Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: google links werden umgeleitet

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 10.02.2012, 23:00   #1
RatzoR
 
google links werden umgeleitet - Standard

google links werden umgeleitet



Also ich hab folgendes Problem:

wenn ich bei Google was suche und dann auf den Link klicke dann werde ich auf dubiose Seiten umgeleitet (hab die meistens gleich wieder geschlossen aber sieht nach Gewinnspielen oder so was aus)

seit gerade eben steht des öfteren auch "404. That’s an error. "

Ich weiß nicht obs wichtig is aber ich hatte vor n paar Tagen schon einen Virus der hat immer ganz viele Internetexplorer geöffnen, allerdings konnte ich die nur im Taskmanager sehen


Schon mal vielen Dank im vorraus

Alt 10.02.2012, 23:47   #2
Chris4You
 
google links werden umgeleitet - Standard

google links werden umgeleitet



Hi,

auf die Schnelle:
Da ist er : dRun: [ffdwnd] C:\Windows\system32\config\systemprofile\AppData\Local\Mozilla\Firefox\firefox.exe

Malwarebytes Antimalware (MAM)
Anleitung&Download hier: http://www.trojaner-board.de/51187-m...i-malware.html
Falls der Download nicht klappt, bitte hierüber eine generische Version runterladen:
http://filepony.de/download-chameleon/
Danach bitte update der Signaturdateien (Reiter "Aktualisierungen" -> Suche nach Aktualisierungen")
Fullscan und alles bereinigen lassen! Log posten.

TDSS-Killer
Download und Anweisung unter: Wie werden Schadprogramme der Familie Rootkit.Win32.TDSS bekämpft?
Entpacke alle Dateien in einem eigenen Verzeichnis (z. B: C:\TDSS)!
Aufruf über den Explorer duch Doppelklick auf die TDSSKiller.exe.
Nach dem Start erscheint ein Fenster, dort dann "Start Scan".
Wenn der Scan fertig ist bitte "Report" anwählen. Es öffnet sich ein Fenster, den Text abkopieren und hier posten...

OTL
Lade Dir OTL von Oldtimer herunter (http://filepony.de/download-otl/) und speichere es auf Deinem Desktop
  • Vista/Win7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt (OTL.TXT und EXTRAS.TXT)
  • Poste die Logfiles hier in den Thread

chris
__________________

__________________

Alt 11.02.2012, 11:21   #3
RatzoR
 
google links werden umgeleitet - Standard

google links werden umgeleitet



Bei dem TDSS-Killer kommt bei mit ne meldung von antivit und deswegen kann ich den nicht benutzen

MAM:

Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Datenbank Version: v2012.02.11.02

Windows 7 x64 NTFS
Internet Explorer 8.0.7600.16385
Georg :: GEORG-PC [Administrator]

Schutz: Aktiviert

11.02.2012 07:40:02
mbam-log-2012-02-11 (07-40-02).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 195216
Laufzeit: 10 Minute(n), 9 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

_________________________________________________________________OTL:OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 11.02.2012 10:48:07 - Run 1
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\Georg\Desktop
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 1,17 Gb Available Physical Memory | 29,27% Memory free
7,99 Gb Paging File | 4,72 Gb Available in Paging File | 59,03% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 286,27 Gb Total Space | 80,75 Gb Free Space | 28,21% Space Free | Partition Type: NTFS
 
Computer Name: GEORG-PC | User Name: Georg | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Georg\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe (Google Inc.)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Easy Downloads\easydownloads.exe (hxxp://izloader.com/)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files (x86)\MOUSE Editor\MouseEditor.exe ()
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.)
PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe (DT Soft Ltd)
PRC - C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe ()
PRC - C:\Program Files (x86)\Video Web Camera\traybar.exe (Chicony)
PRC - C:\Windows\PLFSetI.exe ()
PRC - C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
PRC - C:\Program Files (x86)\Packard Bell\Registration\GregHSRW.exe (Acer Incorporated)
PRC - c:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
PRC - C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe (NewTech Infosystems, Inc.)
PRC - C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe (NewTech Infosystems, Inc.)
PRC - c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
PRC - C:\Windows\SysWOW64\sdiagnhost.exe (Microsoft Corporation)
PRC - C:\Windows\SysWOW64\msdt.exe (Microsoft Corporation)
PRC - C:\Programme\Packard Bell\Packard Bell Updater\UpdaterService.exe (Acer)
PRC - C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe (CyberLink Corp.)
PRC - c:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Razer\Diamondback 3G\razerhid.exe ()
PRC - C:\Program Files (x86)\Razer\Diamondback 3G\razerofa.exe (Razer Inc.)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Users\Georg\AppData\Roaming\Mozilla\Firefox\Profiles\ureqjrfs.default\extensions\{40c3cc16-7269-4b32-9531-17f2950fb06f}\components\RadioWMPCoreGecko6.dll ()
MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Program Files (x86)\MOUSE Editor\MouseEditor.exe ()
MOD - C:\Program Files (x86)\MOUSE Editor\Data\MouseEditor\Forms\TrayIconWebAdvertisement\TrayIconWebAdvertisement.dll ()
MOD - C:\Program Files (x86)\MOUSE Editor\Data\MouseEditor\Forms\OSD_Text\OSD_Text.dll ()
MOD - C:\Program Files (x86)\MOUSE Editor\Data\MouseEditor\Forms\ScreenCapture\ScreenCapture.dll ()
MOD - C:\Program Files (x86)\MOUSE Editor\DLL\DLL_AnalyzeGesturesInOne.dll ()
MOD - C:\Program Files (x86)\MOUSE Editor\DLL\DLL_MouseDeviceManager.dll ()
MOD - C:\Program Files (x86)\MOUSE Editor\DLL\DLL_AnalyzeGesturesInRight.dll ()
MOD - C:\Program Files (x86)\MOUSE Editor\DLL\DLL_ZoomControl.dll ()
MOD - C:\Program Files (x86)\MOUSE Editor\DLL\DLL_ScrollbarControl.dll ()
MOD - C:\Program Files (x86)\MOUSE Editor\DLL\DLL_Wheel4D.dll ()
MOD - C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll ()
MOD - C:\Windows\PLFSetI.exe ()
MOD - C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\sqlite3.dll ()
MOD - C:\Program Files (x86)\Razer\Diamondback 3G\razerhid.exe ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (ICQ Service) -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe ()
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (ePowerSvc) -- C:\Programme\Packard Bell\Packard Bell Power Management\ePowerSvc.exe (Acer Incorporated)
SRV - (OberonGameConsoleService) -- C:\Program Files (x86)\Packard Bell GameZone\GameConsole\OberonGameConsoleService.exe ()
SRV - (Greg_Service) -- C:\Program Files (x86)\Packard Bell\Registration\GregHSRW.exe (Acer Incorporated)
SRV - (Nero BackItUp Scheduler 4.0) -- c:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
SRV - (NTI IScheduleSvc) -- C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe (NewTech Infosystems, Inc.)
SRV - (PSI_SVC_2) -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
SRV - (Updater Service) -- C:\Programme\Packard Bell\Packard Bell Updater\UpdaterService.exe (Acer)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (AdobeActiveFileMonitor7.0) -- c:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (Netaapl) -- C:\Windows\SysNative\drivers\netaapl64.sys (Apple Inc.)
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (VClone) -- C:\Windows\SysNative\drivers\VClone.sys (Elaborate Bytes AG)
DRV:64bit: - (ElbyCDIO) -- C:\Windows\SysNative\drivers\ElbyCDIO.sys (Elaborate Bytes AG)
DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys (Duplex Secure Ltd.)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (Revoflt) -- C:\Windows\SysNative\drivers\revoflt.sys (VS Revo Group)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (CnxtHdAudService) -- C:\Windows\SysNative\drivers\CHDRT64.sys (Conexant Systems Inc.)
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (k57nd60a) Broadcom NetLink (TM) -- C:\Windows\SysNative\drivers\k57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (L1E) NDIS Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller(NDIS6.20) -- C:\Windows\SysNative\drivers\L1E62x64.sys (Atheros Communications, Inc.)
DRV:64bit: - (SrvHsfV92) -- C:\Windows\SysNative\drivers\VSTDPV6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfWinac) -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfHDA) -- C:\Windows\SysNative\drivers\VSTAZL6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (NTIDrvr) -- C:\Windows\SysNative\drivers\NTIDrvr.sys (NewTech Infosystems, Inc.)
DRV:64bit: - (UBHelper) -- C:\Windows\SysNative\drivers\UBHelper.sys (NewTech Infosystems Corporation)
DRV:64bit: - (AtiPcie) AMD PCI Express (3GIO) -- C:\Windows\SysNative\drivers\AtiPcie.sys (Advanced Micro Devices Inc.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (usbfilter) -- C:\Windows\SysNative\drivers\usbfilter.sys (Advanced Micro Devices)
DRV:64bit: - (sfdrv01) StarForce Protection Environment Driver (version 1.x) -- C:\Windows\SysNative\drivers\sfdrv01.sys (Protection Technology (StarForce))
DRV:64bit: - (s0017unic) Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM) -- C:\Windows\SysNative\drivers\s0017unic.sys (MCCI Corporation)
DRV:64bit: - (s0017obex) -- C:\Windows\SysNative\drivers\s0017obex.sys (MCCI Corporation)
DRV:64bit: - (s0017mdm) -- C:\Windows\SysNative\drivers\s0017mdm.sys (MCCI Corporation)
DRV:64bit: - (s0017mgmt) Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM) -- C:\Windows\SysNative\drivers\s0017mgmt.sys (MCCI Corporation)
DRV:64bit: - (s0017nd5) Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS) -- C:\Windows\SysNative\drivers\s0017nd5.sys (MCCI Corporation)
DRV:64bit: - (s0017mdfl) -- C:\Windows\SysNative\drivers\s0017mdfl.sys (MCCI Corporation)
DRV:64bit: - (s0017bus) Sony Ericsson Device 0017 driver (WDM) -- C:\Windows\SysNative\drivers\s0017bus.sys (MCCI Corporation)
DRV:64bit: - (sfvfs02) StarForce Protection VFS Driver (version 2.x) -- C:\Windows\SysNative\drivers\sfvfs02.sys (Protection Technology (StarForce))
DRV:64bit: - (sfsync02) StarForce Protection Synchronization Driver (version 2.x) -- C:\Windows\SysNative\drivers\sfsync02.sys (Protection Technology)
DRV:64bit: - (sfhlp02) StarForce Protection Helper Driver (version 2.x) -- C:\Windows\SysNative\drivers\sfhlp02.sys (Protection Technology (StarForce))
DRV - (RSUSBSTOR) -- C:\Windows\SysWOW64\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (ASPI) -- C:\Windows\SysWOW64\drivers\ASPI32.SYS (Adaptec)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&m=easynote_tj71&r=27360310j0c6l0330z195f4901w53q
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&m=easynote_tj71&r=27360310j0c6l0330z195f4901w53q
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&m=easynote_tj71&r=27360310j0c6l0330z195f4901w53q
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&m=easynote_tj71&r=27360310j0c6l0330z195f4901w53q
IE - HKLM\..\URLSearchHook:  - No CLSID value found
IE - HKLM\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files (x86)\Winload\prxtbWin0.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKLM\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files (x86)\softonic-de3\prxtbsof2.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {fc01c2be-850b-4115-9b6b-9a427ddecc34} - C:\Program Files (x86)\jetztspielenob.de\prxtbjet0.dll (Conduit Ltd.)
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&m=easynote_tj71&r=27360310j0c6l0330z195f4901w53q
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://search.msn.com/spbasic.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.babylon.com/?babsrc=HP_ss&affID=101434&mntrId=a60ef39f000000000000761a04a8f530
IE - HKCU\..\URLSearchHook:  - No CLSID value found
IE - HKCU\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files (x86)\Winload\prxtbWin0.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files (x86)\softonic-de3\prxtbsof2.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {fc01c2be-850b-4115-9b6b-9a427ddecc34} - C:\Program Files (x86)\jetztspielenob.de\prxtbjet0.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: ""
FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..browser.search.defaultthis.engineName: "Winload Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.order.1: ""
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledItems: sparweltgutscheinewl@sparwelt.de:1.0
FF - prefs.js..extensions.enabledItems: {40c3cc16-7269-4b32-9531-17f2950fb06f}:2.5.6.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.6.20090220
FF - prefs.js..extensions.enabledItems: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065}:2.7.1.3
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..keyword.URL: "hxxp://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=a60ef39f000000000000761a04a8f530&tlver=1.4.35.10&affID=101434"
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@logitech.com/HarmonyRemote,version=1.0.0: C:\Program Files (x86)\Logitech\Harmony Remote Driver\NprtHarmonyPlugin.dll (Logitech Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@zylom.com/ZylomGamesPlayer: C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll (Zylom)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.10.11 15:29:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.10.11 15:29:42 | 000,000,000 | ---D | M]
 
[2010.03.01 20:45:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Georg\AppData\Roaming\mozilla\Extensions
[2012.02.04 14:40:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Georg\AppData\Roaming\mozilla\Firefox\Profiles\ureqjrfs.default\extensions
[2012.01.18 19:43:29 | 000,000,000 | ---D | M] (Winload Community Toolbar) -- C:\Users\Georg\AppData\Roaming\mozilla\Firefox\Profiles\ureqjrfs.default\extensions\{40c3cc16-7269-4b32-9531-17f2950fb06f}
[2012.01.26 18:19:30 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Georg\AppData\Roaming\mozilla\Firefox\Profiles\ureqjrfs.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011.11.18 16:11:04 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Georg\AppData\Roaming\mozilla\Firefox\Profiles\ureqjrfs.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2010.10.29 18:07:54 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Georg\AppData\Roaming\mozilla\Firefox\Profiles\ureqjrfs.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.05.08 18:11:05 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Georg\AppData\Roaming\mozilla\Firefox\Profiles\ureqjrfs.default\extensions\engine@conduit.com
[2011.12.31 00:44:35 | 000,000,000 | ---D | M] (Gutscheinrausch.de) -- C:\Users\Georg\AppData\Roaming\mozilla\Firefox\Profiles\ureqjrfs.default\extensions\mail@gutscheinrausch.de
[2011.12.31 00:50:14 | 000,000,000 | ---D | M] (Yontoo Layers) -- C:\Users\Georg\AppData\Roaming\mozilla\Firefox\Profiles\ureqjrfs.default\extensions\plugin@yontoo.com
[2010.03.13 20:19:14 | 000,000,000 | ---D | M] (WINLOAD-Gutschein-Alarm) -- C:\Users\Georg\AppData\Roaming\mozilla\Firefox\Profiles\ureqjrfs.default\extensions\sparweltgutscheinewl@sparwelt.de
[2011.01.21 14:58:05 | 000,002,395 | ---- | M] () -- C:\Users\Georg\AppData\Roaming\Mozilla\Firefox\Profiles\ureqjrfs.default\searchplugins\askcom.xml
[2010.01.21 16:17:44 | 000,000,917 | ---- | M] () -- C:\Users\Georg\AppData\Roaming\Mozilla\Firefox\Profiles\ureqjrfs.default\searchplugins\conduit.xml
[2012.02.10 22:33:23 | 000,000,947 | ---- | M] () -- C:\Users\Georg\AppData\Roaming\Mozilla\Firefox\Profiles\ureqjrfs.default\searchplugins\icqplugin.xml
[2011.01.27 17:50:22 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2010.06.07 16:13:31 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2011.09.09 12:29:23 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2010.06.07 16:13:16 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2006.09.26 11:03:14 | 000,098,304 | ---- | M] (Zylom) -- C:\Program Files (x86)\mozilla firefox\plugins\npzylomgamesplayer.dll
[2011.05.07 16:44:42 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.10.13 06:49:51 | 000,002,288 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
[2011.05.07 16:44:42 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011.05.07 16:44:42 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011.05.07 16:44:42 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.05.07 16:44:42 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.05.07 16:44:42 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
 
O1 HOSTS File: ([2012.02.10 14:29:14 | 000,000,126 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 filterbit.com
O1 - Hosts: 127.0.0.1 www.filterbit.com
O1 - Hosts: 127.0.0.1 vscan.novirusthanks.org
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.7.7227.1100\swg64.dll (Google Inc.)
O2 - BHO: (Winload Toolbar) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files (x86)\Winload\prxtbWin0.dll (Conduit Ltd.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O2 - BHO: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files (x86)\softonic-de3\prxtbsof2.dll (Conduit Ltd.)
O2 - BHO: (jetztspielenob.de Toolbar) - {fc01c2be-850b-4115-9b6b-9a427ddecc34} - C:\Program Files (x86)\jetztspielenob.de\prxtbjet0.dll (Conduit Ltd.)
O2 - BHO: (Yontoo Layers) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo Layers Runtime\YontooIEClient.dll (Yontoo LLC)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Winload Toolbar) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files (x86)\Winload\prxtbWin0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files (x86)\softonic-de3\prxtbsof2.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (jetztspielenob.de Toolbar) - {fc01c2be-850b-4115-9b6b-9a427ddecc34} - C:\Program Files (x86)\jetztspielenob.de\prxtbjet0.dll (Conduit Ltd.)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Winload Toolbar) - {40C3CC16-7269-4B32-9531-17F2950FB06F} - C:\Program Files (x86)\Winload\prxtbWin0.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (softonic-de3 Toolbar) - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - C:\Program Files (x86)\softonic-de3\prxtbsof2.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (jetztspielenob.de Toolbar) - {FC01C2BE-850B-4115-9B6B-9A427DDECC34} - C:\Program Files (x86)\jetztspielenob.de\prxtbjet0.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Programme\Packard Bell\Packard Bell Power Management\ePowerTray.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [cAudioFilterAgent] C:\Programme\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe (Conexant Systems, Inc.)
O4:64bit: - HKLM..\Run: [EKIJ5000StatusMonitor] C:\Windows\SysNative\spool\drivers\x64\3\EKIJ5000MUI.exe (Eastman Kodak Company)
O4:64bit: - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()
O4 - HKLM..\Run: [AdobeReader] C:\Users\Georg\AppData\Roaming\system32\system32.exe File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe (NewTech Infosystems, Inc.)
O4 - HKLM..\Run: [Camera Assistant Software] C:\Program Files (x86)\Video Web Camera\traybar.exe (Chicony)
O4 - HKLM..\Run: [Diamondback] C:\Program Files (x86)\Razer\Diamondback 3G\razerhid.exe ()
O4 - HKLM..\Run: [EasyDownloads] C:\Program Files (x86)\Easy Downloads\easydownloads.exe (hxxp://izloader.com/)
O4 - HKLM..\Run: [EKIJ5000StatusMonitor] C:\Windows\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.EXE File not found
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [PDVD8LanguageShortcut] c:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RemoteControl8] c:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKCU..\Run: [OscarEditor] C:\Program Files (x86)\MOUSE Editor\MouseEditor.exe ()
O4 - HKLM..\RunOnce: [InnoSetupRegFile.0000000001] C:\Windows\is-R6VED.exe ()
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Users\Georg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Georg\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8:64bit: - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Georg\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Free YouTube Download - C:\Users\Georg\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Georg\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html File not found
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{00607A29-634B-46D5-A6A7-C075968D13BB}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011.01.09 01:03:54 | 000,000,000 | ---D | M] - C:\Autorun -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.02.11 10:45:51 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Georg\Desktop\OTL.exe
[2012.02.11 07:37:30 | 000,000,000 | ---D | C] -- C:\TDDS
[2012.02.10 22:55:15 | 000,000,000 | ---D | C] -- C:\Users\Georg\Desktop\Logfiles
[2012.02.10 22:53:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2012.02.10 22:53:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\7-Zip
[2012.02.10 18:03:02 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Georg\Desktop\dds.scr
[2012.02.10 18:02:54 | 000,607,260 | ---- | C] (Swearware) -- C:\Users\Georg\Desktop\dds.com
[2012.02.10 17:13:45 | 000,000,000 | R--D | C] -- C:\Users\Georg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 8
[2012.02.05 20:39:19 | 000,000,000 | ---D | C] -- C:\Users\Georg\Desktop\screenshot
[2012.02.04 15:28:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012.02.04 15:24:37 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012.02.04 15:24:36 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012.02.04 15:24:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2012.01.29 16:16:09 | 000,000,000 | ---D | C] -- C:\Users\Georg\AppData\Roaming\Regensoft
[2012.01.23 17:39:53 | 000,000,000 | ---D | C] -- C:\Users\Georg\Desktop\Neuer Ordner
[2012.01.14 18:18:38 | 001,446,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2012.01.14 18:18:37 | 000,314,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\webio.dll
[2012.01.14 18:18:36 | 000,395,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\webio.dll
[2012.01.14 18:18:36 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspicli.dll
[2012.01.14 18:18:35 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspisrv.dll
[2012.01.14 18:18:35 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secur32.dll
[4 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[11 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[11 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.02.11 11:01:02 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.02.11 10:46:19 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Georg\Desktop\OTL.exe
[2012.02.11 07:34:47 | 000,709,968 | ---- | M] () -- C:\Windows\is-R6VED.exe
[2012.02.11 07:34:47 | 000,012,782 | ---- | M] () -- C:\Windows\is-R6VED.msg
[2012.02.11 07:34:47 | 000,001,125 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.02.11 07:34:47 | 000,000,444 | ---- | M] () -- C:\Windows\is-R6VED.lst
[2012.02.10 18:03:08 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Georg\Desktop\dds.scr
[2012.02.10 18:03:06 | 000,607,260 | ---- | M] (Swearware) -- C:\Users\Georg\Desktop\dds.com
[2012.02.10 17:23:36 | 000,017,376 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.02.10 17:23:36 | 000,017,376 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.02.10 17:13:17 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.02.10 17:12:07 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.02.10 17:11:47 | 3219,935,232 | -HS- | M] () -- C:\hiberfil.sys
[2012.02.10 17:10:12 | 000,000,194 | ---- | M] () -- C:\Users\Georg\defogger_reenable
[2012.02.10 17:09:46 | 000,050,477 | ---- | M] () -- C:\Users\Georg\Desktop\Defogger.exe
[2012.02.10 14:29:14 | 000,000,126 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012.02.10 12:45:05 | 003,337,058 | ---- | M] () -- C:\Users\Georg\Desktop\IMG_0185.JPG
[2012.02.08 19:49:03 | 000,037,815 | ---- | M] () -- C:\Users\Georg\Desktop\redhead-ginger.jpg
[2012.02.07 15:40:16 | 000,000,833 | ---- | M] () -- C:\Users\Public\Desktop\Metin2.lnk
[2012.02.04 15:44:58 | 002,526,523 | ---- | M] () -- C:\Users\Georg\Desktop\IMG_0176.JPG
[2012.02.04 15:28:21 | 000,001,795 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012.02.03 23:03:32 | 000,062,700 | ---- | M] () -- C:\Users\Georg\Desktop\i-loled.jpg
[2012.01.31 20:52:30 | 000,065,972 | ---- | M] () -- C:\Users\Georg\Desktop\Poor-T-Rex.jpg
[2012.01.29 21:14:48 | 000,057,509 | ---- | M] () -- C:\Users\Georg\Desktop\397295_248313865238793_180961571974023_636579_231525647_n.jpg
[2012.01.29 16:23:34 | 000,001,414 | ---- | M] () -- C:\Users\Georg\Desktop\Free YouTube to MP3 Converter.lnk
[2012.01.28 23:08:38 | 012,204,370 | ---- | M] () -- C:\Users\Georg\Documents\clip0105.avi
[2012.01.28 23:06:14 | 000,010,260 | ---- | M] () -- C:\Users\Georg\Documents\clip0104.avi
[2012.01.23 17:49:22 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.01.23 17:49:22 | 000,654,166 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.01.23 17:49:22 | 000,616,008 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.01.23 17:49:22 | 000,130,006 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.01.23 17:49:22 | 000,106,388 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.01.23 17:44:33 | 002,156,014 | ---- | M] () -- C:\Users\Georg\Desktop\IMG_0158.JPG
[2012.01.21 11:34:09 | 001,830,443 | ---- | M] () -- C:\Users\Georg\Desktop\Wolf.png
[2012.01.13 00:09:24 | 000,009,491 | ---- | M] () -- C:\Users\Georg\Desktop\ausbau.ods
[9 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[4 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[10 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.02.11 07:34:47 | 000,709,968 | ---- | C] () -- C:\Windows\is-R6VED.exe
[2012.02.11 07:34:47 | 000,012,782 | ---- | C] () -- C:\Windows\is-R6VED.msg
[2012.02.11 07:34:47 | 000,000,444 | ---- | C] () -- C:\Windows\is-R6VED.lst
[2012.02.10 17:10:11 | 000,000,194 | ---- | C] () -- C:\Users\Georg\defogger_reenable
[2012.02.10 17:09:44 | 000,050,477 | ---- | C] () -- C:\Users\Georg\Desktop\Defogger.exe
[2012.02.10 14:34:20 | 003,337,058 | ---- | C] () -- C:\Users\Georg\Desktop\IMG_0185.JPG
[2012.02.08 19:49:03 | 000,037,815 | ---- | C] () -- C:\Users\Georg\Desktop\redhead-ginger.jpg
[2012.02.08 17:43:30 | 000,001,125 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.02.07 15:40:16 | 000,000,833 | ---- | C] () -- C:\Users\Public\Desktop\Metin2.lnk
[2012.02.04 15:44:17 | 002,526,523 | ---- | C] () -- C:\Users\Georg\Desktop\IMG_0176.JPG
[2012.02.04 15:28:21 | 000,001,795 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012.02.03 23:03:32 | 000,062,700 | ---- | C] () -- C:\Users\Georg\Desktop\i-loled.jpg
[2012.01.31 20:52:30 | 000,065,972 | ---- | C] () -- C:\Users\Georg\Desktop\Poor-T-Rex.jpg
[2012.01.29 21:14:38 | 000,057,509 | ---- | C] () -- C:\Users\Georg\Desktop\397295_248313865238793_180961571974023_636579_231525647_n.jpg
[2012.01.29 16:23:34 | 000,001,414 | ---- | C] () -- C:\Users\Georg\Desktop\Free YouTube to MP3 Converter.lnk
[2012.01.28 23:08:21 | 012,204,370 | ---- | C] () -- C:\Users\Georg\Documents\clip0105.avi
[2012.01.28 23:06:08 | 000,010,260 | ---- | C] () -- C:\Users\Georg\Documents\clip0104.avi
[2012.01.23 18:42:08 | 002,156,014 | ---- | C] () -- C:\Users\Georg\Desktop\IMG_0158.JPG
[2012.01.21 11:34:09 | 001,830,443 | ---- | C] () -- C:\Users\Georg\Desktop\Wolf.png
[2012.01.13 00:09:22 | 000,009,491 | ---- | C] () -- C:\Users\Georg\Desktop\ausbau.ods
[2011.11.27 19:52:25 | 000,000,060 | ---- | C] () -- C:\Windows\RomeTW.ini
[2011.11.27 11:49:30 | 000,136,484 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2011.11.05 09:35:48 | 000,056,320 | ---- | C] () -- C:\Windows\SysWow64\iyvu9_32.dll
[2011.09.18 17:13:47 | 000,286,208 | ---- | C] () -- C:\Windows\SysWow64\binkw32.dll
[2011.08.08 00:30:08 | 000,061,257 | ---- | C] () -- C:\Users\Georg\AppData\Roaming\Georg3SQLite3.dll
[2011.08.07 14:57:39 | 000,011,103 | ---- | C] () -- C:\Windows\scunin.dat
[2011.08.04 00:34:22 | 000,066,872 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011.08.04 00:34:15 | 000,103,736 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011.06.04 11:48:13 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\CmdLineExt03.dll
[2011.05.20 14:18:38 | 000,000,208 | ---- | C] () -- C:\Windows\SysWow64\STSWCAD.ini
[2011.03.20 09:21:53 | 000,484,352 | ---- | C] () -- C:\Windows\SysWow64\lame_enc.dll
[2011.02.27 10:09:18 | 000,000,017 | ---- | C] () -- C:\Users\Georg\AppData\Local\resmon.resmoncfg
[2011.02.24 17:18:41 | 000,000,032 | ---- | C] () -- C:\Windows\CD_Start.INI
[2010.11.10 21:42:08 | 000,000,076 | ---- | C] () -- C:\Windows\iltwain.ini
[2010.10.23 18:14:07 | 000,003,584 | ---- | C] () -- C:\Users\Georg\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.10.16 18:36:46 | 000,001,008 | ---- | C] () -- C:\Windows\SysWow64\Hardware.ini
[2010.06.24 16:18:52 | 000,021,840 | ---- | C] () -- C:\Windows\SysWow64\SIntfNT.dll
[2010.06.24 16:18:52 | 000,017,212 | ---- | C] () -- C:\Windows\SysWow64\SIntf32.dll
[2010.06.24 16:18:52 | 000,012,067 | ---- | C] () -- C:\Windows\SysWow64\SIntf16.dll
[2010.06.05 16:22:25 | 000,000,516 | ---- | C] () -- C:\Windows\SIERRA.INI
[2010.03.01 20:45:42 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2009.12.24 01:47:43 | 000,000,481 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2009.12.24 01:46:56 | 000,001,644 | ---- | C] () -- C:\Windows\WPatchProgress.ini
[2009.12.23 17:42:29 | 000,000,033 | ---- | C] () -- C:\Windows\LaunApp.ini
[2009.12.23 17:16:03 | 000,200,704 | ---- | C] () -- C:\Windows\PLFSetI.exe
[2009.12.23 17:16:03 | 000,000,150 | ---- | C] () -- C:\Windows\PidList.ini
[2009.10.30 05:26:14 | 000,131,368 | ---- | C] () -- C:\ProgramData\FullRemove.exe
[2009.10.30 02:31:41 | 000,000,189 | ---- | C] () -- C:\Windows\Prelaunch.ini
[2009.10.30 02:31:41 | 000,000,168 | ---- | C] () -- C:\Windows\WisLangCode.ini
[2009.10.30 02:31:41 | 000,000,147 | ---- | C] () -- C:\Windows\WisPriority.ini
[2009.10.30 01:42:02 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009.07.14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009.07.14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009.07.14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.14 00:24:58 | 000,833,024 | ---- | C] () -- C:\Windows\SysWow64\user.dat
[2009.07.13 22:59:36 | 000,982,196 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2009.07.13 22:59:36 | 000,139,824 | ---- | C] () -- C:\Windows\SysWow64\igfcg500.bin
[2009.07.13 22:59:36 | 000,097,448 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin
[2009.07.13 22:59:35 | 000,417,344 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2006.06.14 10:59:54 | 000,042,016 | ---- | C] () -- C:\Windows\JSETWAIN.DLL
[2005.04.08 03:16:43 | 000,098,258 | ---- | C] () -- C:\Users\Georg\AppData\Roaming\Georglog.dat
[1997.11.10 15:18:48 | 000,010,240 | ---- | C] () -- C:\Windows\SysWow64\vidx16.dll
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:D2D4B33E
@Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:C0A4F645

< End of report >
         
--- --- ---


_________________________________________________________________

Extras:OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 11.02.2012 10:48:07 - Run 1
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\Georg\Desktop
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 1,17 Gb Available Physical Memory | 29,27% Memory free
7,99 Gb Paging File | 4,72 Gb Available in Paging File | 59,03% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 286,27 Gb Total Space | 80,75 Gb Free Space | 28,21% Space Free | Partition Type: NTFS
 
Computer Name: GEORG-PC | User Name: Georg | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{5E11C972-1E76-45FE-8F92-14E0D1140B1B}" = iTunes
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{66C10F29-31F0-4A9B-B2CF-465F488AE086}" = CorelDRAW Graphics Suite X5 - Windows Shell Extension 64 Bit
"{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1" = Revo Uninstaller Pro 2.5.3
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{75104836-CAC7-444E-A39E-3F54151942F5}" = Apple Mobile Device Support
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo Layers Runtime 1.10.01
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96F70DF8-160F-4F9C-9B9E-2A9B439B4EB9}" = Broadcom Gigabit NetLink Controller
"{A8DDE3ED-9B6A-F806-32AF-EC53A836A04F}" = ATI Catalyst Install Manager
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{B7CF178A-2F3D-0125-0D78-98EB53D92A52}" = ccc-utility64
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"CCleaner" = CCleaner
"CNXT_AUDIO_HDA" = Conexant HD Audio
"Defraggler" = Defraggler
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"SynTPDeinstKey" = Synaptics Pointing Device Driver
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{51DD370C-6690-424E-9674-5F14468B323F}" = Corel Graphics - Windows Shell Extension
"_{CE54DCE1-E00A-4D91-ACB9-A2D916C24051}" = CorelDRAW(R) Graphics Suite X5
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam(TM)
"{0695DD0E-0E07-061B-5317-1FCCEA3CA51F}" = CCC Help Czech
"{06A02948-CE93-82A0-7BD4-5FB9562136F7}" = CCC Help Japanese
"{0B6A9773-F8F8-4D3F-BCF0-029D2B87DB8A}" = Deus Ex - Invisible War
"{0B7169C2-4FC9-0454-6E6F-CDBA27D9C3CF}" = CCC Help Spanish
"{11202615-E557-4ECF-9B86-F59C81E52909}" = FIFA 10
"{117E3AE2-10D1-41C1-9FA6-F4C382F767A8}_is1" = Packard Bell GameZone Console
"{12A1B519-5934-4508-ADBD-335347B0DC87}" = Video Web Camera
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
"{196F1D70-E7F1-4C9C-9D89-BBA503EF59BB}" = wincad
"{1C08A24C-B168-407E-A826-68FAF5F20710}" = Age of Empires III - The WarChiefs
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FFA2D28-F77A-E27C-0659-F497926805AA}" = CCC Help Polish
"{20400dbd-e6db-45b8-9b6b-1dd7033818ec}" = Nero InfoTool Help
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{20D0FE9A-816F-4218-9F5E-67B4198052FF}" = MOUSE Editor
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2348b586-c9ae-46ce-936c-a68e9426e214}" = Nero StartSmart Help
"{2447500B-22D7-47BD-9B13-1A927F43A267}" = Empire Earth
"{24D9A3E0-D086-4B62-AF93-63CF6B05CB48}" = CorelDRAW Graphics Suite X5 - Custom Data
"{259C0ABB-A3B2-4D70-008F-BF7EE491B70B}" = Need for Speed™ Carbon
"{260ED378-2B8C-4831-ADAE-D0712D119AC5}" = CorelDRAW Graphics Suite X5 - VSTA
"{26945917-E053-45F6-AF98-309730CFC318}" = Visual Basic for Applications (R) Core
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 20
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{299C0434-4F4E-341F-A916-4E07AEB35E79}" = Microsoft Visual Studio Tools for Applications 2.0 Runtime
"{29BA43D8-07F9-4D78-A682-91BAAA98A302}" = Rome - Total War Anthology
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"{2C02693A-EF4F-42D1-9036-664B6C0D647E}" = Google SketchUp Pro 8
"{2E1A71D5-7897-4F3F-B0E3-B412C86A646D}" = Need for Speed™ ProStreet
"{2E97F7E8-ABDE-4E0D-B0AD-B6B4BAD89E24}" = Rome - Total War
"{336DD6B4-B100-4048-B2B7-FBA7059FD959}" = Yu-Gi-Oh! Power of Chaos JOEY THE PASSION
"{33cf58f5-48d8-4575-83d6-96f574e4d83a}" = Nero DriveSpeed
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{3472C84E-2FD0-439F-B27F-C290C1E4CD8B}" = CorelDRAW Graphics Suite X5 - Filters
"{3571656A-575D-4CED-809D-5547587121FF}" = Yu-Gi-Oh! Power of Chaos YUGI THE DESTINY
"{37DA7059-EC42-8F87-2593-AB273A13CDE4}" = CCC Help Hungarian
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Packard Bell Power Management
"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker
"{41B823D8-0E7E-4910-A171-20B91EF6D93F}" = SV ScanRaster
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{4640FDE1-B83A-4376-84ED-86F86BEE2D41}" = Driver Detective
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D43D635-6FDA-4fa5-AA9B-23CF73D058EA}" = Nero StartSmart OEM
"{4E368382-C6DF-4D2C-BB63-58987F6F808F}" = DraftSight
"{51DD370C-6690-424E-9674-5F14468B323F}" = Corel Graphics - Windows Shell Extension
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{54B8F4A1-02B0-4D32-8F37-925526C0EEC6}" = CorelDRAW Graphics Suite X5 - Connect
"{5511C07D-A83C-45AD-92B6-42DF99729A3C}" = Adobe Photoshop Elements 7.0
"{554B7217-1988-2E1E-8CAC-30CB8498DA8E}" = CCC Help Portuguese
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57400C1E-BC51-4ECE-AD2A-A6096204DDEC}" = CorelDRAW Graphics Suite X5 - VBA
"{59123CCF-FED2-46FF-9293-D1DC80042219}" = CorelDRAW Graphics Suite X5 - Redist
"{5920C2D5-2969-9BAE-E5A7-947721CFF1F1}" = CCC Help English
"{5943B7F7-678B-477E-9AEE-6E4C6962322B}" = Sparwelt.de Gutschein Alarm
"{595a3116-40bb-4e0f-a2e8-d7951da56270}" = NeroExpress
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5BDAA2F7-8E48-4AFF-AA92-B559D0CDF1AD}" = Serious Sam: The Second Encounter
"{5C8C6C22-5B84-E88C-C38C-9E66DB569600}" = CCC Help Thai
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{6122170D-F78E-182F-1D70-9187108F0AB7}" = Catalyst Control Center Graphics Light
"{62978C1C-FE2E-4A4E-851D-3EB406C9EBC2}" = CorelDRAW Graphics Suite X5 - Draw
"{62F7DA7E-CCCB-439C-A760-00C3926E761F}" = Microsoft Works
"{634F79E1-2A41-4C40-9E8D-89EC740AC9D6}" = Logitech Harmony Remote Software
"{667888E5-5D71-4312-A577-41024D32A8C8}" = Stronghold Crusader Extreme Demo
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Backup Manager Basic
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{76DAEC83-AF7B-333C-8A53-83D7C7D39199}" = Microsoft Visual Studio Tools for Applications 2.0 Runtime Language Pack - DEU
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7748ac8c-18e3-43bb-959b-088faea16fb2}" = Nero StartSmart
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79BF8F0E-A3A6-D677-F4AE-157BE4AB9E46}" = CCC Help Danish
"{7E659C5C-4DF1-499B-B802-77BAE9ABE4D4}" = Razer Diamondback 3G
"{7E9E6DC1-BE81-F3C8-2D61-F9AFADC7B2F8}" = CCC Help Chinese Standard
"{7EFE7605-8879-F08C-9EBD-F0B0EBEDE2AA}" = CCC Help French
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Packard Bell Recovery Management
"{815050E5-F545-11D4-9569-004095812ACC}" = Serious Sam: Der erste Kontakt
"{81CA0ED5-7522-01D4-2E20-018033B50087}" = CCC Help Korean
"{82809116-D1EE-443C-AE31-F19E709DDF7A}" = AMD USB Filter Driver
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110551697}" = Granny In Paradise
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112662477}" = Merriam Websters Spell Jam
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113786380}" = Heroes of Hellas
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113832110}" = Dream Day First Home
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115208410}" = First Class Flurry
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11531173}" = Farm Frenzy 2
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-117166810}" = Diner Town Tycoon
"{83202942-84b3-4c50-8622-b8c0aa2d2885}" = Nero Express Help
"{85967580-EBC2-11D4-AEA3-0050046A88ED}" = LEGO Insel 2
"{869200db-287a-4dc0-b02b-2b6787fbcd4c}" = Nero DiscSpeed
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A3DA29D-D01B-4917-B266-D9BB810B2E6A}" = RcLatheDEMO 1.0
"{8B999A44-8314-493B-877E-A1DA5B54D9B8}" = Catalyst Control Center - Branding
"{8C3727F2-8E37-49E4-820C-03B1677F53B6}" = Stronghold Crusader Extreme
"{8E87B944-4815-3C5E-947F-5035C9F64362}" = Microsoft Visual Studio Tools for Applications 2.0 Language Pack - DEU
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0017-0407-0000-0000000FF1CE}" = Microsoft Office SharePoint Designer MUI (German) 2007
"{90120000-0017-0407-0000-0000000FF1CE}_OMUI.de-de_{0B9EAEAC-F271-45DC-BDCB-06ABEEF19825}" = Microsoft Office SharePoint Designer 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_OMUI.de-de_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_OMUI.de-de_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-002A-0407-1000-0000000FF1CE}_OMUI.de-de_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_OMUI.de-de_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0100-0407-0000-0000000FF1CE}" = Microsoft Office O MUI (German) 2007
"{90120000-0100-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0101-0407-0000-0000000FF1CE}" = Microsoft Office X MUI (German) 2007
"{90120000-0101-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{909F8EBC-EC7F-48FF-0085-475D818F0F31}" = Need for Speed Underground 2
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91903291-1546-5B74-AC17-FDBBFD57D3F9}" = CCC Help Russian
"{9244E956-5939-4B88-930C-0699D4AB2B95}" = CorelDRAW Graphics Suite X5 - WT
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{9580813D-94B1-4C28-9426-A441E2BB29A5}" = Counter-Strike: Source
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{96E44EA5-13F8-491A-8EAC-67C5FA8D90B5}_is1" = Get7
"{974A6749-A030-9EC2-D200-7BD29CA886AC}" = ccc-core-static
"{983F7145-CABF-4EDD-9F3D-E06B2F024BD3}" = CorelDRAW Graphics Suite X5 - FontNav
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D77E042-7D73-0DDA-DAEF-95AD3247C63F}" = Catalyst Control Center Localization All
"{A1B04B6B-25BB-48AD-8BD9-D31A86E89F3E}" = CorelDRAW Graphics Suite X5 - PHOTO-PAINT
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{a4584eb1-2889-4dcf-abed-da4f9f6996a3}" = Nero 9 Essentials
"{A48B9CD8-C2BA-4EC9-0081-7260D238C7CF}" = Need for Speed™ Most Wanted
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A804B134-F03D-4EFD-9BC0-DCD257AA1B22}" = Hitman Blood Money
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA404934-A326-AC94-154A-73F65B2DBEFE}" = CCC Help Finnish
"{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}" = Microsoft Visual Studio Tools for Applications 2.0 - ENU
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.3.3 MUI
"{AED8DCDF-045F-43FE-BE9B-0AD727F58E5D}" = RcCADtoCNC
"{B04FC2D5-AE5C-1526-69B8-7121BD8CE3B1}" = CCC Help Swedish
"{B1C45394-E332-23F3-35EE-4086C5167C29}" = Catalyst Control Center Core Implementation
"{b2ec4a38-b545-4a00-8214-13fe0e915e6d}" = Advertising Center
"{B399C91E-96F2-4265-9884-1C9A10E9FCF4}" = CorelDRAW Graphics Suite X5
"{B3B2E45F-A0FC-47C6-B399-72D9D8482C8A}" = Visual Basic for Applications (R) Core - German
"{B6C21804-0E6C-D4E6-0CF1-4E7F96AAE930}" = CCC Help Turkish
"{bd5ca0da-71ad-43da-b19e-6eee0c9adc9a}" = Nero ControlCenter
"{BDC96E64-A010-4341-A072-47EFDBD6CFBA}" = Stronghold Crusader Demo
"{BF59CB97-0475-8CDC-1DEB-F6565D3868FA}" = CCC Help Greek
"{C3A68A9A-2541-6171-3092-09C8AFAC4924}" = CCC Help Italian
"{C43C1415-3DFC-4089-9A32-0BECF28A6046}" = Age of Empires III - The Asian Dynasties
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C5C8DE40-1AB7-11D4-854E-00A0C99F6AF9}" = LEGO Alpha Team
"{CA3861BA-1D96-4D66-B577-318E1602C4F3}" = CorelDRAW Graphics Suite X5 - Common
"{CB6075D9-F912-40AE-BEA6-E590DA24F16B}" = Adobe Photoshop Elements 7.0
"{cc019e3f-59d2-4486-8d4b-878105b62a71}" = Nero DiscSpeed Help
"{CE54DCE1-E00A-4D91-ACB9-A2D916C24051}" = CorelDRAW Graphics Suite X5 - Setup Files
"{D4C3DAFC-2F7A-E7A9-89D1-70E53F44D231}" = Catalyst Control Center InstallProxy
"{D596EEA2-C6C8-45D3-89DF-FA2DBE99F829}" = Visual Basic for Applications (R) Core - English
"{D642FF8D-438D-4545-A1D5-2EDB4BCAE3BA}" = CorelDRAW Graphics Suite X5 - Photozoom Plugin
"{D6782F44-58DB-4DE5-A65C-890320CF3F99}" = Prince of Persia The Two Thrones
"{dba84796-8503-4ff0-af57-1747dd9a166d}" = Nero Online Upgrade
"{DCF22E37-A8B6-4F78-9D61-3BCB5ED38A50}" = CorelDRAW Graphics Suite X5 - DE
"{DCF9791F-07F7-3FE8-E639-22EAE582C244}" = CCC Help Norwegian
"{DE6CBC04-8673-4DBA-BA81-07F1639CEB5F}" = CorelDRAW Graphics Suite X5 - IPM
"{DF55BE26-C1EC-11D7-9E00-0004769EEFEB}" = Medicalat
"{DFFC0648-BC4B-47D1-93D2-6CA6B9457641}" = OpenOffice.org 3.2
"{DFFE2B1F-07E0-45A9-8801-CD8514CAA876}" = Prince of Persia T2T
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E0B19DF7-B1C7-4937-82C4-0E4B1E346965}" = eBay Worldwide
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{e5c7d048-f9b4-4219-b323-8bdb01a2563d}" = Nero DriveSpeed Help
"{e8a80433-302b-4ff1-815d-fcc8eac482ff}" = Nero Installer
"{EB7879B9-891A-2502-1CAC-4D328A7DA434}" = Catalyst Control Center Graphics Full Existing
"{EC3102A1-F7D5-F4D7-0BBE-E9A336852DD5}" = CCC Help Dutch
"{EDB98D5A-A6FB-425C-BFB7-51A0924B762D}" = CorelDRAW Graphics Suite X5 - Capture
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Packard Bell Updater
"{EE5BC0BB-9EDA-423C-8276-48857B735D68}" = Prince of Persia Warrior Within
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{f4041dce-3fe1-4e18-8a9e-9de65231ee36}" = Nero ControlCenter
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FA03EF4C-DE79-C463-6B50-AAC28A9A64FD}" = Catalyst Control Center Graphics Full New
"{FAAAA82D-E8FE-04C8-72D5-619A2632E1DF}" = CCC Help Chinese Traditional
"{fbcdfd61-7dcf-4e71-9226-873ba0053139}" = Nero InfoTool
"{FCB13E0B-09AD-7133-0B7E-52A157C6582E}" = CCC Help German
"{FE4B83DE-85CF-4DE5-90CE-A2735A0E1F21}" = CorelDRAW Graphics Suite X5 - VideoBrowser
"{FF39FC01-819B-42E4-AE49-1968AF12DDD4}" = Dawn of War - Dark Crusade
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"4Musics MP3 to WMA Converter 4.3_is1" = 4Musics MP3 to WMA Converter 4.3
"7-Zip" = 7-Zip 9.20
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Photoshop Elements 7" = Adobe Photoshop Elements 7.0
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Algebrator_is1" = Algebrator 4.0
"Alive 3GP Video Converter_is1" = Alive 3GP Video Converter (version 2.1.2.6)
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"AviSynth" = AviSynth 2.5
"BFG-Master of Defense" = Master of Defense
"CAD X11 Demo" = CAD X11 Demo
"CadStd" = CadStd
"DivX Setup.divx.com" = DivX-Setup
"DSGPlayer" = DEUTSCHLAND SPIELT GAME CENTER
"ESET Online Scanner" = ESET Online Scanner v3
"Feeding Frenzy Deluxe" = Feeding Frenzy Deluxe
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4
"Free Mp3 Wma Converter_is1" = Free Mp3 Wma Converter V 1.93
"Free Video to iPhone Converter_is1" = Free Video to iPhone Converter version 5.0.3.1206
"Free WMA to MP3 Converter_is1" = Free WMA to MP3 Converter 1.16
"Free YouTube Download_is1" = Free YouTube Download version 2.10.33.324
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.15.1228
"GameSpy Arcade" = GameSpy Arcade
"Google Chrome" = Google Chrome
"GooseGogs 1.2" = GooseGogs 1.2
"GTWorks Demo" = GTWorks Demo
"Happyland Adventures - Xmas Edition_is1" = Happyland Adventures - Xmas Edition v1.3
"Hitman 2: Silent Assassin" = Hitman 2: Silent Assassin
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HyperCam 2" = HyperCam 2
"ICQToolbar" = ICQ Toolbar
"Identity Card" = Identity Card
"Inkscape" = Inkscape 0.47
"InstallShield_{1C08A24C-B168-407E-A826-68FAF5F20710}" = Age of Empires III - The WarChiefs
"InstallShield_{20D0FE9A-816F-4218-9F5E-67B4198052FF}" = Mouse Editor
"InstallShield_{29BA43D8-07F9-4D78-A682-91BAAA98A302}" = Rome - Total War Anthology
"InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Packard Bell MyBackup
"InstallShield_{C43C1415-3DFC-4089-9A32-0BECF28A6046}" = Age of Empires III - The Asian Dynasties
"Intelore - RAR Password Recovery" = RAR Password Recovery v1.1 RC17 (remove only)
"IrfanView" = IrfanView (remove only)
"IsoBuster_is1" = IsoBuster 2.8
"jetztspielenob.de Toolbar" = jetztspielenob.de Toolbar
"KainUninstallKey" = Legacy of Kain
"Legacy of Kain: Defiance" = Legacy of Kain: Defiance 1.1
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.60.1.1000
"Master Of Defense_is1" = Master Of Defense 1.67e
"Metaboli" = Metaboli
"Metin2_is1" = Metin2
"Monopoly Deluxe" = Monopoly Deluxe
"Mozilla Firefox 6.0.2 (x86 de)" = Mozilla Firefox 6.0.2 (x86 de)
"Mp3tag" = Mp3tag v2.48
"OMUI.de-de" = Microsoft Office Language Pack 2007 - German/Deutsch
"Origin" = Origin
"Packard Bell InfoCentre" = Packard Bell InfoCentre
"Packard Bell Registration" = Packard Bell Registration
"Packard Bell Welcome Center" = Welcome Center
"PackardBell Screensaver" = PackardBell ScreenSaver
"PDF to DXF JPG TIFF Converter_is1" = PDF to DXF JPG TIFF Converter
"Pharao" = Pharao
"Pharaoh" = Pharao
"PicMaster" = PicMaster
"RAR Password Cracker" = RAR Password Cracker 4.12
"softonic-de3 Toolbar" = softonic-de3 Toolbar
"SprayR" = SprayR 1.0 RC7b
"Starcraft" = Starcraft
"SystemRequirementsLab" = System Requirements Lab
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"Thandor - Die Invasion" = Thandor - Die Invasion
"Tux Racer" = Tux Racer
"Uninstall_is1" = Uninstall 1.0.0.1
"Urban Assault 1.0" = Microsoft Urban Assault
"Videora iPhone Converter" = Videora iPhone Converter 6
"VirtualCloneDrive" = VirtualCloneDrive
"VLC media player" = VLC media player 1.0.5
"Winamp" = Winamp
"WinGimp-2.0_is1" = GIMP 2.6.11
"WinLiveSuite_Wave3" = Windows Live Essentials
"Winload Toolbar" = Winload Toolbar
"WinRAR archiver" = WinRAR
"WOLAPI" = Gemeinsam genutzte Internet-Komponenten von Westwood
"YouTube Downloader App" = YouTube Downloader App 3.00
"Youtube Music Downloader_is1" = Youtube Music Downloader V3.2
"Zoo Tycoon 2" = Zoo Tycoon 2
"Zoo Tycoon 2 Trial Version" = Zoo Tycoon 2 Trial Version
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Feeding Frenzy Deluxe" = Feeding Frenzy Deluxe
"TeamSpeak 3 Client" = TeamSpeak 3 Client
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 14.12.2011 15:30:51 | Computer Name = Georg-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 14.12.2011 15:30:51 | Computer Name = Georg-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 14.12.2011 16:03:13 | Computer Name = Georg-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 14.12.2011 16:03:14 | Computer Name = Georg-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 14.12.2011 17:00:17 | Computer Name = Georg-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 14.12.2011 17:00:17 | Computer Name = Georg-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 14.12.2011 18:22:26 | Computer Name = Georg-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 14.12.2011 18:22:26 | Computer Name = Georg-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 14.12.2011 19:50:54 | Computer Name = Georg-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 14.12.2011 19:50:54 | Computer Name = Georg-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
[ Media Center Events ]
Error - 20.10.2011 13:27:30 | Computer Name = Georg-PC | Source = MCUpdate | ID = 0
Description = 19:27:25 - Fehler beim Herstellen der Internetverbindung.  19:27:25 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 21.10.2011 11:04:12 | Computer Name = Georg-PC | Source = MCUpdate | ID = 0
Description = 17:04:12 - Fehler beim Herstellen der Internetverbindung.  17:04:12 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 21.10.2011 11:04:30 | Computer Name = Georg-PC | Source = MCUpdate | ID = 0
Description = 17:04:17 - Fehler beim Herstellen der Internetverbindung.  17:04:17 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 19.11.2011 07:13:45 | Computer Name = Georg-PC | Source = MCUpdate | ID = 0
Description = 12:13:41 - Fehler beim Herstellen der Internetverbindung.  12:13:41 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 25.11.2011 11:31:28 | Computer Name = Georg-PC | Source = MCUpdate | ID = 0
Description = 16:31:28 - Fehler beim Herstellen der Internetverbindung.  16:31:28 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 25.11.2011 11:32:04 | Computer Name = Georg-PC | Source = MCUpdate | ID = 0
Description = 16:31:58 - Fehler beim Herstellen der Internetverbindung.  16:31:58 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 25.11.2011 12:33:30 | Computer Name = Georg-PC | Source = MCUpdate | ID = 0
Description = 17:33:30 - Fehler beim Herstellen der Internetverbindung.  17:33:30 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 25.11.2011 12:36:29 | Computer Name = Georg-PC | Source = MCUpdate | ID = 0
Description = 17:36:07 - MCEClientUX konnte nicht abgerufen werden (Fehler: Der 
Remotename konnte nicht aufgelöst werden: 'data.tvdownload.microsoft.com')  
 
Error - 25.11.2011 12:38:11 | Computer Name = Georg-PC | Source = MCUpdate | ID = 0
Description = 17:38:09 - Broadband konnte nicht abgerufen werden (Fehler: Timeout
 für Vorgang überschritten)  
 
Error - 18.12.2011 11:13:37 | Computer Name = Georg-PC | Source = MCUpdate | ID = 0
Description = 16:13:18 - Fehler beim Herstellen der Internetverbindung.  16:13:19 
-     Serververbindung konnte nicht hergestellt werden..  
 
[ System Events ]
Error - 10.02.2012 07:23:08 | Computer Name = Georg-PC | Source = atikmdag | ID = 43029
Description = Display is not active
 
Error - 10.02.2012 08:23:20 | Computer Name = Georg-PC | Source = atikmdag | ID = 43029
Description = Display is not active
 
Error - 10.02.2012 11:41:12 | Computer Name = Georg-PC | Source = atikmdag | ID = 43029
Description = Display is not active
 
Error - 10.02.2012 12:11:37 | Computer Name = Georg-PC | Source = Application Popup | ID = 875
Description = Treiber sfsync02.sys konnte nicht geladen werden.
 
Error - 10.02.2012 12:12:01 | Computer Name = Georg-PC | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter
 
Error - 10.02.2012 12:12:01 | Computer Name = Georg-PC | Source = atikmdag | ID = 43029
Description = Display is not active
 
Error - 10.02.2012 12:15:11 | Computer Name = Georg-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Oberon Media Game Console service erreicht.
 
Error - 10.02.2012 12:15:11 | Computer Name = Georg-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Oberon Media Game Console service" wurde aufgrund folgenden
 Fehlers nicht gestartet:   %%1053
 
Error - 10.02.2012 12:15:42 | Computer Name = Georg-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Avira AntiVir Guard" wurde unerwartet beendet. Dies ist
 bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 0 Millisekunden
 durchgeführt: Neustart des Diensts.
 
Error - 10.02.2012 12:15:42 | Computer Name = Georg-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   sfsync02
 
 
< End of report >
         
--- --- ---
__________________

Alt 11.02.2012, 15:14   #4
Chris4You
 
google links werden umgeleitet - Standard

google links werden umgeleitet



Hi,

was hast Du hier installiert?
[2012.02.11 07:34:47 | 000,709,968 | ---- | C] () -- C:\Windows\is-R6VED.exe
[2012.02.11 07:34:47 | 000,012,782 | ---- | C] () -- C:\Windows\is-R6VED.msg
[2012.02.11 07:34:47 | 000,000,444 | ---- | C] () -- C:\Windows\is-R6VED.lst

Die ursprüngliche Datei ist weg, hast Du sie gelöscht?

Dann unbedingt MAM updaten und Fullscan, nicht Quick-Scan!

Fix für OTL:
  • Doppelklick auf die OTL.exe, um das Programm auszuführen.
  • Vista/Win7-User bitte per Rechtsklick und "Ausführen als Administrator" starten.
  • Kopiere den Inhalt der folgenden Codebox komplett in die OTL-Box unter "Custom Scan/Fixes"
Code:
ATTFilter
:OTL
IE - HKLM\..\URLSearchHook:  - No CLSID value found
IE - HKCU\..\URLSearchHook:  - No CLSID value found
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O4 - HKLM..\Run: [AdobeReader] C:\Users\Georg\AppData\Roaming\system32\system32.exe File not found
@Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:D2D4B33E
@Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:C0A4F645

:Commands
[emptytemp]
[Reboot]
         
  • Den roten Run Fixes! Button anklicken.
  • Bitte alles aus dem Ergebnisfenster (Results) herauskopieren.
  • Eine Kopie eines OTL-Fix-Logs wird in einer Textdatei in folgendem Ordner gespeichert:
  • %systemroot%\_OTL

Was macht der Rechner? Noch was zu bemerken?

chris
__________________
Don't bring me down
Vor dem posten beachten!
Spenden
(Wer spenden will, kann sich gerne melden )

Alt 12.02.2012, 09:09   #5
RatzoR
 
google links werden umgeleitet - Standard

google links werden umgeleitet



Ich weiß nicht was da installiert ist und gelöscht hab ich da auch nix weil ich mich mit sowas eh nicht auskenn und normalerweise die finger von sowas lasse.
Das Problem ist immer noch da.



Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Datenbank Version: v2012.02.11.06

Windows 7 x64 NTFS
Internet Explorer 8.0.7600.16385
Georg :: GEORG-PC [Administrator]

Schutz: Aktiviert

11.02.2012 23:49:28
mbam-log-2012-02-11 (23-49-28).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 533793
Laufzeit: 4 Stunde(n), 16 Minute(n), 36 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)


______________________________________________________________
All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeReader deleted successfully.
ADS C:\ProgramData\Temp2D4B33E deleted successfully.
ADS C:\ProgramData\Temp:C0A4F645 deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: AppData

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Georg
->Temp folder emptied: 5329419 bytes
->Temporary Internet Files folder emptied: 6125681 bytes
->Java cache emptied: 2030937 bytes
->FireFox cache emptied: 90183157 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 12534 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 710080 bytes
%systemroot%\System32 .tmp files removed: 181760 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 6746850 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 84551 bytes
RecycleBin emptied: 27939395 bytes

Total Files Cleaned = 133,00 mb


OTL by OldTimer - Version 3.2.31.0 log created on 02112012_154157

Files\Folders moved on Reboot...
C:\Users\Georg\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...


Alt 12.02.2012, 16:12   #6
Chris4You
 
google links werden umgeleitet - Standard

google links werden umgeleitet



Hi,

bei allen Browsern?

TDSS-Killer
Download und Anweisung unter: Wie werden Schadprogramme der Familie Rootkit.Win32.TDSS bekämpft?
Entpacke alle Dateien in einem eigenen Verzeichnis (z. B: C:\TDSS)!
Aufruf über den Explorer duch Doppelklick auf die TDSSKiller.exe.
Nach dem Start erscheint ein Fenster, dort dann "Start Scan".
Wenn der Scan fertig ist bitte "Report" anwählen. Es öffnet sich ein Fenster, den Text abkopieren und hier posten...

chris
__________________
--> google links werden umgeleitet

Alt 12.02.2012, 16:18   #7
RatzoR
 
google links werden umgeleitet - Standard

google links werden umgeleitet



ja war bei allen browsern

aber ich hab pc inzwischen ganz platt gemacht

aber vielen vielen dank für die schnelle und kompetente hilfe =)

ihr macht das echt gut hier

Antwort

Themen zu google links werden umgeleitet
dubiose, explorer, folge, folgendes, geschlossen, google, google links, inter, interne, internetexplorer, klicke, konnte, link, links, problem, seite, seiten, spiele, spielen, suche, tagen, taskma, taskmanager, umgeleitet, virus, wichtig




Ähnliche Themen: google links werden umgeleitet


  1. Windows 7: Google Links werden auf Werbung umgeleitet.
    Log-Analyse und Auswertung - 27.09.2013 (11)
  2. google links werden zu anderen suchmaschinen umgeleitet
    Log-Analyse und Auswertung - 11.07.2013 (27)
  3. Google Links werden umgeleitet (ihavenet/newsbuster)
    Log-Analyse und Auswertung - 09.07.2013 (55)
  4. Google-Links werden umgeleitet
    Plagegeister aller Art und deren Bekämpfung - 12.07.2012 (22)
  5. Links auf Google werden umgeleitet, Antivirenprogramm fehlerhaft
    Plagegeister aller Art und deren Bekämpfung - 12.10.2011 (66)
  6. Dringend! Google Links werden umgeleitet - OTL & GMER werden von Virus beendet
    Plagegeister aller Art und deren Bekämpfung - 25.07.2011 (1)
  7. google links werden umgeleitet
    Plagegeister aller Art und deren Bekämpfung - 17.03.2011 (18)
  8. Links von Google werden ständig umgeleitet
    Plagegeister aller Art und deren Bekämpfung - 28.10.2010 (1)
  9. Google Suchergebnisse und Links werden umgeleitet
    Log-Analyse und Auswertung - 24.09.2010 (16)
  10. google links werden falsch umgeleitet
    Plagegeister aller Art und deren Bekämpfung - 29.04.2010 (7)
  11. Links von Google und weiteren Seiten werden umgeleitet
    Log-Analyse und Auswertung - 05.01.2010 (3)
  12. Google suche: Links werden auf Werbeseiten umgeleitet
    Log-Analyse und Auswertung - 03.12.2009 (4)
  13. Google Links werden umgeleitet
    Log-Analyse und Auswertung - 14.05.2009 (0)
  14. Links in Google werden umgeleitet
    Log-Analyse und Auswertung - 26.12.2008 (1)
  15. Google und Yahoo links werden umgeleitet
    Log-Analyse und Auswertung - 13.12.2008 (1)
  16. Google Links werden umgeleitet
    Log-Analyse und Auswertung - 09.09.2008 (5)
  17. Google links werden umgeleitet
    Log-Analyse und Auswertung - 02.10.2006 (4)

Zum Thema google links werden umgeleitet - Also ich hab folgendes Problem: wenn ich bei Google was suche und dann auf den Link klicke dann werde ich auf dubiose Seiten umgeleitet (hab die meistens gleich wieder geschlossen - google links werden umgeleitet...
Archiv
Du betrachtest: google links werden umgeleitet auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.