Smart HDD entfernen

Chrissi25 · 16.04.2012, 14:07

Hallo,
seit gestern habe ich das Problem mit dem Smart HDD Trojaner auf meinem Rechner.
Ich habe mich auch bereits über dieses Problem bei euch im Forum informiert. Da ihr aber immer darauf hinweist, dass keine Anweisungen übertragbar sind, habe ich zunächst das OTL-Programm heruntergeladen und den Scan nach Anweisung durchgeführt. Das zugehörige log-file lautet wie folgt:

Code:

ATTFilter

OTL logfile created on: 16.04.2012 14:36:14 - Run 1
OTL by OldTimer - Version 3.2.39.2     Folder = C:\Users\Nina\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,27 Gb Available Physical Memory | 75,82% Memory free
6,19 Gb Paging File | 5,69 Gb Available in Paging File | 91,97% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 289,06 Gb Total Space | 7,44 Gb Free Space | 2,57% Space Free | Partition Type: NTFS
Drive D: | 9,03 Gb Total Space | 1,27 Gb Free Space | 14,05% Space Free | Partition Type: NTFS
 
Computer Name: NINA-PC | User Name: Nina | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Nina\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Internet Explorer\iexplore.exe (Microsoft Corporation)
PRC - c:\Programme\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
PRC - C:\Windows\HelpPane.exe (Microsoft Corporation)
 
 
========== Modules (No Company Name) ==========
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (ZuneWlanCfgSvc) -- C:\Programme\Zune\ZuneWlanCfgSvc.exe (Microsoft Corporation)
SRV - (WMZuneComm) -- C:\Programme\Zune\WMZuneComm.exe (Microsoft Corporation)
SRV - (ZuneNetworkSvc) -- C:\Programme\Zune\ZuneNss.exe (Microsoft Corporation)
SRV - (odserv) -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (NisSrv) -- c:\Programme\Microsoft Security Client\Antimalware\NisSrv.exe (Microsoft Corporation)
SRV - (MsMpSvc) -- c:\Programme\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SRV - (Giraffic) -- C:\Programme\Giraffic\GirafficWatchdog.exe (Giraffic)
SRV - (fsssvc) -- C:\Programme\Windows Live\Family Safety\fsssvc.exe (Microsoft Corporation)
SRV - (wlcrasvc) -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV - (wlidsvc) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (STacSV) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_e2247046\stacsv.exe (IDT, Inc.)
SRV - (AESTFilters) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_e2247046\AEstSrv.exe (Andrea Electronics Corporation)
SRV - (Recovery Service for Windows) -- C:\Windows\SMINST\BLService.exe ()
SRV - (ezSharedSvc) -- C:\Windows\System32\ezsvc7.dll (EasyBits Sofware AS)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (GtDetectSc) -- C:\Programme\T-Mobile\web'n'walk Manager\GtDetectSc.exe (Option)
SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (TrojanKillerDriver) -- C:\Windows\System32\drivers\gtkdrv.sys (Windows (R) Win 7 DDK provider)
DRV - (hpdskflt) -- C:\Windows\System32\drivers\hpdskflt.sys (Hewlett-Packard Company)
DRV - (Accelerometer) -- C:\Windows\System32\drivers\Accelerometer.sys (Hewlett-Packard Company)
DRV - (NisDrv) -- C:\Windows\System32\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV - (MpNWMon) -- C:\Windows\System32\drivers\MpNWMon.sys (Microsoft Corporation)
DRV - (acedrv11) -- C:\Windows\System32\drivers\acedrv11.sys (Protect Software GmbH)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (STHDA) -- C:\Windows\System32\drivers\stwrt.sys (IDT, Inc.)
DRV - (WinUSB) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (NETw5v32) Intel(R) -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation)
DRV - (JMCR) -- C:\Windows\System32\drivers\jmcr.sys (JMicron Technology Corporation)
DRV - (NVHDA) -- C:\Windows\System32\drivers\nvhda32v.sys (NVIDIA Corporation)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation                                            )
DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (enecir) -- C:\Windows\System32\drivers\enecir.sys (ENE TECHNOLOGY INC.)
DRV - (GT72NDISIPXP) -- C:\Windows\System32\drivers\Gt51Ip.sys (Option NV)
DRV - (GT72UBUS) -- C:\Windows\System32\drivers\gt72ubus.sys (Option N.V.)
DRV - (HpqKbFiltr) -- C:\Windows\System32\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV - (Ltn_stk7070P) -- C:\Windows\System32\drivers\Ltn_stk7070P.sys (LITEON)
DRV - (Ltn_stkrc) -- C:\Windows\System32\drivers\Ltn_stkrc.sys (LITEON)
DRV - (GTPTSER) -- C:\Windows\System32\drivers\gtptser.sys (Option N.V.)
DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvm60x32.sys (NVIDIA Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=83&bd=Pavilion&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=83&bd=Pavilion&pf=cnnb
IE - HKLM\..\URLSearchHook: {cd90bf73-20f6-44ef-993d-bb920303bd2e} - C:\Programme\Veoh_Web_Player\prxtbVeoh.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{34167F0C-A7FC-4E6B-8D5F-5C357F1719E9}: "URL" = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{AF87E9C8-C850-44DB-AA47-5F3B71B85896}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcnnbie7-de-de
IE - HKLM\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2653012
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=83&bd=Pavilion&pf=cnnb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.gmx.net/themen/nachrichten/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - No CLSID value found
IE - HKCU\..\URLSearchHook: {cd90bf73-20f6-44ef-993d-bb920303bd2e} - C:\Programme\Veoh_Web_Player\prxtbVeoh.dll (Conduit Ltd.)
IE - HKCU\..\SearchScopes,DefaultScope = {DF9519CB-6984-4763-A926-EBAD4BB9672A}
IE - HKCU\..\SearchScopes\{2CDF6C72-1159-4A03-95AC-412ED051C724}: "URL" = hxxp://go.gmx.net/tb/ie_searchplugin/?su={searchTerms}
IE - HKCU\..\SearchScopes\{34167F0C-A7FC-4E6B-8D5F-5C357F1719E9}: "URL" = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933
IE - HKCU\..\SearchScopes\{AF87E9C8-C850-44DB-AA47-5F3B71B85896}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcnnbie7-de-de
IE - HKCU\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2653012
IE - HKCU\..\SearchScopes\{DF9519CB-6984-4763-A926-EBAD4BB9672A}: "URL" = hxxp://www.google.de/search?q={searchTerms}&rlz=1I7GGLL_deDE434
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "AutoConfigURL" = hxxp://pac.lrz-muenchen.de/
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultthis.engineName: "Veoh Web Player Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2653012&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "Veoh Web Player Customized Web Search"
FF - prefs.js..browser.startup.homepage: "hxxp://search.conduit.com/?ctid=CT2653012&SearchSource=13"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: toolbar@gmx.net:1.5
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.3.2
FF - prefs.js..extensions.enabledItems: {cd90bf73-20f6-44ef-993d-bb920303bd2e}:3.3.3.2
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_233.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.04.07 10:51:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.04.12 20:07:43 | 000,000,000 | ---D | M]
 
[2010.03.12 12:53:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nina\AppData\Roaming\mozilla\Extensions
[2011.12.15 12:59:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nina\AppData\Roaming\mozilla\Firefox\Profiles\4o4h8qnf.default\extensions
[2011.04.28 12:22:29 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Nina\AppData\Roaming\mozilla\Firefox\Profiles\4o4h8qnf.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.06.03 17:44:13 | 000,000,000 | ---D | M] (Veoh Web Player Community Toolbar) -- C:\Users\Nina\AppData\Roaming\mozilla\Firefox\Profiles\4o4h8qnf.default\extensions\{cd90bf73-20f6-44ef-993d-bb920303bd2e}
[2011.06.03 17:44:09 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Nina\AppData\Roaming\mozilla\Firefox\Profiles\4o4h8qnf.default\extensions\engine@conduit.com
[2011.05.30 11:02:05 | 000,000,000 | ---D | M] (GMX Toolbar) -- C:\Users\Nina\AppData\Roaming\mozilla\Firefox\Profiles\4o4h8qnf.default\extensions\toolbar@gmx.net
[2011.03.21 14:46:56 | 000,000,933 | ---- | M] () -- C:\Users\Nina\AppData\Roaming\Mozilla\Firefox\Profiles\4o4h8qnf.default\searchplugins\conduit.xml
[2012.02.12 22:34:29 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2010.05.16 19:14:24 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.08.03 14:46:57 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010.10.20 10:03:33 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011.01.17 15:44:41 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011.02.20 21:17:45 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011.06.15 13:39:33 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011.10.22 15:07:01 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
[2012.02.12 22:34:29 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}
[2010.03.22 12:01:42 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
[2010.05.16 19:14:24 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.08.03 14:46:57 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010.10.20 10:03:33 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011.01.17 15:44:41 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011.02.20 21:17:45 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011.06.15 13:39:33 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011.10.22 15:07:01 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
[2011.11.10 06:54:13 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010.01.16 03:15:29 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.01.16 03:15:29 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2010.01.16 03:15:29 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.01.16 03:15:29 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.01.16 03:15:29 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google ()
CHR - default_search_provider: search_url = hxxp://www.google.de/search?q={searchTerms}
CHR - default_search_provider: suggest_url = 
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Windows Live Messenger Companion Helper) - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O2 - BHO: (Veoh Web Player Toolbar) - {cd90bf73-20f6-44ef-993d-bb920303bd2e} - C:\Programme\Veoh_Web_Player\prxtbVeoh.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Veoh Web Player Toolbar) - {cd90bf73-20f6-44ef-993d-bb920303bd2e} - C:\Programme\Veoh_Web_Player\prxtbVeoh.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C424171E-592A-415A-9EB1-DFD6D95D3530} - No CLSID value found.
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Programme\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" File not found
O4 - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Zune Launcher] C:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation)
O4 - HKCU..\Run: [{0E72B33F-C093-4B1A-8B7C-90766110C756}] C:\Users\Nina\AppData\Roaming\Ogug\ytsyhyz.exe ()
O4 - HKCU..\Run: [AlSnqDidGxPete.exe] C:\ProgramData\AlSnqDidGxPete.exe ()
O4 - HKCU..\Run: [PMCRemote]  File not found
O4 - HKCU..\Run: [VeohPlugin] C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe (Veoh Networks)
O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Nina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Lokales Intranet)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} hxxp://office.microsoft.com/sites/production/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 141.40.145.24
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{018D3980-E9A5-441C-B4D4-130FF89757C7}: DhcpNameServer = 193.254.160.1 10.74.83.22
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6CC5C486-2CF8-499A-9C94-7E937FED3170}: DhcpNameServer = 141.40.145.24
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\Skyline.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\Skyline.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2008.11.18 01:02:24 | 000,003,802 | ---- | M] () - C:\Autorun_dll.log -- [ NTFS ]
O33 - MountPoints2\{064f6f6d-bf3e-11de-9641-001eecb1050c}\Shell - "" = AutoRun
O33 - MountPoints2\{064f6f6d-bf3e-11de-9641-001eecb1050c}\Shell\AutoRun\command - "" = F:\setup.exe AUTORUN=1
O33 - MountPoints2\{569ba8b3-a4bd-11df-8882-001eecb1050c}\Shell - "" = AutoRun
O33 - MountPoints2\{569ba8b3-a4bd-11df-8882-001eecb1050c}\Shell\AutoRun\command - "" = F:\setup.exe
O33 - MountPoints2\{569ba8ce-a4bd-11df-8882-001eecb1050c}\Shell - "" = AutoRun
O33 - MountPoints2\{569ba8ce-a4bd-11df-8882-001eecb1050c}\Shell\AutoRun\command - "" = F:\setup.exe
O33 - MountPoints2\{94f2013f-a779-11dd-b556-001eecb1050c}\Shell - "" = AutoRun
O33 - MountPoints2\{94f2013f-a779-11dd-b556-001eecb1050c}\Shell\AutoRun\command - "" = G:\LaunchU3.exe
O33 - MountPoints2\{cddcfffa-a6a4-11df-8459-001eecb1050c}\Shell - "" = AutoRun
O33 - MountPoints2\{cddcfffa-a6a4-11df-8459-001eecb1050c}\Shell\AutoRun\command - "" = F:\setup.exe
O33 - MountPoints2\{cddcfffb-a6a4-11df-8459-001eecb1050c}\Shell - "" = AutoRun
O33 - MountPoints2\{cddcfffb-a6a4-11df-8459-001eecb1050c}\Shell\AutoRun\command - "" = F:\setup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.04.16 14:33:33 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Users\Nina\Desktop\OTL.exe
[2012.04.15 22:13:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GridinSoft Trojan Killer
[2012.04.15 22:13:08 | 000,000,000 | ---D | C] -- C:\Program Files\GridinSoft Trojan Killer
[2012.04.15 18:16:46 | 000,000,000 | ---D | C] -- C:\Users\Nina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SMART HDD
[2012.04.14 21:41:48 | 000,000,000 | ---D | C] -- C:\Users\Nina\AppData\Roaming\Ryloso
[2012.04.14 21:41:48 | 000,000,000 | ---D | C] -- C:\Users\Nina\AppData\Roaming\Ogug
[2012.04.13 13:53:47 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012.04.13 13:53:45 | 001,799,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012.04.13 13:53:41 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012.04.13 13:53:40 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012.04.13 13:53:40 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012.04.13 13:53:39 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012.04.13 13:47:23 | 003,602,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2012.04.13 13:47:23 | 003,550,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2012.04.02 11:40:48 | 000,000,000 | ---D | C] -- C:\Users\Nina\AppData\Local\{B40A3199-0D6E-4FEF-920F-90EF0681B1FF}
[2012.04.01 16:04:41 | 000,418,464 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012.03.20 17:27:09 | 000,000,000 | ---D | C] -- C:\Users\Nina\Desktop\Analytica 2012
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.04.16 14:33:35 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Nina\Desktop\OTL.exe
[2012.04.16 14:25:32 | 000,629,856 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.04.16 14:25:32 | 000,597,486 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.04.16 14:25:32 | 000,126,870 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.04.16 14:25:32 | 000,104,460 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.04.16 14:21:11 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.04.16 14:18:49 | 000,003,216 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.04.16 14:18:49 | 000,003,216 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.04.16 14:18:49 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012.04.16 14:12:11 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.04.16 13:57:50 | 000,001,090 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.04.16 13:44:07 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.04.15 22:13:14 | 000,000,936 | ---- | M] () -- C:\Users\Public\Desktop\Trojan Killer.lnk
[2012.04.15 21:51:52 | 000,000,349 | ---- | M] () -- C:\Users\Public\Documents\PCLECHAL.INI
[2012.04.15 18:17:53 | 000,000,256 | ---- | M] () -- C:\ProgramData\EwxRa6k2hb2uaz
[2012.04.15 18:16:46 | 000,000,599 | ---- | M] () -- C:\Users\Nina\Desktop\SMART_HDD.lnk
[2012.04.15 18:16:27 | 000,222,208 | ---- | M] () -- C:\ProgramData\EwxRa6k2hb2uaz.exe
[2012.04.15 18:08:14 | 000,302,080 | ---- | M] () -- C:\ProgramData\AlSnqDidGxPete.exe
[2012.04.15 17:18:16 | 000,167,368 | ---- | M] () -- C:\ProgramData\nvModes.001
[2012.04.15 13:41:46 | 000,167,368 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2012.04.14 14:27:08 | 000,418,464 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012.04.14 14:27:07 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012.04.10 21:14:28 | 000,001,971 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012.04.03 20:39:37 | 000,101,675 | ---- | M] () -- C:\Users\Nina\80456980.jpg
[2012.04.03 20:31:39 | 000,037,713 | ---- | M] () -- C:\Users\Nina\11gp2-2008-du2-tm-0027.jpg
[2012.03.29 22:20:48 | 000,035,480 | ---- | M] () -- C:\Users\Nina\tumblr_lzvdes5Shv1qlpspqo1_400.jpg
[2012.03.29 22:20:47 | 000,030,282 | ---- | M] () -- C:\Users\Nina\tumblr_lzywbqkdOk1qlpspqo1_400.jpg
[2012.03.27 22:36:21 | 000,001,589 | ---- | M] () -- C:\Users\Nina\Desktop\Browserwahl.lnk
[2012.03.21 16:59:36 | 000,172,837 | ---- | M] () -- C:\Users\Nina\Desktop\Publikationsliste_Wolfgang.pdf
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.04.15 22:18:27 | 000,002,179 | ---- | C] () -- C:\Users\Public\Desktop\Sherlock Holmes - Die Spur der Erwachten Remastered spielen.lnk
[2012.04.15 22:18:27 | 000,002,073 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2012.04.15 22:18:27 | 000,001,971 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012.04.15 22:18:27 | 000,001,892 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2012.04.15 22:18:27 | 000,001,873 | ---- | C] () -- C:\Users\Public\Desktop\HP Hilfe und Support.lnk
[2012.04.15 22:18:27 | 000,001,859 | ---- | C] () -- C:\Users\Public\Desktop\HP Total Care Advisor.lnk
[2012.04.15 22:18:27 | 000,001,810 | ---- | C] () -- C:\Users\Public\Desktop\Pinnacle TVCenter Pro.lnk
[2012.04.15 22:18:27 | 000,001,724 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.04.15 22:18:27 | 000,001,589 | ---- | C] () -- C:\Users\Public\Desktop\Browserwahl.lnk
[2012.04.15 22:18:27 | 000,001,425 | ---- | C] () -- C:\Users\Public\Desktop\e-Seq V2.0.lnk
[2012.04.15 22:18:27 | 000,001,053 | ---- | C] () -- C:\Users\Public\Desktop\web'n'walk Manager.lnk
[2012.04.15 22:18:27 | 000,000,838 | ---- | C] () -- C:\Users\Public\Desktop\Zune.lnk
[2012.04.15 22:13:14 | 000,000,936 | ---- | C] () -- C:\Users\Public\Desktop\Trojan Killer.lnk
[2012.04.15 18:16:46 | 000,000,599 | ---- | C] () -- C:\Users\Nina\Desktop\SMART_HDD.lnk
[2012.04.15 18:16:28 | 000,000,256 | ---- | C] () -- C:\ProgramData\EwxRa6k2hb2uaz
[2012.04.15 18:16:27 | 000,222,208 | ---- | C] () -- C:\ProgramData\EwxRa6k2hb2uaz.exe
[2012.04.15 18:10:18 | 000,302,080 | ---- | C] () -- C:\ProgramData\AlSnqDidGxPete.exe
[2012.04.03 20:39:50 | 000,101,675 | ---- | C] () -- C:\Users\Nina\80456980.jpg
[2012.04.03 20:31:59 | 000,037,713 | ---- | C] () -- C:\Users\Nina\11gp2-2008-du2-tm-0027.jpg
[2012.04.01 16:04:43 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.03.29 22:22:46 | 000,030,282 | ---- | C] () -- C:\Users\Nina\tumblr_lzywbqkdOk1qlpspqo1_400.jpg
[2012.03.29 22:22:34 | 000,035,480 | ---- | C] () -- C:\Users\Nina\tumblr_lzvdes5Shv1qlpspqo1_400.jpg
[2012.03.27 22:36:21 | 000,001,589 | ---- | C] () -- C:\Users\Nina\Desktop\Browserwahl.lnk
[2012.03.21 16:59:36 | 000,172,837 | ---- | C] () -- C:\Users\Nina\Desktop\Publikationsliste_Wolfgang.pdf
[2010.11.05 18:25:26 | 000,765,952 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2010.11.05 18:25:25 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2010.09.17 15:41:24 | 000,000,600 | ---- | C] () -- C:\Users\Nina\AppData\Roaming\winscp.rnd
 
========== LOP Check ==========
 
[2011.05.30 11:01:17 | 000,000,000 | ---D | M] -- C:\Users\Nina\AppData\Roaming\1&1 Mail & Media GmbH
[2011.07.06 16:03:44 | 000,000,000 | ---D | M] -- C:\Users\Nina\AppData\Roaming\Diercke Globus Online
[2011.11.04 17:27:01 | 000,000,000 | ---D | M] -- C:\Users\Nina\AppData\Roaming\EndNote
[2009.09.28 20:04:18 | 000,000,000 | ---D | M] -- C:\Users\Nina\AppData\Roaming\Flood Light Games
[2012.04.14 21:41:48 | 000,000,000 | ---D | M] -- C:\Users\Nina\AppData\Roaming\Ogug
[2010.09.17 15:41:21 | 000,000,000 | ---D | M] -- C:\Users\Nina\AppData\Roaming\OpenCandy
[2009.09.29 12:51:12 | 000,000,000 | ---D | M] -- C:\Users\Nina\AppData\Roaming\Pirateville
[2010.11.06 21:14:38 | 000,000,000 | ---D | M] -- C:\Users\Nina\AppData\Roaming\ProtectDISC
[2012.04.14 21:42:05 | 000,000,000 | ---D | M] -- C:\Users\Nina\AppData\Roaming\Ryloso
[2011.05.23 12:00:32 | 000,000,000 | ---D | M] -- C:\Users\Nina\AppData\Roaming\Template
[2011.06.24 00:58:10 | 000,000,000 | ---D | M] -- C:\Users\Nina\AppData\Roaming\V-Games
[2010.08.10 22:30:31 | 000,000,000 | ---D | M] -- C:\Users\Nina\AppData\Roaming\Vodafone
[2008.10.30 14:57:36 | 000,000,000 | ---D | M] -- C:\Users\Nina\AppData\Roaming\WildTangent
[2012.04.16 14:18:49 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:DFC5A2B2

< End of report >

Für eure Hilfe möchte ich mich an dieser Stelle bereits bedanken.

kira · 16.04.2012, 14:46

Hallo und Herzlich Willkommen!

Bevor wir unsere Zusammenarbeit beginnen, [Bitte Vollständig lesen]:

Zitat:

"Fernbehandlungen/Fernhilfe" und die damit verbundenen Haftungsrisken:
- da die Fehlerprüfung und Handlung werden über große Entfernungen durchgeführt, besteht keine Haftung unsererseits für die daraus entstehenden Folgen.
- also, jede Haftung für die daraus entstandene Schäden wird ausgeschlossen, ANWEISUNGEN UND DEREN BEFOLGUNG, ERFOLGT AUF DEINE EIGENE VERANTWORTUNG!
Charakteristische Merkmale/Profilinformationen:
- aus der verwendeten Loglisten oder Logdateien - wie z.B. deinen Realnamen, Seriennummer in Programm etc)- kannst Du durch [X] oder Sternchen (*) ersetzen
Die Systemprüfung und Bereinigung:
- kann einige Zeit in Anspruch nehmen (je nach Art der Infektion), kann aber sogar so stark kompromittiert sein, so dass eine wirkungsvolle technische Säuberung ist nicht mehr möglich bzw Du es neu installieren musst
Ich empfehle Dir die Anweisungen erst einmal komplett durchzulesen, bevor du es anwendest, weil wenn du etwas falsch machst, kann es wirklich gefährlich werden. Wenn du meinen Anweisungen Schritt für Schritt folgst, kann eigentlich nichts schief gehen.
Innerhalb der Betreuungszeit:
- ohne Abspräche bitte nicht auf eigene Faust handeln!- bei Problemen nachfragen.
Die Reihenfolge:
- genau so wie beschrieben bitte einhalten, nicht selbst die Reihenfolge wählen!
GECRACKTE SOFTWARE werden hier nicht geduldet!!!!
Ansonsten unsere Forumsregeln:
- Bitte erst lesen, dann posten!-> Für alle Hilfesuchenden! Was muss ich vor der Eröffnung eines Themas beachten?

Alle Logfile mit einem vBCode Tag eingefügen, das bietet hier eine gute Übersicht, erleichtert mir die Arbeit! Falls das Logfile zu groß, teile es in mehrere Teile auf.

Sobald Du diesen Einführungstext gelesen hast, kannst Du beginnen

► Erster Teil des 3-teiligen Verfahren, werden wir dein System auf Viren untersuchen, bzw nach einem anderen Verursacher suchen:
Für Vista und Win7:
Wichtig: Alle Befehle bitte als Administrator ausführen! rechte Maustaste auf die Eingabeaufforderung und "als Administrator ausführen" auswählen
Auf der angewählten Anwendung einen Rechtsklick (rechte Maustaste) und "Als Administrator ausführen" wählen!

1.
Lade Dir Malwarebytes Anti-Malware von→ malwarebytes.org

Installieren und per Doppelklick starten.
Deutsch einstellen und gleich mal die Datenbanken zu aktualisieren - online updaten
"Komplett Scan durchführen" wählen (überall Haken setzen)
wenn der Scanvorgang beendet ist, klicke auf "Zeige Resultate"
Alle Funde - falls MBAM meldet in C:\System Volume Information - den Haken bitte entfernen - markieren und auf "Löschen" - "Ausgewähltes entfernen") klicken.
Poste das Ergebnis hier in den Thread - den Bericht findest Du unter "Scan-Berichte"

eine bebilderte Anleitung findest Du hier: Anleitung

2.
erneut einen Systemscan mit OTL

Doppelklick auf die OTL.exe
Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
Unter Extra Registry, wähle bitte Use SafeList
Klicke nun auf Run Scan links oben
Wenn der Scan beendet wurde werden 2 Logfiles erstellt - OTL.txt und Extras.txt
Poste die Logfiles in Code-Tags hier in den Thread.

3.
Um festzustellen, ob veraltete oder schädliche Software unter Programme installiert sind, ich würde gerne noch all deine installierten Programme sehen:

Download den CCleaner - Installer herunter
Software-Lizenzvereinbarung lesen, falls irgendeine Toolbar angeboten wird, bitte abwählen!-> starten -> Falls nötig, auf "Deutsch" einstellen.
starten-> klick auf `Extras` (um auf deinem System installierte Software zu anzeigen)-> dann auf `Als Textdatei speichern...`
ein Textdatei wird automatisch erstellt, poste auch dieses Logfile (also die Liste alle installierten Programme...eine Textdatei)

Zitat:

Damit dein Thread übersichtlicher und schön lesbar bleibt, am besten nutze den Code-Tags für deinen Post:
→ vor dein Log schreibst Du (also am Anfang des Logfiles):[code]
hier kommt dein Logfile rein - z.B OTL-Logfile o. sonstiges
→ dahinter - also am Ende der Logdatei: [/code]

** Möglichst nicht ins internet gehen, kein Online-Banking, File-sharing, Chatprogramme usw

gruß
kira

Chrissi25 · 18.04.2012, 12:02

Hallo Kira,

vielen Dank, dass du deine Hilfe anbietest.

Habe den vollständigen MBAM-Scan nun durchgeführt. Leider bin ich mir nicht sicher, ob alle gefundenen Infektionen entfernt werden dürfen, da du ja schreibst, dass nichts aus der C:\System Volume Information gelöscht werden sollte. Es wurden 3 Infektionen in der Registry gefunden, darf ich diese entfernen ohne das System zu zerstören?

Anbei das log-file des Scans.

Code:

ATTFilter

 Malwarebytes Anti-Malware  (Test) 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.04.17.04

Windows Vista Service Pack 2 x86 NTFS (Abgesichertenmodus/Netzwerkfähig)
Internet Explorer 9.0.8112.16421
Nina :: NINA-PC [Administrator]

Schutz: Deaktiviert

17.04.2012 15:07:42
mbam-log-2012-04-17 (20-17-21).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 479196
Laufzeit: 1 Stunde(n), 23 Minute(n), 22 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 2
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|{0E72B33F-C093-4B1A-8B7C-90766110C756} (Trojan.Agent.LDCGen) -> Daten: C:\Users\Nina\AppData\Roaming\Ogug\ytsyhyz.exe -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|AlSnqDidGxPete.exe (Backdoor.Agent.RCGen) -> Daten: C:\ProgramData\AlSnqDidGxPete.exe -> Keine Aktion durchgeführt.

Infizierte Dateiobjekte der Registrierung: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowSearch (PUM.Hijack.StartMenu) -> Bösartig: (0) Gut: (1) -> Keine Aktion durchgeführt.

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 4
C:\Users\Nina\AppData\Roaming\Ogug\ytsyhyz.exe (Trojan.Agent.LDCGen) -> Keine Aktion durchgeführt.
C:\ProgramData\AlSnqDidGxPete.exe (Backdoor.Agent.RCGen) -> Keine Aktion durchgeführt.
C:\ProgramData\EwxRa6k2hb2uaz.exe (Backdoor.Agent.RCGen) -> Keine Aktion durchgeführt.
C:\Users\Nina\AppData\Local\Temp\JMtRMJkFo8pUdz.exe.tmp (Backdoor.Agent.RCGen) -> Keine Aktion durchgeführt.

(Ende)

Vielen Dank!

kira · 18.04.2012, 17:21

alle Schritte im normalen Modus ausführen!:

1.
** Update Malwarebytes Anti-Malware, lass es nochmal anhand der folgenden Anleitung laufen:

per Doppelklick starten.
gleich mal die Datenbanken zu aktualisieren - online updaten
Vollständiger Suchlauf wählen (überall Haken setzen)
wenn der Scanvorgang beendet ist, klicke auf "Zeige Resultate"
alle Funde bis auf - falls MBAM meldet in C:\System Volume Information - den Haken bitte entfernen - markieren und auf "Löschen" - "Ausgewähltes entfernen") klicken.
Poste das Ergebnis hier in den Thread - den Bericht findest Du unter "Scan-Berichte"

eine bebilderte Anleitung findest Du hier: Anleitung

2.
dann noch 2. und 3. auch erledigen

Chrissi25 · 24.04.2012, 16:25

Hallo Kira,

zunächst möchte ich mich entschuldigen, dass alles so lange gedauert hat.

Habe erstmal die MBAM-Software aktualisiert und danach den Komplett-Scan im Normal-Modus gestartet.
Hier das zugehörige log-file:

Code:

ATTFilter

 Malwarebytes Anti-Malware  (Test) 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.04.24.02

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Nina :: NINA-PC [Administrator]

Schutz: Aktiviert

24.04.2012 13:55:07
mbam-log-2012-04-24 (13-55-07).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 482128
Laufzeit: 2 Stunde(n), 15 Minute(n), 35 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|{0E72B33F-C093-4B1A-8B7C-90766110C756} (Trojan.Agent.LDCGen) -> Daten: C:\Users\Nina\AppData\Roaming\Ogug\ytsyhyz.exe -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateiobjekte der Registrierung: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowSearch (PUM.Hijack.StartMenu) -> Bösartig: (0) Gut: (1) -> Erfolgreich ersetzt und in Quarantäne gestellt.

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Users\Nina\AppData\Roaming\Ogug\ytsyhyz.exe (Trojan.Agent.LDCGen) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

Danach habe ich nochmals OTL als Admin laufen lassen.

Extras.Txt-log-file:

Code:

ATTFilter

OTL Extras logfile created on: 24.04.2012 17:09:07 - Run 2
OTL by OldTimer - Version 3.2.39.2     Folder = C:\Users\Nina\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,62 Gb Available Physical Memory | 54,06% Memory free
6,19 Gb Paging File | 4,72 Gb Available in Paging File | 76,30% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 289,06 Gb Total Space | 5,26 Gb Free Space | 1,82% Space Free | Partition Type: NTFS
Drive D: | 9,03 Gb Total Space | 1,17 Gb Free Space | 12,95% Space Free | Partition Type: NTFS
 
Computer Name: NINA-PC | User Name: Nina | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{11DD6CC4-9F71-4B4E-AB77-27EA9990E7B7}" = rport=445 | protocol=6 | dir=out | app=system | 
"{137EC783-BBE5-4160-8085-A45B0D6BDBD5}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{2647BFA5-67DB-4EF5-AE89-B3C2CDD446C8}" = lport=139 | protocol=6 | dir=in | app=system | 
"{36A3981D-80CA-4286-8811-6B13393AE9EE}" = lport=445 | protocol=6 | dir=in | app=system | 
"{36FD9057-3266-459D-ADCF-4258EAE74FA3}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{4FA927B6-5B18-4586-AFC2-B896259D00A2}" = lport=137 | protocol=17 | dir=in | app=system | 
"{824899C7-9A79-49E8-BEF0-D8E2AF6DBE06}" = rport=139 | protocol=6 | dir=out | app=system | 
"{94B8184B-A2E1-4846-83AE-C9F1028138CB}" = rport=138 | protocol=17 | dir=out | app=system | 
"{A895A8B3-4D82-4AA4-B038-C50B5A3428CB}" = lport=138 | protocol=17 | dir=in | app=system | 
"{AD9D84DB-CCE9-4EC9-838A-43070C69E84D}" = rport=137 | protocol=17 | dir=out | app=system | 
"{ADF184ED-04CB-4C0F-A544-BD1A8508C701}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{B6F3E88C-B3E1-4B33-A643-E49692EB5F64}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{C8487EDD-C8C3-4EEE-B7F7-603E789DDB3A}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{CCEBA056-6020-4617-BB01-4C6152292D98}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{D45ACA33-BCCD-468C-AC9F-A21F25764E3C}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{15B044DB-9DD3-4B40-824D-183FE4BF252B}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{15CF9BF1-0F3F-497D-A85E-2619DA034A5D}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe | 
"{28725DAD-CF8E-45E7-9953-68F6AF97F9AA}" = dir=in | app=c:\program files\hp\quickplay\qp.exe | 
"{2928878D-A5E2-4964-A165-ED21B8756079}" = dir=in | app=c:\program files\windows live\mesh\moe.exe | 
"{3CE77803-0772-47F8-A57C-87C5F54FD0C7}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{46209F83-6D3C-437D-9B97-22CE1C8B597D}" = dir=in | app=c:\program files\hp\quickplay\qpservice.exe | 
"{5A5F8220-0EC0-4FEF-BD64-F719A03154AD}" = protocol=17 | dir=in | app=c:\program files\pinnacle\shared files\programs\strmserver\strmserver.exe | 
"{5F3E5B53-8C1B-4882-B81A-28FF66839B70}" = protocol=17 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe | 
"{5F65F827-5717-4D39-9B9C-9430316D8F49}" = dir=in | app=c:\program files\msn messenger\livecall.exe | 
"{7E477169-0CEC-48EA-90C7-7EAE0DFA3FC6}" = protocol=17 | dir=in | app=c:\program files\giraffic\girafficwatchdog.exe | 
"{87157B1B-4F23-442B-B89A-A805D28F8486}" = protocol=6 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe | 
"{89A90472-0FBB-4405-90FC-F638D90BDE24}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe | 
"{9001BDBF-019C-4DAB-91CC-2188152D1255}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{904EE618-87C2-40C2-8D1E-FFE474185234}" = protocol=6 | dir=in | app=c:\program files\giraffic\giraffic.exe | 
"{A8200AB3-26AD-4207-8918-2F8361357ED6}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe | 
"{A958E700-32B9-4CEA-BA0C-C775A001433C}" = dir=in | app=c:\program files\msn messenger\msnmsgr.exe | 
"{BBAE73B4-DCDB-4AD5-AD7C-E1785B9587B1}" = protocol=6 | dir=in | app=c:\program files\giraffic\girafficwatchdog.exe | 
"{BFD6004B-E64A-4C66-8055-40BE3910AF6B}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{CB2D1972-A9EC-46AD-80D0-F8D50454288A}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{CDEE2160-A667-4E91-9127-0CA7C3010A63}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{D015C9FD-69C1-4E65-A195-FB1AC4E6A2A3}" = protocol=6 | dir=in | app=c:\program files\pinnacle\shared files\programs\strmserver\strmserver.exe | 
"{EF00ECDB-7C41-4AEF-B748-B604F236C903}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{F032A3F2-25EE-469C-96BD-3568B99ADB73}" = protocol=17 | dir=in | app=c:\program files\giraffic\giraffic.exe | 
"{F6A65017-C298-4E2E-B6A9-D2009DB51F43}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe | 
"{F9C10C86-52AF-43BD-BA2A-A77C72C66CED}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"TCP Query User{21602BE4-DF05-45EF-8FBA-9BCC26CE1C38}C:\program files\pinnacle\shared files\programs\strmserver\strmserver.exe" = protocol=6 | dir=in | app=c:\program files\pinnacle\shared files\programs\strmserver\strmserver.exe | 
"TCP Query User{E20D6CAD-4627-44E1-9483-36D7A9D5A897}C:\program files\veoh networks\veohwebplayer\veohwebplayer.exe" = protocol=6 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe | 
"UDP Query User{C1F10555-0643-4AFC-B919-61FBBAB459BB}C:\program files\pinnacle\shared files\programs\strmserver\strmserver.exe" = protocol=17 | dir=in | app=c:\program files\pinnacle\shared files\programs\strmserver\strmserver.exe | 
"UDP Query User{E3834D43-7B20-409B-BAED-C9989ADE2FCE}C:\program files\veoh networks\veohwebplayer\veohwebplayer.exe" = protocol=17 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{02602409-9189-4567-BC07-562605243B69}" = Windows Live Remote Client Resources
"{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{058C8EB2-6DDB-4431-BBF4-C79A1E773C1C}" = HP LaserJet Fonts
"{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware
"{07EEE598-5F21-4B57-B40B-46592625B3D9}" = Zune Language Pack (PTB)
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{1280E900-35DA-4E08-A700-B79A5B2B8532}" = Microsoft Antimalware Service DE-DE Language Pack
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{1BDC9633-895B-4842-BCB6-8FA1EC2A3C5A}" = Adobe Shockwave Player
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{25DEC9F7-08C7-4511-9B4A-40A61E40658E}" = web'n'walk Manager
"{2614F54E-A828-49FA-93BA-45A3F756BFAA}" = 32 Bit HP CIO Components Installer
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron JMB38X Flash Media Controller
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 30
"{29790AC7-AD34-4F3D-A92D-EBED66F49461}" = HP Webregistrierung
"{2A9DFFD8-4E09-4B91-B957-454805B0D7C4}" = Zune Language Pack (CHS)
"{2B4E24A0-A06F-488D-87D8-16738E5E1104}" = Windows Live Family Safety
"{30DAA715-5032-40F9-A0AE-95C9AEBB3E3F}" = HP QuickTouch 1.00 D2
"{31216452-5540-4C96-B754-94890A63D5AB}" = HP Help and Support
"{332DB63A-14F2-465D-9C7E-B0D04353323F}" = RegistryReviver
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{340F521E-3576-4E1A-B75C-EB0ACF751379}" = HP Wireless Assistant
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.40 D1
"{3589A659-F732-4E65-A89A-5438C332E59D}" = Zune Language Pack (ELL)
"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Vista
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3A65A74A-5B6E-451A-92D8-50F1182BBE9A}" = Windows Live Remote Service Resources
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{4289B8A1-2EC7-11D5-A859-00E02956C418}" = e-Seq V2.0
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP QuickPlay 3.7
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C250A6F-9EBF-454D-8C88-159762FA0115}" = Installationshinweise
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{4F0C7CCF-5666-474B-B02E-AC514A95EC93}" = NVIDIA GAME System Software 2.8.1
"{50779A29-834E-4E36-BBEB-B7CABC67A825}" = Microsoft Security Client DE-DE Language Pack
"{51C839E1-2BE4-4E77-A1BA-CCEA5DAFA741}" = Zune Language Pack (KOR)
"{51E5C397-0AA0-48DD-9CB6-7259AFFDFB0A}" = HP Easy Setup - Frontend
"{54B6DC7D-8C5B-4DFB-BC15-C010A3326B2B}" = Microsoft Security Client
"{57C51D56-B287-4C11-9192-EC3C46EF76A4}" = Zune Language Pack (RUS)
"{582287DA-0806-4AC0-BF19-C15E3A466034}" = LightScribe System Software  1.12.33.2
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5C93E291-A1CC-4E51-85C6-E194209FCDB4}" = Zune Language Pack (PTG)
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{5DEFD397-4012-46C3-B6DA-E8013E660772}" = Zune Language Pack (NOR)
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{6740BCB0-5863-47F4-80F4-44F394DE4FE2}" = Zune Language Pack (NLD)
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6B33492E-FBBC-4EC3-8738-09E16E395A10}" = Zune Language Pack (ESP)
"{6EB931CD-A7DA-4A44-B74A-89C8EB50086F}" = Zune Language Pack (SVE)
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{760BF94F-4FAF-4EF6-96D9-B55B12993992}" = Sherlock Holmes - Die Spur der Erwachten Remastered
"{76BA306B-2AA0-47C0-AB6B-F313AB56C136}" = Zune Language Pack (MSL)
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7730D510-6DE2-4CD4-8F58-0B04680AEFE6}" = Mysteryville 2
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7C7AC2D4-1077-45C8-826A-16445B5E0DB7}" = Pinnacle DistanTV Server
"{7F6F58CF-9F6D-4496-A7FC-712F7AE11EB9}" = Agatha Christie - Das haus an der Düne
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{8960A0A1-BB5A-479E-92CF-65AB9D684B43}" = Zune Language Pack (PLK)
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B112338-2B08-4851-AF84-E7CAD74CEB32}" = Zune Language Pack (DAN)
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8F08E12A-363F-4F69-8BC8-0E0EA502A6ED}" = Holly - Ein Weihnachtsmärchen
"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_PROPLUS_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}_PROPLUS_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}_PROPLUS_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_PROPLUS_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_PROPLUS_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}_PROPLUS_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}_PROPLUS_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}_PROPLUS_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}_PROPLUS_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_PROPLUS_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}_PROPLUS_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{92ECE3F9-591E-4C12-8A62-B9FCE38BF646}" = Zune Language Pack (IND)
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-007A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B75648B-6C30-4A0D-9DE6-0D09D20AF5A5}" = Zune
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9E48FF52-082C-4CC2-BB67-6E10D09C0431}" = Windows Live UX Platform Language Pack
"{A5A53EA8-A11E-49F0-BDF5-AE536426A31A}" = Zune Language Pack (CHT)
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A8F2E50B-86E2-4D96-9BD2-9758BCC6F9B3}" = Zune Language Pack (CSY)
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B16DA0F8-26BC-4FFC-9363-1D9F3E6C3E21}" = HP Customer Experience Enhancements
"{B4870774-5F3A-46D9-9DFE-06FB5599E26B}" = Zune Language Pack (FIN)
"{B8169E45-8E23-430B-91D1-EC64540C8ED0}" = HP User Guides 0103
"{BE236D9A-52EC-4A17-82DA-84B5EAD31E3E}" = Zune Language Pack (DEU)
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C5D37FFA-7483-410B-982B-91E93FD3B7DA}" = Zune Language Pack (ITA)
"{C68D33B1-0204-4EBE-BC45-A6E432B1D13A}" = Zune Language Pack (FRA)
"{C6BE19C6-B102-4038-B2A6-1C313872DBB4}" = Zune Language Pack (HUN)
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CB71A20E-B1B4-4562-81FA-33E1DBD0342F}" = ProtectSmart Hard Drive Protection
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE7E3BE0-2DD3-4416-A690-F9E4A99A8CFF}" = HP Active Support Library
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D178746E-0919-424E-88A7-81A0E46FF03E}" = Christmasville
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D8A781C9-3892-4E2E-9320-480CF896CFBB}" = Zune Language Pack (JPN)
"{DDD5104F-1C44-49EB-9E6B-29EC5D27658B}" = HP Update
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EB4F8872-646F-439D-BC5E-24CD7A5E852C}" = Benutzerhandbuch
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F2CB8C3C-9C9E-4FAB-9067-655601C5F748}" = Windows Mobile Device Updater Component
"{f32502b5-5b64-4882-bf61-77f23edcac4f}" = HP Total Care Advisor
"{F38ADCA4-AF7C-4C73-9021-6F1EA15D15EA}" = Pinnacle TVCenter Pro
"{F53D678E-238F-4A71-9742-08BB6774E9DC}" = Windows Live Family Safety
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop Elements 1.0" = Adobe Photoshop Elements
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe SVG Viewer" = Adobe SVG Viewer
"AIM_6" = AIM
"CCleaner" = CCleaner
"Chromas" = Chromas
"Clone Manager Professional Suite 8" = Clone Manager Professional Suite 8
"conduitEngine" = Conduit Engine
"Der Hummelfluch" = W&G - Der Hummelfluch
"Der Stein der Weisen" = Der Stein der Weisen
"Dr. Brains Mehr Gehirnjogging" = Dr. Brains Mehr Gehirnjogging
"GENtle" = GENtle
"Giraffic" = Giraffic Video Accelerator
"Google Chrome" = Google Chrome
"GridinSoft Trojan Killer" = Trojan Killer
"Holly im Wunderland" = Holly im Wunderland
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HPLaserJetP3005" = HP LaserJet P3005
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"Jump Jack" = Jump Jack
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft Security Client" = Microsoft Security Essentials
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"NVIDIA Drivers" = NVIDIA Drivers
"Peggle Deluxe 1.03" = Peggle Deluxe 1.03
"PirateVille" = PirateVille
"PROPLUS" = Microsoft Office Professional Plus 2007
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"Schlag den Raab_is1" = Schlag den Raab
"SlingMedia.QPSlingPlayer_is1" = QuickPlay SlingPlayer 0.4.6
"ST6UNST #1" = pDRAW32
"SuperTux_is1" = SuperTux 0.1.3
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Urlaub Unter Tage" = W&G - Urlaub Unter Tage
"Veoh_Web_Player Toolbar" = Veoh Web Player Toolbar
"ViewpointMediaPlayer" = Viewpoint Media Player
"WildTangent hp Master Uninstall" = My HP Games
"WinLiveSuite" = Windows Live Essentials
"winscp3_is1" = WinSCP 4.2.8
"Xvid_is1" = Xvid 1.1.3 final uninstall
"Zak McKracken - Between Time and Space" = Zak McKracken - Between Time and Space
"Zune" = Zune
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 21.04.2012 08:39:56 | Computer Name = Nina-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 21.04.2012 10:03:20 | Computer Name = Nina-PC | Source = Application Hang | ID = 1002
Description = Programm mbam.exe, Version 1.60.0.80 arbeitet nicht mehr mit Windows
 zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen
 für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem
 zu suchen.  Prozess-ID: 1308  Anfangszeit: 01cd1fbcef304fec  Zeitpunkt der Beendigung:
 0
 
Error - 21.04.2012 10:43:33 | Computer Name = Nina-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung VeohWebPlayer.exe, Version 1.2.2.1112, Zeitstempel
 0x4d9c52c3, fehlerhaftes Modul QtCore4.dll, Version 4.7.0.0, Zeitstempel 0x4c737fad,
 Ausnahmecode 0xc0000005, Fehleroffset 0x00053126,  Prozess-ID 0xe0, Anwendungsstartzeit
 01cd1fbc36e0890c.
 
Error - 21.04.2012 11:24:31 | Computer Name = Nina-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung rundll32.exe, Version 6.0.6000.16386, Zeitstempel
 0x4549b0e1, fehlerhaftes Modul USER32.dll, Version 6.0.6002.18541, Zeitstempel 
0x4ec3e3d5, Ausnahmecode 0xc0000142, Fehleroffset 0x00009f5d,  Prozess-ID 0x16d0, 
Anwendungsstartzeit 01cd1fd2b597cc2c.
 
Error - 21.04.2012 17:20:05 | Computer Name = Nina-PC | Source = VSS | ID = 8193
Description = 
 
Error - 22.04.2012 08:35:05 | Computer Name = Nina-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 23.04.2012 07:16:22 | Computer Name = Nina-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 24.04.2012 07:06:50 | Computer Name = Nina-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 24.04.2012 08:08:22 | Computer Name = Nina-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung VeohWebPlayer.exe, Version 1.2.2.1112, Zeitstempel
 0x4d9c52c3, fehlerhaftes Modul QtCore4.dll, Version 4.7.0.0, Zeitstempel 0x4c737fad,
 Ausnahmecode 0xc0000005, Fehleroffset 0x00053126,  Prozess-ID 0x948, Anwendungsstartzeit
 01cd220a58ff6b4d.
 
Error - 24.04.2012 11:03:19 | Computer Name = Nina-PC | Source = WinMgmt | ID = 10
Description = 
 
[ Media Center Events ]
Error - 01.11.2010 06:22:30 | Computer Name = Nina-PC | Source = MCUpdate | ID = 0
Description = Es konnte nicht auf den MCUpdate-Mutex gewartet werden. Ausnahme: 
'Der Wartezustand wurde aufgrund eines abgebrochenen Mutex beendet.'.
 
[ OSession Events ]
Error - 12.07.2011 15:03:58 | Computer Name = Nina-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6557.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 31760
 seconds with 120 seconds of active time.  This session ended with a crash.
 
Error - 15.08.2011 16:50:44 | Computer Name = Nina-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6557.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 14002
 seconds with 420 seconds of active time.  This session ended with a crash.
 
Error - 26.08.2011 11:24:09 | Computer Name = Nina-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6557.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 16729
 seconds with 360 seconds of active time.  This session ended with a crash.
 
Error - 08.09.2011 15:59:22 | Computer Name = Nina-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6557.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 4452
 seconds with 2220 seconds of active time.  This session ended with a crash.
 
Error - 25.09.2011 14:54:03 | Computer Name = Nina-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6565.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 4502
 seconds with 480 seconds of active time.  This session ended with a crash.
 
Error - 05.11.2011 17:13:37 | Computer Name = Nina-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6565.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 29639
 seconds with 240 seconds of active time.  This session ended with a crash.
 
Error - 18.01.2012 11:31:24 | Computer Name = Nina-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6654.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 13681
 seconds with 3660 seconds of active time.  This session ended with a crash.
 
Error - 19.01.2012 08:59:12 | Computer Name = Nina-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6654.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 8718
 seconds with 1860 seconds of active time.  This session ended with a crash.
 
Error - 31.01.2012 07:49:27 | Computer Name = Nina-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6654.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 2541
 seconds with 420 seconds of active time.  This session ended with a crash.
 
Error - 12.02.2012 16:23:43 | Computer Name = Nina-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 20146
 seconds with 5580 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 24.04.2012 11:03:19 | Computer Name = Nina-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 24.04.2012 11:12:24 | Computer Name = Nina-PC | Source = Microsoft Antimalware | ID = 2001
Description = Fehler in %%860 beim Aktualisieren von Signaturen.     Neue Signaturversion:
      Vorherige Signaturversion: 1.123.1936.0     Aktualisierungsquelle: %%859     Aktualisierungsstufe:
 %%852     Quellpfad: hxxp://www.microsoft.com     Signaturtyp: %%800     Aktualisierungstyp: %%803

	Benutzer:
 NT-AUTORITÄT\SYSTEM     Aktuelle Modulversion:      Vorherige Modulversion: 1.1.8202.0     Fehlercode:
 0x8024402c     Fehlerbeschreibung: Unerwartetes Problem bei der Überprüfung auf Updates.
 Informationen zum Installieren von Updates oder zur Problembehandlung finden Sie
 unter "Hilfe und Support". 
 
Error - 24.04.2012 11:12:24 | Computer Name = Nina-PC | Source = Microsoft Antimalware | ID = 2001
Description = Fehler in %%860 beim Aktualisieren von Signaturen.     Neue Signaturversion:
      Vorherige Signaturversion: 1.123.1936.0     Aktualisierungsquelle: %%851     Aktualisierungsstufe:
 %%852     Quellpfad: hxxp://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=1.1.8202.0&avdelta=1.123.1936.0&asdelta=1.123.1936.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094

	Signaturtyp:
 %%800     Aktualisierungstyp: %%803     Benutzer: NT-AUTORITÄT\NETZWERKDIENST     Aktuelle Modulversion:
      Vorherige Modulversion: 1.1.8202.0     Fehlercode: 0x80072ee7     Fehlerbeschreibung: Der
 Servername oder die Serveradresse konnte nicht verarbeitet werden. 
 
Error - 24.04.2012 11:12:24 | Computer Name = Nina-PC | Source = Microsoft Antimalware | ID = 2001
Description = Fehler in %%860 beim Aktualisieren von Signaturen.     Neue Signaturversion:
      Vorherige Signaturversion: 1.123.1936.0     Aktualisierungsquelle: %%851     Aktualisierungsstufe:
 %%852     Quellpfad: hxxp://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=1.1.8202.0&avdelta=1.123.1936.0&asdelta=1.123.1936.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094

	Signaturtyp:
 %%801     Aktualisierungstyp: %%803     Benutzer: NT-AUTORITÄT\NETZWERKDIENST     Aktuelle Modulversion:
      Vorherige Modulversion: 1.1.8202.0     Fehlercode: 0x80072ee7     Fehlerbeschreibung: Der
 Servername oder die Serveradresse konnte nicht verarbeitet werden. 
 
Error - 24.04.2012 11:12:24 | Computer Name = Nina-PC | Source = Microsoft Antimalware | ID = 2001
Description = Fehler in %%860 beim Aktualisieren von Signaturen.     Neue Signaturversion:
      Vorherige Signaturversion: 1.123.1936.0     Aktualisierungsquelle: %%851     Aktualisierungsstufe:
 %%852     Quellpfad: hxxp://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=1.1.8202.0&avdelta=1.123.1936.0&asdelta=1.123.1936.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094

	Signaturtyp:
 %%800     Aktualisierungstyp: %%803     Benutzer: NT-AUTORITÄT\NETZWERKDIENST     Aktuelle Modulversion:
      Vorherige Modulversion: 1.1.8202.0     Fehlercode: 0x80072ee7     Fehlerbeschreibung: Der
 Servername oder die Serveradresse konnte nicht verarbeitet werden. 
 
Error - 24.04.2012 11:12:24 | Computer Name = Nina-PC | Source = Microsoft Antimalware | ID = 2001
Description = Fehler in %%860 beim Aktualisieren von Signaturen.     Neue Signaturversion:
      Vorherige Signaturversion: 1.123.1936.0     Aktualisierungsquelle: %%851     Aktualisierungsstufe:
 %%852     Quellpfad: hxxp://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=1.1.8202.0&avdelta=1.123.1936.0&asdelta=1.123.1936.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094

	Signaturtyp:
 %%801     Aktualisierungstyp: %%803     Benutzer: NT-AUTORITÄT\NETZWERKDIENST     Aktuelle Modulversion:
      Vorherige Modulversion: 1.1.8202.0     Fehlercode: 0x80072ee7     Fehlerbeschreibung: Der
 Servername oder die Serveradresse konnte nicht verarbeitet werden. 
 
Error - 24.04.2012 11:12:24 | Computer Name = Nina-PC | Source = Microsoft Antimalware | ID = 2001
Description = Fehler in %%860 beim Aktualisieren von Signaturen.     Neue Signaturversion:
      Vorherige Signaturversion: 1.123.1936.0     Aktualisierungsquelle: %%851     Aktualisierungsstufe:
 %%852     Quellpfad: hxxp://go.microsoft.com/fwlink/?LinkID=187316&clcid=0x409&arch=x86&eng=2.0.8001.0&sig=11.0.0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094

	Signaturtyp:
 %%800     Aktualisierungstyp: %%803     Benutzer: NT-AUTORITÄT\NETZWERKDIENST     Aktuelle Modulversion:
      Vorherige Modulversion: 1.1.8202.0     Fehlercode: 0x80072ee7     Fehlerbeschreibung: Der
 Servername oder die Serveradresse konnte nicht verarbeitet werden. 
 
Error - 24.04.2012 11:12:24 | Computer Name = Nina-PC | Source = Microsoft Antimalware | ID = 2001
Description = Fehler in %%860 beim Aktualisieren von Signaturen.     Neue Signaturversion:
      Vorherige Signaturversion: 1.123.1936.0     Aktualisierungsquelle: %%851     Aktualisierungsstufe:
 %%852     Quellpfad: hxxp://go.microsoft.com/fwlink/?LinkID=187316&clcid=0x409&arch=x86&eng=2.0.8001.0&sig=11.0.0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094

	Signaturtyp:
 %%801     Aktualisierungstyp: %%803     Benutzer: NT-AUTORITÄT\NETZWERKDIENST     Aktuelle Modulversion:
      Vorherige Modulversion: 1.1.8202.0     Fehlercode: 0x80072ee7     Fehlerbeschreibung: Der
 Servername oder die Serveradresse konnte nicht verarbeitet werden. 
 
Error - 24.04.2012 11:12:24 | Computer Name = Nina-PC | Source = Microsoft Antimalware | ID = 2001
Description = Fehler in %%860 beim Aktualisieren von Signaturen.     Neue Signaturversion:
      Vorherige Signaturversion: 1.123.1936.0     Aktualisierungsquelle: %%851     Aktualisierungsstufe:
 %%852     Quellpfad: hxxp://go.microsoft.com/fwlink/?LinkID=187316&clcid=0x409&arch=x86&eng=2.0.8001.0&sig=11.0.0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094

	Signaturtyp:
 %%800     Aktualisierungstyp: %%803     Benutzer: NT-AUTORITÄT\NETZWERKDIENST     Aktuelle Modulversion:
      Vorherige Modulversion: 1.1.8202.0     Fehlercode: 0x80072ee7     Fehlerbeschreibung: Der
 Servername oder die Serveradresse konnte nicht verarbeitet werden. 
 
Error - 24.04.2012 11:12:24 | Computer Name = Nina-PC | Source = Microsoft Antimalware | ID = 2001
Description = Fehler in %%860 beim Aktualisieren von Signaturen.     Neue Signaturversion:
      Vorherige Signaturversion: 1.123.1936.0     Aktualisierungsquelle: %%851     Aktualisierungsstufe:
 %%852     Quellpfad: hxxp://go.microsoft.com/fwlink/?LinkID=187316&clcid=0x409&arch=x86&eng=2.0.8001.0&sig=11.0.0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094

	Signaturtyp:
 %%801     Aktualisierungstyp: %%803     Benutzer: NT-AUTORITÄT\NETZWERKDIENST     Aktuelle Modulversion:
      Vorherige Modulversion: 1.1.8202.0     Fehlercode: 0x80072ee7     Fehlerbeschreibung: Der
 Servername oder die Serveradresse konnte nicht verarbeitet werden. 
 
 
< End of report >

OTL.Txt-log-file:

Code:

ATTFilter

OTL logfile created on: 24.04.2012 17:09:07 - Run 2
OTL by OldTimer - Version 3.2.39.2     Folder = C:\Users\Nina\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,62 Gb Available Physical Memory | 54,06% Memory free
6,19 Gb Paging File | 4,72 Gb Available in Paging File | 76,30% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 289,06 Gb Total Space | 5,26 Gb Free Space | 1,82% Space Free | Partition Type: NTFS
Drive D: | 9,03 Gb Total Space | 1,17 Gb Free Space | 12,95% Space Free | Partition Type: NTFS
 
Computer Name: NINA-PC | User Name: Nina | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Nina\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Windows\System32\Macromed\Flash\FlashUtil32_11_2_202_233_ActiveX.exe (Adobe Systems Incorporated)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Programme\Google\Google Toolbar\GoogleToolbarUser_32.exe (Google Inc.)
PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Programme\Zune\ZuneLauncher.exe (Microsoft Corporation)
PRC - C:\Programme\Microsoft Security Client\msseces.exe (Microsoft Corporation)
PRC - C:\Programme\Internet Explorer\iexplore.exe (Microsoft Corporation)
PRC - c:\Programme\Microsoft Security Client\Antimalware\NisSrv.exe (Microsoft Corporation)
PRC - c:\Programme\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Programme\Veoh Networks\VeohWebPlayer\VeohWebPlayer.exe (Veoh Networks)
PRC - C:\Programme\Giraffic\GirafficWatchdog.exe (Giraffic)
PRC - C:\Programme\Giraffic\Giraffic.exe (Giraffic)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corp.)
PRC - C:\Programme\IDT\WDM\sttray.exe (IDT, Inc.)
PRC - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_e2247046\stacsv.exe (IDT, Inc.)
PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conime.exe (Microsoft Corporation)
PRC - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_e2247046\AEstSrv.exe (Andrea Electronics Corporation)
PRC - C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
PRC - C:\Programme\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
PRC - C:\Windows\SMINST\BLService.exe ()
PRC - C:\Programme\Pinnacle\Shared Files\Programs\StrmServer\StrmServer.exe (Avid Development GmbH)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
PRC - C:\Programme\T-Mobile\web'n'walk Manager\web'n'walk Manager.exe (T-Mobile)
PRC - C:\Programme\T-Mobile\web'n'walk Manager\GtDetectSc.exe (Option)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\09b9cd1c630210237b5b46d9943e1946\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\61759b9905aed9a87347d04b5fad046b\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\c50133cb67d7c013fa31e1ffb942060b\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll ()
MOD - C:\Programme\Veoh Networks\VeohWebPlayer\QtScript4.dll ()
MOD - C:\Programme\Veoh Networks\VeohWebPlayer\phonon4.dll ()
MOD - C:\Programme\Veoh Networks\VeohWebPlayer\QtWebKit4.dll ()
MOD - C:\Programme\Veoh Networks\VeohWebPlayer\QtGui4.dll ()
MOD - C:\Programme\Veoh Networks\VeohWebPlayer\QtCore4.dll ()
MOD - C:\Programme\Veoh Networks\VeohWebPlayer\QtNetwork4.dll ()
MOD - C:\Programme\Veoh Networks\VeohWebPlayer\imageformats\qjpeg4.dll ()
MOD - C:\Programme\Veoh Networks\VeohWebPlayer\imageformats\qgif4.dll ()
MOD - C:\Programme\HP\QuickPlay\Kernel\TV\CLCapEngine.dll ()
MOD - C:\Programme\HP\QuickPlay\Kernel\TV\CLSchMgr.dll ()
MOD - C:\Programme\HP\QuickPlay\Kernel\TV\CLCapSvcps.dll ()
MOD - C:\Programme\HP\QuickPlay\Kernel\TV\CLTinyDB.dll ()
MOD - C:\Programme\HP\QuickPlay\Kernel\common\MCEMediaStatus.dll ()
MOD - C:\Programme\Pinnacle\Shared Files\Programs\StrmServer\UPnPStreamingDevice.dll ()
MOD - C:\Programme\Common Files\LightScribe\QtGui4.dll ()
MOD - C:\Programme\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll ()
MOD - C:\Programme\Common Files\LightScribe\QtCore4.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MBAMService) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (ZuneWlanCfgSvc) -- C:\Programme\Zune\ZuneWlanCfgSvc.exe (Microsoft Corporation)
SRV - (WMZuneComm) -- C:\Programme\Zune\WMZuneComm.exe (Microsoft Corporation)
SRV - (ZuneNetworkSvc) -- C:\Programme\Zune\ZuneNss.exe (Microsoft Corporation)
SRV - (odserv) -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (NisSrv) -- c:\Programme\Microsoft Security Client\Antimalware\NisSrv.exe (Microsoft Corporation)
SRV - (MsMpSvc) -- c:\Programme\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SRV - (Giraffic) -- C:\Programme\Giraffic\GirafficWatchdog.exe (Giraffic)
SRV - (fsssvc) -- C:\Programme\Windows Live\Family Safety\fsssvc.exe (Microsoft Corporation)
SRV - (wlcrasvc) -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV - (wlidsvc) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (STacSV) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_e2247046\stacsv.exe (IDT, Inc.)
SRV - (AESTFilters) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_e2247046\AEstSrv.exe (Andrea Electronics Corporation)
SRV - (Recovery Service for Windows) -- C:\Windows\SMINST\BLService.exe ()
SRV - (ezSharedSvc) -- C:\Windows\System32\ezsvc7.dll (EasyBits Sofware AS)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (GtDetectSc) -- C:\Programme\T-Mobile\web'n'walk Manager\GtDetectSc.exe (Option)
SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (TrojanKillerDriver) -- C:\Windows\System32\drivers\gtkdrv.sys (Windows (R) Win 7 DDK provider)
DRV - (hpdskflt) -- C:\Windows\System32\drivers\hpdskflt.sys (Hewlett-Packard Company)
DRV - (Accelerometer) -- C:\Windows\System32\drivers\Accelerometer.sys (Hewlett-Packard Company)
DRV - (NisDrv) -- C:\Windows\System32\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV - (MpNWMon) -- C:\Windows\System32\drivers\MpNWMon.sys (Microsoft Corporation)
DRV - (acedrv11) -- C:\Windows\System32\drivers\acedrv11.sys (Protect Software GmbH)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (STHDA) -- C:\Windows\System32\drivers\stwrt.sys (IDT, Inc.)
DRV - (WinUSB) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (NETw5v32) Intel(R) -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation)
DRV - (JMCR) -- C:\Windows\System32\drivers\jmcr.sys (JMicron Technology Corporation)
DRV - (NVHDA) -- C:\Windows\System32\drivers\nvhda32v.sys (NVIDIA Corporation)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation                                            )
DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (enecir) -- C:\Windows\System32\drivers\enecir.sys (ENE TECHNOLOGY INC.)
DRV - (GT72NDISIPXP) -- C:\Windows\System32\drivers\Gt51Ip.sys (Option NV)
DRV - (GT72UBUS) -- C:\Windows\System32\drivers\gt72ubus.sys (Option N.V.)
DRV - (HpqKbFiltr) -- C:\Windows\System32\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV - (Ltn_stk7070P) -- C:\Windows\System32\drivers\Ltn_stk7070P.sys (LITEON)
DRV - (Ltn_stkrc) -- C:\Windows\System32\drivers\Ltn_stkrc.sys (LITEON)
DRV - (GTPTSER) -- C:\Windows\System32\drivers\gtptser.sys (Option N.V.)
DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvm60x32.sys (NVIDIA Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=83&bd=Pavilion&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=83&bd=Pavilion&pf=cnnb
IE - HKLM\..\URLSearchHook: {cd90bf73-20f6-44ef-993d-bb920303bd2e} - C:\Programme\Veoh_Web_Player\prxtbVeoh.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{34167F0C-A7FC-4E6B-8D5F-5C357F1719E9}: "URL" = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{AF87E9C8-C850-44DB-AA47-5F3B71B85896}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcnnbie7-de-de
IE - HKLM\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2653012
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=83&bd=Pavilion&pf=cnnb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.gmx.net/themen/nachrichten/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - No CLSID value found
IE - HKCU\..\URLSearchHook: {cd90bf73-20f6-44ef-993d-bb920303bd2e} - C:\Programme\Veoh_Web_Player\prxtbVeoh.dll (Conduit Ltd.)
IE - HKCU\..\SearchScopes,DefaultScope = {DF9519CB-6984-4763-A926-EBAD4BB9672A}
IE - HKCU\..\SearchScopes\{2CDF6C72-1159-4A03-95AC-412ED051C724}: "URL" = hxxp://go.gmx.net/tb/ie_searchplugin/?su={searchTerms}
IE - HKCU\..\SearchScopes\{34167F0C-A7FC-4E6B-8D5F-5C357F1719E9}: "URL" = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933
IE - HKCU\..\SearchScopes\{AF87E9C8-C850-44DB-AA47-5F3B71B85896}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcnnbie7-de-de
IE - HKCU\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2653012
IE - HKCU\..\SearchScopes\{DF9519CB-6984-4763-A926-EBAD4BB9672A}: "URL" = hxxp://www.google.de/search?q={searchTerms}&rlz=1I7GGLL_deDE434
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "AutoConfigURL" = hxxp://pac.lrz-muenchen.de/
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultthis.engineName: "Veoh Web Player Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2653012&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "Veoh Web Player Customized Web Search"
FF - prefs.js..browser.startup.homepage: "hxxp://search.conduit.com/?ctid=CT2653012&SearchSource=13"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: toolbar@gmx.net:1.5
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.3.2
FF - prefs.js..extensions.enabledItems: {cd90bf73-20f6-44ef-993d-bb920303bd2e}:3.3.3.2
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_233.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.04.07 10:51:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.04.12 20:07:43 | 000,000,000 | ---D | M]
 
[2010.03.12 12:53:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nina\AppData\Roaming\mozilla\Extensions
[2011.12.15 12:59:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nina\AppData\Roaming\mozilla\Firefox\Profiles\4o4h8qnf.default\extensions
[2011.04.28 12:22:29 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Nina\AppData\Roaming\mozilla\Firefox\Profiles\4o4h8qnf.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.06.03 17:44:13 | 000,000,000 | ---D | M] (Veoh Web Player Community Toolbar) -- C:\Users\Nina\AppData\Roaming\mozilla\Firefox\Profiles\4o4h8qnf.default\extensions\{cd90bf73-20f6-44ef-993d-bb920303bd2e}
[2011.06.03 17:44:09 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Nina\AppData\Roaming\mozilla\Firefox\Profiles\4o4h8qnf.default\extensions\engine@conduit.com
[2011.05.30 11:02:05 | 000,000,000 | ---D | M] (GMX Toolbar) -- C:\Users\Nina\AppData\Roaming\mozilla\Firefox\Profiles\4o4h8qnf.default\extensions\toolbar@gmx.net
[2011.03.21 14:46:56 | 000,000,933 | ---- | M] () -- C:\Users\Nina\AppData\Roaming\Mozilla\Firefox\Profiles\4o4h8qnf.default\searchplugins\conduit.xml
[2012.02.12 22:34:29 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2010.05.16 19:14:24 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.08.03 14:46:57 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010.10.20 10:03:33 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011.01.17 15:44:41 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011.02.20 21:17:45 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011.06.15 13:39:33 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011.10.22 15:07:01 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
[2012.02.12 22:34:29 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}
[2010.03.22 12:01:42 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
[2010.05.16 19:14:24 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.08.03 14:46:57 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010.10.20 10:03:33 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011.01.17 15:44:41 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011.02.20 21:17:45 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011.06.15 13:39:33 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011.10.22 15:07:01 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
[2011.11.10 06:54:13 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010.01.16 03:15:29 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.01.16 03:15:29 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2010.01.16 03:15:29 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.01.16 03:15:29 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.01.16 03:15:29 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = hxxp://www.google.de/search?q={searchTerms}
CHR - default_search_provider: suggest_url = 
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Windows Live Messenger Companion Helper) - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O2 - BHO: (Veoh Web Player Toolbar) - {cd90bf73-20f6-44ef-993d-bb920303bd2e} - C:\Programme\Veoh_Web_Player\prxtbVeoh.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Veoh Web Player Toolbar) - {cd90bf73-20f6-44ef-993d-bb920303bd2e} - C:\Programme\Veoh_Web_Player\prxtbVeoh.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C424171E-592A-415A-9EB1-DFD6D95D3530} - No CLSID value found.
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Programme\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" File not found
O4 - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Zune Launcher] C:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation)
O4 - HKCU..\Run: [{0E72B33F-C093-4B1A-8B7C-90766110C756}] C:\Users\Nina\AppData\Roaming\Ogug\ytsyhyz.exe File not found
O4 - HKCU..\Run: [AlSnqDidGxPete.exe] C:\ProgramData\AlSnqDidGxPete.exe File not found
O4 - HKCU..\Run: [PMCRemote]  File not found
O4 - HKCU..\Run: [VeohPlugin] C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe (Veoh Networks)
O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Nina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Lokales Intranet)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} hxxp://office.microsoft.com/sites/production/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 141.40.145.24
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{018D3980-E9A5-441C-B4D4-130FF89757C7}: DhcpNameServer = 193.254.160.1 10.74.83.22
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6CC5C486-2CF8-499A-9C94-7E937FED3170}: DhcpNameServer = 141.40.145.24
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\Skyline.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\Skyline.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2008.11.18 01:02:24 | 000,003,802 | ---- | M] () - C:\Autorun_dll.log -- [ NTFS ]
O33 - MountPoints2\{064f6f6d-bf3e-11de-9641-001eecb1050c}\Shell - "" = AutoRun
O33 - MountPoints2\{064f6f6d-bf3e-11de-9641-001eecb1050c}\Shell\AutoRun\command - "" = F:\setup.exe AUTORUN=1
O33 - MountPoints2\{569ba8b3-a4bd-11df-8882-001eecb1050c}\Shell - "" = AutoRun
O33 - MountPoints2\{569ba8b3-a4bd-11df-8882-001eecb1050c}\Shell\AutoRun\command - "" = F:\setup.exe
O33 - MountPoints2\{569ba8ce-a4bd-11df-8882-001eecb1050c}\Shell - "" = AutoRun
O33 - MountPoints2\{569ba8ce-a4bd-11df-8882-001eecb1050c}\Shell\AutoRun\command - "" = F:\setup.exe
O33 - MountPoints2\{94f2013f-a779-11dd-b556-001eecb1050c}\Shell - "" = AutoRun
O33 - MountPoints2\{94f2013f-a779-11dd-b556-001eecb1050c}\Shell\AutoRun\command - "" = G:\LaunchU3.exe
O33 - MountPoints2\{cddcfffa-a6a4-11df-8459-001eecb1050c}\Shell - "" = AutoRun
O33 - MountPoints2\{cddcfffa-a6a4-11df-8459-001eecb1050c}\Shell\AutoRun\command - "" = F:\setup.exe
O33 - MountPoints2\{cddcfffb-a6a4-11df-8459-001eecb1050c}\Shell - "" = AutoRun
O33 - MountPoints2\{cddcfffb-a6a4-11df-8459-001eecb1050c}\Shell\AutoRun\command - "" = F:\setup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.04.18 21:34:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2012.04.18 21:34:16 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012.04.17 20:17:39 | 000,000,000 | ---D | C] -- C:\Users\Nina\Logs
[2012.04.17 15:05:46 | 010,063,000 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\Nina\Desktop\mbam-setup-1.61.0.1400.exe
[2012.04.17 13:12:06 | 000,000,000 | ---D | C] -- C:\Users\Nina\AppData\Roaming\Malwarebytes
[2012.04.17 13:11:45 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.04.17 13:11:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.04.17 13:11:45 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.04.17 13:11:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.04.16 14:33:33 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Users\Nina\Desktop\OTL.exe
[2012.04.15 22:13:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GridinSoft Trojan Killer
[2012.04.15 22:13:08 | 000,000,000 | ---D | C] -- C:\Program Files\GridinSoft Trojan Killer
[2012.04.15 18:16:46 | 000,000,000 | ---D | C] -- C:\Users\Nina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SMART HDD
[2012.04.14 21:41:48 | 000,000,000 | ---D | C] -- C:\Users\Nina\AppData\Roaming\Ryloso
[2012.04.14 21:41:48 | 000,000,000 | ---D | C] -- C:\Users\Nina\AppData\Roaming\Ogug
[2012.04.13 13:53:47 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012.04.13 13:53:45 | 001,799,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012.04.13 13:53:41 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012.04.13 13:53:40 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012.04.13 13:53:40 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012.04.13 13:53:39 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012.04.13 13:47:23 | 003,602,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2012.04.13 13:47:23 | 003,550,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2012.04.02 11:40:48 | 000,000,000 | ---D | C] -- C:\Users\Nina\AppData\Local\{B40A3199-0D6E-4FEF-920F-90EF0681B1FF}
[2012.04.01 16:04:41 | 000,418,464 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.04.24 17:12:11 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.04.24 17:08:12 | 000,630,842 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.04.24 17:08:12 | 000,598,096 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.04.24 17:08:12 | 000,127,454 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.04.24 17:08:12 | 000,105,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.04.24 17:06:30 | 000,000,349 | ---- | M] () -- C:\Users\Public\Documents\PCLECHAL.INI
[2012.04.24 17:05:46 | 000,001,090 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.04.24 17:01:48 | 000,003,216 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.04.24 17:01:48 | 000,003,216 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.04.24 17:01:47 | 000,167,368 | ---- | M] () -- C:\ProgramData\nvModes.001
[2012.04.24 17:01:41 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.04.24 17:01:39 | 3218,042,880 | -HS- | M] () -- C:\hiberfil.sys
[2012.04.24 17:00:24 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012.04.24 16:27:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.04.18 21:34:19 | 000,000,804 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.04.17 15:07:00 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.04.17 15:05:49 | 010,063,000 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\Nina\Desktop\mbam-setup-1.61.0.1400.exe
[2012.04.16 14:33:35 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Nina\Desktop\OTL.exe
[2012.04.15 22:13:14 | 000,000,936 | ---- | M] () -- C:\Users\Public\Desktop\Trojan Killer.lnk
[2012.04.15 18:17:53 | 000,000,256 | ---- | M] () -- C:\ProgramData\EwxRa6k2hb2uaz
[2012.04.15 18:16:46 | 000,000,599 | ---- | M] () -- C:\Users\Nina\Desktop\SMART_HDD.lnk
[2012.04.15 13:41:46 | 000,167,368 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2012.04.14 14:27:08 | 000,418,464 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012.04.14 14:27:07 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012.04.10 21:14:28 | 000,001,971 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012.04.04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.04.03 20:39:37 | 000,101,675 | ---- | M] () -- C:\Users\Nina\80456980.jpg
[2012.04.03 20:31:39 | 000,037,713 | ---- | M] () -- C:\Users\Nina\11gp2-2008-du2-tm-0027.jpg
[2012.03.29 22:20:48 | 000,035,480 | ---- | M] () -- C:\Users\Nina\tumblr_lzvdes5Shv1qlpspqo1_400.jpg
[2012.03.29 22:20:47 | 000,030,282 | ---- | M] () -- C:\Users\Nina\tumblr_lzywbqkdOk1qlpspqo1_400.jpg
[2012.03.27 22:36:21 | 000,001,589 | ---- | M] () -- C:\Users\Nina\Desktop\Browserwahl.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.04.18 21:34:19 | 000,000,804 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.04.18 21:25:22 | 3218,042,880 | -HS- | C] () -- C:\hiberfil.sys
[2012.04.17 13:11:46 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.04.15 22:18:27 | 000,002,179 | ---- | C] () -- C:\Users\Public\Desktop\Sherlock Holmes - Die Spur der Erwachten Remastered spielen.lnk
[2012.04.15 22:18:27 | 000,002,073 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2012.04.15 22:18:27 | 000,001,971 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012.04.15 22:18:27 | 000,001,892 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2012.04.15 22:18:27 | 000,001,873 | ---- | C] () -- C:\Users\Public\Desktop\HP Hilfe und Support.lnk
[2012.04.15 22:18:27 | 000,001,859 | ---- | C] () -- C:\Users\Public\Desktop\HP Total Care Advisor.lnk
[2012.04.15 22:18:27 | 000,001,810 | ---- | C] () -- C:\Users\Public\Desktop\Pinnacle TVCenter Pro.lnk
[2012.04.15 22:18:27 | 000,001,724 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.04.15 22:18:27 | 000,001,589 | ---- | C] () -- C:\Users\Public\Desktop\Browserwahl.lnk
[2012.04.15 22:18:27 | 000,001,425 | ---- | C] () -- C:\Users\Public\Desktop\e-Seq V2.0.lnk
[2012.04.15 22:18:27 | 000,001,053 | ---- | C] () -- C:\Users\Public\Desktop\web'n'walk Manager.lnk
[2012.04.15 22:18:27 | 000,000,838 | ---- | C] () -- C:\Users\Public\Desktop\Zune.lnk
[2012.04.15 22:13:14 | 000,000,936 | ---- | C] () -- C:\Users\Public\Desktop\Trojan Killer.lnk
[2012.04.15 18:16:46 | 000,000,599 | ---- | C] () -- C:\Users\Nina\Desktop\SMART_HDD.lnk
[2012.04.15 18:16:28 | 000,000,256 | ---- | C] () -- C:\ProgramData\EwxRa6k2hb2uaz
[2012.04.03 20:39:50 | 000,101,675 | ---- | C] () -- C:\Users\Nina\80456980.jpg
[2012.04.03 20:31:59 | 000,037,713 | ---- | C] () -- C:\Users\Nina\11gp2-2008-du2-tm-0027.jpg
[2012.04.01 16:04:43 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.03.29 22:22:46 | 000,030,282 | ---- | C] () -- C:\Users\Nina\tumblr_lzywbqkdOk1qlpspqo1_400.jpg
[2012.03.29 22:22:34 | 000,035,480 | ---- | C] () -- C:\Users\Nina\tumblr_lzvdes5Shv1qlpspqo1_400.jpg
[2012.03.27 22:36:21 | 000,001,589 | ---- | C] () -- C:\Users\Nina\Desktop\Browserwahl.lnk
[2010.11.05 18:25:26 | 000,765,952 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2010.11.05 18:25:25 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2010.09.17 15:41:24 | 000,000,600 | ---- | C] () -- C:\Users\Nina\AppData\Roaming\winscp.rnd
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:DFC5A2B2

< End of report >

Chrissi25 · 24.04.2012, 16:29

Danach habe ich nochmals OTL als Admin laufen lassen.

Extras.Txt-log-file:

Code:

ATTFilter

OTL Extras logfile created on: 24.04.2012 17:09:07 - Run 2
OTL by OldTimer - Version 3.2.39.2     Folder = C:\Users\Nina\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,62 Gb Available Physical Memory | 54,06% Memory free
6,19 Gb Paging File | 4,72 Gb Available in Paging File | 76,30% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 289,06 Gb Total Space | 5,26 Gb Free Space | 1,82% Space Free | Partition Type: NTFS
Drive D: | 9,03 Gb Total Space | 1,17 Gb Free Space | 12,95% Space Free | Partition Type: NTFS
 
Computer Name: NINA-PC | User Name: Nina | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{11DD6CC4-9F71-4B4E-AB77-27EA9990E7B7}" = rport=445 | protocol=6 | dir=out | app=system | 
"{137EC783-BBE5-4160-8085-A45B0D6BDBD5}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{2647BFA5-67DB-4EF5-AE89-B3C2CDD446C8}" = lport=139 | protocol=6 | dir=in | app=system | 
"{36A3981D-80CA-4286-8811-6B13393AE9EE}" = lport=445 | protocol=6 | dir=in | app=system | 
"{36FD9057-3266-459D-ADCF-4258EAE74FA3}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{4FA927B6-5B18-4586-AFC2-B896259D00A2}" = lport=137 | protocol=17 | dir=in | app=system | 
"{824899C7-9A79-49E8-BEF0-D8E2AF6DBE06}" = rport=139 | protocol=6 | dir=out | app=system | 
"{94B8184B-A2E1-4846-83AE-C9F1028138CB}" = rport=138 | protocol=17 | dir=out | app=system | 
"{A895A8B3-4D82-4AA4-B038-C50B5A3428CB}" = lport=138 | protocol=17 | dir=in | app=system | 
"{AD9D84DB-CCE9-4EC9-838A-43070C69E84D}" = rport=137 | protocol=17 | dir=out | app=system | 
"{ADF184ED-04CB-4C0F-A544-BD1A8508C701}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{B6F3E88C-B3E1-4B33-A643-E49692EB5F64}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{C8487EDD-C8C3-4EEE-B7F7-603E789DDB3A}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{CCEBA056-6020-4617-BB01-4C6152292D98}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{D45ACA33-BCCD-468C-AC9F-A21F25764E3C}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{15B044DB-9DD3-4B40-824D-183FE4BF252B}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{15CF9BF1-0F3F-497D-A85E-2619DA034A5D}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe | 
"{28725DAD-CF8E-45E7-9953-68F6AF97F9AA}" = dir=in | app=c:\program files\hp\quickplay\qp.exe | 
"{2928878D-A5E2-4964-A165-ED21B8756079}" = dir=in | app=c:\program files\windows live\mesh\moe.exe | 
"{3CE77803-0772-47F8-A57C-87C5F54FD0C7}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{46209F83-6D3C-437D-9B97-22CE1C8B597D}" = dir=in | app=c:\program files\hp\quickplay\qpservice.exe | 
"{5A5F8220-0EC0-4FEF-BD64-F719A03154AD}" = protocol=17 | dir=in | app=c:\program files\pinnacle\shared files\programs\strmserver\strmserver.exe | 
"{5F3E5B53-8C1B-4882-B81A-28FF66839B70}" = protocol=17 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe | 
"{5F65F827-5717-4D39-9B9C-9430316D8F49}" = dir=in | app=c:\program files\msn messenger\livecall.exe | 
"{7E477169-0CEC-48EA-90C7-7EAE0DFA3FC6}" = protocol=17 | dir=in | app=c:\program files\giraffic\girafficwatchdog.exe | 
"{87157B1B-4F23-442B-B89A-A805D28F8486}" = protocol=6 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe | 
"{89A90472-0FBB-4405-90FC-F638D90BDE24}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe | 
"{9001BDBF-019C-4DAB-91CC-2188152D1255}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{904EE618-87C2-40C2-8D1E-FFE474185234}" = protocol=6 | dir=in | app=c:\program files\giraffic\giraffic.exe | 
"{A8200AB3-26AD-4207-8918-2F8361357ED6}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe | 
"{A958E700-32B9-4CEA-BA0C-C775A001433C}" = dir=in | app=c:\program files\msn messenger\msnmsgr.exe | 
"{BBAE73B4-DCDB-4AD5-AD7C-E1785B9587B1}" = protocol=6 | dir=in | app=c:\program files\giraffic\girafficwatchdog.exe | 
"{BFD6004B-E64A-4C66-8055-40BE3910AF6B}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{CB2D1972-A9EC-46AD-80D0-F8D50454288A}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{CDEE2160-A667-4E91-9127-0CA7C3010A63}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{D015C9FD-69C1-4E65-A195-FB1AC4E6A2A3}" = protocol=6 | dir=in | app=c:\program files\pinnacle\shared files\programs\strmserver\strmserver.exe | 
"{EF00ECDB-7C41-4AEF-B748-B604F236C903}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{F032A3F2-25EE-469C-96BD-3568B99ADB73}" = protocol=17 | dir=in | app=c:\program files\giraffic\giraffic.exe | 
"{F6A65017-C298-4E2E-B6A9-D2009DB51F43}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe | 
"{F9C10C86-52AF-43BD-BA2A-A77C72C66CED}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"TCP Query User{21602BE4-DF05-45EF-8FBA-9BCC26CE1C38}C:\program files\pinnacle\shared files\programs\strmserver\strmserver.exe" = protocol=6 | dir=in | app=c:\program files\pinnacle\shared files\programs\strmserver\strmserver.exe | 
"TCP Query User{E20D6CAD-4627-44E1-9483-36D7A9D5A897}C:\program files\veoh networks\veohwebplayer\veohwebplayer.exe" = protocol=6 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe | 
"UDP Query User{C1F10555-0643-4AFC-B919-61FBBAB459BB}C:\program files\pinnacle\shared files\programs\strmserver\strmserver.exe" = protocol=17 | dir=in | app=c:\program files\pinnacle\shared files\programs\strmserver\strmserver.exe | 
"UDP Query User{E3834D43-7B20-409B-BAED-C9989ADE2FCE}C:\program files\veoh networks\veohwebplayer\veohwebplayer.exe" = protocol=17 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{02602409-9189-4567-BC07-562605243B69}" = Windows Live Remote Client Resources
"{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{058C8EB2-6DDB-4431-BBF4-C79A1E773C1C}" = HP LaserJet Fonts
"{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware
"{07EEE598-5F21-4B57-B40B-46592625B3D9}" = Zune Language Pack (PTB)
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{1280E900-35DA-4E08-A700-B79A5B2B8532}" = Microsoft Antimalware Service DE-DE Language Pack
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{1BDC9633-895B-4842-BCB6-8FA1EC2A3C5A}" = Adobe Shockwave Player
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{25DEC9F7-08C7-4511-9B4A-40A61E40658E}" = web'n'walk Manager
"{2614F54E-A828-49FA-93BA-45A3F756BFAA}" = 32 Bit HP CIO Components Installer
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron JMB38X Flash Media Controller
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 30
"{29790AC7-AD34-4F3D-A92D-EBED66F49461}" = HP Webregistrierung
"{2A9DFFD8-4E09-4B91-B957-454805B0D7C4}" = Zune Language Pack (CHS)
"{2B4E24A0-A06F-488D-87D8-16738E5E1104}" = Windows Live Family Safety
"{30DAA715-5032-40F9-A0AE-95C9AEBB3E3F}" = HP QuickTouch 1.00 D2
"{31216452-5540-4C96-B754-94890A63D5AB}" = HP Help and Support
"{332DB63A-14F2-465D-9C7E-B0D04353323F}" = RegistryReviver
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{340F521E-3576-4E1A-B75C-EB0ACF751379}" = HP Wireless Assistant
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.40 D1
"{3589A659-F732-4E65-A89A-5438C332E59D}" = Zune Language Pack (ELL)
"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Vista
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3A65A74A-5B6E-451A-92D8-50F1182BBE9A}" = Windows Live Remote Service Resources
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{4289B8A1-2EC7-11D5-A859-00E02956C418}" = e-Seq V2.0
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP QuickPlay 3.7
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C250A6F-9EBF-454D-8C88-159762FA0115}" = Installationshinweise
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{4F0C7CCF-5666-474B-B02E-AC514A95EC93}" = NVIDIA GAME System Software 2.8.1
"{50779A29-834E-4E36-BBEB-B7CABC67A825}" = Microsoft Security Client DE-DE Language Pack
"{51C839E1-2BE4-4E77-A1BA-CCEA5DAFA741}" = Zune Language Pack (KOR)
"{51E5C397-0AA0-48DD-9CB6-7259AFFDFB0A}" = HP Easy Setup - Frontend
"{54B6DC7D-8C5B-4DFB-BC15-C010A3326B2B}" = Microsoft Security Client
"{57C51D56-B287-4C11-9192-EC3C46EF76A4}" = Zune Language Pack (RUS)
"{582287DA-0806-4AC0-BF19-C15E3A466034}" = LightScribe System Software  1.12.33.2
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5C93E291-A1CC-4E51-85C6-E194209FCDB4}" = Zune Language Pack (PTG)
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{5DEFD397-4012-46C3-B6DA-E8013E660772}" = Zune Language Pack (NOR)
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{6740BCB0-5863-47F4-80F4-44F394DE4FE2}" = Zune Language Pack (NLD)
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6B33492E-FBBC-4EC3-8738-09E16E395A10}" = Zune Language Pack (ESP)
"{6EB931CD-A7DA-4A44-B74A-89C8EB50086F}" = Zune Language Pack (SVE)
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{760BF94F-4FAF-4EF6-96D9-B55B12993992}" = Sherlock Holmes - Die Spur der Erwachten Remastered
"{76BA306B-2AA0-47C0-AB6B-F313AB56C136}" = Zune Language Pack (MSL)
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7730D510-6DE2-4CD4-8F58-0B04680AEFE6}" = Mysteryville 2
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7C7AC2D4-1077-45C8-826A-16445B5E0DB7}" = Pinnacle DistanTV Server
"{7F6F58CF-9F6D-4496-A7FC-712F7AE11EB9}" = Agatha Christie - Das haus an der Düne
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{8960A0A1-BB5A-479E-92CF-65AB9D684B43}" = Zune Language Pack (PLK)
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B112338-2B08-4851-AF84-E7CAD74CEB32}" = Zune Language Pack (DAN)
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8F08E12A-363F-4F69-8BC8-0E0EA502A6ED}" = Holly - Ein Weihnachtsmärchen
"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_PROPLUS_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}_PROPLUS_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}_PROPLUS_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_PROPLUS_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_PROPLUS_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}_PROPLUS_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}_PROPLUS_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}_PROPLUS_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}_PROPLUS_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_PROPLUS_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}_PROPLUS_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{92ECE3F9-591E-4C12-8A62-B9FCE38BF646}" = Zune Language Pack (IND)
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-007A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B75648B-6C30-4A0D-9DE6-0D09D20AF5A5}" = Zune
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9E48FF52-082C-4CC2-BB67-6E10D09C0431}" = Windows Live UX Platform Language Pack
"{A5A53EA8-A11E-49F0-BDF5-AE536426A31A}" = Zune Language Pack (CHT)
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A8F2E50B-86E2-4D96-9BD2-9758BCC6F9B3}" = Zune Language Pack (CSY)
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B16DA0F8-26BC-4FFC-9363-1D9F3E6C3E21}" = HP Customer Experience Enhancements
"{B4870774-5F3A-46D9-9DFE-06FB5599E26B}" = Zune Language Pack (FIN)
"{B8169E45-8E23-430B-91D1-EC64540C8ED0}" = HP User Guides 0103
"{BE236D9A-52EC-4A17-82DA-84B5EAD31E3E}" = Zune Language Pack (DEU)
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C5D37FFA-7483-410B-982B-91E93FD3B7DA}" = Zune Language Pack (ITA)
"{C68D33B1-0204-4EBE-BC45-A6E432B1D13A}" = Zune Language Pack (FRA)
"{C6BE19C6-B102-4038-B2A6-1C313872DBB4}" = Zune Language Pack (HUN)
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CB71A20E-B1B4-4562-81FA-33E1DBD0342F}" = ProtectSmart Hard Drive Protection
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE7E3BE0-2DD3-4416-A690-F9E4A99A8CFF}" = HP Active Support Library
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D178746E-0919-424E-88A7-81A0E46FF03E}" = Christmasville
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D8A781C9-3892-4E2E-9320-480CF896CFBB}" = Zune Language Pack (JPN)
"{DDD5104F-1C44-49EB-9E6B-29EC5D27658B}" = HP Update
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EB4F8872-646F-439D-BC5E-24CD7A5E852C}" = Benutzerhandbuch
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F2CB8C3C-9C9E-4FAB-9067-655601C5F748}" = Windows Mobile Device Updater Component
"{f32502b5-5b64-4882-bf61-77f23edcac4f}" = HP Total Care Advisor
"{F38ADCA4-AF7C-4C73-9021-6F1EA15D15EA}" = Pinnacle TVCenter Pro
"{F53D678E-238F-4A71-9742-08BB6774E9DC}" = Windows Live Family Safety
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop Elements 1.0" = Adobe Photoshop Elements
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe SVG Viewer" = Adobe SVG Viewer
"AIM_6" = AIM
"CCleaner" = CCleaner
"Chromas" = Chromas
"Clone Manager Professional Suite 8" = Clone Manager Professional Suite 8
"conduitEngine" = Conduit Engine
"Der Hummelfluch" = W&G - Der Hummelfluch
"Der Stein der Weisen" = Der Stein der Weisen
"Dr. Brains Mehr Gehirnjogging" = Dr. Brains Mehr Gehirnjogging
"GENtle" = GENtle
"Giraffic" = Giraffic Video Accelerator
"Google Chrome" = Google Chrome
"GridinSoft Trojan Killer" = Trojan Killer
"Holly im Wunderland" = Holly im Wunderland
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HPLaserJetP3005" = HP LaserJet P3005
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"Jump Jack" = Jump Jack
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft Security Client" = Microsoft Security Essentials
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"NVIDIA Drivers" = NVIDIA Drivers
"Peggle Deluxe 1.03" = Peggle Deluxe 1.03
"PirateVille" = PirateVille
"PROPLUS" = Microsoft Office Professional Plus 2007
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"Schlag den Raab_is1" = Schlag den Raab
"SlingMedia.QPSlingPlayer_is1" = QuickPlay SlingPlayer 0.4.6
"ST6UNST #1" = pDRAW32
"SuperTux_is1" = SuperTux 0.1.3
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Urlaub Unter Tage" = W&G - Urlaub Unter Tage
"Veoh_Web_Player Toolbar" = Veoh Web Player Toolbar
"ViewpointMediaPlayer" = Viewpoint Media Player
"WildTangent hp Master Uninstall" = My HP Games
"WinLiveSuite" = Windows Live Essentials
"winscp3_is1" = WinSCP 4.2.8
"Xvid_is1" = Xvid 1.1.3 final uninstall
"Zak McKracken - Between Time and Space" = Zak McKracken - Between Time and Space
"Zune" = Zune
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 21.04.2012 08:39:56 | Computer Name = Nina-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 21.04.2012 10:03:20 | Computer Name = Nina-PC | Source = Application Hang | ID = 1002
Description = Programm mbam.exe, Version 1.60.0.80 arbeitet nicht mehr mit Windows
 zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen
 für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem
 zu suchen.  Prozess-ID: 1308  Anfangszeit: 01cd1fbcef304fec  Zeitpunkt der Beendigung:
 0
 
Error - 21.04.2012 10:43:33 | Computer Name = Nina-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung VeohWebPlayer.exe, Version 1.2.2.1112, Zeitstempel
 0x4d9c52c3, fehlerhaftes Modul QtCore4.dll, Version 4.7.0.0, Zeitstempel 0x4c737fad,
 Ausnahmecode 0xc0000005, Fehleroffset 0x00053126,  Prozess-ID 0xe0, Anwendungsstartzeit
 01cd1fbc36e0890c.
 
Error - 21.04.2012 11:24:31 | Computer Name = Nina-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung rundll32.exe, Version 6.0.6000.16386, Zeitstempel
 0x4549b0e1, fehlerhaftes Modul USER32.dll, Version 6.0.6002.18541, Zeitstempel 
0x4ec3e3d5, Ausnahmecode 0xc0000142, Fehleroffset 0x00009f5d,  Prozess-ID 0x16d0, 
Anwendungsstartzeit 01cd1fd2b597cc2c.
 
Error - 21.04.2012 17:20:05 | Computer Name = Nina-PC | Source = VSS | ID = 8193
Description = 
 
Error - 22.04.2012 08:35:05 | Computer Name = Nina-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 23.04.2012 07:16:22 | Computer Name = Nina-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 24.04.2012 07:06:50 | Computer Name = Nina-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 24.04.2012 08:08:22 | Computer Name = Nina-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung VeohWebPlayer.exe, Version 1.2.2.1112, Zeitstempel
 0x4d9c52c3, fehlerhaftes Modul QtCore4.dll, Version 4.7.0.0, Zeitstempel 0x4c737fad,
 Ausnahmecode 0xc0000005, Fehleroffset 0x00053126,  Prozess-ID 0x948, Anwendungsstartzeit
 01cd220a58ff6b4d.
 
Error - 24.04.2012 11:03:19 | Computer Name = Nina-PC | Source = WinMgmt | ID = 10
Description = 
 
[ Media Center Events ]
Error - 01.11.2010 06:22:30 | Computer Name = Nina-PC | Source = MCUpdate | ID = 0
Description = Es konnte nicht auf den MCUpdate-Mutex gewartet werden. Ausnahme: 
'Der Wartezustand wurde aufgrund eines abgebrochenen Mutex beendet.'.
 
[ OSession Events ]
Error - 12.07.2011 15:03:58 | Computer Name = Nina-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6557.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 31760
 seconds with 120 seconds of active time.  This session ended with a crash.
 
Error - 15.08.2011 16:50:44 | Computer Name = Nina-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6557.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 14002
 seconds with 420 seconds of active time.  This session ended with a crash.
 
Error - 26.08.2011 11:24:09 | Computer Name = Nina-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6557.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 16729
 seconds with 360 seconds of active time.  This session ended with a crash.
 
Error - 08.09.2011 15:59:22 | Computer Name = Nina-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6557.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 4452
 seconds with 2220 seconds of active time.  This session ended with a crash.
 
Error - 25.09.2011 14:54:03 | Computer Name = Nina-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6565.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 4502
 seconds with 480 seconds of active time.  This session ended with a crash.
 
Error - 05.11.2011 17:13:37 | Computer Name = Nina-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6565.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 29639
 seconds with 240 seconds of active time.  This session ended with a crash.
 
Error - 18.01.2012 11:31:24 | Computer Name = Nina-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6654.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 13681
 seconds with 3660 seconds of active time.  This session ended with a crash.
 
Error - 19.01.2012 08:59:12 | Computer Name = Nina-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6654.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 8718
 seconds with 1860 seconds of active time.  This session ended with a crash.
 
Error - 31.01.2012 07:49:27 | Computer Name = Nina-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6654.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 2541
 seconds with 420 seconds of active time.  This session ended with a crash.
 
Error - 12.02.2012 16:23:43 | Computer Name = Nina-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 20146
 seconds with 5580 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 24.04.2012 11:03:19 | Computer Name = Nina-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 24.04.2012 11:12:24 | Computer Name = Nina-PC | Source = Microsoft Antimalware | ID = 2001
Description = Fehler in %%860 beim Aktualisieren von Signaturen.     Neue Signaturversion:
      Vorherige Signaturversion: 1.123.1936.0     Aktualisierungsquelle: %%859     Aktualisierungsstufe:
 %%852     Quellpfad: hxxp://www.microsoft.com     Signaturtyp: %%800     Aktualisierungstyp: %%803

	Benutzer:
 NT-AUTORITÄT\SYSTEM     Aktuelle Modulversion:      Vorherige Modulversion: 1.1.8202.0     Fehlercode:
 0x8024402c     Fehlerbeschreibung: Unerwartetes Problem bei der Überprüfung auf Updates.
 Informationen zum Installieren von Updates oder zur Problembehandlung finden Sie
 unter "Hilfe und Support". 
 
Error - 24.04.2012 11:12:24 | Computer Name = Nina-PC | Source = Microsoft Antimalware | ID = 2001
Description = Fehler in %%860 beim Aktualisieren von Signaturen.     Neue Signaturversion:
      Vorherige Signaturversion: 1.123.1936.0     Aktualisierungsquelle: %%851     Aktualisierungsstufe:
 %%852     Quellpfad: hxxp://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=1.1.8202.0&avdelta=1.123.1936.0&asdelta=1.123.1936.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094

	Signaturtyp:
 %%800     Aktualisierungstyp: %%803     Benutzer: NT-AUTORITÄT\NETZWERKDIENST     Aktuelle Modulversion:
      Vorherige Modulversion: 1.1.8202.0     Fehlercode: 0x80072ee7     Fehlerbeschreibung: Der
 Servername oder die Serveradresse konnte nicht verarbeitet werden. 
 
Error - 24.04.2012 11:12:24 | Computer Name = Nina-PC | Source = Microsoft Antimalware | ID = 2001
Description = Fehler in %%860 beim Aktualisieren von Signaturen.     Neue Signaturversion:
      Vorherige Signaturversion: 1.123.1936.0     Aktualisierungsquelle: %%851     Aktualisierungsstufe:
 %%852     Quellpfad: hxxp://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=1.1.8202.0&avdelta=1.123.1936.0&asdelta=1.123.1936.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094

	Signaturtyp:
 %%801     Aktualisierungstyp: %%803     Benutzer: NT-AUTORITÄT\NETZWERKDIENST     Aktuelle Modulversion:
      Vorherige Modulversion: 1.1.8202.0     Fehlercode: 0x80072ee7     Fehlerbeschreibung: Der
 Servername oder die Serveradresse konnte nicht verarbeitet werden. 
 
Error - 24.04.2012 11:12:24 | Computer Name = Nina-PC | Source = Microsoft Antimalware | ID = 2001
Description = Fehler in %%860 beim Aktualisieren von Signaturen.     Neue Signaturversion:
      Vorherige Signaturversion: 1.123.1936.0     Aktualisierungsquelle: %%851     Aktualisierungsstufe:
 %%852     Quellpfad: hxxp://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=1.1.8202.0&avdelta=1.123.1936.0&asdelta=1.123.1936.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094

	Signaturtyp:
 %%800     Aktualisierungstyp: %%803     Benutzer: NT-AUTORITÄT\NETZWERKDIENST     Aktuelle Modulversion:
      Vorherige Modulversion: 1.1.8202.0     Fehlercode: 0x80072ee7     Fehlerbeschreibung: Der
 Servername oder die Serveradresse konnte nicht verarbeitet werden. 
 
Error - 24.04.2012 11:12:24 | Computer Name = Nina-PC | Source = Microsoft Antimalware | ID = 2001
Description = Fehler in %%860 beim Aktualisieren von Signaturen.     Neue Signaturversion:
      Vorherige Signaturversion: 1.123.1936.0     Aktualisierungsquelle: %%851     Aktualisierungsstufe:
 %%852     Quellpfad: hxxp://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=1.1.8202.0&avdelta=1.123.1936.0&asdelta=1.123.1936.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094

	Signaturtyp:
 %%801     Aktualisierungstyp: %%803     Benutzer: NT-AUTORITÄT\NETZWERKDIENST     Aktuelle Modulversion:
      Vorherige Modulversion: 1.1.8202.0     Fehlercode: 0x80072ee7     Fehlerbeschreibung: Der
 Servername oder die Serveradresse konnte nicht verarbeitet werden. 
 
Error - 24.04.2012 11:12:24 | Computer Name = Nina-PC | Source = Microsoft Antimalware | ID = 2001
Description = Fehler in %%860 beim Aktualisieren von Signaturen.     Neue Signaturversion:
      Vorherige Signaturversion: 1.123.1936.0     Aktualisierungsquelle: %%851     Aktualisierungsstufe:
 %%852     Quellpfad: hxxp://go.microsoft.com/fwlink/?LinkID=187316&clcid=0x409&arch=x86&eng=2.0.8001.0&sig=11.0.0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094

	Signaturtyp:
 %%800     Aktualisierungstyp: %%803     Benutzer: NT-AUTORITÄT\NETZWERKDIENST     Aktuelle Modulversion:
      Vorherige Modulversion: 1.1.8202.0     Fehlercode: 0x80072ee7     Fehlerbeschreibung: Der
 Servername oder die Serveradresse konnte nicht verarbeitet werden. 
 
Error - 24.04.2012 11:12:24 | Computer Name = Nina-PC | Source = Microsoft Antimalware | ID = 2001
Description = Fehler in %%860 beim Aktualisieren von Signaturen.     Neue Signaturversion:
      Vorherige Signaturversion: 1.123.1936.0     Aktualisierungsquelle: %%851     Aktualisierungsstufe:
 %%852     Quellpfad: hxxp://go.microsoft.com/fwlink/?LinkID=187316&clcid=0x409&arch=x86&eng=2.0.8001.0&sig=11.0.0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094

	Signaturtyp:
 %%801     Aktualisierungstyp: %%803     Benutzer: NT-AUTORITÄT\NETZWERKDIENST     Aktuelle Modulversion:
      Vorherige Modulversion: 1.1.8202.0     Fehlercode: 0x80072ee7     Fehlerbeschreibung: Der
 Servername oder die Serveradresse konnte nicht verarbeitet werden. 
 
Error - 24.04.2012 11:12:24 | Computer Name = Nina-PC | Source = Microsoft Antimalware | ID = 2001
Description = Fehler in %%860 beim Aktualisieren von Signaturen.     Neue Signaturversion:
      Vorherige Signaturversion: 1.123.1936.0     Aktualisierungsquelle: %%851     Aktualisierungsstufe:
 %%852     Quellpfad: hxxp://go.microsoft.com/fwlink/?LinkID=187316&clcid=0x409&arch=x86&eng=2.0.8001.0&sig=11.0.0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094

	Signaturtyp:
 %%800     Aktualisierungstyp: %%803     Benutzer: NT-AUTORITÄT\NETZWERKDIENST     Aktuelle Modulversion:
      Vorherige Modulversion: 1.1.8202.0     Fehlercode: 0x80072ee7     Fehlerbeschreibung: Der
 Servername oder die Serveradresse konnte nicht verarbeitet werden. 
 
Error - 24.04.2012 11:12:24 | Computer Name = Nina-PC | Source = Microsoft Antimalware | ID = 2001
Description = Fehler in %%860 beim Aktualisieren von Signaturen.     Neue Signaturversion:
      Vorherige Signaturversion: 1.123.1936.0     Aktualisierungsquelle: %%851     Aktualisierungsstufe:
 %%852     Quellpfad: hxxp://go.microsoft.com/fwlink/?LinkID=187316&clcid=0x409&arch=x86&eng=2.0.8001.0&sig=11.0.0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094

	Signaturtyp:
 %%801     Aktualisierungstyp: %%803     Benutzer: NT-AUTORITÄT\NETZWERKDIENST     Aktuelle Modulversion:
      Vorherige Modulversion: 1.1.8202.0     Fehlercode: 0x80072ee7     Fehlerbeschreibung: Der
 Servername oder die Serveradresse konnte nicht verarbeitet werden. 
 
 
< End of report >

OTL.Txt-log-file:

Code:

ATTFilter

OTL logfile created on: 24.04.2012 17:09:07 - Run 2
OTL by OldTimer - Version 3.2.39.2     Folder = C:\Users\Nina\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,62 Gb Available Physical Memory | 54,06% Memory free
6,19 Gb Paging File | 4,72 Gb Available in Paging File | 76,30% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 289,06 Gb Total Space | 5,26 Gb Free Space | 1,82% Space Free | Partition Type: NTFS
Drive D: | 9,03 Gb Total Space | 1,17 Gb Free Space | 12,95% Space Free | Partition Type: NTFS
 
Computer Name: NINA-PC | User Name: Nina | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Nina\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Windows\System32\Macromed\Flash\FlashUtil32_11_2_202_233_ActiveX.exe (Adobe Systems Incorporated)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Programme\Google\Google Toolbar\GoogleToolbarUser_32.exe (Google Inc.)
PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Programme\Zune\ZuneLauncher.exe (Microsoft Corporation)
PRC - C:\Programme\Microsoft Security Client\msseces.exe (Microsoft Corporation)
PRC - C:\Programme\Internet Explorer\iexplore.exe (Microsoft Corporation)
PRC - c:\Programme\Microsoft Security Client\Antimalware\NisSrv.exe (Microsoft Corporation)
PRC - c:\Programme\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Programme\Veoh Networks\VeohWebPlayer\VeohWebPlayer.exe (Veoh Networks)
PRC - C:\Programme\Giraffic\GirafficWatchdog.exe (Giraffic)
PRC - C:\Programme\Giraffic\Giraffic.exe (Giraffic)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corp.)
PRC - C:\Programme\IDT\WDM\sttray.exe (IDT, Inc.)
PRC - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_e2247046\stacsv.exe (IDT, Inc.)
PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conime.exe (Microsoft Corporation)
PRC - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_e2247046\AEstSrv.exe (Andrea Electronics Corporation)
PRC - C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
PRC - C:\Programme\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
PRC - C:\Windows\SMINST\BLService.exe ()
PRC - C:\Programme\Pinnacle\Shared Files\Programs\StrmServer\StrmServer.exe (Avid Development GmbH)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
PRC - C:\Programme\T-Mobile\web'n'walk Manager\web'n'walk Manager.exe (T-Mobile)
PRC - C:\Programme\T-Mobile\web'n'walk Manager\GtDetectSc.exe (Option)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\09b9cd1c630210237b5b46d9943e1946\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\61759b9905aed9a87347d04b5fad046b\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\c50133cb67d7c013fa31e1ffb942060b\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll ()
MOD - C:\Programme\Veoh Networks\VeohWebPlayer\QtScript4.dll ()
MOD - C:\Programme\Veoh Networks\VeohWebPlayer\phonon4.dll ()
MOD - C:\Programme\Veoh Networks\VeohWebPlayer\QtWebKit4.dll ()
MOD - C:\Programme\Veoh Networks\VeohWebPlayer\QtGui4.dll ()
MOD - C:\Programme\Veoh Networks\VeohWebPlayer\QtCore4.dll ()
MOD - C:\Programme\Veoh Networks\VeohWebPlayer\QtNetwork4.dll ()
MOD - C:\Programme\Veoh Networks\VeohWebPlayer\imageformats\qjpeg4.dll ()
MOD - C:\Programme\Veoh Networks\VeohWebPlayer\imageformats\qgif4.dll ()
MOD - C:\Programme\HP\QuickPlay\Kernel\TV\CLCapEngine.dll ()
MOD - C:\Programme\HP\QuickPlay\Kernel\TV\CLSchMgr.dll ()
MOD - C:\Programme\HP\QuickPlay\Kernel\TV\CLCapSvcps.dll ()
MOD - C:\Programme\HP\QuickPlay\Kernel\TV\CLTinyDB.dll ()
MOD - C:\Programme\HP\QuickPlay\Kernel\common\MCEMediaStatus.dll ()
MOD - C:\Programme\Pinnacle\Shared Files\Programs\StrmServer\UPnPStreamingDevice.dll ()
MOD - C:\Programme\Common Files\LightScribe\QtGui4.dll ()
MOD - C:\Programme\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll ()
MOD - C:\Programme\Common Files\LightScribe\QtCore4.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MBAMService) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (ZuneWlanCfgSvc) -- C:\Programme\Zune\ZuneWlanCfgSvc.exe (Microsoft Corporation)
SRV - (WMZuneComm) -- C:\Programme\Zune\WMZuneComm.exe (Microsoft Corporation)
SRV - (ZuneNetworkSvc) -- C:\Programme\Zune\ZuneNss.exe (Microsoft Corporation)
SRV - (odserv) -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (NisSrv) -- c:\Programme\Microsoft Security Client\Antimalware\NisSrv.exe (Microsoft Corporation)
SRV - (MsMpSvc) -- c:\Programme\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SRV - (Giraffic) -- C:\Programme\Giraffic\GirafficWatchdog.exe (Giraffic)
SRV - (fsssvc) -- C:\Programme\Windows Live\Family Safety\fsssvc.exe (Microsoft Corporation)
SRV - (wlcrasvc) -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV - (wlidsvc) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (STacSV) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_e2247046\stacsv.exe (IDT, Inc.)
SRV - (AESTFilters) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_e2247046\AEstSrv.exe (Andrea Electronics Corporation)
SRV - (Recovery Service for Windows) -- C:\Windows\SMINST\BLService.exe ()
SRV - (ezSharedSvc) -- C:\Windows\System32\ezsvc7.dll (EasyBits Sofware AS)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (GtDetectSc) -- C:\Programme\T-Mobile\web'n'walk Manager\GtDetectSc.exe (Option)
SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (TrojanKillerDriver) -- C:\Windows\System32\drivers\gtkdrv.sys (Windows (R) Win 7 DDK provider)
DRV - (hpdskflt) -- C:\Windows\System32\drivers\hpdskflt.sys (Hewlett-Packard Company)
DRV - (Accelerometer) -- C:\Windows\System32\drivers\Accelerometer.sys (Hewlett-Packard Company)
DRV - (NisDrv) -- C:\Windows\System32\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV - (MpNWMon) -- C:\Windows\System32\drivers\MpNWMon.sys (Microsoft Corporation)
DRV - (acedrv11) -- C:\Windows\System32\drivers\acedrv11.sys (Protect Software GmbH)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (STHDA) -- C:\Windows\System32\drivers\stwrt.sys (IDT, Inc.)
DRV - (WinUSB) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (NETw5v32) Intel(R) -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation)
DRV - (JMCR) -- C:\Windows\System32\drivers\jmcr.sys (JMicron Technology Corporation)
DRV - (NVHDA) -- C:\Windows\System32\drivers\nvhda32v.sys (NVIDIA Corporation)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation                                            )
DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (enecir) -- C:\Windows\System32\drivers\enecir.sys (ENE TECHNOLOGY INC.)
DRV - (GT72NDISIPXP) -- C:\Windows\System32\drivers\Gt51Ip.sys (Option NV)
DRV - (GT72UBUS) -- C:\Windows\System32\drivers\gt72ubus.sys (Option N.V.)
DRV - (HpqKbFiltr) -- C:\Windows\System32\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV - (Ltn_stk7070P) -- C:\Windows\System32\drivers\Ltn_stk7070P.sys (LITEON)
DRV - (Ltn_stkrc) -- C:\Windows\System32\drivers\Ltn_stkrc.sys (LITEON)
DRV - (GTPTSER) -- C:\Windows\System32\drivers\gtptser.sys (Option N.V.)
DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvm60x32.sys (NVIDIA Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=83&bd=Pavilion&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=83&bd=Pavilion&pf=cnnb
IE - HKLM\..\URLSearchHook: {cd90bf73-20f6-44ef-993d-bb920303bd2e} - C:\Programme\Veoh_Web_Player\prxtbVeoh.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{34167F0C-A7FC-4E6B-8D5F-5C357F1719E9}: "URL" = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{AF87E9C8-C850-44DB-AA47-5F3B71B85896}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcnnbie7-de-de
IE - HKLM\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2653012
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=83&bd=Pavilion&pf=cnnb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.gmx.net/themen/nachrichten/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - No CLSID value found
IE - HKCU\..\URLSearchHook: {cd90bf73-20f6-44ef-993d-bb920303bd2e} - C:\Programme\Veoh_Web_Player\prxtbVeoh.dll (Conduit Ltd.)
IE - HKCU\..\SearchScopes,DefaultScope = {DF9519CB-6984-4763-A926-EBAD4BB9672A}
IE - HKCU\..\SearchScopes\{2CDF6C72-1159-4A03-95AC-412ED051C724}: "URL" = hxxp://go.gmx.net/tb/ie_searchplugin/?su={searchTerms}
IE - HKCU\..\SearchScopes\{34167F0C-A7FC-4E6B-8D5F-5C357F1719E9}: "URL" = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933
IE - HKCU\..\SearchScopes\{AF87E9C8-C850-44DB-AA47-5F3B71B85896}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcnnbie7-de-de
IE - HKCU\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2653012
IE - HKCU\..\SearchScopes\{DF9519CB-6984-4763-A926-EBAD4BB9672A}: "URL" = hxxp://www.google.de/search?q={searchTerms}&rlz=1I7GGLL_deDE434
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "AutoConfigURL" = hxxp://pac.lrz-muenchen.de/
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultthis.engineName: "Veoh Web Player Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2653012&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "Veoh Web Player Customized Web Search"
FF - prefs.js..browser.startup.homepage: "hxxp://search.conduit.com/?ctid=CT2653012&SearchSource=13"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: toolbar@gmx.net:1.5
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.3.2
FF - prefs.js..extensions.enabledItems: {cd90bf73-20f6-44ef-993d-bb920303bd2e}:3.3.3.2
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_233.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.04.07 10:51:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.04.12 20:07:43 | 000,000,000 | ---D | M]
 
[2010.03.12 12:53:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nina\AppData\Roaming\mozilla\Extensions
[2011.12.15 12:59:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nina\AppData\Roaming\mozilla\Firefox\Profiles\4o4h8qnf.default\extensions
[2011.04.28 12:22:29 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Nina\AppData\Roaming\mozilla\Firefox\Profiles\4o4h8qnf.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.06.03 17:44:13 | 000,000,000 | ---D | M] (Veoh Web Player Community Toolbar) -- C:\Users\Nina\AppData\Roaming\mozilla\Firefox\Profiles\4o4h8qnf.default\extensions\{cd90bf73-20f6-44ef-993d-bb920303bd2e}
[2011.06.03 17:44:09 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Nina\AppData\Roaming\mozilla\Firefox\Profiles\4o4h8qnf.default\extensions\engine@conduit.com
[2011.05.30 11:02:05 | 000,000,000 | ---D | M] (GMX Toolbar) -- C:\Users\Nina\AppData\Roaming\mozilla\Firefox\Profiles\4o4h8qnf.default\extensions\toolbar@gmx.net
[2011.03.21 14:46:56 | 000,000,933 | ---- | M] () -- C:\Users\Nina\AppData\Roaming\Mozilla\Firefox\Profiles\4o4h8qnf.default\searchplugins\conduit.xml
[2012.02.12 22:34:29 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2010.05.16 19:14:24 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.08.03 14:46:57 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010.10.20 10:03:33 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011.01.17 15:44:41 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011.02.20 21:17:45 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011.06.15 13:39:33 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011.10.22 15:07:01 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
[2012.02.12 22:34:29 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}
[2010.03.22 12:01:42 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
[2010.05.16 19:14:24 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.08.03 14:46:57 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010.10.20 10:03:33 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011.01.17 15:44:41 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011.02.20 21:17:45 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011.06.15 13:39:33 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011.10.22 15:07:01 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
[2011.11.10 06:54:13 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010.01.16 03:15:29 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.01.16 03:15:29 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2010.01.16 03:15:29 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.01.16 03:15:29 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.01.16 03:15:29 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = hxxp://www.google.de/search?q={searchTerms}
CHR - default_search_provider: suggest_url = 
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Windows Live Messenger Companion Helper) - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O2 - BHO: (Veoh Web Player Toolbar) - {cd90bf73-20f6-44ef-993d-bb920303bd2e} - C:\Programme\Veoh_Web_Player\prxtbVeoh.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Veoh Web Player Toolbar) - {cd90bf73-20f6-44ef-993d-bb920303bd2e} - C:\Programme\Veoh_Web_Player\prxtbVeoh.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C424171E-592A-415A-9EB1-DFD6D95D3530} - No CLSID value found.
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Programme\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" File not found
O4 - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Zune Launcher] C:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation)
O4 - HKCU..\Run: [{0E72B33F-C093-4B1A-8B7C-90766110C756}] C:\Users\Nina\AppData\Roaming\Ogug\ytsyhyz.exe File not found
O4 - HKCU..\Run: [AlSnqDidGxPete.exe] C:\ProgramData\AlSnqDidGxPete.exe File not found
O4 - HKCU..\Run: [PMCRemote]  File not found
O4 - HKCU..\Run: [VeohPlugin] C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe (Veoh Networks)
O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Nina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Lokales Intranet)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} hxxp://office.microsoft.com/sites/production/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 141.40.145.24
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{018D3980-E9A5-441C-B4D4-130FF89757C7}: DhcpNameServer = 193.254.160.1 10.74.83.22
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6CC5C486-2CF8-499A-9C94-7E937FED3170}: DhcpNameServer = 141.40.145.24
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\Skyline.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\Skyline.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2008.11.18 01:02:24 | 000,003,802 | ---- | M] () - C:\Autorun_dll.log -- [ NTFS ]
O33 - MountPoints2\{064f6f6d-bf3e-11de-9641-001eecb1050c}\Shell - "" = AutoRun
O33 - MountPoints2\{064f6f6d-bf3e-11de-9641-001eecb1050c}\Shell\AutoRun\command - "" = F:\setup.exe AUTORUN=1
O33 - MountPoints2\{569ba8b3-a4bd-11df-8882-001eecb1050c}\Shell - "" = AutoRun
O33 - MountPoints2\{569ba8b3-a4bd-11df-8882-001eecb1050c}\Shell\AutoRun\command - "" = F:\setup.exe
O33 - MountPoints2\{569ba8ce-a4bd-11df-8882-001eecb1050c}\Shell - "" = AutoRun
O33 - MountPoints2\{569ba8ce-a4bd-11df-8882-001eecb1050c}\Shell\AutoRun\command - "" = F:\setup.exe
O33 - MountPoints2\{94f2013f-a779-11dd-b556-001eecb1050c}\Shell - "" = AutoRun
O33 - MountPoints2\{94f2013f-a779-11dd-b556-001eecb1050c}\Shell\AutoRun\command - "" = G:\LaunchU3.exe
O33 - MountPoints2\{cddcfffa-a6a4-11df-8459-001eecb1050c}\Shell - "" = AutoRun
O33 - MountPoints2\{cddcfffa-a6a4-11df-8459-001eecb1050c}\Shell\AutoRun\command - "" = F:\setup.exe
O33 - MountPoints2\{cddcfffb-a6a4-11df-8459-001eecb1050c}\Shell - "" = AutoRun
O33 - MountPoints2\{cddcfffb-a6a4-11df-8459-001eecb1050c}\Shell\AutoRun\command - "" = F:\setup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.04.18 21:34:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2012.04.18 21:34:16 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012.04.17 20:17:39 | 000,000,000 | ---D | C] -- C:\Users\Nina\Logs
[2012.04.17 15:05:46 | 010,063,000 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\Nina\Desktop\mbam-setup-1.61.0.1400.exe
[2012.04.17 13:12:06 | 000,000,000 | ---D | C] -- C:\Users\Nina\AppData\Roaming\Malwarebytes
[2012.04.17 13:11:45 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.04.17 13:11:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.04.17 13:11:45 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.04.17 13:11:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.04.16 14:33:33 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Users\Nina\Desktop\OTL.exe
[2012.04.15 22:13:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GridinSoft Trojan Killer
[2012.04.15 22:13:08 | 000,000,000 | ---D | C] -- C:\Program Files\GridinSoft Trojan Killer
[2012.04.15 18:16:46 | 000,000,000 | ---D | C] -- C:\Users\Nina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SMART HDD
[2012.04.14 21:41:48 | 000,000,000 | ---D | C] -- C:\Users\Nina\AppData\Roaming\Ryloso
[2012.04.14 21:41:48 | 000,000,000 | ---D | C] -- C:\Users\Nina\AppData\Roaming\Ogug
[2012.04.13 13:53:47 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012.04.13 13:53:45 | 001,799,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012.04.13 13:53:41 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012.04.13 13:53:40 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012.04.13 13:53:40 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012.04.13 13:53:39 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012.04.13 13:47:23 | 003,602,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2012.04.13 13:47:23 | 003,550,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2012.04.02 11:40:48 | 000,000,000 | ---D | C] -- C:\Users\Nina\AppData\Local\{B40A3199-0D6E-4FEF-920F-90EF0681B1FF}
[2012.04.01 16:04:41 | 000,418,464 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.04.24 17:12:11 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.04.24 17:08:12 | 000,630,842 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.04.24 17:08:12 | 000,598,096 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.04.24 17:08:12 | 000,127,454 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.04.24 17:08:12 | 000,105,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.04.24 17:06:30 | 000,000,349 | ---- | M] () -- C:\Users\Public\Documents\PCLECHAL.INI
[2012.04.24 17:05:46 | 000,001,090 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.04.24 17:01:48 | 000,003,216 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.04.24 17:01:48 | 000,003,216 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.04.24 17:01:47 | 000,167,368 | ---- | M] () -- C:\ProgramData\nvModes.001
[2012.04.24 17:01:41 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.04.24 17:01:39 | 3218,042,880 | -HS- | M] () -- C:\hiberfil.sys
[2012.04.24 17:00:24 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012.04.24 16:27:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.04.18 21:34:19 | 000,000,804 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.04.17 15:07:00 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.04.17 15:05:49 | 010,063,000 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\Nina\Desktop\mbam-setup-1.61.0.1400.exe
[2012.04.16 14:33:35 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Nina\Desktop\OTL.exe
[2012.04.15 22:13:14 | 000,000,936 | ---- | M] () -- C:\Users\Public\Desktop\Trojan Killer.lnk
[2012.04.15 18:17:53 | 000,000,256 | ---- | M] () -- C:\ProgramData\EwxRa6k2hb2uaz
[2012.04.15 18:16:46 | 000,000,599 | ---- | M] () -- C:\Users\Nina\Desktop\SMART_HDD.lnk
[2012.04.15 13:41:46 | 000,167,368 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2012.04.14 14:27:08 | 000,418,464 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012.04.14 14:27:07 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012.04.10 21:14:28 | 000,001,971 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012.04.04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.04.03 20:39:37 | 000,101,675 | ---- | M] () -- C:\Users\Nina\80456980.jpg
[2012.04.03 20:31:39 | 000,037,713 | ---- | M] () -- C:\Users\Nina\11gp2-2008-du2-tm-0027.jpg
[2012.03.29 22:20:48 | 000,035,480 | ---- | M] () -- C:\Users\Nina\tumblr_lzvdes5Shv1qlpspqo1_400.jpg
[2012.03.29 22:20:47 | 000,030,282 | ---- | M] () -- C:\Users\Nina\tumblr_lzywbqkdOk1qlpspqo1_400.jpg
[2012.03.27 22:36:21 | 000,001,589 | ---- | M] () -- C:\Users\Nina\Desktop\Browserwahl.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.04.18 21:34:19 | 000,000,804 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.04.18 21:25:22 | 3218,042,880 | -HS- | C] () -- C:\hiberfil.sys
[2012.04.17 13:11:46 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.04.15 22:18:27 | 000,002,179 | ---- | C] () -- C:\Users\Public\Desktop\Sherlock Holmes - Die Spur der Erwachten Remastered spielen.lnk
[2012.04.15 22:18:27 | 000,002,073 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2012.04.15 22:18:27 | 000,001,971 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012.04.15 22:18:27 | 000,001,892 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2012.04.15 22:18:27 | 000,001,873 | ---- | C] () -- C:\Users\Public\Desktop\HP Hilfe und Support.lnk
[2012.04.15 22:18:27 | 000,001,859 | ---- | C] () -- C:\Users\Public\Desktop\HP Total Care Advisor.lnk
[2012.04.15 22:18:27 | 000,001,810 | ---- | C] () -- C:\Users\Public\Desktop\Pinnacle TVCenter Pro.lnk
[2012.04.15 22:18:27 | 000,001,724 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.04.15 22:18:27 | 000,001,589 | ---- | C] () -- C:\Users\Public\Desktop\Browserwahl.lnk
[2012.04.15 22:18:27 | 000,001,425 | ---- | C] () -- C:\Users\Public\Desktop\e-Seq V2.0.lnk
[2012.04.15 22:18:27 | 000,001,053 | ---- | C] () -- C:\Users\Public\Desktop\web'n'walk Manager.lnk
[2012.04.15 22:18:27 | 000,000,838 | ---- | C] () -- C:\Users\Public\Desktop\Zune.lnk
[2012.04.15 22:13:14 | 000,000,936 | ---- | C] () -- C:\Users\Public\Desktop\Trojan Killer.lnk
[2012.04.15 18:16:46 | 000,000,599 | ---- | C] () -- C:\Users\Nina\Desktop\SMART_HDD.lnk
[2012.04.15 18:16:28 | 000,000,256 | ---- | C] () -- C:\ProgramData\EwxRa6k2hb2uaz
[2012.04.03 20:39:50 | 000,101,675 | ---- | C] () -- C:\Users\Nina\80456980.jpg
[2012.04.03 20:31:59 | 000,037,713 | ---- | C] () -- C:\Users\Nina\11gp2-2008-du2-tm-0027.jpg
[2012.04.01 16:04:43 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.03.29 22:22:46 | 000,030,282 | ---- | C] () -- C:\Users\Nina\tumblr_lzywbqkdOk1qlpspqo1_400.jpg
[2012.03.29 22:22:34 | 000,035,480 | ---- | C] () -- C:\Users\Nina\tumblr_lzvdes5Shv1qlpspqo1_400.jpg
[2012.03.27 22:36:21 | 000,001,589 | ---- | C] () -- C:\Users\Nina\Desktop\Browserwahl.lnk
[2010.11.05 18:25:26 | 000,765,952 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2010.11.05 18:25:25 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2010.09.17 15:41:24 | 000,000,600 | ---- | C] () -- C:\Users\Nina\AppData\Roaming\winscp.rnd
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:DFC5A2B2

< End of report >

Chrissi25 · 24.04.2012, 16:30

Anschließend habe ich noch den CCleaner nach deinen Angaben ausgeführt.

Code:

ATTFilter

OTL logfile created on: 24.04.2012 17:09:07 - Run 2
OTL by OldTimer - Version 3.2.39.2     Folder = C:\Users\Nina\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,62 Gb Available Physical Memory | 54,06% Memory free
6,19 Gb Paging File | 4,72 Gb Available in Paging File | 76,30% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 289,06 Gb Total Space | 5,26 Gb Free Space | 1,82% Space Free | Partition Type: NTFS
Drive D: | 9,03 Gb Total Space | 1,17 Gb Free Space | 12,95% Space Free | Partition Type: NTFS
 
Computer Name: NINA-PC | User Name: Nina | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Nina\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Windows\System32\Macromed\Flash\FlashUtil32_11_2_202_233_ActiveX.exe (Adobe Systems Incorporated)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Programme\Google\Google Toolbar\GoogleToolbarUser_32.exe (Google Inc.)
PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Programme\Zune\ZuneLauncher.exe (Microsoft Corporation)
PRC - C:\Programme\Microsoft Security Client\msseces.exe (Microsoft Corporation)
PRC - C:\Programme\Internet Explorer\iexplore.exe (Microsoft Corporation)
PRC - c:\Programme\Microsoft Security Client\Antimalware\NisSrv.exe (Microsoft Corporation)
PRC - c:\Programme\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Programme\Veoh Networks\VeohWebPlayer\VeohWebPlayer.exe (Veoh Networks)
PRC - C:\Programme\Giraffic\GirafficWatchdog.exe (Giraffic)
PRC - C:\Programme\Giraffic\Giraffic.exe (Giraffic)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corp.)
PRC - C:\Programme\IDT\WDM\sttray.exe (IDT, Inc.)
PRC - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_e2247046\stacsv.exe (IDT, Inc.)
PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conime.exe (Microsoft Corporation)
PRC - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_e2247046\AEstSrv.exe (Andrea Electronics Corporation)
PRC - C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
PRC - C:\Programme\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
PRC - C:\Windows\SMINST\BLService.exe ()
PRC - C:\Programme\Pinnacle\Shared Files\Programs\StrmServer\StrmServer.exe (Avid Development GmbH)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
PRC - C:\Programme\T-Mobile\web'n'walk Manager\web'n'walk Manager.exe (T-Mobile)
PRC - C:\Programme\T-Mobile\web'n'walk Manager\GtDetectSc.exe (Option)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\09b9cd1c630210237b5b46d9943e1946\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\61759b9905aed9a87347d04b5fad046b\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\c50133cb67d7c013fa31e1ffb942060b\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll ()
MOD - C:\Programme\Veoh Networks\VeohWebPlayer\QtScript4.dll ()
MOD - C:\Programme\Veoh Networks\VeohWebPlayer\phonon4.dll ()
MOD - C:\Programme\Veoh Networks\VeohWebPlayer\QtWebKit4.dll ()
MOD - C:\Programme\Veoh Networks\VeohWebPlayer\QtGui4.dll ()
MOD - C:\Programme\Veoh Networks\VeohWebPlayer\QtCore4.dll ()
MOD - C:\Programme\Veoh Networks\VeohWebPlayer\QtNetwork4.dll ()
MOD - C:\Programme\Veoh Networks\VeohWebPlayer\imageformats\qjpeg4.dll ()
MOD - C:\Programme\Veoh Networks\VeohWebPlayer\imageformats\qgif4.dll ()
MOD - C:\Programme\HP\QuickPlay\Kernel\TV\CLCapEngine.dll ()
MOD - C:\Programme\HP\QuickPlay\Kernel\TV\CLSchMgr.dll ()
MOD - C:\Programme\HP\QuickPlay\Kernel\TV\CLCapSvcps.dll ()
MOD - C:\Programme\HP\QuickPlay\Kernel\TV\CLTinyDB.dll ()
MOD - C:\Programme\HP\QuickPlay\Kernel\common\MCEMediaStatus.dll ()
MOD - C:\Programme\Pinnacle\Shared Files\Programs\StrmServer\UPnPStreamingDevice.dll ()
MOD - C:\Programme\Common Files\LightScribe\QtGui4.dll ()
MOD - C:\Programme\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll ()
MOD - C:\Programme\Common Files\LightScribe\QtCore4.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MBAMService) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (ZuneWlanCfgSvc) -- C:\Programme\Zune\ZuneWlanCfgSvc.exe (Microsoft Corporation)
SRV - (WMZuneComm) -- C:\Programme\Zune\WMZuneComm.exe (Microsoft Corporation)
SRV - (ZuneNetworkSvc) -- C:\Programme\Zune\ZuneNss.exe (Microsoft Corporation)
SRV - (odserv) -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (NisSrv) -- c:\Programme\Microsoft Security Client\Antimalware\NisSrv.exe (Microsoft Corporation)
SRV - (MsMpSvc) -- c:\Programme\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SRV - (Giraffic) -- C:\Programme\Giraffic\GirafficWatchdog.exe (Giraffic)
SRV - (fsssvc) -- C:\Programme\Windows Live\Family Safety\fsssvc.exe (Microsoft Corporation)
SRV - (wlcrasvc) -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV - (wlidsvc) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (STacSV) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_e2247046\stacsv.exe (IDT, Inc.)
SRV - (AESTFilters) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_e2247046\AEstSrv.exe (Andrea Electronics Corporation)
SRV - (Recovery Service for Windows) -- C:\Windows\SMINST\BLService.exe ()
SRV - (ezSharedSvc) -- C:\Windows\System32\ezsvc7.dll (EasyBits Sofware AS)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (GtDetectSc) -- C:\Programme\T-Mobile\web'n'walk Manager\GtDetectSc.exe (Option)
SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (TrojanKillerDriver) -- C:\Windows\System32\drivers\gtkdrv.sys (Windows (R) Win 7 DDK provider)
DRV - (hpdskflt) -- C:\Windows\System32\drivers\hpdskflt.sys (Hewlett-Packard Company)
DRV - (Accelerometer) -- C:\Windows\System32\drivers\Accelerometer.sys (Hewlett-Packard Company)
DRV - (NisDrv) -- C:\Windows\System32\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV - (MpNWMon) -- C:\Windows\System32\drivers\MpNWMon.sys (Microsoft Corporation)
DRV - (acedrv11) -- C:\Windows\System32\drivers\acedrv11.sys (Protect Software GmbH)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (STHDA) -- C:\Windows\System32\drivers\stwrt.sys (IDT, Inc.)
DRV - (WinUSB) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (NETw5v32) Intel(R) -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation)
DRV - (JMCR) -- C:\Windows\System32\drivers\jmcr.sys (JMicron Technology Corporation)
DRV - (NVHDA) -- C:\Windows\System32\drivers\nvhda32v.sys (NVIDIA Corporation)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation                                            )
DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (enecir) -- C:\Windows\System32\drivers\enecir.sys (ENE TECHNOLOGY INC.)
DRV - (GT72NDISIPXP) -- C:\Windows\System32\drivers\Gt51Ip.sys (Option NV)
DRV - (GT72UBUS) -- C:\Windows\System32\drivers\gt72ubus.sys (Option N.V.)
DRV - (HpqKbFiltr) -- C:\Windows\System32\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV - (Ltn_stk7070P) -- C:\Windows\System32\drivers\Ltn_stk7070P.sys (LITEON)
DRV - (Ltn_stkrc) -- C:\Windows\System32\drivers\Ltn_stkrc.sys (LITEON)
DRV - (GTPTSER) -- C:\Windows\System32\drivers\gtptser.sys (Option N.V.)
DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvm60x32.sys (NVIDIA Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=83&bd=Pavilion&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=83&bd=Pavilion&pf=cnnb
IE - HKLM\..\URLSearchHook: {cd90bf73-20f6-44ef-993d-bb920303bd2e} - C:\Programme\Veoh_Web_Player\prxtbVeoh.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{34167F0C-A7FC-4E6B-8D5F-5C357F1719E9}: "URL" = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{AF87E9C8-C850-44DB-AA47-5F3B71B85896}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcnnbie7-de-de
IE - HKLM\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2653012
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=83&bd=Pavilion&pf=cnnb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.gmx.net/themen/nachrichten/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - No CLSID value found
IE - HKCU\..\URLSearchHook: {cd90bf73-20f6-44ef-993d-bb920303bd2e} - C:\Programme\Veoh_Web_Player\prxtbVeoh.dll (Conduit Ltd.)
IE - HKCU\..\SearchScopes,DefaultScope = {DF9519CB-6984-4763-A926-EBAD4BB9672A}
IE - HKCU\..\SearchScopes\{2CDF6C72-1159-4A03-95AC-412ED051C724}: "URL" = hxxp://go.gmx.net/tb/ie_searchplugin/?su={searchTerms}
IE - HKCU\..\SearchScopes\{34167F0C-A7FC-4E6B-8D5F-5C357F1719E9}: "URL" = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933
IE - HKCU\..\SearchScopes\{AF87E9C8-C850-44DB-AA47-5F3B71B85896}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcnnbie7-de-de
IE - HKCU\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2653012
IE - HKCU\..\SearchScopes\{DF9519CB-6984-4763-A926-EBAD4BB9672A}: "URL" = hxxp://www.google.de/search?q={searchTerms}&rlz=1I7GGLL_deDE434
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "AutoConfigURL" = hxxp://pac.lrz-muenchen.de/
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultthis.engineName: "Veoh Web Player Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2653012&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "Veoh Web Player Customized Web Search"
FF - prefs.js..browser.startup.homepage: "hxxp://search.conduit.com/?ctid=CT2653012&SearchSource=13"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: toolbar@gmx.net:1.5
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.3.2
FF - prefs.js..extensions.enabledItems: {cd90bf73-20f6-44ef-993d-bb920303bd2e}:3.3.3.2
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_233.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.04.07 10:51:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.04.12 20:07:43 | 000,000,000 | ---D | M]
 
[2010.03.12 12:53:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nina\AppData\Roaming\mozilla\Extensions
[2011.12.15 12:59:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nina\AppData\Roaming\mozilla\Firefox\Profiles\4o4h8qnf.default\extensions
[2011.04.28 12:22:29 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Nina\AppData\Roaming\mozilla\Firefox\Profiles\4o4h8qnf.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.06.03 17:44:13 | 000,000,000 | ---D | M] (Veoh Web Player Community Toolbar) -- C:\Users\Nina\AppData\Roaming\mozilla\Firefox\Profiles\4o4h8qnf.default\extensions\{cd90bf73-20f6-44ef-993d-bb920303bd2e}
[2011.06.03 17:44:09 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Nina\AppData\Roaming\mozilla\Firefox\Profiles\4o4h8qnf.default\extensions\engine@conduit.com
[2011.05.30 11:02:05 | 000,000,000 | ---D | M] (GMX Toolbar) -- C:\Users\Nina\AppData\Roaming\mozilla\Firefox\Profiles\4o4h8qnf.default\extensions\toolbar@gmx.net
[2011.03.21 14:46:56 | 000,000,933 | ---- | M] () -- C:\Users\Nina\AppData\Roaming\Mozilla\Firefox\Profiles\4o4h8qnf.default\searchplugins\conduit.xml
[2012.02.12 22:34:29 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2010.05.16 19:14:24 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.08.03 14:46:57 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010.10.20 10:03:33 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011.01.17 15:44:41 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011.02.20 21:17:45 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011.06.15 13:39:33 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011.10.22 15:07:01 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
[2012.02.12 22:34:29 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}
[2010.03.22 12:01:42 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
[2010.05.16 19:14:24 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.08.03 14:46:57 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010.10.20 10:03:33 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011.01.17 15:44:41 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011.02.20 21:17:45 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011.06.15 13:39:33 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011.10.22 15:07:01 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
[2011.11.10 06:54:13 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010.01.16 03:15:29 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.01.16 03:15:29 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2010.01.16 03:15:29 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.01.16 03:15:29 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.01.16 03:15:29 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = hxxp://www.google.de/search?q={searchTerms}
CHR - default_search_provider: suggest_url = 
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Windows Live Messenger Companion Helper) - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O2 - BHO: (Veoh Web Player Toolbar) - {cd90bf73-20f6-44ef-993d-bb920303bd2e} - C:\Programme\Veoh_Web_Player\prxtbVeoh.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Veoh Web Player Toolbar) - {cd90bf73-20f6-44ef-993d-bb920303bd2e} - C:\Programme\Veoh_Web_Player\prxtbVeoh.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C424171E-592A-415A-9EB1-DFD6D95D3530} - No CLSID value found.
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Programme\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" File not found
O4 - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Zune Launcher] C:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation)
O4 - HKCU..\Run: [{0E72B33F-C093-4B1A-8B7C-90766110C756}] C:\Users\Nina\AppData\Roaming\Ogug\ytsyhyz.exe File not found
O4 - HKCU..\Run: [AlSnqDidGxPete.exe] C:\ProgramData\AlSnqDidGxPete.exe File not found
O4 - HKCU..\Run: [PMCRemote]  File not found
O4 - HKCU..\Run: [VeohPlugin] C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe (Veoh Networks)
O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Nina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Lokales Intranet)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} hxxp://office.microsoft.com/sites/production/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 141.40.145.24
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{018D3980-E9A5-441C-B4D4-130FF89757C7}: DhcpNameServer = 193.254.160.1 10.74.83.22
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6CC5C486-2CF8-499A-9C94-7E937FED3170}: DhcpNameServer = 141.40.145.24
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\Skyline.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\Skyline.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2008.11.18 01:02:24 | 000,003,802 | ---- | M] () - C:\Autorun_dll.log -- [ NTFS ]
O33 - MountPoints2\{064f6f6d-bf3e-11de-9641-001eecb1050c}\Shell - "" = AutoRun
O33 - MountPoints2\{064f6f6d-bf3e-11de-9641-001eecb1050c}\Shell\AutoRun\command - "" = F:\setup.exe AUTORUN=1
O33 - MountPoints2\{569ba8b3-a4bd-11df-8882-001eecb1050c}\Shell - "" = AutoRun
O33 - MountPoints2\{569ba8b3-a4bd-11df-8882-001eecb1050c}\Shell\AutoRun\command - "" = F:\setup.exe
O33 - MountPoints2\{569ba8ce-a4bd-11df-8882-001eecb1050c}\Shell - "" = AutoRun
O33 - MountPoints2\{569ba8ce-a4bd-11df-8882-001eecb1050c}\Shell\AutoRun\command - "" = F:\setup.exe
O33 - MountPoints2\{94f2013f-a779-11dd-b556-001eecb1050c}\Shell - "" = AutoRun
O33 - MountPoints2\{94f2013f-a779-11dd-b556-001eecb1050c}\Shell\AutoRun\command - "" = G:\LaunchU3.exe
O33 - MountPoints2\{cddcfffa-a6a4-11df-8459-001eecb1050c}\Shell - "" = AutoRun
O33 - MountPoints2\{cddcfffa-a6a4-11df-8459-001eecb1050c}\Shell\AutoRun\command - "" = F:\setup.exe
O33 - MountPoints2\{cddcfffb-a6a4-11df-8459-001eecb1050c}\Shell - "" = AutoRun
O33 - MountPoints2\{cddcfffb-a6a4-11df-8459-001eecb1050c}\Shell\AutoRun\command - "" = F:\setup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.04.18 21:34:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2012.04.18 21:34:16 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012.04.17 20:17:39 | 000,000,000 | ---D | C] -- C:\Users\Nina\Logs
[2012.04.17 15:05:46 | 010,063,000 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\Nina\Desktop\mbam-setup-1.61.0.1400.exe
[2012.04.17 13:12:06 | 000,000,000 | ---D | C] -- C:\Users\Nina\AppData\Roaming\Malwarebytes
[2012.04.17 13:11:45 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.04.17 13:11:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.04.17 13:11:45 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.04.17 13:11:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.04.16 14:33:33 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Users\Nina\Desktop\OTL.exe
[2012.04.15 22:13:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GridinSoft Trojan Killer
[2012.04.15 22:13:08 | 000,000,000 | ---D | C] -- C:\Program Files\GridinSoft Trojan Killer
[2012.04.15 18:16:46 | 000,000,000 | ---D | C] -- C:\Users\Nina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SMART HDD
[2012.04.14 21:41:48 | 000,000,000 | ---D | C] -- C:\Users\Nina\AppData\Roaming\Ryloso
[2012.04.14 21:41:48 | 000,000,000 | ---D | C] -- C:\Users\Nina\AppData\Roaming\Ogug
[2012.04.13 13:53:47 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012.04.13 13:53:45 | 001,799,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012.04.13 13:53:41 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012.04.13 13:53:40 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012.04.13 13:53:40 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012.04.13 13:53:39 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012.04.13 13:47:23 | 003,602,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2012.04.13 13:47:23 | 003,550,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2012.04.02 11:40:48 | 000,000,000 | ---D | C] -- C:\Users\Nina\AppData\Local\{B40A3199-0D6E-4FEF-920F-90EF0681B1FF}
[2012.04.01 16:04:41 | 000,418,464 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.04.24 17:12:11 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.04.24 17:08:12 | 000,630,842 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.04.24 17:08:12 | 000,598,096 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.04.24 17:08:12 | 000,127,454 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.04.24 17:08:12 | 000,105,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.04.24 17:06:30 | 000,000,349 | ---- | M] () -- C:\Users\Public\Documents\PCLECHAL.INI
[2012.04.24 17:05:46 | 000,001,090 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.04.24 17:01:48 | 000,003,216 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.04.24 17:01:48 | 000,003,216 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.04.24 17:01:47 | 000,167,368 | ---- | M] () -- C:\ProgramData\nvModes.001
[2012.04.24 17:01:41 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.04.24 17:01:39 | 3218,042,880 | -HS- | M] () -- C:\hiberfil.sys
[2012.04.24 17:00:24 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012.04.24 16:27:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.04.18 21:34:19 | 000,000,804 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.04.17 15:07:00 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.04.17 15:05:49 | 010,063,000 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\Nina\Desktop\mbam-setup-1.61.0.1400.exe
[2012.04.16 14:33:35 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Nina\Desktop\OTL.exe
[2012.04.15 22:13:14 | 000,000,936 | ---- | M] () -- C:\Users\Public\Desktop\Trojan Killer.lnk
[2012.04.15 18:17:53 | 000,000,256 | ---- | M] () -- C:\ProgramData\EwxRa6k2hb2uaz
[2012.04.15 18:16:46 | 000,000,599 | ---- | M] () -- C:\Users\Nina\Desktop\SMART_HDD.lnk
[2012.04.15 13:41:46 | 000,167,368 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2012.04.14 14:27:08 | 000,418,464 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012.04.14 14:27:07 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012.04.10 21:14:28 | 000,001,971 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012.04.04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.04.03 20:39:37 | 000,101,675 | ---- | M] () -- C:\Users\Nina\80456980.jpg
[2012.04.03 20:31:39 | 000,037,713 | ---- | M] () -- C:\Users\Nina\11gp2-2008-du2-tm-0027.jpg
[2012.03.29 22:20:48 | 000,035,480 | ---- | M] () -- C:\Users\Nina\tumblr_lzvdes5Shv1qlpspqo1_400.jpg
[2012.03.29 22:20:47 | 000,030,282 | ---- | M] () -- C:\Users\Nina\tumblr_lzywbqkdOk1qlpspqo1_400.jpg
[2012.03.27 22:36:21 | 000,001,589 | ---- | M] () -- C:\Users\Nina\Desktop\Browserwahl.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.04.18 21:34:19 | 000,000,804 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.04.18 21:25:22 | 3218,042,880 | -HS- | C] () -- C:\hiberfil.sys
[2012.04.17 13:11:46 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.04.15 22:18:27 | 000,002,179 | ---- | C] () -- C:\Users\Public\Desktop\Sherlock Holmes - Die Spur der Erwachten Remastered spielen.lnk
[2012.04.15 22:18:27 | 000,002,073 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2012.04.15 22:18:27 | 000,001,971 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012.04.15 22:18:27 | 000,001,892 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2012.04.15 22:18:27 | 000,001,873 | ---- | C] () -- C:\Users\Public\Desktop\HP Hilfe und Support.lnk
[2012.04.15 22:18:27 | 000,001,859 | ---- | C] () -- C:\Users\Public\Desktop\HP Total Care Advisor.lnk
[2012.04.15 22:18:27 | 000,001,810 | ---- | C] () -- C:\Users\Public\Desktop\Pinnacle TVCenter Pro.lnk
[2012.04.15 22:18:27 | 000,001,724 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.04.15 22:18:27 | 000,001,589 | ---- | C] () -- C:\Users\Public\Desktop\Browserwahl.lnk
[2012.04.15 22:18:27 | 000,001,425 | ---- | C] () -- C:\Users\Public\Desktop\e-Seq V2.0.lnk
[2012.04.15 22:18:27 | 000,001,053 | ---- | C] () -- C:\Users\Public\Desktop\web'n'walk Manager.lnk
[2012.04.15 22:18:27 | 000,000,838 | ---- | C] () -- C:\Users\Public\Desktop\Zune.lnk
[2012.04.15 22:13:14 | 000,000,936 | ---- | C] () -- C:\Users\Public\Desktop\Trojan Killer.lnk
[2012.04.15 18:16:46 | 000,000,599 | ---- | C] () -- C:\Users\Nina\Desktop\SMART_HDD.lnk
[2012.04.15 18:16:28 | 000,000,256 | ---- | C] () -- C:\ProgramData\EwxRa6k2hb2uaz
[2012.04.03 20:39:50 | 000,101,675 | ---- | C] () -- C:\Users\Nina\80456980.jpg
[2012.04.03 20:31:59 | 000,037,713 | ---- | C] () -- C:\Users\Nina\11gp2-2008-du2-tm-0027.jpg
[2012.04.01 16:04:43 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.03.29 22:22:46 | 000,030,282 | ---- | C] () -- C:\Users\Nina\tumblr_lzywbqkdOk1qlpspqo1_400.jpg
[2012.03.29 22:22:34 | 000,035,480 | ---- | C] () -- C:\Users\Nina\tumblr_lzvdes5Shv1qlpspqo1_400.jpg
[2012.03.27 22:36:21 | 000,001,589 | ---- | C] () -- C:\Users\Nina\Desktop\Browserwahl.lnk
[2010.11.05 18:25:26 | 000,765,952 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2010.11.05 18:25:25 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2010.09.17 15:41:24 | 000,000,600 | ---- | C] () -- C:\Users\Nina\AppData\Roaming\winscp.rnd
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:DFC5A2B2

< End of report >

Vielen Dank schon mal für deine weitere Hilfe!!!

kira · 24.04.2012, 18:02

Zitat:

Zitat von Chrissi25

Anschließend habe ich noch den CCleaner nach deinen Angaben ausgeführt.

bitte nochmal lesen was Du wirklich tun musst:

CCleaner starten-> klick auf `Extras` (um auf deinem System installierte Software zu anzeigen)-> dann auf `Als Textdatei speichern...`
ein Textdatei wird automatisch erstellt, poste auch dieses Logfile (also die Liste alle installierten Programme...eine Textdatei)

Chrissi25 · 24.04.2012, 18:19

Hallo Kira,

tut mir leid, dass ich versehentlich das falsche log-file eingefügt habe. Hier das CCleaner-log-file.

Code:

ATTFilter

Activation Assistant for the 2007 Microsoft Office suites	Microsoft Corporation	05.10.2008	14,0MB	
Adobe Flash Player 11 ActiveX	Adobe Systems Incorporated	12.04.2012		11.2.202.233
Adobe Flash Player 11 Plugin	Adobe Systems Incorporated	13.04.2012		11.2.202.233
Adobe Photoshop Elements	Adobe Systems, Inc.	21.06.2009	68,3MB	1.0
Adobe Reader X (10.1.3) - Deutsch	Adobe Systems Incorporated	11.04.2012		10.1.3
Adobe Shockwave Player 11.5	Adobe Systems, Inc.	21.04.2010	11,7MB	11.5.6.606
Adobe SVG Viewer	Adobe Systems, Inc.	21.06.2009	3,38MB	1.0
Agatha Christie - Das haus an der Düne	JoWooD	27.09.2009	66,9MB	1.0.0
AIM		29.10.2008		
CCleaner	Piriform	17.04.2012	4,46MB	3.17
Christmasville	Purplehills	30.09.2009	48,0MB	1.00.0000
Chromas		27.01.2011	0,63MB	
Clone Manager Professional Suite 8		13.10.2010	8.608MB	
Compatibility Pack für 2007 Office System	Microsoft Corporation	17.02.2012		12.0.6612.1000
Conduit Engine	Conduit Ltd.	02.06.2011	4,28MB	
CyberLink DVD Suite	CyberLink Corp.	05.10.2008	48,0MB	5.5.1519
CyberLink YouCam	CyberLink Corp.	05.10.2008	76,1MB	2.0.1616
Der Stein der Weisen		30.09.2009	20,6MB	
DivX Codec	DivX, Inc.	11.02.2009	1,66MB	6.6.1
Dr. Brains Mehr Gehirnjogging		13.03.2009	17,3MB	
e-Seq V2.0		27.02.2010	1,39MB	
GENtle		19.09.2010	10,4MB	
Giraffic Video Accelerator	Giraffic	02.06.2011	9,91MB	0.85.790.230
Google Chrome	Google Inc.	11.04.2010	246MB	18.0.1025.152
Google Earth	Google	24.11.2011	92,8MB	6.1.0.5001
Google Toolbar for Internet Explorer	Google Inc.	16.03.2012	10,6MB	7.3.2710.138
Holly - Ein Weihnachtsmärchen	Purplehills	30.09.2009	136,7MB	1.00.0000
Holly im Wunderland		30.09.2009	115,0MB	
HP Active Support Library	Hewlett-Packard	27.04.2011	20,5MB	3.1.9.1
HP Customer Experience Enhancements	Hewlett-Packard	30.07.2008	0,98MB	5.7.0.2630
HP Easy Setup - Frontend	Hewlett-Packard	30.07.2008	2,17MB	5.7.0.2630
HP Help and Support	Hewlett-Packard	04.04.2010	14,3MB	2.0.10.0
HP LaserJet P3005	Hewlett-Packard Co.	21.03.2010	20,2MB	
HP Quick Launch Buttons 6.40 D1	Hewlett-Packard	30.07.2008	17,2MB	6.40 D1
HP QuickPlay 3.7	Hewlett-Packard	05.10.2008	182,0MB	
HP QuickTouch 1.00 D2	Hewlett-Packard	30.07.2008	1,77MB	1.0.9
HP Total Care Advisor	Hewlett-Packard	31.07.2008	38,8MB	2.1.3359.2635
HP Update	Hewlett-Packard	02.04.2011	3,97MB	5.002.007.004
HP Wireless Assistant	Hewlett-Packard	31.07.2008	4,00MB	3.00 J1
IDT Audio	IDT	05.10.2008	20,6MB	1.0.6017.13
Java(TM) 6 Update 30	Sun Microsystems, Inc.	21.03.2010	95,0MB	6.0.300
JMicron JMB38X Flash Media Controller	JMicron Technology Corp.	05.10.2008	3,68MB	1.00.16.01
Jump Jack		05.08.2009	217MB	
LabelPrint	CyberLink Corp.	05.10.2008	230MB	2.20.2719
LightScribe System Software  1.12.33.2	LightScribe	05.10.2008	20,9MB	1.12.33.2
Malwarebytes Anti-Malware Version 1.61.0.1400	Malwarebytes Corporation	16.04.2012	11,7MB	1.61.0.1400
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU	Microsoft Corporation	08.03.2010	37,0MB	
Microsoft .NET Framework 3.5 SP1	Microsoft Corporation	02.01.2010	37,0MB	
Microsoft .NET Framework 4 Client Profile	Microsoft Corporation	12.10.2010	120,3MB	4.0.30319
Microsoft .NET Framework 4 Client Profile DEU Language Pack	Microsoft Corporation	12.10.2010	24,5MB	4.0.30319
Microsoft Office File Validation Add-In	Microsoft Corporation	23.09.2011		14.0.5130.5003
Microsoft Office Home and Student 2007	Microsoft Corporation	17.02.2012	561MB	12.0.6612.1000
Microsoft Office Outlook Connector	Microsoft Corporation	15.11.2010	3,36MB	14.0.5118.5000
Microsoft Office PowerPoint Viewer 2007 (German)	Microsoft Corporation	17.02.2012		12.0.6612.1000
Microsoft Office Professional Plus 2007	Microsoft Corporation	17.02.2012	561MB	12.0.6612.1000
Microsoft Security Essentials	Microsoft Corporation	07.02.2012	17,9MB	2.1.1116.0
Microsoft Silverlight	Microsoft Corporation	23.02.2012		4.1.10111.0
Microsoft SQL Server 2005 Compact Edition [ENU]	Microsoft Corporation	15.11.2010	1,74MB	3.1.0000
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053	Microsoft Corporation	02.01.2010	0,25MB	8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable	Microsoft Corporation	16.06.2011	0,29MB	8.0.61001
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570	Microsoft Corporation	17.05.2011	0,58MB	9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17	Microsoft Corporation	07.02.2012	0,23MB	9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148	Microsoft Corporation	12.10.2010	0,58MB	9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161	Microsoft Corporation	16.06.2011	0,58MB	9.0.30729.6161
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219	Microsoft Corporation	10.02.2012		10.0.40219
Microsoft Works	Microsoft Corporation	12.04.2012		9.7.0621
Mozilla Firefox (3.6.3)	Mozilla	06.04.2010	27,4MB	3.6.3 (de)
MSXML 4.0 SP2 (KB954430)	Microsoft Corporation	02.01.2010	35,00KB	4.20.9870.0
MSXML 4.0 SP2 (KB973688)	Microsoft Corporation	02.01.2010	1,34MB	4.20.9876.0
MSXML 4.0 SP2 Parser and SDK	Microsoft Corporation	11.02.2009	1,23MB	4.20.9818.0
My HP Games	WildTangent	05.10.2008	547MB	1.0.0.43
Mysteryville 2	Mysteryville 2	30.09.2009	39,1MB	1.00.0000
NVIDIA Drivers	NVIDIA Corporation	12.10.2010		1.10
NVIDIA GAME System Software 2.8.1	NVIDIA Corporation	26.10.2011	10,7MB	2.8.1
pDRAW32		19.09.2010	1,11MB	
Peggle Deluxe 1.03		21.01.2009	17,0MB	
Pinnacle DistanTV Server	Pinnacle Systems	11.02.2009	13,2MB	1.0.0.095
Pinnacle TVCenter Pro	Pinnacle Systems	11.02.2009	158,5MB	4.99.2088
PirateVille		28.09.2009	49,0MB	
Power2Go	CyberLink Corp.	05.10.2008	163,9MB	5.6.3919
PowerDirector	CyberLink Corp.	31.07.2008	353MB	6.5.2719
ProtectDisc Driver, Version 11	ProtectDisc Software GmbH	05.11.2010	92,00KB	11.0.0.14
ProtectSmart Hard Drive Protection	Hewlett-Packard	05.10.2008	2,25MB	3.10 A7
QuickPlay SlingPlayer 0.4.6	SlingMedia	05.10.2008	182,0MB	0.4.6
Realtek 8169 8168 8101E 8102E Ethernet Driver	Realtek	05.10.2008	1,54MB	1.00.0000
Schlag den Raab	bitComposer Games GmbH	05.11.2010	567MB	
Sherlock Holmes - Die Spur der Erwachten Remastered	Frogwares	26.10.2011	2.036MB	1.00.0777
Skype™ 4.2	Skype Technologies S.A.	22.03.2010	25,5MB	4.2.155
SuperTux 0.1.3	SuperTux Development Team	27.04.2010	17,4MB	
Synaptics Pointing Device Driver	Synaptics Incorporated	12.10.2010	13,7MB	15.0.17.4
Trojan Killer	Gridinsoft LLC	14.04.2012	27,3MB	2.1.2.0
Veoh Web Player Toolbar	Veoh Web Player	02.06.2011	4,36MB	6.3.2.90
Viewpoint Media Player		29.10.2008	7,30MB	
W&G - Der Hummelfluch	Daedalic Entertainment	01.11.2010	351MB	1.0.0.15
W&G - Urlaub Unter Tage	Daedalic Entertainment	22.12.2011	894MB	1.0.0.15
web'n'walk Manager	Option NV	24.12.2009	2,43MB	2.5.0.68
Windows Live Essentials	Microsoft Corporation	16.11.2010		15.4.3502.0922
Windows Live Mesh ActiveX control for remote connections	Microsoft Corporation	15.11.2010	5,58MB	15.4.5722.2
WinSCP 4.2.8	Martin Prikryl	16.09.2010	8,63MB	4.2.8
Xvid 1.1.3 final uninstall	Xvid team (Koepi)	04.11.2010	0,77MB	1.1
Zak McKracken - Between Time and Space		04.11.2010		
Zune	Microsoft Corporation	01.02.2012	97,0MB	04.08.2345.00

Viele Grüße und DANKE nochmal!

kira · 25.04.2012, 06:25

2. teil - Systemreinigung und Prüfung:
ganz schön viel zu tun...

1.
Windows Defender abschalten:
Neben 1 AV-Scanner und 1 Firewall garnix erst nötig und nicht Empfehlenswert aktiv laufen lassen, weil dadurch können sich in die Quere kommen. Bitte dich ihn so zu deaktivieren: -> Aktivieren und Deaktivieren von Windows Defender
► Nach einem Neustart (falls noch existirt) unter "Start-> ausführen-> "msconfig" (reinschreiben ohne ""-> OK -> Systemstart kontrolliere, ob mitläuft?! - ggf Häckhen rausnehmen
► Unter Dienste:
Start -> Ausführen -> "Services.msc" -> (reinschreiben ohne ""-> OK" - "Eigenschaften"-> "Stop" -> Starttyp "Deaktiviert" auswählen

2.
nicht empfohlen:

Zitat:

Veoh Web Player <- Softwareart: Adware
Veoh Web Player Toolbar

finanziert sich über eine Adware-Komponente
Hinweis: Um den "Veoh Web Player" vollständig nutzen zu können, müssen Sie sich nach der Installation beim Hersteller mit einer E-Mail-Adresse registrieren. Während der Installation sollten Sie die angebotene Software abklicken, diese hat nichts mit dem eigentlichen Programm zu tun. Zudem empfehlen wir Ihnen, die ungefragt mitgelieferte Veoh-Toolbar gleich nach der Installation wieder aus dem System zu löschen.

3.
Deinstalliere...(unter Software/Programme und im Browser)
wird ungefragt (mit)installiert, kann man nicht brauchen:-> Conduit Engine aus Firefox entfernen

Code:

ATTFilter

Conduit Engine <- Adware

Immer die benutzerdefinierte Installation wählen, nicht die Standardinstallation, weil dann oft Sachen mitinstalliert werden, die man nicht braucht oder nicht möchte.
Bei Installation die Lizenzbestimmungen immer lesen, und nicht sofort überall den Haken setzen, weil damit stimmt man nämlich zu, dass Adware (Werbe-Pop-ups) durch Partnerprogrammen, Sponsoren etc - mitinstalliert wird, weil sich Freeware damit finanziert.
meiste Toolbars bzw Browserhelper wollen sich doch nur wichtig machen

4.
wird ungefragt installiert, benötigt kein Mensch, kannst deinstallieren:

Zitat:

Viewpoint Media Player

5.
kann deinstalliert werden (unnötig):

Zitat:

Trojan Killer

6.
Ob aus Unwissenheit auf deinem Rechner gelandet bzw aktiviert?:

Code:

ATTFilter

EasyBits Software AS

EasyBits Games Go - Uninstaller

7.
reinige dein System mit CCleaner:

"CCleaner"→ "Analysieren"→ Klick auf den Button "Start CCleaner"
"Registry""Fehler suchen"→ "Fehler beheben"→ "Alle beheben"
Starte dein System neu auf

8.

Zitat:

Achtung wichtig!:
Falls Du selber im Logfile Änderungen vorgenommen hast, musst Du durch die Originalbezeichnung ersetzen und so in Script einfügen! sonst funktioniert nicht!
(Benutzerordner, dein Name oder sonstige Änderungen durch X, Stern oder andere Namen ersetzt)

Fixen mit OTL

Starte die OTL.exe.
Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
Kopiere folgendes Skript also - nach dem "Code", alles was in der Codebox steht:

Code:

ATTFilter

:OTL
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=83&bd=Pavilion&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=83&bd=Pavilion&pf=cnnb
IE - HKLM\..\URLSearchHook: {cd90bf73-20f6-44ef-993d-bb920303bd2e} - C:\Programme\Veoh_Web_Player\prxtbVeoh.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{34167F0C-A7FC-4E6B-8D5F-5C357F1719E9}: "URL" = http://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{AF87E9C8-C850-44DB-AA47-5F3B71B85896}: "URL" = http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcnnbie7-de-de
IE - HKLM\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2653012
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=83&bd=Pavilion&pf=cnnb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.gmx.net/themen/nachrichten/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - No CLSID value found
IE - HKCU\..\URLSearchHook: {cd90bf73-20f6-44ef-993d-bb920303bd2e} - C:\Programme\Veoh_Web_Player\prxtbVeoh.dll (Conduit Ltd.)
IE - HKCU\..\SearchScopes,DefaultScope = {DF9519CB-6984-4763-A926-EBAD4BB9672A}
IE - HKCU\..\SearchScopes\{2CDF6C72-1159-4A03-95AC-412ED051C724}: "URL" = http://go.gmx.net/tb/ie_searchplugin/?su={searchTerms}
IE - HKCU\..\SearchScopes\{34167F0C-A7FC-4E6B-8D5F-5C357F1719E9}: "URL" = http://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933
IE - HKCU\..\SearchScopes\{AF87E9C8-C850-44DB-AA47-5F3B71B85896}: "URL" = http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcnnbie7-de-de
IE - HKCU\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2653012
IE - HKCU\..\SearchScopes\{DF9519CB-6984-4763-A926-EBAD4BB9672A}: "URL" = http://www.google.de/search?q={searchTerms}&rlz=1I7GGLL_deDE434
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "AutoConfigURL" = http://pac.lrz-muenchen.de/
FF - prefs.js..browser.search.defaultthis.engineName: "Veoh Web Player Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2653012&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "Veoh Web Player Customized Web Search"
FF - prefs.js..browser.startup.homepage: "http://search.conduit.com/?ctid=CT2653012&SearchSource=13"
FF - prefs.js..extensions.enabledItems: toolbar@gmx.net:1.5
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.3.2
FF - prefs.js..extensions.enabledItems: {cd90bf73-20f6-44ef-993d-bb920303bd2e}:3.3.3.2
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C424171E-592A-415A-9EB1-DFD6D95D3530} - No CLSID value found.
O4 - HKLM..\Run: []  File not found
O4 - HKCU..\Run: [{0E72B33F-C093-4B1A-8B7C-90766110C756}] C:\Users\Nina\AppData\Roaming\Ogug\ytsyhyz.exe File not found
O4 - HKCU..\Run: [AlSnqDidGxPete.exe] C:\ProgramData\AlSnqDidGxPete.exe File not found
O4 - HKCU..\Run: [PMCRemote]  File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2008.11.18 01:02:24 | 000,003,802 | ---- | M] () - C:\Autorun_dll.log -- [ NTFS ]
O33 - MountPoints2\{064f6f6d-bf3e-11de-9641-001eecb1050c}\Shell - "" = AutoRun
O33 - MountPoints2\{064f6f6d-bf3e-11de-9641-001eecb1050c}\Shell\AutoRun\command - "" = F:\setup.exe AUTORUN=1
O33 - MountPoints2\{569ba8b3-a4bd-11df-8882-001eecb1050c}\Shell - "" = AutoRun
O33 - MountPoints2\{569ba8b3-a4bd-11df-8882-001eecb1050c}\Shell\AutoRun\command - "" = F:\setup.exe
O33 - MountPoints2\{569ba8ce-a4bd-11df-8882-001eecb1050c}\Shell - "" = AutoRun
O33 - MountPoints2\{569ba8ce-a4bd-11df-8882-001eecb1050c}\Shell\AutoRun\command - "" = F:\setup.exe
O33 - MountPoints2\{94f2013f-a779-11dd-b556-001eecb1050c}\Shell - "" = AutoRun
O33 - MountPoints2\{94f2013f-a779-11dd-b556-001eecb1050c}\Shell\AutoRun\command - "" = G:\LaunchU3.exe
O33 - MountPoints2\{cddcfffa-a6a4-11df-8459-001eecb1050c}\Shell - "" = AutoRun
O33 - MountPoints2\{cddcfffa-a6a4-11df-8459-001eecb1050c}\Shell\AutoRun\command - "" = F:\setup.exe
O33 - MountPoints2\{cddcfffb-a6a4-11df-8459-001eecb1050c}\Shell - "" = AutoRun
O33 - MountPoints2\{cddcfffb-a6a4-11df-8459-001eecb1050c}\Shell\AutoRun\command - "" = F:\setup.exe
[2012.04.24 17:12:11 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.04.24 17:05:46 | 000,001,090 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:DFC5A2B2

:Files
C:\Users\Nina\AppData\Roaming\Ryloso
C:\Users\Nina\AppData\Roaming\Ogug
 
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]

und füge es hier ein:
Schließe alle Programme.
Klicke auf den Fix Button.
Klick auf .
OTL verlangt einen Neustart. Bitte zulassen.
Nach dem Neustart findest Du ein Textdokument.
Kopiere den Inhalt hier in Deinen Thread.

9.
Dir bekannte Bilder? woher stammen sie denn?:
C:\Users\Nina\tumblr_lzvdes5Shv1qlpspqo1_400.jpg
C:\Users\Nina\tumblr_lzywbqkdOk1qlpspqo1_400.jpg

10.
kann ich nicht zuordnen, um was handelt es sich dabei ?:

Code:

ATTFilter

C:\ProgramData\EwxRa6k2hb2uaz

könnten auch von Malware stammen..

11.
Deine Javaversion ist nicht aktuell!
Da aufgrund alter Sicherheitslücken ist Java sehr anfällig, deinstalliere zunächst alle vorhandenen Java-Versionen:
→ Systemsteuerung → Software → deinstallieren...
→ Rechner neu aufstarten
→ Downloade nun die Offline-Version von Java "Empfohlen Version 6 Update 31 " von Oracle herunter
Achte darauf, eventuell angebotene Toolbars abwählen (den Haken bei der Toolbar entfernen)!

12.
Aktualisieren: Alte Version deinstallieren und neue herunterladen:->

Code:

ATTFilter

Mozilla Firefox

Chrissi25 · 25.04.2012, 13:28

Hallo Kira,

vielen Dank für deine schnelle Antwort.

Zu Punkt 1:
WindowsDefender war bereits abgeschaltet, in der Systemkonfiguration war allerdings das Häkchen noch gesetzt, dieses habe ich entfernt. Danach musste der Rechner neu gestartet werden.
Anschließend habe ich diesen auch noch unter Dienste deaktiviert.

Zu Punkt 2:
Habe den Veoh Web Player deinstalliert.

Zu Punkt 3:
Conduit Engine wurde deinstalliert.

Dies mal der bisherige Stand der Dinge. Gleich geht´s weiter.

Hallo Kira,

hier nun der weitere Verlauf.

Und gleich nochmal zu Punkt 2:
Zwar habe ich den Veoh Web Player deinstalliert, allerdings ist dieser noch immer unter "Start" aufgeführt und auch das Desktop-Incon ist noch vorhanden.

Zu Punkt 4:
Viewpoint Media Player wurde deinstalliert.

Zu Punkt 5:
Trojan Killer wurde deinstalliert.

Zu Punkt 6:
EasyBits Software AS wurde mit dem EasyBits Games Go - Uninstaller entfernt.

Zu Punkt 7:
Das System wurde mit dem CCleaner gereinigt.

Soweit der bisherige Stand. Werde das System jetzt neu starten und dann fortfahren.

Hallo Kira,

also hier die weiteren Schritte.

Zu Punkt 8:

Code:

ATTFilter

All processes killed
========== OTL ==========
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{cd90bf73-20f6-44ef-993d-bb920303bd2e} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cd90bf73-20f6-44ef-993d-bb920303bd2e}\ not found.
File C:\Programme\Veoh_Web_Player\prxtbVeoh.dll not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{34167F0C-A7FC-4E6B-8D5F-5C357F1719E9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{34167F0C-A7FC-4E6B-8D5F-5C357F1719E9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AF87E9C8-C850-44DB-AA47-5F3B71B85896}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AF87E9C8-C850-44DB-AA47-5F3B71B85896}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}\ not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\StartPageCache| /E : value set successfully!
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{472734EA-242A-422b-ADF8-83D1E48CC825} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{472734EA-242A-422b-ADF8-83D1E48CC825}\ not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{cd90bf73-20f6-44ef-993d-bb920303bd2e} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cd90bf73-20f6-44ef-993d-bb920303bd2e}\ not found.
File C:\Programme\Veoh_Web_Player\prxtbVeoh.dll not found.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2CDF6C72-1159-4A03-95AC-412ED051C724}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2CDF6C72-1159-4A03-95AC-412ED051C724}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{34167F0C-A7FC-4E6B-8D5F-5C357F1719E9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{34167F0C-A7FC-4E6B-8D5F-5C357F1719E9}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AF87E9C8-C850-44DB-AA47-5F3B71B85896}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AF87E9C8-C850-44DB-AA47-5F3B71B85896}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{DF9519CB-6984-4763-A926-EBAD4BB9672A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DF9519CB-6984-4763-A926-EBAD4BB9672A}\ not found.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\AutoConfigURL deleted successfully.
Prefs.js: "Veoh Web Player Customized Web Search" removed from browser.search.defaultthis.engineName
Prefs.js: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2653012&SearchSource=3&q={searchTerms}" removed from browser.search.defaulturl
Prefs.js: "Veoh Web Player Customized Web Search" removed from browser.search.selectedEngine
Prefs.js: "hxxp://search.conduit.com/?ctid=CT2653012&SearchSource=13" removed from browser.startup.homepage
Prefs.js: toolbar@gmx.net:1.5 removed from extensions.enabledItems
Prefs.js: engine@conduit.com:3.3.3.2 removed from extensions.enabledItems
Prefs.js: {cd90bf73-20f6-44ef-993d-bb920303bd2e}:3.3.3.2 removed from extensions.enabledItems
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@tools.google.com/Google Update;version=3\ deleted successfully.
C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@tools.google.com/Google Update;version=9\ deleted successfully.
File C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@viewpoint.com/VMP\ not found.
File C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{C424171E-592A-415A-9EB1-DFD6D95D3530} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C424171E-592A-415A-9EB1-DFD6D95D3530}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\{0E72B33F-C093-4B1A-8B7C-90766110C756} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0E72B33F-C093-4B1A-8B7C-90766110C756}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\AlSnqDidGxPete.exe not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\PMCRemote deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
C:\Autorun_dll.log moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{064f6f6d-bf3e-11de-9641-001eecb1050c}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{064f6f6d-bf3e-11de-9641-001eecb1050c}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{064f6f6d-bf3e-11de-9641-001eecb1050c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{064f6f6d-bf3e-11de-9641-001eecb1050c}\ not found.
File F:\setup.exe AUTORUN=1 not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{569ba8b3-a4bd-11df-8882-001eecb1050c}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{569ba8b3-a4bd-11df-8882-001eecb1050c}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{569ba8b3-a4bd-11df-8882-001eecb1050c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{569ba8b3-a4bd-11df-8882-001eecb1050c}\ not found.
File F:\setup.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{569ba8ce-a4bd-11df-8882-001eecb1050c}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{569ba8ce-a4bd-11df-8882-001eecb1050c}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{569ba8ce-a4bd-11df-8882-001eecb1050c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{569ba8ce-a4bd-11df-8882-001eecb1050c}\ not found.
File F:\setup.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{94f2013f-a779-11dd-b556-001eecb1050c}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{94f2013f-a779-11dd-b556-001eecb1050c}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{94f2013f-a779-11dd-b556-001eecb1050c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{94f2013f-a779-11dd-b556-001eecb1050c}\ not found.
File G:\LaunchU3.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cddcfffa-a6a4-11df-8459-001eecb1050c}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cddcfffa-a6a4-11df-8459-001eecb1050c}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cddcfffa-a6a4-11df-8459-001eecb1050c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cddcfffa-a6a4-11df-8459-001eecb1050c}\ not found.
File F:\setup.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cddcfffb-a6a4-11df-8459-001eecb1050c}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cddcfffb-a6a4-11df-8459-001eecb1050c}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cddcfffb-a6a4-11df-8459-001eecb1050c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cddcfffb-a6a4-11df-8459-001eecb1050c}\ not found.
File F:\setup.exe not found.
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job moved successfully.
ADS C:\ProgramData\TEMP:DFC5A2B2 deleted successfully.
========== FILES ==========
C:\Users\Nina\AppData\Roaming\Ryloso folder moved successfully.
C:\Users\Nina\AppData\Roaming\Ogug folder moved successfully.
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\Nina\Desktop\cmd.bat deleted successfully.
C:\Users\Nina\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
 
User: Majo
->Temp folder emptied: 315297 bytes
->Java cache emptied: 0 bytes
 
User: Nina
->Temp folder emptied: 6862613 bytes
->Java cache emptied: 25876385 bytes
->FireFox cache emptied: 33882941 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 1076 bytes
 
User: Public
 
User: TEMP
->Temp folder emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2610 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 64,00 mb
 
 
OTL by OldTimer - Version 3.2.39.2 log created on 04252012_160530

Files\Folders moved on Reboot...
C:\Users\Nina\AppData\Local\Temp\ehmsas.txt moved successfully.

Registry entries deleted on Reboot...

Zu Punkt 9:
Wurden komplett gelöscht.

Zu Punkt 10:
C:\ProgramData\EwxRa6k2hb2uaz kann jetzt nach einem Suchvorgang nicht mehr gefunden werden.

Zu Punkt 11:
Java Version wurde deinstalliert und das System wird jetzt neu gestartet.

Die weiteren Resultate folgen in Kürze.

Hallo Kira,

nun die weiteren Fortschritte.

Noch zu Punkt 11:
Java Version 6 Update 31 wurde installiert.

Zu Punkt 12:
Die alte Mozilla Firefox Version wurde deinstalliert und die aktuelle installiert.

Zu Punkt 14:
Habe erneut den CCleaner ausgeführt und starte das System neu.

Gleich die weiteren Ergebnisse.

Hallo Kira,

hier der weitere Verlauf.

Zu Punkt 15:
OTL.Txt-log-file:

Code:

ATTFilter

OTL logfile created on: 25.04.2012 18:16:14 - Run 3
OTL by OldTimer - Version 3.2.39.2     Folder = C:\Users\Nina\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,64 Gb Available Physical Memory | 54,71% Memory free
6,19 Gb Paging File | 4,86 Gb Available in Paging File | 78,45% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 289,06 Gb Total Space | 16,19 Gb Free Space | 5,60% Space Free | Partition Type: NTFS
Drive D: | 9,03 Gb Total Space | 1,16 Gb Free Space | 12,88% Space Free | Partition Type: NTFS
 
Computer Name: NINA-PC | User Name: Nina | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.04.16 14:33:35 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Nina\Desktop\OTL.exe
PRC - [2012.04.13 22:27:15 | 000,353,440 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\Macromed\Flash\FlashUtil32_11_2_202_233_ActiveX.exe
PRC - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.04.04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.03.26 17:08:12 | 000,931,200 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Security Client\msseces.exe
PRC - [2012.03.26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) -- c:\Programme\Microsoft Security Client\MsMpEng.exe
PRC - [2012.02.27 18:07:41 | 000,307,824 | ---- | M] (Google Inc.) -- C:\Programme\Google\Google Toolbar\GoogleToolbarUser_32.exe
PRC - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011.08.05 13:29:56 | 000,159,456 | ---- | M] (Microsoft Corporation) -- C:\Programme\Zune\ZuneLauncher.exe
PRC - [2011.05.27 12:00:24 | 000,748,336 | ---- | M] (Microsoft Corporation) -- C:\Programme\Internet Explorer\iexplore.exe
PRC - [2011.04.06 13:47:16 | 002,644,992 | ---- | M] (Veoh Networks) -- C:\Programme\Veoh Networks\VeohWebPlayer\VeohWebPlayer.exe
PRC - [2011.03.08 17:04:56 | 002,313,872 | ---- | M] (Giraffic) -- C:\Programme\Giraffic\GirafficWatchdog.exe
PRC - [2011.03.08 17:04:38 | 003,711,104 | ---- | M] (Giraffic) -- C:\Programme\Giraffic\Giraffic.exe
PRC - [2010.09.21 16:03:14 | 001,710,464 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
PRC - [2010.09.21 16:03:14 | 000,193,408 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
PRC - [2009.07.21 23:33:32 | 000,458,844 | ---- | M] (IDT, Inc.) -- C:\Programme\IDT\WDM\sttray.exe
PRC - [2009.07.21 23:33:32 | 000,221,266 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_e2247046\stacsv.exe
PRC - [2009.04.11 08:28:03 | 001,233,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe
PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.04.11 08:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2009.03.02 19:43:08 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_e2247046\AEstSrv.exe
PRC - [2009.02.26 16:24:50 | 000,097,680 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE
PRC - [2008.04.26 01:15:26 | 000,361,808 | ---- | M] () -- C:\Windows\SMINST\BLService.exe
PRC - [2008.03.25 16:45:38 | 000,603,408 | ---- | M] (Avid Development GmbH) -- C:\Programme\Pinnacle\Shared Files\Programs\StrmServer\StrmServer.exe
PRC - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2008.01.21 04:25:33 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe
PRC - [2007.11.07 13:32:24 | 000,798,720 | ---- | M] (T-Mobile) -- C:\Programme\T-Mobile\web'n'walk Manager\web'n'walk Manager.exe
PRC - [2007.11.05 16:28:10 | 000,204,915 | ---- | M] (Option) -- C:\Programme\T-Mobile\web'n'walk Manager\GtDetectSc.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011.03.17 15:14:08 | 001,283,584 | ---- | M] () -- C:\Programme\Veoh Networks\VeohWebPlayer\QtScript4.dll
MOD - [2011.03.17 15:14:08 | 000,232,960 | ---- | M] () -- C:\Programme\Veoh Networks\VeohWebPlayer\phonon4.dll
MOD - [2011.03.17 15:14:06 | 010,836,480 | ---- | M] () -- C:\Programme\Veoh Networks\VeohWebPlayer\QtWebKit4.dll
MOD - [2011.03.17 15:14:06 | 008,273,408 | ---- | M] () -- C:\Programme\Veoh Networks\VeohWebPlayer\QtGui4.dll
MOD - [2011.03.17 15:14:06 | 002,286,592 | ---- | M] () -- C:\Programme\Veoh Networks\VeohWebPlayer\QtCore4.dll
MOD - [2011.03.17 15:14:06 | 000,805,888 | ---- | M] () -- C:\Programme\Veoh Networks\VeohWebPlayer\QtNetwork4.dll
MOD - [2011.03.17 15:14:02 | 000,120,320 | ---- | M] () -- C:\Programme\Veoh Networks\VeohWebPlayer\imageformats\qjpeg4.dll
MOD - [2011.03.17 15:14:02 | 000,022,016 | ---- | M] () -- C:\Programme\Veoh Networks\VeohWebPlayer\imageformats\qgif4.dll
MOD - [2008.06.25 22:36:26 | 000,259,480 | ---- | M] () -- C:\Programme\HP\QuickPlay\Kernel\TV\CLCapEngine.dll
MOD - [2008.06.25 22:36:26 | 000,120,216 | ---- | M] () -- C:\Programme\HP\QuickPlay\Kernel\TV\CLSchMgr.dll
MOD - [2008.06.25 22:36:26 | 000,038,184 | ---- | M] () -- C:\Programme\HP\QuickPlay\Kernel\TV\CLCapSvcps.dll
MOD - [2008.06.25 22:36:22 | 000,345,384 | ---- | M] () -- C:\Programme\HP\QuickPlay\Kernel\TV\CLTinyDB.dll
MOD - [2008.06.25 22:34:52 | 000,066,856 | ---- | M] () -- C:\Programme\HP\QuickPlay\Kernel\common\MCEMediaStatus.dll
MOD - [2008.03.25 16:45:44 | 000,111,888 | ---- | M] () -- C:\Programme\Pinnacle\Shared Files\Programs\StrmServer\UPnPStreamingDevice.dll
MOD - [2007.08.14 12:59:54 | 006,365,184 | ---- | M] () -- C:\Programme\Common Files\LightScribe\QtGui4.dll
MOD - [2007.07.12 12:55:52 | 000,131,072 | ---- | M] () -- C:\Programme\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
MOD - [2007.07.12 12:55:28 | 001,581,056 | ---- | M] () -- C:\Programme\Common Files\LightScribe\QtCore4.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2012.04.14 14:27:08 | 000,253,088 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.03.26 17:03:40 | 000,214,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Programme\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2012.03.26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.08.05 13:30:02 | 000,444,640 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Zune\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)
SRV - [2011.08.05 13:30:02 | 000,268,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Zune\WMZuneComm.exe -- (WMZuneComm)
SRV - [2011.08.05 13:29:56 | 006,363,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Zune\ZuneNss.exe -- (ZuneNetworkSvc)
SRV - [2011.07.20 06:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2011.03.08 17:04:56 | 002,313,872 | ---- | M] (Giraffic) [Auto | Running] -- C:\Programme\Giraffic\GirafficWatchdog.exe -- (Giraffic)
SRV - [2010.09.23 02:21:24 | 001,493,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2010.09.22 18:33:04 | 000,051,040 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2010.09.21 16:03:14 | 001,710,464 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2009.07.21 23:33:32 | 000,221,266 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_e2247046\stacsv.exe -- (STacSV)
SRV - [2009.03.02 19:43:08 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_e2247046\AEstSrv.exe -- (AESTFilters)
SRV - [2008.04.26 01:15:26 | 000,361,808 | ---- | M] () [Auto | Running] -- C:\Windows\SMINST\BLService.exe -- (Recovery Service for Windows)
SRV - [2008.02.03 12:00:00 | 000,129,992 | ---- | M] (EasyBits Sofware AS) [Auto | Running] -- C:\Windows\System32\ezsvc7.dll -- (ezSharedSvc)
SRV - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007.11.05 16:28:10 | 000,204,915 | ---- | M] (Option) [Auto | Running] -- C:\Programme\T-Mobile\web'n'walk Manager\GtDetectSc.exe -- (GtDetectSc)
SRV - [2006.10.26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - [2012.04.25 18:07:35 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{1A72E02D-2751-48E7-846E-388A3811565E}\MpKsl4324bb58.sys -- (MpKsl4324bb58)
DRV - [2012.04.04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012.03.20 20:44:12 | 000,074,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2011.05.13 18:57:42 | 000,025,656 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hpdskflt.sys -- (hpdskflt)
DRV - [2011.05.13 18:57:20 | 000,035,896 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Accelerometer.sys -- (Accelerometer)
DRV - [2010.02.24 12:22:10 | 000,185,472 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\acedrv11.sys -- (acedrv11)
DRV - [2009.10.03 07:02:06 | 009,905,096 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009.07.21 23:33:32 | 000,409,088 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2009.04.11 06:42:52 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUSB)
DRV - [2008.11.17 16:40:22 | 003,668,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel(R)
DRV - [2008.07.08 12:16:26 | 000,096,856 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\jmcr.sys -- (JMCR)
DRV - [2008.05.14 04:09:00 | 000,043,552 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2008.05.02 15:59:40 | 000,122,368 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2008.03.07 14:46:32 | 000,101,504 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2008.01.24 15:23:12 | 000,052,736 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\enecir.sys -- (enecir)
DRV - [2007.07.09 16:17:36 | 000,095,744 | ---- | M] (Option NV) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Gt51Ip.sys -- (GT72NDISIPXP)
DRV - [2007.06.26 15:38:46 | 000,051,968 | ---- | M] (Option N.V.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\gt72ubus.sys -- (GT72UBUS)
DRV - [2007.06.18 17:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2007.06.14 16:41:00 | 000,466,048 | ---- | M] (LITEON) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Ltn_stk7070P.sys -- (Ltn_stk7070P)
DRV - [2007.06.13 21:30:20 | 000,013,440 | ---- | M] (LITEON) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Ltn_stkrc.sys -- (Ltn_stkrc)
DRV - [2007.03.30 15:38:14 | 000,008,064 | ---- | M] (Option N.V.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\gtptser.sys -- (GTPTSER)
DRV - [2006.11.02 09:30:56 | 000,429,056 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvm60x32.sys -- (NVENETFD)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = 
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.de/search?q={searchTerms}&rlz=1I7GGLL_deDE434
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_233.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.04.25 17:55:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.04.25 17:38:28 | 000,000,000 | ---D | M]
 
[2012.04.25 17:55:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nina\AppData\Roaming\mozilla\Extensions
[2012.04.25 17:55:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nina\AppData\Roaming\mozilla\Firefox\Profiles\yc7k723t.default\extensions
[2012.04.25 17:55:47 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Nina\AppData\Roaming\mozilla\Firefox\Profiles\yc7k723t.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2012.04.25 17:55:25 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2011.10.22 15:07:01 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
[2012.04.25 17:32:45 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
[2012.04.25 17:55:25 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\distribution\extensions
[2012.04.25 17:55:25 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Programme\Mozilla Firefox\distribution\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011.11.05 09:10:35 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.04.25 17:32:18 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011.11.05 05:38:54 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.11.05 05:32:18 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011.11.05 05:38:54 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.11.05 05:38:54 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.11.05 05:38:54 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.11.05 05:38:54 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = hxxp://www.google.de/search?q={searchTerms}
CHR - default_search_provider: suggest_url = 
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Windows Live Messenger Companion Helper) - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Programme\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [Zune Launcher] C:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation)
O4 - HKCU..\Run: [VeohPlugin] C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe (Veoh Networks)
O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Nina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Lokales Intranet)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} hxxp://office.microsoft.com/sites/production/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 141.40.145.24
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{018D3980-E9A5-441C-B4D4-130FF89757C7}: DhcpNameServer = 193.254.160.1 10.74.83.22
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6CC5C486-2CF8-499A-9C94-7E937FED3170}: DhcpNameServer = 141.40.145.24
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\Skyline.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\Skyline.jpg
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.04.25 17:55:37 | 000,000,000 | ---D | C] -- C:\Users\Nina\AppData\Roaming\Mozilla
[2012.04.25 17:33:29 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012.04.25 17:32:43 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2012.04.25 17:32:43 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2012.04.25 17:32:43 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2012.04.25 17:31:54 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2012.04.25 16:05:30 | 000,000,000 | ---D | C] -- C:\_OTL
[2012.04.18 21:34:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2012.04.18 21:34:16 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012.04.17 20:17:39 | 000,000,000 | ---D | C] -- C:\Users\Nina\Logs
[2012.04.17 15:05:46 | 010,063,000 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\Nina\Desktop\mbam-setup-1.61.0.1400.exe
[2012.04.17 13:12:06 | 000,000,000 | ---D | C] -- C:\Users\Nina\AppData\Roaming\Malwarebytes
[2012.04.17 13:11:45 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.04.17 13:11:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.04.17 13:11:45 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.04.17 13:11:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.04.16 14:33:33 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Users\Nina\Desktop\OTL.exe
[2012.04.15 22:13:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GridinSoft Trojan Killer
[2012.04.15 22:13:08 | 000,000,000 | ---D | C] -- C:\Program Files\GridinSoft Trojan Killer
[2012.04.15 18:16:46 | 000,000,000 | ---D | C] -- C:\Users\Nina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SMART HDD
[2012.04.13 13:53:47 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012.04.13 13:53:45 | 001,799,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012.04.13 13:53:41 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012.04.13 13:53:40 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012.04.13 13:53:40 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012.04.13 13:53:39 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012.04.13 13:47:23 | 003,602,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2012.04.13 13:47:23 | 003,550,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2012.04.02 11:40:48 | 000,000,000 | ---D | C] -- C:\Users\Nina\AppData\Local\{B40A3199-0D6E-4FEF-920F-90EF0681B1FF}
[2012.04.01 16:04:41 | 000,418,464 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
 
========== Files - Modified Within 30 Days ==========
 
[2012.04.25 18:14:23 | 000,630,842 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.04.25 18:14:23 | 000,598,096 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.04.25 18:14:23 | 000,127,454 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.04.25 18:14:23 | 000,105,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.04.25 18:13:03 | 000,000,349 | ---- | M] () -- C:\Users\Public\Documents\PCLECHAL.INI
[2012.04.25 18:07:26 | 000,167,368 | ---- | M] () -- C:\ProgramData\nvModes.001
[2012.04.25 18:07:26 | 000,003,216 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.04.25 18:07:26 | 000,003,216 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.04.25 18:07:17 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.04.25 18:07:14 | 3218,042,880 | -HS- | M] () -- C:\hiberfil.sys
[2012.04.25 18:06:00 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012.04.25 17:55:27 | 000,000,846 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.04.25 17:32:17 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2012.04.25 17:32:17 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2012.04.25 17:32:16 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2012.04.25 17:32:16 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2012.04.25 17:27:15 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.04.25 15:56:25 | 000,386,752 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.04.25 13:09:42 | 000,001,912 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012.04.24 19:08:39 | 000,001,971 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012.04.18 21:34:19 | 000,000,804 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.04.17 15:07:00 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.04.17 15:05:49 | 010,063,000 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\Nina\Desktop\mbam-setup-1.61.0.1400.exe
[2012.04.16 14:33:35 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Nina\Desktop\OTL.exe
[2012.04.15 22:13:14 | 000,000,936 | ---- | M] () -- C:\Users\Public\Desktop\Trojan Killer.lnk
[2012.04.15 18:17:53 | 000,000,256 | ---- | M] () -- C:\ProgramData\EwxRa6k2hb2uaz
[2012.04.15 18:16:46 | 000,000,599 | ---- | M] () -- C:\Users\Nina\Desktop\SMART_HDD.lnk
[2012.04.15 13:41:46 | 000,167,368 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2012.04.14 14:27:08 | 000,418,464 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012.04.14 14:27:07 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012.04.04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.04.03 20:39:37 | 000,101,675 | ---- | M] () -- C:\Users\Nina\80456980.jpg
[2012.04.03 20:31:39 | 000,037,713 | ---- | M] () -- C:\Users\Nina\11gp2-2008-du2-tm-0027.jpg
[2012.03.27 22:36:21 | 000,001,589 | ---- | M] () -- C:\Users\Nina\Desktop\Browserwahl.lnk
 
========== Files Created - No Company Name ==========
 
[2012.04.25 17:55:27 | 000,000,858 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012.04.25 17:55:27 | 000,000,846 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.04.25 13:09:39 | 000,001,826 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012.04.18 21:34:19 | 000,000,804 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.04.18 21:25:22 | 3218,042,880 | -HS- | C] () -- C:\hiberfil.sys
[2012.04.17 13:11:46 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.04.15 22:18:27 | 000,002,179 | ---- | C] () -- C:\Users\Public\Desktop\Sherlock Holmes - Die Spur der Erwachten Remastered spielen.lnk
[2012.04.15 22:18:27 | 000,002,073 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2012.04.15 22:18:27 | 000,001,971 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012.04.15 22:18:27 | 000,001,892 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2012.04.15 22:18:27 | 000,001,873 | ---- | C] () -- C:\Users\Public\Desktop\HP Hilfe und Support.lnk
[2012.04.15 22:18:27 | 000,001,859 | ---- | C] () -- C:\Users\Public\Desktop\HP Total Care Advisor.lnk
[2012.04.15 22:18:27 | 000,001,810 | ---- | C] () -- C:\Users\Public\Desktop\Pinnacle TVCenter Pro.lnk
[2012.04.15 22:18:27 | 000,001,589 | ---- | C] () -- C:\Users\Public\Desktop\Browserwahl.lnk
[2012.04.15 22:18:27 | 000,001,425 | ---- | C] () -- C:\Users\Public\Desktop\e-Seq V2.0.lnk
[2012.04.15 22:18:27 | 000,001,053 | ---- | C] () -- C:\Users\Public\Desktop\web'n'walk Manager.lnk
[2012.04.15 22:18:27 | 000,000,838 | ---- | C] () -- C:\Users\Public\Desktop\Zune.lnk
[2012.04.15 22:13:14 | 000,000,936 | ---- | C] () -- C:\Users\Public\Desktop\Trojan Killer.lnk
[2012.04.15 18:16:46 | 000,000,599 | ---- | C] () -- C:\Users\Nina\Desktop\SMART_HDD.lnk
[2012.04.15 18:16:28 | 000,000,256 | ---- | C] () -- C:\ProgramData\EwxRa6k2hb2uaz
[2012.04.03 20:39:50 | 000,101,675 | ---- | C] () -- C:\Users\Nina\80456980.jpg
[2012.04.03 20:31:59 | 000,037,713 | ---- | C] () -- C:\Users\Nina\11gp2-2008-du2-tm-0027.jpg
[2012.04.01 16:04:43 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.03.27 22:36:21 | 000,001,589 | ---- | C] () -- C:\Users\Nina\Desktop\Browserwahl.lnk
[2010.11.05 18:25:26 | 000,765,952 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2010.11.05 18:25:25 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2010.09.17 15:41:24 | 000,000,600 | ---- | C] () -- C:\Users\Nina\AppData\Roaming\winscp.rnd
 
========== LOP Check ==========
 
[2011.05.30 11:01:17 | 000,000,000 | ---D | M] -- C:\Users\Nina\AppData\Roaming\1&1 Mail & Media GmbH
[2011.07.06 16:03:44 | 000,000,000 | ---D | M] -- C:\Users\Nina\AppData\Roaming\Diercke Globus Online
[2011.11.04 17:27:01 | 000,000,000 | ---D | M] -- C:\Users\Nina\AppData\Roaming\EndNote
[2009.09.28 20:04:18 | 000,000,000 | ---D | M] -- C:\Users\Nina\AppData\Roaming\Flood Light Games
[2010.09.17 15:41:21 | 000,000,000 | ---D | M] -- C:\Users\Nina\AppData\Roaming\OpenCandy
[2009.09.29 12:51:12 | 000,000,000 | ---D | M] -- C:\Users\Nina\AppData\Roaming\Pirateville
[2010.11.06 21:14:38 | 000,000,000 | ---D | M] -- C:\Users\Nina\AppData\Roaming\ProtectDISC
[2011.05.23 12:00:32 | 000,000,000 | ---D | M] -- C:\Users\Nina\AppData\Roaming\Template
[2011.06.24 00:58:10 | 000,000,000 | ---D | M] -- C:\Users\Nina\AppData\Roaming\V-Games
[2010.08.10 22:30:31 | 000,000,000 | ---D | M] -- C:\Users\Nina\AppData\Roaming\Vodafone
[2008.10.30 14:57:36 | 000,000,000 | ---D | M] -- C:\Users\Nina\AppData\Roaming\WildTangent
[2012.04.25 18:06:00 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >

Extras.Txt-log-file:

Code:

ATTFilter

OTL Extras logfile created on: 25.04.2012 18:16:14 - Run 3
OTL by OldTimer - Version 3.2.39.2     Folder = C:\Users\Nina\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,64 Gb Available Physical Memory | 54,71% Memory free
6,19 Gb Paging File | 4,86 Gb Available in Paging File | 78,45% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 289,06 Gb Total Space | 16,19 Gb Free Space | 5,60% Space Free | Partition Type: NTFS
Drive D: | 9,03 Gb Total Space | 1,16 Gb Free Space | 12,88% Space Free | Partition Type: NTFS
 
Computer Name: NINA-PC | User Name: Nina | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{11DD6CC4-9F71-4B4E-AB77-27EA9990E7B7}" = rport=445 | protocol=6 | dir=out | app=system | 
"{137EC783-BBE5-4160-8085-A45B0D6BDBD5}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{2647BFA5-67DB-4EF5-AE89-B3C2CDD446C8}" = lport=139 | protocol=6 | dir=in | app=system | 
"{36A3981D-80CA-4286-8811-6B13393AE9EE}" = lport=445 | protocol=6 | dir=in | app=system | 
"{36FD9057-3266-459D-ADCF-4258EAE74FA3}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{4FA927B6-5B18-4586-AFC2-B896259D00A2}" = lport=137 | protocol=17 | dir=in | app=system | 
"{824899C7-9A79-49E8-BEF0-D8E2AF6DBE06}" = rport=139 | protocol=6 | dir=out | app=system | 
"{94B8184B-A2E1-4846-83AE-C9F1028138CB}" = rport=138 | protocol=17 | dir=out | app=system | 
"{A895A8B3-4D82-4AA4-B038-C50B5A3428CB}" = lport=138 | protocol=17 | dir=in | app=system | 
"{AD9D84DB-CCE9-4EC9-838A-43070C69E84D}" = rport=137 | protocol=17 | dir=out | app=system | 
"{ADF184ED-04CB-4C0F-A544-BD1A8508C701}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{B6F3E88C-B3E1-4B33-A643-E49692EB5F64}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{C8487EDD-C8C3-4EEE-B7F7-603E789DDB3A}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{CCEBA056-6020-4617-BB01-4C6152292D98}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{D45ACA33-BCCD-468C-AC9F-A21F25764E3C}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{15B044DB-9DD3-4B40-824D-183FE4BF252B}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{15CF9BF1-0F3F-497D-A85E-2619DA034A5D}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe | 
"{28725DAD-CF8E-45E7-9953-68F6AF97F9AA}" = dir=in | app=c:\program files\hp\quickplay\qp.exe | 
"{2928878D-A5E2-4964-A165-ED21B8756079}" = dir=in | app=c:\program files\windows live\mesh\moe.exe | 
"{3CE77803-0772-47F8-A57C-87C5F54FD0C7}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{46209F83-6D3C-437D-9B97-22CE1C8B597D}" = dir=in | app=c:\program files\hp\quickplay\qpservice.exe | 
"{5A5F8220-0EC0-4FEF-BD64-F719A03154AD}" = protocol=17 | dir=in | app=c:\program files\pinnacle\shared files\programs\strmserver\strmserver.exe | 
"{5F3E5B53-8C1B-4882-B81A-28FF66839B70}" = protocol=17 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe | 
"{7E477169-0CEC-48EA-90C7-7EAE0DFA3FC6}" = protocol=17 | dir=in | app=c:\program files\giraffic\girafficwatchdog.exe | 
"{87157B1B-4F23-442B-B89A-A805D28F8486}" = protocol=6 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe | 
"{89A90472-0FBB-4405-90FC-F638D90BDE24}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe | 
"{9001BDBF-019C-4DAB-91CC-2188152D1255}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{904EE618-87C2-40C2-8D1E-FFE474185234}" = protocol=6 | dir=in | app=c:\program files\giraffic\giraffic.exe | 
"{A8200AB3-26AD-4207-8918-2F8361357ED6}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe | 
"{BBAE73B4-DCDB-4AD5-AD7C-E1785B9587B1}" = protocol=6 | dir=in | app=c:\program files\giraffic\girafficwatchdog.exe | 
"{BFD6004B-E64A-4C66-8055-40BE3910AF6B}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{CB2D1972-A9EC-46AD-80D0-F8D50454288A}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{CDEE2160-A667-4E91-9127-0CA7C3010A63}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{D015C9FD-69C1-4E65-A195-FB1AC4E6A2A3}" = protocol=6 | dir=in | app=c:\program files\pinnacle\shared files\programs\strmserver\strmserver.exe | 
"{EF00ECDB-7C41-4AEF-B748-B604F236C903}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{F032A3F2-25EE-469C-96BD-3568B99ADB73}" = protocol=17 | dir=in | app=c:\program files\giraffic\giraffic.exe | 
"{F6A65017-C298-4E2E-B6A9-D2009DB51F43}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe | 
"{F9C10C86-52AF-43BD-BA2A-A77C72C66CED}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"TCP Query User{21602BE4-DF05-45EF-8FBA-9BCC26CE1C38}C:\program files\pinnacle\shared files\programs\strmserver\strmserver.exe" = protocol=6 | dir=in | app=c:\program files\pinnacle\shared files\programs\strmserver\strmserver.exe | 
"TCP Query User{E20D6CAD-4627-44E1-9483-36D7A9D5A897}C:\program files\veoh networks\veohwebplayer\veohwebplayer.exe" = protocol=6 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe | 
"UDP Query User{C1F10555-0643-4AFC-B919-61FBBAB459BB}C:\program files\pinnacle\shared files\programs\strmserver\strmserver.exe" = protocol=17 | dir=in | app=c:\program files\pinnacle\shared files\programs\strmserver\strmserver.exe | 
"UDP Query User{E3834D43-7B20-409B-BAED-C9989ADE2FCE}C:\program files\veoh networks\veohwebplayer\veohwebplayer.exe" = protocol=17 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{02602409-9189-4567-BC07-562605243B69}" = Windows Live Remote Client Resources
"{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{058C8EB2-6DDB-4431-BBF4-C79A1E773C1C}" = HP LaserJet Fonts
"{07EEE598-5F21-4B57-B40B-46592625B3D9}" = Zune Language Pack (PTB)
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0F842B77-56EA-4AAF-8295-81A022350B5E}" = Microsoft Security Client
"{1280E900-35DA-4E08-A700-B79A5B2B8532}" = Microsoft Antimalware Service DE-DE Language Pack
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{1BDC9633-895B-4842-BCB6-8FA1EC2A3C5A}" = Adobe Shockwave Player
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{25DEC9F7-08C7-4511-9B4A-40A61E40658E}" = web'n'walk Manager
"{2614F54E-A828-49FA-93BA-45A3F756BFAA}" = 32 Bit HP CIO Components Installer
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron JMB38X Flash Media Controller
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{29790AC7-AD34-4F3D-A92D-EBED66F49461}" = HP Webregistrierung
"{2A9DFFD8-4E09-4B91-B957-454805B0D7C4}" = Zune Language Pack (CHS)
"{2B4E24A0-A06F-488D-87D8-16738E5E1104}" = Windows Live Family Safety
"{30DAA715-5032-40F9-A0AE-95C9AEBB3E3F}" = HP QuickTouch 1.00 D2
"{31216452-5540-4C96-B754-94890A63D5AB}" = HP Help and Support
"{332DB63A-14F2-465D-9C7E-B0D04353323F}" = RegistryReviver
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{340F521E-3576-4E1A-B75C-EB0ACF751379}" = HP Wireless Assistant
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.40 D1
"{3589A659-F732-4E65-A89A-5438C332E59D}" = Zune Language Pack (ELL)
"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Vista
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3A65A74A-5B6E-451A-92D8-50F1182BBE9A}" = Windows Live Remote Service Resources
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{4289B8A1-2EC7-11D5-A859-00E02956C418}" = e-Seq V2.0
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP QuickPlay 3.7
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C250A6F-9EBF-454D-8C88-159762FA0115}" = Installationshinweise
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{4F0C7CCF-5666-474B-B02E-AC514A95EC93}" = NVIDIA GAME System Software 2.8.1
"{50779A29-834E-4E36-BBEB-B7CABC67A825}" = Microsoft Security Client DE-DE Language Pack
"{51C839E1-2BE4-4E77-A1BA-CCEA5DAFA741}" = Zune Language Pack (KOR)
"{51E5C397-0AA0-48DD-9CB6-7259AFFDFB0A}" = HP Easy Setup - Frontend
"{57C51D56-B287-4C11-9192-EC3C46EF76A4}" = Zune Language Pack (RUS)
"{582287DA-0806-4AC0-BF19-C15E3A466034}" = LightScribe System Software  1.12.33.2
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5C93E291-A1CC-4E51-85C6-E194209FCDB4}" = Zune Language Pack (PTG)
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{5DEFD397-4012-46C3-B6DA-E8013E660772}" = Zune Language Pack (NOR)
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{6740BCB0-5863-47F4-80F4-44F394DE4FE2}" = Zune Language Pack (NLD)
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6B33492E-FBBC-4EC3-8738-09E16E395A10}" = Zune Language Pack (ESP)
"{6EB931CD-A7DA-4A44-B74A-89C8EB50086F}" = Zune Language Pack (SVE)
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{760BF94F-4FAF-4EF6-96D9-B55B12993992}" = Sherlock Holmes - Die Spur der Erwachten Remastered
"{76BA306B-2AA0-47C0-AB6B-F313AB56C136}" = Zune Language Pack (MSL)
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7730D510-6DE2-4CD4-8F58-0B04680AEFE6}" = Mysteryville 2
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7C7AC2D4-1077-45C8-826A-16445B5E0DB7}" = Pinnacle DistanTV Server
"{7F6F58CF-9F6D-4496-A7FC-712F7AE11EB9}" = Agatha Christie - Das haus an der Düne
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{8960A0A1-BB5A-479E-92CF-65AB9D684B43}" = Zune Language Pack (PLK)
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B112338-2B08-4851-AF84-E7CAD74CEB32}" = Zune Language Pack (DAN)
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8F08E12A-363F-4F69-8BC8-0E0EA502A6ED}" = Holly - Ein Weihnachtsmärchen
"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_PROPLUS_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}_PROPLUS_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}_PROPLUS_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_PROPLUS_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_PROPLUS_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}_PROPLUS_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}_PROPLUS_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}_PROPLUS_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}_PROPLUS_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_PROPLUS_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}_PROPLUS_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{92ECE3F9-591E-4C12-8A62-B9FCE38BF646}" = Zune Language Pack (IND)
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-007A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B75648B-6C30-4A0D-9DE6-0D09D20AF5A5}" = Zune
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9E48FF52-082C-4CC2-BB67-6E10D09C0431}" = Windows Live UX Platform Language Pack
"{A5A53EA8-A11E-49F0-BDF5-AE536426A31A}" = Zune Language Pack (CHT)
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A8F2E50B-86E2-4D96-9BD2-9758BCC6F9B3}" = Zune Language Pack (CSY)
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B16DA0F8-26BC-4FFC-9363-1D9F3E6C3E21}" = HP Customer Experience Enhancements
"{B4870774-5F3A-46D9-9DFE-06FB5599E26B}" = Zune Language Pack (FIN)
"{B8169E45-8E23-430B-91D1-EC64540C8ED0}" = HP User Guides 0103
"{BE236D9A-52EC-4A17-82DA-84B5EAD31E3E}" = Zune Language Pack (DEU)
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C5D37FFA-7483-410B-982B-91E93FD3B7DA}" = Zune Language Pack (ITA)
"{C68D33B1-0204-4EBE-BC45-A6E432B1D13A}" = Zune Language Pack (FRA)
"{C6BE19C6-B102-4038-B2A6-1C313872DBB4}" = Zune Language Pack (HUN)
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CB71A20E-B1B4-4562-81FA-33E1DBD0342F}" = ProtectSmart Hard Drive Protection
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE7E3BE0-2DD3-4416-A690-F9E4A99A8CFF}" = HP Active Support Library
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D178746E-0919-424E-88A7-81A0E46FF03E}" = Christmasville
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D8A781C9-3892-4E2E-9320-480CF896CFBB}" = Zune Language Pack (JPN)
"{DDD5104F-1C44-49EB-9E6B-29EC5D27658B}" = HP Update
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EB4F8872-646F-439D-BC5E-24CD7A5E852C}" = Benutzerhandbuch
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F2CB8C3C-9C9E-4FAB-9067-655601C5F748}" = Windows Mobile Device Updater Component
"{f32502b5-5b64-4882-bf61-77f23edcac4f}" = HP Total Care Advisor
"{F38ADCA4-AF7C-4C73-9021-6F1EA15D15EA}" = Pinnacle TVCenter Pro
"{F53D678E-238F-4A71-9742-08BB6774E9DC}" = Windows Live Family Safety
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop Elements 1.0" = Adobe Photoshop Elements
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe SVG Viewer" = Adobe SVG Viewer
"AIM_6" = AIM
"CCleaner" = CCleaner
"Chromas" = Chromas
"Clone Manager Professional Suite 8" = Clone Manager Professional Suite 8
"Der Hummelfluch" = W&G - Der Hummelfluch
"Der Stein der Weisen" = Der Stein der Weisen
"Dr. Brains Mehr Gehirnjogging" = Dr. Brains Mehr Gehirnjogging
"GENtle" = GENtle
"Giraffic" = Giraffic Video Accelerator
"Google Chrome" = Google Chrome
"Holly im Wunderland" = Holly im Wunderland
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HPLaserJetP3005" = HP LaserJet P3005
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"Jump Jack" = Jump Jack
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft Security Client" = Microsoft Security Essentials
"Mozilla Firefox 8.0 (x86 de)" = Mozilla Firefox 8.0 (x86 de)
"NVIDIA Drivers" = NVIDIA Drivers
"Peggle Deluxe 1.03" = Peggle Deluxe 1.03
"PirateVille" = PirateVille
"PROPLUS" = Microsoft Office Professional Plus 2007
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"Schlag den Raab_is1" = Schlag den Raab
"SlingMedia.QPSlingPlayer_is1" = QuickPlay SlingPlayer 0.4.6
"ST6UNST #1" = pDRAW32
"SuperTux_is1" = SuperTux 0.1.3
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Urlaub Unter Tage" = W&G - Urlaub Unter Tage
"WildTangent hp Master Uninstall" = My HP Games
"WinLiveSuite" = Windows Live Essentials
"winscp3_is1" = WinSCP 4.2.8
"Xvid_is1" = Xvid 1.1.3 final uninstall
"Zak McKracken - Between Time and Space" = Zak McKracken - Between Time and Space
"Zune" = Zune
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 25.04.2012 10:46:45 | Computer Name = Nina-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 25.04.2012 10:53:12 | Computer Name = Nina-PC | Source = VSS | ID = 8193
Description = 
 
Error - 25.04.2012 10:54:23 | Computer Name = Nina-PC | Source = VSS | ID = 8193
Description = 
 
Error - 25.04.2012 11:01:49 | Computer Name = Nina-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 25.04.2012 11:17:01 | Computer Name = Nina-PC | Source = VSS | ID = 8193
Description = 
 
Error - 25.04.2012 11:20:34 | Computer Name = Nina-PC | Source = VSS | ID = 8193
Description = 
 
Error - 25.04.2012 11:24:02 | Computer Name = Nina-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 25.04.2012 11:31:14 | Computer Name = Nina-PC | Source = VSS | ID = 8193
Description = 
 
Error - 25.04.2012 12:08:35 | Computer Name = Nina-PC | Source = Windows Search Service | ID = 3024
Description = 
 
Error - 25.04.2012 12:08:55 | Computer Name = Nina-PC | Source = WinMgmt | ID = 10
Description = 
 
[ Media Center Events ]
Error - 01.11.2010 06:22:30 | Computer Name = Nina-PC | Source = MCUpdate | ID = 0
Description = Es konnte nicht auf den MCUpdate-Mutex gewartet werden. Ausnahme: 
'Der Wartezustand wurde aufgrund eines abgebrochenen Mutex beendet.'.
 
[ OSession Events ]
Error - 12.07.2011 15:03:58 | Computer Name = Nina-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6557.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 31760
 seconds with 120 seconds of active time.  This session ended with a crash.
 
Error - 15.08.2011 16:50:44 | Computer Name = Nina-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6557.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 14002
 seconds with 420 seconds of active time.  This session ended with a crash.
 
Error - 26.08.2011 11:24:09 | Computer Name = Nina-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6557.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 16729
 seconds with 360 seconds of active time.  This session ended with a crash.
 
Error - 08.09.2011 15:59:22 | Computer Name = Nina-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6557.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 4452
 seconds with 2220 seconds of active time.  This session ended with a crash.
 
Error - 25.09.2011 14:54:03 | Computer Name = Nina-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6565.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 4502
 seconds with 480 seconds of active time.  This session ended with a crash.
 
Error - 05.11.2011 17:13:37 | Computer Name = Nina-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6565.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 29639
 seconds with 240 seconds of active time.  This session ended with a crash.
 
Error - 18.01.2012 11:31:24 | Computer Name = Nina-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6654.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 13681
 seconds with 3660 seconds of active time.  This session ended with a crash.
 
Error - 19.01.2012 08:59:12 | Computer Name = Nina-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6654.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 8718
 seconds with 1860 seconds of active time.  This session ended with a crash.
 
Error - 31.01.2012 07:49:27 | Computer Name = Nina-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6654.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 2541
 seconds with 420 seconds of active time.  This session ended with a crash.
 
Error - 12.02.2012 16:23:43 | Computer Name = Nina-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 20146
 seconds with 5580 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 25.04.2012 07:24:56 | Computer Name = Nina-PC | Source = netbt | ID = 4321
Description = Der Name "WORKGROUP      :1d" konnte nicht auf der Schnittstelle mit
 IP-Adresse 141.40.145.242  registriert werden. Der Computer mit IP-Adresse 141.40.145.194
 hat nicht  zugelassen, dass dieser Computer diesen Namen verwendet.
 
Error - 25.04.2012 08:32:46 | Computer Name = Nina-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 25.04.2012 09:52:13 | Computer Name = Nina-PC | Source = netbt | ID = 4321
Description = Der Name "WORKGROUP      :1d" konnte nicht auf der Schnittstelle mit
 IP-Adresse 141.40.145.242  registriert werden. Der Computer mit IP-Adresse 141.40.145.194
 hat nicht  zugelassen, dass dieser Computer diesen Namen verwendet.
 
Error - 25.04.2012 09:57:03 | Computer Name = Nina-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 25.04.2012 10:05:31 | Computer Name = Nina-PC | Source = Service Control Manager | ID = 7034
Description = 
 
Error - 25.04.2012 10:08:03 | Computer Name = Nina-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 25.04.2012 10:46:46 | Computer Name = Nina-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 25.04.2012 11:01:49 | Computer Name = Nina-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 25.04.2012 11:24:02 | Computer Name = Nina-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 25.04.2012 12:08:56 | Computer Name = Nina-PC | Source = Service Control Manager | ID = 7000
Description = 
 
 
< End of report >

Weitere Resultate gleich...

Hallo Kira,

zu Punkt 16:
Gmer wurde heruntergeladen und ausgeführt, aber nicht als Administrator. Währenddessen erschien folgende Nachricht:
Gmer.exe funktioniert nicht mehr
Das Programm wird aufgrund eines Problems nicht richtig ausgeführt. Das Programm wird geschlossen und Sie werden benachrichtigt, wenn eine Lösung verfügbar ist.
Sollte der Scan jetzt trotzdem nochmal, aber diesmal richtig, d.h. als Administrator ausgeführt werden?

Viele Grüße!

Chrissi25 · 30.04.2012, 13:29

Hallo Kira,

hier noch zu Punkt 17:
log-file von mbr.exe:

Code:

ATTFilter

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, hxxp://www.gmer.net
Windows 6.0.6002 Disk: WDC_WD3200BEVT-60ZCT0 rev.12.01A12 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 

device: opened successfully
user: MBR read successfully

Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys hpdskflt.sys hal.dll ataport.SYS PCIIDEX.SYS msahci.sys 
C:\Windows\system32\DRIVERS\hpdskflt.sys Hewlett-Packard Company Mobile Data Protection System
1 ntkrnlpa!IofCallDriver[0x8244A912] -> \Device\Harddisk0\DR0[0x8679E1E8]
3 CLASSPNP[0x82A098B3] -> ntkrnlpa!IofCallDriver[0x8244A912] -> [0x8679E8B0]
5 hpdskflt[0x8B7B0F92] -> ntkrnlpa!IofCallDriver[0x8244A912] -> \Device\Ide\IdeDeviceP0T0L0-0[0x85F93B98]
kernel: MBR read successfully
user & kernel MBR OK

Viele Grüße!

kira · 30.04.2012, 15:15

Systemreinigung und Prüfung:

1.

Zitat:

Achtung wichtig!:
Falls Du selber im Logfile Änderungen vorgenommen hast, musst Du durch die Originalbezeichnung ersetzen und so in Script einfügen! sonst funktioniert nicht!
(Benutzerordner, dein Name oder sonstige Änderungen durch X, Stern oder andere Namen ersetzt)

Fixen mit OTL

Starte die OTL.exe.
Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
Kopiere folgendes Skript also - nach dem "Code", alles was in der Codebox steht:

Code:

ATTFilter

:OTL
PRC - [2011.04.06 13:47:16 | 002,644,992 | ---- | M] (Veoh Networks) -- C:\Programme\Veoh Networks\VeohWebPlayer\VeohWebPlayer.exe
MOD - [2011.03.17 15:14:08 | 001,283,584 | ---- | M] () -- C:\Programme\Veoh Networks\VeohWebPlayer\QtScript4.dll
MOD - [2011.03.17 15:14:08 | 000,232,960 | ---- | M] () -- C:\Programme\Veoh Networks\VeohWebPlayer\phonon4.dll
MOD - [2011.03.17 15:14:06 | 010,836,480 | ---- | M] () -- C:\Programme\Veoh Networks\VeohWebPlayer\QtWebKit4.dll
MOD - [2011.03.17 15:14:06 | 008,273,408 | ---- | M] () -- C:\Programme\Veoh Networks\VeohWebPlayer\QtGui4.dll
MOD - [2011.03.17 15:14:06 | 002,286,592 | ---- | M] () -- C:\Programme\Veoh Networks\VeohWebPlayer\QtCore4.dll
MOD - [2011.03.17 15:14:06 | 000,805,888 | ---- | M] () -- C:\Programme\Veoh Networks\VeohWebPlayer\QtNetwork4.dll
MOD - [2011.03.17 15:14:02 | 000,120,320 | ---- | M] () -- C:\Programme\Veoh Networks\VeohWebPlayer\imageformats\qjpeg4.dll
MOD - [2011.03.17 15:14:02 | 000,022,016 | ---- | M] () -- C:\Programme\Veoh Networks\VeohWebPlayer\imageformats\qgif4.dll
SRV - [2008.02.03 12:00:00 | 000,129,992 | ---- | M] (EasyBits Sofware AS) [Auto | Running] -- C:\Windows\System32\ezsvc7.dll -- (ezSharedSvc)
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.de/search?q={searchTerms}&rlz=1I7GGLL_deDE434
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
FF - user.js - File not found
[2011.11.05 05:32:18 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011.11.05 05:38:54 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.11.05 05:38:54 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.11.05 05:38:54 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
[2012.04.25 17:55:25 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Programme\Mozilla Firefox\distribution\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
O4 - HKCU..\Run: [VeohPlugin] C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe (Veoh Networks)

:Reg
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{5F3E5B53-8C1B-4882-B81A-28FF66839B70}" =
"{87157B1B-4F23-442B-B89A-A805D28F8486}" =-
"TCP Query User{E20D6CAD-4627-44E1-9483-36D7A9D5A897}C:\program files\veoh networks\veohwebplayer\veohwebplayer.exe" =-
"UDP Query User{E3834D43-7B20-409B-BAED-C9989ADE2FCE}C:\program files\veoh networks\veohwebplayer\veohwebplayer.exe" =-

:Files
C:\Users\Public\Desktop\Trojan Killer.lnk
C:\ProgramData\EwxRa6k2hb2uaz
C:\Users\Nina\Desktop\SMART_HDD.lnk
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]

und füge es hier ein:
Schließe alle Programme.
Klicke auf den Fix Button.
Klick auf .
OTL verlangt einen Neustart. Bitte zulassen.
Nach dem Neustart findest Du ein Textdokument.
Kopiere den Inhalt hier in Deinen Thread.

2.
Tipps (unabhängig davon ob man den Internet Explorer benutzt oder nicht!):
-> Tipps zu Internet Explorer
-> Ändern oder Auswählen eines Suchanbieters in Internet Explorer 7/8
-> Wie kann ich den Cache im Internet Explorer leeren?
-> Verwalten von Add-Ons in Internet Explorer

3.
reinige dein System mit CCleaner:

"CCleaner"→ "Analysieren"→ Klick auf den Button "Start CCleaner"
"Registry""Fehler suchen"→ "Fehler beheben"→ "Alle beheben"
Starte dein System neu auf

4.

lade Dir SUPERAntiSpyware FREE Edition herunter.
Achte darauf, eventuell angebotene Toolbar nicht mitzuinstallieren, also während der Installation den Haken bei der Toolbar (falls nötig), entfernen.
installiere das Programm und update online.
starte SUPERAntiSpyware und klicke auf "Ihren Computer durchsuchen"
setze ein Häkchen bei "Kompletter Scan" und klicke auf "Weiter"
anschließend alle gefundenen Schadprogramme werden aufgelistet, bei alle Funde Häkchen setzen und mit "OK" bestätigen
auf "Weiter" klicken dann "OK" und auf "Fertig stellen"
um die Ergebnisse anzuzeigen: auf "Präferenzen" dann auf den "Statistiken und Protokolle" klicken
drücke auf "Protokoll anzeigen" - anschließend diesen Bericht bitte speichern und hier posten

5.
Auch auf USB-Sticks, selbstgebrannten Datenträgern, externen Festplatten und anderen Datenträgern können Viren transportiert werden. Man muss daher durch regelmäßige Prüfungen auf Schäden, die durch Malware ("Worm.Win32.Autorun") verursacht worden sein können, überwacht werden. Hierfür sind ser gut geegnet und empfohlen, die auf dem Speichermedium gesicherten Daten, mit Hilfe des kostenlosen Online Scanners zu prüfen.
Schließe jetzt alle externe Datenträgeran (USB Sticks etc) Deinen Rechner an, dabei die Hochstell-Taste [Shift-Taste] gedrückt halten, damit die Autorun-Funktion nicht ausgeführt wird. (So verhindest Du die Ausführung der AUTORUN-Funktion) - Man kann die AUTORUN-Funktion aber auch generell abschalten.►Anleitung

6.
-> Führe dann einen Komplett-Systemcheck mit Eset Online Scanner (NOD32)Kostenlose Online Scanner durch
Achtung!: >>Du sollst nicht die Antivirus-Sicherheitssoftware installieren, sondern dein System nur online scannen<<

7.
erneut einen Scan mit OTL:

Doppelklick auf die OTL.exe
Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
Oben findest Du ein Kästchen mit Ausgabe.
Wähle bitte Standard-Ausgabe
Unter Extra-Registrierung wähle bitte Benutze SafeList.
Mache Häckchen bei LOP- und Purity-Prüfung.
Klicke nun auf Scan links oben.
Wenn der Scan beendet wurde werden zwei Logfiles erstellt.
Du findest die Logfiles auf Deinem Desktop => OTL.txt und Extras.txt
Poste die Logfiles in Code-Tags hier in den Thread.

► berichte erneut über den Zustand des Computers. Ob noch Probleme auftreten, wenn ja, welche?

Chrissi25 · 02.05.2012, 15:28

Hallo Kira,

hier die weiteren Fortschritte.

Zu Punkt 1:
Wurde durchgeführt, allerdings habe ich vergessen, das log-file gleich zu posten. Habe es zwar gespeichert, aber als REG-Datei. Darf man diese unbesorgt öffnen, ohne damit Schäden zu verusachen, damit ich dir das log-file nochmal zuschicken kann?

Zu Punkt 3:
System wurde sowohl gescannt wie auch bereinigt und anschließend neu gestartet.

Zu Punkt 4:
SUPERAntiSpyware FREE Edition wurde heruntergeladen und ausgeführt. Hier das Protokoll des Scans:

Code:

ATTFilter

SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 05/02/2012 at 03:36 PM

Application Version : 5.0.1148

Core Rules Database Version : 8541
Trace Rules Database Version: 6353

Scan type       : Complete Scan
Total Scan Time : 01:19:34

Operating System Information
Windows Vista Home Premium 32-bit, Service Pack 2 (Build 6.00.6002)
UAC On - Limited User (Administrator User)

Memory items scanned      : 703
Memory threats detected   : 0
Registry items scanned    : 35879
Registry threats detected : 0
File items scanned        : 70160
File threats detected     : 5

Adware.Tracking Cookie
	C:\USERS\NINA\AppData\Roaming\Microsoft\Windows\Cookies\Low\3GBME0R3.txt [ Cookie:nina@ad3.adfarm1.adition.com/ ]
	C:\USERS\NINA\AppData\Roaming\Microsoft\Windows\Cookies\Low\96PBO8Q0.txt [ Cookie:nina@4stats.de/ ]
	C:\USERS\NINA\AppData\Roaming\Microsoft\Windows\Cookies\Low\UV20UMOA.txt [ Cookie:nina@apmebf.com/ ]
	C:\USERS\NINA\AppData\Roaming\Microsoft\Windows\Cookies\Low\PF2YCVT0.txt [ Cookie:nina@adfarm1.adition.com/ ]

Heur.Agent/Gen-FakeIE
	C:\WINDOWS\INSTALLER\{7F6F58CF-9F6D-4496-A7FC-712F7AE11EB9}\ICON7F6F58CF.EXE

Leider war die Durchführung nicht genau so wie in deiner Anleitung beschrieben, ich hoffe, dass dieses log-file das Richtige ist.

Zu Punkt 5:
Ich habe seit längerer Zeit keine externen Datenträger verwendet, daher habe ich diesen Punkt nicht durchgeführt.

Werde das System jetzt nochmal neu starten und danach bei Punkt 6 fortfahren.

Viele Grüße!

Chrissi25 · 03.05.2012, 15:48

Hallo Kira,

nun die weiteren Ergebnisse.

Zu Punkt 6:
Habe den Scan mit dem Eset Online Scanner durchgeführt und anschließend die gefundenen Infektionen entfernen lassen. Hier das log-file (ich hoffe es ist das Richtige; es sind die vom Programm aufgelisteten Funde, die ich als txt-file exportieren habe lassen; unter C:/Programme/EsetOnlineScanner/log.txt konnte ich eine derartige Datei leider nicht finden)

Code:

ATTFilter

C:\Program Files\ReviverSoft\Registry Reviver\SetUp.exe	a variant of Win32/SlowPCfighter application	cleaned by deleting - quarantined
C:\Users\Nina\AppData\Roaming\OpenCandy\OpenCandy_1E5616BAC19B4CD0BEAB9EAA9B2EEBCC\p1v1_PPIRegistryReviver_w.exe	a variant of Win32/SlowPCfighter application	deleted - quarantined
C:\Users\Nina\AppData\Roaming\OpenCandy\OpenCandy_1E5616BAC19B4CD0BEAB9EAA9B2EEBCC\PPIRegistryReviverSetup.exe	a variant of Win32/SlowPCfighter application	cleaned by deleting - quarantined
C:\Users\Nina\Videos\Veoh\VeohWebPlayerSetup_eng.exe	a variant of Win32/Toolbar.Zugo application	deleted - quarantined

Nun noch der OTL-Scan, die Ergebnisse kommen gleich!

Hallo Kira,

hier die Ergebnisse des OTL-Scans.

Zu Punkt 7:

OTL-log-file:

Code:

ATTFilter

OTL logfile created on: 03.05.2012 16:50:00 - Run 4
OTL by OldTimer - Version 3.2.39.2     Folder = C:\Users\Nina\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,09 Gb Available Physical Memory | 36,48% Memory free
6,19 Gb Paging File | 3,92 Gb Available in Paging File | 63,34% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 289,06 Gb Total Space | 15,10 Gb Free Space | 5,22% Space Free | Partition Type: NTFS
Drive D: | 9,03 Gb Total Space | 1,16 Gb Free Space | 12,88% Space Free | Partition Type: NTFS
 
Computer Name: NINA-PC | User Name: Nina | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.05.01 18:48:04 | 003,905,920 | ---- | M] (SUPERAntiSpyware.com) -- C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2012.04.16 14:33:35 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Nina\Desktop\OTL.exe
PRC - [2012.04.13 22:27:15 | 000,353,440 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\Macromed\Flash\FlashUtil32_11_2_202_233_ActiveX.exe
PRC - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.04.04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.03.26 17:08:12 | 000,931,200 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Security Client\msseces.exe
PRC - [2012.03.26 17:03:40 | 000,258,712 | ---- | M] (Microsoft Corporation) -- c:\Programme\Microsoft Security Client\MpCmdRun.exe
PRC - [2012.03.26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) -- c:\Programme\Microsoft Security Client\MsMpEng.exe
PRC - [2012.02.27 18:07:41 | 000,307,824 | ---- | M] (Google Inc.) -- C:\Programme\Google\Google Toolbar\GoogleToolbarUser_32.exe
PRC - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011.08.12 01:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Programme\SUPERAntiSpyware\SASCore.exe
PRC - [2011.08.05 13:29:56 | 000,159,456 | ---- | M] (Microsoft Corporation) -- C:\Programme\Zune\ZuneLauncher.exe
PRC - [2011.08.03 19:18:02 | 012,997,488 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Office\Office12\OUTLOOK.EXE
PRC - [2011.05.27 12:00:24 | 000,748,336 | ---- | M] (Microsoft Corporation) -- C:\Programme\Internet Explorer\iexplore.exe
PRC - [2011.03.08 17:04:56 | 002,313,872 | ---- | M] (Giraffic) -- C:\Programme\Giraffic\GirafficWatchdog.exe
PRC - [2011.03.08 17:04:38 | 003,711,104 | ---- | M] (Giraffic) -- C:\Programme\Giraffic\Giraffic.exe
PRC - [2010.12.14 16:49:23 | 001,169,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sdclt.exe
PRC - [2010.09.21 16:03:14 | 001,710,464 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
PRC - [2010.09.21 16:03:14 | 000,193,408 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
PRC - [2009.07.21 23:33:32 | 000,458,844 | ---- | M] (IDT, Inc.) -- C:\Programme\IDT\WDM\sttray.exe
PRC - [2009.07.21 23:33:32 | 000,221,266 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_e2247046\stacsv.exe
PRC - [2009.04.11 08:28:03 | 001,233,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe
PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.04.11 08:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2009.03.02 19:43:08 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_e2247046\AEstSrv.exe
PRC - [2009.02.26 16:24:50 | 000,097,680 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE
PRC - [2008.04.26 01:15:26 | 000,361,808 | ---- | M] () -- C:\Windows\SMINST\BLService.exe
PRC - [2008.03.25 16:45:38 | 000,603,408 | ---- | M] (Avid Development GmbH) -- C:\Programme\Pinnacle\Shared Files\Programs\StrmServer\StrmServer.exe
PRC - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2008.01.21 04:25:33 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe
PRC - [2007.11.07 13:32:24 | 000,798,720 | ---- | M] (T-Mobile) -- C:\Programme\T-Mobile\web'n'walk Manager\web'n'walk Manager.exe
PRC - [2007.11.05 16:28:10 | 000,204,915 | ---- | M] (Option) -- C:\Programme\T-Mobile\web'n'walk Manager\GtDetectSc.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.05.03 12:38:08 | 000,065,024 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
MOD - [2012.05.03 12:38:08 | 000,052,736 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10007.dll
MOD - [2012.05.02 14:13:51 | 000,117,760 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
MOD - [2012.05.02 14:13:51 | 000,052,224 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
MOD - [2011.10.05 04:52:30 | 000,756,048 | ---- | M] () -- C:\Programme\Common Files\microsoft shared\OFFICE12\MSPTLS.DLL
MOD - [2011.06.22 12:46:12 | 000,434,016 | ---- | M] () -- C:\Programme\Microsoft Office\Office12\ADDINS\UmOutlookAddin.dll
MOD - [2009.02.26 14:46:56 | 000,064,344 | ---- | M] () -- C:\Programme\Microsoft Office\Office12\ADDINS\ColleagueImport.dll
MOD - [2008.06.25 22:36:26 | 000,259,480 | ---- | M] () -- C:\Programme\HP\QuickPlay\Kernel\TV\CLCapEngine.dll
MOD - [2008.06.25 22:36:26 | 000,120,216 | ---- | M] () -- C:\Programme\HP\QuickPlay\Kernel\TV\CLSchMgr.dll
MOD - [2008.06.25 22:36:26 | 000,038,184 | ---- | M] () -- C:\Programme\HP\QuickPlay\Kernel\TV\CLCapSvcps.dll
MOD - [2008.06.25 22:36:22 | 000,345,384 | ---- | M] () -- C:\Programme\HP\QuickPlay\Kernel\TV\CLTinyDB.dll
MOD - [2008.06.25 22:34:52 | 000,066,856 | ---- | M] () -- C:\Programme\HP\QuickPlay\Kernel\common\MCEMediaStatus.dll
MOD - [2008.03.25 16:45:44 | 000,111,888 | ---- | M] () -- C:\Programme\Pinnacle\Shared Files\Programs\StrmServer\UPnPStreamingDevice.dll
MOD - [2007.08.14 12:59:54 | 006,365,184 | ---- | M] () -- C:\Programme\Common Files\LightScribe\QtGui4.dll
MOD - [2007.07.12 12:55:52 | 000,131,072 | ---- | M] () -- C:\Programme\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
MOD - [2007.07.12 12:55:28 | 001,581,056 | ---- | M] () -- C:\Programme\Common Files\LightScribe\QtCore4.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2012.04.14 14:27:08 | 000,253,088 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.03.26 17:03:40 | 000,214,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Programme\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2012.03.26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.08.12 01:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Programme\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
SRV - [2011.08.05 13:30:02 | 000,444,640 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Zune\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)
SRV - [2011.08.05 13:30:02 | 000,268,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Zune\WMZuneComm.exe -- (WMZuneComm)
SRV - [2011.08.05 13:29:56 | 006,363,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Zune\ZuneNss.exe -- (ZuneNetworkSvc)
SRV - [2011.07.20 06:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2011.03.08 17:04:56 | 002,313,872 | ---- | M] (Giraffic) [Auto | Running] -- C:\Programme\Giraffic\GirafficWatchdog.exe -- (Giraffic)
SRV - [2010.09.23 02:21:24 | 001,493,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2010.09.22 18:33:04 | 000,051,040 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2010.09.21 16:03:14 | 001,710,464 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2009.07.21 23:33:32 | 000,221,266 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_e2247046\stacsv.exe -- (STacSV)
SRV - [2009.03.02 19:43:08 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_e2247046\AEstSrv.exe -- (AESTFilters)
SRV - [2008.04.26 01:15:26 | 000,361,808 | ---- | M] () [Auto | Running] -- C:\Windows\SMINST\BLService.exe -- (Recovery Service for Windows)
SRV - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007.11.05 16:28:10 | 000,204,915 | ---- | M] (Option) [Auto | Running] -- C:\Programme\T-Mobile\web'n'walk Manager\GtDetectSc.exe -- (GtDetectSc)
SRV - [2006.10.26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - [2012.04.04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012.03.20 20:44:12 | 000,074,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2011.07.22 18:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011.07.12 23:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011.05.13 18:57:42 | 000,025,656 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hpdskflt.sys -- (hpdskflt)
DRV - [2011.05.13 18:57:20 | 000,035,896 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Accelerometer.sys -- (Accelerometer)
DRV - [2010.02.24 12:22:10 | 000,185,472 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\acedrv11.sys -- (acedrv11)
DRV - [2009.10.03 07:02:06 | 009,905,096 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009.07.21 23:33:32 | 000,409,088 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2009.04.11 06:42:52 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUSB)
DRV - [2008.11.17 16:40:22 | 003,668,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel(R)
DRV - [2008.07.08 12:16:26 | 000,096,856 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\jmcr.sys -- (JMCR)
DRV - [2008.05.14 04:09:00 | 000,043,552 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2008.05.02 15:59:40 | 000,122,368 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2008.03.07 14:46:32 | 000,101,504 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2008.01.24 15:23:12 | 000,052,736 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\enecir.sys -- (enecir)
DRV - [2007.07.09 16:17:36 | 000,095,744 | ---- | M] (Option NV) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Gt51Ip.sys -- (GT72NDISIPXP)
DRV - [2007.06.26 15:38:46 | 000,051,968 | ---- | M] (Option N.V.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\gt72ubus.sys -- (GT72UBUS)
DRV - [2007.06.18 17:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2007.06.14 16:41:00 | 000,466,048 | ---- | M] (LITEON) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Ltn_stk7070P.sys -- (Ltn_stk7070P)
DRV - [2007.06.13 21:30:20 | 000,013,440 | ---- | M] (LITEON) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Ltn_stkrc.sys -- (Ltn_stkrc)
DRV - [2007.03.30 15:38:14 | 000,008,064 | ---- | M] (Option N.V.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\gtptser.sys -- (GTPTSER)
DRV - [2006.11.02 09:30:56 | 000,429,056 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvm60x32.sys -- (NVENETFD)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = 
IE - HKLM\..\SearchScopes,DefaultScope = 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.de/search?q={searchTerms}&rlz=1I7GGLL_deDE434
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_233.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.04.25 17:55:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.04.25 17:38:28 | 000,000,000 | ---D | M]
 
[2012.04.25 17:55:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nina\AppData\Roaming\mozilla\Extensions
[2012.04.25 17:55:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nina\AppData\Roaming\mozilla\Firefox\Profiles\yc7k723t.default\extensions
[2012.04.25 17:55:47 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Nina\AppData\Roaming\mozilla\Firefox\Profiles\yc7k723t.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2012.04.25 17:55:25 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2011.10.22 15:07:01 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
[2012.04.25 17:32:45 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
[2012.05.02 13:17:49 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\distribution\extensions
[2011.11.05 09:10:35 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.04.25 17:32:18 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011.11.05 05:38:54 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.11.05 05:38:54 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = hxxp://www.google.de/search?q={searchTerms}
CHR - default_search_provider: suggest_url = 
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Windows Live Messenger Companion Helper) - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Programme\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [Zune Launcher] C:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Nina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Lokales Intranet)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} hxxp://office.microsoft.com/sites/production/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 141.40.145.24
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{018D3980-E9A5-441C-B4D4-130FF89757C7}: DhcpNameServer = 193.254.160.1 10.74.83.22
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6CC5C486-2CF8-499A-9C94-7E937FED3170}: DhcpNameServer = 141.40.145.24
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Programme\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\Skyline.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\Skyline.jpg
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Programme\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.05.02 16:58:27 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012.05.02 14:13:36 | 000,000,000 | ---D | C] -- C:\Users\Nina\AppData\Roaming\SUPERAntiSpyware.com
[2012.05.02 14:12:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2012.05.02 14:12:29 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2012.05.02 14:12:29 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012.04.30 14:20:32 | 000,000,000 | ---D | C] -- C:\Users\Nina\Desktop\gmer
[2012.04.25 18:30:32 | 000,000,000 | ---D | C] -- C:\Users\Nina\Desktop\gmer_gmer.exe
[2012.04.25 17:55:37 | 000,000,000 | ---D | C] -- C:\Users\Nina\AppData\Roaming\Mozilla
[2012.04.25 17:33:29 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012.04.25 17:32:43 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2012.04.25 17:32:43 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2012.04.25 17:32:43 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2012.04.25 17:31:54 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2012.04.25 16:05:30 | 000,000,000 | ---D | C] -- C:\_OTL
[2012.04.18 21:34:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2012.04.18 21:34:16 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012.04.17 20:17:39 | 000,000,000 | ---D | C] -- C:\Users\Nina\Logs
[2012.04.17 15:05:46 | 010,063,000 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\Nina\Desktop\mbam-setup-1.61.0.1400.exe
[2012.04.17 13:12:06 | 000,000,000 | ---D | C] -- C:\Users\Nina\AppData\Roaming\Malwarebytes
[2012.04.17 13:11:45 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.04.17 13:11:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.04.17 13:11:45 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.04.17 13:11:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.04.16 14:33:33 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Users\Nina\Desktop\OTL.exe
[2012.04.15 22:13:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GridinSoft Trojan Killer
[2012.04.15 22:13:08 | 000,000,000 | ---D | C] -- C:\Program Files\GridinSoft Trojan Killer
[2012.04.15 18:16:46 | 000,000,000 | ---D | C] -- C:\Users\Nina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SMART HDD
[2012.04.13 13:53:47 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012.04.13 13:53:45 | 001,799,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012.04.13 13:53:41 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012.04.13 13:53:40 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012.04.13 13:53:40 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012.04.13 13:53:39 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012.04.13 13:47:23 | 003,602,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2012.04.13 13:47:23 | 003,550,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
 
========== Files - Modified Within 30 Days ==========
 
[2012.05.03 16:36:35 | 000,003,216 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.05.03 16:36:35 | 000,003,216 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.05.03 16:27:10 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.05.03 12:41:14 | 000,630,842 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.05.03 12:41:14 | 000,596,444 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.05.03 12:41:14 | 000,127,454 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.05.03 12:41:14 | 000,103,418 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.05.03 12:37:08 | 000,000,349 | ---- | M] () -- C:\Users\Public\Documents\PCLECHAL.INI
[2012.05.03 12:36:45 | 000,167,368 | ---- | M] () -- C:\ProgramData\nvModes.001
[2012.05.03 12:36:37 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.05.03 12:36:34 | 3215,982,592 | -HS- | M] () -- C:\hiberfil.sys
[2012.05.02 21:56:15 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012.05.02 14:12:36 | 000,001,800 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012.04.30 14:18:52 | 000,089,088 | ---- | M] () -- C:\Windows\System32\mbr.exe
[2012.04.25 18:29:13 | 000,294,216 | ---- | M] () -- C:\Users\Nina\Desktop\gmer.zip
[2012.04.25 17:55:27 | 000,000,846 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.04.25 17:32:17 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2012.04.25 17:32:17 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2012.04.25 17:32:16 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2012.04.25 17:32:16 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2012.04.25 15:56:25 | 000,386,752 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.04.25 13:09:42 | 000,001,912 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012.04.24 19:08:39 | 000,001,971 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012.04.18 21:34:19 | 000,000,804 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.04.17 15:07:00 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.04.17 15:05:49 | 010,063,000 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\Nina\Desktop\mbam-setup-1.61.0.1400.exe
[2012.04.16 14:33:35 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Nina\Desktop\OTL.exe
[2012.04.15 13:41:46 | 000,167,368 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2012.04.14 14:27:08 | 000,418,464 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012.04.14 14:27:07 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012.04.04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
 
========== Files Created - No Company Name ==========
 
[2012.05.02 14:12:36 | 000,001,800 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012.04.30 14:18:51 | 000,089,088 | ---- | C] () -- C:\Windows\System32\mbr.exe
[2012.04.25 18:29:13 | 000,294,216 | ---- | C] () -- C:\Users\Nina\Desktop\gmer.zip
[2012.04.25 17:55:27 | 000,000,858 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012.04.25 17:55:27 | 000,000,846 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.04.25 13:09:39 | 000,001,826 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012.04.18 21:34:19 | 000,000,804 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.04.18 21:25:22 | 3215,982,592 | -HS- | C] () -- C:\hiberfil.sys
[2012.04.17 13:11:46 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.04.15 22:18:27 | 000,002,179 | ---- | C] () -- C:\Users\Public\Desktop\Sherlock Holmes - Die Spur der Erwachten Remastered spielen.lnk
[2012.04.15 22:18:27 | 000,002,073 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2012.04.15 22:18:27 | 000,001,971 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012.04.15 22:18:27 | 000,001,892 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2012.04.15 22:18:27 | 000,001,873 | ---- | C] () -- C:\Users\Public\Desktop\HP Hilfe und Support.lnk
[2012.04.15 22:18:27 | 000,001,859 | ---- | C] () -- C:\Users\Public\Desktop\HP Total Care Advisor.lnk
[2012.04.15 22:18:27 | 000,001,810 | ---- | C] () -- C:\Users\Public\Desktop\Pinnacle TVCenter Pro.lnk
[2012.04.15 22:18:27 | 000,001,589 | ---- | C] () -- C:\Users\Public\Desktop\Browserwahl.lnk
[2012.04.15 22:18:27 | 000,001,425 | ---- | C] () -- C:\Users\Public\Desktop\e-Seq V2.0.lnk
[2012.04.15 22:18:27 | 000,001,053 | ---- | C] () -- C:\Users\Public\Desktop\web'n'walk Manager.lnk
[2012.04.15 22:18:27 | 000,000,838 | ---- | C] () -- C:\Users\Public\Desktop\Zune.lnk
[2010.11.05 18:25:26 | 000,765,952 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2010.11.05 18:25:25 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2010.09.17 15:41:24 | 000,000,600 | ---- | C] () -- C:\Users\Nina\AppData\Roaming\winscp.rnd
 
========== LOP Check ==========
 
[2011.05.30 11:01:17 | 000,000,000 | ---D | M] -- C:\Users\Nina\AppData\Roaming\1&1 Mail & Media GmbH
[2011.07.06 16:03:44 | 000,000,000 | ---D | M] -- C:\Users\Nina\AppData\Roaming\Diercke Globus Online
[2011.11.04 17:27:01 | 000,000,000 | ---D | M] -- C:\Users\Nina\AppData\Roaming\EndNote
[2009.09.28 20:04:18 | 000,000,000 | ---D | M] -- C:\Users\Nina\AppData\Roaming\Flood Light Games
[2010.09.17 15:41:21 | 000,000,000 | ---D | M] -- C:\Users\Nina\AppData\Roaming\OpenCandy
[2009.09.29 12:51:12 | 000,000,000 | ---D | M] -- C:\Users\Nina\AppData\Roaming\Pirateville
[2010.11.06 21:14:38 | 000,000,000 | ---D | M] -- C:\Users\Nina\AppData\Roaming\ProtectDISC
[2011.05.23 12:00:32 | 000,000,000 | ---D | M] -- C:\Users\Nina\AppData\Roaming\Template
[2011.06.24 00:58:10 | 000,000,000 | ---D | M] -- C:\Users\Nina\AppData\Roaming\V-Games
[2010.08.10 22:30:31 | 000,000,000 | ---D | M] -- C:\Users\Nina\AppData\Roaming\Vodafone
[2008.10.30 14:57:36 | 000,000,000 | ---D | M] -- C:\Users\Nina\AppData\Roaming\WildTangent
[2012.05.02 21:56:16 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >

Extras-log-file:

Code:

ATTFilter

OTL Extras logfile created on: 03.05.2012 16:50:00 - Run 4
OTL by OldTimer - Version 3.2.39.2     Folder = C:\Users\Nina\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,09 Gb Available Physical Memory | 36,48% Memory free
6,19 Gb Paging File | 3,92 Gb Available in Paging File | 63,34% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 289,06 Gb Total Space | 15,10 Gb Free Space | 5,22% Space Free | Partition Type: NTFS
Drive D: | 9,03 Gb Total Space | 1,16 Gb Free Space | 12,88% Space Free | Partition Type: NTFS
 
Computer Name: NINA-PC | User Name: Nina | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{11DD6CC4-9F71-4B4E-AB77-27EA9990E7B7}" = rport=445 | protocol=6 | dir=out | app=system | 
"{137EC783-BBE5-4160-8085-A45B0D6BDBD5}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{2647BFA5-67DB-4EF5-AE89-B3C2CDD446C8}" = lport=139 | protocol=6 | dir=in | app=system | 
"{36A3981D-80CA-4286-8811-6B13393AE9EE}" = lport=445 | protocol=6 | dir=in | app=system | 
"{36FD9057-3266-459D-ADCF-4258EAE74FA3}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{4FA927B6-5B18-4586-AFC2-B896259D00A2}" = lport=137 | protocol=17 | dir=in | app=system | 
"{824899C7-9A79-49E8-BEF0-D8E2AF6DBE06}" = rport=139 | protocol=6 | dir=out | app=system | 
"{94B8184B-A2E1-4846-83AE-C9F1028138CB}" = rport=138 | protocol=17 | dir=out | app=system | 
"{A895A8B3-4D82-4AA4-B038-C50B5A3428CB}" = lport=138 | protocol=17 | dir=in | app=system | 
"{AD9D84DB-CCE9-4EC9-838A-43070C69E84D}" = rport=137 | protocol=17 | dir=out | app=system | 
"{ADF184ED-04CB-4C0F-A544-BD1A8508C701}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{B6F3E88C-B3E1-4B33-A643-E49692EB5F64}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{C8487EDD-C8C3-4EEE-B7F7-603E789DDB3A}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{CCEBA056-6020-4617-BB01-4C6152292D98}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{D45ACA33-BCCD-468C-AC9F-A21F25764E3C}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{15B044DB-9DD3-4B40-824D-183FE4BF252B}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{15CF9BF1-0F3F-497D-A85E-2619DA034A5D}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe | 
"{28725DAD-CF8E-45E7-9953-68F6AF97F9AA}" = dir=in | app=c:\program files\hp\quickplay\qp.exe | 
"{2928878D-A5E2-4964-A165-ED21B8756079}" = dir=in | app=c:\program files\windows live\mesh\moe.exe | 
"{3CE77803-0772-47F8-A57C-87C5F54FD0C7}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{46209F83-6D3C-437D-9B97-22CE1C8B597D}" = dir=in | app=c:\program files\hp\quickplay\qpservice.exe | 
"{5A5F8220-0EC0-4FEF-BD64-F719A03154AD}" = protocol=17 | dir=in | app=c:\program files\pinnacle\shared files\programs\strmserver\strmserver.exe | 
"{7E477169-0CEC-48EA-90C7-7EAE0DFA3FC6}" = protocol=17 | dir=in | app=c:\program files\giraffic\girafficwatchdog.exe | 
"{89A90472-0FBB-4405-90FC-F638D90BDE24}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe | 
"{9001BDBF-019C-4DAB-91CC-2188152D1255}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{904EE618-87C2-40C2-8D1E-FFE474185234}" = protocol=6 | dir=in | app=c:\program files\giraffic\giraffic.exe | 
"{A8200AB3-26AD-4207-8918-2F8361357ED6}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe | 
"{BBAE73B4-DCDB-4AD5-AD7C-E1785B9587B1}" = protocol=6 | dir=in | app=c:\program files\giraffic\girafficwatchdog.exe | 
"{BFD6004B-E64A-4C66-8055-40BE3910AF6B}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{CB2D1972-A9EC-46AD-80D0-F8D50454288A}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{CDEE2160-A667-4E91-9127-0CA7C3010A63}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{D015C9FD-69C1-4E65-A195-FB1AC4E6A2A3}" = protocol=6 | dir=in | app=c:\program files\pinnacle\shared files\programs\strmserver\strmserver.exe | 
"{EF00ECDB-7C41-4AEF-B748-B604F236C903}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{F032A3F2-25EE-469C-96BD-3568B99ADB73}" = protocol=17 | dir=in | app=c:\program files\giraffic\giraffic.exe | 
"{F6A65017-C298-4E2E-B6A9-D2009DB51F43}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe | 
"{F9C10C86-52AF-43BD-BA2A-A77C72C66CED}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"TCP Query User{21602BE4-DF05-45EF-8FBA-9BCC26CE1C38}C:\program files\pinnacle\shared files\programs\strmserver\strmserver.exe" = protocol=6 | dir=in | app=c:\program files\pinnacle\shared files\programs\strmserver\strmserver.exe | 
"UDP Query User{C1F10555-0643-4AFC-B919-61FBBAB459BB}C:\program files\pinnacle\shared files\programs\strmserver\strmserver.exe" = protocol=17 | dir=in | app=c:\program files\pinnacle\shared files\programs\strmserver\strmserver.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{02602409-9189-4567-BC07-562605243B69}" = Windows Live Remote Client Resources
"{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{058C8EB2-6DDB-4431-BBF4-C79A1E773C1C}" = HP LaserJet Fonts
"{07EEE598-5F21-4B57-B40B-46592625B3D9}" = Zune Language Pack (PTB)
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0F842B77-56EA-4AAF-8295-81A022350B5E}" = Microsoft Security Client
"{1280E900-35DA-4E08-A700-B79A5B2B8532}" = Microsoft Antimalware Service DE-DE Language Pack
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{1BDC9633-895B-4842-BCB6-8FA1EC2A3C5A}" = Adobe Shockwave Player
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{25DEC9F7-08C7-4511-9B4A-40A61E40658E}" = web'n'walk Manager
"{2614F54E-A828-49FA-93BA-45A3F756BFAA}" = 32 Bit HP CIO Components Installer
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron JMB38X Flash Media Controller
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{29790AC7-AD34-4F3D-A92D-EBED66F49461}" = HP Webregistrierung
"{2A9DFFD8-4E09-4B91-B957-454805B0D7C4}" = Zune Language Pack (CHS)
"{2B4E24A0-A06F-488D-87D8-16738E5E1104}" = Windows Live Family Safety
"{30DAA715-5032-40F9-A0AE-95C9AEBB3E3F}" = HP QuickTouch 1.00 D2
"{31216452-5540-4C96-B754-94890A63D5AB}" = HP Help and Support
"{332DB63A-14F2-465D-9C7E-B0D04353323F}" = RegistryReviver
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{340F521E-3576-4E1A-B75C-EB0ACF751379}" = HP Wireless Assistant
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.40 D1
"{3589A659-F732-4E65-A89A-5438C332E59D}" = Zune Language Pack (ELL)
"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Vista
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3A65A74A-5B6E-451A-92D8-50F1182BBE9A}" = Windows Live Remote Service Resources
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{4289B8A1-2EC7-11D5-A859-00E02956C418}" = e-Seq V2.0
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP QuickPlay 3.7
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C250A6F-9EBF-454D-8C88-159762FA0115}" = Installationshinweise
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{4F0C7CCF-5666-474B-B02E-AC514A95EC93}" = NVIDIA GAME System Software 2.8.1
"{50779A29-834E-4E36-BBEB-B7CABC67A825}" = Microsoft Security Client DE-DE Language Pack
"{51C839E1-2BE4-4E77-A1BA-CCEA5DAFA741}" = Zune Language Pack (KOR)
"{51E5C397-0AA0-48DD-9CB6-7259AFFDFB0A}" = HP Easy Setup - Frontend
"{57C51D56-B287-4C11-9192-EC3C46EF76A4}" = Zune Language Pack (RUS)
"{582287DA-0806-4AC0-BF19-C15E3A466034}" = LightScribe System Software  1.12.33.2
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5C93E291-A1CC-4E51-85C6-E194209FCDB4}" = Zune Language Pack (PTG)
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{5DEFD397-4012-46C3-B6DA-E8013E660772}" = Zune Language Pack (NOR)
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{6740BCB0-5863-47F4-80F4-44F394DE4FE2}" = Zune Language Pack (NLD)
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6B33492E-FBBC-4EC3-8738-09E16E395A10}" = Zune Language Pack (ESP)
"{6EB931CD-A7DA-4A44-B74A-89C8EB50086F}" = Zune Language Pack (SVE)
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{760BF94F-4FAF-4EF6-96D9-B55B12993992}" = Sherlock Holmes - Die Spur der Erwachten Remastered
"{76BA306B-2AA0-47C0-AB6B-F313AB56C136}" = Zune Language Pack (MSL)
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7730D510-6DE2-4CD4-8F58-0B04680AEFE6}" = Mysteryville 2
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7C7AC2D4-1077-45C8-826A-16445B5E0DB7}" = Pinnacle DistanTV Server
"{7F6F58CF-9F6D-4496-A7FC-712F7AE11EB9}" = Agatha Christie - Das haus an der Düne
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{8960A0A1-BB5A-479E-92CF-65AB9D684B43}" = Zune Language Pack (PLK)
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B112338-2B08-4851-AF84-E7CAD74CEB32}" = Zune Language Pack (DAN)
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8F08E12A-363F-4F69-8BC8-0E0EA502A6ED}" = Holly - Ein Weihnachtsmärchen
"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_PROPLUS_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}_PROPLUS_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}_PROPLUS_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_PROPLUS_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_PROPLUS_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}_PROPLUS_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}_PROPLUS_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}_PROPLUS_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}_PROPLUS_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_PROPLUS_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}_PROPLUS_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{92ECE3F9-591E-4C12-8A62-B9FCE38BF646}" = Zune Language Pack (IND)
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-007A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B75648B-6C30-4A0D-9DE6-0D09D20AF5A5}" = Zune
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9E48FF52-082C-4CC2-BB67-6E10D09C0431}" = Windows Live UX Platform Language Pack
"{A5A53EA8-A11E-49F0-BDF5-AE536426A31A}" = Zune Language Pack (CHT)
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A8F2E50B-86E2-4D96-9BD2-9758BCC6F9B3}" = Zune Language Pack (CSY)
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B16DA0F8-26BC-4FFC-9363-1D9F3E6C3E21}" = HP Customer Experience Enhancements
"{B4870774-5F3A-46D9-9DFE-06FB5599E26B}" = Zune Language Pack (FIN)
"{B8169E45-8E23-430B-91D1-EC64540C8ED0}" = HP User Guides 0103
"{BE236D9A-52EC-4A17-82DA-84B5EAD31E3E}" = Zune Language Pack (DEU)
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C5D37FFA-7483-410B-982B-91E93FD3B7DA}" = Zune Language Pack (ITA)
"{C68D33B1-0204-4EBE-BC45-A6E432B1D13A}" = Zune Language Pack (FRA)
"{C6BE19C6-B102-4038-B2A6-1C313872DBB4}" = Zune Language Pack (HUN)
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CB71A20E-B1B4-4562-81FA-33E1DBD0342F}" = ProtectSmart Hard Drive Protection
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE7E3BE0-2DD3-4416-A690-F9E4A99A8CFF}" = HP Active Support Library
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D178746E-0919-424E-88A7-81A0E46FF03E}" = Christmasville
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D8A781C9-3892-4E2E-9320-480CF896CFBB}" = Zune Language Pack (JPN)
"{DDD5104F-1C44-49EB-9E6B-29EC5D27658B}" = HP Update
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EB4F8872-646F-439D-BC5E-24CD7A5E852C}" = Benutzerhandbuch
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F2CB8C3C-9C9E-4FAB-9067-655601C5F748}" = Windows Mobile Device Updater Component
"{f32502b5-5b64-4882-bf61-77f23edcac4f}" = HP Total Care Advisor
"{F38ADCA4-AF7C-4C73-9021-6F1EA15D15EA}" = Pinnacle TVCenter Pro
"{F53D678E-238F-4A71-9742-08BB6774E9DC}" = Windows Live Family Safety
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop Elements 1.0" = Adobe Photoshop Elements
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe SVG Viewer" = Adobe SVG Viewer
"AIM_6" = AIM
"CCleaner" = CCleaner
"Chromas" = Chromas
"Clone Manager Professional Suite 8" = Clone Manager Professional Suite 8
"Der Hummelfluch" = W&G - Der Hummelfluch
"Der Stein der Weisen" = Der Stein der Weisen
"Dr. Brains Mehr Gehirnjogging" = Dr. Brains Mehr Gehirnjogging
"GENtle" = GENtle
"Giraffic" = Giraffic Video Accelerator
"Google Chrome" = Google Chrome
"Holly im Wunderland" = Holly im Wunderland
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HPLaserJetP3005" = HP LaserJet P3005
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"Jump Jack" = Jump Jack
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft Security Client" = Microsoft Security Essentials
"Mozilla Firefox 8.0 (x86 de)" = Mozilla Firefox 8.0 (x86 de)
"NVIDIA Drivers" = NVIDIA Drivers
"Peggle Deluxe 1.03" = Peggle Deluxe 1.03
"PirateVille" = PirateVille
"PROPLUS" = Microsoft Office Professional Plus 2007
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"Schlag den Raab_is1" = Schlag den Raab
"SlingMedia.QPSlingPlayer_is1" = QuickPlay SlingPlayer 0.4.6
"ST6UNST #1" = pDRAW32
"SuperTux_is1" = SuperTux 0.1.3
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Urlaub Unter Tage" = W&G - Urlaub Unter Tage
"WildTangent hp Master Uninstall" = My HP Games
"WinLiveSuite" = Windows Live Essentials
"winscp3_is1" = WinSCP 4.2.8
"Xvid_is1" = Xvid 1.1.3 final uninstall
"Zak McKracken - Between Time and Space" = Zak McKracken - Between Time and Space
"Zune" = Zune
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 30.04.2012 08:14:31 | Computer Name = Nina-PC | Source = VSS | ID = 8193
Description = 
 
Error - 30.04.2012 14:24:23 | Computer Name = Nina-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung VeohWebPlayer.exe, Version 1.2.2.1112, Zeitstempel
 0x4d9c52c3, fehlerhaftes Modul QtCore4.dll, Version 4.7.0.0, Zeitstempel 0x4c737fad,
 Ausnahmecode 0xc0000005, Fehleroffset 0x00053126,  Prozess-ID 0x8f4, Anwendungsstartzeit
 01cd26c94907f102.
 
Error - 02.05.2012 07:04:47 | Computer Name = Nina-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 02.05.2012 07:20:02 | Computer Name = Nina-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 02.05.2012 08:02:29 | Computer Name = Nina-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 02.05.2012 08:12:03 | Computer Name = Nina-PC | Source = Windows Backup | ID = 4103
Description = 
 
Error - 02.05.2012 08:12:42 | Computer Name = Nina-PC | Source = VSS | ID = 8193
Description = 
 
Error - 02.05.2012 10:32:00 | Computer Name = Nina-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 03.05.2012 06:37:11 | Computer Name = Nina-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 03.05.2012 09:58:21 | Computer Name = Nina-PC | Source = VSS | ID = 8193
Description = 
 
[ Media Center Events ]
Error - 01.11.2010 06:22:30 | Computer Name = Nina-PC | Source = MCUpdate | ID = 0
Description = Es konnte nicht auf den MCUpdate-Mutex gewartet werden. Ausnahme: 
'Der Wartezustand wurde aufgrund eines abgebrochenen Mutex beendet.'.
 
[ OSession Events ]
Error - 12.07.2011 15:03:58 | Computer Name = Nina-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6557.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 31760
 seconds with 120 seconds of active time.  This session ended with a crash.
 
Error - 15.08.2011 16:50:44 | Computer Name = Nina-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6557.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 14002
 seconds with 420 seconds of active time.  This session ended with a crash.
 
Error - 26.08.2011 11:24:09 | Computer Name = Nina-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6557.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 16729
 seconds with 360 seconds of active time.  This session ended with a crash.
 
Error - 08.09.2011 15:59:22 | Computer Name = Nina-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6557.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 4452
 seconds with 2220 seconds of active time.  This session ended with a crash.
 
Error - 25.09.2011 14:54:03 | Computer Name = Nina-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6565.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 4502
 seconds with 480 seconds of active time.  This session ended with a crash.
 
Error - 05.11.2011 17:13:37 | Computer Name = Nina-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6565.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 29639
 seconds with 240 seconds of active time.  This session ended with a crash.
 
Error - 18.01.2012 11:31:24 | Computer Name = Nina-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6654.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 13681
 seconds with 3660 seconds of active time.  This session ended with a crash.
 
Error - 19.01.2012 08:59:12 | Computer Name = Nina-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6654.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 8718
 seconds with 1860 seconds of active time.  This session ended with a crash.
 
Error - 31.01.2012 07:49:27 | Computer Name = Nina-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6654.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 2541
 seconds with 420 seconds of active time.  This session ended with a crash.
 
Error - 12.02.2012 16:23:43 | Computer Name = Nina-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 20146
 seconds with 5580 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 02.05.2012 07:33:00 | Computer Name = Nina-PC | Source = Microsoft Antimalware | ID = 2001
Description = Beim Aktualisieren der Signaturen wurde von %%860 ein Fehler festgestellt.

	Neue
 Signaturversion:      Vorherige Signaturversion: 1.125.815.0     Aktualisierungsquelle: %%859

	Aktualisierungsphase:
 %%853     Quellpfad: hxxp://www.microsoft.com     Signaturtyp: %%800     Aktualisierungstyp: %%803

	Benutzer:
 NT-AUTORITÄT\SYSTEM     Aktuelle Modulversion:      Vorherige Modulversion: 1.1.8304.0     Fehlercode:
 0x80240022     Fehlerbeschreibung: Die Suche des Programms nach Definitionsaktualisierungen
 ist nicht möglich. 
 
Error - 02.05.2012 07:33:00 | Computer Name = Nina-PC | Source = Microsoft Antimalware | ID = 2001
Description = Beim Aktualisieren der Signaturen wurde von %%860 ein Fehler festgestellt.

	Neue
 Signaturversion:      Vorherige Signaturversion: 1.125.815.0     Aktualisierungsquelle: %%859

	Aktualisierungsphase:
 %%853     Quellpfad: hxxp://www.microsoft.com     Signaturtyp: %%800     Aktualisierungstyp: %%803

	Benutzer:
 NT-AUTORITÄT\SYSTEM     Aktuelle Modulversion:      Vorherige Modulversion: 1.1.8304.0     Fehlercode:
 0x80240022     Fehlerbeschreibung: Die Suche des Programms nach Definitionsaktualisierungen
 ist nicht möglich. 
 
Error - 02.05.2012 08:02:30 | Computer Name = Nina-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 02.05.2012 08:02:30 | Computer Name = Nina-PC | Source = Service Control Manager | ID = 7024
Description = 
 
Error - 02.05.2012 10:32:00 | Computer Name = Nina-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 02.05.2012 10:32:00 | Computer Name = Nina-PC | Source = Service Control Manager | ID = 7024
Description = 
 
Error - 03.05.2012 06:37:11 | Computer Name = Nina-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 03.05.2012 06:37:11 | Computer Name = Nina-PC | Source = Service Control Manager | ID = 7024
Description = 
 
Error - 03.05.2012 10:38:14 | Computer Name = Nina-PC | Source = Service Control Manager | ID = 7024
Description = 
 
Error - 03.05.2012 10:38:26 | Computer Name = Nina-PC | Source = Service Control Manager | ID = 7024
Description = 
 
 
< End of report >

Viele Grüße!