Trojaner-Board
Seite 3 von 5 12 3 45
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Word Datei verschlüsselt oder kann Sie nicht öffnen (https://www.trojaner-board.de/135489-word-datei-verschluesselt-oeffnen.html)

J3142 25.05.2013 13:27
ich habe die Zip Datei nicht geöffnet

ich habe die zip nicht geöffnet

markusg 25.05.2013 13:36
ok den rest abarbeiten.
wenn du mit meinen Anweisungen nicht zu rande hommst, hast du keinen bekannten der dir da durch helfen kann und meine Anleitungen bearbeitet.

J3142 25.05.2013 13:37
Leider nein :-(

ich versuche, dass zu machen was Du mir schreibst

ich muss mir microsoft security essencials herunterladen

markusg 25.05.2013 13:47
Microsoft Security Client ist schon instaliert, nichts neues runterladen, davon steht hier nichts.
du kannst auch auf start, ausführen
ereignissanzeige
enter
einträge mit:
Microsoft Antimalware
suchen, doppelklicken, und meldung(en) posten

J3142 25.05.2013 13:49
ok. und wo finde ich das :-(

die Meldung lassen sich nicht hier rein kopieren

hab 13 Suchergebnisse gefunden, aber hier kann sie nicht hier reinkopieren :-(

markusg 25.05.2013 15:24
doch geht, doppelklicke auf das ereigniss dann geht ein neues fenster mit den infos auf dort strg+a, das sollte alles markieren, dann strg+c und hier auf antworten, dort strg+v bzw einfügen, dass mit allen passenen meldungen

J3142 25.05.2013 16:38
Hallo J3142,

markusg hat auf das Thema 'Word Datei verschlüsselt oder kann Sie nicht öffnen' im Forum 'Plagegeister aller Art und deren Bekämpfung' bei Trojaner-Board geantwortet.

Dieses Thema ist hier zu finden:
http://www.trojaner-board.de/135489-...-new-post.html

Dies ist der Beitrag, der gerade geschrieben wurde:
***************
gibts noch mehr funde? falls nein schau als nächstes in microsoft security essencials (mse)
***************


Es könnte noch weitere Antworten auf das Thema geben, jedoch erhalten Sie keine zusätzlichen Benachrichtigungen, bis Sie das Forum wieder besucht haben.

Mit freundlichen Grüßen

Trojaner-Board

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Sie erhalten diese E-Mail, da Sie das Thema 'Word Datei verschlüsselt oder kann Sie nicht öffnen' abonniert haben.

Informationen zur Abbestellung:

Um das Thema abzubestellen, klicken Sie bitte auf diesen Link:
http://www.trojaner-board.de/subscri...64dc4eb371a437

Um ALLE Themen abzubestellen, klicken Sie bitte auf diesen Link:
http://www.trojaner-board.de/subscri...n&folderid=all

die Meldung kommt drei Mal

html{border:0;margin:0;padding:0;font-family:Segoe ui,Helvetica,Arial,sans-serif;font-size:.75em}body{margin:0;padding:0;text-align:center}div.articlehighlight{width:97%;padding:10px;margin:20px 0;border:0;background-color:#e8e8e8}div.twocolumns{width:100%}div.twocolumns div.column{margin:0;padding:0;width:48%;float:left}div.twocolumns div.column div.articlehighlight{margin:0 0 10px 0}div.twocolumns div.column object{margin:0 0 10px 0}p{color:#333333;margin:0 0 10px 0;padding:0;line-height:1.4em}h1{color:#2c2c2c;font-size:2em;font-weight:normal;margin:0 0 10px 0;padding:0}h2{color:#2c2c2c;font-size:1.5em;font-weight:normal;margin:0 0 5px 0;padding:0}h3{color:#2c2c2c;font-size:1.25em;font-weight:normal;margin:0 0 5px 0;padding:0}h4{color:#2c2c2c;font-size:1em;font-weight:bold;margin:0 0 5px 0;padding:0}ul.bignumbers{list-style-type:none;padding:0;margin:0}ul.bignumbers li.number1{background-image:url('/global/security/PublishingImages/global/1.gif');padding-left:30px;background-repeat:no-repeat;background-position:0 0}ul.bignumbers li.number2{background-image:url('/global/security/PublishingImages/global/2.gif');padding-left:30px;background-repeat:no-repeat;background-position:0 0}ul.bignumbers li.number3{background-image:url('/global/security/PublishingImages/global/3.gif');padding-left:30px;background-repeat:no-repeat;background-position:0 0}ul.bignumbers li.number4{background-image:url('/global/security/PublishingImages/global/4.gif');padding-left:30px;background-repeat:no-repeat;background-position:0 0}ul.bignumbers li.number5{background-image:url('/global/security/PublishingImages/global/5.gif');padding-left:30px;background-repeat:no-repeat;background-position:0 0}ul.bignumbers li.number6{background-image:url('/global/security/PublishingImages/global/6.gif');padding-left:30px;background-repeat:no-repeat;background-position:0 0}ul.bignumbers li.number7{background-image:url('/global/security/PublishingImages/global/7.gif');padding-left:30px;background-repeat:no-repeat;background-position:0 0}ul.bignumbers li.number8{background-image:url('/global/security/PublishingImages/global/8.gif');padding-left:30px;background-repeat:no-repeat;background-position:0 0}ul.bignumbers li.number9{background-image:url('/global/security/PublishingImages/global/9.gif');padding-left:30px;background-repeat:no-repeat;background-position:0 0}ul.bignumbers li.number10{background-image:url('/global/security/PublishingImages/global/10.gif');padding-left:30px;background-repeat:no-repeat;background-position:0 0}ul.bignumbers li.number11{background-image:url('/global/security/PublishingImages/global/11.gif');padding-left:30px;background-repeat:no-repeat;background-position:0 0}ul.bignumbers li.number12{background-image:url('/global/security/PublishingImages/global/12.gif');padding-left:30px;background-repeat:no-repeat;background-position:0 0}ul.bignumbers li.number13{background-image:url('/global/security/PublishingImages/global/13.gif');padding-left:30px;background-repeat:no-repeat;background-position:0 0}ul.bignumbers li.number14{background-image:url('/global/security/PublishingImages/global/14.gif');padding-left:30px;background-repeat:no-repeat;background-position:0 0}ul.bignumbers li.number15{background-image:url('/global/security/PublishingImages/global/15.gif');padding-left:30px;background-repeat:no-repeat;background-position:0 0}p a img{border:none}a:link{text-decoration:none;color:#008dc2}a:visited{text-decoration:none;color:#008dc2}a:hover{text-decoration:none;color:#333333}a:active{text-decoration:none;color:#333333}object{margin:10px 0;border:0;padding:0}#msviLSBWeb{display:none}div#logosearch{margin:0;padding:0;border:0}div#logosearch div#logo{margin:15px 0;float:left;width:auto}div#logosearch div#logo p{color:#fff;font-size:11px;margin:0;padding:0}div#logosearch div#logo p.mstitle{font-size:13px;margin:0px;padding:0px}div#logosearch div#logo p.headertitle{font-size:30px;font-weight:bold;margin-top:0px;padding-top:0px;padding-bottom:8px;line-height:25px}div#logosearch div#logo p.headersubtitle{font-weight:bold}div#logosearch div#sitesearch{margin:20px 9px 0 0;float:right}div#share p{float:left;padding:10px}div#share img{margin:0 5px 0 0}div.caption{padding:5px 0;border-bottom:1px solid black;margin:10px 0}div.caption p{font-size:.9em;font-style:italic}.border_margin{margin:13px -5px 0 15px !important}div#topNav ul#left,div#topNav ul#right{list-style-type:none;padding:0;margin:0}div#topNav ul#right{float:right;margin-right:20px}div#topNav ul#right li{float:left;margin:13px 0 0 10px}div#topNav ul#left li p,div#topNav ul#right li p{margin:0}div#topNav ul#right li img{margin-top:3px}div#topNav ul#left li a:link,div#topNav ul#left li a:visited{color:#0099cc;font-weight:bold;text-decoration:none;font-size:15px}div#topNav ul#right li a:link,div#topNav ul#right li a:visited{color:#009ad4;font-weight:normal;font-size:1.05em;text-decoration:none}div#topNav ul#left li a:hover{color:#898989;font-weight:bold;text-decoration:none}div#topNav ul#right li a:hover{color:#898989;font-weight:normal;text-decoration:none}div#topNav ul#left li a:active{color:#898989;font-weight:bold;text-decoration:none}div#topNav ul#right li a:active{color:#898989;font-weight:normal;text-decoration:none}div#topNav ul#left li p{text-transform:none}div#topNav ul#left li a.on{color:#898989}div#topNav p{font-size:1.05em}.breadcrumb{display:none}div#bodyContentLeft_Nav{ width:180px;height:auto}div.bodyContentLeft_Spacer{height:20px}div#bodyContentLeft_Ads{margin:0 0 0 22px;width:180px}div.border{border-top:double 1px #e0e0e0;border-bottom:double 1px #e0e0e0;height:3px;margin:0 0 20px 0}div.pageBackgroundMiddle{background-image:url('/global/security/PublishingImages/global/white_bg_middle.png');background-repeat:repeat-y;background-position:-6px 0px;margin:0}div.pageBackgroundBottom{background-image:url('/global/security/PublishingImages/global/white_bg_bottom.png');background-repeat:no-repeat;background-position:-6px 0px}.accordionhead{background:transparent url(/global/security/PublishingImages/global/i_want_to.jpg) no-repeat 0 0;width:223px;height:50px}.accordionhead h2{width:223px;height:50px;margin:0;padding:0 0 0 15px;font-size:27px;color:#fff;line-height:40px}#accordion{background:transparent url(/global/security/PublishingImages/global/bottom_bar_left_nav.jpg) no-repeat 0 bottom;width:223px;padding-bottom:26px}#accordion h3{border-left:none;border-right:none;border-bottom:none;border-color:#C1E4C3;margin:0;padding:0;background:#E9F7E6 url(/global/security/PublishingImages/global/plus.gif) no-repeat 10px 13px}#accordion h3.ui-state-active{background:#fff url(/global/security/PublishingImages/global/minus_icon.jpg) no-repeat 10px 17px;border:none}#accordion h3 a:link,#accordion h3 a:active,#accordion h3 a:visited,#accordion h3 a:hover{margin:0;padding:0;font-size:12px;color:#4f533f;padding:10px 20px 10px 25px;font-weight:bold}#accordion div{border:none;width:100%;height:auto;margin:0;padding:0;font-size:9.6pt}#accordion div ul{margin:0;padding:0 0 20px 0;height:auto;list-style-type:none}#accordion div ul li{margin:0;padding:0 20px 5px 40px;background:#fff url(/global/security/PublishingImages/global/square.jpg) no-repeat 30px 7px}#accordion div ul li a:link,#accordion div ul li a:active,#accordion div ul li a:visited,#accordion div ul li a:hover{color:#0099cc;text-decoration:none;margin:0;padding:0}.accordionhead span{width:223px;height:50px;margin:0;padding:0 0 0 15px;font-size:27px;color:#fff;line-height:40px}#accordion{background:transparent url(/global/security/PublishingImages/global/bottom_bar_left_nav.jpg) no-repeat 0 bottom;width:223px;padding-bottom:26px}#accordion p{border-left:none;border-right:none;border-bottom:none;border-color:#C1E4C3;margin:0;padding:0;background:#E9F7E6 url(/global/security/PublishingImages/global/plus.gif) no-repeat 10px 13px}#accordion p.ui-state-active{background:#fff url(/global/security/PublishingImages/global/minus_icon.jpg) no-repeat 10px 17px;border:none}#accordion p a:link,#accordion p a:active,#accordion p a:visited,#accordion p a:hover{margin:0;padding:0;font-size:10pt;color:#4f533f;padding:10px 20px 10px 25px;font-weight:bold}.selectblock{margin-top:15px}.selectblock span{padding-right:20px}.filtersection{width:100%;margin:20px 0 0 0;clear:both}.filtersection h2{font-size:22px;margin-bottom:12px;font-weight:normal;color:#555;clear:both}.filtersection p{margin:0 50px 20px 0;padding:0;width:170px;float:left}.filtersection p span{display:block}.filtersection a{display:block}.filtersection a img{clear:both;width:170px;height:109px;border:none}#related-feedback{margin:0;padding:0;border:0}#related{width:450px;float:left;margin:0;padding:0;border:0}.feedback{margin:0;padding:0;border:0;width:150px;flo at:right}#pageTools{ margin:0;padding:0;font:9px Verdana,Arial,Geneva,sans-serif;color:#00275b;width:75px}#pageTools ul{ list-style:none;margin:1px 0 0;padding:0}#pageTools ul li{ display:line-height:2em;padding-left:1em;margin-right:1em;margin:0 0 10px 0;border:0;background-image:none}#pageTools ul li:first-child{ margin-left:0}#pageTools a.print{ padding:0;margin:0;background:url('hxxp://i3.microsoft.com/de-de/security/shared/Templates/components/_msSecurity_ShareEmailPrint/images/pt-button-print.gif') no-repeat top left;color:#00275b;display:block;width:75px;height:19px;text-indent:-150px;overflow:hidden}#pageTools a.share{ padding:0;margin:0;background:url('hxxp://i3.microsoft.com/de-de/security/shared/Templates/components/_msSecurity_ShareEmailPrint/images/pt-button-share.gif') no-repeat top left;display:block;width:75px;height:19px;text-indent:-150px;overflow:hidden}#pageTools a.email{ padding:0;margin:0;background:url('hxxp://i3.microsoft.com/de-de/security/shared/Templates/components/_msSecurity_ShareEmailPrint/images/pt-button-email.gif') no-repeat top left;color:#00275b;display:block;width:75px;height:19px;text-indent:-150px;overflow:hidden}#pageTools .dynSBM-hide{display:none}#pageTools .dynSBM-show{display:block}ul #share-this-page{ list-style:none;margin:0;padding:0;background:#fff;border:1px solid #929292;width:120px;position:absolute}ul #share-this-page li{ margin:0;padding:5px;border:0;background-color:#fff;width:110px}#share-this-page a.delicious{padding:0.25em 0 0.25em 20px;background:url('hxxp://i2.microsoft.com/de-de/security/shared/Templates/components/_msSecurity_ShareEmailPrint/images/delicious.png') no-repeat 0 0;display:block;margin:0;border:0}#share-this-page a.digg{padding:0.25em 0 0.25em 20px;background:url('hxxp://i.microsoft.com/de-de/security/shared/Templates/components/_msSecurity_ShareEmailPrint/images/digg.png') no-repeat 0 0;display:block;margin:0;border:0}#share-this-page a.facebook{padding:0.25em 0 0.25em 20px;background:url('hxxp://i2.microsoft.com/de-de/security/shared/Templates/components/_msSecurity_ShareEmailPrint/images/facebook.gif') no-repeat 0 0;display:block;margin:0;border:0}#share-this-page a.twitter{padding:0.25em 0 0.25em 20px;background:url('hxxp://i3.microsoft.com/de-de/security/shared/Templates/components/_msSecurity_ShareEmailPrint/images/twitter.png') no-repeat 0 0;display:block;margin:0;border:0}.topstoryheading,.videoHeading{font-size:13px}@media print{#page-tools{ display:none}}div#faq{margin:0;padding:0;font-family:Segoe UI}div#faq a:link,div#faq a:visited,div#faq a:hover,div#faq a:active{text-decoration:none;color:#008dc2}div#faq ul#showLinks{list-style-type:none;padding:0;margin:0;float:right;width:auto;position:relative;top:10px}div#faq ul#showLinks #showAll,div#faq ul#showLinks #hideAll{padding:5px 0 0 0}div#faq ul#showLinks li{float:left;margin:0;padding:0}div#faq ul#showLinks li p{margin:0;padding:0}div#faq ul#showLinks li img{margin:5px 10px 0 10px;padding:0}div#faq ul#showLinks li p a:link,div#faq ul#showLinks li p a:visited,div#faq ul#showLinks li p a:active{text-decoration:none;font-size:12px}div#faq ul#showLinks li p a:hover{text-decoration:underline}div#faq div#faqContainer{clear:both;margin-bottom:30px} div#faq div#faqContainer .question{padding:10px 0;margin:0;height:auto}div#faq div#faqContainer .question a:link,div#faq div#faqContainer .question a:visited,div#faq div#faqContainer .question a:hover,div#faq div#faqContainer .question a:active{text-decoration:none;color:#000000;font-size:13px;line-height:24px;font-weight:bold;padding:0 0 0 25px}div#faq div#faqContainer .answer{font-size:13px;padding:0 0 0 25px;margin:0}div#faq div#faqContainer .minus{background:url(/global/security/PublishingImages/global/minus.png) no-repeat 0 13px}div#faq div#faqContainer .plus{background:url(/global/security/PublishingImages/global/plus.png) no-repeat 0 13px} table{border:0;margin:10px 0}table tr td,table tr th{border:0;border-bottom:1px solid #333}table tbody.noborder tr td,table thead.noborder tr th{border:0}table.alternate tr{background-color:#dadada}table.alternate tr.alternating{background-color:#eee}table.alternate tr th{background-color:#b1e8e5}p.lefthalf{float:left;width:50%}p.righthalf{float:left;width:47%;padding-left:20px}p.righthalf select{margin:10px 0}p.righthalf span{display:block}span#downloadterms{display:none}span#downloadterms span{font-weight:bold;margin:10px 0}span#downloadterms a.acceptlink{display:block;padding:15px 0 0 0}p.presentationimage{padding:15px 0}p.downloadbutton a:link,p.downloadbutton a:visited,p.downloadbutton a:active{background:url(/global/security/PublishingImages/global/btn_dwnload_sprite.png) no-repeat 0px -42px;padding-left:35px;height:42px;display:inline-block;width:auto;color:#fff;font-weight:bold}p.downloadbutton a span{background:url(/global/security/PublishingImages/global/btn_dwnload_sprite.png) no-repeat 100% 0px;height:42px;line-height:42px;padding-right:35px;padding-left:6px;display:inline-block;width:auto}table.pwchecker tr td{border-bottom:none;padding-right:6px}.clear:after{content:".";display:block;height:0;clear:both;visibility:hidden} .clear{display:inline-table}* html .clear{height:1%}.clear{display:block}

markusg 25.05.2013 16:40
was soll ich damit jetzt anfangen? ich möchte die meldungen von microsoft scanner sehen wie beschrieben, nicht deine Benachichtigungen das ich geantwortet hab

J3142 25.05.2013 16:42
.homepage_AccordianHeadings > li > h4
{
height:35px;
}

#bodycontent
{
height:365px;
}

.copyright_right{float:right;}

.bottom_links
{
/*padding-left: 228px !important;*/
padding-left: 0 !important;
text-align:right;
width:800px;
}
.headersubtitle{
color:#000000 !important;
display:block !important;
}

.homepage_Accordian
{
/*margin-bottom: 15px !important;*/
height:311px !important;
margin-top: -6px !important;
}

.homepage_AccordianContent li h4
{
margin: 0px 0px 0px 10px !important;
}

.homepage_Accordian p
{
line-height:12px !important; margin:5px 0px 0px !important;
}

.homepage_AccordianContent
{
padding-top:2px !important;
}
.homepage_AccordianHeadings li h4
{
height: 30px !important;
font-size:12px !important;
padding-right:5px !important;
}
.homepage_AccordianHeadings li
{
line-height:14px !important;
/*background-position: 3px 0px !important;*/
}

._1LinerText{padding-top:6px !important;}

.noalternate td{
vertical-align:top;
}

#topnav #topmenu, #topnav #topmenu #container{width:700px !important;}


/*de-de changes begin*/
#imgslider .bjqs-markers li > a {
background-image:url(/global/de-de/security/publishingimages/header/bullet.png);
}
#topmenu .root>a {
padding: 0 15px 0 15px;
}
.copyright .copyright_left .globe {
padding-left:6px;
}
/*de-de changes end*/


#dsin{display:none;}

<?xml version="1.0" encoding="UTF-8"?>
-<de-de_security> -<HeaderShareLinks> <NewsLetterLink Link="hxxp://technet.microsoft.com/de-de/security/cc307424.aspx" Text="Newsletter"/> <FollowText Text="Follow:"/> <PrintText Text="Drucken" Image="/global/security/PublishingImages/global/print.png"/> </HeaderShareLinks> </de-de_security>

markusg 25.05.2013 16:44
was soll das sein?

J3142 25.05.2013 16:46
ich bin einfach zu blöd, bin gerade voll überfordert :-( sorry das Du Deine Zeit für mich opferst.

markusg 25.05.2013 16:48
du hast doch schon die ergebnisse gefunden hast du gesagt,in der ereignissanzeige, für
Microsoft Antimalware
da einfach auf jedes, du sagst es waren 13, doppelklicken, mit der maus alles markieren, strg+c drücken, antworten und hier die ergebnisse einfügen, nacheinander.

J3142 25.05.2013 16:57
<?xml version="1.0"?>
-<SMlog> -<ID> <NA>A Note.lnk</NA> <ST>1</ST> <PU>A Note</PU> <PA>%PROGRAMFILES%\a note\a note.exe</PA> <SL>3</SL> <SP>C:\Users\Herrmann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup</SP> <RP/> <WOW/> <IE>0</IE> <IS>2</IS> <IN/> <MD5>c76bb600153e9a62493c0e3077a6b04c</MD5> </ID> -<ID> <NA>ApnUpdater</NA> <ST>1</ST> <PU>Ask</PU> <PA>%PROGRAMFILES%\ask.com\updater\updater.exe</PA> <SL>1</SL> <SP>HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run</SP> <RP/> <WOW>1</WOW> <IE>0</IE> <IS>2</IS> <IN/> <MD5>1acba585d47fb69c12f26074517efe5a</MD5> </ID> -<ID> <NA>AppleSyncNotifier</NA> <ST>1</ST> <PU>Apple Inc.</PU> <PA>%PROGRAMFILES%\common files\apple\mobile device support\applesyncnotifier.exe</PA> <SL>1</SL> <SP>HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run</SP> <RP/> <WOW>1</WOW> <IE>0</IE> <IS>2</IS> <IN/> <MD5>3417e5691ac9e5b6c3176d2b66dae82d</MD5> </ID> -<ID> <NA>APSDaemon</NA> <ST>1</ST> <PU>Apple Inc.</PU> <PA>%PROGRAMFILES%\common files\apple\apple application support\apsdaemon.exe</PA> <SL>1</SL> <SP>HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run</SP> <RP/> <WOW>1</WOW> <IE>0</IE> <IS>2</IS> <IN/> <MD5>46da8e7484ac7a52ce1d6e428398724b</MD5> </ID> -<ID> <NA>DAEMON Tools Lite</NA> <ST>1</ST> <PU>DT Soft Ltd</PU> <PA>%PROGRAMFILES%\daemon tools lite\dtlite.exe</PA> <SL>1</SL> <SP>HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run</SP> <RP/> <WOW>0</WOW> <IE>0</IE> <IS>2</IS> <IN/> <MD5>f34e7705751bb413283434697bf8e55d</MD5> </ID> -<ID> <NA>DriverScanner</NA> <ST>1</ST> <PU>Uniblue Systems Limited</PU> <PA>%PROGRAMFILES%\uniblue\driverscanner\launcher.exe</PA> <SL>1</SL> <SP>HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run</SP> <RP/> <WOW>0</WOW> <IE>0</IE> <IS>2</IS> <IN/> <MD5>98d7c3f58884d89d1f16f4f77bcd00ee</MD5> </ID> -<ID> <NA>DriverScanner</NA> <ST>1</ST> <PU>Uniblue Systems Limited</PU> <PA>%PROGRAMFILES%\uniblue\driverscanner\dsmonitor.exe</PA> <SL>2</SL> <SP/> <RP/> <WOW/> <IE>0</IE> <IS>2</IS> <IN/> <MD5>0b14724f4869639b92cef25f2cf72448</MD5> </ID> -<ID> <NA>EzPrint</NA> <ST>1</ST> <PU>Lexmark International Inc.</PU> <PA>%PROGRAMFILES%\lexmark 5200 series\ezprint.exe</PA> <SL>1</SL> <SP>HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run</SP> <RP/> <WOW>1</WOW> <IE>0</IE> <IS>2</IS> <IN/> <MD5>5f9f9dcc28733f6601a9f49fb44351d5</MD5> </ID> -<ID> <NA>FineReader7NewsReaderPro</NA> <ST>1</ST> <PU>ABBYY (BIT Software)</PU> <PA>%PROGRAMFILES%\abbyy finereader 7.0 professional edition\abbyynewsreader.exe</PA> <SL>1</SL> <SP>HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run</SP> <RP/> <WOW>1</WOW> <IE>0</IE> <IS>2</IS> <IN/> <MD5>87b07e85119d7679667026980364354d</MD5> </ID> -<ID> <NA>Google Update</NA> <ST>1</ST> <PU>Google Inc.</PU> <PA>%USERPROFILE%\appdata\local\google\update\googleupdate.exe</PA> <SL>1</SL> <SP>HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run</SP> <RP/> <WOW>0</WOW> <IE>0</IE> <IS>2</IS> <IN/> <MD5>f02a533f517eb38333cb12a9e8963773</MD5> </ID> -<ID> <NA>GoogleUpdateTaskMachineCore</NA> <ST>1</ST> <PU>Google Inc.</PU> <PA>%PROGRAMFILES%\google\update\googleupdate.exe</PA> <SL>2</SL> <SP/> <RP/> <WOW/> <IE>0</IE> <IS>2</IS> <IN/> <MD5>f02a533f517eb38333cb12a9e8963773</MD5> </ID> -<ID> <NA>ISDNWatch.lnk</NA> <ST>1</ST> <PU>AVM Berlin</PU> <PA>%PROGRAMFILES%\fritz!\iwatch.exe</PA> <SL>3</SL> <SP>C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup</SP> <RP/> <WOW/> <IE>0</IE> <IS>2</IS> <IN/> <MD5>415e58504ad193cf7847cde3faf0cdfa</MD5> </ID> -<ID> <NA>iTunesHelper</NA> <ST>1</ST> <PU>Apple Inc.</PU> <PA>%PROGRAMFILES%\itunes\ituneshelper.exe</PA> <SL>1</SL> <SP>HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run</SP> <RP/> <WOW>1</WOW> <IE>0</IE> <IS>2</IS> <IN/> <MD5>8e2a7f1f62467a7dcb8ab2c0642f47ca</MD5> </ID> -<ID> <NA>LXBTCATS</NA> <ST>1</ST> <PU/> <PA>rundll32 %WINDIR%\system32\spool\drivers\w32x86\3\lxbttime.dll,_rundllentry@16</PA> <SL>1</SL> <SP>HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run</SP> <RP/> <WOW>1</WOW> <IE>1</IE> <IS>0</IS> <IN/> <MD5/> </ID> -<ID> <NA>lxbtmon.exe</NA> <ST>1</ST> <PU>Lexmark International, Inc.</PU> <PA>%PROGRAMFILES%\lexmark 5200 series\lxbtmon.exe</PA> <SL>1</SL> <SP>HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run</SP> <RP/> <WOW>1</WOW> <IE>0</IE> <IS>2</IS> <IN/> <MD5>dff894775fd74510ff572e44f023a191</MD5> </ID> -<ID> <NA>McAfee Security Scan Plus.lnk</NA> <ST>1</ST> <PU>McAfee, Inc.</PU> <PA>%PROGRAMFILES%\mcafee security scan\3.0.318\ssscheduler.exe</PA> <SL>3</SL> <SP>C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup</SP> <RP/> <WOW/> <IE>0</IE> <IS>2</IS> <IN/> <MD5>bd713579a87d698e1f2158ce10e48130</MD5> </ID> -<ID> <NA>MedionVFD</NA> <ST>1</ST> <PU>Dritek System Inc.</PU> <PA>%PROGRAMFILES%\medion info display\mdionlcmlh.exe</PA> <SL>1</SL> <SP>HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run</SP> <RP/> <WOW>1</WOW> <IE>0</IE> <IS>2</IS> <IN/> <MD5>cf05ae23b1fbaf3e01d9f42002f8fc9b</MD5> </ID> -<ID> <NA>MobileDocuments</NA> <ST>1</ST> <PU/> <PA>%PROGRAMFILES%\common files\apple\internet services\ubd.exe</PA> <SL>1</SL> <SP>HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run</SP> <RP/> <WOW>0</WOW> <IE>1</IE> <IS>0</IS> <IN/> <MD5/> </ID> -<ID> <NA>MSC</NA> <ST>1</ST> <PU>Microsoft Corporation</PU> <PA>%PROGRAMFILES%\microsoft security client\msseces.exe</PA> <SL>1</SL> <SP>HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run</SP> <RP/> <WOW>1</WOW> <IE>0</IE> <IS>2</IS> <IN/> <MD5>7e1b0c85b7347d9391fe60f6dadfddf0</MD5> </ID> -<ID> <NA>msnmsgr</NA> <ST>1</ST> <PU>Microsoft Corporation</PU> <PA>%PROGRAMFILES%\windows live\messenger\msnmsgr.exe</PA> <SL>1</SL> <SP>HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run</SP> <RP/> <WOW>0</WOW> <IE>0</IE> <IS>2</IS> <IN/> <MD5>24b1666fd14cc71c7b0679ac61625b90</MD5> </ID> -<ID> <NA>OpenOffice.org 3.1.lnk</NA> <ST>1</ST> <PU/> <PA>%PROGRAMFILES%\openoffice.org 3\program\quickstart.exe</PA> <SL>3</SL> <SP>C:\Users\Herrmann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup</SP> <RP/> <WOW/> <IE>0</IE> <IS>2</IS> <IN/> <MD5>c047c9c6cd8e134afdfdb374e80547e5</MD5> </ID> -<ID> <NA>PC Performer</NA> <ST>1</ST> <PU>PerformerSoft LLC</PU> <PA>%PROGRAMFILES%\pc performer\pcperformer.exe</PA> <SL>2</SL> <SP/> <RP/> <WOW/> <IE>0</IE> <IS>2</IS> <IN/> <MD5>ee3ec3bf27ec6c6fb45e4125255cabe5</MD5> </ID> -<ID> <NA>QuickTime Task</NA> <ST>1</ST> <PU>Apple Inc.</PU> <PA>%PROGRAMFILES%\quicktime\qttask.exe</PA> <SL>1</SL> <SP>HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run</SP> <RP/> <WOW>1</WOW> <IE>0</IE> <IS>2</IS> <IN/> <MD5>8dda2b606279753601f9415da503ca63</MD5> </ID> -<ID> <NA>RtHDVCpl</NA> <ST>1</ST> <PU/> <PA>rthdvcpl.exe</PA> <SL>1</SL> <SP>HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run</SP> <RP/> <WOW>1</WOW> <IE>1</IE> <IS>0</IS> <IN/> <MD5/> </ID> -<ID> <NA>Sidebar</NA> <ST>1</ST> <PU>Microsoft Corporation</PU> <PA>%PROGRAMFILES%\windows sidebar\sidebar.exe</PA> <SL>1</SL> <SP>HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run</SP> <RP/> <WOW>0</WOW> <IE>0</IE> <IS>2</IS> <IN/> <MD5>9e35ff7f943ae0fb89192bfe058b7fd4</MD5> </ID> -<ID> <NA>SunJavaUpdateSched</NA> <ST>1</ST> <PU>Sun Microsystems, Inc.</PU> <PA>%PROGRAMFILES%\common files\java\java update\jusched.exe</PA> <SL>1</SL> <SP>HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run</SP> <RP/> <WOW>1</WOW> <IE>0</IE> <IS>2</IS> <IN/> <MD5>12916e0642e92561c98b18a2a2d01b14</MD5> </ID> -<ID> <NA>Windows Defender</NA> <ST>1</ST> <PU>Microsoft Corporation</PU> <PA>%PROGRAMFILES%\windows defender\msascui.exe</PA> <SL>1</SL> <SP>HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run</SP> <RP/> <WOW>1</WOW> <IE>0</IE> <IS>2</IS> <IN/> <MD5>0d392ede3b97e0b3131b2f63ef1db94e</MD5> </ID> -<ID> <NA>Yontoo Desktop</NA> <ST>1</ST> <PU>Yontoo LLC</PU> <PA>%APPDATA%\yontoo\yontoodesktop.exe</PA> <SL>1</SL> <SP>HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run</SP> <RP/> <WOW>0</WOW> <IE>0</IE> <IS>2</IS> <IN/> <MD5>2a6c01bac0f8aa9143d61ae1e28e263a</MD5> </ID> </SMlog>

OTL Logfile:
Code:
OTL logfile created on: 19.05.2013 10:40:19 - Run 2
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\Herrmann\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,20 Gb Available Physical Memory | 39,98% Memory free
6,20 Gb Paging File | 4,14 Gb Available in Paging File | 66,80% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 574,59 Gb Total Space | 428,26 Gb Free Space | 74,53% Space Free | Partition Type: NTFS
Drive D: | 21,56 Gb Total Space | 8,66 Gb Free Space | 40,18% Space Free | Partition Type: FAT32
 
Computer Name: HERRMANN-PC | User Name: Herrmann | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Programme\AVG SafeGuard toolbar\vprot.exe (AVG Secure Search)
PRC - C:\Programme\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe (AVG Secure Search)
PRC - C:\Programme\Google\Update\1.3.21.145\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Users\Herrmann\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Programme\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Programme\WinZip\WZQKPICK32.EXE (WinZip Computing, S.L.)
PRC - c:\Programme\McAfee\SiteAdvisor\saUI.exe (McAfee, Inc.)
PRC - c:\Programme\McAfee\SiteAdvisor\McSACore.exe (McAfee, Inc.)
PRC - C:\Programme\Ask.com\Updater\Updater.exe (Ask)
PRC - C:\Programme\McAfee Security Scan\3.0.318\SSScheduler.exe (McAfee, Inc.)
PRC - c:\Programme\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
PRC - c:\Programme\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Programme\Microsoft Security Client\msseces.exe (Microsoft Corporation)
PRC - C:\Programme\program\soffice.exe (OpenOffice.org)
PRC - C:\Programme\program\soffice.bin (OpenOffice.org)
PRC - C:\Users\Herrmann\AppData\LocalLow\ColorZillaStats\IE\ColorZillaStatsUpdater.exe ()
PRC - C:\Programme\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.)
PRC - C:\Programme\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
PRC - C:\Programme\Uniblue\DriverScanner\dsmonitor.exe (Uniblue Systems Limited)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corp.)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
PRC - C:\Programme\FRITZ!\IWatch.exe (AVM Berlin)
PRC - C:\Programme\A Note\A Note.exe (A Note)
PRC - \\?\C:\Windows\System32\wbem\WMIADAP.EXE ()
PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Firebird\Firebird_2_1\bin\fbguard.exe (Firebird Project)
PRC - C:\Programme\Firebird\Firebird_2_1\bin\fbserver.exe (Firebird Project)
PRC - C:\Programme\Common Files\AVM\De_serv.exe (AVM Berlin)
PRC - C:\Programme\Lexmark 5200 Series\ezprint.exe (Lexmark International Inc.)
PRC - C:\Programme\Lexmark 5200 Series\lxbtmon.exe (Lexmark International, Inc.)
PRC - C:\Windows\System32\lxbtcoms.exe ( )
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Programme\Common Files\AVG Secure Search\SiteSafetyInstaller\15.2.0\SiteSafety.dll ()
MOD - C:\Users\Herrmann\AppData\Local\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll ()
MOD - C:\Users\Herrmann\AppData\Local\Google\Chrome\Application\26.0.1410.64\PepperFlash\pepflashplayer.dll ()
MOD - C:\Users\Herrmann\AppData\Local\Google\Chrome\Application\26.0.1410.64\pdf.dll ()
MOD - C:\Users\Herrmann\AppData\Local\Google\Chrome\Application\26.0.1410.64\libglesv2.dll ()
MOD - C:\Users\Herrmann\AppData\Local\Google\Chrome\Application\26.0.1410.64\libegl.dll ()
MOD - C:\Users\Herrmann\AppData\Local\Google\Chrome\Application\26.0.1410.64\ffmpegsumo.dll ()
MOD - C:\Programme\program\libxml2.dll ()
MOD - C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Programme\Lexmark 5200 Series\lxbtdrec.dll ()
MOD - C:\Programme\Lexmark 5200 Series\iptk.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (vToolbarUpdater15.2.0) -- C:\Programme\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe (AVG Secure Search)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (avast! Antivirus) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV - (McAfee SiteAdvisor Service) -- c:\Programme\McAfee\SiteAdvisor\McSACore.exe (McAfee, Inc.)
SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (McComponentHostService) -- C:\Programme\McAfee Security Scan\3.0.318\McCHSvc.exe (McAfee, Inc.)
SRV - (NisSrv) -- c:\Programme\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
SRV - (MsMpSvc) -- c:\Programme\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV - (ColorZillaStatsUpdater) -- C:\Users\Herrmann\AppData\LocalLow\ColorZillaStats\IE\ColorZillaStatsUpdater.exe ()
SRV - (fsssvc) -- C:\Programme\Windows Live\Family Safety\fsssvc.exe (Microsoft Corporation)
SRV - (BBSvc) -- C:\Programme\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.)
SRV - (BBUpdate) -- C:\Programme\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
SRV - (wlidsvc) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (wlcrasvc) -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV - (FirebirdGuardianDefaultInstance) -- C:\Programme\Firebird\Firebird_2_1\bin\fbguard.exe (Firebird Project)
SRV - (FirebirdServerDefaultInstance) -- C:\Programme\Firebird\Firebird_2_1\bin\fbserver.exe (Firebird Project)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (de_serv) -- C:\Programme\Common Files\AVM\De_serv.exe (AVM Berlin)
SRV - (lxbt_device) -- C:\Windows\System32\lxbtcoms.exe ( )
SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (cpuz134) -- C:\Users\Herrmann\AppData\Local\Temp\cpuz134\cpuz134_x32.sys File not found
DRV - (avgtp) -- C:\Windows\System32\drivers\avgtpx86.sys (AVG Technologies)
DRV - (MpKsl0ea6c5c3) -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{1660FCF8-FE84-43D9-A18F-60F40DE38745}\MpKsl0ea6c5c3.sys (Microsoft Corporation)
DRV - (aswSnx) -- C:\Windows\System32\drivers\aswSnx.sys (AVAST Software)
DRV - (aswSP) -- C:\Windows\System32\drivers\aswSP.sys (AVAST Software)
DRV - (aswVmm) -- C:\Windows\System32\drivers\aswVmm.sys ()
DRV - (aswTdi) -- C:\Windows\System32\drivers\aswTdi.sys (AVAST Software)
DRV - (aswRvrt) -- C:\Windows\System32\drivers\aswRvrt.sys ()
DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (AVAST Software)
DRV - (AswRdr) -- C:\Windows\System32\drivers\aswRdr.sys (AVAST Software)
DRV - (aswFsBlk) -- C:\Windows\System32\drivers\aswFsBlk.sys (AVAST Software)
DRV - (NisDrv) -- C:\Windows\System32\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV - (Netaapl) -- C:\Windows\System32\drivers\netaapl.sys (Apple Inc.)
DRV - (sptd) -- C:\Windows\System32\drivers\sptd.sys (Duplex Secure Ltd.)
DRV - (SSHDRV85) -- C:\Windows\System32\drivers\SSHDRV85.sys ()
DRV - (IntelDH) -- C:\Windows\System32\drivers\IntelDH.sys (Intel Corporation)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (RMCAST) -- C:\Windows\System32\drivers\rmcast.sys (Microsoft Corporation)
DRV - (nvsmu) -- C:\Windows\System32\drivers\nvsmu.sys (NVIDIA Corporation)
DRV - (nvstor32) -- C:\Windows\System32\drivers\nvstor32.sys (NVIDIA Corporation)
DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvmfdx32.sys (NVIDIA Corporation)
DRV - (NETFRITZ) -- C:\Windows\System32\drivers\Netfritz.sys (AVM Berlin)
DRV - (AVMCOWAN) -- C:\Windows\System32\drivers\avmcowan.sys (AVM GmbH)
DRV - (PLCNDIS5) -- C:\Windows\System32\plcndis5.sys (Intellon, Inc.)
DRV - (FPCIBASE) -- C:\Windows\System32\drivers\fpcibase.sys (AVM Berlin)
DRV - (AVMWAN) -- C:\Windows\System32\drivers\avmwan.sys (AVM GmbH)
DRV - (AVMPORT) -- C:\Windows\System32\drivers\avmport.sys (AVM Berlin)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = StartPins
IE - HKLM\..\URLSearchHook: {5786d022-540e-4699-b350-b4be0ae94b79} - C:\Programme\Ashampoo_DE\prxtbAsha.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {6BD63EF5-F376-4104-B390-F6E1E3BEDAAC}
IE - HKLM\..\SearchScopes\{6BD63EF5-F376-4104-B390-F6E1E3BEDAAC}: "URL" = hxxp://startsear.ch/?q={searchTerms}
IE - HKLM\..\SearchScopes\{7E16D914-CF36-4B14-A6F7-A7EB2F33452C}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2481020
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-1242251762-901191055-1999500024-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Babylon Search
IE - HKU\S-1-5-21-1242251762-901191055-1999500024-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN Deutschland: Aktuelle Nachrichten, Outlook.com Email und Skype Login.
IE - HKU\S-1-5-21-1242251762-901191055-1999500024-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-1242251762-901191055-1999500024-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 82 81 FD 56 8D 4F CC 01  [binary data]
IE - HKU\S-1-5-21-1242251762-901191055-1999500024-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-1242251762-901191055-1999500024-1000\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKU\S-1-5-21-1242251762-901191055-1999500024-1000\..\URLSearchHook: {5786d022-540e-4699-b350-b4be0ae94b79} - C:\Programme\Ashampoo_DE\prxtbAsha.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-1242251762-901191055-1999500024-1000\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKU\S-1-5-21-1242251762-901191055-1999500024-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://startsear.ch/?aff=1&q={searchTerms}
IE - HKU\S-1-5-21-1242251762-901191055-1999500024-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&affID=109958&tt=280612_5_&babsrc=SP_ss&mntrId=c802f32b000000000000406186023767
IE - HKU\S-1-5-21-1242251762-901191055-1999500024-1000\..\SearchScopes\{4AC17626-DCEC-4912-955D-380853AB4D1A}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=OSJ000YYDE&apn_uid=59C775CB-8A0D-47B2-9B27-15BE4238F73C&apn_sauid=BC20E462-4887-4129-8F9B-DB55FC31F7B2
IE - HKU\S-1-5-21-1242251762-901191055-1999500024-1000\..\SearchScopes\{6BD63EF5-F376-4104-B390-F6E1E3BEDAAC}: "URL" = hxxp://startsear.ch/?q={searchTerms}
IE - HKU\S-1-5-21-1242251762-901191055-1999500024-1000\..\SearchScopes\{7E16D914-CF36-4B14-A6F7-A7EB2F33452C}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1242251762-901191055-1999500024-1000\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = hxxp://mysearch.avg.com/search?cid={BAA0023A-1995-470B-9626-B5B1BBC7EE5A}&mid=ab83d13bf51d47d39ae5d14e3180e0c1-22282c4dc3b02cc32352678eedd9dd0af5242b0f&lang=en&ds=re011&pr=sa&d=2013-05-23 16:38:17&v=15.2.0.5&pid=safeguard&sg=2&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-1242251762-901191055-1999500024-1000\..\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}: "URL" = hxxp://www.daemon-search.com/search/web?q={searchTerms}
IE - HKU\S-1-5-21-1242251762-901191055-1999500024-1000\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2481020
IE - HKU\S-1-5-21-1242251762-901191055-1999500024-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1242251762-901191055-1999500024-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.defaultthis.engineName: "Ashampoo DE Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2481020&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "AVG Secure Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://mysearch.avg.com/?cid={BAA0023A-1995-470B-9626-B5B1BBC7EE5A}&mid=ab83d13bf51d47d39ae5d14e3180e0c1-22282c4dc3b02cc32352678eedd9dd0af5242b0f&lang=en&ds=re011&pr=sa&d=2013-05-23 16:38:17&v=15.2.0.5&pid=safeguard&sg=2&sap=hp"
FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledAddons: {dd05fd3d-18df-4ce4-ae53-e795339c5f01}:1.21
FF - prefs.js..extensions.enabledAddons: ffxtlbr@babylon.com:1.2.0
FF - prefs.js..extensions.enabledAddons: stats@colorzilla.com:2.7.12
FF - prefs.js..extensions.enabledAddons: {4ED1F68A-5463-4931-9384-8FFF5ED91D92}:3.5.0
FF - prefs.js..extensions.enabledItems: sparweltgutscheinewl@sparwelt.de:1.0
FF - prefs.js..extensions.enabledItems: {40c3cc16-7269-4b32-9531-17f2950fb06f}:3.3.2.1
FF - prefs.js..extensions.enabledItems: {000a9d1c-beef-4f90-9363-039d445309b8}:0.5.36.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.3.20100310105313
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.2.1
FF - prefs.js..keyword.URL: ""
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\15.2.0\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Herrmann\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Herrmann\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files\Google\Google Gears\Firefox\ [2010.06.24 15:35:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files\McAfee\SiteAdvisor [2013.05.23 15:18:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013.05.23 15:10:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.2.0.5 [2013.05.23 16:38:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.12.29 19:01:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.12.29 19:01:21 | 000,000,000 | ---D | M]
 
[2010.05.08 14:51:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Herrmann\AppData\Roaming\mozilla\Extensions
[2013.04.11 13:41:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Herrmann\AppData\Roaming\mozilla\Firefox\Profiles\ogtykz1t.default\extensions
[2013.05.23 14:15:00 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Herrmann\AppData\Roaming\mozilla\Firefox\Profiles\ogtykz1t.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012.09.19 13:08:11 | 000,000,000 | ---D | M] (Winload Community Toolbar) -- C:\Users\Herrmann\AppData\Roaming\mozilla\Firefox\Profiles\ogtykz1t.default\extensions\{40c3cc16-7269-4b32-9531-17f2950fb06f}(227)
[2012.09.19 13:08:12 | 000,000,000 | ---D | M] (Ashampoo DE Community Toolbar) -- C:\Users\Herrmann\AppData\Roaming\mozilla\Firefox\Profiles\ogtykz1t.default\extensions\{5786d022-540e-4699-b350-b4be0ae94b79}(228)
[2012.09.19 13:08:13 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Herrmann\AppData\Roaming\mozilla\Firefox\Profiles\ogtykz1t.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}(229)
[2013.05.23 14:14:59 | 000,000,000 | ---D | M] (Babylon) -- C:\Users\Herrmann\AppData\Roaming\mozilla\Firefox\Profiles\ogtykz1t.default\extensions\ffxtlbr@babylon.com
[2013.04.11 13:41:00 | 000,000,000 | ---D | M] (Yontoo) -- C:\Users\Herrmann\AppData\Roaming\mozilla\Firefox\Profiles\ogtykz1t.default\extensions\plugin@yontoo.com
[2010.05.12 14:35:43 | 000,000,000 | ---D | M] (WINLOAD-Gutschein-Alarm) -- C:\Users\Herrmann\AppData\Roaming\mozilla\Firefox\Profiles\ogtykz1t.default\extensions\sparweltgutscheinewl@sparwelt.de
[2013.04.11 13:40:18 | 000,000,000 | ---D | M] (SpecialSavings) -- C:\Users\Herrmann\AppData\Roaming\mozilla\Firefox\Profiles\ogtykz1t.default\extensions\SpecialSavings@SpecialSavings.com
[2013.05.23 14:14:59 | 000,000,000 | ---D | M] (ColorZillaStats) -- C:\Users\Herrmann\AppData\Roaming\mozilla\Firefox\Profiles\ogtykz1t.default\extensions\stats@colorzilla.com
[2013.05.23 14:14:59 | 000,000,000 | ---D | M] (Ask Toolbar) -- C:\Users\Herrmann\AppData\Roaming\mozilla\Firefox\Profiles\ogtykz1t.default\extensions\toolbar@ask.com
[2011.08.13 18:34:22 | 000,090,118 | ---- | M] () (No name found) -- C:\Users\Herrmann\AppData\Roaming\mozilla\firefox\profiles\ogtykz1t.default\extensions\{dd05fd3d-18df-4ce4-ae53-e795339c5f01}.xpi
[2012.12.10 20:29:40 | 000,002,333 | ---- | M] () -- C:\Users\Herrmann\AppData\Roaming\mozilla\firefox\profiles\ogtykz1t.default\searchplugins\askcom.xml
[2010.10.01 14:12:28 | 000,001,819 | ---- | M] () -- C:\Users\Herrmann\AppData\Roaming\mozilla\firefox\profiles\ogtykz1t.default\searchplugins\bing.xml
[2011.07.24 15:36:54 | 000,000,925 | ---- | M] () -- C:\Users\Herrmann\AppData\Roaming\mozilla\firefox\profiles\ogtykz1t.default\searchplugins\conduit.xml
[2010.05.29 14:45:38 | 000,002,059 | ---- | M] () -- C:\Users\Herrmann\AppData\Roaming\mozilla\firefox\profiles\ogtykz1t.default\searchplugins\daemon-search.xml
[2011.07.11 20:04:02 | 000,000,633 | ---- | M] () -- C:\Users\Herrmann\AppData\Roaming\mozilla\firefox\profiles\ogtykz1t.default\searchplugins\startsear.xml
[2011.08.13 18:34:29 | 000,001,565 | ---- | M] () -- C:\Users\Herrmann\AppData\Roaming\mozilla\firefox\profiles\ogtykz1t.default\searchplugins\web-search.xml
[2012.07.02 14:23:12 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2011.03.06 15:03:27 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010.08.24 07:59:57 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010.11.10 08:06:33 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011.02.12 19:47:11 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011.02.20 19:32:57 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011.07.03 16:59:24 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2013.05.23 15:18:34 | 000,000,000 | ---D | M] (McAfee SiteAdvisor) -- C:\PROGRAM FILES\MCAFEE\SITEADVISOR
[2010.05.11 14:21:25 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
[2010.08.24 07:59:57 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010.11.10 08:06:33 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011.02.12 19:47:11 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011.02.20 19:32:57 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011.07.03 16:59:24 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011.07.08 09:31:38 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.08.31 12:38:58 | 000,082,944 | ---- | M] (vShare.tv ) -- C:\Program Files\mozilla firefox\plugins\npvsharetvplg.dll
[2010.01.01 10:00:00 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.06.28 13:17:29 | 000,002,352 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2010.01.01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2010.01.01 10:00:00 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2010.01.01 10:00:00 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2013.05.23 07:14:41 | 000,002,024 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\McSiteAdvisor.xml
[2013.05.23 16:38:24 | 000,003,725 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\safeguard-secure-search.xml
[2010.01.01 10:00:00 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.01.01 10:00:00 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: AVG Secure Search (Enabled)
CHR - default_search_provider: search_url = hxxp://mysearch.avg.com/search?cid={BAA0023A-1995-470B-9626-B5B1BBC7EE5A}&mid=ab83d13bf51d47d39ae5d14e3180e0c1-22282c4dc3b02cc32352678eedd9dd0af5242b0f&lang=en&ds=re011&pr=sa&d=2013-05-23 16:38:17&v=15.2.0.5&pid=safeguard&sg=2&sap=dsp&q={searchTerms}
CHR - default_search_provider: suggest_url = hxxp://toolbar.avg.com/acp?q={searchTerms}&o=1
CHR - homepage: hxxp://mysearch.avg.com/?cid={BAA0023A-1995-470B-9626-B5B1BBC7EE5A}&mid=ab83d13bf51d47d39ae5d14e3180e0c1-22282c4dc3b02cc32352678eedd9dd0af5242b0f&lang=en&ds=re011&pr=sa&d=2013-05-23 16:38:17&v=15.2.0.5&pid=safeguard&sg=2&sap=hp
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Herrmann\AppData\Local\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Herrmann\AppData\Local\Google\Chrome\Application\26.0.1410.64\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Herrmann\AppData\Local\Google\Chrome\Application\26.0.1410.64\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Herrmann\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_262.dll
CHR - plugin: vShare.tv plug-in (Enabled) = C:\Users\Herrmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpionmjnkbpcdpcflammlgllecmejgjj\1.3_0\chvsharetvplg.dll
CHR - plugin: vShare.tv plug-in (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npvsharetvplg.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Microsoft Office 2003 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: NPCIG.dll (Enabled) = C:\Program Files\Canon\MyCamera Download Plugin\NPCIG.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 7 U5 (Enabled) = C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 7.0.50.255 (Enabled) = C:\Windows\system32\npDeployJava1.dll
CHR - plugin: Veetle TV Player (Enabled) = C:\Program Files\Veetle\Player\npvlc.dll
CHR - plugin: Veetle TV Core (Enabled) = C:\Program Files\Veetle\plugins\npVeetle.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: Ask Toolbar = C:\Users\Herrmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaojmikegpiepcfdkkjaplodkpfmlo\7.15.15.37265_0\
CHR - Extension: ColorZillaStats = C:\Users\Herrmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgfambohdeocadlemmdceabhlgccijal\2.7.12_0\
CHR - Extension: SiteAdvisor = C:\Users\Herrmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.61.113.2_1\
CHR - Extension: avast! Online Security = C:\Users\Herrmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\8.0.6_1\
CHR - Extension: vshare plugin = C:\Users\Herrmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpionmjnkbpcdpcflammlgllecmejgjj\1.3_0\
CHR - Extension: AVG SafeGuard toolbar = C:\Users\Herrmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\15.2.0.5_0\
 
O1 HOSTS File: ([2011.02.22 19:50:43 | 000,000,822 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: ::1            localhost
O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Programme\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Programme\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll (Babylon BHO)
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (Ashampoo DE Toolbar) - {5786d022-540e-4699-b350-b4be0ae94b79} - C:\Programme\Ashampoo_DE\prxtbAsha.dll (Conduit Ltd.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (IE5BarLauncherBHO Class) - {78F3A323-798E-4AEA-9A57-88F4B05FD5DD} - C:\Programme\vShare.tv plugin\BarLcher.dll (VShare Inc.)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (AVG SafeGuard toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Programme\AVG SafeGuard toolbar\15.2.0.5\AVG SafeGuard toolbar_toolbar.dll (AVG Secure Search)
O2 - BHO: (Windows Live Messenger Companion Helper) - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Programme\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Programme\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Programme\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Ashampoo DE Toolbar) - {5786d022-540e-4699-b350-b4be0ae94b79} - C:\Programme\Ashampoo_DE\prxtbAsha.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (VShareToolBar) - {7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} - C:\Programme\vShare.tv plugin\BarLcher.dll (VShare Inc.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (AVG SafeGuard toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Programme\AVG SafeGuard toolbar\15.2.0.5\AVG SafeGuard toolbar_toolbar.dll (AVG Secure Search)
O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Programme\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll (Babylon Ltd.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKU\S-1-5-21-1242251762-901191055-1999500024-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-1242251762-901191055-1999500024-1000\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O3 - HKU\S-1-5-21-1242251762-901191055-1999500024-1000\..\Toolbar\WebBrowser: (VShareToolBar) - {7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} - C:\Programme\vShare.tv plugin\BarLcher.dll (VShare Inc.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [EzPrint] C:\Program Files\Lexmark 5200 Series\ezprint.exe (Lexmark International Inc.)
O4 - HKLM..\Run: [FineReader7NewsReaderPro] C:\Program Files\ABBYY FineReader 7.0 Professional Edition\AbbyyNewsReader.exe (ABBYY (BIT Software))
O4 - HKLM..\Run: [lxbtmon.exe] C:\Program Files\Lexmark 5200 Series\lxbtmon.exe (Lexmark International, Inc.)
O4 - HKLM..\Run: [MedionVFD] C:\Program Files\Medion Info Display\MdionLCMLH.exe (Dritek System Inc.)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [vProt] C:\Program Files\AVG SafeGuard toolbar\vprot.exe (AVG Secure Search)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-1242251762-901191055-1999500024-1000..\Run: [DriverScanner] C:\Program Files\Uniblue\DriverScanner\launcher.exe (Uniblue Systems Limited)
O4 - Startup: C:\Users\Herrmann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\A Note.lnk = C:\Programme\A Note\A Note.exe (A Note)
O4 - Startup: C:\Users\Herrmann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk = C:\Programme\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Gears-Einstellungen - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Programme\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Programme\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 10.17.2)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{48CF551F-035E-4FE5-9A05-7EBBA2247674}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6F5CB7E3-B8CB-45C1-8FDC-6394AF533536}: DhcpNameServer = 193.254.160.1 10.74.83.22
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9792E88B-7975-493F-8C0D-6FC5CE5ED023}: NameServer = 192.168.120.252,192.168.120.253
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Programme\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll File not found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll File not found
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Programme\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Programme\Common Files\AVG Secure Search\ViProtocolInstaller\15.2.0\ViProtocol.dll (AVG Secure Search)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img23.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img23.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{86844e6a-54fe-11df-93a4-000777640932}\Shell - "" = AutoRun
O33 - MountPoints2\{86844e6a-54fe-11df-93a4-000777640932}\Shell\AutoRun\command - "" = I:\EasySuite.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.05.23 17:02:42 | 000,000,000 | ---D | C] -- C:\ReimageUndo
[2013.05.23 16:38:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Reimage Repair
[2013.05.23 16:38:15 | 000,037,664 | ---- | C] (AVG Technologies) -- C:\Windows\System32\drivers\avgtpx86.sys
[2013.05.23 16:38:11 | 000,000,000 | ---D | C] -- C:\Program Files\AVG SafeGuard toolbar
[2013.05.23 16:23:46 | 000,000,000 | ---D | C] -- C:\Users\Herrmann\Documents\kav_rescue_10 (3)
[2013.05.23 16:06:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip
[2013.05.23 16:06:17 | 000,000,000 | ---D | C] -- C:\Users\Herrmann\AppData\Local\WinZip
[2013.05.23 16:06:06 | 000,000,000 | ---D | C] -- C:\Users\Herrmann\Documents\Add-in Express
[2013.05.23 16:05:57 | 000,000,000 | ---D | C] -- C:\ProgramData\WinZip
[2013.05.23 16:05:51 | 000,000,000 | ---D | C] -- C:\Program Files\WinZip
[2013.05.23 15:22:04 | 000,000,000 | ---D | C] -- C:\ProgramData\RapidSolution
[2013.05.23 15:17:14 | 000,000,000 | ---D | C] -- C:\Users\Herrmann\AppData\Local\CrashRpt
[2013.05.23 15:16:48 | 000,000,000 | ---D | C] -- C:\Users\Herrmann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Audials USB 10
[2013.05.23 15:13:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
[2013.05.23 15:11:24 | 000,368,944 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2013.05.23 15:11:24 | 000,029,816 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2013.05.23 15:11:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2013.05.23 15:11:22 | 000,056,080 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2013.05.23 15:11:22 | 000,049,760 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2013.05.23 15:11:21 | 000,765,736 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2013.05.23 15:11:20 | 000,066,336 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2013.05.23 15:11:18 | 000,229,648 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2013.05.23 15:10:22 | 000,041,664 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2013.05.23 15:09:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2013.05.23 15:08:22 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2013.05.23 15:08:06 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2013.05.23 14:34:42 | 000,000,000 | ---D | C] -- C:\Users\Herrmann\AppData\Local\RapidSolution
[2013.05.23 14:19:08 | 000,000,000 | ---D | C] -- C:\Users\Herrmann\AppData\Local\{C7FCE852-47EB-4677-8FCF-F21810BFC899}
[2013.05.23 13:37:15 | 000,000,000 | ---D | C] -- C:\Users\Herrmann\AppData\Local\iLivid
[2013.05.22 19:40:00 | 000,000,000 | ---D | C] -- C:\rei
[2013.05.22 19:39:53 | 000,000,000 | ---D | C] -- C:\Users\Herrmann\AppData\Local\AVG SafeGuard toolbar
[2013.05.22 19:39:46 | 000,000,000 | ---D | C] -- C:\Program Files\Reimage
[2013.05.22 19:39:39 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG SafeGuard toolbar
[2013.05.22 19:39:28 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AVG Secure Search
[2013.05.22 19:39:01 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2013.05.22 19:28:46 | 000,000,000 | ---D | C] -- C:\Users\Herrmann\AppData\Local\{D7B4E242-0CD7-4852-8CEC-A2E7F4438170}
[2013.05.22 17:56:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2013.05.22 17:56:05 | 000,000,000 | ---D | C] -- C:\Program Files\Kaspersky Lab
[2013.05.22 16:54:02 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2013.05.22 16:53:03 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2013.05.22 16:52:44 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2013.05.22 16:52:38 | 000,000,000 | ---D | C] -- C:\Users\Herrmann\Documents\Simply Super Software
[2013.05.22 16:52:38 | 000,000,000 | ---D | C] -- C:\Users\Herrmann\AppData\Roaming\Simply Super Software
[2013.05.22 16:52:15 | 000,000,000 | ---D | C] -- C:\Program Files\Trojan Remover
[2013.05.22 16:52:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Simply Super Software
[2013.05.22 16:39:24 | 000,000,000 | ---D | C] -- C:\sh4ldr
[2013.05.22 16:39:24 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2013.05.21 13:26:38 | 000,000,000 | ---D | C] -- C:\Users\Herrmann\AppData\Roaming\fEJnNdCk
[2013.05.21 13:26:35 | 000,000,000 | ---D | C] -- C:\Users\Herrmann\AppData\Roaming\Dirty
[2013.05.21 13:03:54 | 000,000,000 | ---D | C] -- C:\Program Files\iPod(18)
[2013.05.21 13:03:50 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes(19)
[2013.05.18 17:58:23 | 000,000,000 | ---D | C] -- C:\Kaspersky Rescue Disk 10.0
[2013.05.18 15:03:02 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Herrmann\Desktop\OTL.exe
[2013.05.17 18:58:57 | 000,000,000 | ---D | C] -- C:\Users\Herrmann\AppData\Local\WinZip Courier
[2013.05.17 18:58:47 | 000,000,000 | ---D | C] -- C:\ProgramData\WinZipEC
[2013.05.17 18:58:42 | 000,000,000 | ---D | C] -- C:\Users\Herrmann\AppData\Local\assembly
[2013.05.17 17:56:48 | 000,000,000 | --SD | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice.org 3.4.1
[2013.05.17 17:55:50 | 000,000,000 | ---D | C] -- C:\Program Files\URE
[2013.05.17 17:55:49 | 000,000,000 | ---D | C] -- C:\Program Files\readmes
[2013.05.17 17:55:43 | 000,000,000 | ---D | C] -- C:\Program Files\share
[2013.05.17 17:55:43 | 000,000,000 | ---D | C] -- C:\Program Files\program
[2013.05.17 17:55:43 | 000,000,000 | ---D | C] -- C:\Program Files\Basis
[2013.05.17 17:55:42 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2013.05.17 17:47:49 | 000,000,000 | ---D | C] -- C:\Users\Herrmann\Desktop\OpenOffice.org 3.4.1 (de) Installation Files
[2013.05.17 17:34:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2013.05.17 17:34:06 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2013.05.17 17:27:45 | 000,000,000 | ---D | C] -- C:\Users\Herrmann\AppData\Local\{BC0BE74D-6E13-41B4-93B3-09EDDAB620A8}
[2013.05.01 11:34:32 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2013.04.30 06:54:18 | 000,000,000 | ---D | C] -- C:\Users\Herrmann\AppData\Local\{159FB971-D1EB-4D5F-99E4-7590BD75872E}
[2013.04.29 06:40:29 | 000,000,000 | ---D | C] -- C:\Users\Herrmann\AppData\Local\{4BD078AA-2B67-42AD-BEFA-336ADA2558D8}
[2013.04.28 12:33:07 | 000,000,000 | ---D | C] -- C:\Users\Herrmann\AppData\Local\{4E36C6E6-6DEB-4EAB-B5A7-E30BB2793710}
[2013.04.26 06:52:05 | 000,000,000 | ---D | C] -- C:\Users\Herrmann\AppData\Local\{92B70286-D377-4319-8080-6082EC963C70}
[2013.04.24 06:54:26 | 000,000,000 | ---D | C] -- C:\Users\Herrmann\AppData\Local\{68389AA5-25E8-490A-B53D-A642859704E4}
[2013.04.23 16:57:22 | 000,000,000 | ---D | C] -- C:\Users\Herrmann\Documents\Burg
[2013.04.23 06:52:32 | 000,000,000 | ---D | C] -- C:\Users\Herrmann\AppData\Local\{7418967C-3027-439A-9FC5-2D0138A33D94}
[2013.04.22 06:50:33 | 000,000,000 | ---D | C] -- C:\Users\Herrmann\AppData\Local\{759C8B66-FA95-4D07-B25D-BED42EAFBD06}
[2013.04.21 10:26:14 | 000,000,000 | ---D | C] -- C:\Users\Herrmann\AppData\Local\{870F868F-916C-4B53-9476-A0E086740D49}
[2013.04.20 10:20:01 | 000,000,000 | ---D | C] -- C:\Users\Herrmann\AppData\Local\{B75AF3D7-B20D-4180-BD9C-667B727FD253}
[1 C:\*.tmp files -> C:\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.05.23 17:02:44 | 000,009,216 | ---- | M] () -- C:\Windows\System32\Native.exe
[2013.05.23 16:38:49 | 000,001,893 | ---- | M] () -- C:\Users\Public\Desktop\PC Scan & Repair by Reimage.lnk
[2013.05.23 16:38:04 | 000,037,664 | ---- | M] (AVG Technologies) -- C:\Windows\System32\drivers\avgtpx86.sys
[2013.05.23 16:26:26 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.05.23 16:26:07 | 000,001,132 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1242251762-901191055-1999500024-1000UA.job
[2013.05.23 16:06:21 | 000,001,850 | ---- | M] () -- C:\Users\Public\Desktop\WinZip.lnk
[2013.05.23 16:06:21 | 000,001,804 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
[2013.05.23 15:42:19 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013.05.23 15:42:18 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013.05.23 15:16:52 | 000,001,272 | ---- | M] () -- C:\Users\Herrmann\Desktop\AudialsOne 10 USB starten.lnk
[2013.05.23 15:11:24 | 000,001,833 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2013.05.23 15:11:20 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2013.05.23 15:09:18 | 000,001,668 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013.05.23 14:26:17 | 000,001,080 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1242251762-901191055-1999500024-1000Core.job
[2013.05.19 10:41:22 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.05.19 10:41:07 | 000,643,150 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.05.19 10:41:07 | 000,600,120 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.05.19 10:41:07 | 000,130,836 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.05.19 10:41:07 | 000,108,002 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.05.19 10:36:08 | 000,002,637 | ---- | M] () -- C:\Users\Herrmann\Desktop\Microsoft Office Word 2003.lnk
[2013.05.19 10:35:25 | 000,089,141 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2013.05.19 10:35:25 | 000,089,141 | ---- | M] () -- C:\ProgramData\nvModes.001
[2013.05.19 10:34:52 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.05.19 10:34:50 | 000,000,334 | ---- | M] () -- C:\Windows\tasks\DriverScanner.job
[2013.05.19 10:34:47 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013.05.19 10:34:47 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013.05.19 10:34:41 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.05.19 10:34:37 | 3220,475,904 | -HS- | M] () -- C:\hiberfil.sys
[2013.05.18 15:03:10 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Herrmann\Desktop\OTL.exe
[2013.05.18 14:55:53 | 000,000,176 | ---- | M] () -- C:\Users\Herrmann\defogger_reenable
[2013.05.18 13:43:36 | 000,000,179 | ---- | M] () -- C:\Windows\Reimage.ini
[2013.05.18 07:15:19 | 000,278,512 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013.05.17 17:57:22 | 000,000,845 | ---- | M] () -- C:\Users\Herrmann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
[2013.05.17 17:56:48 | 000,000,863 | ---- | M] () -- C:\Users\Public\Desktop\OpenOffice.org 3.4.1.lnk
[2013.05.17 17:34:08 | 000,001,880 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2013.05.17 17:25:24 | 000,000,000 | ---- | M] () -- C:\Windows\System32\reimage.rep
[2013.05.15 06:52:46 | 000,008,592 | ---- | M] () -- C:\Users\Herrmann\AppData\Local\d3d9caps.dat
[2013.05.09 10:59:10 | 000,765,736 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2013.05.09 10:59:10 | 000,368,944 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2013.05.09 10:59:10 | 000,174,664 | ---- | M] () -- C:\Windows\System32\drivers\aswVmm.sys
[2013.05.09 10:59:10 | 000,056,080 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2013.05.09 10:59:10 | 000,049,376 | ---- | M] () -- C:\Windows\System32\drivers\aswRvrt.sys
[2013.05.09 10:59:09 | 000,066,336 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2013.05.09 10:59:09 | 000,049,760 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2013.05.09 10:59:08 | 000,029,816 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2013.05.09 10:58:37 | 000,041,664 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2013.05.09 10:58:28 | 000,229,648 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2013.05.02 17:28:50 | 000,238,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2013.04.20 11:04:38 | 000,002,735 | ---- | M] () -- C:\Users\Herrmann\Desktop\Microsoft Office Outlook 2003.lnk
[2013.04.20 10:37:38 | 000,002,061 | ---- | M] () -- C:\Users\Herrmann\Desktop\Google Chrome.lnk
[1 C:\*.tmp files -> C:\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.05.23 17:02:43 | 000,009,216 | ---- | C] () -- C:\Windows\System32\Native.exe
[2013.05.23 16:38:49 | 000,001,893 | ---- | C] () -- C:\Users\Public\Desktop\PC Scan & Repair by Reimage.lnk
[2013.05.23 16:35:31 | 000,000,179 | ---- | C] () -- C:\Windows\Reimage.ini
[2013.05.23 16:06:21 | 000,001,850 | ---- | C] () -- C:\Users\Public\Desktop\WinZip.lnk
[2013.05.23 16:06:19 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
[2013.05.23 15:16:52 | 000,001,272 | ---- | C] () -- C:\Users\Herrmann\Desktop\AudialsOne 10 USB starten.lnk
[2013.05.23 15:11:24 | 000,001,833 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2013.05.23 15:11:21 | 000,174,664 | ---- | C] () -- C:\Windows\System32\drivers\aswVmm.sys
[2013.05.23 15:11:21 | 000,049,376 | ---- | C] () -- C:\Windows\System32\drivers\aswRvrt.sys
[2013.05.23 15:09:18 | 000,001,668 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013.05.18 14:55:40 | 000,000,176 | ---- | C] () -- C:\Users\Herrmann\defogger_reenable
[2013.05.17 17:57:22 | 000,000,845 | ---- | C] () -- C:\Users\Herrmann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
[2013.05.17 17:56:48 | 000,000,863 | ---- | C] () -- C:\Users\Public\Desktop\OpenOffice.org 3.4.1.lnk
[2013.05.17 17:34:08 | 000,001,880 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2013.05.17 17:25:24 | 000,000,000 | ---- | C] () -- C:\Windows\System32\reimage.rep
[2012.08.13 11:08:08 | 000,014,217 | ---- | C] () -- C:\Program Files\readme.html
[2012.05.08 14:15:36 | 000,000,005 | ---- | C] () -- C:\Program Files\basis-link
[2011.01.15 14:53:55 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.05.10 17:34:22 | 000,008,704 | ---- | C] () -- C:\Users\Herrmann\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.05.09 19:29:35 | 000,089,141 | ---- | C] () -- C:\ProgramData\nvModes.001
[2010.05.08 14:15:32 | 000,089,141 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2010.04.30 13:58:21 | 000,008,592 | ---- | C] () -- C:\Users\Herrmann\AppData\Local\d3d9caps.dat
 
========== ZeroAccess Check ==========
 
[2006.11.02 14:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 19:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 08:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 08:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2013.05.19 10:35:12 | 000,000,000 | ---D | M] -- C:\Users\Herrmann\AppData\Roaming\A Note
[2012.06.28 13:16:52 | 000,000,000 | ---D | M] -- C:\Users\Herrmann\AppData\Roaming\Babylon
[2012.05.02 14:37:40 | 000,000,000 | ---D | M] -- C:\Users\Herrmann\AppData\Roaming\canon
[2010.05.25 15:35:47 | 000,000,000 | ---D | M] -- C:\Users\Herrmann\AppData\Roaming\ConfigWizard
[2012.10.01 16:26:50 | 000,000,000 | ---D | M] -- C:\Users\Herrmann\AppData\Roaming\DAEMON Tools Lite
[2010.05.29 14:41:51 | 000,000,000 | ---D | M] -- C:\Users\Herrmann\AppData\Roaming\DAEMON Tools Pro
[2013.05.21 13:26:35 | 000,000,000 | ---D | M] -- C:\Users\Herrmann\AppData\Roaming\Dirty
[2010.05.01 11:59:47 | 000,000,000 | ---D | M] -- C:\Users\Herrmann\AppData\Roaming\EasySuite
[2013.05.21 13:26:38 | 000,000,000 | ---D | M] -- C:\Users\Herrmann\AppData\Roaming\fEJnNdCk
[2012.09.25 07:17:06 | 000,000,000 | ---D | M] -- C:\Users\Herrmann\AppData\Roaming\FRITZ!
[2011.08.14 19:40:26 | 000,000,000 | ---D | M] -- C:\Users\Herrmann\AppData\Roaming\OpenCandy
[2010.05.01 11:16:40 | 000,000,000 | ---D | M] -- C:\Users\Herrmann\AppData\Roaming\OpenOffice.org
[2013.04.11 13:42:14 | 000,000,000 | ---D | M] -- C:\Users\Herrmann\AppData\Roaming\PerformerSoft
[2010.05.25 15:33:36 | 000,000,000 | ---D | M] -- C:\Users\Herrmann\AppData\Roaming\PimeroUpdater
[2012.10.25 15:59:50 | 000,000,000 | ---D | M] -- C:\Users\Herrmann\AppData\Roaming\RBotPlus
[2011.08.23 14:50:40 | 000,000,000 | ---D | M] -- C:\Users\Herrmann\AppData\Roaming\redsn0w
[2013.05.22 16:52:38 | 000,000,000 | ---D | M] -- C:\Users\Herrmann\AppData\Roaming\Simply Super Software
[2010.05.12 14:39:42 | 000,000,000 | ---D | M] -- C:\Users\Herrmann\AppData\Roaming\soft-evolution
[2010.05.12 14:35:46 | 000,000,000 | ---D | M] -- C:\Users\Herrmann\AppData\Roaming\SparweltGutschein
[2013.04.11 13:40:18 | 000,000,000 | ---D | M] -- C:\Users\Herrmann\AppData\Roaming\SpecialSavings
[2013.05.23 14:15:00 | 000,000,000 | ---D | M] -- C:\Users\Herrmann\AppData\Roaming\Spotify
[2011.08.03 15:28:35 | 000,000,000 | ---D | M] -- C:\Users\Herrmann\AppData\Roaming\TuneUp Software
[2011.08.14 19:41:07 | 000,000,000 | ---D | M] -- C:\Users\Herrmann\AppData\Roaming\Uniblue
[2012.08.30 17:43:46 | 000,000,000 | ---D | M] -- C:\Users\Herrmann\AppData\Roaming\Windows Live Writer
[2013.04.17 13:49:25 | 000,000,000 | ---D | M] -- C:\Users\Herrmann\AppData\Roaming\Yontoo
 
========== Purity Check ==========
 
 

< End of report >
--- --- ---

markusg 25.05.2013 16:59
das sind die Funde unter der von mir genannten kategorie?

J3142 25.05.2013 16:59
<?xml version="1.0" encoding="UTF-8"?>
-<SerializableDictionaryOfStringListOfcFoundItems> -<Item> -<Key> <string>trojan-downloader.istbar</string> </Key> -<Value> -<ArrayOfFI> -<FI> <C>28</C> <TL>1</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_current_user</V1> <V2>software\classes\eurogrand</V2> <V3/> <WSS>None</WSS> <PID>true</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>211338</ID> </FI> -<FI> <C>28</C> <TL>1</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_current_user</V1> <V2>software\classes\eurogrand</V2> <V3>url protocol</V3> <WSS>None</WSS> <PID>false</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>0</ID> </FI> -<FI> <C>28</C> <TL>1</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_current_user</V1> <V2>software\eurogrand casino</V2> <V3/> <WSS>None</WSS> <PID>true</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>211338</ID> </FI> -<FI> <C>28</C> <TL>1</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_current_user</V1> <V2>software\eurogrand casino</V2> <V3>livedefault</V3> <WSS>None</WSS> <PID>false</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>0</ID> </FI> -<FI> <C>28</C> <TL>1</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_current_user</V1> <V2>software\eurogrand casino</V2> <V3>livedefaultid</V3> <WSS>None</WSS> <PID>false</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>0</ID> </FI> -<FI> <C>28</C> <TL>1</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_current_user</V1> <V2>software\eurogrand casino</V2> <V3>dlgl</V3> <WSS>None</WSS> <PID>false</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>0</ID> </FI> -<FI> <C>28</C> <TL>1</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_current_user</V1> <V2>software\eurogrand casino</V2> <V3>firstconnecthurl</V3> <WSS>None</WSS> <PID>false</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>0</ID> </FI> -<FI> <C>28</C> <TL>1</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_current_user</V1> <V2>software\eurogrand casino</V2> <V3>funaccount</V3> <WSS>None</WSS> <PID>false</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>0</ID> </FI> -<FI> <C>28</C> <TL>1</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_current_user</V1> <V2>software\eurogrand casino</V2> <V3>funnickname</V3> <WSS>None</WSS> <PID>false</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>0</ID> </FI> -<FI> <C>28</C> <TL>1</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_current_user</V1> <V2>software\eurogrand casino</V2> <V3>funusername</V3> <WSS>None</WSS> <PID>false</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>0</ID> </FI> -<FI> <C>28</C> <TL>1</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_current_user</V1> <V2>software\eurogrand casino</V2> <V3>nickname</V3> <WSS>None</WSS> <PID>false</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>0</ID> </FI> -<FI> <C>28</C> <TL>1</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_current_user</V1> <V2>software\eurogrand casino</V2> <V3>options-fullscreen</V3> <WSS>None</WSS> <PID>false</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>0</ID> </FI> -<FI> <C>28</C> <TL>1</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_current_user</V1> <V2>software\eurogrand casino</V2> <V3>options-volume</V3> <WSS>None</WSS> <PID>false</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>0</ID> </FI> -<FI> <C>28</C> <TL>1</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_current_user</V1> <V2>software\eurogrand casino</V2> <V3>options_autologinfun</V3> <WSS>None</WSS> <PID>false</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>0</ID> </FI> -<FI> <C>28</C> <TL>1</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_current_user</V1> <V2>software\eurogrand casino</V2> <V3>options_autologinreal</V3> <WSS>None</WSS> <PID>false</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>0</ID> </FI> -<FI> <C>28</C> <TL>1</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_current_user</V1> <V2>software\eurogrand casino</V2> <V3>options_bj_warning</V3> <WSS>None</WSS> <PID>false</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>0</ID> </FI> -<FI> <C>28</C> <TL>1</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_current_user</V1> <V2>software\eurogrand casino</V2> <V3>options_cardback</V3> <WSS>None</WSS> <PID>false</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>0</ID> </FI> -<FI> <C>28</C> <TL>1</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_current_user</V1> <V2>software\eurogrand casino</V2> <V3>options_dealervoices</V3> <WSS>None</WSS> <PID>false</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>0</ID> </FI> -<FI> <C>28</C> <TL>1</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_current_user</V1> <V2>software\eurogrand casino</V2> <V3>options_dealervoiceset</V3> <WSS>None</WSS> <PID>false</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>0</ID> </FI> -<FI> <C>28</C> <TL>1</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_current_user</V1> <V2>software\eurogrand casino</V2> <V3>options_fastplay</V3> <WSS>None</WSS> <PID>false</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>0</ID> </FI> -<FI> <C>28</C> <TL>1</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_current_user</V1> <V2>software\eurogrand casino</V2> <V3>options_fullscreen</V3> <WSS>None</WSS> <PID>false</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>0</ID> </FI> -<FI> <C>28</C> <TL>1</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_current_user</V1> <V2>software\eurogrand casino</V2> <V3>options_multiwindow</V3> <WSS>None</WSS> <PID>false</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>0</ID> </FI> -<FI> <C>28</C> <TL>1</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_current_user</V1> <V2>software\eurogrand casino</V2> <V3>options_music</V3> <WSS>None</WSS> <PID>false</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>0</ID> </FI> -<FI> <C>28</C> <TL>1</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_current_user</V1> <V2>software\eurogrand casino</V2> <V3>options_sounds</V3> <WSS>None</WSS> <PID>false</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>0</ID> </FI> -<FI> <C>28</C> <TL>1</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_current_user</V1> <V2>software\eurogrand casino</V2> <V3>options_speed</V3> <WSS>None</WSS> <PID>false</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>0</ID> </FI> -<FI> <C>28</C> <TL>1</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_current_user</V1> <V2>software\eurogrand casino</V2> <V3>options_volume</V3> <WSS>None</WSS> <PID>false</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>0</ID> </FI> -<FI> <C>28</C> <TL>1</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_current_user</V1> <V2>software\eurogrand casino</V2> <V3>options_vpdouble</V3> <WSS>None</WSS> <PID>false</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>0</ID> </FI> -<FI> <C>28</C> <TL>1</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_current_user</V1> <V2>software\eurogrand casino</V2> <V3>options_xl</V3> <WSS>None</WSS> <PID>false</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>0</ID> </FI> -<FI> <C>28</C> <TL>1</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_current_user</V1> <V2>software\eurogrand casino</V2> <V3>options_xlslots</V3> <WSS>None</WSS> <PID>false</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>0</ID> </FI> -<FI> <C>28</C> <TL>1</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_current_user</V1> <V2>software\eurogrand casino</V2> <V3>uninstall_lang</V3> <WSS>None</WSS> <PID>false</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>0</ID> </FI> -<FI> <C>28</C> <TL>1</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_current_user</V1> <V2>software\eurogrand casino</V2> <V3>username</V3> <WSS>None</WSS> <PID>false</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>0</ID> </FI> -<FI> <C>28</C> <TL>1</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_current_user</V1> <V2>software\eurogrand casino\lobby_favouritegames</V2> <V3/> <WSS>None</WSS> <PID>false</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>0</ID> </FI> -<FI> <C>28</C> <TL>1</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_current_user</V1> <V2>software\eurogrand casino\lobby_favouritegames</V2> <V3>roulette_premium</V3> <WSS>None</WSS> <PID>false</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>0</ID> </FI> -<FI> <C>28</C> <TL>1</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_current_user</V1> <V2>software\eurogrand casino\ro_g</V2> <V3/> <WSS>None</WSS> <PID>false</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>0</ID> </FI> -<FI> <C>28</C> <TL>1</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_current_user</V1> <V2>software\eurogrand casino\ro_g</V2> <V3>donotshow</V3> <WSS>None</WSS> <PID>false</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>0</ID> </FI> -<FI> <C>28</C> <TL>1</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_current_user</V1> <V2>software\eurogrand casino\ro_g</V2> <V3>history</V3> <WSS>None</WSS> <PID>false</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>0</ID> </FI> </ArrayOfFI> </Value> </Item> -<Item> -<Key> <string>trojan-spy.vb</string> </Key> -<Value> -<ArrayOfFI> -<FI> <C>79</C> <TL>2</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_current_user</V1> <V2>software\ptech</V2> <V3/> <WSS>None</WSS> <PID>true</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>211568</ID> </FI> -<FI> <C>79</C> <TL>2</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_current_user</V1> <V2>software\ptech</V2> <V3>ptserialnum</V3> <WSS>None</WSS> <PID>false</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>0</ID> </FI> </ArrayOfFI> </Value> </Item> -<Item> -<Key> <string>trojan.agent</string> </Key> -<Value> -<ArrayOfFI> -<FI> <C>9</C> <TL>3</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>FileSignature</FT> <V1>c:\program files\yontoo\yontooieclient.dll</V1> <V2>0</V2> <V3>247065459825303623</V3> <V4>5677a8d244739d5ad46691c7ace29280</V4> <V5>9275257075565914642|CN=Yontoo LLC, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Yontoo LLC, L=Carlsbad, S=California, C=US</V5> <WSS>None</WSS> <PID>false</PID> <CMP>NotPacked</CMP> <DV>c:\program files\yontoo\yontooieclient.dll</DV> <FA>FileSystem</FA> <RBT>None</RBT> <ID>218671</ID> </FI> </ArrayOfFI> </Value> </Item> -<Item> -<Key> <string>adware.casino</string> </Key> -<Value> -<ArrayOfFI> -<FI> <C>1</C> <TL>3</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_current_user</V1> <V2>software\swiss casino</V2> <V3/> <WSS>None</WSS> <PID>true</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>211100</ID> </FI> -<FI> <C>1</C> <TL>3</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_current_user</V1> <V2>software\swiss casino</V2> <V3>livedefault</V3> <WSS>None</WSS> <PID>false</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>0</ID> </FI> -<FI> <C>1</C> <TL>3</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_current_user</V1> <V2>software\swiss casino</V2> <V3>livedefaultid</V3> <WSS>None</WSS> <PID>false</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>0</ID> </FI> -<FI> <C>1</C> <TL>3</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_current_user</V1> <V2>software\swiss casino</V2> <V3>fav_dealer_enable</V3> <WSS>None</WSS> <PID>false</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>0</ID> </FI> -<FI> <C>1</C> <TL>3</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_current_user</V1> <V2>software\swiss casino</V2> <V3>firstconnecthurl</V3> <WSS>None</WSS> <PID>false</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>0</ID> </FI> -<FI> <C>1</C> <TL>3</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_current_user</V1> <V2>software\swiss casino</V2> <V3>funaccount</V3> <WSS>None</WSS> <PID>false</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>0</ID> </FI> -<FI> <C>1</C> <TL>3</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_current_user</V1> <V2>software\swiss casino</V2> <V3>funnickname</V3> <WSS>None</WSS> <PID>false</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>0</ID> </FI> -<FI> <C>1</C> <TL>3</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_current_user</V1> <V2>software\swiss casino</V2> <V3>funusername</V3> <WSS>None</WSS> <PID>false</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>0</ID> </FI> -<FI> <C>1</C> <TL>3</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_current_user</V1> <V2>software\swiss casino</V2> <V3>last_lobby_tmpl</V3> <WSS>None</WSS> <PID>false</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>0</ID> </FI> -<FI> <C>1</C> <TL>3</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_current_user</V1> <V2>software\swiss casino</V2> <V3>lobby-rememberfunpassword</V3> <WSS>None</WSS> <PID>false</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>0</ID> </FI> -<FI> <C>1</C> <TL>3</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_current_user</V1> <V2>software\swiss casino</V2> <V3>lobby_favouritegames_</V3> <WSS>None</WSS> <PID>false</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>0</ID> </FI> -<FI> <C>1</C> <TL>3</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_current_user</V1> <V2>software\swiss casino</V2> <V3>lobby_template_swr52455772</V3> <WSS>None</WSS> <PID>false</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>0</ID> </FI> -<FI> <C>1</C> <TL>3</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_current_user</V1> <V2>software\swiss casino</V2> <V3>lobby_tmpl_</V3> <WSS>None</WSS> <PID>false</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>0</ID> </FI> -<FI> <C>1</C> <TL>3</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_current_user</V1> <V2>software\swiss casino</V2> <V3>lobby_tmpl_swr52455772</V3> <WSS>None</WSS> <PID>false</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>0</ID> </FI> -<FI> <C>1</C> <TL>3</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_current_user</V1> <V2>software\swiss casino</V2> <V3>nickname</V3> <WSS>None</WSS> <PID>false</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>0</ID> </FI> -<FI> <C>1</C> <TL>3</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_current_user</V1> <V2>software\swiss casino</V2> <V3>options-fullscreen</V3> <WSS>None</WSS> <PID>false</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>0</ID> </FI> -<FI> <C>1</C> <TL>3</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_current_user</V1> <V2>software\swiss casino</V2> <V3>options-volume</V3> <WSS>None</WSS> <PID>false</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>0</ID> </FI> -<FI> <C>1</C> <TL>3</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_current_user</V1> <V2>software\swiss casino</V2> <V3>options_autologinfun</V3> <WSS>None</WSS> <PID>false</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>0</ID> </FI> -<FI> <C>1</C> <TL>3</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_current_user</V1> <V2>software\swiss casino</V2> <V3>options_autologinreal</V3> <WSS>None</WSS> <PID>false</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>0</ID> </FI> -<FI> <C>1</C> <TL>3</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_current_user</V1> <V2>software\swiss casino</V2> <V3>options_bj_warning</V3> <WSS>None</WSS> <PID>false</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>0</ID> </FI> -<FI> <C>1</C> <TL>3</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_current_user</V1> <V2>software\swiss casino</V2> <V3>options_cardback</V3> <WSS>None</WSS> <PID>false</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>0</ID> </FI> -<FI> <C>1</C> <TL>3</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_current_user</V1> <V2>software\swiss casino</V2> <V3>options_dealervoices</V3> <WSS>None</WSS> <PID>false</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>0</ID> </FI> -<FI> <C>1</C> <TL>3</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_current_user</V1> <V2>software\swiss casino</V2> <V3>options_dealervoiceset</V3> <WSS>None</WSS> <PID>false</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>0</ID> </FI> -<FI> <C>1</C> <TL>3</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_current_user</V1> <V2>software\swiss casino</V2> <V3>options_fastplay</V3> <WSS>None</WSS> <PID>false</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>0</ID> </FI> -<FI> <C>1</C> <TL>3</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_current_user</V1> <V2>software\swiss casino</V2> <V3>options_fullscreen</V3> <WSS>None</WSS> <PID>false</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>0</ID> </FI> -<FI> <C>1</C> <TL>3</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_current_user</V1> <V2>software\swiss casino</V2> <V3>options_hideadvisor</V3> <WSS>None</WSS> <PID>false</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>0</ID> </FI> -<FI> <C>1</C> <TL>3</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_current_user</V1> <V2>software\swiss casino</V2> <V3>options_music</V3> <WSS>None</WSS> <PID>false</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>0</ID> </FI> -<FI> <C>1</C> <TL>3</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_current_user</V1> <V2>software\swiss casino</V2> <V3>options_music_track</V3> <WSS>None</WSS> <PID>false</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>0</ID> </FI> -<FI> <C>1</C> <TL>3</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_current_user</V1> <V2>software\swiss casino</V2> <V3>options_sounds</V3> <WSS>None</WSS> <PID>false</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>0</ID> </FI> -<FI> <C>1</C> <TL>3</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_current_user</V1> <V2>software\swiss casino</V2> <V3>options_speed</V3> <WSS>None</WSS> <PID>false</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>0</ID> </FI> -<FI> <C>1</C> <TL>3</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_current_user</V1> <V2>software\swiss casino</V2> <V3>options_volume</V3> <WSS>None</WSS> <PID>false</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>0</ID> </FI> -<FI> <C>1</C> <TL>3</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_current_user</V1> <V2>software\swiss casino</V2> <V3>options_vpdouble</V3> <WSS>None</WSS> <PID>false</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>0</ID> </FI> -<FI> <C>1</C> <TL>3</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_current_user</V1> <V2>software\swiss casino</V2> <V3>options_xl</V3> <WSS>None</WSS> <PID>false</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>0</ID> </FI> -<FI> <C>1</C> <TL>3</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_current_user</V1> <V2>software\swiss casino</V2> <V3>options_xlslots</V3> <WSS>None</WSS> <PID>false</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>0</ID> </FI> -<FI> <C>1</C> <TL>3</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_current_user</V1> <V2>software\swiss casino</V2> <V3>uninstall_lang</V3> <WSS>None</WSS> <PID>false</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>0</ID> </FI> -<FI> <C>1</C> <TL>3</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_current_user</V1> <V2>software\swiss casino</V2> <V3>username</V3> <WSS>None</WSS> <PID>false</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>0</ID> </FI> -<FI> <C>1</C> <TL>3</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_current_user</V1> <V2>software\swiss casino</V2> <V3>usernmae</V3> <WSS>None</WSS> <PID>false</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>0</ID> </FI> -<FI> <C>1</C> <TL>3</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_current_user</V1> <V2>software\swiss casino\frr_g</V2> <V3/> <WSS>None</WSS> <PID>false</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>0</ID> </FI> -<FI> <C>1</C> <TL>3</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_current_user</V1> <V2>software\swiss casino\frr_g</V2> <V3>donotshow</V3> <WSS>None</WSS> <PID>false</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>0</ID> </FI> -<FI> <C>1</C> <TL>3</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_current_user</V1> <V2>software\swiss casino\frr_g</V2> <V3>history</V3> <WSS>None</WSS> <PID>false</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>0</ID> </FI> -<FI> <C>1</C> <TL>3</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_current_user</V1> <V2>software\swiss casino\frr_g</V2> <V3>roulette_window_nowarning</V3> <WSS>None</WSS> <PID>false</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>0</ID> </FI> -<FI> <C>1</C> <TL>3</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_current_user</V1> <V2>software\swiss casino\lobby_favouritegames_swf52433852</V2> <V3/> <WSS>None</WSS> <PID>false</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>0</ID> </FI> -<FI> <C>1</C> <TL>3</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_current_user</V1> <V2>software\swiss casino\lobby_favouritegames_swf52433852</V2> <V3>roulette_french2_premium</V3> <WSS>None</WSS> <PID>false</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>0</ID> </FI> -<FI> <C>1</C> <TL>3</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_current_user</V1> <V2>software\swiss casino\lobby_favouritegames_swr52455772</V2> <V3/> <WSS>None</WSS> <PID>false</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>0</ID> </FI> -<FI> <C>1</C> <TL>3</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_current_user</V1> <V2>software\swiss casino\lobby_favouritegames_swr52455772</V2> <V3>roulette_french2_premium</V3> <WSS>None</WSS> <PID>false</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>0</ID> </FI> -<FI> <C>1</C> <TL>3</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_current_user</V1> <V2>software\swiss casino\lobby_window_pos</V2> <V3/> <WSS>None</WSS> <PID>false</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>0</ID> </FI> -<FI> <C>1</C> <TL>3</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_current_user</V1> <V2>software\swiss casino\lobby_window_pos</V2> <V3>0</V3> <WSS>None</WSS> <PID>false</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>0</ID> </FI> -<FI> <C>1</C> <TL>3</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_current_user</V1> <V2>software\swiss casino\lobby_window_pos</V2> <V3>1</V3> <WSS>None</WSS> <PID>false</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>0</ID> </FI> -<FI> <C>1</C> <TL>3</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_current_user</V1> <V2>software\swiss casino\lobby_window_size</V2> <V3/> <WSS>None</WSS> <PID>false</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>0</ID> </FI> -<FI> <C>1</C> <TL>3</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_current_user</V1> <V2>software\swiss casino\lobby_window_size</V2> <V3>0</V3> <WSS>None</WSS> <PID>false</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>0</ID> </FI> -<FI> <C>1</C> <TL>3</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_current_user</V1> <V2>software\swiss casino\lobby_window_size</V2> <V3>1</V3> <WSS>None</WSS> <PID>false</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>0</ID> </FI> -<FI> <C>1</C> <TL>3</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_current_user</V1> <V2>software\swiss casino\ro</V2> <V3/> <WSS>None</WSS> <PID>false</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>0</ID> </FI> -<FI> <C>1</C> <TL>3</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_current_user</V1> <V2>software\swiss casino\ro</V2> <V3>tablelimitsshown</V3> <WSS>None</WSS> <PID>false</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>0</ID> </FI> </ArrayOfFI> </Value> </Item> -<Item> -<Key> <string>adware.activshopper</string> </Key> -<Value> -<ArrayOfFI> -<FI> <C>1</C> <TL>3</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_classes_root</V1> <V2>mynewsbarlauncher.ie5barlauncher.1\clsid</V2> <V3/> <WSS>None</WSS> <PID>true</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>211248</ID> </FI> -<FI> <C>1</C> <TL>3</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_classes_root</V1> <V2>mynewsbarlauncher.ie5barlauncher.1</V2> <V3/> <WSS>None</WSS> <PID>true</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>211248</ID> </FI> -<FI> <C>1</C> <TL>3</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_classes_root</V1> <V2>mynewsbarlauncher.ie5barlauncher\clsid</V2> <V3/> <WSS>None</WSS> <PID>true</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>211248</ID> </FI> -<FI> <C>1</C> <TL>3</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_classes_root</V1> <V2>mynewsbarlauncher.ie5barlauncher\curver</V2> <V3/> <WSS>None</WSS> <PID>true</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>211248</ID> </FI> -<FI> <C>1</C> <TL>3</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_classes_root</V1> <V2>mynewsbarlauncher.ie5barlauncher</V2> <V3/> <WSS>None</WSS> <PID>true</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>211248</ID> </FI> -<FI> <C>1</C> <TL>3</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_classes_root</V1> <V2>mynewsbarlauncher.ie5barlauncherbho.1\clsid</V2> <V3/> <WSS>None</WSS> <PID>true</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>211248</ID> </FI> -<FI> <C>1</C> <TL>3</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_classes_root</V1> <V2>mynewsbarlauncher.ie5barlauncherbho.1</V2> <V3/> <WSS>None</WSS> <PID>true</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>211248</ID> </FI> -<FI> <C>1</C> <TL>3</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_classes_root</V1> <V2>mynewsbarlauncher.ie5barlauncherbho\clsid</V2> <V3/> <WSS>None</WSS> <PID>true</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>211248</ID> </FI> -<FI> <C>1</C> <TL>3</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_classes_root</V1> <V2>mynewsbarlauncher.ie5barlauncherbho\curver</V2> <V3/> <WSS>None</WSS> <PID>true</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>211248</ID> </FI> -<FI> <C>1</C> <TL>3</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_classes_root</V1> <V2>mynewsbarlauncher.ie5barlauncherbho</V2> <V3/> <WSS>None</WSS> <PID>true</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>211248</ID> </FI> -<FI> <C>1</C> <TL>3</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_local_machine</V1> <V2>software\classes\interface\{3d782bb2-f2a5-11d3-bf4c-000000000000}\proxystubclsid</V2> <V3/> <WSS>None</WSS> <PID>true</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>211248</ID> </FI> -<FI> <C>1</C> <TL>3</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_local_machine</V1> <V2>software\classes\interface\{3d782bb2-f2a5-11d3-bf4c-000000000000}\proxystubclsid32</V2> <V3/> <WSS>None</WSS> <PID>true</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>211248</ID> </FI> -<FI> <C>1</C> <TL>3</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_local_machine</V1> <V2>software\classes\interface\{3d782bb2-f2a5-11d3-bf4c-000000000000}\typelib</V2> <V3/> <WSS>None</WSS> <PID>true</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>211248</ID> </FI> -<FI> <C>1</C> <TL>3</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_local_machine</V1> <V2>software\classes\interface\{3d782bb2-f2a5-11d3-bf4c-000000000000}\typelib</V2> <V3>version</V3> <WSS>None</WSS> <PID>false</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>0</ID> </FI> -<FI> <C>1</C> <TL>3</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_local_machine</V1> <V2>software\classes\interface\{3d782bb2-f2a5-11d3-bf4c-000000000000}</V2> <V3/> <WSS>None</WSS> <PID>true</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>211248</ID> </FI> -<FI> <C>1</C> <TL>3</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_local_machine</V1> <V2>software\classes\interface\{db1f5554-582c-4f53-82cc-458d2c04a2f1}\proxystubclsid</V2> <V3/> <WSS>None</WSS> <PID>true</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>211248</ID> </FI> -<FI> <C>1</C> <TL>3</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_local_machine</V1> <V2>software\classes\interface\{db1f5554-582c-4f53-82cc-458d2c04a2f1}\proxystubclsid32</V2> <V3/> <WSS>None</WSS> <PID>true</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>211248</ID> </FI> -<FI> <C>1</C> <TL>3</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_local_machine</V1> <V2>software\classes\interface\{db1f5554-582c-4f53-82cc-458d2c04a2f1}\typelib</V2> <V3/> <WSS>None</WSS> <PID>true</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>211248</ID> </FI> -<FI> <C>1</C> <TL>3</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_local_machine</V1> <V2>software\classes\interface\{db1f5554-582c-4f53-82cc-458d2c04a2f1}\typelib</V2> <V3>version</V3> <WSS>None</WSS> <PID>false</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>0</ID> </FI> -<FI> <C>1</C> <TL>3</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_local_machine</V1> <V2>software\classes\interface\{db1f5554-582c-4f53-82cc-458d2c04a2f1}</V2> <V3/> <WSS>None</WSS> <PID>true</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>211248</ID> </FI> -<FI> <C>1</C> <TL>3</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_local_machine</V1> <V2>software\classes\mynewsbarlauncher.ie5barlauncher.1\clsid</V2> <V3/> <WSS>None</WSS> <PID>true</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>211248</ID> </FI> -<FI> <C>1</C> <TL>3</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_local_machine</V1> <V2>software\classes\mynewsbarlauncher.ie5barlauncher.1</V2> <V3/> <WSS>None</WSS> <PID>true</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>211248</ID> </FI> -<FI> <C>1</C> <TL>3</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_local_machine</V1> <V2>software\classes\mynewsbarlauncher.ie5barlauncher\clsid</V2> <V3/> <WSS>None</WSS> <PID>true</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>211248</ID> </FI> -<FI> <C>1</C> <TL>3</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_local_machine</V1> <V2>software\classes\mynewsbarlauncher.ie5barlauncher\curver</V2> <V3/> <WSS>None</WSS> <PID>true</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>211248</ID> </FI> -<FI> <C>1</C> <TL>3</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_local_machine</V1> <V2>software\classes\mynewsbarlauncher.ie5barlauncher</V2> <V3/> <WSS>None</WSS> <PID>true</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>211248</ID> </FI> -<FI> <C>1</C> <TL>3</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_local_machine</V1> <V2>software\classes\mynewsbarlauncher.ie5barlauncherbho.1\clsid</V2> <V3/> <WSS>None</WSS> <PID>true</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>211248</ID> </FI> -<FI> <C>1</C> <TL>3</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_local_machine</V1> <V2>software\classes\mynewsbarlauncher.ie5barlauncherbho.1</V2> <V3/> <WSS>None</WSS> <PID>true</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>211248</ID> </FI> -<FI> <C>1</C> <TL>3</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_local_machine</V1> <V2>software\classes\mynewsbarlauncher.ie5barlauncherbho\clsid</V2> <V3/> <WSS>None</WSS> <PID>true</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>211248</ID> </FI> -<FI> <C>1</C> <TL>3</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_local_machine</V1> <V2>software\classes\mynewsbarlauncher.ie5barlauncherbho\curver</V2> <V3/> <WSS>None</WSS> <PID>true</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>211248</ID> </FI> -<FI> <C>1</C> <TL>3</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_local_machine</V1> <V2>software\classes\mynewsbarlauncher.ie5barlauncherbho</V2> <V3/> <WSS>None</WSS> <PID>true</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>211248</ID> </FI> </ArrayOfFI> </Value> </Item> -<Item> -<Key> <string>worm-email.generic</string> </Key> -<Value> -<ArrayOfFI> -<FI> <C>83</C> <TL>3</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_local_machine</V1> <V2>software\classes\.cff</V2> <V3/> <WSS>None</WSS> <PID>true</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>211519</ID> </FI> </ArrayOfFI> </Value> </Item> -<Item> -<Key> <string>adware.activeshopper</string> </Key> -<Value> -<ArrayOfFI> -<FI> <C>1</C> <TL>3</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_classes_root</V1> <V2>interface\{3d782bb2-f2a5-11d3-bf4c-000000000000}\proxystubclsid</V2> <V3/> <WSS>None</WSS> <PID>true</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>212763</ID> </FI> -<FI> <C>1</C> <TL>3</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_classes_root</V1> <V2>interface\{3d782bb2-f2a5-11d3-bf4c-000000000000}\proxystubclsid32</V2> <V3/> <WSS>None</WSS> <PID>true</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>212763</ID> </FI> -<FI> <C>1</C> <TL>3</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_classes_root</V1> <V2>interface\{3d782bb2-f2a5-11d3-bf4c-000000000000}\typelib</V2> <V3/> <WSS>None</WSS> <PID>true</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>212763</ID> </FI> -<FI> <C>1</C> <TL>3</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_classes_root</V1> <V2>interface\{3d782bb2-f2a5-11d3-bf4c-000000000000}\typelib</V2> <V3>version</V3> <WSS>None</WSS> <PID>false</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>0</ID> </FI> -<FI> <C>1</C> <TL>3</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_classes_root</V1> <V2>interface\{3d782bb2-f2a5-11d3-bf4c-000000000000}</V2> <V3/> <WSS>None</WSS> <PID>true</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>212763</ID> </FI> -<FI> <C>1</C> <TL>3</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_classes_root</V1> <V2>interface\{db1f5554-582c-4f53-82cc-458d2c04a2f1}\proxystubclsid</V2> <V3/> <WSS>None</WSS> <PID>true</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>212763</ID> </FI> -<FI> <C>1</C> <TL>3</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_classes_root</V1> <V2>interface\{db1f5554-582c-4f53-82cc-458d2c04a2f1}\proxystubclsid32</V2> <V3/> <WSS>None</WSS> <PID>true</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>212763</ID> </FI> -<FI> <C>1</C> <TL>3</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_classes_root</V1> <V2>interface\{db1f5554-582c-4f53-82cc-458d2c04a2f1}\typelib</V2> <V3/> <WSS>None</WSS> <PID>true</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>212763</ID> </FI> -<FI> <C>1</C> <TL>3</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_classes_root</V1> <V2>interface\{db1f5554-582c-4f53-82cc-458d2c04a2f1}\typelib</V2> <V3>version</V3> <WSS>None</WSS> <PID>false</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>0</ID> </FI> -<FI> <C>1</C> <TL>3</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Registry</FT> <V1>hkey_classes_root</V1> <V2>interface\{db1f5554-582c-4f53-82cc-458d2c04a2f1}</V2> <V3/> <WSS>None</WSS> <PID>true</PID> <CMP>NotPacked</CMP> <DV/> <FA>Registry</FA> <RBT>None</RBT> <ID>212763</ID> </FI> </ArrayOfFI> </Value> </Item> -<Item> -<Key> <string>pup.casino</string> </Key> -<Value> -<ArrayOfFI> -<FI> <C>37</C> <TL>5</TL> <AP>NoActionTaken</AP> <ActionToPerform>None</ActionToPerform> <FT>Md5</FT> <V1>c:\users\herrmann\downloads\setupcasino_bb9eda_de.exe</V1> <V2>16579620143503616204</V2> <V3>0</V3> <V4>cb4f23596c6a4ac64fcade981368e2a8</V4> <V5>5879253557381762925|CN=PLAYTECH LIMITED, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=PLAYTECH LIMITED, L=Douglas, S=Isle of Man, C=IM</V5> <WSS>None</WSS> <PID>false</PID> <CMP>Packed</CMP> <DV>c:\users\herrmann\downloads\setupcasino_bb9eda_de.exe</DV> <FA>FileSystem</FA> <RBT>None</RBT> <ID>211144</ID> </FI> </ArrayOfFI> </Value> </Item> </SerializableDictionaryOfStringListOfcFoundItems>

OTL EXTRAS Logfile:
Code:
OTL Extras logfile created on: 19.05.2013 10:40:19 - Run 2
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\Herrmann\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,20 Gb Available Physical Memory | 39,98% Memory free
6,20 Gb Paging File | 4,14 Gb Available in Paging File | 66,80% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 574,59 Gb Total Space | 428,26 Gb Free Space | 74,53% Space Free | Partition Type: NTFS
Drive D: | 21,56 Gb Total Space | 8,66 Gb Free Space | 40,18% Space Free | Partition Type: FAT32
 
Computer Name: HERRMANN-PC | User Name: Herrmann | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0E09A461-4D57-4672-9B33-E7CD963C6643}" = lport=445 | protocol=6 | dir=in | app=system |
"{1A56E25B-4B35-4701-B266-6BDC43FE4B0F}" = lport=137 | protocol=17 | dir=in | app=system |
"{2DF5E22D-51CE-4F79-88F4-8DEF2CFB0929}" = rport=139 | protocol=6 | dir=out | app=system |
"{434BF205-04BF-42E4-A136-168D8F11EEA5}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{51AF57DB-4B3E-442D-9139-268E92D20FCE}" = rport=138 | protocol=17 | dir=out | app=system |
"{63BE26E3-8ADC-49D8-81DF-5EB12C69A68B}" = lport=138 | protocol=17 | dir=in | app=system |
"{89385C52-1886-43C7-AC1A-8107DF9A6F4E}" = lport=139 | protocol=6 | dir=in | app=system |
"{8E09E3BA-2B5C-456D-8874-971B884CA2CC}" = rport=445 | protocol=6 | dir=out | app=system |
"{923F6E67-67F8-4603-B1AE-CD4062BD3754}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{A5B9E3A6-D4F3-411C-8E95-4099A15C2133}" = rport=137 | protocol=17 | dir=out | app=system |
"{B54CABD8-396A-4981-9A42-C51F5E87F2C0}" = lport=2869 | protocol=6 | dir=in | app=system |
"{C127D8E3-BD06-4794-B6D4-65781CB74908}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{D4416980-19EB-46DA-AC5A-E66BD8A97E16}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{EAE54FB4-A2ED-4C67-A59F-1DA0109726E4}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{09C2F591-5B82-4710-AEA8-2D21551887BD}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{0DEF8221-2FC6-4D46-A7CE-E673D6963576}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{14410B30-F5DC-4078-BF35-6D39C39D5F0D}" = protocol=6 | dir=in | app=c:\windows\system32\lxbtcoms.exe |
"{1F0418E8-E611-4057-8627-DA1E4719153F}" = protocol=17 | dir=in | app=c:\windows\system32\lxbtcoms.exe |
"{3628D694-1E50-4A1C-89D0-1D56CC91175E}" = dir=in | app=c:\program files\windows live\mesh\moe.exe |
"{39C52A3E-6E46-4324-BA87-99819D2BF537}" = protocol=6 | dir=in | app=c:\program files\veetle\player\veetlenet.exe |
"{40F723AD-0FCF-411B-825C-13DE41A8A890}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{574F3527-BA5D-4380-B3DE-CEF46AA1DF8C}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{6DBFEDC8-2B9A-4EC4-BDFE-DE39439C5B88}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{94DC05F2-8793-4EF7-8DB1-21FFBD18CF72}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{94EF0544-E81F-4C6A-B064-5702C9BD673C}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{A5CD8B8C-2BD7-43DF-AF18-2EF5FEC9E9D7}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxbtpswx.exe |
"{B5C43986-7F98-40EF-AE79-F9015B7CB3AC}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{E7C6CB16-A820-4492-AB55-7179F6F9183C}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{E9657451-497D-4FC1-A8FA-7C035141BD25}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F3B94FF1-D3E0-4447-BE6F-8D1630E8FEA9}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxbtpswx.exe |
"{F5A040C8-2117-484B-9F64-4E450589B6A2}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{FB61ADCA-F34F-4B1C-8048-86511B78BB67}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"TCP Query User{A5E0C55F-2326-4E98-BEEE-D1C3971349EE}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{34DBA748-1E5C-4A86-9BE7-BBED5FF7CBF7}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02602409-9189-4567-BC07-562605243B69}" = Windows Live Remote Client Resources
"{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{11E568E0-3244-4BCB-875E-F334269DFDCB}" = iTunes
"{1280E900-35DA-4E08-A700-B79A5B2B8532}" = Microsoft Antimalware Service DE-DE Language Pack
"{13A5E785-5197-4EAD-8EE3-D660271E49BC}" = Feedback Tool
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1C3DA126-D523-4089-BCCA-FA46FE34D6F8}" = Google Drive
"{1D012BD0-F0EA-46B6-833F-8CEB073F4224}_is1" = A Note 4.2.2
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}" = OpenOffice.org 3.4.1
"{26A24AE4-039D-4CA4-87B4-2F83216018F0}" = Java(TM) 6 Update 18
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17
"{2D6E3D97-1FDF-4993-AC75-72F59EC445C5}" = Windows Live Family Safety
"{2FA41EBB-3F5A-35C3-85D6-51EC72A11FBD}" = Google Gears
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{343AB4F2-F1EF-4FF9-B0E6-CAAB680286A6}" = G Data LNK-Checker
"{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}" = McAfee SiteAdvisor
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3A65A74A-5B6E-451A-92D8-50F1182BBE9A}" = Windows Live Remote Service Resources
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B24499F-73D9-410A-A1B9-DFCD1CE62471}" = Audials USB
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
"{50779A29-834E-4E36-BBEB-B7CABC67A825}" = Microsoft Security Client DE-DE Language Pack
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}" = Apple Application Support
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{5DDB3393-E08B-447E-925F-6C00B95D0FE7}" = iCloud
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90024193-9F13-4877-89D5-A1CDF0CBBF28}" = Feedback Tool
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{926BD0E8-24A3-41D2-AF9B-340F1A37ED12}" = MobileMe Control Panel
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-007A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{98EABC7F-B1A1-43A5-B505-5B4EC3908DCD}" = Microsoft Security Client
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A8D93648-9F7F-407D-915C-62044644C3DA}" = MSI to redistribute MS VS2005 CRT libraries
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF70000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 7.0 Professional Edition
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3 - Deutsch
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B4089055-D468-45A4-A6BA-5A138DD715FC}" = Bing Bar
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C2F8CA82-2BD9-4513-B2D1-08A47914C1DA}_is1" = Uniblue DriverScanner
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240DA}" = WinZip 17.5
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CF9041ED-60C9-36ED-9DB9-F55AAD993865}" = Visual C++ 9.0 ATL (x86) WinSXS MSM
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E14ADE0E-75F3-4A46-87E5-26692DD626EC}" = Apple Mobile Device Support
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E7382773-CBE8-33A9-862E-C2337CD0F359}" = Visual C++ 9.0 ATL (x86) WinSXS MSM
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F5A4F780-DF0C-444F-BA82-637CCF5C8052}" = Windows Live Family Safety
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Ashampoo WinOptimizer 8_is1" = Ashampoo WinOptimizer 8 v.8.10
"Ashampoo_DE Toolbar" = Ashampoo DE Toolbar
"avast" = avast! Free Antivirus
"AVG SafeGuard toolbar" = AVG SafeGuard toolbar
"AVM ISDN CAPI Port" = AVM ISDN CAPI Port
"BabylonToolbar" = Babylon toolbar on IE
"CameraWindowDC8" = Canon Utilities CameraWindow DC 8
"CameraWindowLauncher" = Canon Utilities CameraWindow Launcher
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon MOV Decoder" = Canon MOV Decoder
"Canon MOV Encoder" = Canon MOV Encoder
"CasinoSystemsStatic001" = CasinoSystemsStatic001
"CCleaner" = CCleaner
"conduitEngine" = Conduit Engine
"dlanconf" = devolo dLAN-Konfigurationsassistent
"dslmon" = devolo Informer
"easyclean" = devolo EasyClean
"easyshare" = devolo EasyShare
"FBDBServer_2_1_is1" = Firebird 2.1.1.17910 (Win32)
"FRITZ! 2.0" = AVM FRITZ!
"Lexmark 5200 Series" = Lexmark 5200 Series
"McAfee Security Scan" = McAfee Security Scan Plus
"MedionVFD" = Medion Info Display (MCE)
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft Security Client" = Microsoft Security Essentials
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"MovieUploaderForYouTube" = Canon Utilities Movie Uploader for YouTube
"Mozilla Firefox 5.0.1 (x86 de)" = Mozilla Firefox 5.0.1 (x86 de)
"MyCamera" = Canon Utilities MyCamera
"MyCamera Download Plugin" = CANON iMAGE GATEWAY MyCamera Download Plugin
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"PhotoStitch" = Canon Utilities PhotoStitch
"Pimero 2009 R5 Free Edition_is1" = Pimero 2009 R5 Free Edition
"PokerStars" = PokerStars
"Reimage Repair" = Reimage Repair
"Veetle TV" = Veetle TV
"vShare.tv plugin" = vShare.tv plugin 1.3
"WinLiveSuite" = Windows Live Essentials
"Wisterer HX_is1" = Wisterer HX 4.2.32
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-1242251762-901191055-1999500024-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Ask Toolbar Updater
"Google Chrome" = Google Chrome
"Spotify" = Spotify
"William Hill Casino" = William Hill Casino
"William Hill Poker" = William Hill Poker
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 17.05.2013 11:27:08 | Computer Name = Herrmann-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 17.05.2013 11:30:03 | Computer Name = Herrmann-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung AudialsUSBPnPStarter.exe, Version 5.0.0.0, Zeitstempel
 0x519b9073, fehlerhaftes Modul KERNEL32.dll, Version 6.0.6002.18704, Zeitstempel
 0x5065ccb6, Ausnahmecode 0xe0434f4d, Fehleroffset 0x0003fc16,  Prozess-ID 0x780,
Anwendungsstartzeit 01ce531365a82d6f.
 
Error - 17.05.2013 11:48:57 | Computer Name = Herrmann-PC | Source = MsiInstaller | ID = 1013
Description =
 
Error - 18.05.2013 01:16:39 | Computer Name = Herrmann-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 18.05.2013 07:33:40 | Computer Name = Herrmann-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 18.05.2013 08:24:57 | Computer Name = Herrmann-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 18.05.2013 08:31:24 | Computer Name = Herrmann-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 18.05.2013 08:58:37 | Computer Name = Herrmann-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 18.05.2013 09:41:08 | Computer Name = Herrmann-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung gmer_2.1.19163.exe, Version 2.1.19163.0, Zeitstempel
 0x515d31f0, fehlerhaftes Modul gmer_2.1.19163.exe, Version 2.1.19163.0, Zeitstempel
 0x515d31f0, Ausnahmecode 0xc0000005, Fehleroffset 0x00012288,  Prozess-ID 0x16cc,
 Anwendungsstartzeit 01ce53ccb1cde365.
 
Error - 19.05.2013 04:36:24 | Computer Name = Herrmann-PC | Source = WinMgmt | ID = 10
Description =
 
[ System Events ]
Error - 18.05.2013 08:24:05 | Computer Name = Herrmann-PC | Source = W32Time | ID = 39452706
Description = Der Zeitdienst hat festgestellt, dass die Systemzeit um +518398 Sekunden
 geändert werden muss. Die Systemzeit kann durch den Zeitdienst um maximal +54000
 Sekunden geändert werden. Stellen Sie sicher, dass die Uhrzeit und Zeitzone korrekt
 sind und dass die Zeitquelle time.windows.com,0x9 (ntp.m|0x9|0.0.0.0:123->64.4.10.33:123)
 funktionsfähig ist.
 
Error - 18.05.2013 08:24:58 | Computer Name = Herrmann-PC | Source = Service Control Manager | ID = 7000
Description =
 
Error - 18.05.2013 08:31:20 | Computer Name = Herrmann-PC | Source = W32Time | ID = 39452706
Description = Der Zeitdienst hat festgestellt, dass die Systemzeit um +518398 Sekunden
 geändert werden muss. Die Systemzeit kann durch den Zeitdienst um maximal +54000
 Sekunden geändert werden. Stellen Sie sicher, dass die Uhrzeit und Zeitzone korrekt
 sind und dass die Zeitquelle time.windows.com,0x9 (ntp.m|0x9|0.0.0.0:123->65.55.56.206:123)
 funktionsfähig ist.
 
Error - 18.05.2013 08:31:25 | Computer Name = Herrmann-PC | Source = Service Control Manager | ID = 7000
Description =
 
Error - 18.05.2013 08:38:12 | Computer Name = Herrmann-PC | Source = nvstor32 | ID = 262149
Description = Ein Paritätsfehler wurde auf \Device\RaidPort0 gefunden.
 
Error - 18.05.2013 08:57:45 | Computer Name = Herrmann-PC | Source = W32Time | ID = 39452706
Description = Der Zeitdienst hat festgestellt, dass die Systemzeit um +518398 Sekunden
 geändert werden muss. Die Systemzeit kann durch den Zeitdienst um maximal +54000
 Sekunden geändert werden. Stellen Sie sicher, dass die Uhrzeit und Zeitzone korrekt
 sind und dass die Zeitquelle time.windows.com,0x9 (ntp.m|0x9|0.0.0.0:123->64.4.10.33:123)
 funktionsfähig ist.
 
Error - 18.05.2013 08:58:37 | Computer Name = Herrmann-PC | Source = Service Control Manager | ID = 7000
Description =
 
Error - 18.05.2013 09:05:15 | Computer Name = Herrmann-PC | Source = nvstor32 | ID = 262149
Description = Ein Paritätsfehler wurde auf \Device\RaidPort0 gefunden.
 
Error - 19.05.2013 04:35:41 | Computer Name = Herrmann-PC | Source = W32Time | ID = 39452706
Description = Der Zeitdienst hat festgestellt, dass die Systemzeit um +518398 Sekunden
 geändert werden muss. Die Systemzeit kann durch den Zeitdienst um maximal +54000
 Sekunden geändert werden. Stellen Sie sicher, dass die Uhrzeit und Zeitzone korrekt
 sind und dass die Zeitquelle time.windows.com,0x9 (ntp.m|0x9|0.0.0.0:123->64.4.10.33:123)
 funktionsfähig ist.
 
Error - 19.05.2013 04:36:24 | Computer Name = Herrmann-PC | Source = Service Control Manager | ID = 7000
Description =
 
[ TuneUp Events ]
Error - 05.08.2011 11:49:46 | Computer Name = Herrmann-PC | Source = TuneUp.UtilitiesSvc | ID = 300
Description =
 
Error - 05.08.2011 11:49:46 | Computer Name = Herrmann-PC | Source = TuneUp.UtilitiesSvc | ID = 300
Description =
 
Error - 05.08.2011 11:49:46 | Computer Name = Herrmann-PC | Source = TuneUp.UtilitiesSvc | ID = 300
Description =
 
 
< End of report >
--- --- ---

eine geht nicht da geht es ums Registrieren.


Alle Zeitangaben in WEZ +1. Es ist jetzt 09:02 Uhr.
Seite 3 von 5 12 3 45
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2026, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19