F-B288-401B-BDE3-308AF6B33BF8}" = MAGIX Video deluxe 17 Premium Sonderedition
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.PROPLUSR_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.PROPLUSR_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90170407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office FrontPage 2003
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{93C40A12-0098-46B1-972E-E8083686A7A0}" = Serif MoviePlus X5
"{96CFF0DB-C3C3-44B8-930C-1121EC68A3BF}" = Serif WebPlus X4 Ressourcen
"{99C7D73D-E201-4D03-B8A4-5EDBA529B505}" = Adobe Premiere Elements 10 Content 3
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9ADA45A0-8043-470A-8E8B-02EA7D95F896}" = Serif WebPlus X4
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C8D1290-0A4C-446C-AD86-0590812660CC}" = Adobe Premiere Elements 10 Content
"{9F06F464-479A-403E-AF92-70CBB8D674A1}" = PRE10STI64Installer
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A127C3C0-055E-38CF-B38F-1E85F8BBBFFE}" = Adobe Community Help
"{A1683CA7-4850-4A21-982B-C6D853C79AF7}" = Mass Effect™ 3 Demo
"{A3DAD349-E48E-AE45-3F26-7B80A4FFCD26}" = Catalyst Control Center InstallProxy
"{A5909EAD-96CE-49E4-9BA8-D2F271C34AB4}" = DaisyTrail Christmas Crafts Digikit
"{A93EC091-461F-46EE-BAE1-327EB608AA60}" = Serif PagePlus X4 Ressourcen
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{AFA3224E-8AD6-4EFA-9DBA-A2E499F30282}" = Serif PhotoPlus X4
"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
"{B0B1A8A5-4711-BB6C-DD59-9794AD928368}" = CCC Help Dutch
"{B2CF1869-8727-4F9C-BA7D-807CA9F7C528}" = Magic Bullet Quick Looks (MAGIX)
"{B33D2348-2938-1A03-0CD3-E6F7101244E0}" = CCC Help Polish
"{B47A51FD-0DBC-45E1-8275-C4B5D8351E98}" = DaisyTrail New Year 2012 Digikit
"{B5BF7B43-E13D-4A76-9F8F-E933817131EC}" = calibre
"{B7C8D838-9C3A-1177-B80A-E3C512FD8AF5}" = CCC Help Swedish
"{B8A2869E-30CA-40C5-9CF8-BD7354E57EF8}" = SmartSound Common Data
"{B8A6C9D6-7A53-41CB-BC2A-891F461B613E}" = DaisyTrail Table Plans Digikit
"{BB55B191-6B35-4BDD-BED6-B2C9F2089954}" = DaisyTrail Thankgiving 2011 Digikit
"{C36CC334-10DA-4D13-B4EA-605B453D8912}" = DaisyTrail Happy Hanukkah 2011 Digikit
"{C7B3C4B4-D6E1-4E5D-8428-1FB7111944B9}" = Serif WebPlus X6
"{C8B6F34D-EF2D-4804-9F5D-21BD556C52AA}" = DaisyTrail Valentine's Day 2011 Digikit
"{CF53472F-99F4-4DFC-A267-74FE2909E6BF}" = DaisyTrail Mother's Day 2011 Digikit
"{D0F1732F-DE2D-4A6D-BE19-2D6CF784356C}" = Serif PagePlus X3 Ressourcen
"{D1CE6204-061A-43B5-830F-6A8A35C4E0C6}" = Adobe Premiere Elements 10 HD Content 2
"{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1" = Rapture3D 2.4.8 Game
"{D66A42BA-3747-4628-9CE4-9E7C18C3ED95}" = Adobe Premiere Elements 10 Content 2
"{D91AB4D6-2CA1-4427-91B3-BB31D3C6D4EE}" = SmartStore.biz 5
"{D982FFA1-51C2-4187-8EED-563F718536A3}" = MAGIX Video deluxe MX Premium
"{DDCB737A-EEC8-3815-42DA-69011A55E3E5}" = Catalyst Control Center Graphics Previews Common
"{E170E984-6B20-79C2-1E9F-0256EC5ADFB4}" = CCC Help Chinese Standard
"{E23FEC6A-C2D9-4D91-ADF4-FD513B4421A3}" = Serif WebPlus: Interest Template - Photography 1
"{E2B22002-9C8B-43CC-A75B-464B6ED4FF6B}" = Serif PagePlus X6
"{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding
"{E5F7F7F8-9FE2-4AA4-B142-8B5981F0A290}" = DaisyTrail Certificates Digikit
"{E866E52C-1F56-4CCF-0071-CA915F8CFEDA}" = CCC Help Norwegian
"{EE549AF9-8FAA-4584-83B2-ECF1BC9DC1FF}" = Adobe Photoshop Elements 10
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F5D245CC-C332-1E8E-CCB1-75E0C3C4D6F1}" = CCC Help Portuguese
"{F8F9302E-27C2-45FA-A2D3-3880616A2BD1}" = MAGIX Speed burnR (MSI)
"{FBAB18E2-4F7F-4DBD-BBE2-2062602BF5CA}" = MAGIX Audio Cleaning Lab MX
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop Elements 10" = Adobe Photoshop Elements 10
"Adobe Premiere Elements 10 Content" = Adobe Premiere Elements 10 Content
"Adobe Premiere Elements 10 Content 1" = Adobe Premiere Elements 10 Content 1
"Adobe Premiere Elements 10 Content 2" = Adobe Premiere Elements 10 Content 2
"Adobe Premiere Elements 10 Content 3" = Adobe Premiere Elements 10 Content 3
"Adobe Premiere Elements 10 HD Content 1" = Adobe Premiere Elements 10 HD Content 1
"Adobe Premiere Elements 10 HD Content 2" = Adobe Premiere Elements 10 HD Content 2
"Adobe Premiere Elements 10 HD Content 3" = Adobe Premiere Elements 10 HD Content 3
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.15
"ASD800_is1" = Anime Studio Debut 8.0
"Ashampoo Burning Studio 10_is1" = Ashampoo Burning Studio 10 v.10.0.15
"Avira AntiVir Desktop" = Avira Free Antivirus
"Bryce 7.0 Content 7.0.0.21" = Bryce 7.0 Content
"Bryce 7.1 7.1.0.109" = Bryce 7.1
"Bryce Lightning 7.0 7.1.0.109" = Bryce Lightning 7.0
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"Color Efex Pro 3.0 Stand-Alone Standard" = Color Efex Pro 3.0 Standard
"DAZ Content Management Service 4.8.1.7" = DAZ Content Management Service
"DAZ Studio 4 (64bit) 4.0.3.47" = DAZ Studio 4 (64bit)
"DiskAid_is1" = DiskAid 5.11
"DS4 Default Content 4.0.0.19" = DS4 Default Content
"DVD Shrink_is1" = DVD Shrink 3.2
"Elements+_is1" = Elements+ for PSE 10, v.4.0
"ESET Online Scanner" = ESET Online Scanner v3
"Finale NotePad 2012" = Finale NotePad 2012
"Free YouTube Download_is1" = Free YouTube Download version 3.0.20.1228
"GoZ DS4 (64bit) 1.0.3.9" = GoZ DS4 (64bit)
"HandBrake" = HandBrake 0.9.5
"Hexagon 2 2.5.1.79" = Hexagon 2
"InstallShield_{1D273D91-D7D5-4036-8B84-EB4615FF5F81}" = SmartSound Sonicfire Pro 5
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"InstallShield_{B8A2869E-30CA-40C5-9CF8-BD7354E57EF8}" = SmartSound Common Data
"IrfanView" = IrfanView (remove only)
"jAlbum_0" = jAlbum 9.3
"KoolMoves_is1" = KoolMoves 7.4.2
"MAGIX_MSI_mclab_mx" = MAGIX Audio Cleaning Lab MX
"MAGIX_MSI_Videodeluxe17_premium" = MAGIX Video deluxe 17 Premium Sonderedition
"MAGIX_MSI_Videodeluxe18_premium" = MAGIX Video deluxe MX Premium
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.0.1400
"MotionArtist09_is1" = MotionArtist 0.9
"Mozilla Firefox 10.0 (x86 de)" = Mozilla Firefox 10.0 (x86 de)
"MultiCommander" = MultiCommander
"MuseScore" = MuseScore 1.2 MuseScore score typesetter
"NewBlue Light Rays for Magix" = NewBlue Light Rays for Magix
"NewBlue Lightning for Magix" = NewBlue Lightning for Magix
"NewBlueFX Light Blends" = NewBlueFX Light Blends
"NewBlueFX Premium Effects" = NewBlueFX Premium Effects
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"OpenAL" = OpenAL
"Origin" = Origin
"PhotoZoom Classic 4" = BenVista PhotoZoom Classic 4.1.2
"Poser 7_is1" = Poser 7.0.4 Service Release
"Poser Debut_is1" = Poser Debut
"proDAD-Adorage-3.0" = proDAD Adorage 3.0
"proDAD-Heroglyph-2.5" = proDAD Heroglyph 2.5
"proDAD-Mercalli-2.0" = proDAD Mercalli 2.0
"proDAD-Vitascene-2.0" = proDAD Vitascene 2.0
"PunkBusterSvc" = PunkBuster Services
"SongBeamer_Bible_Elb2006_is1" = SongBeamer - Elberfelder Bibel 2006
"SongBeamer_Setup_is1" = SongBeamer 4.09
"SpeedCommander 10" = SpeedCommander 10
"Steam App 218" = Source SDK Base 2007
"Steam App 35720" = Trine 2
"Steam App 71390" = Virtua Tennis 4
"TmNationsForever_is1" = TmNationsForever
"TmUnited_is1" = TrackMania United 0.2.0.8
"TmUnitedForever_is1" = TmUnitedForever
"TrueCrypt" = TrueCrypt
"Uplay" = Uplay
"Victoria 4.2 Base DAZ Studio Content ps_pe069_Victoria4DS" = Victoria 4.2 Base DAZ Studio Content
"Victoria 4.2 Base ps_pe069_Victoria4" = Victoria 4.2 Base
"Victoria 4.2 Morphs++ DAZ Studio Content ps_pe070_V4MorphsDS" = Victoria 4.2 Morphs++ DAZ Studio Content
"Victoria 4.2 Morphs++ ps_pe070_V4Morphs" = Victoria 4.2 Morphs++
"virtualPhotographer_is1" = virtualPhotographer 1.5.6
"VLC media player" = VLC media player 1.1.11
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"fc6d9d64ce333d98" = BibleReader
"Google Chrome" = Google Chrome
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 29.08.2012 13:50:14 | Computer Name = Johannes-PC2 | Source = Steam Client Service | ID = 1
Description = Error: Invalid file signature: C:\Program Files (x86)\bin\SteamService.dll
 
Error - 29.08.2012 13:50:24 | Computer Name = Johannes-PC2 | Source = Steam Client Service | ID = 1
Description = Error: Invalid file signature: C:\Program Files (x86)\bin\SteamService.dll
 
Error - 29.08.2012 13:51:54 | Computer Name = Johannes-PC2 | Source = Steam Client Service | ID = 1
Description = Error: Invalid file signature: C:\Program Files (x86)\bin\SteamService.dll
 
Error - 29.08.2012 13:51:54 | Computer Name = Johannes-PC2 | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: VT4.exe, Version: 1.0.0.1, Zeitstempel:
 0x4de8f45c  Name des fehlerhaften Moduls: VT4.exe, Version: 1.0.0.1, Zeitstempel:
 0x4de8f45c  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00027205  ID des fehlerhaften Prozesses:
 0x5c0  Startzeit der fehlerhaften Anwendung: 0x01cd860ef90941cf  Pfad der fehlerhaften
 Anwendung: C:\Program Files (x86)\Steam\steamapps\common\Virtua Tennis 4\VT4.exe
Pfad
 des fehlerhaften Moduls: C:\Program Files (x86)\Steam\steamapps\common\Virtua Tennis
 4\VT4.exe  Berichtskennung: 37c8bf41-f202-11e1-ae3b-f46d04b04223
 
Error - 29.08.2012 13:52:00 | Computer Name = Johannes-PC2 | Source = Steam Client Service | ID = 1
Description = Error: Invalid file signature: C:\Program Files (x86)\bin\SteamService.dll
 
Error - 29.08.2012 13:56:52 | Computer Name = Johannes-PC2 | Source = Steam Client Service | ID = 1
Description = Error: Invalid file signature: C:\Program Files (x86)\bin\SteamService.dll
 
Error - 29.08.2012 13:56:53 | Computer Name = Johannes-PC2 | Source = Steam Client Service | ID = 1
Description = Error: Invalid file signature: C:\Program Files (x86)\bin\SteamService.dll
 
Error - 29.08.2012 13:56:54 | Computer Name = Johannes-PC2 | Source = Steam Client Service | ID = 1
Description = Error: Invalid file signature: C:\Program Files (x86)\bin\SteamService.dll
 
Error - 29.08.2012 14:15:46 | Computer Name = Johannes-PC2 | Source = Avira Antivirus | ID = 4110
Description = Während der Initialisierung der Suchengine trat ein unbekannter Fehler
 auf!  Fehlercode: 0x35
 
Error - 29.08.2012 14:17:19 | Computer Name = Johannes-PC2 | Source = WinMgmt | ID = 10
Description =
 
[ System Events ]
Error - 20.06.2012 06:18:10 | Computer Name = Johannes-PC2 | Source = bowser | ID = 8003
Description =
 
Error - 20.06.2012 06:30:12 | Computer Name = Johannes-PC2 | Source = bowser | ID = 8003
Description =
 
Error - 20.06.2012 06:54:16 | Computer Name = Johannes-PC2 | Source = bowser | ID = 8003
Description =
 
Error - 20.06.2012 07:30:21 | Computer Name = Johannes-PC2 | Source = bowser | ID = 8003
Description =
 
Error - 20.06.2012 08:06:28 | Computer Name = Johannes-PC2 | Source = bowser | ID = 8003
Description =
 
Error - 20.06.2012 08:30:33 | Computer Name = Johannes-PC2 | Source = bowser | ID = 8003
Description =
 
Error - 20.06.2012 09:06:40 | Computer Name = Johannes-PC2 | Source = bowser | ID = 8003
Description =
 
Error - 20.06.2012 09:42:36 | Computer Name = Johannes-PC2 | Source = bowser | ID = 8003
Description =
 
Error - 20.06.2012 10:06:40 | Computer Name = Johannes-PC2 | Source = bowser | ID = 8003
Description =
 
Error - 20.06.2012 10:42:56 | Computer Name = Johannes-PC2 | Source = bowser | ID = 8003
Description =
 
 
< End of report >
--- --- ---


Nun noch CCleaner
Code:
7-Zip 9.20 (x64 edition)        Igor Pavlov        03.02.2012        4,53MB        9.20.00.0
Adobe AIR        Adobe Systems Incorporated        28.12.2011                2.6.0.19140
Adobe Community Help        Adobe Systems Incorporated.        28.12.2011                3.5.23
Adobe Flash Player 11 ActiveX        Adobe Systems Incorporated        10.10.2012        6,00MB        11.4.402.287
Adobe Flash Player 11 Plugin        Adobe Systems Incorporated        15.07.2012        6,00MB        11.3.300.265
Adobe Photoshop Elements 10        Adobe Systems Incorporated        28.12.2011        2,60GB        10.0
Adobe Premiere Elements 10                01.10.2012               
Adobe Premiere Elements 10        Adobe Systems Incorporated        28.12.2011        1,23GB        10.0
Adobe Premiere Elements 10 Content        Adobe Systems Incorporated        28.12.2011        1,23GB        10.0
Adobe Reader X (10.1.4) - Deutsch        Adobe Systems Incorporated        22.08.2012        122MB        10.1.4
Amazon MP3-Downloader 1.0.15        Amazon Services LLC        05.08.2012                1.0.15
AMD Catalyst Install Manager        Advanced Micro Devices, Inc.        29.08.2012        26,3MB        8.0.881.0
Anime Studio Debut 8.0        Smith Micro Software, Inc.        27.12.2011        480MB        8.0
Apple Application Support        Apple Inc.        17.09.2012        64,5MB        2.2.2
Apple Mobile Device Support        Apple Inc.        17.09.2012        23,7MB        6.0.0.59
Apple Software Update        Apple Inc.        25.12.2011        2,38MB        2.1.3.127
Ashampoo Burning Studio 10 v.10.0.15        Ashampoo GmbH & Co. KG        26.12.2011        233MB        10.0.15
ASUS Ai Charger        ASUSTeK Computer Inc.        02.10.2012                1.03.00
Avira Free Antivirus        Avira        12.09.2012        108MB        12.0.0.1199
BenVista PhotoZoom Classic 4.1.2        BenVista Ltd.        27.12.2011        10,9MB        4.1.2
BibleReader        Olive Tree Bible Software        15.08.2012                5.0.4.916
Bluetooth Win7 Suite (64)        Atheros Communications        21.12.2011        59,1MB        7.2.0.40
Bonjour        Apple Inc.        25.12.2011        2,00MB        3.0.0.10
Bryce 7.0 Content        DAZ 3D        04.02.2012        849GB        7.0.0.21
Bryce 7.1        DAZ 3D        04.02.2012                7.1.0.109
Bryce Lightning 7.0        DAZ 3D        04.02.2012                7.1.0.109
calibre        Kovid Goyal        08.08.2012        131MB        0.8.63
Canon LBP5000                01.01.2012               
Canon MP540 series MP Drivers                13.01.2012               
CCleaner        Piriform        24.09.2012                3.23
CoffeeCup Web Form Builder        CoffeeCup Software, Inc.        28.06.2012        21,3MB        2.0.4263
CoffeeCup Web Form Builder Lite        CoffeeCup Software, Inc.        09.01.2012        17,0MB        1.0.3033
Color Efex Pro 3.0 Standard        Nik Software, Inc.        10.07.2012                3.1.0.9
Core Temp 1.0 RC3        Alcpu        07.07.2012        2,00MB        1.0
CorelDRAW Graphics Suite 12        Corel Corporation        26.12.2011        273MB        12.0.0.458
CrazyTalk Animator PRO Trial        Reallusion Inc.        01.10.2012                1.2.2816.1
CrazyTalk v6.21 SE        Reallusion        01.10.2012                6.21.2325.1
CutePDF Writer 2.8                05.01.2012               
DaisyTrail Certificates Digikit        Serif (Europe) Ltd        27.12.2011        31,5MB        1.0.2.027
DaisyTrail Christmas Crafts Digikit        Serif (Europe) Ltd        27.12.2011        27,8MB        1.0.2.027
DaisyTrail Diwali 2011 Digikit        Serif (Europe) Ltd        27.12.2011        26,6MB        1.0.2.025
DaisyTrail Happy Hanukkah 2011 Digikit        Serif (Europe) Ltd        27.12.2011        19,0MB        1.0.2.027
DaisyTrail Mother's Day 2011 Digikit        Serif (Europe) Ltd        27.12.2011        15,8MB        1.0.2.018
DaisyTrail New Year 2012 Digikit        Serif (Europe) Ltd        14.02.2012        21,4MB        1.0.2.027
DaisyTrail Posters Digikit        Serif (Europe) Ltd        14.02.2012        14,5MB        1.0.2.027
DaisyTrail Table Plans Digikit        Serif (Europe) Ltd        27.12.2011        21,5MB        1.0.2.027
DaisyTrail Thankgiving 2011 Digikit        Serif (Europe) Ltd        27.12.2011        22,2MB        1.0.2.027
DaisyTrail Valentine's 2012 Digikit        Serif (Europe) Ltd        14.02.2012        20,3MB        1.0.2.027
DaisyTrail Valentine's Day 2011 Digikit        Serif (Europe) Ltd        27.12.2011        17,6MB        1.0.1.013
DAZ Content Management Service        DAZ 3D        04.02.2012        23,0MB        4.8.1.7
DAZ Studio 4 (64bit)        DAZ 3D        04.02.2012                4.0.3.47
DiskAid 5.11        DigiDNA        09.04.2012        18,6MB        5.11
Dropbox        Dropbox, Inc.        26.05.2012                1.4.7
DS4 Default Content        DAZ 3D        04.02.2012        588GB        4.0.0.19
DVD Shrink 3.2        DVD Shrink        18.02.2012               
Dynamic Auto-Painter 2.5.3        Mediachance.com        27.12.2011               
Elements+ for PSE 10, v.4.0        Andrei Doubrovski        29.03.2012        33,3MB       
EMF Plug-In        Gehriger Engineering        18.09.2012        457KB        1.0.2
ESET Online Scanner v3                16.10.2012               
Finale NotePad 2012        MakeMusic        30.04.2012                2012..r1.1
Firebird SQL Server - MAGIX Edition        MAGIX AG        25.12.2011        11,5MB        2.1.31.0
Free YouTube Download version 3.0.20.1228        DVDVideoSoft Ltd.        02.02.2012        75,1MB       
Geeks3D.com FurMark 1.9.2        Geeks3D.com        22.12.2011        4,62MB       
Google Chrome        Google Inc.        09.02.2012                22.0.1229.94
GoZ DS4 (64bit)        DAZ 3D        04.02.2012        3,90GB        1.0.3.9
HandBrake 0.9.5                18.02.2012                0.9.5
Hexagon 2        DAZ 3D        04.02.2012        113GB        2.5.1.79
Hoffnung für heute                27.12.2011        20,6MB        2.3.2
iClone v4.31 PRO        Reallusion Inc.        23.03.2012                4.31.2517.1
iExplorer 2.2.1.3        Macroplant, LLC        10.05.2012        4,10MB       
Intel(R) Management Engine Components        Intel Corporation        01.10.2012                7.0.0.1144
IrfanView (remove only)        Irfan Skiljan        29.12.2011        1,50MB        4.32
iTunes        Apple Inc.        17.09.2012        182MB        10.7.0.21
jAlbum 9.3                27.12.2011               
Java 7 Update 7 (64-bit)        Oracle        19.09.2012        127MB        7.0.70
Java(TM) 6 Update 30        Oracle        21.12.2011        95,1MB        6.0.300
KoolMoves 7.4.2        Lucky Monkey Designs LLC        03.02.2012        19,4MB        7.4.2
Magic Bullet Quick Looks (MAGIX)        Red Giant        27.12.2011        24,0MB        1.0.0
MAGIX Audio Cleaning Lab MX        MAGIX AG        26.12.2011                18.0.0.7
MAGIX Screenshare        MAGIX AG        25.12.2011        1,54MB        4.3.6.1987
MAGIX Speed burnR (MSI)        MAGIX AG        25.12.2011        21,5MB        7.0.2.6
MAGIX Video deluxe 17 Premium Sonderedition        MAGIX AG        27.12.2011                10.0.11.0
MAGIX Video deluxe 17 Premium Sonderedition Video Plugins        MAGIX AG        27.12.2011        1,47MB        1.0.0.0
MAGIX Video deluxe MX Premium        MAGIX AG        27.12.2011                11.0.0.42
Malwarebytes Anti-Malware Version 1.65.0.1400        Malwarebytes Corporation        16.10.2012        19,3MB        1.65.0.1400
Mass Effect™ 3 Demo        Electronic Arts        18.02.2012                1.0.0.0
Microsoft .NET Framework 4 Client Profile        Microsoft Corporation        30.01.2012        38,8MB        4.0.30319
Microsoft .NET Framework 4 Extended        Microsoft Corporation        30.01.2012        51,9MB        4.0.30319
Microsoft Games for Windows - LIVE Redistributable        Microsoft Corporation        13.09.2012        31,3MB        3.5.92.0
Microsoft Games for Windows Marketplace        Microsoft Corporation        13.09.2012        6,03MB        3.5.50.0
Microsoft IntelliPoint 8.2        Microsoft Corporation        31.01.2012                8.20.468.0
Microsoft Office FrontPage 2003        Microsoft Corporation        14.08.2012        318MB        11.0.8173.0
Microsoft Office Professional Plus 2010        Microsoft Corporation        25.12.2011                14.0.6029.1000
Microsoft Silverlight        Microsoft Corporation        11.05.2012        50,6MB        5.1.10411.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053        Microsoft Corporation        24.01.2012        250KB        8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable        Microsoft Corporation        27.12.2011        298KB        8.0.56336
Microsoft Visual C++ 2005 Redistributable (x64)        Microsoft Corporation        12.07.2012        698KB        8.0.61000
Microsoft Visual C++ 2005 Redistributable - KB2467175        Microsoft Corporation        04.02.2012        2,64MB        8.0.51011
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148        Microsoft Corporation        23.03.2012        778KB        9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161        Microsoft Corporation        24.03.2012        788KB        9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022        Microsoft Corporation        25.12.2011        3,51MB        9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729        Microsoft Corporation        27.12.2011        234KB        9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17        Microsoft Corporation        25.12.2011        238KB        9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148        Microsoft Corporation        23.03.2012        222KB        9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161        Microsoft Corporation        25.12.2011        600KB        9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319        Microsoft Corporation        25.12.2011        13,7MB        10.0.30319
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219        Microsoft Corporation        03.05.2012        16,5MB        10.0.40219
MotionArtist 0.9        Smith Micro Software, Inc.        11.07.2012        58,8MB        0.9
Mozilla Firefox 10.0 (x86 de)        Mozilla        09.02.2012        35,4MB        10.0
MSXML 4.0 SP2 Parser and SDK        Microsoft Corporation        08.04.2012        5,04MB        4.20.9818.0
MSXML 4.0 SP3 Parser        Microsoft Corporation        25.12.2011        1,47MB        4.30.2100.0
MSXML 4.0 SP3 Parser (KB2721691)        Microsoft Corporation        12.07.2012        1,53MB        4.30.2114.0
MSXML 4.0 SP3 Parser (KB973685)        Microsoft Corporation        27.12.2011        1,53MB        4.30.2107.0
MultiCommander                26.01.2012               
MuseScore 1.2 MuseScore score typesetter        Werner Schweer and Others        16.03.2012                1.2.0
Neat Image v7.1.0 Demo Standalone        Neat Image team, ABSoft        30.12.2011               
Need for Speed(TM) Hot Pursuit        Electronic Arts        22.06.2012        7,77GB        1.0.0.0
Need For Speed™ World        Electronic Arts        18.02.2012        12,4MB        1.0.0.776
NewBlue Light Rays for Magix        NewBlue        27.12.2011                1.4
NewBlue Lightning for Magix        NewBlue        27.12.2011                1.4
NewBlueFX Light Blends        NewBlue        27.12.2011                1.4
NewBlueFX Premium Effects        NewBlue        27.12.2011                1.4
NVIDIA PhysX        NVIDIA Corporation        18.02.2012        78,9MB        9.10.0513
OpenAL                12.01.2012               
Origin        Electronic Arts, Inc.        08.09.2012                9.0.2.2065
Photomatix Pro version 4.1.2        HDRsoft Sarl        27.12.2011        22,2MB        4.1.2
Poser 7.0.4 Service Release                04.02.2012               
Poser Debut        Smith Micro Software, Inc.        03.01.2012        344MB        8.0.3
proDAD Adorage 3.0        proDAD GmbH        27.12.2011                3.0.92
proDAD Heroglyph 2.5        proDAD GmbH        27.12.2011                2.6.32
proDAD Mercalli 2.0        proDAD GmbH        27.12.2011                2.0.61
proDAD Vitascene 2.0        proDAD GmbH        27.12.2011                2.0.113
PunkBuster Services        Even Balance, Inc.        04.08.2012                0.990
QuickTime        Apple Inc.        26.12.2011        73,2MB        7.71.80.42
Rapture3D 2.4.8 Game        Blue Ripple Sound        12.01.2012               
Raw Therapee V4.0.7.1 x64        Raw Therapee Team        12.03.2012        48,9MB        4.0.701
Realtek Ethernet Controller Driver        Realtek        21.12.2011                7.37.1229.2010
Realtek High Definition Audio Driver        Realtek Semiconductor Corp.        25.12.2011                6.0.1.6235
Renesas Electronics USB 3.0 Host Controller Driver        Renesas Electronics Corporation        21.12.2011        1,00MB        2.0.32.0
Serif CraftArtist 2 Professional        Serif (Europe) Ltd        21.09.2012        833MB        2.0.0.22
Serif CraftArtist Baby Photos Collection        Serif (Europe) Ltd        26.12.2011        468MB        1.0.0.007
Serif CraftArtist Greeting Cards Collection        Serif (Europe) Ltd        26.12.2011        2,29GB        1.0.0.007
Serif CraftArtist Professional        Serif (Europe) Ltd        26.12.2011        232MB        1.0.5.043
Serif CraftArtist Scrapbooks Collection        Serif (Europe) Ltd        26.12.2011        815MB        1.0.0.007
Serif CraftArtist Wedding Days Collection        Serif (Europe) Ltd        26.12.2011        548MB        1.0.0.008
Serif MoviePlus X5        Serif (Europe) Ltd        27.05.2012        1,28GB        7.0.2.018
Serif PagePlus X3 Ressourcen        Serif (Europe) Ltd        26.12.2011        811MB        13.0.1.008
Serif PagePlus X4        Serif (Europe) Ltd        26.12.2011        466MB        14.0.5.027
Serif PagePlus X4 Ressourcen        Serif (Europe) Ltd        26.12.2011        620MB        14.0.0.008
Serif PagePlus X5        Serif (Europe) Ltd        13.01.2012        760MB        15.0.5.030
Serif PagePlus X6        Serif (Europe) Ltd        29.08.2012        1,33GB        16.0.2.27
Serif PanoramaPlus X4        Serif (Europe) Ltd        26.12.2011        119MB        4.0.2.009
Serif PhotoPlus X4        Serif (Europe) Ltd        26.12.2011        435MB        14.0.2.013
Serif WebPlus X4        Serif (Europe) Ltd        02.04.2012        514MB        12.0.5.033
Serif WebPlus X4 Ressourcen        Serif (Europe) Ltd        03.02.2012        90,9MB        12.0.0.008
Serif WebPlus X5        Serif (Europe) Ltd        21.03.2012        456MB        13.0.3.029
Serif WebPlus X6        Serif (Europe) Ltd        11.08.2012        505MB        14.0.1.23
Serif WebPlus: Business Template - Real Estate 1        Serif (Europe) Ltd        26.12.2011        1,30MB        1.0.0.005
Serif WebPlus: Business Template - Real Estate 2        Serif (Europe) Ltd        26.12.2011        820KB        1.0.0.005
Serif WebPlus: Interest Template - Music 1        Serif (Europe) Ltd        26.12.2011        1,01MB        1.0.0.005
Serif WebPlus: Interest Template - Photography 1        Serif (Europe) Ltd        02.05.2012        1,20MB        1.0.1.007
Serif WebPlus: Interest Template - Photography 2        Serif (Europe) Ltd        26.12.2011        2,27MB        1.0.0.005
SmartSound Common Data        SmartSound Software Inc.        28.12.2011        13,4MB        1.1.0
SmartSound Premiere Elements 10 x64 Plugin        SmartSound Software Inc.        28.12.2011        3,40MB        5.70.0001
SmartSound Sonicfire Pro 5        SmartSound Software Inc.        28.12.2011        60,7MB        5.7.1
SmartStore.biz 5        SmartStore AG        31.12.2011        88,9MB        5.6.02
SongBeamer - Elberfelder Bibel 2006        Hänssler Verlag        30.01.2012               
SongBeamer 4.09        SongBeamer        27.12.2011               
Source SDK Base 2007        Valve        19.09.2012               
SpeedCommander 10        SpeedProject        16.07.2012                10.0
Steam        Valve Corporation        18.07.2012        35,4MB        1.0.0.0
System.Data.SQLite v1.0.80.0        System.Data.SQLite Team        03.05.2012        7,93MB        1.0.80.0
TmNationsForever        Nadeo        23.02.2012               
TmUnitedForever        Nadeo        30.01.2012               
TrackMania United 0.2.0.8        Nadeo        29.01.2012               
Trine 2                01.10.2012               
TrueCrypt        TrueCrypt Foundation        30.06.2012                7.1a
Uplay        Ubisoft        18.07.2012                2.0
Vasco da Gama 4 HDPro        MotionStudios        27.12.2011        891MB        4.00.0000
Victoria 4.2 Base        Name of your company        04.02.2012        25,4GB        ps_pe069_Victoria4
Victoria 4.2 Base DAZ Studio Content        Name of your company        04.02.2012        254MB        ps_pe069_Victoria4DS
Victoria 4.2 Morphs++        Name of your company        04.02.2012        68,7GB        ps_pe070_V4Morphs
Victoria 4.2 Morphs++ DAZ Studio Content        Name of your company        04.02.2012        174MB        ps_pe070_V4MorphsDS
Virtua Tennis 4                13.09.2012               
virtualPhotographer 1.5.6        optikVerve Labs        29.12.2011               
VLC media player 1.1.11        VideoLAN        25.01.2012                1.1.11
Web Assistant 2.0.0.430        IB        03.05.2012        2,02MB       
Windows Live ID Sign-in Assistant        Microsoft Corporation        12.01.2012        10,0MB        6.500.3165.0
WinRAR 4.20 (64-Bit)        win.rar GmbH        29.06.2012                4.20.0
WISE-FTP 7        AceBIT GmbH        30.08.2012        7,73MB
Danke fürs checken.
Was soll ich nun tun?
LG

kira 17.10.2012 06:42
Systemreinigung und Prüfung:

► Wenn Du nun alle Schritte erledigt hast, melde dich mit die gewünschten Ergebnisse zurück!
Nur bei Probleme inzwischen melden!

1.
Deinstalliere unter Systemsteuerung-> Software/Programme:
Code:
Web Assistant <- Adware !!
Leider oft tragen sich "ungebetene Gäste direkt in die Suchleiste, Startseite und unter Erweiterungen ein" und sie können schon wirklich lästig sein... meistens aus Unwissenheit oder Ignoranz wird mitinstalliert, manche davon gehört sogar zur gefährlichsten Art der Adware , oder auch zum eine "Foistware-Gruppe".

Immer die benutzerdefinierte Installation wählen, nicht die Standardinstallation, weil dann oft Sachen mitinstalliert werden, die man nicht braucht oder nicht möchte.
Während des Installationsvorgangs die Lizenzbestimmungen immer lesen, und nicht sofort überall den Haken setzen bzw gesetzten Haken belassen, weil damit stimmt man nämlich zu, dass andere "Fremdprogramm", oder sogar Adware (Werbe-Pop-ups) durch Partnerprogrammen, Sponsoren etc - mitinstalliert wird, weil sich Freeware damit finanziert.
In diese Kategorie gehören noch einige, wie z.B: -> Unerwünschte Toolbars
Zitat:
Daher ist es ratsam, nach jeder Installation in alle installierten Browser zu kontrollieren:
die aktuelle Webseite als Startseite unter die Lupe nehmen
unter Extras ⇒ Erweiterungen nach ungewollte AddOns/PlugIns, Toolbars schauen
In der Liste Zurzeit installierte Programme (unter Systemsteuerung) nachsehen, ob sich so etwas "ungewoltes" (Programm, Toolbar etc) eingenistet hat!
2.
Zitat:
Achtung wichtig!:
Falls Du selber im Logfile Änderungen vorgenommen hast, musst Du durch die Originalbezeichnung ersetzen und so in Script einfügen! sonst funktioniert nicht!
(Benutzerordner, dein Name oder sonstige Änderungen durch X, Stern oder andere Namen ersetzt)
Fixen mit OTL
  • Starte die OTL.exe.
  • Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
  • Kopiere folgendes Skript also - nach dem "Code", alles was in der Codebox steht - (also beginnend mit :OTL und am Ende [emptytemp]), alles was in der Codebox steht (ohne "code"!) :
Code:
:OTL
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com/?crg=4.0002002
IE - HKLM\..\SearchScopes,DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://search.sweetim.com/search.asp?src=6&q={searchTerms}&crg=4.0002002
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://at.msn.com/?ocid=iehp
IE - HKCU\..\SearchScopes,DefaultScope = {1CADBE96-EECC-4F16-A813-60BD2A48DA4B}
IE - HKCU\..\SearchScopes\{1CADBE96-EECC-4F16-A813-60BD2A48DA4B}: "URL" = http://www.google.at/search?q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..extensions.enabledAddons: {336D0C35-8A85-403a-B9D2-65C292C39087}:2.0.0.430
FF - prefs.js..keyword.URL: "http://search.sweetim.com/search.asp?src=2&q="
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Johannes\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Johannes\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
[2012.05.03 11:15:24 | 000,002,203 | ---- | M] () -- C:\Users\Johannes\AppData\Roaming\mozilla\firefox\profiles\79s52rs8.default\searchplugins\MyStart Search.xml
[2012.05.03 11:17:04 | 000,003,934 | ---- | M] () -- C:\Users\Johannes\AppData\Roaming\mozilla\firefox\profiles\79s52rs8.default\searchplugins\sweetim.xml
[2012.05.03 11:17:11 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions\ffxtlbr@babylon.com
[2012.01.29 16:02:49 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.05.03 11:17:08 | 000,002,298 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
[2012.01.29 15:50:55 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.01.29 16:02:49 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.01.29 16:02:49 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.01.29 16:02:49 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
CHR - homepage: http://isearch.babylon.com/?babsrc=HP_ss&mntrId=ba010ec9000000000000f46d04b04223
CHR - homepage: http://isearch.babylon.com/?babsrc=HP_ss&mntrId=ba010ec9000000000000f46d04b04223
CHR - Extension: Web Assistant = C:\Users\Johannes\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd\2.0.0.430_0\
CHR - Extension: SweetIM for Facebook = C:\Users\Johannes\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.0.0.0_0\Copy of
CHR - Extension: SweetIM for Facebook = C:\Users\Johannes\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.0.0.0_0\
CHR - Extension: Web Assistant = C:\Users\Johannes\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd\2.0.0.430_0\
CHR - Extension: SweetIM for Facebook = C:\Users\Johannes\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.0.0.0_0\Copy of
CHR - Extension: SweetIM for Facebook = C:\Users\Johannes\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.0.0.0_0\
[2012.10.16 08:38:47 | 083,023,306 | ---- | M] () -- C:\ProgramData\dsgsdgdsgdsgw.pad
[2012.10.16 08:35:43 | 083,023,306 | ---- | C] () -- C:\ProgramData\dsgsdgdsgdsgw.pad

:Files
C:\Users\Johannes\AppData\Roaming\Babylon
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]

3.
Alle Programme/Fenster schliessen
Java-Cache leeren

Start => Systemsteuerung => Java => Allgemein => Temporäre Internet-Dateien "Einstellungen" => Dateien löschen => Haken bei "Anwendungen und Applets" sowie bei "Verfolgungs- und Protokolldateien" setzen => OK
-> Wie leere ich den Java-Cache?
-> Java-Cache leeren
-> Kurze Videoanleitung wie man unter Windows 7 und XP den JAVA Cache löschen kann.

4.
Java :
Ältere Versionen falls noch existieren, deinstallieren
► Die alte Java-Versionen verbleiben auf dem PC...aus Sicherheitsgründen müssen entfernt werden,auch in Zukunft darauf achten!

5.
Aktualisieren:
-> Mozilla Firefox-> Hilfe -> über Menü Hilfe -> "Über Firefox"
Info:-> Firefox auf die letzte Version aktualisieren

6.
Tipps - Der Internet Explorer von Microsoft gehört zur Grundausstattung unter Windows, somit wie alle andere installierte Software muss gepflegt werden! Auch bei Nicht-Verwendung!:
-> Tipps zu Internet Explorer
-> Standard Suchmaschine des Explorers ändern
-> Ändern oder Auswählen eines Suchanbieters in Internet Explorer 7/8
-> Wie kann ich den Cache im Internet Explorer leeren?

7.
Alle Programme/Fenster schliessen
reinige dein System mit CCleaner:
  • "CCleaner"→ "Analysieren"→ Klick auf den Button "Start CCleaner"
  • "Registry""Fehler suchen"→ "Fehler beheben"→ "Alle beheben"
  • Starte dein System neu auf

8.
Vorbereitung
  • Schließe evtl. vorhandene externe Festplatten und/oder sonstigen Wechselmedien (z. B. evtl. vorhandene USB-Sticks) an den Rechner an.
  • Bitte während der Online-Scans deaktivieren:
    Anti-Virus-Programm und Firewall.
  • Internet Explorer starten => im Menü unter Extras => Internetoption => Datenschutz => den Haken bei "Popupblocker einschalten" entfernen und
  • unter dem Reiter "Sicherheit" => die Sicherheitsstufe ggfs. auf "Mittelhoch" herabsetzen.
    Nicht vergessen, sie hinterher wieder einzuschalten bzw. die Internetoptionen wie zuvor einzustellen..
  • Während der Online-Scans auf andere Online-Aktivitäten verzichten.
  • Du musst das Herunterladen und Installieren von ActiveX-Steuerelementen (Controls) zulassen.

  • http://image.hijackthis.eu/upload/activex1.jpg
    .

Den PC NUR online scannen und NICHT ein zweites Antivirenprogramm installieren!!!
  • Eset Online Scanner (NOD32)
    • Unterstützte Betriebssysteme: Microsoft Windows 7 - Vista - XP - 2000 - NT.
    • Anmerkung für Vista und Windows 7-User: Bitte den Browser unbedingt als Administrator starten.
    • Dein Anti-Virus-Programm während des Scans deaktivieren.
    • Button "ESET Online Scanner" drücken.
    • IE-User müssen das Installieren eines ActiveX Elements erlauben.
    • Einen Haken bei "YES, I accept the Terms of Use." machen und auf den Button "Start" drücken.
    • Einen Haken bei "Remove found threads" und "Scan archives" machen.
    • Start drücken.
    • Signaturen werden heruntergeladen.
    • Der Scan beginnt automatisch.
    • Wenn fertig, das Protokoll speichern und mir posten.
      -> List of found threats
      -> Export to text file
      -> Back
      -> Delete quarantäne files
    • Finish drücken.
    • Browser schließen.
    • Deinstallation nachdem das Protokoll mir gepostet hast: Systemsteuerung => Software => Eset Online Scanner V3 entfernen.
    • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

9.
erneut einen Scan mit OTL:
  • Doppelklick auf die OTL.exe
  • Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
  • Oben findest Du ein Kästchen mit Ausgabe.
    Wähle bitte Standard-Ausgabe
  • Unter Extra-Registrierung wähle bitte Benutze SafeList.
  • Mache Häckchen bei LOP- und Purity-Prüfung.
  • Klicke nun auf Scan links oben.
  • Wenn der Scan beendet wurde werden zwei Logfiles erstellt.
    Du findest die Logfiles auf Deinem Desktop => OTL.txt und Extras.txt
  • Poste die Logfiles in Code-Tags hier in den Thread.

► berichte erneut über den Zustand des Computers. Ob noch Probleme auftreten, wenn ja, welche?

eagle_j 17.10.2012 13:03
Hallo, ich melde mich zwischendurch, weil ich nicht alle Punkte ausführen konnte:
Ich habe alles wie beschrieben erfolgreich gemacht bis zum Eset Test im IE9. Dieser fragte mich immer beim Herunterladen der Signaturen, ob ich einen Proxi konfiguriert hätte, weil er die Signaturen nicht laden könne. Hat das ev. mit Win 7 64Bit zu tun? Da hab ich nämlich zwei Internet Explorer Versionen (32 und 64 Bit) Bei beiden klappt es aber nicht.
Nach den vorherigen Punkten meldet sich beim Start des Internet Explorers immer ein lästiges Konfigurationsfenster für Addins, Suchanbieter - das war vor den Maßnahmen nicht der Fall. Und es kommt jedesmal.
Ich hab dann den Eset Online Scanner über Firefox (aktuelle Version) gedownloaded, installiert und da hats dann mit dem Herunterladen der Signaturen geklappt.
Nun ist er gerade am checken...
Ist das ok so? Oder muss ich mir wegen des ESET - Internet Explorer Problemes Sorgen machen?
Wie bekomme ich beim IE das lästige Einstellungsfenster (siehe iben) beim Start wieder weg?
Vielen Dank im vorhinein für die Hilfe.
LG

eagle_j 17.10.2012 17:26
Hallo. Der ESET Online Scan ist durch und auch OTL hab ich nochmal laufen lassen.
Alle anderen Punkte deiner Liste hab ich durchgeführt. Probleme gabs eben (wie im obigen Post beschrieben) nur beim IE mit dem ESET - der dort die Signaturen nicht herunterladen konnte - mit Firefox gings dann aber.

So nun der Text nach dem OTL Fix:
Code:
All processes killed
========== OTL ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C360-6118-11DC-9C72-001320C79847}\ not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache| /E : value set successfully!
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{1CADBE96-EECC-4F16-A813-60BD2A48DA4B}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1CADBE96-EECC-4F16-A813-60BD2A48DA4B}\ not found.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
Prefs.js: "Search the web (Babylon)" removed from browser.search.order.1
Prefs.js: {336D0C35-8A85-403a-B9D2-65C292C39087}:2.0.0.430 removed from extensions.enabledAddons
Prefs.js: "hxxp://search.sweetim.com/search.asp?src=2&q=" removed from keyword.URL
Prefs.js: "*.local" removed from network.proxy.no_proxies_on
Registry key HKEY_CURRENT_USER\Software\MozillaPlugins\@tools.google.com/Google Update;version=3\ deleted successfully.
C:\Users\Johannes\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll moved successfully.
Registry key HKEY_CURRENT_USER\Software\MozillaPlugins\@tools.google.com/Google Update;version=9\ deleted successfully.
File C:\Users\Johannes\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll not found.
C:\Users\Johannes\AppData\Roaming\mozilla\firefox\profiles\79s52rs8.default\searchplugins\MyStart Search.xml moved successfully.
C:\Users\Johannes\AppData\Roaming\mozilla\firefox\profiles\79s52rs8.default\searchplugins\sweetim.xml moved successfully.
C:\Program Files (x86)\mozilla firefox\extensions\ffxtlbr@babylon.com folder moved successfully.
C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml moved successfully.
C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml moved successfully.
C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml moved successfully.
C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml moved successfully.
C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml moved successfully.
C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml moved successfully.
Use Chrome's Settings page to change the HomePage.
Use Chrome's Settings page to change the HomePage.
File C:\Users\Johannes\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd\2.0.0.430_0 not found.
File C:\Users\Johannes\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.0.0.0_0\Copy of not found.
C:\Users\Johannes\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.0.0.0_0 folder moved successfully.
File C:\Users\Johannes\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd\2.0.0.430_0 not found.
File C:\Users\Johannes\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.0.0.0_0\Copy of not found.
File C:\Users\Johannes\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.0.0.0_0 not found.
C:\ProgramData\dsgsdgdsgdsgw.pad moved successfully.
File C:\ProgramData\dsgsdgdsgdsgw.pad not found.
========== FILES ==========
C:\Users\Johannes\AppData\Roaming\Babylon folder moved successfully.
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\Johannes\Desktop\cmd.bat deleted successfully.
C:\Users\Johannes\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56466 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Johannes
->Temp folder emptied: 5354696995 bytes
->Temporary Internet Files folder emptied: 1224568984 bytes
->Java cache emptied: 13527 bytes
->FireFox cache emptied: 87564465 bytes
->Google Chrome cache emptied: 14930253 bytes
->Flash cache emptied: 52546 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 178513889 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67899 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 6.543,00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 10172012_122734

Files\Folders moved on Reboot...
C:\Users\Johannes\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
Nun der ESET Text (ESET war bei mir in Deutsch) Das File hab ich aus dem ESET-Verzeichnis und hieß dort log:
Code:
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=7e5d543ba7e4bb44b761396df052d34c
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-10-17 02:59:24
# local_time=2012-10-17 04:59:24 (+0100, Mitteleuropäische Sommerzeit)
# country="Austria"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1792 16777215 100 0 25699669 25699669 0 0
# compatibility_mode=5893 16776573 100 94 22345 102104456 0 0
# compatibility_mode=8192 67108863 100 0 141 141 0 0
# scanned=678971
# found=2
# cleaned=2
# scan_time=11357
D:\Backup\Eigene Webs\Vorlagen\flash\Skripte\PHP\google.zip        PHP/Obfuscated.F Anwendung (gelöscht - in Quarantäne kopiert)        00000000000000000000000000000000        C
D:\Downloads\CHIP\LOESCHEN.zip        Win32/Adware.ADON Anwendung (gelöscht - in Quarantäne kopiert)        00000000000000000000000000000000        C
Die exportierte threats list (ESET):

Code:
D:\Backup\Eigene Webs\Vorlagen\flash\Skripte\PHP\google.zip        PHP/Obfuscated.F Anwendung        gelöscht - in Quarantäne kopiert
D:\Downloads\CHIP\LOESCHEN.zip        Win32/Adware.ADON Anwendung        gelöscht - in Quarantäne kopiert
Dann Neustart und OTL nach Anweisung:
OTL.txt
OTL Logfile:
Code:
OTL logfile created on: 17.10.2012 18:01:06 - Run 7
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\Johannes\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000c07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
7,98 Gb Total Physical Memory | 6,49 Gb Available Physical Memory | 81,34% Memory free
15,95 Gb Paging File | 14,27 Gb Available in Paging File | 89,47% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 467,21 Gb Total Space | 172,58 Gb Free Space | 36,94% Space Free | Partition Type: NTFS
Drive D: | 464,21 Gb Total Space | 56,12 Gb Free Space | 12,09% Space Free | Partition Type: NTFS
 
Computer Name: JOHANNES-PC2 | User Name: Johannes | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.10.16 17:10:08 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Johannes\Desktop\OTL.exe
PRC - [2012.09.07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012.08.13 09:33:46 | 000,547,984 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\ASUS Ai Charger\AiChargerAP.exe
PRC - [2012.08.04 11:45:48 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2012.07.31 10:23:32 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.05.24 20:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Users\Johannes\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2012.05.09 00:57:20 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.05.09 00:57:20 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2011.07.28 18:12:10 | 000,393,216 | ---- | M] (AMD) -- C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
PRC - [2011.05.24 11:33:30 | 001,840,128 | ---- | M] (MAGIX AG) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
PRC - [2010.11.17 03:53:16 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011.11.02 00:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011.11.02 00:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2012.07.28 04:09:44 | 000,239,616 | ---- | M] (AMD) [Disabled | Stopped] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2012.10.11 03:04:37 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.09.08 17:29:27 | 000,529,744 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012.09.07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.09.07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012.08.04 11:45:48 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.05.09 00:57:20 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.05.09 00:57:20 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.09.01 03:22:18 | 000,169,624 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor10.0)
SRV - [2011.06.12 12:15:00 | 031,125,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft Office2010\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2011.05.24 11:33:30 | 001,840,128 | ---- | M] (MAGIX AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe -- (Fabs)
SRV - [2011.05.05 22:36:05 | 000,022,528 | ---- | M] () [Disabled | Stopped] -- C:\Programme\DAZ 3D\Content Management Service\ContentManagementServer.exe -- (DAZContentManagementService)
SRV - [2011.04.26 14:54:12 | 002,702,848 | ---- | M] (MAGIX®) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
SRV - [2010.10.27 17:18:52 | 000,052,896 | ---- | M] (Atheros Commnucations) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\adminservice.exe -- (AtherosSvc)
SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.01.09 22:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2009.08.18 13:48:02 | 002,291,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.09.07 17:04:46 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012.08.21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012.07.28 06:07:44 | 010,278,912 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012.07.28 03:14:46 | 000,368,640 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012.07.09 13:42:54 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012.06.30 01:37:07 | 000,231,376 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\truecrypt.sys -- (truecrypt)
DRV:64bit: - [2012.05.14 08:12:30 | 000,096,896 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2012.05.09 00:57:20 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012.05.09 00:57:20 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.12.15 16:00:00 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2011.08.02 18:38:44 | 000,022,528 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netaapl64.sys -- (Netaapl)
DRV:64bit: - [2011.08.01 16:59:06 | 000,045,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2011.06.10 07:34:52 | 000,539,240 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.12.10 07:50:36 | 000,181,248 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2010.12.10 07:50:36 | 000,080,384 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2010.11.21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010.10.27 16:50:28 | 000,301,680 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_a2dp.sys -- (BTATH_A2DP)
DRV:64bit: - [2010.10.27 16:50:28 | 000,279,152 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btfilter.sys -- (BtFilter)
DRV:64bit: - [2010.10.27 16:50:28 | 000,203,624 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_hcrp.sys -- (BTATH_HCRP)
DRV:64bit: - [2010.10.27 16:50:28 | 000,156,520 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_rcp.sys -- (BTATH_RCP)
DRV:64bit: - [2010.10.27 16:50:28 | 000,058,992 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_lwflt.sys -- (BTATH_LWFLT)
DRV:64bit: - [2010.10.27 16:50:28 | 000,055,336 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AthDfu.sys -- (ATHDFU)
DRV:64bit: - [2010.10.27 16:50:28 | 000,038,248 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_flt.sys -- (AthBTPort)
DRV:64bit: - [2010.10.27 16:50:28 | 000,031,080 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_bus.sys -- (BTATH_BUS)
DRV:64bit: - [2010.10.20 20:05:18 | 000,014,592 | ---- | M] (ASUSTek Computer Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AiCharger.sys -- (AiCharger)
DRV:64bit: - [2010.10.19 17:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010.03.19 04:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2012.03.22 16:10:14 | 000,014,848 | ---- | M] (ASUSTek Computer Inc.) [Kernel | Boot | Running] -- C:\Windows\SysWOW64\drivers\AiCharger.sys -- (AiCharger)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKLM\..\SearchScopes,DefaultScope =
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.at/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-AT
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0D 39 6D EF 07 C0 CC 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {28D19648-2FD8-4E6E-B7BF-E0608E47C46E}
IE - HKCU\..\SearchScopes\{28D19648-2FD8-4E6E-B7BF-E0608E47C46E}: "URL" = hxxp://www.google.at/search?q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.order.1: ""
FF - prefs.js..browser.search.selectedEngine: "Google.at"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.google.at"
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_265.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll (Amazon.com, Inc.)
FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft)
 
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\Web Assistant\Firefox
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.10.17 13:13:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2012.02.09 17:55:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Johannes\AppData\Roaming\mozilla\Extensions
[2012.10.17 13:10:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Johannes\AppData\Roaming\mozilla\Firefox\Profiles\79s52rs8.default\extensions
[2012.06.06 12:00:19 | 000,002,467 | ---- | M] () -- C:\Users\Johannes\AppData\Roaming\mozilla\firefox\profiles\79s52rs8.default\searchplugins\googleat.xml
[2012.10.17 13:13:41 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.10.11 03:05:24 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.10.11 04:10:32 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.10.11 04:10:32 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.10.11 04:10:32 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.10.11 04:10:32 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.10.11 04:10:32 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.10.11 04:10:32 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - homepage: hxxp://isearch.babylon.com/?babsrc=HP_ss&mntrId=ba010ec9000000000000f46d04b04223
CHR - default_search_provider:  ()
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =
CHR - homepage: hxxp://isearch.babylon.com/?babsrc=HP_ss&mntrId=ba010ec9000000000000f46d04b04223
CHR - Extension: No name found = C:\Users\Johannes\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: No name found = C:\Users\Johannes\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: No name found = C:\Users\Johannes\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
CHR - Extension: No name found = C:\Users\Johannes\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: No name found = C:\Users\Johannes\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: No name found = C:\Users\Johannes\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No CLSID value found.
O2 - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.
O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ASUS Ai Charger] C:\Program Files (x86)\ASUS\ASUS Ai Charger\AiChargerAP.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [HydraVisionDesktopManager] C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe (AMD)
O4 - Startup: C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Johannes\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105 File not found
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Johannes\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Free YouTube Download - C:\Users\Johannes\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000 File not found
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - Reg Error: Value error. File not found
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office2010\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office2010\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office2010\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office2010\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7E2423B5-DAB0-4686-B78D-C0557C26D1A9}: DhcpNameServer = 213.94.78.16 213.94.78.17
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{844448C0-194D-41F9-8382-01E5B447EF47}: NameServer = 212.186.211.21,195.34.133.21
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.10.17 13:47:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012.10.17 13:11:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2012.10.17 13:11:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012.10.17 12:27:34 | 000,000,000 | ---D | C] -- C:\_OTL
[2012.10.16 20:10:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2012.10.16 20:10:02 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012.10.16 20:08:57 | 003,941,312 | ---- | C] (Piriform Ltd) -- C:\Users\Johannes\Desktop\ccsetup323.exe
[2012.10.16 17:10:08 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Johannes\Desktop\OTL.exe
[2012.10.16 16:59:34 | 000,000,000 | ---D | C] -- C:\Users\Johannes\Desktop\Musik
[2012.10.16 13:20:05 | 000,000,000 | ---D | C] -- C:\Users\Johannes\Desktop\Logs
[2012.10.16 09:03:59 | 000,000,000 | ---D | C] -- C:\Users\Johannes\AppData\Roaming\Malwarebytes
[2012.10.16 09:02:57 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.10.16 09:02:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.10.16 09:02:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.10.16 09:02:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.10.16 09:02:24 | 010,524,080 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\Johannes\Desktop\mbam-setup-1.65.0.1400.exe
[2012.10.10 19:56:50 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012.10.10 19:56:50 | 003,968,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012.10.10 19:56:50 | 003,914,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012.10.10 19:56:49 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll
[2012.10.10 19:56:17 | 001,464,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2012.10.10 19:56:16 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll
[2012.10.05 10:12:42 | 000,000,000 | ---D | C] -- C:\Users\Johannes\Desktop\WW10-2012
[2012.10.02 16:46:01 | 000,014,848 | ---- | C] (ASUSTek Computer Inc.) -- C:\Windows\SysWow64\drivers\AiCharger.sys
[2012.10.02 16:27:35 | 000,014,592 | ---- | C] (ASUSTek Computer Inc.) -- C:\Windows\SysNative\drivers\AiCharger.sys
[2012.10.02 16:26:12 | 000,000,000 | ---D | C] -- C:\Windows\AsDmiHtm
[2012.10.01 19:34:29 | 000,000,000 | ---D | C] -- C:\Users\Johannes\AppData\Roaming\Trine2
[2012.10.01 10:36:30 | 000,028,672 | ---- | C] (ASUSTek Computer Inc.) -- C:\Windows\SysWow64\AsIO.dll
[2012.10.01 10:36:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ASUS
[2012.10.01 02:39:55 | 000,000,000 | ---D | C] -- C:\Users\Johannes\Documents\Crazy Talk
[2012.10.01 01:39:00 | 000,000,000 | ---D | C] -- C:\Users\Johannes\AppData\Roaming\Reallusion
[2012.09.22 09:54:48 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012.09.22 09:54:48 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012.09.22 09:54:46 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012.09.22 09:54:45 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012.09.22 09:54:45 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012.09.22 09:54:45 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012.09.22 09:54:44 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012.09.22 09:54:44 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012.09.22 09:54:43 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012.09.22 09:54:43 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012.09.22 09:54:43 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012.09.22 09:54:43 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012.09.22 09:54:42 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012.09.22 09:54:42 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012.09.22 09:54:42 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2012.09.21 20:16:28 | 000,000,000 | ---D | C] -- C:\Program Files\Serif
[2012.09.19 13:52:46 | 001,034,216 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\npDeployJava1.dll
[2012.09.19 13:52:46 | 000,916,456 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\deployJava1.dll
[2012.09.19 13:52:46 | 000,289,768 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe
[2012.09.19 13:52:35 | 000,189,416 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe
[2012.09.19 13:52:35 | 000,188,904 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\java.exe
[2012.09.19 13:52:35 | 000,108,008 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\WindowsAccessBridge-64.dll
[2012.09.19 13:52:30 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2012.09.19 13:08:35 | 000,000,000 | ---D | C] -- C:\Users\Johannes\AppData\Roaming\.minecraft
[2012.09.19 01:52:11 | 000,503,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\srcore.dll
[2012.09.19 01:52:10 | 000,751,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll
[2012.09.19 01:52:10 | 000,492,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll
[2012.09.19 01:52:10 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\splwow64.exe
[2012.09.19 01:52:09 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\RNDISMP.sys
[2012.09.19 01:51:51 | 000,574,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll
[2012.09.18 13:00:34 | 000,000,000 | ---D | C] -- C:\Program Files\Gehriger Engineering
[2012.07.18 01:06:51 | 001,242,448 | ---- | C] (Valve Corporation) -- C:\Program Files (x86)\Steam.exe
 
========== Files - Modified Within 30 Days ==========
 
[2012.10.17 17:58:03 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.10.17 17:57:58 | 2129,219,583 | -HS- | M] () -- C:\hiberfil.sys
[2012.10.17 17:21:40 | 000,021,664 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.10.17 17:21:40 | 000,021,664 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.10.17 17:18:01 | 000,001,132 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3452236036-1519950677-1972415991-1000UA.job
[2012.10.17 13:46:39 | 001,612,484 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.10.17 13:46:39 | 000,696,620 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.10.17 13:46:39 | 000,651,938 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.10.17 13:46:39 | 000,147,916 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.10.17 13:46:39 | 000,120,870 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.10.17 13:13:42 | 000,001,151 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.10.17 12:47:55 | 000,137,202 | ---- | M] () -- C:\Users\Johannes\Documents\cc_20121017_124741.reg
[2012.10.16 20:10:03 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.10.16 20:09:11 | 003,941,312 | ---- | M] (Piriform Ltd) -- C:\Users\Johannes\Desktop\ccsetup323.exe
[2012.10.16 17:10:08 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Johannes\Desktop\OTL.exe
[2012.10.16 16:44:23 | 000,000,000 | ---- | M] () -- C:\Users\Johannes\defogger_reenable
[2012.10.16 16:37:47 | 000,050,477 | ---- | M] () -- C:\Users\Johannes\Desktop\Defogger.exe
[2012.10.16 09:02:57 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.10.16 09:02:36 | 010,524,080 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\Johannes\Desktop\mbam-setup-1.65.0.1400.exe
[2012.10.15 09:18:00 | 000,001,080 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3452236036-1519950677-1972415991-1000Core.job
[2012.10.10 20:18:56 | 000,002,506 | ---- | M] () -- C:\Users\Johannes\Desktop\Google Chrome.lnk
[2012.10.10 19:49:17 | 000,696,760 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012.10.10 19:49:17 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012.10.09 10:25:18 | 000,001,124 | ---- | M] () -- C:\Users\Johannes\Desktop\SongBeamer.lnk
[2012.10.02 18:13:58 | 000,027,946 | ---- | M] () -- C:\Windows\Ascd_tmp.ini
[2012.10.02 18:13:51 | 000,001,769 | ---- | M] () -- C:\Windows\Language_trs.ini
[2012.10.02 17:48:28 | 000,011,832 | ---- | M] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys
[2012.10.02 17:48:28 | 000,010,216 | ---- | M] () -- C:\Windows\SysWow64\drivers\AsInsHelp32.sys
[2012.10.02 17:09:29 | 004,194,304 | ---- | M] () -- C:\P8P67-ASUS-3509.ROM
[2012.10.02 16:46:17 | 000,028,672 | ---- | M] (ASUSTek Computer Inc.) -- C:\Windows\SysWow64\AsIO.dll
[2012.10.02 16:46:17 | 000,013,440 | ---- | M] () -- C:\Windows\SysWow64\drivers\AsIO.sys
[2012.10.01 10:43:22 | 000,001,106 | ---- | M] () -- C:\Users\Johannes\Desktop\MuseScore.lnk
[2012.10.01 01:57:35 | 000,000,075 | RHS- | M] () -- C:\Windows\CT6STET.BIN
[2012.09.22 17:23:51 | 001,404,488 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.09.21 20:16:43 | 000,002,135 | ---- | M] () -- C:\Users\Public\Desktop\Serif CraftArtist 2.lnk
[2012.09.19 13:52:31 | 000,108,008 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\WindowsAccessBridge-64.dll
[2012.09.19 13:52:30 | 001,034,216 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\npDeployJava1.dll
[2012.09.19 13:52:30 | 000,916,456 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\deployJava1.dll
[2012.09.19 13:52:30 | 000,289,768 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe
[2012.09.19 13:52:30 | 000,189,416 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe
[2012.09.19 13:52:30 | 000,188,904 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\java.exe
 
========== Files Created - No Company Name ==========
 
[2012.10.17 13:13:42 | 000,001,151 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.10.17 12:47:48 | 000,137,202 | ---- | C] () -- C:\Users\Johannes\Documents\cc_20121017_124741.reg
[2012.10.16 20:10:03 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.10.16 16:44:23 | 000,000,000 | ---- | C] () -- C:\Users\Johannes\defogger_reenable
[2012.10.16 16:37:47 | 000,050,477 | ---- | C] () -- C:\Users\Johannes\Desktop\Defogger.exe
[2012.10.16 09:02:57 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.10.02 17:45:44 | 004,194,304 | ---- | C] () -- C:\P8P67-ASUS-3509.ROM
[2012.10.01 10:43:22 | 000,001,106 | ---- | C] () -- C:\Users\Johannes\Desktop\MuseScore.lnk
[2012.10.01 10:36:30 | 000,013,440 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
[2012.10.01 10:36:28 | 000,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys
[2012.10.01 01:57:35 | 000,000,075 | RHS- | C] () -- C:\Windows\CT6STET.BIN
[2012.09.21 20:16:43 | 000,002,495 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Serif CraftArtist 2.lnk
[2012.09.21 20:16:43 | 000,002,135 | ---- | C] () -- C:\Users\Public\Desktop\Serif CraftArtist 2.lnk
[2012.08.04 00:05:28 | 000,189,248 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012.08.04 00:05:27 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012.03.23 11:30:11 | 000,007,168 | ---- | C] () -- C:\Users\Johannes\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.03.12 13:01:21 | 000,000,218 | ---- | C] () -- C:\Users\Johannes\.recently-used.xbel
[2012.03.09 14:06:14 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2012.02.15 04:36:36 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012.02.15 04:36:36 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012.01.30 02:29:20 | 001,589,442 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.01.09 12:34:09 | 000,601,088 | ---- | C] () -- C:\Users\Johannes\AppData\Roaming\SharedSettings.ccs
[2012.01.01 19:05:27 | 000,000,432 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2012.01.01 19:05:27 | 000,000,034 | ---- | C] () -- C:\Windows\SysWow64\BD2030.DAT
[2011.12.27 20:03:41 | 000,000,931 | ---- | C] () -- C:\Users\Johannes\.jalbum-defaults.jap
[2011.12.27 20:03:41 | 000,000,884 | ---- | C] () -- C:\Users\Johannes\.jalbum-recent-projects.properties
[2011.12.27 20:03:41 | 000,000,423 | ---- | C] () -- C:\Users\Johannes\.jalbum-ftp-accounts.xml
[2011.12.27 04:58:52 | 000,004,441 | ---- | C] () -- C:\Windows\jtzf_sq32.ini
[2011.12.25 15:05:49 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2011.12.21 20:18:20 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011.12.21 19:46:26 | 000,007,597 | ---- | C] () -- C:\Users\Johannes\AppData\Local\Resmon.ResmonCfg
[2011.12.21 19:12:38 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2011.12.21 19:12:32 | 000,027,946 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2011.09.28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011.09.13 01:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011.08.03 14:21:58 | 004,077,568 | ---- | C] () -- C:\Windows\QLMGXRenderer.dll
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012.09.19 13:24:44 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\.minecraft
[2011.12.27 05:04:53 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\AceBIT
[2012.01.07 04:45:51 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\Amazon
[2011.12.26 01:41:39 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\Ashampoo
[2011.12.25 13:57:05 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\bizarre creations
[2012.08.08 18:16:39 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\calibre
[2012.01.13 17:20:51 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\Canon
[2012.04.16 02:34:07 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012.02.27 04:00:18 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\CoffeeCup Software
[2012.01.24 18:01:44 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\ComBib
[2012.02.04 15:19:43 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\DAZ 3D
[2012.07.14 02:52:48 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\DiskAid
[2012.10.17 17:58:43 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\Dropbox
[2012.02.02 13:09:56 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\DVDVideoSoft
[2012.02.02 13:09:48 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.03.12 12:48:13 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\gtk-2.0
[2012.02.18 03:51:21 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\HandBrake
[2011.12.27 05:32:19 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\HDRsoft
[2011.12.27 02:52:40 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\MAGIX
[2012.04.30 12:53:06 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\MakeMusic
[2012.03.16 12:48:20 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\MultiCommander
[2012.02.16 00:04:34 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\MusE
[2011.12.30 18:27:02 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\NeatImage SL 64
[2012.02.18 04:51:40 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\Need for Speed World
[2012.07.10 11:31:39 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\Nik Software
[2012.09.08 18:40:36 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\Origin
[2012.02.04 16:50:30 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\Poser 7
[2012.02.04 16:33:43 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\Poser 7_2008_07_09 10_55_15 AM
[2012.01.03 09:16:44 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\Poser Debut
[2011.12.27 03:59:36 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\proDAD
[2012.01.05 04:32:46 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\Serif
[2011.12.31 17:59:22 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\SmartStore
[2012.07.11 17:58:30 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\Smith Micro
[2012.02.07 12:35:26 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\Software4u
[2012.10.14 03:57:44 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\SongBeamer
[2012.07.16 12:43:41 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\SpeedProject
[2012.10.01 19:34:29 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\Trine2
[2012.06.30 01:41:09 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\TrueCrypt
[2012.03.02 14:50:40 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\Ubisoft
 
========== Purity Check ==========
 
 

< End of report >
--- --- ---


und Extras.txt
OTL Logfile:
Code:
OTL Extras logfile created on: 17.10.2012 18:01:06 - Run 7
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\Johannes\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000c07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
7,98 Gb Total Physical Memory | 6,49 Gb Available Physical Memory | 81,34% Memory free
15,95 Gb Paging File | 14,27 Gb Available in Paging File | 89,47% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 467,21 Gb Total Space | 172,58 Gb Free Space | 36,94% Space Free | Partition Type: NTFS
Drive D: | 464,21 Gb Total Space | 56,12 Gb Free Space | 12,09% Space Free | Partition Type: NTFS
 
Computer Name: JOHANNES-PC2 | User Name: Johannes | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office2010\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office2010\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office2010\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office2010\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{027DA069-7FDC-4DFE-983E-F1ECC84B6AAB}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{03063BC3-A0ED-443E-9742-B22B6552AC3B}" = lport=137 | protocol=17 | dir=in | app=system |
"{05F4FEF1-6442-41A3-8A4E-0B4669D31E93}" = rport=138 | protocol=17 | dir=out | app=system |
"{09E9DB4E-A13F-4E3C-9467-E9031544F660}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{155A2F31-0542-4D6C-8CC5-3287F35011CC}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{162B726E-306A-40C3-A581-B5382133D9C1}" = rport=139 | protocol=6 | dir=out | app=system |
"{1DCC5D25-4403-4C9E-958C-A1444D4D1EBC}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{209BBA11-8CFE-46BB-AA74-F982CA3765A8}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{49988696-5508-4474-9039-A5D562404FBB}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |
"{51A3705B-139A-4A3A-B318-409DF1842A11}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{61C03BFC-2FA0-481C-A791-19CE7C6E2BA0}" = lport=138 | protocol=17 | dir=in | app=system |
"{8F7D1587-3110-4BB8-8D42-EB7B4AD5517C}" = lport=445 | protocol=6 | dir=in | app=system |
"{951D7F7D-04F9-4C0F-8009-BB166DEF38B3}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{9AF1ADE3-074A-4CAC-AAB8-1AF344F49DEF}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{A634EFC9-CB43-4C17-A680-96E61E6D6AA6}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{B3D25FE6-1B1D-45CB-AA2F-DC937C6F454D}" = rport=445 | protocol=6 | dir=out | app=system |
"{BB21617F-03B1-4132-95B8-4FE6CD14A24F}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{BB3EF0E9-8A87-48F8-B46B-607FFB5FB2E3}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{C977078D-FF19-4E03-93D7-46D5EEB3C305}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{C9EBAE05-57CA-4FD5-B25F-A6A53CEFC2B9}" = lport=139 | protocol=6 | dir=in | app=system |
"{EA1B08F8-CC79-44C3-8414-39D0EFEDBC80}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office2010\office14\outlook.exe |
"{F2B8DA3F-F6EC-4189-9111-C3CF1E256B71}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F6FB4B5C-91E3-4052-A0E9-FFF6F8D0B9B6}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{FC75C9F3-7398-4B3E-AFF4-970D0F4FFBD3}" = rport=137 | protocol=17 | dir=out | app=system |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{029A78F1-7394-4583-A7DD-1E054251F2DE}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\prince of persia\launcher\launcher.exe |
"{0A0A62E2-B346-46D0-A9D4-209AD654614C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\star trek online\star trek online.exe |
"{0A9203EF-578B-49C0-A5F7-2AC94FD15570}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\virtua tennis 4\vt4.exe |
"{0AE3D138-1A07-4E00-9676-7215D3524A07}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{0DDAFCC2-2A8B-49D2-A2F0-A4389CD43CA0}" = protocol=6 | dir=in | app=c:\program files (x86)\smith micro\motionartist\motionartist.exe |
"{0EB3BEBA-F3E2-4B03-A0A4-269F564D0E21}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{0F88C5F6-9AF4-4862-B4BF-03D0F79F3434}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{126C1894-E78F-4874-82AC-0616EEE97101}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{16B0B9C8-20C2-46DE-8751-8BE59471D698}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\burnout(tm) paradise the ultimate box\burnoutparadise.exe |
"{16DE49B5-6FE2-4FE4-9533-74F965064981}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\microsoft flight\flight.exe |
"{17E0DB1B-4AC4-43A2-A76D-118217F61601}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\burnout(tm) paradise the ultimate box\support\ea help\electronic_arts_technical_support.htm |
"{18B18EBC-C704-49B3-8CCA-D6D467D2E17A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\assassin's creed 2\assassinscreediigame.exe |
"{19ABE88F-47AA-423A-ADD8-82E90BDBC8F2}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\mass effect 3 demo\binaries\win32\masseffect3demo.exe |
"{25B38EB9-18D6-471B-A7EB-B803AB3131C2}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office2010\office14\groove.exe |
"{264CB953-04DF-4D73-84F7-A17C8A5A569F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\microsoft flight\flight.exe |
"{2674D841-6ABA-4CE0-8FDE-717B2CBCA2C8}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dirt 3\dirt3.exe |
"{27DF8793-1808-4B57-ACDC-5BBC8AB31988}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office2010\office14\groove.exe |
"{28513028-493C-4524-A500-AF3A2E240220}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office2010\office14\onenote.exe |
"{2A4756B7-520C-4B8B-86E4-4490ACFEB3CE}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{2CB7EE0E-CA32-4AB8-9BE7-47D26A2F59A6}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{36671498-1FBE-4434-B412-AC1F6D8619A7}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\portal 2\portal2.exe |
"{3A1E317F-78D5-494E-9A63-0DF0D3A1AB50}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{3C6310D4-61B2-4F0B-BC14-3C63B211FFDB}" = protocol=6 | dir=in | app=c:\users\johannes\appdata\roaming\dropbox\bin\dropbox.exe |
"{408E39CD-BC1E-43A4-B97C-14E65DEB2378}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\crysis\bin32\crysis.exe |
"{454978BD-3652-4724-825C-775222CFA544}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\portal 2\portal2.exe |
"{463B854E-BBB1-4AB2-AF65-1767936BD238}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\prince of persia\launcher\launcher.exe |
"{49C4B5C2-2125-410F-9165-61733D21D5CD}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\burnout(tm) paradise the ultimate box\burnoutparadise.exe |
"{4AA94CED-402C-408B-B79E-DCB9721F47E6}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\assassins creed\assassinscreed_game.exe |
"{55047D4F-CFF2-418F-B9A5-063B3C79913E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\max payne\maxpayne.exe |
"{5ACA05C9-FAD6-4ACF-95E6-895306562478}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\portal 2\portal2.exe |
"{5DECC12F-9F0F-4970-BA04-2AC6B123689C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\max payne\maxpayne.exe |
"{5F9F10B4-079F-410B-90B7-4EBAEF7C1F8E}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\need for speed hot pursuit\launcher.exe |
"{5FA2EDA7-FBB9-4521-B0C7-8387A907E85E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\flight_control_hd\flightcontrol_win32.exe |
"{5FD2686D-250F-41CB-8844-AFC815CED818}" = protocol=6 | dir=in | app=c:\windows\system32\cnac4rpd.exe |
"{60EF82EA-028C-438D-9C0C-9DE25E8990F7}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\virtua tennis 4\vt4.exe |
"{65D75AB7-1180-4CDE-A408-5B19B1089F0A}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{693F664F-0E39-4050-9484-91D5C707D33D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\burnout(tm) paradise the ultimate box\support\ea help\electronic_arts_technical_support.htm |
"{6D1A2BD8-3EE6-4775-BA60-DB897E965DE3}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{72673A37-FC5A-456B-94E5-982F1860C660}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\max payne 2 the fall of max payne\maxpayne2.exe |
"{76739171-6F93-480D-97EC-A5C9BD9B501B}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{7BBFAFDF-8020-4428-9C6F-B4ADAE0C6E3C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\trine 2\trine2_launcher.exe |
"{7E1D8AC7-D5EF-48F5-B2A9-5F9A567B89E3}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{83A91DDA-032A-4E22-B243-FCA45282AC49}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{84574FCA-BDF4-402C-BD7F-AD212ACCDF0F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{86E5DAFA-990E-4AF3-B683-B98F001BBEB5}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\portal 2\portal2.exe |
"{8A20A4B7-0A67-447B-A026-BF77970E29F8}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\assassins creed\assassinscreed_game.exe |
"{8BACA49D-E2C9-4041-9E7E-47D62E38C923}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\assassins creed brotherhood\acbsp.exe |
"{8BB3F9BD-AEDF-41C0-A9D5-B7861E422F72}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\burnout(tm) paradise the ultimate box\burnoutconfigtool.exe |
"{8CDACAE1-E51D-435E-8793-8EFF47A16871}" = protocol=17 | dir=in | app=c:\windows\system32\cnac4rpd.exe |
"{8E355948-2B63-4F03-BD01-47105099ACF7}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{8F548C08-6B1F-4A4F-A90A-D539AA5282F3}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\burnout(tm) paradise the ultimate box\burnoutconfigtool.exe |
"{9A59BF8F-8EDF-4F1F-853F-B2493741ECB4}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\mass effect 3 demo\binaries\win32\masseffect3demo.exe |
"{AC3B3170-5A6D-4C3C-AD32-E22A9F04C61D}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{B1284279-2933-4BD2-80DD-E5AED1F39807}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{B187F61C-5B1C-44A2-84E0-C161FF31888B}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\need for speed hot pursuit\launcher.exe |
"{C053D254-BFF9-4F29-A733-746111636BBB}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\virtua tennis 4\launcher.exe |
"{C278D24A-B23D-4869-9B2D-0EAB9FE58B0B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dirt 3\dirt3.exe |
"{C2E948B8-5580-4F76-AAB9-152A51277888}" = protocol=17 | dir=in | app=c:\users\johannes\appdata\roaming\dropbox\bin\dropbox.exe |
"{C5EE0450-AD8C-4CDA-8310-CFE2333162FD}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\assassin's creed 2\assassinscreediigame.exe |
"{CA6F13FF-AECD-4B89-877F-0B64946B41A8}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{D02A74E4-561E-4424-BFDC-2D04B5CCD093}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office2010\office14\onenote.exe |
"{D0F1FF5B-6843-4CD4-A22F-E4DEC54DEDF3}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\crysis warhead\bin32\crysis.exe |
"{D3817AE0-2A2B-4C2D-AF97-05C818A9C6B8}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\trine 2\trine2_launcher.exe |
"{DA5FB809-1CBA-454D-A8EB-54B6A4EAB89E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\assassins creed brotherhood\acbsp.exe |
"{E35F79D7-4AB6-4D40-AE0C-BB859909F1BA}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{E4C7FDEE-A87C-4BAE-A6A4-F68283A928CE}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\star trek online\star trek online.exe |
"{E774B196-3451-4D50-BA86-F240D115D76B}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{E833ED0A-FC69-431B-80B0-EC1AB1C6D40B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\virtua tennis 4\launcher.exe |
"{E861F3E6-67CC-4EB7-903B-8AE31B5459B0}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\flight_control_hd\flightcontrol_win32.exe |
"{E8BA1094-1A63-46BD-ACA7-B80F6EF12E15}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\crysis\bin32\crysis.exe |
"{E8BD6115-A507-4161-B74B-7C9CF23D61E1}" = protocol=17 | dir=in | app=c:\program files (x86)\smith micro\motionartist\motionartist.exe |
"{F1F649CE-B06A-48EB-B2F2-3A8B70EB4F6D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\max payne 2 the fall of max payne\maxpayne2.exe |
"{FEB5966D-FB07-42F3-B035-B94DF4DCAF4A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\crysis warhead\bin32\crysis.exe |
"TCP Query User{0B553E11-9391-4D17-B510-517CA836C513}C:\program files (x86)\steam\steamapps\common\blur\blur.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\blur\blur.exe |
"TCP Query User{24596A8E-37B8-48BF-BAC1-02B3DCAAEBF1}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"TCP Query User{2A3E41A3-6DED-4373-9051-A4DFBAEAED01}C:\program files (x86)\smith micro\anime studio debut 8\anime studio.exe" = protocol=6 | dir=in | app=c:\program files (x86)\smith micro\anime studio debut 8\anime studio.exe |
"TCP Query User{4CD0AE45-8A82-4902-9C3C-0185BF9E60A8}C:\program files (x86)\smith micro\poser debut\poserdebut.exe" = protocol=6 | dir=in | app=c:\program files (x86)\smith micro\poser debut\poserdebut.exe |
"TCP Query User{6D512BEA-8A39-4E8C-8DDC-5C157CE3C48A}C:\program files (x86)\origin games\need for speed hot pursuit\nfs11.exe" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\need for speed hot pursuit\nfs11.exe |
"TCP Query User{70744988-3EA2-4449-AC30-DEB23C10DF3B}C:\program files (x86)\tmnationsforever\tmforever.exe" = protocol=6 | dir=in | app=c:\program files (x86)\tmnationsforever\tmforever.exe |
"TCP Query User{81C36F38-DB1F-47FF-BC72-64F085206DF5}C:\program files (x86)\steam\steamapps\common\crysis 2 game of the year\bin32\crysis2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\crysis 2 game of the year\bin32\crysis2.exe |
"TCP Query User{92B05302-6141-40F4-AD4E-894E9BF1C5CD}C:\program files (x86)\e frontier\poser 7\poser.exe" = protocol=6 | dir=in | app=c:\program files (x86)\e frontier\poser 7\poser.exe |
"TCP Query User{94BCCDA7-BE96-4B96-BCB1-02594E1F35C3}C:\program files (x86)\smith micro\anime studio debut 8\anime studio.exe" = protocol=6 | dir=in | app=c:\program files (x86)\smith micro\anime studio debut 8\anime studio.exe |
"TCP Query User{A08B02E7-630C-4DA3-BB0D-180B7837E14A}C:\program files (x86)\tmunitedforever\tmforever.exe" = protocol=6 | dir=in | app=c:\program files (x86)\tmunitedforever\tmforever.exe |
"TCP Query User{A60A2CD4-3381-484B-91D9-A3EEA1FDB184}C:\program files (x86)\steam\steamapps\common\dirt 3\dirt3_game.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dirt 3\dirt3_game.exe |
"TCP Query User{AB31F086-BB51-4F38-98F3-E9984D1D1FD5}C:\program files (x86)\steam\steamapps\common\star trek online\star trek online\live\gameclient.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\star trek online\star trek online\live\gameclient.exe |
"TCP Query User{B5CF2684-C286-4728-962A-4062DD3884E0}C:\users\johannes\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\johannes\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{D89AD2D3-2400-4768-AC22-CE73DBFB768C}C:\program files (x86)\steam\steamapps\common\blur\blur.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\blur\blur.exe |
"TCP Query User{FD09C831-4272-49CF-AFF5-7B71D309B255}C:\program files (x86)\trackmania united\tmunited.exe" = protocol=6 | dir=in | app=c:\program files (x86)\trackmania united\tmunited.exe |
"UDP Query User{1E318440-C16A-4AA9-B00D-B6ED50ED2480}C:\program files (x86)\tmunitedforever\tmforever.exe" = protocol=17 | dir=in | app=c:\program files (x86)\tmunitedforever\tmforever.exe |
"UDP Query User{2A81B791-9659-4F6E-B0B5-51AFCB10488C}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"UDP Query User{4616AF84-C894-4895-9892-F659694E88B1}C:\program files (x86)\tmnationsforever\tmforever.exe" = protocol=17 | dir=in | app=c:\program files (x86)\tmnationsforever\tmforever.exe |
"UDP Query User{476299E9-0394-4233-AAB5-A1614FA1A2CA}C:\program files (x86)\steam\steamapps\common\star trek online\star trek online\live\gameclient.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\star trek online\star trek online\live\gameclient.exe |
"UDP Query User{4A60A829-D9C2-4A72-84E6-2103E7AF4032}C:\program files (x86)\steam\steamapps\common\blur\blur.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\blur\blur.exe |
"UDP Query User{57344D81-AEED-45D8-B8D8-A735AFE76270}C:\program files (x86)\smith micro\poser debut\poserdebut.exe" = protocol=17 | dir=in | app=c:\program files (x86)\smith micro\poser debut\poserdebut.exe |
"UDP Query User{6887CD3A-900F-4C75-91FD-E9EE15FE3C31}C:\program files (x86)\trackmania united\tmunited.exe" = protocol=17 | dir=in | app=c:\program files (x86)\trackmania united\tmunited.exe |
"UDP Query User{81062D8C-8CAE-480E-B8B5-B37FB6F216F3}C:\program files (x86)\smith micro\anime studio debut 8\anime studio.exe" = protocol=17 | dir=in | app=c:\program files (x86)\smith micro\anime studio debut 8\anime studio.exe |
"UDP Query User{8411F21B-8FD0-4C06-917C-50989CEDA70F}C:\program files (x86)\e frontier\poser 7\poser.exe" = protocol=17 | dir=in | app=c:\program files (x86)\e frontier\poser 7\poser.exe |
"UDP Query User{883A3BFA-6596-4C41-AF5C-C448EA41EFE4}C:\program files (x86)\steam\steamapps\common\blur\blur.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\blur\blur.exe |
"UDP Query User{909188C3-AB6D-4279-80C5-20863DE93838}C:\users\johannes\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\johannes\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{ACFA47F0-1460-49BC-A345-88FCCFC3F696}C:\program files (x86)\origin games\need for speed hot pursuit\nfs11.exe" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\need for speed hot pursuit\nfs11.exe |
"UDP Query User{C43AC7E2-7BD0-4F8D-BC4C-E4312C53DC1C}C:\program files (x86)\steam\steamapps\common\crysis 2 game of the year\bin32\crysis2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\crysis 2 game of the year\bin32\crysis2.exe |
"UDP Query User{C8265820-5865-4EA2-BE21-2676C929CBB9}C:\program files (x86)\steam\steamapps\common\dirt 3\dirt3_game.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dirt 3\dirt3_game.exe |
"UDP Query User{F8C69F8A-AB49-48E9-B80B-A800CC7A9114}C:\program files (x86)\smith micro\anime studio debut 8\anime studio.exe" = protocol=17 | dir=in | app=c:\program files (x86)\smith micro\anime studio debut 8\anime studio.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1" = Core Temp 1.0 RC3
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP540_series" = Canon MP540 series MP Drivers
"{1493B2AE-0261-47D2-B1AA-F4DAD0F6C48B}" = iTunes
"{230D1595-57DA-4933-8C4E-375797EBB7E1}" = Bluetooth Win7 Suite (64)
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{26A24AE4-039D-4CA4-87B4-2F86417007FF}" = Java 7 Update 7 (64-bit)
"{26F481C6-8DBE-4F8B-9D8D-715081C23ADE}" = Adobe Premiere Elements 10
"{3DAE9A67-DD8D-4EDB-91F7-7B5132B1864D}" = SmartSound Premiere Elements 10 x64 Plugin
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4D533F05-A3F6-F8A9-F1F6-FA6812089D36}" = AMD Drag and Drop Transcoding
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{624C7F0A-89B2-4C49-9CAB-9D69613EC95A}" = Microsoft IntelliPoint 8.2
"{6C2E334F-37F5-C312-53BA-1482F9A6FD4D}" = ccc-utility64
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{7446FE8D-C1F9-4D42-AAAE-5DBCE58605A6}" = Apple Mobile Device Support
"{81D00339-968D-15D1-3499-8431658E896F}" = AMD Catalyst Install Manager
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B9609B6D-9532-E0F8-BE41-DFE18BFAEC22}" = AMD AVIVO64 Codecs
"{BABA4667-CF82-B330-A8E5-6E8A09B2D911}" = AMD Accelerated Video Transcoding
"{C1AC1FED-9E75-42A5-B3EA-CCEC92E75D61}" = Raw Therapee V4.0.7.1 x64
"{D0BE8477-6206-4588-8148-971EDAB6BBAD}" = Serif CraftArtist 2 Professional
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
"{E6F5D8BE-0B00-6DD9-18F9-D4045798FCBE}" = AMD Media Foundation Decoders
"{EB59AEBA-DF0C-4532-9C09-31E7B660EC13}" = EMF Plug-In
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Canon LBP5000" = Canon LBP5000
"CCleaner" = CCleaner
"CutePDF Writer Installation" = CutePDF Writer 2.8
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft IntelliPoint 8.2" = Microsoft IntelliPoint 8.2
"Neat Image Standalone_is1" = Neat Image v7.1.0 Demo Standalone
"PhotomatixPro41x64_is1" = Photomatix Pro version 4.1.2
"PremElem100" = Adobe Premiere Elements 10
"WinRAR archiver" = WinRAR 4.20 (64-Bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01496C89-6117-AD97-3CB3-98AF2026070C}" = CCC Help German
"{02E43EC2-6B1C-45B5-9E48-941C3E1B204A}_is1" = System.Data.SQLite v1.0.80.0
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0486991B-63F4-5106-06CE-404D7BA55041}" = CCC Help Italian
"{05BBF12D-565E-4212-8BDD-C482C72866DD}" = Vasco da Gama 4 HDPro
"{0834BB26-4019-4BCA-81F9-067FAFBFAE80}" = DaisyTrail Posters Digikit
"{10B1D4F7-6568-48F7-92FD-74D616CD061E}" = Serif CraftArtist Wedding Days Collection
"{11D08055-939C-432b-98C3-E072478A0CD7}" = PSE10 STI Installer
"{15FD2553-F154-4A40-9A2A-226C91AEAED7}" = DaisyTrail Diwali 2011 Digikit
"{177A3BC5-ECD3-BFF1-4D87-C4B417924DF2}" = CCC Help Russian
"{182D9A20-F5AE-4E6C-A4FC-651351DD083E}" = Serif WebPlus: Business Template - Real Estate 1
"{189B9ACF-DBA6-4F52-8726-2E11049FB1F7}" = HydraVision
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{19D368B2-5601-007B-A296-535706E00D97}" = CCC Help English
"{1D273D91-D7D5-4036-8B84-EB4615FF5F81}" = SmartSound Sonicfire Pro 5
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{22D3A614-482C-444A-932C-9DA1B8ECDFD2}" = Elements 10 Organizer
"{2397CAD4-2263-4CD0-96BE-E43A980B9C9A}_is1" = Geeks3D.com FurMark 1.9.2
"{25015AF4-F435-4605-A06F-BA91C0BF6087}" = Serif CraftArtist Scrapbooks Collection
"{27786902-FB5A-484C-8A2E-2501215AE454}" = DaisyTrail Valentine's 2012 Digikit
"{278FA289-F502-D888-A3BA-5FA10308AAAD}" = CCC Help Danish
"{2DC240EA-51B1-4CC4-A0E5-4E4399CD7302}" = Serif PagePlus X4
"{312F775B-EF9B-4456-83C8-4B4596677C13}" = Serif CraftArtist Baby Photos Collection
"{31D888B7-9DA0-4219-9371-9A0037A097C6}" = MAGIX Screenshare
"{340C0246-975B-420F-8ADD-DEA69B16FDEE}" = Adobe Premiere Elements 10 Content 1
"{35EDE682-4AE5-47D6-B44F-103F859951DC}" = Serif PanoramaPlus X4
"{371C9583-5174-4CF8-B10D-D4C3AA7E8CD0}" = Serif PagePlus X5
"{39CF0384-AF7F-4E56-9A8F-6F533C8A6DF4}" = MAGIX Video deluxe 17 Premium Sonderedition Video Plugins
"{3EAF3023-F780-46E5-8220-72F8DB87A7EB}_is1" = WISE-FTP 7
"{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX
"{44F77218-4BBD-1B74-88B7-FC302868F2B3}" = CCC Help Japanese
"{465C892E-BEE0-422F-A992-EA627D1943A3}" = Serif WebPlus: Interest Template - Photography 2
"{489BC3B4-AEF9-E14A-11BC-B70FDE9D543D}" = CCC Help Chinese Traditional
"{4A85AE1B-9727-261D-9EAF-07C1AECCF977}" = CCC Help Turkish
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4F29521F-7338-4D15-8691-8FEEB987780C}" = Adobe Premiere Elements 10 HD Content 3
"{502699FF-F586-54B1-91E8-E85D9FAE0D6D}" = CCC Help Greek
"{505AFDC0-5E72-4928-8368-5DEA385E3647}" = CorelDRAW Graphics Suite 12
"{53450FA2-F4B6-48C4-805B-751000018201}" = Virtua Tennis 4
"{53EF1C4D-0705-98F2-1889-A69BBF9F03F3}" = CCC Help Thai
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{548A4EF3-BD97-0813-B469-E1E2FC9DE487}" = CCC Help Korean
"{55533224-CAD0-39B5-6297-E1B2D1D8F176}" = Catalyst Control Center
"{590828E0-9BA6-3E4D-8491-A1D9CC3EB8CE}" = CCC Help French
"{5D037ECA-B00A-466F-848C-D21B4DB69DEA}" = Adobe Premiere Elements 10 HD Content 1
"{60CE924D-12CB-4A96-8B75-18F92CE1D585}" = CrazyTalk v6.21 SE
"{61B3CAF9-0C8A-4390-AE72-D6B90FB71C17}" = Serif CraftArtist Professional
"{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Apple Application Support
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{6563FAF5-84F9-0A35-C032-182EBC4C3BDB}" = CCC Help Finnish
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6C5F8503-55D2-4398-858C-362B7A7AF51C}" = Firebird SQL Server - MAGIX Edition
"{6D46F639-5F2F-90F3-4B60-EB2EF264B82E}" = CCC Help Spanish
"{70210CF8-CAB1-8FEB-D964-C33AFE18730B}" = CCC Help Czech
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7430B12A-3B67-4191-B0C5-59E57344CB1F}" = iClone v4.31 PRO
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789567FD-CAA2-4E1C-B38E-9072B3015FFD}" = CrazyTalk Animator PRO Trial
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7B2CC3DF-64FA-44AE-8F57-B0F915147E4F}_is1" = Need For Speed™ World
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7C08721F-AC43-4198-A35B-93442DD10A26}" = Serif CraftArtist Greeting Cards Collection
"{7D427BD1-1C88-4007-BBFB-C2DD2ED48C63}" = Serif WebPlus X5
"{7D775738-C2CC-4E91-9E87-B3F77833A238}" = Serif WebPlus: Business Template - Real Estate 2
"{7FB64E72-9B0E-4460-A821-040C341E414A}" = ASUS Ai Charger
"{7FCBED5C-8C0F-43FA-9880-E3BBCE81FEF0}" = CoffeeCup Web Form Builder
"{7FD8B0C1-CDDA-4B4D-A577-B2E3570EA3A3}_is1" = iExplorer 2.2.1.3
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{83A606F5-BF6F-42ED-9F33-B9F74297CDED}" = Need for Speed(TM) Hot Pursuit
"{83C97249-FB38-4FF0-8480-1D8E367767D8}" = Serif WebPlus: Interest Template - Music 1
"{84228E96-3FBE-4E1F-9161-D55E527687D3}" = Hoffnung für heute
"{85DE30D0-AEC8-4799-A56A-14267C421A76}" = CoffeeCup Web Form Builder Lite
"{875F9A42-D47B-43E6-BA68-29D1895188D5}_is1" = Dynamic Auto-Painter 2.5.3
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8B1AEC85-4507-28BD-F3BA-4A5D732752E7}" = CCC Help Hungarian
"{8C5ACED4-34D3-23BB-F90E-2F90420321BC}" = Catalyst Control Center Localization All
"{8F42D65F-B288-401B-BDE3-308AF6B33BF8}" = MAGIX Video deluxe 17 Premium Sonderedition
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.PROPLUSR_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.PROPLUSR_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90170407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office FrontPage 2003
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{93C40A12-0098-46B1-972E-E8083686A7A0}" = Serif MoviePlus X5
"{96CFF0DB-C3C3-44B8-930C-1121EC68A3BF}" = Serif WebPlus X4 Ressourcen
"{99C7D73D-E201-4D03-B8A4-5EDBA529B505}" = Adobe Premiere Elements 10 Content 3
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9ADA45A0-8043-470A-8E8B-02EA7D95F896}" = Serif WebPlus X4
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C8D1290-0A4C-446C-AD86-0590812660CC}" = Adobe Premiere Elements 10 Content
"{9F06F464-479A-403E-AF92-70CBB8D674A1}" = PRE10STI64Installer
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A127C3C0-055E-38CF-B38F-1E85F8BBBFFE}" = Adobe Community Help
"{A1683CA7-4850-4A21-982B-C6D853C79AF7}" = Mass Effect™ 3 Demo
"{A3DAD349-E48E-AE45-3F26-7B80A4FFCD26}" = Catalyst Control Center InstallProxy
"{A5909EAD-96CE-49E4-9BA8-D2F271C34AB4}" = DaisyTrail Christmas Crafts Digikit
"{A93EC091-461F-46EE-BAE1-327EB608AA60}" = Serif PagePlus X4 Ressourcen
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{AFA3224E-8AD6-4EFA-9DBA-A2E499F30282}" = Serif PhotoPlus X4
"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
"{B0B1A8A5-4711-BB6C-DD59-9794AD928368}" = CCC Help Dutch
"{B2CF1869-8727-4F9C-BA7D-807CA9F7C528}" = Magic Bullet Quick Looks (MAGIX)
"{B33D2348-2938-1A03-0CD3-E6F7101244E0}" = CCC Help Polish
"{B47A51FD-0DBC-45E1-8275-C4B5D8351E98}" = DaisyTrail New Year 2012 Digikit
"{B5BF7B43-E13D-4A76-9F8F-E933817131EC}" = calibre
"{B7C8D838-9C3A-1177-B80A-E3C512FD8AF5}" = CCC Help Swedish
"{B8A2869E-30CA-40C5-9CF8-BD7354E57EF8}" = SmartSound Common Data
"{B8A6C9D6-7A53-41CB-BC2A-891F461B613E}" = DaisyTrail Table Plans Digikit
"{BB55B191-6B35-4BDD-BED6-B2C9F2089954}" = DaisyTrail Thankgiving 2011 Digikit
"{C36CC334-10DA-4D13-B4EA-605B453D8912}" = DaisyTrail Happy Hanukkah 2011 Digikit
"{C7B3C4B4-D6E1-4E5D-8428-1FB7111944B9}" = Serif WebPlus X6
"{C8B6F34D-EF2D-4804-9F5D-21BD556C52AA}" = DaisyTrail Valentine's Day 2011 Digikit
"{CF53472F-99F4-4DFC-A267-74FE2909E6BF}" = DaisyTrail Mother's Day 2011 Digikit
"{D0F1732F-DE2D-4A6D-BE19-2D6CF784356C}" = Serif PagePlus X3 Ressourcen
"{D1CE6204-061A-43B5-830F-6A8A35C4E0C6}" = Adobe Premiere Elements 10 HD Content 2
"{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1" = Rapture3D 2.4.8 Game
"{D66A42BA-3747-4628-9CE4-9E7C18C3ED95}" = Adobe Premiere Elements 10 Content 2
"{D91AB4D6-2CA1-4427-91B3-BB31D3C6D4EE}" = SmartStore.biz 5
"{D982FFA1-51C2-4187-8EED-563F718536A3}" = MAGIX Video deluxe MX Premium
"{DDCB737A-EEC8-3815-42DA-69011A55E3E5}" = Catalyst Control Center Graphics Previews Common
"{E170E984-6B20-79C2-1E9F-0256EC5ADFB4}" = CCC Help Chinese Standard
"{E23FEC6A-C2D9-4D91-ADF4-FD513B4421A3}" = Serif WebPlus: Interest Template - Photography 1
"{E2B22002-9C8B-43CC-A75B-464B6ED4FF6B}" = Serif PagePlus X6
"{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding
"{E5F7F7F8-9FE2-4AA4-B142-8B5981F0A290}" = DaisyTrail Certificates Digikit
"{E866E52C-1F56-4CCF-0071-CA915F8CFEDA}" = CCC Help Norwegian
"{EE549AF9-8FAA-4584-83B2-ECF1BC9DC1FF}" = Adobe Photoshop Elements 10
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F5D245CC-C332-1E8E-CCB1-75E0C3C4D6F1}" = CCC Help Portuguese
"{F8F9302E-27C2-45FA-A2D3-3880616A2BD1}" = MAGIX Speed burnR (MSI)
"{FBAB18E2-4F7F-4DBD-BBE2-2062602BF5CA}" = MAGIX Audio Cleaning Lab MX
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop Elements 10" = Adobe Photoshop Elements 10
"Adobe Premiere Elements 10 Content" = Adobe Premiere Elements 10 Content
"Adobe Premiere Elements 10 Content 1" = Adobe Premiere Elements 10 Content 1
"Adobe Premiere Elements 10 Content 2" = Adobe Premiere Elements 10 Content 2
"Adobe Premiere Elements 10 Content 3" = Adobe Premiere Elements 10 Content 3
"Adobe Premiere Elements 10 HD Content 1" = Adobe Premiere Elements 10 HD Content 1
"Adobe Premiere Elements 10 HD Content 2" = Adobe Premiere Elements 10 HD Content 2
"Adobe Premiere Elements 10 HD Content 3" = Adobe Premiere Elements 10 HD Content 3
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.15
"ASD800_is1" = Anime Studio Debut 8.0
"Ashampoo Burning Studio 10_is1" = Ashampoo Burning Studio 10 v.10.0.15
"Avira AntiVir Desktop" = Avira Free Antivirus
"Bryce 7.0 Content 7.0.0.21" = Bryce 7.0 Content
"Bryce 7.1 7.1.0.109" = Bryce 7.1
"Bryce Lightning 7.0 7.1.0.109" = Bryce Lightning 7.0
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"Color Efex Pro 3.0 Stand-Alone Standard" = Color Efex Pro 3.0 Standard
"DAZ Content Management Service 4.8.1.7" = DAZ Content Management Service
"DAZ Studio 4 (64bit) 4.0.3.47" = DAZ Studio 4 (64bit)
"DiskAid_is1" = DiskAid 5.11
"DS4 Default Content 4.0.0.19" = DS4 Default Content
"DVD Shrink_is1" = DVD Shrink 3.2
"Elements+_is1" = Elements+ for PSE 10, v.4.0
"ESET Online Scanner" = ESET Online Scanner v3
"Finale NotePad 2012" = Finale NotePad 2012
"Free YouTube Download_is1" = Free YouTube Download version 3.0.20.1228
"GoZ DS4 (64bit) 1.0.3.9" = GoZ DS4 (64bit)
"HandBrake" = HandBrake 0.9.5
"Hexagon 2 2.5.1.79" = Hexagon 2
"InstallShield_{1D273D91-D7D5-4036-8B84-EB4615FF5F81}" = SmartSound Sonicfire Pro 5
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"InstallShield_{B8A2869E-30CA-40C5-9CF8-BD7354E57EF8}" = SmartSound Common Data
"IrfanView" = IrfanView (remove only)
"jAlbum_0" = jAlbum 9.3
"KoolMoves_is1" = KoolMoves 7.4.2
"MAGIX_MSI_mclab_mx" = MAGIX Audio Cleaning Lab MX
"MAGIX_MSI_Videodeluxe17_premium" = MAGIX Video deluxe 17 Premium Sonderedition
"MAGIX_MSI_Videodeluxe18_premium" = MAGIX Video deluxe MX Premium
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.0.1400
"MotionArtist09_is1" = MotionArtist 0.9
"Mozilla Firefox 16.0.1 (x86 de)" = Mozilla Firefox 16.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MultiCommander" = MultiCommander
"MuseScore" = MuseScore 1.2 MuseScore score typesetter
"NewBlue Light Rays for Magix" = NewBlue Light Rays for Magix
"NewBlue Lightning for Magix" = NewBlue Lightning for Magix
"NewBlueFX Light Blends" = NewBlueFX Light Blends
"NewBlueFX Premium Effects" = NewBlueFX Premium Effects
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"OpenAL" = OpenAL
"Origin" = Origin
"PhotoZoom Classic 4" = BenVista PhotoZoom Classic 4.1.2
"Poser 7_is1" = Poser 7.0.4 Service Release
"Poser Debut_is1" = Poser Debut
"proDAD-Adorage-3.0" = proDAD Adorage 3.0
"proDAD-Heroglyph-2.5" = proDAD Heroglyph 2.5
"proDAD-Mercalli-2.0" = proDAD Mercalli 2.0
"proDAD-Vitascene-2.0" = proDAD Vitascene 2.0
"PunkBusterSvc" = PunkBuster Services
"SongBeamer_Bible_Elb2006_is1" = SongBeamer - Elberfelder Bibel 2006
"SongBeamer_Setup_is1" = SongBeamer 4.09
"SpeedCommander 10" = SpeedCommander 10
"Steam App 218" = Source SDK Base 2007
"Steam App 35720" = Trine 2
"Steam App 71390" = Virtua Tennis 4
"TmNationsForever_is1" = TmNationsForever
"TmUnited_is1" = TrackMania United 0.2.0.8
"TmUnitedForever_is1" = TmUnitedForever
"TrueCrypt" = TrueCrypt
"Uplay" = Uplay
"Victoria 4.2 Base DAZ Studio Content ps_pe069_Victoria4DS" = Victoria 4.2 Base DAZ Studio Content
"Victoria 4.2 Base ps_pe069_Victoria4" = Victoria 4.2 Base
"Victoria 4.2 Morphs++ DAZ Studio Content ps_pe070_V4MorphsDS" = Victoria 4.2 Morphs++ DAZ Studio Content
"Victoria 4.2 Morphs++ ps_pe070_V4Morphs" = Victoria 4.2 Morphs++
"virtualPhotographer_is1" = virtualPhotographer 1.5.6
"VLC media player" = VLC media player 1.1.11
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"fc6d9d64ce333d98" = BibleReader
"Google Chrome" = Google Chrome
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 29.08.2012 13:50:14 | Computer Name = Johannes-PC2 | Source = Steam Client Service | ID = 1
Description = Error: Invalid file signature: C:\Program Files (x86)\bin\SteamService.dll
 
Error - 29.08.2012 13:50:24 | Computer Name = Johannes-PC2 | Source = Steam Client Service | ID = 1
Description = Error: Invalid file signature: C:\Program Files (x86)\bin\SteamService.dll
 
Error - 29.08.2012 13:51:54 | Computer Name = Johannes-PC2 | Source = Steam Client Service | ID = 1
Description = Error: Invalid file signature: C:\Program Files (x86)\bin\SteamService.dll
 
Error - 29.08.2012 13:51:54 | Computer Name = Johannes-PC2 | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: VT4.exe, Version: 1.0.0.1, Zeitstempel:
 0x4de8f45c  Name des fehlerhaften Moduls: VT4.exe, Version: 1.0.0.1, Zeitstempel:
 0x4de8f45c  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00027205  ID des fehlerhaften Prozesses:
 0x5c0  Startzeit der fehlerhaften Anwendung: 0x01cd860ef90941cf  Pfad der fehlerhaften
 Anwendung: C:\Program Files (x86)\Steam\steamapps\common\Virtua Tennis 4\VT4.exe
Pfad
 des fehlerhaften Moduls: C:\Program Files (x86)\Steam\steamapps\common\Virtua Tennis
 4\VT4.exe  Berichtskennung: 37c8bf41-f202-11e1-ae3b-f46d04b04223
 
Error - 29.08.2012 13:52:00 | Computer Name = Johannes-PC2 | Source = Steam Client Service | ID = 1
Description = Error: Invalid file signature: C:\Program Files (x86)\bin\SteamService.dll
 
Error - 29.08.2012 13:56:52 | Computer Name = Johannes-PC2 | Source = Steam Client Service | ID = 1
Description = Error: Invalid file signature: C:\Program Files (x86)\bin\SteamService.dll
 
Error - 29.08.2012 13:56:53 | Computer Name = Johannes-PC2 | Source = Steam Client Service | ID = 1
Description = Error: Invalid file signature: C:\Program Files (x86)\bin\SteamService.dll
 
Error - 29.08.2012 13:56:54 | Computer Name = Johannes-PC2 | Source = Steam Client Service | ID = 1
Description = Error: Invalid file signature: C:\Program Files (x86)\bin\SteamService.dll
 
Error - 29.08.2012 14:15:46 | Computer Name = Johannes-PC2 | Source = Avira Antivirus | ID = 4110
Description = Während der Initialisierung der Suchengine trat ein unbekannter Fehler
 auf!  Fehlercode: 0x35
 
Error - 29.08.2012 14:17:19 | Computer Name = Johannes-PC2 | Source = WinMgmt | ID = 10
Description =
 
[ System Events ]
Error - 20.06.2012 06:18:10 | Computer Name = Johannes-PC2 | Source = bowser | ID = 8003
Description =
 
Error - 20.06.2012 06:30:12 | Computer Name = Johannes-PC2 | Source = bowser | ID = 8003
Description =
 
Error - 20.06.2012 06:54:16 | Computer Name = Johannes-PC2 | Source = bowser | ID = 8003
Description =
 
Error - 20.06.2012 07:30:21 | Computer Name = Johannes-PC2 | Source = bowser | ID = 8003
Description =
 
Error - 20.06.2012 08:06:28 | Computer Name = Johannes-PC2 | Source = bowser | ID = 8003
Description =
 
Error - 20.06.2012 08:30:33 | Computer Name = Johannes-PC2 | Source = bowser | ID = 8003
Description =
 
Error - 20.06.2012 09:06:40 | Computer Name = Johannes-PC2 | Source = bowser | ID = 8003
Description =
 
Error - 20.06.2012 09:42:36 | Computer Name = Johannes-PC2 | Source = bowser | ID = 8003
Description =
 
Error - 20.06.2012 10:06:40 | Computer Name = Johannes-PC2 | Source = bowser | ID = 8003
Description =
 
Error - 20.06.2012 10:42:56 | Computer Name = Johannes-PC2 | Source = bowser | ID = 8003
Description =
 
 
< End of report >
--- --- ---


Das wärs erstmal.

Sieht das jetzt ok aus? Oder muss ich noch etwas tun?
Vielen Dank für deine Mühe!
LG

kira 18.10.2012 05:21
Zitat:
Achtung wichtig!:
Falls Du selber im Logfile Änderungen vorgenommen hast, musst Du durch die Originalbezeichnung ersetzen und so in Script einfügen! sonst funktioniert nicht!
(Benutzerordner, dein Name oder sonstige Änderungen durch X, Stern oder andere Namen ersetzt)
Fixen mit OTL
  • Starte die OTL.exe.
  • Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
  • Kopiere folgendes Skript also - nach dem "Code", alles was in der Codebox steht - (also beginnend mit :OTL und am Ende [emptytemp]), alles was in der Codebox steht (ohne "code"!) :
Code:
:OTL
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes,DefaultScope = {28D19648-2FD8-4E6E-B7BF-E0608E47C46E}
IE - HKCU\..\SearchScopes\{28D19648-2FD8-4E6E-B7BF-E0608E47C46E}: "URL" = http://www.google.at/search?q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
CHR - homepage: http://isearch.babylon.com/?babsrc=HP_ss&mntrId=ba010ec9000000000000f46d04b04223
CHR - homepage: http://isearch.babylon.com/?babsrc=HP_ss&mntrId=ba010ec9000000000000f46d04b04223
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No CLSID value found.
O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.

:Files
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]

► berichte erneut über den Zustand des Computers. Ob noch Probleme auftreten, wenn ja, welche?

eagle_j 18.10.2012 08:07
Liste der Anhänge anzeigen (Anzahl: 1)
Hallo!

Gerade gemacht:
Textdokument nach OTL Fix:
Code:
All processes killed
========== OTL ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{28D19648-2FD8-4E6E-B7BF-E0608E47C46E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{28D19648-2FD8-4E6E-B7BF-E0608E47C46E}\ not found.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
Use Chrome's Settings page to change the HomePage.
Use Chrome's Settings page to change the HomePage.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ not found.
========== FILES ==========
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\Johannes\Desktop\cmd.bat deleted successfully.
C:\Users\Johannes\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Johannes
->Temp folder emptied: 208653 bytes
->Temporary Internet Files folder emptied: 236877257 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 12774967 bytes
->Google Chrome cache emptied: 6754407 bytes
->Apple Safari cache emptied: 2299904 bytes
->Flash cache emptied: 2283 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 247,00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 10182012_082729

Files\Folders moved on Reboot...
C:\Users\Johannes\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
Änderungen die mir aufgefallen sind:

1. Jetzt kommt wieder das Addon-Einstellungs Fenster beim IE9 Start.

2. Auf einer Website (ist mir bis jetzt nur da aufgefallen) kommt es zu Textdarstellungsfehlern (Sie funktioniert auf meinem Laptop mit Win7 und IE9 perfekt - und hat früher auch auf diesem PC funktioniert)
Alle Browser auf diesem PC nach den Fixes haben Probleme damit: IE9 und Firefox zeigen bestimmte Überschriften nicht mehr richtig an (siehe Anhang). Chrome und Safari zeigen sie an, aber in einer seltsamen Schrift (z.B. €- Zeichen wird nicht richtig angezeigt).
Hat das etwas mit den Fixes oder CCleaner zu tun?
Es betrifft den ganzen Webauftritt von www.propellerheads.se
Die eingekreiste Schrift sollte dieselbe sein, wie auch sonst im Shop vorhanden.
Ich will nur sicher gehen, deshalb frage ich (und weil ich die Website öfters mal verwende)

Vielen Dank für die Hilfe.
LG

kira 19.10.2012 02:53
JavaScript im Browser aktiviert?

Zitat:
Zitat von eagle_j (Beitrag 940450)
Hat das etwas mit den Fixes oder CCleaner zu tun?
Internet Explorer & Co:
nein, sicherlich nicht! Die Start und Suchseite des Browsers hat sich durch Adware & Spyware geändert, auch einige unerwünschte Erweiterungen wie z.B Babylon, Sweetim usw. Nachdem wir sie entfernt haben, leider die vorgenommenen Einstellungen auch weg sind.

eagle_j 19.10.2012 09:43
Hallo, danke für deine nächtliche Antwort.
Ja, JavaScript (Active Scripting) ist aktiviert.
Das Addon-Einstellungsfenster kam diesmal eh nur einmal - danach nicht mehr.
Die eingestellte Start- und Suchseite hatte ich eigentlich selbst so eingestellt.

Das Darstellungsproblem mit der einen Webseite scheint wohl etwas mit einer fehlenden oder defekten Schriftart zu tun zu haben oder mit einem CSS Problem. Wenn ich nämlich im IE9 bei der Barrierefreiheit "Schriftangaben auf Webseiten ignorieren" anklicke, dann wird der sonst fehlende oder weiße - und daher nicht sichtbare - Text ganz normal in der von mir eingestellten Standardschriftart angezeigt.
Dies könnte auch erklären, warum auch die anderen Browser damit Probleme haben (Chrome und Safari verwenden eine alternative Schriftart - sieht seltsam aus, Firefox alte Verion verwendete die selbe Schriftart, nach der Aktualisierung zeigt er die gleichen Darstellungsprobleme wie der IE9)
Den IE9 hab ich schon zurückgesetzt (nicht neu intalliert) - aber die Einstellungen zurückgesetzt.
Was kann ich nun sicher tun?
Eine Systemwiederherstellung auf vor einigen Wochen wird wohl nicht in Frage kommen, oder?
Oder sollte ich Windows irgendwie reparieren?
Ist jetzt generell mal mein PC soweit gesäubert? Soll ich noch etwas tun?
Vielen Dank für deine Hilfe!
LG

kira 19.10.2012 14:38
Zitat:
Das Darstellungsproblem mit der einen Webseite scheint wohl etwas mit einer fehlenden oder defekten Schriftart zu tun zu haben oder mit einem CSS Problem. Wenn ich nämlich im IE9 bei der Barrierefreiheit "Schriftangaben auf Webseiten ignorieren" anklicke, dann wird der sonst fehlende oder weiße - und daher nicht sichtbare - Text ganz normal in der von mir eingestellten Standardschriftart angezeigt.
glaube irgendwo habe darüber gelesen, durch einen Fehler im IE9 selbst oder ähnliches?

Zitat:
Was kann ich nun sicher tun?
Eine Systemwiederherstellung auf vor einigen Wochen wird wohl nicht in Frage kommen, oder?
kannst Du ja machen, aber wir müssen die ganze Prozedur neu anfangen bzw dein system auf Malware erneut untersuchen

Zitat:
Ist jetzt generell mal mein PC soweit gesäubert?
ansonsten momentan soll ales im grünen Bereich sein

eagle_j 20.10.2012 19:36
Hallo und vielen Dank für deine Hilfe.
Natürlich mach ich keine Systemwiederherstellung.

Das Internet Explorer Problem hab ich inzwischen auch eruiert, tatsächlich wars ein Konflikt mit einer installierten Schriftart. Hatte ich noch nie, aber nun klappts wieder.
Hab nun zwecks Surfsicherheit noch Sandboxie installiert.
Danke nochmal für deine Hilfe!

kira 21.10.2012 07:43
** Lass dein System in der nächste Zeit noch unter Beobachtung!
wenn alles gut verlaufen ist und dein System läuft stabil,mache folgendes:

1.
Programme deinstallieren/entfernen, die wir verwendet haben und nicht brauchst, bis auf:
Code:
CCleaner
- Zeitweise laufen lassen:-> Anleitung

2.
Tool-Bereinigung mit OTL

Wir werden nun die CleanUp!-Funktion von OTL nutzen, um die meisten Programme, die wir zur Bereinigung installiert haben, wieder von Deinem System zu löschen.
  • Bitte lade Dir (falls noch nicht vorhanden) OTL von OldTimer herunter.
  • Speichere es auf Deinem Desktop.
  • Doppelklick auf OTL.exe um das Programm auszuführen.
  • Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
  • Klicke auf den Button "Bereinigung"
  • OTL fragt eventuell nach einem Neustart.
    Sollte es dies tun, so lasse dies bitte zu.
Anmerkung: Nach dem Neustart werden OTL und andere Helferprogramme, die Du im Laufe der Bereinigung heruntergeladen hast, nicht mehr vorhanden sein. Sie wurden entfernt. Es ist daher Ok, wenn diese Programme nicht mehr vorhanden sind. Sollten noch welche übrig geblieben sein, lösche sie manuell.

3.
Windows legt beispielsweise regelmäßig Schattenkopien an (mindestens einmal täglich), die im Notfall zur Wiederherstellung des Systems und zum Zugriff auf ältere Dateiversionen dienen. Diese Funktion belegt sehr viel Speicherplatz. Standardmäßig beträgt der für Schattenkopien reservierte Speicherplatz 15 % der Volumegröße, so dass die Systemleistung auch beeinträchtigt wird. Außerdem gelöschte und ev. schädliche Objekte, die in der Systemwiederherstellung sitzen, müssen auch entfernt werden:
Also mach bitte folgendes: also zuerst deaktivieren-> dann aktivieren - also am Ende soll wieder "aktiviert" sein!

4.
Ich würde Dir vorsichtshalber raten, dein Passwort zu ändern (man sollte alle 3-4 Monate machen)
z.B. Login-, Mail- oder Website-Passwörter
Tipps:
Die sichere Passwort-Wahl - (sollte man eigentlich regelmäßigen Abständen ca. alle 3-5 Monate ändern)
auch noch hier unter: Sicheres Kennwort (Password)

5.
► Schaue bitte nach, ob für Windows neue Update gibt?!:-> - Microsoft Update hält Ihren Computer auf dem neuesten Stand!
-> Installiere jedes Update das Dir angeboten wird, wiederhole den Vorgang so oft, bis nicht mehr gibt

Lesestoff Nr.1:
Gib Kriminellen Handlungen keine Chance!
Zitat:
Sichere regelmäßig deine Daten (Bilder Musik, Dokumente, Mails (als Textdatei), im Browser Lesezeichen usw) auf CD/DVD, USB-Sticks oder externe Festplatten! Am besten 2x an verschiedenen Orten sichern!
  • Wie erstelle ich ein eingeschränktes Benutzerkonto?
  • Software immer auf dem neuesten Stand halten!:
    ALLE auf dem System installierten Programme und Treiber, sollten regelmäßig upgedatet werden um Sicherheitslücken zu vermeiden und um das reibungslose Arbeitsabläufe zu erreichen!
  • Firefox - FirefoxWiki/Einstellungen - Erweiterungen für Firefox
  • Sichere eMail Clients z.B. Thunderbird-->Erweiterungen für Mozilla Thunderbird
    - Unbekannten E-Mail-Anhang NICHT öffnen!
    - Mails besonders mit Anhang, nicht anklicken, sondern als Text oder in Druckversion anzeigen lassen
  • Sichere Paswort - Die sichere Passwort-Wahl - (sollte man eigentlich regelmäßigen Abständen ca. alle 3-5 Monate ändern)
    auch noch hier unter: Sicheres Kennwort (Password)
    Die fünf häufigsten Passwort-Fehler
  • "Never accept software from strangers" - Installiere grundsätzlich immer nur Programme, die Du auch wirklich benötigst und von denen Du überzeugt bist, dass sie seriös sind.
    Du hast die Wahl!, welche zusätzlichen Komponenten noch installiert werden sollen? -> Während der Installation immer mitlesen, Sponsoren und Partnerprogramme, Toolbars oder eventuell noch andere extra angebotene Programme möglichst abwählen!
    so wird oft Art von Adware/Spyware mitinstalliert!
  • NICHT irgendwelche Programme aus dem Netz laden, wenn nicht zu 100% fest steht, dass es sich dabei um saubere Software handelt. Nette Versprechen der Hersteller garantieren noch lange keine einwandfreie Funktionsweise, also vorher blättere die Seiten bei GOOGLE, da kannst Du Dir wertvolle Informationen holen!!!
  • Programme und Treiber:
    Nur vom Hersteller!
  • Onlinebanking:
    Gib deine Passwörter niemals preis!
    Seriöse Bankinstitute, E- Mail- Provider oder Online- Shops versenden grundsätzlich keine E- Mails, in denen Kunden aufgefordert werden, vertrauliche Daten wie Passwörter, Verfügernummer, PINs oder TANs preiszugeben. Bei dieser Art von E- Mails handelt es sich immer um Betrugsversuche, weshalb entsprechende Anfragen nicht beantwortet werden sollten. Sobald der Verdacht auf Betrug entsteht, melde deinen Verdacht der jeweiligen Bank- Hotline.
  • Computer, anderen (Gästen/Freunden) zur Nutzung überlassen überlassen - Nutze nur vertrauenswürdige Computer!
    Vergewissere dich, dass nur Personen deines Vertrauens deinen Computer nutzen oder verwalten und wickel niemals Bankgeschäfte über nicht vertrauenswürdige Computer - beispielsweise aus einem Internetcafé während des Urlaubs - ab
  • Wichtige Daten Regelmäßig sichern! - aber denk daran: dein Hauptsystem ist doch kein Lagerhalle!
  • Vorsicht bei der Nutzung fremder Computer und anschliessbare Externe Speichermedien wie Festplatte, USB Sticks, Speicherkarten usw![/color] - auch zeitweise anschließen und scannen lassen (sehe unter `kostenlose Online-Viren-Scanner`)
  • Webseiten ohne Gültiges Impressum nicht besuchen
    - Externe Geräte (Festplatte USB-Stick) nicht ständig am PC anschließen, sondern nur kurzfristig während Du etwas sichern möchtest
  • Lizenzkosten sparen? - Vorsicht bei Dateien/Programmen aus nicht vertrauenswürdigen Quellen! - "full Keygen, Crack, Serial, Warez, keygenerators" etc.
    Sind immer verseucht mit diverse Malware/Schadprogramme/Code, es gibt keine seite wo Viren frei ist. (Man sollte nicht absitlich der Teufel holen;)) Eine weitere höchst unsichere Quelle ist das File-Sharing der sog. (Musik-)Tauschbörse.
    ► Ausserdem machst Du dich damit strafbar!
  • Nur eine Firewall sowie ein Antiviren Programm verwenden, welche sich immer auf dem aktuellsten Stand befinden sollten!
    Das Installieren von `zuviel` Software beeinträchtigt die Systemleistung und Sicherheit, verlangsamt den Start-Vorgang enorm und belastet den Arbeitsspeicher (weil laufen ja die Programme nebeneinander gleichzeitig, die viel Performance fressen, aber wenig Qualität bringen). Im Laufe der Zeit wird der rechner durch zu viel unnötigen Ballast immer langsamer, und unsicherer. Um so mehr Programme installiert sind, um so häufiger treten Probleme auf, die dann unter Umständen nur schwer lösen können. Dazu kommt noch, das einige Programme große Sicherheitsrisiken mit sich bringen;)
  • Virenscanner
  • BSI für Bürger
  • SETI@home - [Sicherheit] Sicherheitskonzept

** Der gesunde Menschenverstand, Windows und Internet-Software sicher konfigurieren ist der beste Weg zur Sicherheit im Webverkehr ist !!
Zitat:
Da der Bestand der Datenbank wird täglich ergänzt und erweitert bzw werden mit der aktuellen Virendefinition die Informationen über den betroffenen Virus aufgenommen, empfehle ich dir mindestens einmal pro Woche (später genügt es sicherlich einmal im Monat) dein System Online Scannen lassen (immer mit einen anderen Scanner), um eine zweite Meinung einzuholen - Die auf dem Speichermedium gesicherten Daten sollten auch mit einbezogen werden!
(benutzen meist ActiveX und/oder Java): Kostenlose Online Scanner -
Lesestoff Nr.2:
► Kann sich auf Dauer eine Menge Datenmüll ansammeln, sich Fehlermeldungen häufen, der PC ist wahrscheinlich nicht mehr so schnell, wie früher:wünsch Dir alles Gute:)

Wenn Du uns unterstützen möchtest→ Spendekonto

gruß
kira


Alle Zeitangaben in WEZ +1. Es ist jetzt 03:53 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19