PC sehr langsam - Virusverdacht

urbi28 · 18.03.2012, 21:30

Schönen guten Abend,

seit einiger Zeit ist mein PC sehr langsam geworden, woraufhin ich versucht habe ihn etwas zu entmüllen und ein Virusprogramm(ESET) durchlaufen zu lassen, was auch ein paar Funde hatte, welche ich daraufhin vom virusporgramm löschen ließ. Seitdem ist es jedoch kein bisschen besser geworden, hab eher das Gefühl das es ein wenig schlechter geworden ist. Zum entmüllen nutze ich ccleaner. Ich lasse auch darin mein PC nach Registry-fehlern überprüfen und behebe diese, falls notwendig. Ist das eventuell ein Problem?
Weiterhin erscheint seit 2 Tagen nach dem Hochfahren eine Fundmeldung von ESET über WlanGUI.exe. Diese soll ein möglicher Trojaner sein und Probleme im Arbeitsspeicher verursachen. Ein säubern der Datei ist nicht möglich. Diese Exe ist von meinem Fritz WLan Stick.
Meine Bitte ist, ob sich vielleicht ein kluger Kopf kurz meine Logfiles anschauen kann (die ich gemäß der Anleitung in diesem Board erstellt habe) und mir vielleicht einen Rat geben könnte, wie ich vorgehen kann, um mein PC wieder flott zu kriegen.
Über konstruktive Kommentare bin ich sehr dankbar

DDS.txt

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.6001.19190 BrowserJavaVersion: 1.6.0_29
Run by Urbi at 20:47:04 on 2012-03-18
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.6141.4699 [GMT 1:00]
.
AV: ESET NOD32 Antivirus 5.0 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET NOD32 Antivirus 5.0 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\spool\DRIVERS\x64\3\HP1006MC.EXE
C:\Program Files (x86)\ABBYY PDF Transformer 3.0\NetworkLicenseServer.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\avmwlanstick\WlanNetService.exe
C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Program Files\ESET\x86\ekrn.exe
C:\Program Files (x86)\Nero\Update\NASvc.exe
C:\Program Files\Common Files\Nitro PDF\Reader\1.0\NitroPDFReaderDriverServicex64.exe
C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\SysWOW64\PSIService.exe
C:\Program Files\ESET\egui.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Dell\DellDock\DellDock.exe
C:\Program Files (x86)\avmwlanstick\WLanGUI.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\System32\mobsync.exe
C:\Windows\SysWOW64\TSTheme.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\SysWOW64\conime.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page =
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2269050
uInternet Settings,ProxyOverride = fritz.box
uURLSearchHooks: DVDVideoSoft Toolbar: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files (x86)\DVDVideoSoft\tbDVDV.dll
mURLSearchHooks: DVDVideoSoft Toolbar: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files (x86)\DVDVideoSoft\tbDVDV.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
BHO: IE5BarLauncherBHO Class: {78f3a323-798e-4aea-9a57-88f4b05fd5dd} - C:\Program Files (x86)\vShare.tv plugin\BarLcher.dll
BHO: Windows Live Anmelde-Hilfsprogramm: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: DVDVideoSoft Toolbar: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files (x86)\DVDVideoSoft\tbDVDV.dll
BHO: dossec.dossec.dossec: {ee1babcf-cbe2-4c07-8e18-dfe6fc08c30a} - mscoree.dll
TB: DVDVideoSoft Toolbar: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files (x86)\DVDVideoSoft\tbDVDV.dll
TB: VShareToolBar: {7ac3e13b-3bca-4158-b330-f66dbb03c1b5} - C:\Program Files (x86)\vShare.tv plugin\BarLcher.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB: {EEE6C35B-6118-11DC-9C72-001320C79847} - No File
uRun: [Userinit] C:\Users\Urbi\AppData\Roaming\appconf32.exe
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun: [AVMWlanClient] "C:\Program Files (x86)\avmwlanstick\wlangui.exe"
mRun: [<NO NAME>]
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\Users\Urbi\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\DELLDO~1.LNK - C:\Program Files (x86)\Dell\DellDock\DellDock.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\UPDATE~1.LNK - C:\Program Files (x86)\ESET\MiNODLogin\MiNODLogin.exe
uPolicies-explorer: TaskbarNoNotification = 1 (0x1)
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: EnableLinkedConnections = 1 (0x1)
IE: An OneNote s&enden - C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: Free YouTube Download - C:\Users\Urbi\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Free YouTube to Mp3 Converter - C:\Users\Urbi\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm
IE: Nach Microsoft E&xcel exportieren - C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
TCP: DhcpNameServer = 213.191.74.18 62.109.123.196 192.168.0.1
TCP: Interfaces\{A98E5A04-EDD5-446B-A108-44249A35FAD2} : DhcpNameServer = 213.191.74.18 62.109.123.196 192.168.0.1
TCP: Interfaces\{C734FC4C-9BA2-47E7-BE95-35087AA68768} : DhcpNameServer = 192.168.42.129
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
mASetup: {9C450606-ED24-4958-92BA-B8940C99D441} - C:\Program Files (x86)\PixiePack Codec Pack\InstallerHelper.exe
{18DF081C-E8AD-4283-A596-FA578C2EBDC3}
{326E768D-4182-46FD-9C16-1449A49795F4}
BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
{72853161-30C5-4D22-B7F9-0BBC1D38A37E}
{78F3A323-798E-4AEA-9A57-88F4B05FD5DD}
{9030D464-4C02-4ABF-8ECC-5164760863C6}
{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
{B4F3A835-0E21-4959-BA22-42B3008E02FF}
{d2ce3e00-f94a-4740-988e-03dc2f38c34f}
{DBC80044-A445-435b-BC74-9C25C1C588A9}
{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}
{ee1babcf-cbe2-4c07-8e18-dfe6fc08c30a}
{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}
{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5}
{8dcb7100-df86-4384-8842-8fa844297b3f}
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB-X64: {EEE6C35B-6118-11DC-9C72-001320C79847} - No File
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun-x64: [AVMWlanClient] "C:\Program Files (x86)\avmwlanstick\wlangui.exe"
mRun-x64: [(Standard)]
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
IE-X64: {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe
SEH-X64: {B5A7F190-DDA6-4420-B3BA-52453494E6CD}: Groove GFS Stub Execution Hook
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Urbi\AppData\Roaming\Mozilla\Firefox\Profiles\qwhto5xt.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - www.google.de
FF - plugin: C:\Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Firefox\plugins\nplv86win32.dll
FF - plugin: C:\Firefox\plugins\npvsharetvplg.dll
FF - plugin: C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\npBrowserPlugin.dll
FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 NBVol;Nero Backup Volume Filter Driver;C:\Windows\system32\DRIVERS\NBVol.sys --> C:\Windows\system32\DRIVERS\NBVol.sys [?]
R0 NBVolUp;Nero Backup Volume Upper Filter Driver;C:\Windows\system32\DRIVERS\NBVolUp.sys --> C:\Windows\system32\DRIVERS\NBVolUp.sys [?]
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R1 ehdrv;ehdrv;C:\Windows\system32\DRIVERS\ehdrv.sys --> C:\Windows\system32\DRIVERS\ehdrv.sys [?]
R1 mfehidk;McAfee Inc. mfehidk;C:\Windows\system32\drivers\mfehidk.sys --> C:\Windows\system32\drivers\mfehidk.sys [?]
R1 VBoxDrv;VirtualBox Service;C:\Windows\system32\DRIVERS\VBoxDrv.sys --> C:\Windows\system32\DRIVERS\VBoxDrv.sys [?]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver;C:\Windows\system32\DRIVERS\VBoxUSBMon.sys --> C:\Windows\system32\DRIVERS\VBoxUSBMon.sys [?]
R2 ABBYY.Licensing.PDFTransformer.Classic.3.0;ABBYY PDF Transformer 3.0 - Lizenzierungsdienst;C:\Program Files (x86)\ABBYY PDF Transformer 3.0\NetworkLicenseServer.exe [2009-4-27 759048]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
R2 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-10-21 196176]
R2 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-10-13 249648]
R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2008-12-18 155648]
R2 eamonm;eamonm;C:\Windows\system32\DRIVERS\eamonm.sys --> C:\Windows\system32\DRIVERS\eamonm.sys [?]
R2 ekrn;ESET Service;C:\Program Files\ESET\x86\ekrn.exe [2011-9-22 974944]
R2 FontCache;Windows-Dienst für Schriftartencache;C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]
R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2011-11-25 687400]
R2 NitroReaderDriverReadSpool;NitroPDFReaderDriverCreatorReadSpool;C:\Program Files\Common Files\Nitro PDF\Reader\1.0\NitroPDFReaderDriverServicex64.exe [2010-12-3 341296]
R2 PassThru Service;Internet Pass-Through Service;C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2010-9-16 80896]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2009-9-16 648432]
R3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?]
R3 FWLANUSB;AVM FRITZ!WLAN;C:\Windows\system32\DRIVERS\fwlanusb.sys --> C:\Windows\system32\DRIVERS\fwlanusb.sys [?]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;C:\Windows\system32\DRIVERS\VBoxNetAdp.sys --> C:\Windows\system32\DRIVERS\VBoxNetAdp.sys [?]
R3 VBoxNetFlt;VBoxNetFlt Service;C:\Windows\system32\DRIVERS\VBoxNetFlt.sys --> C:\Windows\system32\DRIVERS\VBoxNetFlt.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-11-8 136176]
S3 avmeject;AVM Eject;C:\Windows\system32\drivers\avmeject.sys --> C:\Windows\system32\drivers\avmeject.sys [?]
S3 gupdatem;Google Update-Dienst (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-11-8 136176]
S3 HTCAND64;HTC Device Driver;C:\Windows\system32\Drivers\ANDROIDUSB.sys --> C:\Windows\system32\Drivers\ANDROIDUSB.sys [?]
S3 htcnprot;HTC NDIS Protocol Driver;C:\Windows\system32\DRIVERS\htcnprot.sys --> C:\Windows\system32\DRIVERS\htcnprot.sys [?]
S3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\system32\drivers\mfeavfk.sys --> C:\Windows\system32\drivers\mfeavfk.sys [?]
S3 mfebopk;McAfee Inc. mfebopk;C:\Windows\system32\drivers\mfebopk.sys --> C:\Windows\system32\drivers\mfebopk.sys [?]
S3 mferkdk;McAfee Inc. mferkdk;C:\Windows\system32\drivers\mferkdk.sys --> C:\Windows\system32\drivers\mferkdk.sys [?]
S3 mfesmfk;McAfee Inc. mfesmfk;C:\Windows\system32\drivers\mfesmfk.sys --> C:\Windows\system32\drivers\mfesmfk.sys [?]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 51740536]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 PerfHost;Leistungsindikator-DLL-Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-21 19968]
S3 VBoxUSB;VirtualBox USB;C:\Windows\system32\Drivers\VBoxUSB.sys --> C:\Windows\system32\Drivers\VBoxUSB.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-11-23 89920]
.
=============== File Associations ===============
.
JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
.
=============== Created Last 30 ================
.
2012-03-18 18:42:59 -------- dc-h--w- C:\ProgramData\{83C3B2FD-37EA-4C06-A228-E9B5E32FF0B1}
2012-03-18 18:42:58 -------- d-----w- C:\Program Files (x86)\Uniblue
2012-03-18 18:42:48 -------- d-----w- C:\Users\Urbi\AppData\Local\PackageAware
2012-03-18 14:29:01 -------- d-----w- C:\Program Files\ESET
2012-03-17 23:32:35 -------- d-----w- C:\Users\Urbi\AppData\Roaming\UAs
2012-03-17 23:30:54 5624 ----a-w- C:\Users\Urbi\AppData\Roaming\BAcroIEHelpe.dll
2012-03-17 23:30:54 390648 ----a-w- C:\Users\Urbi\AppData\Roaming\AcroIEHelpe.dll
2012-03-17 23:30:47 -------- d-----w- C:\Users\Urbi\AppData\Roaming\08016
2012-03-17 23:30:35 136 ----a-w- C:\Users\Urbi\AppData\Roaming\srvblck2.tmp
2012-03-17 23:30:27 -------- d-----w- C:\Users\Urbi\AppData\Roaming\xmldm
2012-03-17 23:30:26 -------- d-----w- C:\Users\Urbi\AppData\Roaming\kock
2012-03-17 21:43:41 8643640 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{55CDB382-8FF6-4409-9B5B-ADE0C34F17A4}\mpengine.dll
2012-03-14 15:50:05 -------- d-----w- C:\TEMP
2012-03-14 15:34:54 708096 ----a-w- C:\Windows\System32\rdpencom.dll
2012-03-14 15:34:53 613376 ----a-w- C:\Windows\SysWow64\rdpencom.dll
2012-03-14 15:34:53 209920 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-03-05 20:24:29 -------- d-----w- C:\mafia 2
.
==================== Find3M ====================
.
2012-03-14 15:50:22 3140 --sha-w- C:\Windows\SysWow64\KGyGaAvL.sys
2012-03-14 15:50:20 88 --sh--r- C:\Windows\SysWow64\013E07AF38.sys
2012-02-23 08:18:36 279656 ------w- C:\Windows\System32\MpSigStub.exe
2012-02-22 12:14:20 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-02-14 16:49:43 327680 ----a-w- C:\Windows\System32\d3d10_1core.dll
2012-02-14 16:49:43 196096 ----a-w- C:\Windows\System32\d3d10_1.dll
2012-02-14 15:45:30 219648 ----a-w- C:\Windows\SysWow64\d3d10_1core.dll
2012-02-14 15:45:30 160768 ----a-w- C:\Windows\SysWow64\d3d10_1.dll
2012-02-13 14:38:31 2002944 ----a-w- C:\Windows\System32\d3d10warp.dll
2012-02-13 14:12:08 1172480 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
2012-02-13 14:06:48 834048 ----a-w- C:\Windows\System32\d2d1.dll
2012-02-13 14:03:11 1555968 ----a-w- C:\Windows\System32\DWrite.dll
2012-02-13 13:47:57 683008 ----a-w- C:\Windows\SysWow64\d2d1.dll
2012-02-13 13:44:40 1068544 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-02-02 15:34:25 2765824 ----a-w- C:\Windows\System32\win32k.sys
2012-01-04 00:48:42 354176 ----a-w- C:\Windows\SysWow64\DivXControlPanelApplet.cpl
2012-01-03 14:25:21 404992 ----a-w- C:\Windows\System32\drivers\afd.sys
2011-10-23 14:45:14 584192 ----a-w- C:\Program Files\OTL.exe
2011-10-23 14:40:19 50477 ----a-w- C:\Program Files\Defogger.exe
.
============= FINISH: 20:47:41,03 ===============

Defogger_disable

defogger_disable by jpshortstuff (23.02.10.1)
Log created at 20:46 on 18/03/2012 (Urbi)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...
SPTD -> Already disabled

-=E.O.F=-

kira · 19.03.2012, 10:40

Hallo und Herzlich Willkommen!

Bevor wir unsere Zusammenarbeit beginnen, [Bitte Vollständig lesen]:

Zitat:

"Fernbehandlungen/Fernhilfe" und die damit verbundenen Haftungsrisken:
- da die Fehlerprüfung und Handlung werden über große Entfernungen durchgeführt, besteht keine Haftung unsererseits für die daraus entstehenden Folgen.
- also, jede Haftung für die daraus entstandene Schäden wird ausgeschlossen, ANWEISUNGEN UND DEREN BEFOLGUNG, ERFOLGT AUF DEINE EIGENE VERANTWORTUNG!
Charakteristische Merkmale/Profilinformationen:
- aus der verwendeten Loglisten oder Logdateien - wie z.B. deinen Realnamen, Seriennummer in Programm etc)- kannst Du herauslöschen oder durch [X] oder Sternchen (*) ersetzen
Die Systemprüfung und Bereinigung:
- kann einige Zeit in Anspruch nehmen (je nach Art der Infektion), kann aber sogar so stark kompromittiert sein, so dass eine wirkungsvolle technische Säuberung ist nicht mehr möglich bzw Du es neu installieren musst
Ich empfehle Dir die Anweisungen erst einmal komplett durchzulesen, bevor du es anwendest, weil wenn du etwas falsch machst, kann es wirklich gefährlich werden. Wenn du meinen Anweisungen Schritt für Schritt folgst, kann eigentlich nichts schief gehen.
Innerhalb der Betreuungszeit:
- ohne Abspräche bitte nicht auf eigene Faust handeln!- bei Problemen nachfragen.
Die Reihenfolge:
- genau so wie beschrieben bitte einhalten, nicht selbst die Reihenfolge wählen!
GECRACKTE SOFTWARE werden hier nicht geduldet!!!!
Ansonsten unsere Forumsregeln:
- Bitte erst lesen, dann posten!-> Für alle Hilfesuchenden! Was muss ich vor der Eröffnung eines Themas beachten?

Alle Logfile mit einem vBCode Tag eingefügen, das bietet hier eine gute Übersicht, erleichtert mir die Arbeit! Falls das Logfile zu groß, teile es in mehrere Teile auf.

Sobald Du diesen Einführungstext gelesen hast, kannst Du beginnen

► Erster Teil des 3-teiligen Verfahren, werden wir dein System auf Viren untersuchen, bzw nach einem anderen Verursacher suchen:
Für Vista und Win7:
Wichtig: Alle Befehle bitte als Administrator ausführen! rechte Maustaste auf die Eingabeaufforderung und "als Administrator ausführen" auswählen
Auf der angewählten Anwendung einen Rechtsklick (rechte Maustaste) und "Als Administrator ausführen" wählen!

► Kannst Du vielleicht den Bericht von Eset/Nod32 (nur den Auszug wo der [FUND] steht) hier posten?

1.
Lade Dir Malwarebytes Anti-Malware von→ malwarebytes.org

Installieren und per Doppelklick starten.
Deutsch einstellen und gleich mal die Datenbanken zu aktualisieren - online updaten
"Komplett Scan durchführen" wählen (überall Haken setzen)
wenn der Scanvorgang beendet ist, klicke auf "Zeige Resultate"
Alle Funde - falls MBAM meldet in C:\System Volume Information - den Haken bitte entfernen - markieren und auf "Löschen" - "Ausgewähltes entfernen") klicken.
Poste das Ergebnis hier in den Thread - den Bericht findest Du unter "Scan-Berichte"

eine bebilderte Anleitung findest Du hier: Anleitung

2.
Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Doppelklick auf die OTL.exe
Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
Unter Extra Registry, wähle bitte Use SafeList
Klicke nun auf Run Scan links oben
Wenn der Scan beendet wurde werden 2 Logfiles erstellt - OTL.txt und Extras.txt
Poste die Logfiles in Code-Tags hier in den Thread.

3.
Um festzustellen, ob veraltete oder schädliche Software unter Programme installiert sind, ich würde gerne noch all deine installierten Programme sehen:

Download den CCleaner - Installer herunter
Software-Lizenzvereinbarung lesen, falls irgendeine Toolbar angeboten wird, bitte abwählen!-> starten -> Falls nötig, auf "Deutsch" einstellen.
starten-> klick auf `Extras` (um auf deinem System installierte Software zu anzeigen)-> dann auf `Als Textdatei speichern...`
ein Textdatei wird automatisch erstellt, poste auch dieses Logfile (also die Liste alle installierten Programme...eine Textdatei)

Zitat:

Damit dein Thread übersichtlicher und schön lesbar bleibt, am besten nutze den Code-Tags für deinen Post:
→ vor dein Log schreibst Du (also am Anfang des Logfiles):[code]
hier kommt dein Logfile rein - z.B OTL-Logfile o. sonstiges
→ dahinter - also am Ende der Logdatei: [/code]

** Möglichst nicht ins internet gehen, kein Online-Banking, File-sharing, Chatprogramme usw

gruß
kira

urbi28 · 19.03.2012, 16:20

Vielen Dank für deine Antwort, ich habe deine Anleitung Schritt für Schritt abgearbeitet und poste mal eben die Ergebnisse. Aufällig war beim heutigen hochfahren eine Fundmeldung von ESET über /Spy.Baker.WZJ Trojaner und /Spy.Baker.WBU Trojaner. Eins davon hat es gelöscht. Ich habe noch ein ESET durchlauf gemacht und poste auch davon mal das Logfile.

ESET

Code:

ATTFilter

Log
Version der Signaturdatenbank: 6978 (20120319)
Datum: 19.03.2012  Uhrzeit: 12:18:06
Geprüfte Laufwerke, Ordner und Dateien: Arbeitsspeicher;C:\Bootsektor;D:\Bootsektor;C:\;D:\
Arbeitsspeicher » TSTheme.exe(4076) - möglicherweise Variante von Win32/Spy.Banker.WBU Trojaner - Säubern nicht möglich
C:\pagefile.sys - Fehler beim Öffnen  [4]
C:\Boot\BCD - Fehler beim Öffnen  [4]
C:\Boot\BCD.LOG - Fehler beim Öffnen  [4]
C:\mafia 2\MAF.II.MULTI5.part01.rar » RAR » MAF.II.MULTI5\Mafia.II.Update.3-SKIDROW\Mafia.II.Update.3.exe - Falsche Prüfsumme (CRC). Datei ist möglicherweise passwortgeschützt.
C:\mafia 2\MAF.II.MULTI5.part01.rar » RAR » MAF.II.MULTI5\Mafia.II.Update.3-SKIDROW\SKIDROW\pc\mafia2.exe - Falsche Prüfsumme (CRC). Datei ist möglicherweise passwortgeschützt.
C:\mafia 2\MAF.II.MULTI5.part01.rar » RAR » MAF.II.MULTI5\Mafia.II.Update.3-SKIDROW\SKIDROW\pc\Skidrow.ini - Falsche Prüfsumme (CRC). Datei ist möglicherweise passwortgeschützt.
C:\mafia 2\MAF.II.MULTI5.part01.rar » RAR » MAF.II.MULTI5\Mafia.II.Update.3-SKIDROW\SKIDROW\pc\Steamclient.dll - Falsche Prüfsumme (CRC). Datei ist möglicherweise passwortgeschützt.
C:\mafia 2\MAF.II.MULTI5.part01.rar » RAR » MAF.II.MULTI5\Mafia.II.Update.3-SKIDROW\SKIDROW\pc\steam_appid.txt - Falsche Prüfsumme (CRC). Datei ist möglicherweise passwortgeschützt.
C:\mafia 2\MAF.II.MULTI5.part01.rar » RAR » MAF.II.MULTI5\Mafia.II.Update.3-SKIDROW\skidrow.nfo - Falsche Prüfsumme (CRC). Datei ist möglicherweise passwortgeschützt.
C:\mafia 2\MAF.II.MULTI5.part01.rar » RAR »  - Falsche Prüfsumme (CRC). Datei ist möglicherweise passwortgeschützt.
C:\mafia 2\MAF.II.MULTI5.part01.rar » RAR »  - Teildatei des gesplitteten Archivs nicht gefunden
C:\MSOCache\All Users\{90140000-0011-0000-1000-0000000FF1CE}-C\ProPsWW2.cab » CAB » HIRING_REQUISITION_CUSTOMIZED.FDT » MIME - - OK (eingebettete Archive NICHT geprüft)
C:\MSOCache\All Users\{90140000-0011-0000-1000-0000000FF1CE}-C\ProPsWW2.cab » CAB » PROCESS_LIBRARY.FDT » MIME - - OK (eingebettete Archive NICHT geprüft)
C:\MSOCache\All Users\{90140000-0011-0000-1000-0000000FF1CE}-C\ProPsWW2.cab » CAB » TRACK_ISSUES.FDT » MIME - - OK (eingebettete Archive NICHT geprüft)
C:\Program Files\ESET.Smart.Security.v5.0.93.18\ESET MiNODLogin v3981.rar » RAR » bdl3981.exe » NSIS » MiNODLogin.exe - Win32/RiskWare.HackAV.DD Anwendung
C:\Program Files\ESET.Smart.Security.v5.0.93.18\ESET MiNODLogin v3981.rar » RAR » bdl3981.exe » NSIS » MiNODLogin.jar » ZIP » gs/eset/ESETAntivirus.class - Variante von Java/HackAV.B Anwendung
C:\Program Files\ESET.Smart.Security.v5.0.93.18\ESET MiNODLogin v3981.rar » RAR » bdl3981.exe » NSIS » MiNODLogin.jar » ZIP » gs/minodlogin/Licencia.class - Variante von Java/HackAV.B Anwendung
C:\Program Files\ESET.Smart.Security.v5.0.93.18\ESET MiNODLogin v3981.rar » RAR » bdl3981.exe » NSIS » MiNODLoginLib.dll - Win32/RiskWare.HackAV.GI Anwendung
C:\Program Files\Latex\MiKTeX\tm\packages\smallcap.cab » CAB » texmf\doc\latex\smallcap\README » MIME - - OK (eingebettete Archive NICHT geprüft)
C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\Hiring Requisition - Customized.fdt » MIME - - OK (eingebettete Archive NICHT geprüft)
C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\Hiring Requisition.fdt » MIME - - OK (eingebettete Archive NICHT geprüft)
C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\POLICIES.FDT » MIME - - OK (eingebettete Archive NICHT geprüft)
C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\Process Library.fdt » MIME - - OK (eingebettete Archive NICHT geprüft)
C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\Track Issues.fdt » MIME - - OK (eingebettete Archive NICHT geprüft)
C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\Python Libraries\Lib\email\test\data\msg_01.txt » MIME - - OK (eingebettete Archive NICHT geprüft)
C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\Python Libraries\Lib\email\test\data\msg_02.txt » MIME - - OK (eingebettete Archive NICHT geprüft)
C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\Python Libraries\Lib\email\test\data\msg_03.txt » MIME - - OK (eingebettete Archive NICHT geprüft)
C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\Python Libraries\Lib\email\test\data\msg_04.txt » MIME - - OK (eingebettete Archive NICHT geprüft)
C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\Python Libraries\Lib\email\test\data\msg_05.txt » MIME - - OK (eingebettete Archive NICHT geprüft)
C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\Python Libraries\Lib\email\test\data\msg_06.txt » MIME - - OK (eingebettete Archive NICHT geprüft)
C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\Python Libraries\Lib\email\test\data\msg_07.txt » MIME - - OK (eingebettete Archive NICHT geprüft)
C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\Python Libraries\Lib\email\test\data\msg_08.txt » MIME - - OK (eingebettete Archive NICHT geprüft)
C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\Python Libraries\Lib\email\test\data\msg_09.txt » MIME - - OK (eingebettete Archive NICHT geprüft)
C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\Python Libraries\Lib\email\test\data\msg_10.txt » MIME - - OK (eingebettete Archive NICHT geprüft)
C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\Python Libraries\Lib\email\test\data\msg_11.txt » MIME - - OK (eingebettete Archive NICHT geprüft)
C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\Python Libraries\Lib\email\test\data\msg_12.txt » MIME - - OK (eingebettete Archive NICHT geprüft)
C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\Python Libraries\Lib\email\test\data\msg_12a.txt » MIME - - OK (eingebettete Archive NICHT geprüft)
C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\Python Libraries\Lib\email\test\data\msg_13.txt » MIME - - OK (eingebettete Archive NICHT geprüft)
C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\Python Libraries\Lib\email\test\data\msg_14.txt » MIME - - OK (eingebettete Archive NICHT geprüft)
C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\Python Libraries\Lib\email\test\data\msg_15.txt » MIME - - OK (eingebettete Archive NICHT geprüft)
C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\Python Libraries\Lib\email\test\data\msg_16.txt » MIME - - OK (eingebettete Archive NICHT geprüft)
C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\Python Libraries\Lib\email\test\data\msg_17.txt » MIME - - OK (eingebettete Archive NICHT geprüft)
C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\Python Libraries\Lib\email\test\data\msg_18.txt » MIME - - OK (eingebettete Archive NICHT geprüft)
C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\Python Libraries\Lib\email\test\data\msg_20.txt » MIME - - OK (eingebettete Archive NICHT geprüft)
C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\Python Libraries\Lib\email\test\data\msg_21.txt » MIME - - OK (eingebettete Archive NICHT geprüft)
C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\Python Libraries\Lib\email\test\data\msg_22.txt » MIME - - OK (eingebettete Archive NICHT geprüft)
C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\Python Libraries\Lib\email\test\data\msg_23.txt » MIME - - OK (eingebettete Archive NICHT geprüft)
C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\Python Libraries\Lib\email\test\data\msg_24.txt » MIME - - OK (eingebettete Archive NICHT geprüft)
C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\Python Libraries\Lib\email\test\data\msg_25.txt » MBOX - - OK (eingebettete Archive NICHT geprüft)
C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\Python Libraries\Lib\email\test\data\msg_26.txt » MIME - - OK (eingebettete Archive NICHT geprüft)
C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\Python Libraries\Lib\email\test\data\msg_27.txt » MIME - - OK (eingebettete Archive NICHT geprüft)
C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\Python Libraries\Lib\email\test\data\msg_28.txt » MIME - - OK (eingebettete Archive NICHT geprüft)
C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\Python Libraries\Lib\email\test\data\msg_29.txt » MIME - - OK (eingebettete Archive NICHT geprüft)
C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\Python Libraries\Lib\email\test\data\msg_30.txt » MIME - - OK (eingebettete Archive NICHT geprüft)
C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\Python Libraries\Lib\email\test\data\msg_31.txt » MIME - - OK (eingebettete Archive NICHT geprüft)
C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\Python Libraries\Lib\email\test\data\msg_34.txt » MIME - - OK (eingebettete Archive NICHT geprüft)
C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\Python Libraries\Lib\email\test\data\msg_35.txt » MIME - - OK (eingebettete Archive NICHT geprüft)
C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\Python Libraries\Lib\email\test\data\msg_36.txt » MIME - - OK (eingebettete Archive NICHT geprüft)
C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\Python Libraries\Lib\email\test\data\msg_37.txt » MIME - - OK (eingebettete Archive NICHT geprüft)
C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\Python Libraries\Lib\email\test\data\msg_38.txt » MIME - - OK (eingebettete Archive NICHT geprüft)
C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\Python Libraries\Lib\email\test\data\msg_39.txt » MIME - - OK (eingebettete Archive NICHT geprüft)
C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\Python Libraries\Lib\email\test\data\msg_40.txt » MIME - - OK (eingebettete Archive NICHT geprüft)
C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\Python Libraries\Lib\email\test\data\msg_41.txt » MIME - - OK (eingebettete Archive NICHT geprüft)
C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\Python Libraries\Lib\email\test\data\msg_42.txt » MIME - - OK (eingebettete Archive NICHT geprüft)
C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\Python Libraries\Lib\email\test\data\msg_43.txt » MBOX - - OK (eingebettete Archive NICHT geprüft)
C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\Python Libraries\Lib\email\test\data\msg_44.txt » MIME - - OK (eingebettete Archive NICHT geprüft)
C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\Python Libraries\Lib\test\testtar.tar » TAR »  - Archiv beschädigt
C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2 - Installation Files\Data1.cab » CAB » testtar.tar.0160FC08_F3D9_4869_9D41_C611C16F42D5 » TAR »  - Archiv beschädigt
C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2 - Installation Files\Data1.cab » CAB » msg_09.txt.0160FC08_F3D9_4869_9D41_C611C16F42D5 » MIME - - OK (eingebettete Archive NICHT geprüft)
C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2 - Installation Files\Data1.cab » CAB » msg_08.txt.0160FC08_F3D9_4869_9D41_C611C16F42D5 » MIME - - OK (eingebettete Archive NICHT geprüft)
C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2 - Installation Files\Data1.cab » CAB » msg_07.txt.0160FC08_F3D9_4869_9D41_C611C16F42D5 » MIME - - OK (eingebettete Archive NICHT geprüft)
C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2 - Installation Files\Data1.cab » CAB » msg_06.txt.0160FC08_F3D9_4869_9D41_C611C16F42D5 » MIME - - OK (eingebettete Archive NICHT geprüft)
C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2 - Installation Files\Data1.cab » CAB » msg_05.txt.0160FC08_F3D9_4869_9D41_C611C16F42D5 » MIME - - OK (eingebettete Archive NICHT geprüft)
C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2 - Installation Files\Data1.cab » CAB » msg_04.txt.0160FC08_F3D9_4869_9D41_C611C16F42D5 » MIME - - OK (eingebettete Archive NICHT geprüft)
C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2 - Installation Files\Data1.cab » CAB » msg_03.txt.0160FC08_F3D9_4869_9D41_C611C16F42D5 » MIME - - OK (eingebettete Archive NICHT geprüft)
C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2 - Installation Files\Data1.cab » CAB » msg_02.txt.0160FC08_F3D9_4869_9D41_C611C16F42D5 » MIME - - OK (eingebettete Archive NICHT geprüft)
C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2 - Installation Files\Data1.cab » CAB » msg_01.txt.0160FC08_F3D9_4869_9D41_C611C16F42D5 » MIME - - OK (eingebettete Archive NICHT geprüft)
C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2 - Installation Files\Data1.cab » CAB » msg_44.txt.0160FC08_F3D9_4869_9D41_C611C16F42D5 » MIME - - OK (eingebettete Archive NICHT geprüft)
C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2 - Installation Files\Data1.cab » CAB » msg_43.txt.0160FC08_F3D9_4869_9D41_C611C16F42D5 » MBOX - - OK (eingebettete Archive NICHT geprüft)
C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2 - Installation Files\Data1.cab » CAB » msg_42.txt.0160FC08_F3D9_4869_9D41_C611C16F42D5 » MIME - - OK (eingebettete Archive NICHT geprüft)
C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2 - Installation Files\Data1.cab » CAB » msg_41.txt.0160FC08_F3D9_4869_9D41_C611C16F42D5 » MIME - - OK (eingebettete Archive NICHT geprüft)
C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2 - Installation Files\Data1.cab » CAB » msg_40.txt.0160FC08_F3D9_4869_9D41_C611C16F42D5 » MIME - - OK (eingebettete Archive NICHT geprüft)
C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2 - Installation Files\Data1.cab » CAB » msg_39.txt.0160FC08_F3D9_4869_9D41_C611C16F42D5 » MIME - - OK (eingebettete Archive NICHT geprüft)
C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2 - Installation Files\Data1.cab » CAB » msg_38.txt.0160FC08_F3D9_4869_9D41_C611C16F42D5 » MIME - - OK (eingebettete Archive NICHT geprüft)
C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2 - Installation Files\Data1.cab » CAB » msg_37.txt.0160FC08_F3D9_4869_9D41_C611C16F42D5 » MIME - - OK (eingebettete Archive NICHT geprüft)
C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2 - Installation Files\Data1.cab » CAB » msg_36.txt.0160FC08_F3D9_4869_9D41_C611C16F42D5 » MIME - - OK (eingebettete Archive NICHT geprüft)
C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2 - Installation Files\Data1.cab » CAB » msg_35.txt.0160FC08_F3D9_4869_9D41_C611C16F42D5 » MIME - - OK (eingebettete Archive NICHT geprüft)
C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2 - Installation Files\Data1.cab » CAB » msg_34.txt.0160FC08_F3D9_4869_9D41_C611C16F42D5 » MIME - - OK (eingebettete Archive NICHT geprüft)
C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2 - Installation Files\Data1.cab » CAB » msg_31.txt.0160FC08_F3D9_4869_9D41_C611C16F42D5 » MIME - - OK (eingebettete Archive NICHT geprüft)
C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2 - Installation Files\Data1.cab » CAB » msg_30.txt.0160FC08_F3D9_4869_9D41_C611C16F42D5 » MIME - - OK (eingebettete Archive NICHT geprüft)
C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2 - Installation Files\Data1.cab » CAB » msg_29.txt.0160FC08_F3D9_4869_9D41_C611C16F42D5 » MIME - - OK (eingebettete Archive NICHT geprüft)
C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2 - Installation Files\Data1.cab » CAB » msg_28.txt.0160FC08_F3D9_4869_9D41_C611C16F42D5 » MIME - - OK (eingebettete Archive NICHT geprüft)
C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2 - Installation Files\Data1.cab » CAB » msg_27.txt.0160FC08_F3D9_4869_9D41_C611C16F42D5 » MIME - - OK (eingebettete Archive NICHT geprüft)
C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2 - Installation Files\Data1.cab » CAB » msg_26.txt.0160FC08_F3D9_4869_9D41_C611C16F42D5 » MIME - - OK (eingebettete Archive NICHT geprüft)
C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2 - Installation Files\Data1.cab » CAB » msg_25.txt.0160FC08_F3D9_4869_9D41_C611C16F42D5 » MBOX - - OK (eingebettete Archive NICHT geprüft)
C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2 - Installation Files\Data1.cab » CAB » msg_24.txt.0160FC08_F3D9_4869_9D41_C611C16F42D5 » MIME - - OK (eingebettete Archive NICHT geprüft)
C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2 - Installation Files\Data1.cab » CAB » msg_23.txt.0160FC08_F3D9_4869_9D41_C611C16F42D5 » MIME - - OK (eingebettete Archive NICHT geprüft)
C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2 - Installation Files\Data1.cab » CAB » msg_22.txt.0160FC08_F3D9_4869_9D41_C611C16F42D5 » MIME - - OK (eingebettete Archive NICHT geprüft)
C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2 - Installation Files\Data1.cab » CAB » msg_21.txt.0160FC08_F3D9_4869_9D41_C611C16F42D5 » MIME - - OK (eingebettete Archive NICHT geprüft)
C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2 - Installation Files\Data1.cab » CAB » msg_20.txt.0160FC08_F3D9_4869_9D41_C611C16F42D5 » MIME - - OK (eingebettete Archive NICHT geprüft)
C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2 - Installation Files\Data1.cab » CAB » msg_18.txt.0160FC08_F3D9_4869_9D41_C611C16F42D5 » MIME - - OK (eingebettete Archive NICHT geprüft)
C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2 - Installation Files\Data1.cab » CAB » msg_17.txt.0160FC08_F3D9_4869_9D41_C611C16F42D5 » MIME - - OK (eingebettete Archive NICHT geprüft)
C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2 - Installation Files\Data1.cab » CAB » msg_16.txt.0160FC08_F3D9_4869_9D41_C611C16F42D5 » MIME - - OK (eingebettete Archive NICHT geprüft)
C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2 - Installation Files\Data1.cab » CAB » msg_15.txt.0160FC08_F3D9_4869_9D41_C611C16F42D5 » MIME - - OK (eingebettete Archive NICHT geprüft)
C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2 - Installation Files\Data1.cab » CAB » msg_14.txt.0160FC08_F3D9_4869_9D41_C611C16F42D5 » MIME - - OK (eingebettete Archive NICHT geprüft)
C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2 - Installation Files\Data1.cab » CAB » msg_13.txt.0160FC08_F3D9_4869_9D41_C611C16F42D5 » MIME - - OK (eingebettete Archive NICHT geprüft)
C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2 - Installation Files\Data1.cab » CAB » msg_12a.txt.0160FC08_F3D9_4869_9D41_C611C16F42D5 » MIME - - OK (eingebettete Archive NICHT geprüft)
C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2 - Installation Files\Data1.cab » CAB » msg_12.txt.0160FC08_F3D9_4869_9D41_C611C16F42D5 » MIME - - OK (eingebettete Archive NICHT geprüft)
C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2 - Installation Files\Data1.cab » CAB » msg_11.txt.0160FC08_F3D9_4869_9D41_C611C16F42D5 » MIME - - OK (eingebettete Archive NICHT geprüft)
C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2 - Installation Files\Data1.cab » CAB » msg_10.txt.0160FC08_F3D9_4869_9D41_C611C16F42D5 » MIME - - OK (eingebettete Archive NICHT geprüft)
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.dat » ZIP » _TUProj.dat - Fehler - Datei ist passwortgeschützt
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.dat » ZIP » _TUProjDT.dat - Fehler - Datei ist passwortgeschützt
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.dat » ZIP » DataSafe_Green.ico - Fehler - Datei ist passwortgeschützt
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.dat » ZIP » IRIMG1.BMP - Fehler - Datei ist passwortgeschützt
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.dat » ZIP » IRIMG1.JPG - Fehler - Datei ist passwortgeschützt
C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXDownloadManagerPlugin.dll » PECompact v2.xx - Fehler beim Entpacken
C:\Program Files (x86)\MiKTeX 2.9\doc\latex\arabtex\txt\miktex.mai » MBOX - - OK (eingebettete Archive NICHT geprüft)
C:\Program Files (x86)\MiKTeX 2.9\doc\latex\cjk\chinese\emTeXb5.txt » MBOX - - OK (eingebettete Archive NICHT geprüft)
C:\Program Files (x86)\MiKTeX 2.9\doc\latex\feynmf\Announce » MIME - - OK (eingebettete Archive NICHT geprüft)
C:\Program Files (x86)\MiKTeX 2.9\doc\latex\ginpenc\news-message.txt » MIME - - OK (eingebettete Archive NICHT geprüft)
C:\Program Files (x86)\MiKTeX 2.9\doc\latex\recycle\README » MIME - - OK (eingebettete Archive NICHT geprüft)
C:\Program Files (x86)\MiKTeX 2.9\doc\latex\smallcap\README » MIME - - OK (eingebettete Archive NICHT geprüft)
C:\Program Files (x86)\MiKTeX 2.9\doc\plain\figflow\README.figflow » MIME - - OK (eingebettete Archive NICHT geprüft)
C:\Program Files (x86)\MiKTeX 2.9\source\rmannot-src.tar.bz2 » BZ2 » rmannot-src.tar » TAR » latex/rmannot/RMfiles/AcroFlex3_demo_skin.swf » CWS » file.swf - Archiv beschädigt - Datei kann nicht extrahiert werden
C:\Program Files (x86)\openOffice\openofficeorg1.cab » CAB » testtar.tar » TAR »  - Archiv beschädigt
C:\Program Files (x86)\OpenOffice.org 3\Basis\program\python-core-2.6.1\lib\test\testtar.tar » TAR »  - Archiv beschädigt
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.log - Fehler beim Öffnen  [4]
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\tmp.edb - Fehler beim Öffnen  [4]
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb - Fehler beim Öffnen  [4]
C:\System Volume Information\{1869db2c-64a1-11e1-9131-001f3f09796e}{3808876b-c176-4e48-b7ae-04046e6cc752} - Fehler beim Öffnen  [4]
C:\System Volume Information\{1a1c5211-57f6-11e1-97aa-001f3f09796e}{3808876b-c176-4e48-b7ae-04046e6cc752} - Fehler beim Öffnen  [4]
C:\System Volume Information\{1bd8fb6a-5277-11e1-a1c6-001f3f09796e}{3808876b-c176-4e48-b7ae-04046e6cc752} - Fehler beim Öffnen  [4]
C:\System Volume Information\{26440def-5a21-11e1-adb6-001f3f09796e}{3808876b-c176-4e48-b7ae-04046e6cc752} - Fehler beim Öffnen  [4]
C:\System Volume Information\{31808bc4-5409-11e1-b7f9-001f3f09796e}{3808876b-c176-4e48-b7ae-04046e6cc752} - Fehler beim Öffnen  [4]
C:\System Volume Information\{33b14ccf-6162-11e1-879a-001f3f09796e}{3808876b-c176-4e48-b7ae-04046e6cc752} - Fehler beim Öffnen  [4]
C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752} - Fehler beim Öffnen  [4]
C:\System Volume Information\{3a0b31f0-62b5-11e1-aff6-001f3f09796e}{3808876b-c176-4e48-b7ae-04046e6cc752} - Fehler beim Öffnen  [4]
C:\System Volume Information\{4ac27b4f-6785-11e1-be68-001f3f09796e}{3808876b-c176-4e48-b7ae-04046e6cc752} - Fehler beim Öffnen  [4]
C:\System Volume Information\{5b91854f-596d-11e1-adb4-001f3f09796e}{3808876b-c176-4e48-b7ae-04046e6cc752} - Fehler beim Öffnen  [4]
C:\System Volume Information\{5c66f771-6841-11e1-8b6e-001f3f09796e}{3808876b-c176-4e48-b7ae-04046e6cc752} - Fehler beim Öffnen  [4]
C:\System Volume Information\{5ef023b0-6dea-11e1-8234-001f3f09796e}{3808876b-c176-4e48-b7ae-04046e6cc752} - Fehler beim Öffnen  [4]
C:\System Volume Information\{5ef023b5-6dea-11e1-8234-001f3f09796e}{3808876b-c176-4e48-b7ae-04046e6cc752} - Fehler beim Öffnen  [4]
C:\System Volume Information\{5f0f180d-56e7-11e1-8451-001f3f09796e}{3808876b-c176-4e48-b7ae-04046e6cc752} - Fehler beim Öffnen  [4]
C:\System Volume Information\{68dde72f-7079-11e1-998e-001f3f09796e}{3808876b-c176-4e48-b7ae-04046e6cc752} - Fehler beim Öffnen  [4]
C:\System Volume Information\{6eb4f24f-6ae0-11e1-b23e-001f3f09796e}{3808876b-c176-4e48-b7ae-04046e6cc752} - Fehler beim Öffnen  [4]
C:\System Volume Information\{7b9d304f-621a-11e1-b799-001f3f09796e}{3808876b-c176-4e48-b7ae-04046e6cc752} - Fehler beim Öffnen  [4]
C:\System Volume Information\{90b4c1ad-5adb-11e1-9979-001f3f09796e}{3808876b-c176-4e48-b7ae-04046e6cc752} - Fehler beim Öffnen  [4]
C:\System Volume Information\{9615254c-5586-11e1-b81d-001f3f09796e}{3808876b-c176-4e48-b7ae-04046e6cc752} - Fehler beim Öffnen  [4]
C:\System Volume Information\{abf8ca4f-6d02-11e1-960e-001f3f09796e}{3808876b-c176-4e48-b7ae-04046e6cc752} - Fehler beim Öffnen  [4]
C:\System Volume Information\{ad536d6a-5d4d-11e1-9f64-001f3f09796e}{3808876b-c176-4e48-b7ae-04046e6cc752} - Fehler beim Öffnen  [4]
C:\System Volume Information\{cb72a20d-70ff-11e1-b6fa-001f3f09796e}{3808876b-c176-4e48-b7ae-04046e6cc752} - Fehler beim Öffnen  [4]
C:\System Volume Information\{dabe1397-7130-11e1-b6e9-001f3f09796e}{3808876b-c176-4e48-b7ae-04046e6cc752} - Fehler beim Öffnen  [4]
C:\System Volume Information\{db677cac-5ed3-11e1-83f1-001f3f09796e}{3808876b-c176-4e48-b7ae-04046e6cc752} - Fehler beim Öffnen  [4]
C:\System Volume Information\{e409bd6f-638c-11e1-8a78-001f3f09796e}{3808876b-c176-4e48-b7ae-04046e6cc752} - Fehler beim Öffnen  [4]
C:\System Volume Information\{e7fffc2d-6b86-11e1-9403-001f3f09796e}{3808876b-c176-4e48-b7ae-04046e6cc752} - Fehler beim Öffnen  [4]
C:\Users\All Users\Microsoft\Search\Data\Applications\Windows\MSS.log - Fehler beim Öffnen  [4]
C:\Users\All Users\Microsoft\Search\Data\Applications\Windows\tmp.edb - Fehler beim Öffnen  [4]
C:\Users\All Users\Microsoft\Search\Data\Applications\Windows\Windows.edb - Fehler beim Öffnen  [4]
C:\Users\Urbi\NTUSER.DAT - Fehler beim Öffnen  [4]
C:\Users\Urbi\ntuser.dat.LOG1 - Fehler beim Öffnen  [4]
C:\Users\Urbi\ntuser.dat.LOG2 - Fehler beim Öffnen  [4]
C:\Users\Urbi\AppData\Local\Microsoft\Windows\UsrClass.dat - Fehler beim Öffnen  [4]
C:\Users\Urbi\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG1 - Fehler beim Öffnen  [4]
C:\Users\Urbi\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG2 - Fehler beim Öffnen  [4]
C:\Users\Urbi\AppData\Local\Microsoft\Windows Live Mail\Sentinel\WLMailSearchSentinel.eml » MIME - - OK (eingebettete Archive NICHT geprüft)
C:\Users\Urbi\AppData\Local\Microsoft\Windows Mail\Local Folders\Inbox\02B86709-00000001.eml » MIME - - OK (eingebettete Archive NICHT geprüft)
C:\Users\Urbi\AppData\Roaming\appconf32.exe - Fehler beim Öffnen  [4]
C:\Users\Urbi\AppData\Roaming\Mozilla\Firefox\Profiles\qwhto5xt.default\parent.lock - Fehler beim Öffnen  [4]
C:\Users\Urbi\AppData\Roaming\Mozilla\Firefox\Profiles\qwhto5xt.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}\chrome\dvdvideosoft.jar » ZIP » skin/skin.rar.txt » RAR »  - Archiv beschädigt
C:\Users\Urbi\Downloads\MEN.OF.WAR.ASSAULT.SQUAD-BB.part1(1).rar » RAR »  - Archiv beschädigt
C:\Users\Urbi\Downloads\MEN.OF.WAR.ASSAULT.SQUAD-BB.part1.rar » RAR »  - Archiv beschädigt
C:\Users\Urbi\Downloads\nitro_pdf_1321reader_64.exe » INDIGOROSE - Archiv beschädigt
C:\Users\Urbi\Downloads\nitro_pdf_professional6_ocr_de.exe » INDIGOROSE - Archiv beschädigt
C:\Users\Urbi\Downloads\plz_OPP2010x64de.part01.rar » RAR - Fehler - Datei ist passwortgeschützt
C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT - Fehler beim Öffnen  [4]
C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1 - Fehler beim Öffnen  [4]
C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG2 - Fehler beim Öffnen  [4]
C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat - Fehler beim Öffnen  [4]
C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat - Fehler beim Öffnen  [4]
C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT - Fehler beim Öffnen  [4]
C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1 - Fehler beim Öffnen  [4]
C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG2 - Fehler beim Öffnen  [4]
Geprüfte Objekte: 709487
Erkannte Bedrohungen: 5
Anzahl gesäuberter Objekte: 0
Abgeschlossen: 13:18:26  Benötigte Zeit: 3620 Sek. (01:00:20)

Hinweise:
[4] Objekt kann nicht geöffnet werden. Möglicherweise in Benutzung durch eine andere Anwendung oder das Betriebssystem.

Malwarebytes

Code:

ATTFilter

 Malwarebytes Anti-Malware  (Test) 1.60.1.1000
www.malwarebytes.org

Datenbank Version: v2012.03.19.02

Windows Vista Service Pack 2 x64 NTFS
Internet Explorer 8.0.6001.19190
Urbi :: URBI-PC [Administrator]

Schutz: Aktiviert

19.03.2012 13:24:49
mbam-log-2012-03-19 (13-24-49).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 540001
Laufzeit: 2 Stunde(n), 14 Minute(n), 24 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 1
C:\Users\Urbi\AppData\Roaming\AcroIEHelpe089.dll (Trojan.Banker) -> Löschen bei Neustart.

Infizierte Registrierungsschlüssel: 19
HKCR\CLSID\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\TypeLib\{BB7256DD-EBA9-480B-8441-A00388C2BEC3} (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\Interface\{3D782BB2-F2A5-11D3-BF4C-000000000000} (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\MyNewsBarLauncher.IE5BarLauncherBHO.1 (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\MyNewsBarLauncher.IE5BarLauncherBHO (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\CLSID\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\MyNewsBarLauncher.IE5BarLauncher.1 (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\MyNewsBarLauncher.IE5BarLauncher (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\CLSID\{975670D0-7EFB-4fa8-90FA-3AE575B9FB77} (Trojan.Banker) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{975670D0-7EFB-4FA8-90FA-3AE575B9FB77} (Trojan.Banker) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{975670D0-7EFB-4FA8-90FA-3AE575B9FB77} (Trojan.Banker) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MiNODLogin (Riskware.KG) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Registrierungswerte: 5
HKCU\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser|{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Daten: ;áÃzÊ;XA³0öm»Áµ -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Daten: VShareTB -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Daten:  -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Daten:  -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Userinit (Backdoor.Agent) -> Daten: C:\Users\Urbi\AppData\Roaming\appconf32.exe -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 6
C:\Program Files (x86)\vShare.tv plugin\BarLcher.dll (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Urbi\AppData\Roaming\AcroIEHelpe089.dll (Trojan.Banker) -> Löschen bei Neustart.
C:\Program Files\ESET.Smart.Security.v5.0.93.18\bdl3981.exe (Riskware.KG) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\ESET\MiNODLogin\MiNODLogin.exe (Riskware.KG) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\ESET\MiNODLogin\MiNODLoginUninst.exe (Riskware.KG) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Urbi\AppData\Roaming\appconf32.exe (Backdoor.Agent) -> Löschen bei Neustart.

(Ende)

OTL

OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 19.03.2012 15:50:35 - Run 2
OTL by OldTimer - Version 3.2.39.1     Folder = C:\Users\Urbi\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19190)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
6,00 Gb Total Physical Memory | 4,23 Gb Available Physical Memory | 70,58% Memory free
12,10 Gb Paging File | 10,32 Gb Available in Paging File | 85,21% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 450,68 Gb Total Space | 252,77 Gb Free Space | 56,09% Space Free | Partition Type: NTFS
Drive D: | 15,00 Gb Total Space | 5,66 Gb Free Space | 37,73% Space Free | Partition Type: NTFS
 
Computer Name: URBI-PC | User Name: Urbi | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Urbi\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG)
PRC - C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.)
PRC - C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
PRC - C:\Programme\ESET\x86\ekrn.exe (ESET)
PRC - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe ()
PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE (SoftThinks)
PRC - C:\Program Files (x86)\ABBYY PDF Transformer 3.0\NetworkLicenseServer.exe (ABBYY)
PRC - C:\Program Files (x86)\avmwlanstick\WLanGUI.exe (AVM Berlin)
PRC - C:\Program Files (x86)\avmwlanstick\WlanNetService.exe (AVM Berlin)
PRC - C:\Programme\Dell\DellDock\DockLogin.exe (Stardock Corporation)
PRC - C:\Windows\SysWOW64\PSIService.exe ()
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Firefox\mozjs.dll ()
MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll ()
MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
MOD - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (Ati External Event Utility) -- C:\Windows\SysNative\Ati2evxx.exe (ATI Technologies Inc.)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (NAUpdate) @C:\Program Files (x86) -- C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG)
SRV - (BBSvc) -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.)
SRV - (BBUpdate) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
SRV - (ekrn) -- C:\Programme\ESET\x86\ekrn.exe (ESET)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (NitroReaderDriverReadSpool) -- C:\Programme\Common Files\Nitro PDF\Reader\1.0\NitroPDFReaderDriverServicex64.exe (Nitro PDF Software)
SRV - (PassThru Service) -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe ()
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV - (ose64) -- C:\Programme\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (SftService) -- C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE (SoftThinks)
SRV - (ABBYY.Licensing.PDFTransformer.Classic.3.0) -- C:\Program Files (x86)\ABBYY PDF Transformer 3.0\NetworkLicenseServer.exe (ABBYY)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (AVM WLAN Connection Service) -- C:\Program Files (x86)\avmwlanstick\WlanNetService.exe (AVM Berlin)
SRV - (DockLoginService) -- C:\Programme\Dell\DellDock\DockLogin.exe (Stardock Corporation)
SRV - (ProtexisLicensing) -- C:\Windows\SysWOW64\PSIService.exe ()
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (NBVol) -- C:\Windows\SysNative\DRIVERS\NBVol.sys (Nero AG)
DRV:64bit: - (NBVolUp) -- C:\Windows\SysNative\DRIVERS\NBVolUp.sys (Nero AG)
DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\DRIVERS\dtsoftbus01.sys (DT Soft Ltd)
DRV:64bit: - (eamonm) -- C:\Windows\SysNative\DRIVERS\eamonm.sys (ESET)
DRV:64bit: - (ehdrv) -- C:\Windows\SysNative\DRIVERS\ehdrv.sys (ESET)
DRV:64bit: - (VBoxNetAdp) -- C:\Windows\SysNative\DRIVERS\VBoxNetAdp.sys (Oracle Corporation)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\Drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (htcnprot) -- C:\Windows\SysNative\DRIVERS\htcnprot.sys (Windows (R) Win 7 DDK provider)
DRV:64bit: - (sptd) -- C:\Windows\SysNative\Drivers\sptd.sys (Duplex Secure Ltd.)
DRV:64bit: - (mfehidk) -- C:\Windows\SysNative\drivers\mfehidk.sys (McAfee, Inc.)
DRV:64bit: - (mfeavfk) -- C:\Windows\SysNative\drivers\mfeavfk.sys (McAfee, Inc.)
DRV:64bit: - (mfesmfk) -- C:\Windows\SysNative\drivers\mfesmfk.sys (McAfee, Inc.)
DRV:64bit: - (mferkdk) -- C:\Windows\SysNative\drivers\mferkdk.sys (McAfee, Inc.)
DRV:64bit: - (mfebopk) -- C:\Windows\SysNative\drivers\mfebopk.sys (McAfee, Inc.)
DRV:64bit: - (HTCAND64) -- C:\Windows\SysNative\Drivers\ANDROIDUSB.sys (HTC, Corporation)
DRV:64bit: - (usb_rndisx) -- C:\Windows\SysNative\DRIVERS\usb8023x.sys (Microsoft Corporation)
DRV:64bit: - (R300) -- C:\Windows\SysNative\DRIVERS\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\DRIVERS\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (FWLANUSB) -- C:\Windows\SysNative\DRIVERS\fwlanusb.sys (AVM GmbH)
DRV:64bit: - (avmeject) -- C:\Windows\SysNative\drivers\avmeject.sys (AVM Berlin)
DRV:64bit: - (RTL8169) -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys (Realtek Corporation                                            )
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iastor.sys (Intel Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (e1express) Intel(R) -- C:\Windows\SysNative\DRIVERS\e1e6032e.sys (Intel Corporation)
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files (x86)\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/USCON/8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2269050
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files (x86)\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)
IE - HKCU\..\SearchScopes,DefaultScope = {6799BAC7-C7B2-4385-8870-1743E01ABAAC}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&Form=DLCDF7&pc=MDDC&src=IE-SearchBox
IE - HKCU\..\SearchScopes\{1D2AD974-616E-4ba1-A714-FE5EC5194E7F}: "URL" = hxxp://www.google.com/search?hl=en&q={searchTerms}&meta=
IE - HKCU\..\SearchScopes\{2D8B5C3D-E75A-46d2-AE42-6D9FD4ADB708}: "URL" = hxxp://search.msdn.microsoft.com/search/Default.aspx?query={searchTerms}&brand=msdn&locale=&refinement=00&lang=en-us
IE - HKCU\..\SearchScopes\{6799BAC7-C7B2-4385-8870-1743E01ABAAC}: "URL" = hxxp://www.google.de/search?q={searchTerms}
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = fritz.box
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultthis.engineName: "Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {b749fc7c-e949-447f-926c-3f4eed6accfe}:0.7.0.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..network.proxy.backup.ftp: ""
FF - prefs.js..network.proxy.backup.ftp_port: 0
FF - prefs.js..network.proxy.backup.socks: ""
FF - prefs.js..network.proxy.backup.socks_port: 0
FF - prefs.js..network.proxy.backup.ssl: ""
FF - prefs.js..network.proxy.backup.ssl_port: 0
FF - prefs.js..network.proxy.ftp: "	74.95.66.34"
FF - prefs.js..network.proxy.ftp_port: 80
FF - prefs.js..network.proxy.http: "	74.95.66.34"
FF - prefs.js..network.proxy.http_port: 80
FF - prefs.js..network.proxy.no_proxies_on: "fritz.box"
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "	74.95.66.34"
FF - prefs.js..network.proxy.socks_port: 80
FF - prefs.js..network.proxy.ssl: "	74.95.66.34"
FF - prefs.js..network.proxy.ssl_port: 80
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Nero.com/KM: C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\PROGRAM FILES\ESET\MOZILLA THUNDERBIRD [2012.03.18 15:29:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011.12.30 15:54:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Firefox\components [2012.02.17 20:50:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Firefox\plugins [2012.01.12 19:15:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\Mozilla Thunderbird [2012.03.18 15:29:45 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\{184AA5E6-741D-464a-820E-94B3ABC2F3B4}: C:\Users\Urbi\AppData\Roaming\08017 [2012.03.19 12:12:23 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Firefox\components [2012.02.17 20:50:03 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Firefox\plugins [2012.01.12 19:15:05 | 000,000,000 | ---D | M]
 
[2009.12.29 21:51:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Urbi\AppData\Roaming\mozilla\Extensions
[2011.12.09 11:17:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Urbi\AppData\Roaming\mozilla\Firefox\Profiles\qwhto5xt.default\extensions
[2010.06.24 13:36:52 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Urbi\AppData\Roaming\mozilla\Firefox\Profiles\qwhto5xt.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.11.08 21:59:35 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\Urbi\AppData\Roaming\mozilla\Firefox\Profiles\qwhto5xt.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2010.01.17 19:37:36 | 000,000,000 | ---D | M] (DVDVideoSoft Toolbar) -- C:\Users\Urbi\AppData\Roaming\mozilla\Firefox\Profiles\qwhto5xt.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}
[2010.01.18 15:18:30 | 000,000,881 | ---- | M] () -- C:\Users\Urbi\AppData\Roaming\Mozilla\Firefox\Profiles\qwhto5xt.default\searchplugins\conduit.xml
[2011.12.30 15:54:00 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 &lt;video&gt;) -- C:\PROGRAM FILES (X86)\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5
() (No name found) -- C:\USERS\URBI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWHTO5XT.DEFAULT\EXTENSIONS\{1FC895A6-2042-46EC-A61B-233165B4C218}.XPI
() (No name found) -- C:\USERS\URBI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWHTO5XT.DEFAULT\EXTENSIONS\{B749FC7C-E949-447F-926C-3F4EED6ACCFE}.XPI
 
========== Chrome  ==========
 
CHR - default_search_provider: Google ()
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
 
O1 HOSTS File: ([2006.09.18 22:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (DVDVideoSoft Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files (x86)\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)
O2 - BHO: (no name) - {ee1babcf-cbe2-4c07-8e18-dfe6fc08c30a}  - No CLSID value found.
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (DVDVideoSoft Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files (x86)\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoft Toolbar) - {E9911EC6-1BCC-40B0-9993-E0EEA7F6953F} - C:\Program Files (x86)\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [egui] C:\Program Files\ESET\egui.exe (ESET)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [AVMWlanClient] C:\Program Files (x86)\avmwlanstick\wlangui.exe (AVM Berlin)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - Startup: C:\Users\Urbi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk =  File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: TaskbarNoNotification = 1
O8:64bit: - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Urbi\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8:64bit: - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Urbi\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm ()
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Free YouTube Download - C:\Users\Urbi\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Urbi\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm ()
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: fritz.box ([]* in Lokales Intranet)
O15 - HKCU\..Trusted Ranges: Range1 ([*] in Lokales Intranet)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} Reg Error: Value error. (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 213.191.74.19 62.109.123.197 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A98E5A04-EDD5-446B-A108-44249A35FAD2}: DhcpNameServer = 213.191.74.19 62.109.123.197 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C734FC4C-9BA2-47E7-BE95-35087AA68768}: DhcpNameServer = 192.168.42.129
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help - No CLSID value found
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Urbi\Pictures\IMG-20120306-WA0001.jpg
O24 - Desktop BackupWallPaper: C:\Users\Urbi\Pictures\IMG-20120306-WA0001.jpg
O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004.04.30 16:01:00 | 000,000,053 | -HS- | M] () - D:\AUTORUN.INF -- [ NTFS ]
O33 - MountPoints2\{030a3962-c947-11de-b221-8bc314ea6853}\Shell - "" = AutoRun
O33 - MountPoints2\{030a3962-c947-11de-b221-8bc314ea6853}\Shell\AutoRun\command - "" = G:\pushinst.exe
O33 - MountPoints2\{1f471d54-eb15-11de-861d-001f3f09796e}\Shell - "" = AutoRun
O33 - MountPoints2\{1f471d54-eb15-11de-861d-001f3f09796e}\Shell\AutoRun\command - "" = F:\setup.exe
O33 - MountPoints2\{1f471d54-eb15-11de-861d-001f3f09796e}\Shell\install\command - "" = F:\setup.exe
O33 - MountPoints2\{532d52fd-0953-11e1-ab4e-001f3f09796e}\Shell - "" = AutoRun
O33 - MountPoints2\{532d52fd-0953-11e1-ab4e-001f3f09796e}\Shell\AutoRun\command - "" = F:\setup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.03.19 15:49:21 | 000,594,432 | ---- | C] (OldTimer Tools) -- C:\Users\Urbi\Desktop\OTL.exe
[2012.03.19 13:22:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.03.19 13:22:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.03.19 13:22:03 | 009,502,424 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\Urbi\Desktop\mbam--setup-1.60.1.1000.exe
[2012.03.19 12:12:23 | 000,000,000 | ---D | C] -- C:\Users\Urbi\AppData\Roaming\08017
[2012.03.18 21:13:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2012.03.18 21:13:34 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2012.03.18 20:46:33 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Urbi\Desktop\dds.com
[2012.03.18 19:42:59 | 000,000,000 | -H-D | C] -- C:\ProgramData\{83C3B2FD-37EA-4C06-A228-E9B5E32FF0B1}
[2012.03.18 19:42:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Uniblue
[2012.03.18 19:42:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Uniblue
[2012.03.18 19:42:48 | 000,000,000 | ---D | C] -- C:\Users\Urbi\AppData\Local\PackageAware
[2012.03.18 15:29:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
[2012.03.18 15:29:01 | 000,000,000 | ---D | C] -- C:\ProgramData\ESET
[2012.03.18 15:29:01 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012.03.18 00:32:35 | 000,000,000 | ---D | C] -- C:\Users\Urbi\AppData\Roaming\UAs
[2012.03.18 00:30:47 | 000,000,000 | ---D | C] -- C:\Users\Urbi\AppData\Roaming\08016
[2012.03.18 00:30:27 | 000,000,000 | ---D | C] -- C:\Users\Urbi\AppData\Roaming\xmldm
[2012.03.18 00:30:26 | 000,000,000 | ---D | C] -- C:\Users\Urbi\AppData\Roaming\kock
[2012.03.14 16:50:05 | 000,000,000 | ---D | C] -- C:\TEMP
[2012.03.14 16:35:24 | 002,002,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll
[2012.03.14 16:35:24 | 001,555,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2012.03.14 16:35:24 | 000,834,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
[2012.03.14 16:35:24 | 000,327,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll
[2012.03.14 16:35:24 | 000,196,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll
[2012.03.14 16:34:54 | 000,708,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpencom.dll
[2012.03.14 16:34:53 | 000,613,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpencom.dll
[2012.03.05 21:24:29 | 000,000,000 | ---D | C] -- C:\mafia 2
[2012.02.27 19:41:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2011.10.23 15:45:08 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Program Files\OTL.exe
[1 C:\Users\Urbi\AppData\Roaming\*.tmp files -> C:\Users\Urbi\AppData\Roaming\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.03.19 15:49:22 | 000,594,432 | ---- | M] (OldTimer Tools) -- C:\Users\Urbi\Desktop\OTL.exe
[2012.03.19 15:45:49 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.03.19 15:45:32 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.03.19 15:45:32 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.03.19 15:45:28 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.03.19 15:12:16 | 000,000,034 | ---- | M] () -- C:\Users\Urbi\AppData\Roaming\blckdom.res
[2012.03.19 14:58:00 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.03.19 13:22:12 | 009,502,424 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\Urbi\Desktop\mbam--setup-1.60.1.1000.exe
[2012.03.19 12:12:27 | 000,005,624 | ---- | M] () -- C:\Users\Urbi\AppData\Roaming\BAcroIEHelpe089.dll
[2012.03.18 21:14:10 | 000,002,964 | ---- | M] () -- C:\Users\Urbi\Desktop\Attach.zip
[2012.03.18 20:46:33 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Urbi\Desktop\dds.com
[2012.03.18 19:52:26 | 000,050,477 | ---- | M] () -- C:\Users\Urbi\Desktop\Defogger.exe
[2012.03.18 19:46:16 | 000,004,098 | ---- | M] () -- C:\Users\Urbi\Documents\cc_20120318_194613.reg
[2012.03.18 19:42:59 | 000,001,635 | ---- | M] () -- C:\Users\Urbi\Desktop\Uniblue RegistryBooster.lnk
[2012.03.18 17:24:31 | 000,000,907 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Update ESET's license.lnk
[2012.03.15 18:36:51 | 000,001,976 | ---- | M] () -- C:\Users\Urbi\Documents\cc_20120315_183649.reg
[2012.03.15 11:34:33 | 000,406,496 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.03.14 16:50:22 | 000,003,140 | -HS- | M] () -- C:\Windows\SysWow64\KGyGaAvL.sys
[2012.03.14 16:50:20 | 000,000,088 | RHS- | M] () -- C:\Windows\SysWow64\013E07AF38.sys
[2012.03.09 14:05:22 | 004,208,096 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.03.09 14:05:22 | 001,720,492 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.03.09 14:05:22 | 001,281,808 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.03.09 14:05:22 | 001,127,038 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.03.09 14:05:22 | 000,007,056 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.03.06 14:22:47 | 000,001,418 | ---- | M] () -- C:\Users\Urbi\Documents\cc_20120306_142245.reg
[2012.02.26 13:51:54 | 000,003,832 | ---- | M] () -- C:\Users\Urbi\Documents\cc_20120226_135152.reg
[2012.02.22 13:14:20 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[1 C:\Users\Urbi\AppData\Roaming\*.tmp files -> C:\Users\Urbi\AppData\Roaming\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.03.19 12:12:27 | 000,005,624 | ---- | C] () -- C:\Users\Urbi\AppData\Roaming\BAcroIEHelpe089.dll
[2012.03.18 21:14:10 | 000,002,964 | ---- | C] () -- C:\Users\Urbi\Desktop\Attach.zip
[2012.03.18 19:52:26 | 000,050,477 | ---- | C] () -- C:\Users\Urbi\Desktop\Defogger.exe
[2012.03.18 19:46:14 | 000,004,098 | ---- | C] () -- C:\Users\Urbi\Documents\cc_20120318_194613.reg
[2012.03.18 19:42:59 | 000,001,635 | ---- | C] () -- C:\Users\Urbi\Desktop\Uniblue RegistryBooster.lnk
[2012.03.18 17:17:33 | 000,000,907 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Update ESET's license.lnk
[2012.03.18 00:30:44 | 000,000,034 | ---- | C] () -- C:\Users\Urbi\AppData\Roaming\blckdom.res
[2012.03.15 18:36:50 | 000,001,976 | ---- | C] () -- C:\Users\Urbi\Documents\cc_20120315_183649.reg
[2012.03.06 14:22:46 | 000,001,418 | ---- | C] () -- C:\Users\Urbi\Documents\cc_20120306_142245.reg
[2012.02.26 13:51:53 | 000,003,832 | ---- | C] () -- C:\Users\Urbi\Documents\cc_20120226_135152.reg
[2011.10.23 15:40:19 | 000,050,477 | ---- | C] () -- C:\Program Files\Defogger.exe
[2011.08.24 15:55:24 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011.06.22 19:10:56 | 000,005,038 | ---- | C] () -- C:\Windows\MC9DEMO.INI
[2011.06.20 19:24:15 | 000,000,056 | ---- | C] () -- C:\Windows\MC10demo.INI
[2011.02.14 21:02:52 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.11.30 15:01:42 | 000,000,088 | RHS- | C] () -- C:\Windows\SysWow64\013E07AF38.sys
[2010.11.30 14:36:14 | 000,003,140 | -HS- | C] () -- C:\Windows\SysWow64\KGyGaAvL.sys
[2010.10.17 17:58:40 | 000,000,096 | -HS- | C] () -- C:\Windows\WSYS049.SYS
[2010.10.17 17:58:21 | 000,204,295 | ---- | C] () -- C:\Windows\Photo Pos Pro Uninstaller.exe
[2010.07.25 12:31:02 | 000,000,680 | ---- | C] () -- C:\Users\Urbi\AppData\Local\d3d9caps.dat
[2010.06.22 11:52:49 | 000,001,914 | ---- | C] () -- C:\Users\Urbi\AppData\Roaming\wklnhst.dat
[2010.06.15 18:16:45 | 000,009,216 | ---- | C] () -- C:\Users\Urbi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.06.12 12:11:25 | 000,001,302 | ---- | C] () -- C:\ProgramData\ss.ini
[2010.04.06 11:10:15 | 000,225,411 | ---- | C] () -- C:\Windows\SysWow64\PosPrKpLib.dll
[2010.04.06 11:10:07 | 000,020,480 | ---- | C] () -- C:\Windows\SysWow64\PosTickerLib.dll
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:8B4F37E5

< End of report >

--- --- ---

urbi28 · 19.03.2012, 16:23

OTL-Extra

OTL EXTRAS Logfile:

Code:

ATTFilter

OTL Extras logfile created on: 19.03.2012 15:50:35 - Run 2
OTL by OldTimer - Version 3.2.39.1     Folder = C:\Users\Urbi\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19190)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
6,00 Gb Total Physical Memory | 4,23 Gb Available Physical Memory | 70,58% Memory free
12,10 Gb Paging File | 10,32 Gb Available in Paging File | 85,21% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 450,68 Gb Total Space | 252,77 Gb Free Space | 56,09% Space Free | Partition Type: NTFS
Drive D: | 15,00 Gb Total Space | 5,66 Gb Free Space | 37,73% Space Free | Partition Type: NTFS
 
Computer Name: URBI-PC | User Name: Urbi | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [runas] -- cmd.exe /c takeown /f "%1" /r /d j && icacls "%1" /grant administratoren:F /t &&  icacls "%1" /grant "authentifizierte benutzer":F /t (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [runas] -- cmd.exe /c takeown /f "%1" /r /d j && icacls "%1" /grant administratoren:F /t &&  icacls "%1" /grant "authentifizierte benutzer":F /t (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01  [binary data]
"VistaSp2" = 65 B1 89 89 56 6C CA 01  [binary data]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{10D490EE-B0E6-4E31-BA7D-427DD9DB011E}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{398B8C02-F454-4F96-A3EB-C6D62A43A280}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe | 
"{E55E8D3B-7574-472E-A2BE-FBE1E50D518E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0DBF1A3D-3886-4DDB-9369-292D54EA65D3}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{10FD4B05-E808-4495-93E2-F8EC5A3B9416}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe | 
"{1391A1F6-582C-44E4-AA79-75D979A29DD3}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | 
"{155C710A-8F1F-4E71-B8FC-12CE16CEA2CC}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe | 
"{19D10588-B6EA-4E0E-BD36-A4A2C169DE81}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe | 
"{1F54E8EA-81C6-450D-B436-DD42C10377DC}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe | 
"{20F310E7-BE07-497A-BD7A-80B98D59340C}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe | 
"{250F7D4E-C5B0-4C48-96DB-936D504F996D}" = protocol=6 | dir=in | app=c:\program files (x86)\easy downloads\easydl.exe | 
"{2888FB0C-A339-40B1-B511-2711FAE8EF79}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{2C626B09-36D9-4C70-A306-3B73F23F38AE}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\hp1006mc.exe | 
"{2F2315EE-A7FF-49EA-A860-D5F090F67E1D}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe | 
"{3F47BFED-56B9-4A60-9B49-1AEB3F5A7EBD}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{4F3A86BA-B103-4508-A676-02CAF2539B9D}" = protocol=17 | dir=in | app=c:\program files (x86)\easy downloads\easydl.exe | 
"{76189A5C-9F02-4722-9FE2-A441DB71E718}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe | 
"{8782F0EC-8F90-40C6-94B8-D796FB225BA1}" = protocol=17 | dir=in | app=c:\program files (x86)\easy downloads\easydownloads.exe | 
"{91D86DEB-85F6-4FA0-AE83-9C635E87B324}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe | 
"{9770529D-480E-408D-AFE2-5F5AB1D50D33}" = protocol=6 | dir=in | app=c:\program files (x86)\easy downloads\easydownloads.exe | 
"{97E3610E-E2A9-4C89-AB4E-8973F71E46E8}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\hp1006mc.exe | 
"{9F616DA5-F8F7-41C1-8A4B-F41F73E9415E}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe | 
"{A1BB417E-6CD4-4446-BD81-20B543E9B819}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe | 
"{B0FFF4A7-3EBC-4F1C-A56C-E5F9636FEFFC}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\dseatze_moaf_gagga\counter-strike\hl.exe | 
"{B64D4728-AFC1-4B35-90E9-3213DDCAD776}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe | 
"{C5D93ECF-C364-46FB-B80E-95544BD66A43}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe | 
"{CD22AC1C-56F1-4404-AEB0-22DD9B2968F1}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe | 
"{D2CF1B24-CFE1-4CC1-BF36-A121D67F7397}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{DFA17C94-6302-42D2-8A34-41824E77D8AC}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe | 
"{E78A5198-094D-42A7-B6D2-204DE8F02EE8}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe | 
"{EA840450-621D-477E-80B6-B96F31D9A42C}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe | 
"{EF99D71F-D3B5-47D0-86E9-161A0CE9C423}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\dseatze_moaf_gagga\counter-strike\hl.exe | 
"{FE713204-E473-430F-B76B-6A10728431BB}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | 
"TCP Query User{0AB746F6-9589-4E3D-A339-0DBF0FF71FB6}C:\firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\firefox\plugin-container.exe | 
"TCP Query User{0C80F2E6-3CC9-434B-8E91-9419472161D5}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"TCP Query User{26B157A6-9E98-42A7-B0D1-248EA68E8780}C:\users\urbi\appdata\local\temp\rarsfx0\bie_kms.exe" = protocol=6 | dir=in | app=c:\users\urbi\appdata\local\temp\rarsfx0\bie_kms.exe | 
"TCP Query User{3B9F3B71-5AC6-4F2E-85E5-D49B6C55C49A}C:\program files (x86)\azureus\azureus.exe" = protocol=6 | dir=in | app=c:\program files (x86)\azureus\azureus.exe | 
"TCP Query User{4B9FA84B-A932-49D9-963B-D7AA0152B517}C:\program files (x86)\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe | 
"TCP Query User{9833256D-89EE-4272-850D-1ADE472002A5}C:\program files (x86)\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sopcast\adv\sopadver.exe | 
"TCP Query User{B35F996A-1CCF-4963-80BE-FA98EC5E2B29}C:\users\urbi\appdata\local\temp\rarsfx1\bie_kms.exe" = protocol=6 | dir=in | app=c:\users\urbi\appdata\local\temp\rarsfx1\bie_kms.exe | 
"TCP Query User{B66B3988-C1A3-49A1-A0F1-5A43D0C8CED3}C:\program files (x86)\call of duty - black ops\blackops.exe" = protocol=6 | dir=in | app=c:\program files (x86)\call of duty - black ops\blackops.exe | 
"UDP Query User{0794A955-ACE5-4CBE-B801-C1E33C8D39BC}C:\program files (x86)\azureus\azureus.exe" = protocol=17 | dir=in | app=c:\program files (x86)\azureus\azureus.exe | 
"UDP Query User{6F698CD9-3720-4DA1-B200-957AD689FA8B}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"UDP Query User{B03D0B39-F8A8-4802-B23D-BA488F610E70}C:\users\urbi\appdata\local\temp\rarsfx1\bie_kms.exe" = protocol=17 | dir=in | app=c:\users\urbi\appdata\local\temp\rarsfx1\bie_kms.exe | 
"UDP Query User{C759552C-3DF1-485A-B525-7FF3E58AD8C2}C:\program files (x86)\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sopcast\adv\sopadver.exe | 
"UDP Query User{D6EB7F0E-ECBD-4C88-ABC6-21B44C669C14}C:\program files (x86)\call of duty - black ops\blackops.exe" = protocol=17 | dir=in | app=c:\program files (x86)\call of duty - black ops\blackops.exe | 
"UDP Query User{EC883BC2-D666-4FFB-BBF3-4D47D377AF55}C:\users\urbi\appdata\local\temp\rarsfx0\bie_kms.exe" = protocol=17 | dir=in | app=c:\users\urbi\appdata\local\temp\rarsfx0\bie_kms.exe | 
"UDP Query User{EE2EF21D-6902-4656-943B-8980A4250C6E}C:\firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\firefox\plugin-container.exe | 
"UDP Query User{FFEE815B-718D-4EA7-8DDF-C6A5197693D3}C:\program files (x86)\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{06088E65-A95F-4926-897F-D86FB7A9C6D9}" = Nitro PDF Reader
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{23170F69-40C1-2702-0457-000001000000}" = 7-Zip 4.57 (x64 edition)
"{26A24AE4-039D-4CA4-87B4-2F86416013FF}" = Java(TM) 6 Update 13 (64-bit)
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{61A177CE-86A3-433F-BFE2-41AB9123A268}" = ESET NOD32 Antivirus
"{64A3A4F4-B792-11D6-A78A-00B0D0160100}" = Java(TM) SE Development Kit 6 Update 10 (64-bit)
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{850C7AF6-7376-464D-A69C-E8419EC7ACA7}" = Microsoft IntelliType Pro 7.0
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
"{90140000-0011-0000-1000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{7BC9B5EB-125A-4E9B-97E1-8D85B5E960B8}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0015-0407-1000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-1000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-1000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-1000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-1000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-1000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-1000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-1000-0000000FF1CE}_Office14.PROPLUS_{70A3169E-288F-454F-A08D-20DF66639B50}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-1000-0000000FF1CE}_Office14.PROPLUS_{0242505C-4E90-407F-9299-B5B275F50D86}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-1000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-1000-0000000FF1CE}_Office14.PROPLUS_{B51389C8-2890-4633-81D8-47D2A7402274}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-1000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-1000-0000000FF1CE}_Office14.PROPLUS_{3013A793-10A7-4D1F-B8B4-2FAA82F4D259}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{90140000-002C-0407-1000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-1000-0000000FF1CE}_Office14.PROPLUS_{98782D5D-A9EE-43C6-88AD-B50AD8530E78}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0043-0000-1000-0000000FF1CE}" = Microsoft Office Office 32-bit Components 2010
"{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{E8B6D35B-0B6F-4DCE-9493-859BF3809A7F}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0043-0407-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (German) 2010
"{90140000-0043-0407-1000-0000000FF1CE}_Office14.PROPLUS_{8DFD91C7-66AE-4E54-9901-5D5F401AD329}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0407-1000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0044-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-1000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-1000-0000000FF1CE}_Office14.PROPLUS_{8299B64F-1537-4081-974C-033EAB8F098E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-1000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0407-1000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140000-00BA-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D285FC5F-3021-32E9-9C59-24CA325BDC5C}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729
"{D600D357-5CB9-4DE9-8FD4-14E208BD1970}" = Nero Backup Drivers
"{E4C229B2-51E3-49E7-3A42-A3B695B4E56E}" = ccc-utility64
"{E60B7350-EA5F-41E0-9D6F-E508781E36D2}" = Dell Dock
"{EAFC065C-0576-4DE9-8FDB-4D943367506E}" = Oracle VM VirtualBox 3.2.10
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FA300000-0001-6400-0000-074957833700}" = ABBYY PDF Transformer 3.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"CCleaner" = CCleaner
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"WinRAR archiver" = WinRAR
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{01E9B2FF-DAF4-4529-9CC9-2101625517C7}" = nero.prerequisites.msi
"{034DCAF9-96E7-4936-9A07-712F80B5181E}" = Nero RescueAgent 11
"{03534DA5-2F88-4B8E-A978-849B979E1B8F}" = TuxGuitar
"{04D5E56E-F323-27F2-C075-EF1AE9A3CF2B}" = Catalyst Control Center Graphics Light
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{0713D1F9-DD77-42C1-8C7D-54D479E2E743}" = Nero SoundTrax 11
"{07288267-318E-9B78-B04E-984F9149EE24}" = Catalyst Control Center Graphics Previews Common
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{095B1DCF-5E8B-47EC-9B18-481918A731DB}" = Microsoft Default Manager
"{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE
"{0B23ACC5-88A6-FEE4-0131-8777A1BA0B68}" = Catalyst Control Center Graphics Previews Vista
"{0CD81D7E-94E2-D230-E37E-C9B16E90D01C}" = CCC Help Italian
"{0D7A4289-99CF-4B8D-B812-86BE50A54552}" = Nero Video 11
"{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell DataSafe Local Backup
"{11D3EF85-63E1-4AE4-A7C1-9241BDB16B51}" = Nero ControlCenter 11
"{13766F76-6C8C-4E57-A9F3-3212D1C6E0D1}" = Dell DataSafe Online
"{13F00518-807A-4B3A-83B0-A7CD90F3A398}" = MarketResearch
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{16A7FAD8-EE4F-C413-8359-833A3B2D39FB}" = CCC Help Portuguese
"{18364179-C5E5-F826-E2FC-D99D575AF997}" = Catalyst Control Center Localization All
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 29
"{26A24AE4-039D-4CA4-87B4-2F83216020F0}" = Java(TM) 6 Update 20
"{2767DEDE-EA9D-4FCE-A06A-40F4DD293330}" = hppusgP1000
"{2CA7225D-CB12-462A-9DD1-50319E158BA5}" = Nero 11 PiP Effects Basic
"{30228022-6558-412B-82C4-B1949F90273F}_is1" = Call of Duty - Modern Warfare 2
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{31A559C1-9E4D-423B-9DD3-34A6C5398752}" = HTC BMP USB Driver
"{390757AA-8830-43DC-AEE0-4E5B6F8439EB}" = Nero SoundTrax 11 Help (CHM)
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{44A69352-33DD-405E-ADB8-2D768643BBAE}_is1" = AnyBizSoft PDF to Word (Build 3.0.0)
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{47C72DA6-E7AC-984C-5475-15A65F9B41BE}" = Catalyst Control Center Graphics Full New
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A918155-6399-4673-0D08-85A0DBEC1389}" = CCC Help Chinese Traditional
"{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}" = Junk Mail filter update
"{501451DE-5808-4599-B544-8BD0915B6B24}_is1" = FreeRIP v3.2
"{537791BE-B032-D116-0C59-13541E17BFEA}" = CCC Help English
"{53F7746A-96AA-49A5-86B8-59989680DAC5}" = Nero Burning ROM 11 Help (CHM)
"{55C2143E-FBA5-442F-9AFA-726FF068F39D}" = Nero CoverDesigner 11 Help (CHM)
"{57F80ECF-E27C-4EEE-AB58-E971BACE2639}" = Nero Recode 11 Help (CHM)
"{58ECE031-9AAD-4011-B34A-BC78E77527E2}" = hppMSRedist
"{5A166C0B-9557-4364-A057-F946D674E6AC}" = Windows Live Mail
"{5A212B2D-140D-46F4-B625-2D1CA5A00594}" = Nero 11 Kwik Themes Basic
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{64E72FB1-2343-4977-B4A8-262CD53D0BD3}" = Corel Paint Shop Pro Photo X2
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{66DAE8D7-D5F7-462F-5815-102EE4B191C4}" = CCC Help Korean
"{67DAF4C3-58CA-4EDB-B734-D97684FC379E}" = General Runtime Files for Nemetschek Allplan 2009
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6AB2427E-A18F-4809-9A12-29F5EBABBB3A}" = Nero BackItUp 11 Help (CHM)
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6B3CA80E-6AC0-4725-BABF-9B0FEF880CB3}" = Power Tab Editor 1.7
"{6B96DADA-1A27-4A04-8CB2-CC45168D05FA}" = Windows Live Fotogalerie
"{6D6664A9-3342-4948-9B7E-034EFE366F0F}" = HTC Driver Installer
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7262D0C8-41CC-4F75-8383-A6C7C61D7FC6}" = Nemetschek SoftLock 2006
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{74656168-CF28-40BD-9D87-700B07BAF9B6}" = HTC Sync
"{763B809A-6874-5979-CD69-39491392262C}" = Catalyst Control Center InstallProxy
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7902E313-FF0F-4493-ACB1-A8147B78DCD0}" = HPSSupply
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{7E4413BB-CE31-4E01-A1C0-E37BDD0187CE}" = Nero 11
"{7FE440D8-8F16-24CA-81B6-7DEB4D6BF92D}" = CCC Help Hungarian
"{8014FACB-1D1D-48C2-94AA-E29EE2E6B9CE}" = Nero WaveEditor 11
"{81821BF8-DA20-4F8C-AA87-F70A274828D4}" = Windows Live Writer
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 2.9.0
"{835686C5-8650-49EB-8CA0-4528B4035495}" = Windows Live Call
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{837B6259-6FF5-4E66-87C1-A5A15ED36FF4}" = Windows Live Messenger
"{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60}" = Windows Live Anmelde-Assistent
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{88D3B829-DBA4-D839-33BF-9A5794CC21EB}" = CCC Help Chinese Standard
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8C1E2925-14F8-45AA-B999-1E2A74BF5607}" = Windows Live Sync
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{9044B9A5-B7D7-3EA2-B20B-49A47853D62F}" = CCC Help Spanish
"{9193490D-5229-4FC4-9BB9-A6D63C09574A}" = High-Definition Video Playback
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C450606-ED24-4958-92BA-B8940C99D441}" = PixiePack Codec Pack
"{A69D7B32-2BE9-42BF-B576-69B5E0FF7394}" = Catalyst Control Center - Branding
"{A7A0BF2E-31CC-49E3-9913-52C503EB969D}" = Nero Audio Pack 1
"{A7F37935-A880-8657-79CE-F98BF3A358E1}" = CCC Help Turkish
"{A82D052A-0806-42DF-80CD-1730A1AC0ED3}" = MrvlUsgTracking
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell DataSafe Local Backup - Support Software
"{AA388319-08DE-4943-A739-5BC257F50B61}" = NI LabVIEW Run-Time Engine 8.6
"{AB2BBC64-8AC8-4E66-BBF3-E22D5EACEECA}" = Nero BackItUp 11
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.2) - Deutsch
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B1846721-A8E6-46C7-83B6-0DCF7ADB4267}" = Nero Burning ROM 11
"{B297076F-905F-7E13-57EF-7D254EBB7589}" = CCC Help Japanese
"{B4089055-D468-45A4-A6BA-5A138DD715FC}" = Bing Bar
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{B9B1BA7F-7E07-49DD-A713-5B397A5BB66B}" = Nero Kwik Media Help (CHM)
"{BAED3957-C271-4670-A50D-8D7438701917}" = Nemetschek Allplan 2009
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BE814218-3919-4EA3-868A-2F60BC135CB4}" = Nero Kwik Media
"{BEBEE34D-84A2-4EDD-8BEA-96CC54371263}" = Nero Core Components 11
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCE210DF-7EEF-4A76-A63C-3EB091FDB992}" = welcome
"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
"{D01CE99A-8802-483C-A79F-298B691EB432}" = Nero RescueAgent 11 Help (CHM)
"{D1B8C6AC-C4F8-E8AF-E157-AF3E16B97903}" = CCC Help French
"{D2CBEFA4-F2D3-4E97-A171-8BFD6A31A5EC}" = Nero Express 11 Help (CHM)
"{D4D66270-9147-4BDF-9946-FCA2B303AA8F}" = Nero ControlCenter 11 Help (CHM)
"{D9EB0916-F277-4C54-830A-772833FD20A4}" = Micro-Cap 10 Evaluation
"{DC702FC1-4746-CD99-0578-02839474C2F8}" = Skins
"{DF5F687F-8018-4542-9F98-7084E9022917}" = Windows Live Essentials
"{DF6F459C-8B89-4F88-B63F-A2E136BB6B79}" = SweetIM for Messenger 2.8
"{DFAA3C20-5968-46A3-B7B0-0AF72D758A59}" = HTC Sync
"{DFFC0648-BC4B-47D1-93D2-6CA6B9457641}" = OpenOffice.org 3.2
"{E10AAE4A-98B8-420A-BD93-E0520C23D624}" = Nero Express 11
"{E51BC4B0-EA5E-49CC-AF3B-93B5C627EC22}" = Nero 11 Effects Basic
"{E59145A6-2D21-9E5C-6551-ACA2539CDE50}" = ccc-core-static
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1
"{E89371A0-2FCD-F518-EECB-09AB27724CEE}" = CCC Help German
"{EB8DED20-A887-4A9C-BB5A-F3E7523DFB44}" = Nero WaveEditor 11 Help (CHM)
"{ED06F22F-DADB-E713-2E49-EEB154950285}" = Catalyst Control Center Graphics Full Existing
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F3743A2C-5D5F-4456-8F98-5DF36A954C50}" = Nero 11 Image Samples
"{F49EF443-B2BD-4F10-8A46-87AFCDB90EDD}" = Nero 11 Disc Menus Basic
"{F6706DF9-B0B6-8496-F302-BF511197A32F}" = Catalyst Control Center Core Implementation
"{F69E83CF-B440-43F8-89E6-6EA80712109B}" = Windows Live Communications Platform
"{F69FB940-5031-4FE8-AFAD-085802D0BF63}" = Nero Recode 11
"{FAC3C37E-EDAB-4F3A-A173-A7C70CC88F09}" = Nero Video 11 Help (CHM)
"{FF44BCE5-5A18-4051-85F0-BC172D7B4695}" = Nero CoverDesigner 11
"5513-1208-7298-9440" = JDownloader 0.9
"ABBYY PDF Transformer 3.0" = ABBYY PDF Transformer 3.0
"Acoustica Effects Pack" = Acoustica Effects Pack
"Acoustica Mixcraft 4.5" = Acoustica Mixcraft 4.5
"Acoustica Mixcraft 5" = Acoustica Mixcraft 5
"Adobe AIR" = Adobe AIR
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Advanced PDF-to-Word 1.0 Demo" = Advanced PDF-to-Word 1.0 Demo
"Advanced RAR Repair v1.2" = Advanced RAR Repair v1.2
"AVMWLANCLI" = AVM FRITZ!WLAN
"BlueJ_is1" = BlueJ 2.5.3
"Call of Duty: Black Ops_is1" = Call of Duty: Black Ops
"DAEMON Tools Lite" = DAEMON Tools Lite
"Dev-C++" = Dev-C++ 5 beta 9 release (4.9.9.2)
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup" = DivX-Setup
"DVD Flick_is1" = DVD Flick 1.3.0.7
"DVDVideoSoft Toolbar" = DVDVideoSoft Toolbar
"EAGLE 5.10.0" = EAGLE 5.10.0
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4
"Free PDF to Word Doc Converter_is1" = Free PDF to Word Doc Converter v1.1
"Free YouTube Download_is1" = Free YouTube Download version 2.10.31
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.8
"Google Chrome" = Google Chrome
"Guitar Pro 5_is1" = Guitar Pro 5.0
"HP LaserJet P1000 series" = HP LaserJet P1000 series
"IrfanView" = IrfanView (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.60.1.1000
"Micro-Cap Evaluation 9.0" = Micro-Cap Evaluation 9.0
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"MiKTeX 2.9" = MiKTeX 2.9
"Mozilla Firefox 8.0 (x86 de)" = Mozilla Firefox 8.0 (x86 de)
"PDF Blender" = PDF Blender
"Photo Pos Pro" = Photo Pos Pro
"Security Task Manager" = Security Task Manager 1.8d
"Stronghold 3 (c) THQ_is1" = Stronghold 3 (c) THQ version 1
"TexMakerX_is1" = TexMakerX 2.1
"TmNationsForever_is1" = TmNationsForever
"TuxGuitar 1.1" = TuxGuitar
"TuxGuitar_0" = TuxGuitar 1.2
"Uniblue RegistryBooster" = Uniblue RegistryBooster
"Uninstall_is1" = Uninstall 1.0.0.1
"vShare.tv plugin" = vShare.tv plugin 1.3
"WinLiveSuite_Wave3" = Windows Live Essentials
"Zip Repair Pro_is1" = Zip Repair Pro
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Mozilla Firefox 10.0.2 (x86 de)" = Mozilla Firefox 10.0.2 (x86 de)
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 20.01.2012 11:45:22 | Computer Name = Urbi-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 20.01.2012 11:49:00 | Computer Name = Urbi-PC | Source = LoadPerf | ID = 3012
Description = 
 
Error - 20.01.2012 11:49:00 | Computer Name = Urbi-PC | Source = LoadPerf | ID = 3012
Description = 
 
Error - 20.01.2012 11:49:00 | Computer Name = Urbi-PC | Source = LoadPerf | ID = 3011
Description = 
 
Error - 20.01.2012 15:03:13 | Computer Name = Urbi-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung Stronghold3.exe, Version 0.0.0.0, Zeitstempel
 0x4ed9324c, fehlerhaftes Modul StrongholdBase.dll, Version 0.0.0.0, Zeitstempel
 0x4ed93246, Ausnahmecode 0xc0000005, Fehleroffset 0x0007f7ab,  Prozess-ID 0x1098,
 Anwendungsstartzeit 01ccd79e3b65b9d0.
 
Error - 20.01.2012 18:16:29 | Computer Name = Urbi-PC | Source = EventSystem | ID = 4621
Description = 
 
Error - 21.01.2012 06:15:15 | Computer Name = Urbi-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 21.01.2012 06:19:47 | Computer Name = Urbi-PC | Source = LoadPerf | ID = 3012
Description = 
 
Error - 21.01.2012 06:19:47 | Computer Name = Urbi-PC | Source = LoadPerf | ID = 3012
Description = 
 
Error - 21.01.2012 06:19:47 | Computer Name = Urbi-PC | Source = LoadPerf | ID = 3011
Description = 
 
[ System Events ]
Error - 12.03.2012 07:10:07 | Computer Name = Urbi-PC | Source = Dhcp | ID = 1000
Description = Die Lease dieses Computers zu der IP-Adresse 192.168.0.2 über die 
Netzwerkkarte mit der Netzwerkadresse 001F3F09796E ist verloren gegangen.
 
Error - 15.03.2012 11:29:26 | Computer Name = Urbi-PC | Source = Dhcp | ID = 1001
Description = Diesem Computer konnte keine Netzwerkadresse durch den DHCP-Server
 für die Netzwerkkarte mit der Netzwerkadresse 001F3F09796E zugeteilt werden. Der
 folgende Fehler ist aufgetreten:   %%1223. Es wird weiterhin im Hintergrund versucht,
 eine Adresse vom Netzwerkadressserver (DHCP) zugeteilt zu bekommen.
 
Error - 16.03.2012 07:39:57 | Computer Name = Urbi-PC | Source = Service Control Manager | ID = 7009
Description = 
 
Error - 16.03.2012 07:39:57 | Computer Name = Urbi-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 16.03.2012 07:40:27 | Computer Name = Urbi-PC | Source = Service Control Manager | ID = 7009
Description = 
 
Error - 16.03.2012 07:40:27 | Computer Name = Urbi-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 18.03.2012 09:40:09 | Computer Name = Urbi-PC | Source = VDS Dynamic Provider | ID = 16908298
Description = 
 
Error - 18.03.2012 15:31:25 | Computer Name = Urbi-PC | Source = VDS Dynamic Provider | ID = 16908298
Description = 
 
Error - 18.03.2012 18:25:38 | Computer Name = Urbi-PC | Source = Dhcp | ID = 1001
Description = Diesem Computer konnte keine Netzwerkadresse durch den DHCP-Server
 für die Netzwerkkarte mit der Netzwerkadresse 001F3F09796E zugeteilt werden. Der
 folgende Fehler ist aufgetreten:   %%1223. Es wird weiterhin im Hintergrund versucht,
 eine Adresse vom Netzwerkadressserver (DHCP) zugeteilt zu bekommen.
 
Error - 19.03.2012 10:45:47 | Computer Name = Urbi-PC | Source = VDS Dynamic Provider | ID = 16908298
Description = 
 
 
< End of report >

--- --- ---

Installierte Programme

Code:

ATTFilter

7-Zip 4.57 (x64 edition)	Igor Pavlov	17.03.2012	3,71MB	4.57.00.0
ABBYY PDF Transformer 3.0	ABBYY	19.01.2010	457MB	3.00.117.6804
Acoustica Effects Pack	Acoustica, Inc	12.04.2010	5,84MB	1.0
Acoustica Mixcraft 4.5	Acoustica	12.04.2010	89,1MB	
Acoustica Mixcraft 5	Acoustica	10.04.2010	176,8MB	
Adobe AIR	Adobe Systems Inc.	28.11.2010	29,4MB	2.5.0.16600
Adobe Flash Player 11 ActiveX 64-bit	Adobe Systems Incorporated	14.01.2012		11.1.102.55
Adobe Flash Player 11 Plugin 64-bit	Adobe Systems Incorporated	21.02.2012		11.1.102.62
Adobe Reader X (10.1.2) - Deutsch	Adobe Systems Incorporated	11.01.2012	165,9MB	10.1.2
Adobe Shockwave Player 11.5	Adobe Systems, Inc.	16.02.2011		11.5.9.620
Advanced PDF-to-Word 1.0 Demo		01.08.2010	0,70MB	
Advanced RAR Repair v1.2		02.01.2012	0,77MB	
AnyBizSoft PDF to Word (Build 3.0.0)	AnyBizSoft Software	01.08.2010	17,9MB	
ATI Catalyst Control Center		15.09.2009	16,00KB	2.009.0213.2137
AVM FRITZ!WLAN	AVM Berlin	07.11.2009		
Bing Bar	Microsoft Corporation	09.12.2011	26,9MB	7.0.850.0
BlueJ 2.5.3	Deakin University	28.04.2010	9,32MB	
Call of Duty - Modern Warfare 2		16.12.2009	13.210MB	
Call of Duty: Black Ops		15.08.2011	8.905MB	
CCleaner	Piriform	29.11.2010	2,73MB	3.01
Corel Paint Shop Pro Photo X2	Corel Corporation	29.11.2010	348MB	12.001.0000
DAEMON Tools Lite	DT Soft Ltd	06.11.2011	24,6MB	4.41.3.0173
Dell DataSafe Local Backup	Dell	15.09.2009	365MB	9.3.24
Dell DataSafe Local Backup - Support Software	Dell	15.09.2009	1,41MB	2.25
Dell DataSafe Online	Dell, Inc.	15.09.2009		1.1.0029
Dell Dock	Dell	15.09.2009		2.0.0
Dell Getting Started Guide	Dell Inc.	15.09.2009		1.00.0000
Dev-C++ 5 beta 9 release (4.9.9.2)		08.05.2011		
DivX Converter	DivX, Inc.	14.11.2011	45,3MB	7.1.0
DivX Plus DirectShow Filters	DivX, Inc.	14.11.2011	1,58MB	
DivX-Setup	DivX, LLC	29.12.2011	3,56MB	2.6.1.3
DVD Flick 1.3.0.7	Dennis Meuwissen	16.12.2011	43,2MB	1.3.0.7
DVDVideoSoft Toolbar		16.01.2010	7,75MB	
EAGLE 5.10.0	CadSoft Computer GmbH	02.11.2010		5.10.0
ESET NOD32 Antivirus	ESET, spol. s r.o.	17.03.2012	68,2MB	5.0.95.0
Free Audio CD Burner version 1.4	DVDVideoSoft Limited.	07.11.2010	2,60MB	
Free PDF to Word Doc Converter v1.1	www.hellopdf.com	01.08.2010	2,74MB	1.1
Free YouTube Download version 2.10.31	DVDVideoSoft Limited.	01.03.2011	3,32MB	
Free YouTube to MP3 Converter version 3.8	DVDVideoSoft Limited.	07.11.2010	2,66MB	
FreeRIP v3.2	MGShareware	11.06.2010	5,66MB	3.2
Google Chrome	Google Inc.	26.02.2012	158,0MB	17.0.963.79
Google Earth	Google	20.11.2011	92,8MB	6.1.0.5001
Guitar Pro 5.0	Arobas Music	26.10.2009	363MB	
HiJackThis	Trend Micro	13.11.2010	0,36MB	1.0.0
HP LaserJet P1000 series		10.01.2010	4,56MB	
HPSSupply	Ihr Firmenname	10.01.2010	0,96MB	2.1.1.0000
HTC BMP USB Driver	HTC	28.11.2010	0,28MB	1.0.5375
HTC Driver Installer	HTC Corporation	28.11.2010	2,03MB	3.0.0.005
HTC Sync	HTC Corporation	28.11.2010	32,0MB	2.0.40
ICQ7.2	ICQ	03.07.2010	47,4MB	7.2
IrfanView (remove only)	Irfan Skiljan	18.07.2010	1,93MB	4.27
Java(TM) 6 Update 13 (64-bit)	Sun Microsystems, Inc.	15.09.2009	89,7MB	6.0.130
Java(TM) 6 Update 20	Sun Microsystems, Inc.	30.11.2010	97,2MB	6.0.200
Java(TM) 6 Update 29	Sun Microsystems, Inc.	15.09.2009	97,0MB	6.0.290
Java(TM) SE Development Kit 6 Update 10 (64-bit)	Sun Microsystems, Inc.	28.04.2010	130,6MB	1.6.0.100
JDownloader 0.9	AppWork GmbH	31.10.2011	61,1MB	0.9
Malwarebytes Anti-Malware Version 1.60.1.1000	Malwarebytes Corporation	18.03.2012	4,09MB	1.60.1.1000
Micro-Cap 10 Evaluation	Spectrum Software	19.06.2011	40,8MB	10
Micro-Cap Evaluation 9.0		21.06.2011		
Microsoft .NET Framework 1.1		12.01.2010		
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU	Microsoft Corporation	27.10.2009	42,2MB	
Microsoft .NET Framework 3.5 SP1	Microsoft Corporation	29.04.2009	42,2MB	
Microsoft .NET Framework 4 Client Profile	Microsoft Corporation	23.11.2010	189,3MB	4.0.30319
Microsoft .NET Framework 4 Client Profile DEU Language Pack	Microsoft Corporation	23.11.2010	46,5MB	4.0.30319
Microsoft .NET Framework 4 Extended	Microsoft Corporation	05.01.2012	46,4MB	4.0.30319
Microsoft .NET Framework 4 Extended DEU Language Pack	Microsoft Corporation	05.01.2012	12,0MB	4.0.30319
Microsoft Default Manager	Microsoft Corporation	15.09.2009		2.0.69.0
Microsoft IntelliType Pro 7.0	Microsoft	26.11.2009	31,6MB	7.0.260.0
Microsoft Office Professional Plus 2010	Microsoft Corporation	14.11.2011	1.072MB	14.0.6029.1000
Microsoft SQL Server 2005 Compact Edition [ENU]	Microsoft Corporation	15.09.2009	1,74MB	3.1.0000
Microsoft Sync Framework Runtime Native v1.0 (x86)	Microsoft Corporation	15.09.2009	0,61MB	1.0.1215.0
Microsoft Sync Framework Services Native v1.0 (x86)	Microsoft Corporation	15.09.2009	1,45MB	1.0.1215.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053	Microsoft Corporation	14.12.2009	0,24MB	8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable	Microsoft Corporation	15.06.2011	0,29MB	8.0.59193
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148	Microsoft Corporation	14.12.2009	0,21MB	9.0.30729.4148
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148	Microsoft Corporation	14.12.2009	0,19MB	9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570	Microsoft Corporation	13.04.2011	0,77MB	9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570	Microsoft Corporation	13.04.2011	0,58MB	9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022	Microsoft Corporation	30.11.2010	1,70MB	9.0.21022
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729	Microsoft Corporation	22.11.2009	0,77MB	9.0.30729
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161	Microsoft Corporation	15.06.2011	0,76MB	9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729	Microsoft Corporation	22.11.2009	0,59MB	9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17	Microsoft Corporation	09.12.2009	0,57MB	9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148	Microsoft Corporation	07.11.2010	0,58MB	9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161	Microsoft Corporation	15.06.2011	0,58MB	9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219	Microsoft Corporation	18.12.2011	13,8MB	10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219	Microsoft Corporation	18.12.2011	15,0MB	10.0.40219
MiKTeX 2.9	MiKTeX.org	25.11.2011	2.251MB	2.9
Mozilla Firefox 10.0.2 (x86 de)	Mozilla	16.02.2012	38,5MB	10.0.2
Mozilla Firefox 8.0 (x86 de)	Mozilla	08.11.2011	37,9MB	8.0
MrvlUsgTracking	Marvell	10.01.2010	0,14MB	1.0.7
MSXML 4.0 SP3 Parser	Microsoft Corporation	28.11.2010	1,48MB	4.30.2100.0
MSXML 4.0 SP3 Parser (KB973685)	Microsoft Corporation	29.11.2010	1,54MB	4.30.2107.0
Nemetschek Allplan 2009		30.11.2009	439MB	2009.0
Nemetschek SoftLock 2006		30.11.2009	18,7MB	1.00.0000
Nero 11	Nero AG	18.12.2011	1.763MB	11.0.11200
Nero Backup Drivers	Nero AG	18.12.2011	95,00KB	1.0.11100.8.0
NI LabVIEW Run-Time Engine 8.6	National Instruments	08.07.2010	90,5MB	8.6.342.0
Nitro PDF Reader	Nitro PDF Software	24.01.2011	88,0MB	1.3.2.1
OpenOffice.org 3.2	OpenOffice.org	30.11.2010	379MB	3.2.9502
Oracle VM VirtualBox 3.2.10	Oracle Corporation	02.11.2010		3.2.10
PDF Blender		24.01.2011	1,28MB	
PDF24 Creator 2.9.0	PDF24.org	24.01.2011	26,2MB	
Photo Pos Pro	PowerOfSoftware Ltd.	16.10.2010	60,2MB	1.82
PixiePack Codec Pack	None	15.12.2009	16,4MB	1.1.400.0
Power Tab Editor 1.7	Power Tab Software	12.12.2009	3,59MB	1.7.0
Roxio Creator DE	Roxio	15.09.2009	18,1MB	10.1
Security Task Manager 1.8d	Neuber Software	16.08.2011	2,75MB	1.8d
Skype Toolbars	Skype Technologies S.A.	13.02.2011	7,10MB	5.0.4137
Skype™ 5.1	Skype Technologies S.A.	13.02.2011	22,7MB	5.1.112
Stronghold 3 (c) THQ version 1		05.01.2012	3.733MB	1
SweetIM for Messenger 2.8	SweetIM Technologies Ltd.	22.11.2009	3,80MB	2.8.0012
TexMakerX 2.1	Benito van der Zander	25.11.2011	61,5MB	2.1
TmNationsForever	Nadeo	15.12.2009	717MB	
TuxGuitar	Herac	10.02.2010	10,6MB	1.2
TuxGuitar	Name of your company	26.10.2009	13,5MB	1.1
TuxGuitar 1.2		09.01.2010		
Uniblue RegistryBooster	Uniblue Systems Ltd	17.03.2012	18,0MB	6.0.10.8
Uninstall 1.0.0.1		01.03.2011	17,7MB	
vShare.tv plugin 1.3	vShare.tv, Inc.	22.10.2011	0,58MB	1.3
Windows Live Anmelde-Assistent	Microsoft Corporation	14.12.2009	1,93MB	5.000.818.6
Windows Live Essentials	Microsoft Corporation	15.09.2009	139,4MB	14.0.8050.1202
Windows Live Sync	Microsoft Corporation	15.09.2009	2,80MB	14.0.8050.1202
Windows Live-Uploadtool	Microsoft Corporation	15.09.2009	0,22MB	14.0.8014.1029
Windows Media Player Firefox Plugin	Microsoft Corp	25.01.2010	0,29MB	1.0.0.8
WinRAR		16.12.2009	4,36MB	
Zip Repair Pro	GetData Pty Ltd	01.11.2009	3,93MB	4.2.0.1113

kira · 20.03.2012, 07:33

1.

Zitat:

Achtung wichtig!:
Falls Du selber im Logfile Änderungen vorgenommen hast, musst Du durch die Originalbezeichnung ersetzen und so in Script einfügen! sonst funktioniert nicht!
(Benutzerordner, dein Name oder sonstige Änderungen durch X, Stern oder andere Namen ersetzt)

Fixen mit OTL

Starte die OTL.exe.
Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
Kopiere folgendes Skript:

Code:

ATTFilter

:OTL
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\URLSearchHook: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files (x86)\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/USCON/8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT2269050
IE - HKCU\..\URLSearchHook: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files (x86)\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)
IE - HKCU\..\SearchScopes,DefaultScope = {6799BAC7-C7B2-4385-8870-1743E01ABAAC}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&Form=DLCDF7&pc=MDDC&src=IE-SearchBox
IE - HKCU\..\SearchScopes\{1D2AD974-616E-4ba1-A714-FE5EC5194E7F}: "URL" = http://www.google.com/search?hl=en&q={searchTerms}&meta=
IE - HKCU\..\SearchScopes\{2D8B5C3D-E75A-46d2-AE42-6D9FD4ADB708}: "URL" = http://search.msdn.microsoft.com/search/Default.aspx?query={searchTerms}&brand=msdn&locale=&refinement=00&lang=en-us
IE - HKCU\..\SearchScopes\{6799BAC7-C7B2-4385-8870-1743E01ABAAC}: "URL" = http://www.google.de/search?q={searchTerms}
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
FF - prefs.js..browser.search.defaultthis.engineName: "Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}"
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
[2010.01.18 15:18:30 | 000,000,881 | ---- | M] () -- C:\Users\Urbi\AppData\Roaming\Mozilla\Firefox\Profiles\qwhto5xt.default\searchplugins\conduit.xml
O2 - BHO: (no name) - {ee1babcf-cbe2-4c07-8e18-dfe6fc08c30a}  - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4 - HKLM..\Run: []  File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004.04.30 16:01:00 | 000,000,053 | -HS- | M] () - D:\AUTORUN.INF -- [ NTFS ]
O33 - MountPoints2\{030a3962-c947-11de-b221-8bc314ea6853}\Shell - "" = AutoRun
O33 - MountPoints2\{030a3962-c947-11de-b221-8bc314ea6853}\Shell\AutoRun\command - "" = G:\pushinst.exe
O33 - MountPoints2\{1f471d54-eb15-11de-861d-001f3f09796e}\Shell - "" = AutoRun
O33 - MountPoints2\{1f471d54-eb15-11de-861d-001f3f09796e}\Shell\AutoRun\command - "" = F:\setup.exe
O33 - MountPoints2\{1f471d54-eb15-11de-861d-001f3f09796e}\Shell\install\command - "" = F:\setup.exe
O33 - MountPoints2\{532d52fd-0953-11e1-ab4e-001f3f09796e}\Shell - "" = AutoRun
O33 - MountPoints2\{532d52fd-0953-11e1-ab4e-001f3f09796e}\Shell\AutoRun\command - "" = F:\setup.exe
[2012.03.18 00:32:35 | 000,000,000 | ---D | C] -- C:\Users\Urbi\AppData\Roaming\UAs
[2012.03.18 00:30:47 | 000,000,000 | ---D | C] -- C:\Users\Urbi\AppData\Roaming\08016
[2012.03.18 00:30:27 | 000,000,000 | ---D | C] -- C:\Users\Urbi\AppData\Roaming\xmldm
[2012.03.18 00:30:26 | 000,000,000 | ---D | C] -- C:\Users\Urbi\AppData\Roaming\kock
[2012.03.19 15:45:49 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.03.19 14:58:00 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:8B4F37E5

:Files
C:\Users\Urbi\AppData\Roaming\UAs
C:\Users\Urbi\AppData\Roaming\08016
C:\Users\Urbi\AppData\Roaming\xmldm
C:\Users\Urbi\AppData\Roaming\kock
C:\Users\Urbi\AppData\Roaming\BAcroIEHelpe089.dll
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]

und füge es hier ein:
Schließe alle Programme.
Klicke auf den Fix Button.
Klick auf .
OTL verlangt einen Neustart. Bitte zulassen.
Nach dem Neustart findest Du ein Textdokument.
Kopiere den Inhalt hier in Deinen Thread.

2.
Deinstalliere, unter Systemsteuerung-> Software/Programme:

Code:

ATTFilter

Bing Bar <- unnötig, <- oft aus Unwissenheit oder Ignoranz wird mitinstalliert
DVDVideoSoftTB Toolbar <- unnötig, meistens aus Unwissenheit oder Ignoranz wird mitinstalliert
SweetIM <- Magnet für Malware

vShare.tv plugin:
Hinweis: Das Add-on versucht nach der Installation die Standard-Suchengine und die Startseite Ihres Browser zu verändern. Dies sollten Sie verhindern, indem Sie die gesetzten Häkchen wieder entfernen.

Leider oft tragen sich "ungebetene Gäste direkt in die Suchleiste, Startseite und unter Erweiterungen ein" und sie können schon wirklich lästig sein... meistens aus Unwissenheit oder Ignoranz wird mitinstalliert, manche davon gehört sogar zur gefährlichsten Art der Adware , oder auch zum eine "Foistware-Gruppe".

Immer die benutzerdefinierte Installation wählen, nicht die Standardinstallation, weil dann oft Sachen mitinstalliert werden, die man nicht braucht oder nicht möchte.
Bei Installation bitte die Lizenzbestimmungen immer lesen, und nicht sofort überall den Haken setzen bzw gesetzten Haken belassen, weil damit stimmt man nämlich zu, dass andere "Fremdprogramm", oder sogar Adware (Werbe-Pop-ups) durch Partnerprogrammen, Sponsoren etc - mitinstalliert wird, weil sich Freeware damit finanziert.

Zitat:

Daher ist es ratsam, nach jeder Installation in alle installierten Browser zu kontrollieren, ob:
die aktuelle Webseite als Startseite unter die Lupe nehmen
unter Extras ⇒ Erweiterungen nach ungewollte AddOns/PlugIns, Toolbars schauen
In der Liste Zurzeit installierte Programme (unter Systemsteuerung) nachsehen, ob sich so etwas "ungewoltes" (Programm, Toolbar etc) eingenistet hat!

3.
Deine Javaversion ist nicht aktuell!
Da aufgrund alter Sicherheitslücken ist Java sehr anfällig, deinstalliere zunächst alle vorhandenen Java-Versionen:
→ Systemsteuerung → Software → deinstallieren...
→ Rechner neu aufstarten
→ Downloade nun die Offline-Version von Java "Empfohlen Version 6 Update 31 " von Oracle herunter
Achte darauf, eventuell angebotene Toolbars abwählen (den Haken bei der Toolbar entfernen)!

4.
reinige dein System mit CCleaner:

"CCleaner"→ "Analysieren"→ Klick auf den Button "Start CCleaner"
"Registry""Fehler suchen"→ "Fehler beheben"→ "Alle beheben"
Starte dein System neu auf

5.

lade Dir SUPERAntiSpyware FREE Edition herunter.
Achte darauf, eventuell angebotene Toolbar nicht mitzuinstallieren, also während der Installation den Haken bei der Toolbar (falls nötig), entfernen.
installiere das Programm und update online.
starte SUPERAntiSpyware und klicke auf "Ihren Computer durchsuchen"
setze ein Häkchen bei "Kompletter Scan" und klicke auf "Weiter"
anschließend alle gefundenen Schadprogramme werden aufgelistet, bei alle Funde Häkchen setzen und mit "OK" bestätigen
auf "Weiter" klicken dann "OK" und auf "Fertig stellen"
um die Ergebnisse anzuzeigen: auf "Präferenzen" dann auf den "Statistiken und Protokolle" klicken
drücke auf "Protokoll anzeigen" - anschließend diesen Bericht bitte speichern und hier posten

6.
erneut einen Scan mit OTL:

Doppelklick auf die OTL.exe
Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
Oben findest Du ein Kästchen mit Ausgabe.
Wähle bitte Standard-Ausgabe
Unter Extra-Registrierung wähle bitte Benutze SafeList.
Mache Häckchen bei LOP- und Purity-Prüfung.
Klicke nun auf Scan links oben.
Wenn der Scan beendet wurde werden zwei Logfiles erstellt.
Du findest die Logfiles auf Deinem Desktop => OTL.txt und Extras.txt
Poste die Logfiles in Code-Tags hier in den Thread.

Zitat:

► Berichte mir kurz über alle Umsetzungsschritte, die Du erledigt hast!

urbi28 · 20.03.2012, 14:56

Hi,
läuft schon deutlich besser der PC nachdem ich deine Schritte alle befolgt habe, dafür schon einmal recht herzlichen Dank

Die Programme die du mir empfohlen hast und ich heruntergeladen habe, sind das auch passive programme, also die stets meinen Computer durchsuchen und wenn ja ist das problematisch wenn ich diese parallel zu ESET laufen habe? Hab ma gehört, dass man immer nur ein Antivirusprogramm haben soll.
Okay zur Auswertung:
Lief alles problemlos so wie du es beschrieben hast. SuperAntiSpyware hat 8 Adwares gefunden. Von ESET habe ich heute keine Meldung bekommen nach dem Hochfahren, dass es was gefunden hat.
Achso, empfielst du mir auch das Vshare tv plugin zu deinstallieren? Aber ich glaube das brauch ich.

Fixen mit OTL

Code:

ATTFilter

All processes killed
========== OTL ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}\ deleted successfully.
C:\Program Files (x86)\DVDVideoSoft\tbDVDV.dll moved successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}\ not found.
File C:\Program Files (x86)\DVDVideoSoft\tbDVDV.dll not found.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{1D2AD974-616E-4ba1-A714-FE5EC5194E7F}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1D2AD974-616E-4ba1-A714-FE5EC5194E7F}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2D8B5C3D-E75A-46d2-AE42-6D9FD4ADB708}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2D8B5C3D-E75A-46d2-AE42-6D9FD4ADB708}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6799BAC7-C7B2-4385-8870-1743E01ABAAC}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6799BAC7-C7B2-4385-8870-1743E01ABAAC}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
Prefs.js: "Search" removed from browser.search.defaultthis.engineName
Prefs.js: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}" removed from browser.search.defaulturl
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@tools.google.com/Google Update;version=3\ deleted successfully.
C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@tools.google.com/Google Update;version=9\ deleted successfully.
File C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll not found.
C:\Users\Urbi\AppData\Roaming\Mozilla\Firefox\Profiles\qwhto5xt.default\searchplugins\conduit.xml moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ee1babcf-cbe2-4c07-8e18-dfe6fc08c30a}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ee1babcf-cbe2-4c07-8e18-dfe6fc08c30a}\ deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
D:\AUTORUN.INF moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{030a3962-c947-11de-b221-8bc314ea6853}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{030a3962-c947-11de-b221-8bc314ea6853}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{030a3962-c947-11de-b221-8bc314ea6853}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{030a3962-c947-11de-b221-8bc314ea6853}\ not found.
File G:\pushinst.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1f471d54-eb15-11de-861d-001f3f09796e}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1f471d54-eb15-11de-861d-001f3f09796e}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1f471d54-eb15-11de-861d-001f3f09796e}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1f471d54-eb15-11de-861d-001f3f09796e}\ not found.
File F:\setup.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1f471d54-eb15-11de-861d-001f3f09796e}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1f471d54-eb15-11de-861d-001f3f09796e}\ not found.
File F:\setup.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{532d52fd-0953-11e1-ab4e-001f3f09796e}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{532d52fd-0953-11e1-ab4e-001f3f09796e}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{532d52fd-0953-11e1-ab4e-001f3f09796e}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{532d52fd-0953-11e1-ab4e-001f3f09796e}\ not found.
File F:\setup.exe not found.
C:\Users\Urbi\AppData\Roaming\UAs folder moved successfully.
C:\Users\Urbi\AppData\Roaming\08016\components folder moved successfully.
C:\Users\Urbi\AppData\Roaming\08016 folder moved successfully.
C:\Users\Urbi\AppData\Roaming\xmldm folder moved successfully.
C:\Users\Urbi\AppData\Roaming\kock folder moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job moved successfully.
ADS C:\ProgramData\TEMP:8B4F37E5 deleted successfully.
========== FILES ==========
File\Folder C:\Users\Urbi\AppData\Roaming\UAs not found.
File\Folder C:\Users\Urbi\AppData\Roaming\08016 not found.
File\Folder C:\Users\Urbi\AppData\Roaming\xmldm not found.
File\Folder C:\Users\Urbi\AppData\Roaming\kock not found.
C:\Users\Urbi\AppData\Roaming\BAcroIEHelpe089.dll moved successfully.
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\Urbi\Desktop\cmd.bat deleted successfully.
C:\Users\Urbi\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: Administrator
->Temp folder emptied: 590747 bytes
->Temporary Internet Files folder emptied: 11917947 bytes
->Flash cache emptied: 57234 bytes
 
User: All Users
 
User: AppData
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56502 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Public
 
User: Urbi
->Temp folder emptied: 75118541 bytes
->Temporary Internet Files folder emptied: 111063859 bytes
->Java cache emptied: 18949018 bytes
->FireFox cache emptied: 291686571 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 65664 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 10232567 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 52922 bytes
RecycleBin emptied: 1551360 bytes
 
Total Files Cleaned = 497,00 mb
 
 
OTL by OldTimer - Version 3.2.39.1 log created on 03202012_111444

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

SUPERAntiSpyware

Code:

ATTFilter

SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 03/20/2012 at 01:57 PM

Application Version : 5.0.1146

Core Rules Database Version : 8353
Trace Rules Database Version: 6165

Scan type       : Complete Scan
Total Scan Time : 01:21:33

Operating System Information
Windows Vista Home Premium 64-bit, Service Pack 2 (Build 6.00.6002)
UAC On - Limited User

Memory items scanned      : 625
Memory threats detected   : 0
Registry items scanned    : 91674
Registry threats detected : 0
File items scanned        : 94902
File threats detected     : 8

Adware.Tracking Cookie
	C:\USERS\ADMINISTRATOR\AppData\Roaming\Microsoft\Windows\Cookies\KE9SU2VX.txt [ Cookie:administrator@atdmt.com/ ]
	C:\USERS\ADMINISTRATOR\AppData\Roaming\Microsoft\Windows\Cookies\32BDIZ5A.txt [ Cookie:administrator@2o7.net/ ]
	C:\USERS\ADMINISTRATOR\AppData\Roaming\Microsoft\Windows\Cookies\55AWYTHJ.txt [ Cookie:administrator@kontera.com/ ]
	C:\USERS\ADMINISTRATOR\AppData\Roaming\Microsoft\Windows\Cookies\XFODXI4Q.txt [ Cookie:administrator@doubleclick.net/ ]
	C:\USERS\ADMINISTRATOR\Cookies\KE9SU2VX.txt [ Cookie:administrator@atdmt.com/ ]
	C:\USERS\ADMINISTRATOR\Cookies\32BDIZ5A.txt [ Cookie:administrator@2o7.net/ ]
	C:\USERS\ADMINISTRATOR\Cookies\55AWYTHJ.txt [ Cookie:administrator@kontera.com/ ]
	C:\USERS\ADMINISTRATOR\Cookies\XFODXI4Q.txt [ Cookie:administrator@doubleclick.net/ ]

OTL

OTL Logfile:
OTL EXTRAS Logfile:

Code:

ATTFilter

OTL logfile created on: 20.03.2012 14:17:14 - Run 3
OTL by OldTimer - Version 3.2.39.1     Folder = C:\Users\Urbi\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19190)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
6,00 Gb Total Physical Memory | 4,23 Gb Available Physical Memory | 70,52% Memory free
12,10 Gb Paging File | 10,15 Gb Available in Paging File | 83,89% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 450,68 Gb Total Space | 253,60 Gb Free Space | 56,27% Space Free | Partition Type: NTFS
Drive D: | 15,00 Gb Total Space | 5,66 Gb Free Space | 37,73% Space Free | Partition Type: NTFS
 
Computer Name: URBI-PC | User Name: Urbi | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.03.19 15:49:22 | 000,594,432 | ---- | M] (OldTimer Tools) -- C:\Users\Urbi\Desktop\OTL.exe
PRC - [2012.02.17 20:50:03 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Firefox\firefox.exe
PRC - [2012.02.17 20:50:02 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Firefox\plugin-container.exe
PRC - [2012.01.13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.01.13 14:53:18 | 000,460,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.01.03 14:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011.11.25 16:32:36 | 000,687,400 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\Update\NASvc.exe
PRC - [2011.09.22 12:03:30 | 000,974,944 | ---- | M] (ESET) -- C:\Programme\ESET\x86\ekrn.exe
PRC - [2011.07.29 00:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2010.09.16 14:06:22 | 000,080,896 | ---- | M] () -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
PRC - [2009.07.16 09:59:00 | 000,648,432 | ---- | M] (SoftThinks) -- C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
PRC - [2009.04.27 10:17:13 | 000,759,048 | ---- | M] (ABBYY) -- C:\Program Files (x86)\ABBYY PDF Transformer 3.0\NetworkLicenseServer.exe
PRC - [2009.03.20 01:03:00 | 001,904,640 | R--- | M] (AVM Berlin) -- C:\Program Files (x86)\avmwlanstick\WLanGUI.exe
PRC - [2009.03.20 01:03:00 | 000,368,640 | R--- | M] (AVM Berlin) -- C:\Program Files (x86)\avmwlanstick\WlanNetService.exe
PRC - [2008.12.18 13:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Programme\Dell\DellDock\DockLogin.exe
PRC - [2007.06.05 13:20:32 | 000,177,704 | ---- | M] () -- C:\Windows\SysWOW64\PSIService.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.02.22 13:14:20 | 008,527,008 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
MOD - [2012.02.17 20:50:02 | 001,911,768 | ---- | M] () -- C:\Firefox\mozjs.dll
MOD - [2011.07.29 00:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011.07.29 00:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
MOD - [2011.03.17 00:11:16 | 004,297,568 | ---- | M] () -- C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2009.03.30 12:24:30 | 000,948,736 | ---- | M] (ATI Technologies Inc.) [Auto | Running] -- C:\Windows\SysNative\Ati2evxx.exe -- (Ati External Event Utility)
SRV - [2012.01.13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.01.03 14:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.11.25 16:32:36 | 000,687,400 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate) @C:\Program Files (x86)
SRV - [2011.09.22 12:03:30 | 000,974,944 | ---- | M] (ESET) [Auto | Running] -- C:\Programme\ESET\x86\ekrn.exe -- (ekrn)
SRV - [2011.08.12 00:38:04 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files (x86)\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)
SRV - [2010.12.30 19:59:23 | 000,403,240 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010.12.03 11:18:10 | 000,341,296 | ---- | M] (Nitro PDF Software) [Auto | Running] -- C:\Programme\Common Files\Nitro PDF\Reader\1.0\NitroPDFReaderDriverServicex64.exe -- (NitroReaderDriverReadSpool)
SRV - [2010.09.16 14:06:22 | 000,080,896 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.01.09 21:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2010.01.09 21:20:56 | 000,174,440 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose64)
SRV - [2009.07.16 09:59:00 | 000,648,432 | ---- | M] (SoftThinks) [Auto | Running] -- C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE -- (SftService)
SRV - [2009.04.27 10:17:13 | 000,759,048 | ---- | M] (ABBYY) [Auto | Running] -- C:\Program Files (x86)\ABBYY PDF Transformer 3.0\NetworkLicenseServer.exe -- (ABBYY.Licensing.PDFTransformer.Classic.3.0)
SRV - [2009.03.29 21:42:16 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.03.20 01:03:00 | 000,368,640 | R--- | M] (AVM Berlin) [Auto | Running] -- C:\Program Files (x86)\avmwlanstick\WlanNetService.exe -- (AVM WLAN Connection Service)
SRV - [2008.12.18 13:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Programme\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV - [2007.06.05 13:20:32 | 000,177,704 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PSIService.exe -- (ProtexisLicensing)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2011.12.10 15:24:08 | 000,023,152 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2011.12.01 11:42:44 | 000,072,240 | ---- | M] (Nero AG) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\NBVol.sys -- (NBVol)
DRV:64bit: - [2011.12.01 11:42:44 | 000,015,920 | ---- | M] (Nero AG) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\NBVolUp.sys -- (NBVolUp)
DRV:64bit: - [2011.11.07 19:01:36 | 000,270,912 | ---- | M] (DT Soft Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2011.08.09 14:24:52 | 000,202,576 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\Windows\SysNative\DRIVERS\eamonm.sys -- (eamonm)
DRV:64bit: - [2011.08.04 09:20:38 | 000,146,432 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\ehdrv.sys -- (ehdrv)
DRV:64bit: - [2010.10.08 15:52:38 | 000,144,784 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV:64bit: - [2010.07.12 19:36:10 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2010.06.25 16:08:56 | 000,036,928 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\htcnprot.sys -- (htcnprot)
DRV:64bit: - [2009.12.17 15:03:35 | 000,834,544 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\Drivers\sptd.sys -- (sptd)
DRV:64bit: - [2009.09.16 10:22:40 | 000,308,296 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk)
DRV:64bit: - [2009.09.16 10:22:40 | 000,102,472 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk)
DRV:64bit: - [2009.09.16 10:22:40 | 000,049,480 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mfesmfk.sys -- (mfesmfk)
DRV:64bit: - [2009.09.16 10:15:38 | 000,040,904 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mferkdk.sys -- (mferkdk)
DRV:64bit: - [2009.06.18 15:15:16 | 000,041,032 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mfebopk.sys -- (mfebopk)
DRV:64bit: - [2009.06.10 00:46:06 | 000,031,744 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\ANDROIDUSB.sys -- (HTCAND64)
DRV:64bit: - [2009.04.10 22:43:08 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2009.03.30 12:24:34 | 005,263,872 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (R300)
DRV:64bit: - [2009.03.30 12:24:34 | 005,263,872 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009.03.20 01:03:00 | 000,460,800 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\fwlanusb.sys -- (FWLANUSB)
DRV:64bit: - [2009.03.20 01:03:00 | 000,014,120 | R--- | M] (AVM Berlin) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\avmeject.sys -- (avmeject)
DRV:64bit: - [2009.01.13 13:39:42 | 000,188,416 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169)
DRV:64bit: - [2009.01.13 12:41:32 | 000,406,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\iastor.sys -- (iaStor)
DRV:64bit: - [2008.01.21 03:51:07 | 000,016,384 | ---- | M] (Microsoft Corporation) [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2008.01.21 03:46:55 | 000,317,952 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\e1e6032e.sys -- (e1express) Intel(R)
DRV - [2011.07.22 17:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files (x86)\SUPERAntiSpyware\SASDIFSV64.SYS -- (SASDIFSV)
DRV - [2011.07.12 22:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files (x86)\SUPERAntiSpyware\SASKUTIL64.SYS -- (SASKUTIL)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = 
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = fritz.box
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultthis.engineName: ""
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {b749fc7c-e949-447f-926c-3f4eed6accfe}:0.7.0.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..network.proxy.backup.ftp: ""
FF - prefs.js..network.proxy.backup.ftp_port: 0
FF - prefs.js..network.proxy.backup.socks: ""
FF - prefs.js..network.proxy.backup.socks_port: 0
FF - prefs.js..network.proxy.backup.ssl: ""
FF - prefs.js..network.proxy.backup.ssl_port: 0
FF - prefs.js..network.proxy.ftp: "	74.95.66.34"
FF - prefs.js..network.proxy.ftp_port: 80
FF - prefs.js..network.proxy.http: "	74.95.66.34"
FF - prefs.js..network.proxy.http_port: 80
FF - prefs.js..network.proxy.no_proxies_on: "fritz.box"
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "	74.95.66.34"
FF - prefs.js..network.proxy.socks_port: 80
FF - prefs.js..network.proxy.ssl: "	74.95.66.34"
FF - prefs.js..network.proxy.ssl_port: 80
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Nero.com/KM: C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\PROGRAM FILES\ESET\MOZILLA THUNDERBIRD [2012.03.18 15:29:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011.12.30 15:54:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Firefox\components [2012.02.17 20:50:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Firefox\plugins [2012.01.12 19:15:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\Mozilla Thunderbird [2012.03.18 15:29:45 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\{184AA5E6-741D-464a-820E-94B3ABC2F3B4}: C:\Users\Urbi\AppData\Roaming\08017 [2012.03.19 12:12:23 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Firefox\components [2012.02.17 20:50:03 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Firefox\plugins [2012.01.12 19:15:05 | 000,000,000 | ---D | M]
 
[2009.12.29 21:51:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Urbi\AppData\Roaming\mozilla\Extensions
[2011.12.09 11:17:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Urbi\AppData\Roaming\mozilla\Firefox\Profiles\qwhto5xt.default\extensions
[2010.06.24 13:36:52 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Urbi\AppData\Roaming\mozilla\Firefox\Profiles\qwhto5xt.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.11.08 21:59:35 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\Urbi\AppData\Roaming\mozilla\Firefox\Profiles\qwhto5xt.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2010.01.17 19:37:36 | 000,000,000 | ---D | M] (DVDVideoSoft Toolbar) -- C:\Users\Urbi\AppData\Roaming\mozilla\Firefox\Profiles\qwhto5xt.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}
[2011.12.30 15:54:00 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 &lt;video&gt;) -- C:\PROGRAM FILES (X86)\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5
() (No name found) -- C:\USERS\URBI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWHTO5XT.DEFAULT\EXTENSIONS\{1FC895A6-2042-46EC-A61B-233165B4C218}.XPI
() (No name found) -- C:\USERS\URBI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QWHTO5XT.DEFAULT\EXTENSIONS\{B749FC7C-E949-447F-926C-3F4EED6ACCFE}.XPI
 
========== Chrome  ==========
 
CHR - default_search_provider: Google ()
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
 
O1 HOSTS File: ([2006.09.18 22:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\bin\ssv.dll (Sun Microsystems, Inc.)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (no name) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - No CLSID value found.
O2 - BHO: (no name) - {ee1babcf-cbe2-4c07-8e18-dfe6fc08c30a}  - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - No CLSID value found.
O4:64bit: - HKLM..\Run: [egui] C:\Program Files\ESET\egui.exe (ESET)
O4 - HKLM..\Run: [AVMWlanClient] C:\Program Files (x86)\avmwlanstick\wlangui.exe (AVM Berlin)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files (x86)\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - Startup: C:\Users\Urbi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk =  File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: TaskbarNoNotification = 1
O8:64bit: - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Urbi\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8:64bit: - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Urbi\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm ()
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Free YouTube Download - C:\Users\Urbi\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Urbi\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm ()
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: fritz.box ([]* in Lokales Intranet)
O15 - HKCU\..Trusted Ranges: Range1 ([*] in Lokales Intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} Reg Error: Value error. (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 62.109.123.197 213.191.74.19 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A98E5A04-EDD5-446B-A108-44249A35FAD2}: DhcpNameServer = 62.109.123.197 213.191.74.19 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C734FC4C-9BA2-47E7-BE95-35087AA68768}: DhcpNameServer = 192.168.42.129
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help - No CLSID value found
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Urbi\Pictures\IMG-20120306-WA0001.jpg
O24 - Desktop BackupWallPaper: C:\Users\Urbi\Pictures\IMG-20120306-WA0001.jpg
O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.03.20 12:33:52 | 000,000,000 | ---D | C] -- C:\Users\Urbi\AppData\Roaming\SUPERAntiSpyware.com
[2012.03.20 12:33:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2012.03.20 12:32:57 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2012.03.20 12:32:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SUPERAntiSpyware
[2012.03.20 12:31:15 | 015,433,288 | ---- | C] (SUPERAntiSpyware.com) -- C:\Users\Urbi\Desktop\SUPERAntiSpyware.exe
[2012.03.20 12:15:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012.03.20 12:15:07 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2012.03.20 12:15:07 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2012.03.20 12:15:07 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2012.03.20 12:07:58 | 000,191,264 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\javaws.exe
[2012.03.20 12:07:58 | 000,172,320 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\javaw.exe
[2012.03.20 12:07:58 | 000,172,320 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\java.exe
[2012.03.20 12:07:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2012.03.20 11:56:23 | 000,910,112 | ---- | C] (Sun Microsystems, Inc.) -- C:\Users\Urbi\Desktop\jxpiinstall.exe
[2012.03.20 11:50:15 | 000,525,544 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\deployJava1.dll
[2012.03.20 11:14:44 | 000,000,000 | ---D | C] -- C:\_OTL
[2012.03.19 15:49:21 | 000,594,432 | ---- | C] (OldTimer Tools) -- C:\Users\Urbi\Desktop\OTL.exe
[2012.03.19 13:22:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.03.19 13:22:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.03.19 13:22:03 | 009,502,424 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\Urbi\Desktop\mbam--setup-1.60.1.1000.exe
[2012.03.19 12:12:23 | 000,000,000 | ---D | C] -- C:\Users\Urbi\AppData\Roaming\08017
[2012.03.18 21:13:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2012.03.18 21:13:34 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2012.03.18 20:46:33 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Urbi\Desktop\dds.com
[2012.03.18 19:42:59 | 000,000,000 | -H-D | C] -- C:\ProgramData\{83C3B2FD-37EA-4C06-A228-E9B5E32FF0B1}
[2012.03.18 19:42:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Uniblue
[2012.03.18 19:42:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Uniblue
[2012.03.18 19:42:48 | 000,000,000 | ---D | C] -- C:\Users\Urbi\AppData\Local\PackageAware
[2012.03.18 15:29:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
[2012.03.18 15:29:01 | 000,000,000 | ---D | C] -- C:\ProgramData\ESET
[2012.03.18 15:29:01 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012.03.14 16:50:05 | 000,000,000 | ---D | C] -- C:\TEMP
[2012.03.14 16:35:24 | 002,002,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll
[2012.03.14 16:35:24 | 001,555,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2012.03.14 16:35:24 | 000,834,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
[2012.03.14 16:35:24 | 000,327,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll
[2012.03.14 16:35:24 | 000,196,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll
[2012.03.14 16:34:54 | 000,708,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpencom.dll
[2012.03.14 16:34:53 | 000,613,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpencom.dll
[2012.03.05 21:24:29 | 000,000,000 | ---D | C] -- C:\mafia 2
[2012.02.27 19:41:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2011.10.23 15:45:08 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Program Files\OTL.exe
[1 C:\Users\Urbi\AppData\Roaming\*.tmp files -> C:\Users\Urbi\AppData\Roaming\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.03.20 14:10:21 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.03.20 14:10:21 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.03.20 14:10:17 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.03.20 12:33:17 | 000,001,856 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012.03.20 12:31:34 | 015,433,288 | ---- | M] (SUPERAntiSpyware.com) -- C:\Users\Urbi\Desktop\SUPERAntiSpyware.exe
[2012.03.20 12:17:53 | 000,019,816 | ---- | M] () -- C:\Users\Urbi\Documents\cc_20120320_121749.reg
[2012.03.20 12:14:28 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2012.03.20 12:14:28 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2012.03.20 12:14:28 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2012.03.20 12:14:28 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2012.03.20 12:07:15 | 000,525,544 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\deployJava1.dll
[2012.03.20 12:07:15 | 000,191,264 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\javaws.exe
[2012.03.20 12:07:15 | 000,172,320 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\javaw.exe
[2012.03.20 12:07:15 | 000,172,320 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\java.exe
[2012.03.20 11:56:24 | 000,910,112 | ---- | M] (Sun Microsystems, Inc.) -- C:\Users\Urbi\Desktop\jxpiinstall.exe
[2012.03.19 15:49:22 | 000,594,432 | ---- | M] (OldTimer Tools) -- C:\Users\Urbi\Desktop\OTL.exe
[2012.03.19 15:12:16 | 000,000,034 | ---- | M] () -- C:\Users\Urbi\AppData\Roaming\blckdom.res
[2012.03.19 13:22:12 | 009,502,424 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\Urbi\Desktop\mbam--setup-1.60.1.1000.exe
[2012.03.18 21:14:10 | 000,002,964 | ---- | M] () -- C:\Users\Urbi\Desktop\Attach.zip
[2012.03.18 20:46:33 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Urbi\Desktop\dds.com
[2012.03.18 19:52:26 | 000,050,477 | ---- | M] () -- C:\Users\Urbi\Desktop\Defogger.exe
[2012.03.18 19:46:16 | 000,004,098 | ---- | M] () -- C:\Users\Urbi\Documents\cc_20120318_194613.reg
[2012.03.18 19:42:59 | 000,001,635 | ---- | M] () -- C:\Users\Urbi\Desktop\Uniblue RegistryBooster.lnk
[2012.03.18 17:24:31 | 000,000,907 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Update ESET's license.lnk
[2012.03.15 18:36:51 | 000,001,976 | ---- | M] () -- C:\Users\Urbi\Documents\cc_20120315_183649.reg
[2012.03.15 11:34:33 | 000,406,496 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.03.14 16:50:22 | 000,003,140 | -HS- | M] () -- C:\Windows\SysWow64\KGyGaAvL.sys
[2012.03.14 16:50:20 | 000,000,088 | RHS- | M] () -- C:\Windows\SysWow64\013E07AF38.sys
[2012.03.09 14:05:22 | 004,208,096 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.03.09 14:05:22 | 001,720,492 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.03.09 14:05:22 | 001,281,808 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.03.09 14:05:22 | 001,127,038 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.03.09 14:05:22 | 000,007,056 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.03.06 14:22:47 | 000,001,418 | ---- | M] () -- C:\Users\Urbi\Documents\cc_20120306_142245.reg
[2012.02.26 13:51:54 | 000,003,832 | ---- | M] () -- C:\Users\Urbi\Documents\cc_20120226_135152.reg
[2012.02.22 13:14:20 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[1 C:\Users\Urbi\AppData\Roaming\*.tmp files -> C:\Users\Urbi\AppData\Roaming\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.03.20 12:33:17 | 000,001,856 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012.03.20 12:17:51 | 000,019,816 | ---- | C] () -- C:\Users\Urbi\Documents\cc_20120320_121749.reg
[2012.03.18 21:14:10 | 000,002,964 | ---- | C] () -- C:\Users\Urbi\Desktop\Attach.zip
[2012.03.18 19:52:26 | 000,050,477 | ---- | C] () -- C:\Users\Urbi\Desktop\Defogger.exe
[2012.03.18 19:46:14 | 000,004,098 | ---- | C] () -- C:\Users\Urbi\Documents\cc_20120318_194613.reg
[2012.03.18 19:42:59 | 000,001,635 | ---- | C] () -- C:\Users\Urbi\Desktop\Uniblue RegistryBooster.lnk
[2012.03.18 17:17:33 | 000,000,907 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Update ESET's license.lnk
[2012.03.18 00:30:44 | 000,000,034 | ---- | C] () -- C:\Users\Urbi\AppData\Roaming\blckdom.res
[2012.03.15 18:36:50 | 000,001,976 | ---- | C] () -- C:\Users\Urbi\Documents\cc_20120315_183649.reg
[2012.03.06 14:22:46 | 000,001,418 | ---- | C] () -- C:\Users\Urbi\Documents\cc_20120306_142245.reg
[2012.02.26 13:51:53 | 000,003,832 | ---- | C] () -- C:\Users\Urbi\Documents\cc_20120226_135152.reg
[2011.10.23 15:40:19 | 000,050,477 | ---- | C] () -- C:\Program Files\Defogger.exe
[2011.08.24 15:55:24 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011.06.22 19:10:56 | 000,005,038 | ---- | C] () -- C:\Windows\MC9DEMO.INI
[2011.06.20 19:24:15 | 000,000,056 | ---- | C] () -- C:\Windows\MC10demo.INI
[2011.02.14 21:02:52 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.11.30 15:01:42 | 000,000,088 | RHS- | C] () -- C:\Windows\SysWow64\013E07AF38.sys
[2010.11.30 14:36:14 | 000,003,140 | -HS- | C] () -- C:\Windows\SysWow64\KGyGaAvL.sys
[2010.10.17 17:58:40 | 000,000,096 | -HS- | C] () -- C:\Windows\WSYS049.SYS
[2010.10.17 17:58:21 | 000,204,295 | ---- | C] () -- C:\Windows\Photo Pos Pro Uninstaller.exe
[2010.07.25 12:31:02 | 000,000,680 | ---- | C] () -- C:\Users\Urbi\AppData\Local\d3d9caps.dat
[2010.06.22 11:52:49 | 000,001,914 | ---- | C] () -- C:\Users\Urbi\AppData\Roaming\wklnhst.dat
[2010.06.15 18:16:45 | 000,009,216 | ---- | C] () -- C:\Users\Urbi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.06.12 12:11:25 | 000,001,302 | ---- | C] () -- C:\ProgramData\ss.ini
[2010.04.06 11:10:15 | 000,225,411 | ---- | C] () -- C:\Windows\SysWow64\PosPrKpLib.dll
[2010.04.06 11:10:07 | 000,020,480 | ---- | C] () -- C:\Windows\SysWow64\PosTickerLib.dll
 
========== LOP Check ==========
 
[2012.03.19 12:12:23 | 000,000,000 | ---D | M] -- C:\Users\Urbi\AppData\Roaming\08017
[2010.04.11 16:00:30 | 000,000,000 | ---D | M] -- C:\Users\Urbi\AppData\Roaming\Acoustica
[2011.08.31 15:57:53 | 000,000,000 | ---D | M] -- C:\Users\Urbi\AppData\Roaming\Azureus
[2011.11.26 16:35:50 | 000,000,000 | ---D | M] -- C:\Users\Urbi\AppData\Roaming\benibela
[2010.11.03 11:14:24 | 000,000,000 | ---D | M] -- C:\Users\Urbi\AppData\Roaming\CadSoft
[2009.12.17 15:07:38 | 000,000,000 | ---D | M] -- C:\Users\Urbi\AppData\Roaming\DAEMON Tools Lite
[2009.12.17 14:38:22 | 000,000,000 | ---D | M] -- C:\Users\Urbi\AppData\Roaming\DAEMON Tools Pro
[2011.05.09 21:08:29 | 000,000,000 | ---D | M] -- C:\Users\Urbi\AppData\Roaming\Dev-Cpp
[2011.01.25 17:19:33 | 000,000,000 | ---D | M] -- C:\Users\Urbi\AppData\Roaming\Downloaded Installations
[2011.03.02 19:22:48 | 000,000,000 | ---D | M] -- C:\Users\Urbi\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.09.16 12:20:30 | 000,000,000 | ---D | M] -- C:\Users\Urbi\AppData\Roaming\ElevatedShortcut
[2011.11.09 21:02:53 | 000,000,000 | ---D | M] -- C:\Users\Urbi\AppData\Roaming\ESET
[2011.05.19 18:32:38 | 000,000,000 | ---D | M] -- C:\Users\Urbi\AppData\Roaming\GetRightToGo
[2010.11.29 21:27:24 | 000,000,000 | ---D | M] -- C:\Users\Urbi\AppData\Roaming\HTC
[2010.11.29 21:27:37 | 000,000,000 | ---D | M] -- C:\Users\Urbi\AppData\Roaming\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.1
[2012.03.19 21:52:00 | 000,000,000 | ---D | M] -- C:\Users\Urbi\AppData\Roaming\ICQ
[2011.11.28 19:27:03 | 000,000,000 | ---D | M] -- C:\Users\Urbi\AppData\Roaming\Nitro PDF
[2011.11.07 19:02:26 | 000,000,000 | ---D | M] -- C:\Users\Urbi\AppData\Roaming\OpenCandy
[2010.12.01 15:25:00 | 000,000,000 | ---D | M] -- C:\Users\Urbi\AppData\Roaming\OpenOffice.org
[2011.04.11 18:41:15 | 000,000,000 | ---D | M] -- C:\Users\Urbi\AppData\Roaming\PCDr
[2010.11.29 21:17:29 | 000,000,000 | ---D | M] -- C:\Users\Urbi\AppData\Roaming\Teleca
[2010.06.22 11:52:50 | 000,000,000 | ---D | M] -- C:\Users\Urbi\AppData\Roaming\Template
[2010.12.30 20:49:50 | 000,000,000 | ---D | M] -- C:\Users\Urbi\AppData\Roaming\TS3Client
[2012.03.20 14:09:37 | 000,032,510 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >

--- --- ---

--- --- ---

OTL EXTRAS Logfile:

Code:

ATTFilter

OTL Extras logfile created on: 20.03.2012 14:17:14 - Run 3
OTL by OldTimer - Version 3.2.39.1     Folder = C:\Users\Urbi\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19190)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
6,00 Gb Total Physical Memory | 4,23 Gb Available Physical Memory | 70,52% Memory free
12,10 Gb Paging File | 10,15 Gb Available in Paging File | 83,89% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 450,68 Gb Total Space | 253,60 Gb Free Space | 56,27% Space Free | Partition Type: NTFS
Drive D: | 15,00 Gb Total Space | 5,66 Gb Free Space | 37,73% Space Free | Partition Type: NTFS
 
Computer Name: URBI-PC | User Name: Urbi | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [runas] -- cmd.exe /c takeown /f "%1" /r /d j && icacls "%1" /grant administratoren:F /t &&  icacls "%1" /grant "authentifizierte benutzer":F /t (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [runas] -- cmd.exe /c takeown /f "%1" /r /d j && icacls "%1" /grant administratoren:F /t &&  icacls "%1" /grant "authentifizierte benutzer":F /t (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01  [binary data]
"VistaSp2" = 65 B1 89 89 56 6C CA 01  [binary data]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{10D490EE-B0E6-4E31-BA7D-427DD9DB011E}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{398B8C02-F454-4F96-A3EB-C6D62A43A280}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe | 
"{E55E8D3B-7574-472E-A2BE-FBE1E50D518E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0DBF1A3D-3886-4DDB-9369-292D54EA65D3}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{10FD4B05-E808-4495-93E2-F8EC5A3B9416}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe | 
"{1391A1F6-582C-44E4-AA79-75D979A29DD3}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | 
"{155C710A-8F1F-4E71-B8FC-12CE16CEA2CC}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe | 
"{19D10588-B6EA-4E0E-BD36-A4A2C169DE81}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe | 
"{1F54E8EA-81C6-450D-B436-DD42C10377DC}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe | 
"{20F310E7-BE07-497A-BD7A-80B98D59340C}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe | 
"{250F7D4E-C5B0-4C48-96DB-936D504F996D}" = protocol=6 | dir=in | app=c:\program files (x86)\easy downloads\easydl.exe | 
"{2888FB0C-A339-40B1-B511-2711FAE8EF79}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{2C626B09-36D9-4C70-A306-3B73F23F38AE}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\hp1006mc.exe | 
"{2F2315EE-A7FF-49EA-A860-D5F090F67E1D}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe | 
"{3F47BFED-56B9-4A60-9B49-1AEB3F5A7EBD}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{4F3A86BA-B103-4508-A676-02CAF2539B9D}" = protocol=17 | dir=in | app=c:\program files (x86)\easy downloads\easydl.exe | 
"{76189A5C-9F02-4722-9FE2-A441DB71E718}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe | 
"{8782F0EC-8F90-40C6-94B8-D796FB225BA1}" = protocol=17 | dir=in | app=c:\program files (x86)\easy downloads\easydownloads.exe | 
"{91D86DEB-85F6-4FA0-AE83-9C635E87B324}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe | 
"{9770529D-480E-408D-AFE2-5F5AB1D50D33}" = protocol=6 | dir=in | app=c:\program files (x86)\easy downloads\easydownloads.exe | 
"{97E3610E-E2A9-4C89-AB4E-8973F71E46E8}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\hp1006mc.exe | 
"{9F616DA5-F8F7-41C1-8A4B-F41F73E9415E}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe | 
"{A1BB417E-6CD4-4446-BD81-20B543E9B819}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe | 
"{B0FFF4A7-3EBC-4F1C-A56C-E5F9636FEFFC}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\dseatze_moaf_gagga\counter-strike\hl.exe | 
"{B64D4728-AFC1-4B35-90E9-3213DDCAD776}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe | 
"{C5D93ECF-C364-46FB-B80E-95544BD66A43}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe | 
"{CD22AC1C-56F1-4404-AEB0-22DD9B2968F1}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe | 
"{D2CF1B24-CFE1-4CC1-BF36-A121D67F7397}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{DFA17C94-6302-42D2-8A34-41824E77D8AC}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe | 
"{E78A5198-094D-42A7-B6D2-204DE8F02EE8}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe | 
"{EA840450-621D-477E-80B6-B96F31D9A42C}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe | 
"{EF99D71F-D3B5-47D0-86E9-161A0CE9C423}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\dseatze_moaf_gagga\counter-strike\hl.exe | 
"{FE713204-E473-430F-B76B-6A10728431BB}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | 
"TCP Query User{0AB746F6-9589-4E3D-A339-0DBF0FF71FB6}C:\firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\firefox\plugin-container.exe | 
"TCP Query User{0C80F2E6-3CC9-434B-8E91-9419472161D5}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"TCP Query User{26B157A6-9E98-42A7-B0D1-248EA68E8780}C:\users\urbi\appdata\local\temp\rarsfx0\bie_kms.exe" = protocol=6 | dir=in | app=c:\users\urbi\appdata\local\temp\rarsfx0\bie_kms.exe | 
"TCP Query User{3B9F3B71-5AC6-4F2E-85E5-D49B6C55C49A}C:\program files (x86)\azureus\azureus.exe" = protocol=6 | dir=in | app=c:\program files (x86)\azureus\azureus.exe | 
"TCP Query User{4B9FA84B-A932-49D9-963B-D7AA0152B517}C:\program files (x86)\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe | 
"TCP Query User{9833256D-89EE-4272-850D-1ADE472002A5}C:\program files (x86)\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sopcast\adv\sopadver.exe | 
"TCP Query User{B35F996A-1CCF-4963-80BE-FA98EC5E2B29}C:\users\urbi\appdata\local\temp\rarsfx1\bie_kms.exe" = protocol=6 | dir=in | app=c:\users\urbi\appdata\local\temp\rarsfx1\bie_kms.exe | 
"TCP Query User{B66B3988-C1A3-49A1-A0F1-5A43D0C8CED3}C:\program files (x86)\call of duty - black ops\blackops.exe" = protocol=6 | dir=in | app=c:\program files (x86)\call of duty - black ops\blackops.exe | 
"UDP Query User{0794A955-ACE5-4CBE-B801-C1E33C8D39BC}C:\program files (x86)\azureus\azureus.exe" = protocol=17 | dir=in | app=c:\program files (x86)\azureus\azureus.exe | 
"UDP Query User{6F698CD9-3720-4DA1-B200-957AD689FA8B}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"UDP Query User{B03D0B39-F8A8-4802-B23D-BA488F610E70}C:\users\urbi\appdata\local\temp\rarsfx1\bie_kms.exe" = protocol=17 | dir=in | app=c:\users\urbi\appdata\local\temp\rarsfx1\bie_kms.exe | 
"UDP Query User{C759552C-3DF1-485A-B525-7FF3E58AD8C2}C:\program files (x86)\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sopcast\adv\sopadver.exe | 
"UDP Query User{D6EB7F0E-ECBD-4C88-ABC6-21B44C669C14}C:\program files (x86)\call of duty - black ops\blackops.exe" = protocol=17 | dir=in | app=c:\program files (x86)\call of duty - black ops\blackops.exe | 
"UDP Query User{EC883BC2-D666-4FFB-BBF3-4D47D377AF55}C:\users\urbi\appdata\local\temp\rarsfx0\bie_kms.exe" = protocol=17 | dir=in | app=c:\users\urbi\appdata\local\temp\rarsfx0\bie_kms.exe | 
"UDP Query User{EE2EF21D-6902-4656-943B-8980A4250C6E}C:\firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\firefox\plugin-container.exe | 
"UDP Query User{FFEE815B-718D-4EA7-8DDF-C6A5197693D3}C:\program files (x86)\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{06088E65-A95F-4926-897F-D86FB7A9C6D9}" = Nitro PDF Reader
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{23170F69-40C1-2702-0457-000001000000}" = 7-Zip 4.57 (x64 edition)
"{26A24AE4-039D-4CA4-87B4-2F86416031FF}" = Java(TM) 6 Update 31 (64-bit)
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{61A177CE-86A3-433F-BFE2-41AB9123A268}" = ESET NOD32 Antivirus
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{850C7AF6-7376-464D-A69C-E8419EC7ACA7}" = Microsoft IntelliType Pro 7.0
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
"{90140000-0011-0000-1000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{7BC9B5EB-125A-4E9B-97E1-8D85B5E960B8}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0015-0407-1000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-1000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-1000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-1000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-1000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-1000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-1000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-1000-0000000FF1CE}_Office14.PROPLUS_{70A3169E-288F-454F-A08D-20DF66639B50}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-1000-0000000FF1CE}_Office14.PROPLUS_{0242505C-4E90-407F-9299-B5B275F50D86}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-1000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-1000-0000000FF1CE}_Office14.PROPLUS_{B51389C8-2890-4633-81D8-47D2A7402274}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-1000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-1000-0000000FF1CE}_Office14.PROPLUS_{3013A793-10A7-4D1F-B8B4-2FAA82F4D259}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{90140000-002C-0407-1000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-1000-0000000FF1CE}_Office14.PROPLUS_{98782D5D-A9EE-43C6-88AD-B50AD8530E78}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0043-0000-1000-0000000FF1CE}" = Microsoft Office Office 32-bit Components 2010
"{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{E8B6D35B-0B6F-4DCE-9493-859BF3809A7F}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0043-0407-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (German) 2010
"{90140000-0043-0407-1000-0000000FF1CE}_Office14.PROPLUS_{8DFD91C7-66AE-4E54-9901-5D5F401AD329}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0407-1000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0044-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-1000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-1000-0000000FF1CE}_Office14.PROPLUS_{8299B64F-1537-4081-974C-033EAB8F098E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-1000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0407-1000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140000-00BA-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D285FC5F-3021-32E9-9C59-24CA325BDC5C}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729
"{D600D357-5CB9-4DE9-8FD4-14E208BD1970}" = Nero Backup Drivers
"{E4C229B2-51E3-49E7-3A42-A3B695B4E56E}" = ccc-utility64
"{E60B7350-EA5F-41E0-9D6F-E508781E36D2}" = Dell Dock
"{EAFC065C-0576-4DE9-8FDB-4D943367506E}" = Oracle VM VirtualBox 3.2.10
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FA300000-0001-6400-0000-074957833700}" = ABBYY PDF Transformer 3.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"CCleaner" = CCleaner
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"WinRAR archiver" = WinRAR
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{01E9B2FF-DAF4-4529-9CC9-2101625517C7}" = nero.prerequisites.msi
"{034DCAF9-96E7-4936-9A07-712F80B5181E}" = Nero RescueAgent 11
"{03534DA5-2F88-4B8E-A978-849B979E1B8F}" = TuxGuitar
"{04D5E56E-F323-27F2-C075-EF1AE9A3CF2B}" = Catalyst Control Center Graphics Light
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{0713D1F9-DD77-42C1-8C7D-54D479E2E743}" = Nero SoundTrax 11
"{07288267-318E-9B78-B04E-984F9149EE24}" = Catalyst Control Center Graphics Previews Common
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{095B1DCF-5E8B-47EC-9B18-481918A731DB}" = Microsoft Default Manager
"{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE
"{0B23ACC5-88A6-FEE4-0131-8777A1BA0B68}" = Catalyst Control Center Graphics Previews Vista
"{0CD81D7E-94E2-D230-E37E-C9B16E90D01C}" = CCC Help Italian
"{0D7A4289-99CF-4B8D-B812-86BE50A54552}" = Nero Video 11
"{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell DataSafe Local Backup
"{11D3EF85-63E1-4AE4-A7C1-9241BDB16B51}" = Nero ControlCenter 11
"{13766F76-6C8C-4E57-A9F3-3212D1C6E0D1}" = Dell DataSafe Online
"{13F00518-807A-4B3A-83B0-A7CD90F3A398}" = MarketResearch
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{16A7FAD8-EE4F-C413-8359-833A3B2D39FB}" = CCC Help Portuguese
"{18364179-C5E5-F826-E2FC-D99D575AF997}" = Catalyst Control Center Localization All
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{2767DEDE-EA9D-4FCE-A06A-40F4DD293330}" = hppusgP1000
"{2CA7225D-CB12-462A-9DD1-50319E158BA5}" = Nero 11 PiP Effects Basic
"{30228022-6558-412B-82C4-B1949F90273F}_is1" = Call of Duty - Modern Warfare 2
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{31A559C1-9E4D-423B-9DD3-34A6C5398752}" = HTC BMP USB Driver
"{390757AA-8830-43DC-AEE0-4E5B6F8439EB}" = Nero SoundTrax 11 Help (CHM)
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{44A69352-33DD-405E-ADB8-2D768643BBAE}_is1" = AnyBizSoft PDF to Word (Build 3.0.0)
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{47C72DA6-E7AC-984C-5475-15A65F9B41BE}" = Catalyst Control Center Graphics Full New
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A918155-6399-4673-0D08-85A0DBEC1389}" = CCC Help Chinese Traditional
"{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}" = Junk Mail filter update
"{501451DE-5808-4599-B544-8BD0915B6B24}_is1" = FreeRIP v3.2
"{537791BE-B032-D116-0C59-13541E17BFEA}" = CCC Help English
"{53F7746A-96AA-49A5-86B8-59989680DAC5}" = Nero Burning ROM 11 Help (CHM)
"{55C2143E-FBA5-442F-9AFA-726FF068F39D}" = Nero CoverDesigner 11 Help (CHM)
"{57F80ECF-E27C-4EEE-AB58-E971BACE2639}" = Nero Recode 11 Help (CHM)
"{58ECE031-9AAD-4011-B34A-BC78E77527E2}" = hppMSRedist
"{5A166C0B-9557-4364-A057-F946D674E6AC}" = Windows Live Mail
"{5A212B2D-140D-46F4-B625-2D1CA5A00594}" = Nero 11 Kwik Themes Basic
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{64E72FB1-2343-4977-B4A8-262CD53D0BD3}" = Corel Paint Shop Pro Photo X2
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{66DAE8D7-D5F7-462F-5815-102EE4B191C4}" = CCC Help Korean
"{67DAF4C3-58CA-4EDB-B734-D97684FC379E}" = General Runtime Files for Nemetschek Allplan 2009
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6AB2427E-A18F-4809-9A12-29F5EBABBB3A}" = Nero BackItUp 11 Help (CHM)
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6B3CA80E-6AC0-4725-BABF-9B0FEF880CB3}" = Power Tab Editor 1.7
"{6B96DADA-1A27-4A04-8CB2-CC45168D05FA}" = Windows Live Fotogalerie
"{6D6664A9-3342-4948-9B7E-034EFE366F0F}" = HTC Driver Installer
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7262D0C8-41CC-4F75-8383-A6C7C61D7FC6}" = Nemetschek SoftLock 2006
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{74656168-CF28-40BD-9D87-700B07BAF9B6}" = HTC Sync
"{763B809A-6874-5979-CD69-39491392262C}" = Catalyst Control Center InstallProxy
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7902E313-FF0F-4493-ACB1-A8147B78DCD0}" = HPSSupply
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{7E4413BB-CE31-4E01-A1C0-E37BDD0187CE}" = Nero 11
"{7FE440D8-8F16-24CA-81B6-7DEB4D6BF92D}" = CCC Help Hungarian
"{8014FACB-1D1D-48C2-94AA-E29EE2E6B9CE}" = Nero WaveEditor 11
"{81821BF8-DA20-4F8C-AA87-F70A274828D4}" = Windows Live Writer
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 2.9.0
"{835686C5-8650-49EB-8CA0-4528B4035495}" = Windows Live Call
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{837B6259-6FF5-4E66-87C1-A5A15ED36FF4}" = Windows Live Messenger
"{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60}" = Windows Live Anmelde-Assistent
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{88D3B829-DBA4-D839-33BF-9A5794CC21EB}" = CCC Help Chinese Standard
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8C1E2925-14F8-45AA-B999-1E2A74BF5607}" = Windows Live Sync
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{9044B9A5-B7D7-3EA2-B20B-49A47853D62F}" = CCC Help Spanish
"{9193490D-5229-4FC4-9BB9-A6D63C09574A}" = High-Definition Video Playback
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C450606-ED24-4958-92BA-B8940C99D441}" = PixiePack Codec Pack
"{A69D7B32-2BE9-42BF-B576-69B5E0FF7394}" = Catalyst Control Center - Branding
"{A7A0BF2E-31CC-49E3-9913-52C503EB969D}" = Nero Audio Pack 1
"{A7F37935-A880-8657-79CE-F98BF3A358E1}" = CCC Help Turkish
"{A82D052A-0806-42DF-80CD-1730A1AC0ED3}" = MrvlUsgTracking
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell DataSafe Local Backup - Support Software
"{AA388319-08DE-4943-A739-5BC257F50B61}" = NI LabVIEW Run-Time Engine 8.6
"{AB2BBC64-8AC8-4E66-BBF3-E22D5EACEECA}" = Nero BackItUp 11
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.2) - Deutsch
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B1846721-A8E6-46C7-83B6-0DCF7ADB4267}" = Nero Burning ROM 11
"{B297076F-905F-7E13-57EF-7D254EBB7589}" = CCC Help Japanese
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{B9B1BA7F-7E07-49DD-A713-5B397A5BB66B}" = Nero Kwik Media Help (CHM)
"{BAED3957-C271-4670-A50D-8D7438701917}" = Nemetschek Allplan 2009
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BE814218-3919-4EA3-868A-2F60BC135CB4}" = Nero Kwik Media
"{BEBEE34D-84A2-4EDD-8BEA-96CC54371263}" = Nero Core Components 11
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCE210DF-7EEF-4A76-A63C-3EB091FDB992}" = welcome
"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
"{D01CE99A-8802-483C-A79F-298B691EB432}" = Nero RescueAgent 11 Help (CHM)
"{D1B8C6AC-C4F8-E8AF-E157-AF3E16B97903}" = CCC Help French
"{D2CBEFA4-F2D3-4E97-A171-8BFD6A31A5EC}" = Nero Express 11 Help (CHM)
"{D4D66270-9147-4BDF-9946-FCA2B303AA8F}" = Nero ControlCenter 11 Help (CHM)
"{D9EB0916-F277-4C54-830A-772833FD20A4}" = Micro-Cap 10 Evaluation
"{DC702FC1-4746-CD99-0578-02839474C2F8}" = Skins
"{DF5F687F-8018-4542-9F98-7084E9022917}" = Windows Live Essentials
"{DFAA3C20-5968-46A3-B7B0-0AF72D758A59}" = HTC Sync
"{DFFC0648-BC4B-47D1-93D2-6CA6B9457641}" = OpenOffice.org 3.2
"{E10AAE4A-98B8-420A-BD93-E0520C23D624}" = Nero Express 11
"{E51BC4B0-EA5E-49CC-AF3B-93B5C627EC22}" = Nero 11 Effects Basic
"{E59145A6-2D21-9E5C-6551-ACA2539CDE50}" = ccc-core-static
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1
"{E89371A0-2FCD-F518-EECB-09AB27724CEE}" = CCC Help German
"{EB8DED20-A887-4A9C-BB5A-F3E7523DFB44}" = Nero WaveEditor 11 Help (CHM)
"{ED06F22F-DADB-E713-2E49-EEB154950285}" = Catalyst Control Center Graphics Full Existing
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F3743A2C-5D5F-4456-8F98-5DF36A954C50}" = Nero 11 Image Samples
"{F49EF443-B2BD-4F10-8A46-87AFCDB90EDD}" = Nero 11 Disc Menus Basic
"{F6706DF9-B0B6-8496-F302-BF511197A32F}" = Catalyst Control Center Core Implementation
"{F69E83CF-B440-43F8-89E6-6EA80712109B}" = Windows Live Communications Platform
"{F69FB940-5031-4FE8-AFAD-085802D0BF63}" = Nero Recode 11
"{FAC3C37E-EDAB-4F3A-A173-A7C70CC88F09}" = Nero Video 11 Help (CHM)
"{FF44BCE5-5A18-4051-85F0-BC172D7B4695}" = Nero CoverDesigner 11
"5513-1208-7298-9440" = JDownloader 0.9
"ABBYY PDF Transformer 3.0" = ABBYY PDF Transformer 3.0
"Acoustica Effects Pack" = Acoustica Effects Pack
"Acoustica Mixcraft 4.5" = Acoustica Mixcraft 4.5
"Acoustica Mixcraft 5" = Acoustica Mixcraft 5
"Adobe AIR" = Adobe AIR
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Advanced PDF-to-Word 1.0 Demo" = Advanced PDF-to-Word 1.0 Demo
"Advanced RAR Repair v1.2" = Advanced RAR Repair v1.2
"AVMWLANCLI" = AVM FRITZ!WLAN
"BlueJ_is1" = BlueJ 2.5.3
"Call of Duty: Black Ops_is1" = Call of Duty: Black Ops
"DAEMON Tools Lite" = DAEMON Tools Lite
"Dev-C++" = Dev-C++ 5 beta 9 release (4.9.9.2)
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup" = DivX-Setup
"DVD Flick_is1" = DVD Flick 1.3.0.7
"EAGLE 5.10.0" = EAGLE 5.10.0
"Free PDF to Word Doc Converter_is1" = Free PDF to Word Doc Converter v1.1
"Google Chrome" = Google Chrome
"Guitar Pro 5_is1" = Guitar Pro 5.0
"HP LaserJet P1000 series" = HP LaserJet P1000 series
"IrfanView" = IrfanView (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.60.1.1000
"Micro-Cap Evaluation 9.0" = Micro-Cap Evaluation 9.0
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"MiKTeX 2.9" = MiKTeX 2.9
"Mozilla Firefox 8.0 (x86 de)" = Mozilla Firefox 8.0 (x86 de)
"PDF Blender" = PDF Blender
"Photo Pos Pro" = Photo Pos Pro
"Security Task Manager" = Security Task Manager 1.8d
"Stronghold 3 (c) THQ_is1" = Stronghold 3 (c) THQ version 1
"TexMakerX_is1" = TexMakerX 2.1
"TmNationsForever_is1" = TmNationsForever
"TuxGuitar 1.1" = TuxGuitar
"TuxGuitar_0" = TuxGuitar 1.2
"Uniblue RegistryBooster" = Uniblue RegistryBooster
"Uninstall_is1" = Uninstall 1.0.0.1
"vShare.tv plugin" = vShare.tv plugin 1.3
"WinLiveSuite_Wave3" = Windows Live Essentials
"Zip Repair Pro_is1" = Zip Repair Pro
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Mozilla Firefox 10.0.2 (x86 de)" = Mozilla Firefox 10.0.2 (x86 de)
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 19.01.2012 15:37:36 | Computer Name = Urbi-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung Stronghold3.exe, Version 0.0.0.0, Zeitstempel
 0x4ed9324c, fehlerhaftes Modul vision100.dll, Version 8.1.8.0, Zeitstempel 0x4e9ff7c0,
 Ausnahmecode 0xc0000005, Fehleroffset 0x0004c6d4,  Prozess-ID 0x1154, Anwendungsstartzeit
 01ccd6e0ee4e5395.
 
Error - 19.01.2012 15:37:37 | Computer Name = Urbi-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung Stronghold3.exe, Version 0.0.0.0, Zeitstempel
 0x4ed9324c, fehlerhaftes Modul vBase100.dll, Version 8.1.8.0, Zeitstempel 0x4e9ff795,
 Ausnahmecode 0xc0000005, Fehleroffset 0x0005ba8e,  Prozess-ID 0x1154, Anwendungsstartzeit
 01ccd6e0ee4e5395.
 
Error - 19.01.2012 18:26:48 | Computer Name = Urbi-PC | Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 8.0.6001.19170 arbeitet nicht mehr 
mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet
 "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen 
über das Problem zu suchen.  Prozess-ID: 109c  Anfangszeit: 01ccd6f6c32f2255  Zeitpunkt
 der Beendigung: 10
 
Error - 19.01.2012 18:42:11 | Computer Name = Urbi-PC | Source = EventSystem | ID = 4621
Description = 
 
Error - 20.01.2012 11:45:22 | Computer Name = Urbi-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 20.01.2012 11:49:00 | Computer Name = Urbi-PC | Source = LoadPerf | ID = 3012
Description = 
 
Error - 20.01.2012 11:49:00 | Computer Name = Urbi-PC | Source = LoadPerf | ID = 3012
Description = 
 
Error - 20.01.2012 11:49:00 | Computer Name = Urbi-PC | Source = LoadPerf | ID = 3011
Description = 
 
Error - 20.01.2012 15:03:13 | Computer Name = Urbi-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung Stronghold3.exe, Version 0.0.0.0, Zeitstempel
 0x4ed9324c, fehlerhaftes Modul StrongholdBase.dll, Version 0.0.0.0, Zeitstempel
 0x4ed93246, Ausnahmecode 0xc0000005, Fehleroffset 0x0007f7ab,  Prozess-ID 0x1098,
 Anwendungsstartzeit 01ccd79e3b65b9d0.
 
Error - 20.01.2012 18:16:29 | Computer Name = Urbi-PC | Source = EventSystem | ID = 4621
Description = 
 
[ System Events ]
Error - 16.03.2012 07:39:57 | Computer Name = Urbi-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 16.03.2012 07:40:27 | Computer Name = Urbi-PC | Source = Service Control Manager | ID = 7009
Description = 
 
Error - 16.03.2012 07:40:27 | Computer Name = Urbi-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 18.03.2012 09:40:09 | Computer Name = Urbi-PC | Source = VDS Dynamic Provider | ID = 16908298
Description = 
 
Error - 18.03.2012 15:31:25 | Computer Name = Urbi-PC | Source = VDS Dynamic Provider | ID = 16908298
Description = 
 
Error - 18.03.2012 18:25:38 | Computer Name = Urbi-PC | Source = Dhcp | ID = 1001
Description = Diesem Computer konnte keine Netzwerkadresse durch den DHCP-Server
 für die Netzwerkkarte mit der Netzwerkadresse 001F3F09796E zugeteilt werden. Der
 folgende Fehler ist aufgetreten:   %%1223. Es wird weiterhin im Hintergrund versucht,
 eine Adresse vom Netzwerkadressserver (DHCP) zugeteilt zu bekommen.
 
Error - 19.03.2012 10:45:47 | Computer Name = Urbi-PC | Source = VDS Dynamic Provider | ID = 16908298
Description = 
 
Error - 19.03.2012 17:21:15 | Computer Name = Urbi-PC | Source = VDS Dynamic Provider | ID = 16908298
Description = 
 
Error - 20.03.2012 06:14:44 | Computer Name = Urbi-PC | Source = Service Control Manager | ID = 7034
Description = 
 
Error - 20.03.2012 06:42:27 | Computer Name = Urbi-PC | Source = VDS Dynamic Provider | ID = 16908298
Description = 
 
 
< End of report >

--- --- ---

kira · 21.03.2012, 06:59

Zitat:

Zitat von urbi28

Die Programme die du mir empfohlen hast und ich heruntergeladen habe, sind das auch passive programme, also die stets meinen Computer durchsuchen und wenn ja ist das problematisch wenn ich diese parallel zu ESET laufen habe? Hab ma gehört, dass man immer nur ein Antivirusprogramm haben soll.

ja, ganz richtig, aber ich achte darauf, dass nicht passiert ist! SUPERAntiSpyware ist nicht "vollwertiger" Antivirusprogramm!

Zitat:

Zitat von urbi28

Achso, empfielst du mir auch das Vshare tv plugin zu deinstallieren? Aber ich glaube das brauch ich.

deinstallieren nicht, aber kontrolliere bitte dein Browser nochmal, ob sich Ungewolltes eingenistet hat?:
die Startseite
unter "Erweiterungen"

-> hast Du wissentlich gemacht?:

FF - prefs.js..network.proxy.ftp: " 74.95.66.34"
FF - prefs.js..network.proxy.ftp_port: 80
FF - prefs.js..network.proxy.http: " 74.95.66.34"
FF - prefs.js..network.proxy.http_port: 80
FF - prefs.js..network.proxy.no_proxies_on: "fritz.box"
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: " 74.95.66.34"
FF - prefs.js..network.proxy.socks_port: 80
FF - prefs.js..network.proxy.ssl: " 74.95.66.34"
FF - prefs.js..network.proxy.ssl_port: 80

1.

Zitat:

Achtung wichtig!:
Falls Du selber im Logfile Änderungen vorgenommen hast, musst Du durch die Originalbezeichnung ersetzen und so in Script einfügen! sonst funktioniert nicht!
(Benutzerordner, dein Name oder sonstige Änderungen durch X, Stern oder andere Namen ersetzt)

Fixen mit OTL

Starte die OTL.exe.
Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
Kopiere folgendes Skript:

Code:

ATTFilter

:OTL
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}"
O2 - BHO: (no name) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - No CLSID value found.
O2 - BHO: (no name) - {ee1babcf-cbe2-4c07-8e18-dfe6fc08c30a}  - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - No CLSID value found.
O2 - BHO: (no name) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - No CLSID value found.
O2 - BHO: (no name) - {ee1babcf-cbe2-4c07-8e18-dfe6fc08c30a}  - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - No CLSID value found.
[2012.03.19 12:12:23 | 000,000,000 | ---D | C] -- C:\Users\Urbi\AppData\Roaming\08017
[2011.08.31 15:57:53 | 000,000,000 | ---D | M] -- C:\Users\Urbi\AppData\Roaming\Azureus

:Reg
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"TCP Query User{3B9F3B71-5AC6-4F2E-85E5-D49B6C55C49A}C:\program files (x86)\azureus\azureus.exe" =-
"UDP Query User{0794A955-ACE5-4CBE-B801-C1E33C8D39BC}C:\program files (x86)\azureus\azureus.exe" =-

:Files
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]

und füge es hier ein:
Schließe alle Programme.
Klicke auf den Fix Button.
Klick auf .
OTL verlangt einen Neustart. Bitte zulassen.
Nach dem Neustart findest Du ein Textdokument.
Kopiere den Inhalt hier in Deinen Thread.

2.
Überprüfe Dein komplettes System noch mit Panda Active Scan:
Panda ActiveScan

urbi28 · 21.03.2012, 19:05

Hi,
die Browser scheinen alle normal zu sein (wegen vshare tv).
Zu diesen network.proxy....wenn ich da irgendwas verstellt haben sollte, ist es schon lange her. Was bedeutet das denn genau? Das ich die IP manuell eingestellt habe?
Also kann ich die Programme beruhigt auf meine Rechner lassen ja, bzw. ist es sogar zu empfehlen? Also momentan ist neben ESET unten rechts noch Malwarebytes und SUPERAntiSpyware offen.
Zu den Ergebnissen:

OTL Fix

Code:

ATTFilter

All processes killed
========== OTL ==========
Prefs.js: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}" removed from browser.search.defaulturl
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ee1babcf-cbe2-4c07-8e18-dfe6fc08c30a}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ee1babcf-cbe2-4c07-8e18-dfe6fc08c30a}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EEE6C35B-6118-11DC-9C72-001320C79847} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ee1babcf-cbe2-4c07-8e18-dfe6fc08c30a}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ee1babcf-cbe2-4c07-8e18-dfe6fc08c30a}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EEE6C35B-6118-11DC-9C72-001320C79847} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}\ not found.
Folder C:\Users\Urbi\AppData\Roaming\08017\ not found.
Folder C:\Users\Urbi\AppData\Roaming\Azureus\ not found.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{3B9F3B71-5AC6-4F2E-85E5-D49B6C55C49A}C:\program files (x86)\azureus\azureus.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{0794A955-ACE5-4CBE-B801-C1E33C8D39BC}C:\program files (x86)\azureus\azureus.exe not found.
========== FILES ==========
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\Urbi\Desktop\cmd.bat deleted successfully.
C:\Users\Urbi\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: All Users
 
User: AppData
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Public
 
User: Urbi
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 163840 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 32835 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 334 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 0,00 mb
 
 
OTL by OldTimer - Version 3.2.39.1 log created on 03212012_182851

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

PandaactiveScan hat das gefunden:

Code:

ATTFilter

Malware. FILE: C:\USERS\URBI\COOKIES\VM0OGKBT.TXT to be deleted.

Malware. FILE: C:\USERS\URBI\COOKIES\NNGB3OS0.TXT to be deleted.

Suspicious Policy. POLICY: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\ADVANCED[SHOWSUPERHIDDEN] to be changed to: 1

Suspicious Policy. POLICY: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\ADVANCED[HIDEFILEEXT] to be changed to: 0

dann hab ich auf "clean" gedrückt und es erschien "successful cleaned".

kira · 22.03.2012, 08:13

es kann ja mit fritz.box zu tun haben

wie läuft sonst? alles im grünen Bereich?

wenn ja:

1.
Programme deinstallieren/entfernen, die wir verwendet haben und nicht brauchst, bis auf:

Code:

ATTFilter

CCleaner

- Zeitweise laufen lassen:-> Anleitung

2.
Tool-Bereinigung mit OTL

Wir werden nun die CleanUp!-Funktion von OTL nutzen, um die meisten Programme, die wir zur Bereinigung installiert haben, wieder von Deinem System zu löschen.

Bitte lade Dir (falls noch nicht vorhanden) OTL von OldTimer herunter.
Speichere es auf Deinem Desktop.
Doppelklick auf OTL.exe um das Programm auszuführen.
Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
Klicke auf den Button "Bereinigung"
OTL fragt eventuell nach einem Neustart.
Sollte es dies tun, so lasse dies bitte zu.

Anmerkung: Nach dem Neustart werden OTL und andere Helferprogramme, die Du im Laufe der Bereinigung heruntergeladen hast, nicht mehr vorhanden sein. Sie wurden entfernt. Es ist daher Ok, wenn diese Programme nicht mehr vorhanden sind. Sollten noch welche übrig geblieben sein, lösche sie manuell.

3.
Windows legt beispielsweise regelmäßig Schattenkopien an (mindestens einmal täglich), die im Notfall zur Wiederherstellung des Systems und zum Zugriff auf ältere Dateiversionen dienen. Diese Funktion belegt sehr viel Speicherplatz. Standardmäßig beträgt der für Schattenkopien reservierte Speicherplatz 15 % der Volumegröße, so dass die Systemleistung auch beeinträchtigt wird. Außerdem gelöschte und ev. schädliche Objekte, die in der Systemwiederherstellung sitzen, müssen auch entfernt werden:
Also mach bitte folgendes:

Rechten Maustaste auf den "Arbeitsplatz"-> auf "Eigenschaften"-> Registerkarte "Systemwiederherstellung"
"Systemwiederherstellung deaktivieren"-> "OK"-> alle Fenster schließen
PC runterfahren-> dann wieder einschalten
die Standardeinstellung wiederherzustellen (SWH wieder "aktivieren")

also zuerst deaktivieren-> dann aktivieren - am Ende soll wieder "aktiviert" sein!

4.
Ich würde Dir vorsichtshalber raten, dein Passwort zu ändern (man sollte alle 3-4 Monate machen)
z.B. Login-, Mail- oder Website-Passwörter
Tipps:
Die sichere Passwort-Wahl - (sollte man eigentlich regelmäßigen Abständen ca. alle 3-5 Monate ändern)
auch noch hier unter: Sicheres Kennwort (Password)

5.
► ► Schaue bitte nach, ob für Windows neue Update gibt?!:-> - Microsoft Update hält Ihren Computer auf dem neuesten Stand!

6.
► der Internet Explorer muss aktualisiert werden! Version 9 ist aktuell...
Du kannst gleich den Internet Explorer 9 installieren, um die vorhandene Version von Internet Explorer zu ersetzen:-> Internet Explorer 9
Software wie Betriebssysteme, Browser und E-Mail Clients werden laufend weiterentwickelt. Gleichzeitig arbeiten jedoch auch Hacker daran, ständig neue Sicherheitslücken zu finden und auszunutzen. Was heute noch keine Schlupflücke für Viren und Würmer ist, kann morgen bereits zur Gefahr werden, wenn der entsprechende Schädling programmiert wurde. Das führt dazu, dass es relativ häufig zu Meldungen über neue Sicherheitsanfälligkeiten kommt, auch wenn diese noch nicht durch Hacker entdeckt wurden. Denn selbstverständlich suchen auch Sicherheitsspezialisten nach potenziellen Angriffsmöglichkeiten. Updates der Softwareentwickler sorgen dafür, dass der User immer die aktuellste und sicherste Version des Betriebssystems und der installierten Software nutzen kann.

urbi28 · 23.03.2012, 00:32

Also läuft alles wieder optimal, wie frisch gekauft. Ich danke dir wirklich sehr für deine Hilfe

Meine Passwörter werde ich jetz stück für stück ersetzen.
Vielleicht kannst du mir abschließend noch nen paar tipps geben, wie mein PC auch schnell und sauber bleibt. Und vor allem, wie ich erkenne, dass mein PC mit irgendwas infziert ist.(reicht da ESET?)
Mitgenommen hab ich bis jetz:
- jede neue Installation genau unter die Lupe nehmen und benutzerdefiniert installieren mit anschließenden browser und Programmencheck
- alles so schnell wie möglich updaten, falls verfügbar
- auf gecrackte software verzichten .....wie sieht es allgemein mit filesharing aus?hab ich ne möglichkeit zu erkennen, ob eine fiese datei dabei ist?
- allgemein augen offen halten und auch ma ne AGB durchlesen

kira · 23.03.2012, 07:28

Lesestoff Nr.1:

Wie erstelle ich ein eingeschränktes Benutzerkonto?
Software immer auf dem neuesten Stand halten!:
ALLE auf dem System installierten Programme und Treiber, sollten regelmäßig upgedatet werden um Sicherheitslücken zu vermeiden und um das reibungslose Arbeitsabläufe zu erreichen!
Ein sicherer Browser als IE z.B. *Ein Wechsel des Standardbrowsers zu...von SETI@home* - Firefox - FirefoxWiki/Einstellungen - Erweiterungen für Firefox - Standardbrowser
Sichere eMail Clients z.B. Thunderbird-->Erweiterungen für Mozilla Thunderbird
- Unbekannten E-Mail-Anhang NICHT öffnen!
Sichere Paswort - Die sichere Passwort-Wahl - (sollte man eigentlich regelmäßigen Abständen ca. alle 3-5 Monate ändern)
auch noch hier unter: Sicheres Kennwort (Password)
Die fünf häufigsten Passwort-Fehler[/b[

"Never accept software from strangers" - Installiere grundsätzlich immer nur Programme, die Du auch wirklich benötigst und von denen Du überzeugt bist, dass sie seriös sind.
Du hast die Wahl!, welche zusätzlichen Komponenten noch installiert werden sollen? -> Bei der Installation immer mitlesen, Sponsoren und Partnerprogramme, Toolbars oder eventuell noch andere extra angebotene Programme möglichst abwählen!
Sponsor-Programm, Toolbars möglist abwählen (so wird oft Art von Adware/Spyware mitinstalliert)

NICHT irgendwelche Programme aus dem Netz laden, wenn nicht zu 100% fest steht, dass es sich dabei um saubere Software handelt. Nette Versprechen der Hersteller garantieren noch lange keine einwandfreie Funktionsweise, also vorher blättere die Seiten bei GOOGLE, da kannst Du Dir wertvolle Informationen holen!!!

Programme und Treiber:
Nur vom Hersteller!

Onlinebanking:
Gib deine Passwörter niemals preis!
Seriöse Bankinstitute, E- Mail- Provider oder Online- Shops versenden grundsätzlich keine E- Mails, in denen Kunden aufgefordert werden, vertrauliche Daten wie Passwörter, Verfügernummer, PINs oder TANs preiszugeben. Bei dieser Art von E- Mails handelt es sich immer um Betrugsversuche, weshalb entsprechende Anfragen nicht beantwortet werden sollten. Sobald der Verdacht auf Betrug entsteht, melde deinen Verdacht der jeweiligen Bank- Hotline.

Comnputer, anderen (Gästen/Freunden) zur Nutzung überlassen überlassen - Nutze nur vertrauenswürdige Computer!
Vergewissere dich, dass nur Personen deines Vertrauens deinen Computer nutzen oder verwalten und wickel niemals Bankgeschäfte über nicht vertrauenswürdige Computer - beispielsweise aus einem Internetcafé während des Urlaubs - ab

Vorsicht bei der Nutzung fremder Computer und anschliessbare Externe Speichermedien wie Festplatte, USB Sticks, Speicherkarten usw![/color] - IT-Betrüger machen keinen Urlaub!/bsi-fuer-buerger.de - auch zeitweise anschließen und scannen lassen (sehe unter `kostenlose Online-Viren-Scanner`)
Webseiten ohne Gültiges Impressum nicht besuchen
Lizenzkosten sparen? - Vorsicht bei Dateien/Programmen aus nicht vertrauenswürdigen Quellen! - "full Keygen, Crack, Serial, Warez, keygenerators" etc.
Sind immer verseucht mit diverse Malware/Schadprogramme/Code, es gibt keine seite wo Viren frei ist. (Man sollte nicht absitlich der Teufel holen) Eine weitere höchst unsichere Quelle ist das File-Sharing der sog. (Musik-)Tauschbörsen.
► Ausserdem machst Du dich damit strafbar!
Nur eine Firewall sowie ein Antiviren Programm verwenden, welche sich immer auf dem aktuellsten Stand befinden sollten!
Das Installieren von `zuviel` Software beeinträchtigt die Systemleistung und Sicherheit, verlangsamt den Start-Vorgang enorm und belastet den Arbeitsspeicher (weil laufen ja die Programme nebeneinander gleichzeitig, die viel Performance fressen, aber wenig Qualität bringen). Im Laufe der Zeit wird der rechner durch zu viel unnötigen Ballast immer langsamer, und unsicherer. Um so mehr Programme installiert sind, um so häufiger treten Probleme auf, die dann unter Umständen nur schwer lösen können. Dazu kommt noch, das einige Programme große Sicherheitsrisiken mit sich bringen
Virenscanner
BSI für Bürger
SETI@home - [Sicherheit] Sicherheitskonzept
Entwicklung schädlicher Websites/viruslist.com
Brennpunkt: Bilder und Töne
Gefährliche Bilder, schräge Töne/BSI

** Der gesunde Menschenverstand, Windows und Internet-Software sicher konfigurieren ist der beste Weg zur Sicherheit im Webverkehr ist !!

Zitat:

Da der Bestand der Datenbank wird täglich ergänzt und erweitert bzw werden mit der aktuellen Virendefinition die Informationen über den betroffenen Virus aufgenommen, empfehle ich dir mindestens einmal pro Woche (später genügt es sicherlich einmal im Monat) dein System Online Scannen lassen (immer mit einen anderen Scanner), um eine zweite Meinung einzuholen - Die auf dem Speichermedium gesicherten Daten sollten auch mit einbezogen werden!
(benutzen meist ActiveX und/oder Java): Kostenlose Online Scanner -

Lesestoff Nr.2:
► Kann sich auf Dauer eine Menge Datenmüll ansammeln, sich Fehlermeldungen häufen, der PC ist wahrscheinlich nicht mehr so schnell, wie früher: