GVU 2.07 auf Win 7 64bit

Serti · 30.07.2012, 10:54

Hallo,

auch mich hat es erwischt..... GVU 2.07 auf Win 7 64 bit. Mit Malwarebytes habe ich jetzt wieder Internetzugriff und versuche hier mein Glück.

Als newbie hoffe ich auf Hilfe

Grüße
Serti

t'john · 30.07.2012, 16:05

1. Schritt

Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Malwarebytes Anti-Malware
- Anwendbar auf Windows 2000, XP, Vista und 7.
- Installiere das Programm in den vorgegebenen Pfad.
- Aktiviere "Komplett Scan durchführen" => Scan.
- Wähle alle verfügbaren Laufwerke (ausser CD/DVD) aus und starte den Scan.
- Funde bitte löschen lassen oder in Quarantäne.
- Wenn der Scan beendet ist, klicke auf "Zeige Resultate".

2. Schritt

Systemscan mit OTL (bebilderte Anleitung)

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop ( falls noch nicht vorhanden)- Doppelklick auf die OTL.exe
- Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
- Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
- Unter Extra Registry, wähle bitte Use SafeList
- Klicke nun auf Run Scan links oben
- Wenn der Scan beendet wurde werden 2 Logfiles erstellt
- Poste die Logfiles hier in den Thread.

Serti · 30.07.2012, 21:52

Danke für die schnelle Antwort!!

1. Schritt

Code:

ATTFilter

 Malwarebytes Anti-Malware  (Test) 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.07.30.10

Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
2nd :: 2ND-PC [Administrator]

Schutz: Aktiviert

30.07.2012 21:55:06
mbam-log-2012-07-30 (21-55-06).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|G:\|J:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 604832
Laufzeit: 37 Minute(n), 4 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

2. Schritt

Otl.txt

Code:

ATTFilter

OTL logfile created on: 30.07.2012 22:40:31 - Run 4
OTL by OldTimer - Version 3.2.55.0     Folder = C:\Users\2nd\Desktop
64bit- Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,99 Gb Total Physical Memory | 3,48 Gb Available Physical Memory | 43,50% Memory free
15,98 Gb Paging File | 11,16 Gb Available in Paging File | 69,83% Paging File free
Paging file location(s): d:\pagefile.sys 0 0 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 50,88 Gb Total Space | 5,65 Gb Free Space | 11,10% Space Free | Partition Type: NTFS
Drive D: | 68,26 Gb Total Space | 31,00 Gb Free Space | 45,41% Space Free | Partition Type: NTFS
Drive E: | 200,00 Gb Total Space | 199,73 Gb Free Space | 99,87% Space Free | Partition Type: NTFS
Drive F: | 200,00 Gb Total Space | 99,36 Gb Free Space | 49,68% Space Free | Partition Type: NTFS
Drive G: | 400,00 Gb Total Space | 181,11 Gb Free Space | 45,28% Space Free | Partition Type: NTFS
Drive I: | 267,21 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive J: | 597,26 Gb Total Space | 284,14 Gb Free Space | 47,57% Space Free | Partition Type: NTFS
 
Computer Name: 2ND-PC | User Name: 2nd | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\2nd\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Users\2nd\AppData\Local\Google\Update\1.3.21.115\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Users\2nd\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - D:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG)
PRC - C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe (Adobe Systems, Inc.)
PRC - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe (AMD)
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - C:\Program Files (x86)\DynDNS Updater\DynUpSvc.exe (Dynamic Network Services, Inc.)
PRC - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
PRC - C:\Programme\ASUS\TurboV EVO\TurboV_EVO.exe (ASUSTeK Computer Inc.)
PRC - C:\Programme\ASUS\TurboV EVO\TurboVHelp.exe (ASUSTeK Computer Inc.)
PRC - C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe (ASUSTeK Computer Inc.)
PRC - C:\Programme\ASUS\Six Engine\SixEngine.exe ()
PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\TechSmith\SnagIt 9\TSCHelp.exe (TechSmith Corporation)
PRC - C:\Program Files (x86)\TechSmith\SnagIt 9\SnagPriv.exe (TechSmith Corporation)
PRC - C:\Program Files (x86)\TechSmith\SnagIt 9\snagiteditor.exe (TechSmith Corporation)
PRC - C:\Program Files (x86)\TechSmith\SnagIt 9\SnagIt32.exe (TechSmith Corporation)
PRC - C:\Program Files (x86)\Garmin\Training Center\gStart.exe (GARMIN Corp.)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Users\2nd\AppData\Local\Google\Chrome\Application\20.0.1132.57\ppGoogleNaClPluginChrome.dll ()
MOD - C:\Users\2nd\AppData\Local\Google\Chrome\Application\20.0.1132.57\pdf.dll ()
MOD - C:\Users\2nd\AppData\Local\Google\Chrome\Application\20.0.1132.57\libglesv2.dll ()
MOD - C:\Users\2nd\AppData\Local\Google\Chrome\Application\20.0.1132.57\libegl.dll ()
MOD - C:\Users\2nd\AppData\Local\Google\Chrome\Application\20.0.1132.57\avutil-51.dll ()
MOD - C:\Users\2nd\AppData\Local\Google\Chrome\Application\20.0.1132.57\avformat-54.dll ()
MOD - C:\Users\2nd\AppData\Local\Google\Chrome\Application\20.0.1132.57\avcodec-54.dll ()
MOD - C:\Users\2nd\AppData\Local\Google\Chrome\Application\20.0.1132.57\gcswf32.dll ()
MOD - C:\Users\2nd\AppData\Local\Google\Chrome\APPLIC~1\200113~1.57\gcswf32.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf ()
MOD - C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Symlib.dll ()
MOD - C:\Program Files (x86)\Adobe\Adobe Bridge CS5\LIBMYSQLD.dll ()
MOD - C:\Programme\ASUS\Six Engine\SixEngine.exe ()
MOD - C:\Programme\ASUS\TurboV EVO\HookKey32.dll ()
MOD - C:\Programme\ASUS\Six Engine\AsusService.dll ()
MOD - C:\Programme\ASUS\Six Engine\pngio.dll ()
MOD - C:\Programme\ASUS\Six Engine\AsSpindownTimeout.dll ()
MOD - C:\Programme\ASUS\TurboV EVO\pngio.dll ()
MOD - C:\Windows\SysWOW64\AsIO.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (LIVESRV) -- C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe (BitDefender S.R.L.)
SRV:64bit: - (VSSERV) -- C:\Program Files\BitDefender\BitDefender 2010\vsserv.exe (BitDefender S.R.L.)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (AdobeActiveFileMonitor9.0) -- D:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated)
SRV - (NAUpdate) -- C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (scan) -- C:\Programme\Common Files\BitDefender\BitDefender Threat Scanner\scan.dll (S.C. BitDefender S.R.L)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (SwitchBoard) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (DynDNS Updater) -- C:\Program Files (x86)\DynDNS Updater\DynUpSvc.exe (Dynamic Network Services, Inc.)
SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV - (Arrakis3) -- C:\Programme\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe (BitDefender S.R.L. hxxp://www.bitdefender.com)
SRV - (SandraAgentSrv) -- C:\Programme\SiSoftware\SiSoftware Sandra Professional Business 2010c\RpcAgentSrv.exe (SiSoftware)
SRV - (AsSysCtrlService) -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe (ASUSTeK Computer Inc.)
SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (IAANTMON) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (mv91xx) -- C:\Windows\SysNative\drivers\mv91xx.sys (Marvell Semiconductor, Inc.)
DRV:64bit: - (BdfNdisf) -- C:\Windows\SysNative\drivers\BdfNdisf6.sys (BitDefender LLC)
DRV:64bit: - (bdfsfltr) -- C:\Windows\SysNative\drivers\bdfsfltr.sys (BitDefender)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atipmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (BDFM) -- C:\Windows\SysNative\drivers\bdfm.sys (BitDefender S.R.L. Bucharest, ROMANIA)
DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (NEC Electronics Corporation)
DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (NEC Electronics Corporation)
DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys ()
DRV:64bit: - (VIAHdAudAddService) -- C:\Windows\SysNative\drivers\viahduaa.sys (VIA Technologies, Inc.)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
DRV:64bit: - (JRAID) -- C:\Windows\SysNative\drivers\jraid.sys (JMicron Technology Corp.)
DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ASACPI.sys ()
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (WDC_SAM) -- C:\Windows\SysNative\drivers\wdcsam64.sys (Western Digital Technologies)
DRV - (BDVEDISK) -- C:\Programme\BitDefender\BitDefender 2010\bdvedisk.sys (BitDefender)
DRV - (bdfwfpf) -- C:\Programme\Common Files\BitDefender\BitDefender Firewall\bdfwfpf.sys (BitDefender LLC)
DRV - (SANDRA) -- C:\Programme\SiSoftware\SiSoftware Sandra Professional Business 2010c\WNt500x64\sandra.sys (SiSoftware)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD21}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=1083&systemid=1&sr=0&q={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=169&systemid=406&sr=0&q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKLM\..\URLSearchHook: {937f343c-c9c2-4235-b544-7fc4da2f2594} - No CLSID value found
IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD21}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=1083&systemid=1&sr=0&q={searchTerms}
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2303923
IE - HKLM\..\SearchScopes\{C8AE1891-D19D-4385-91E0-D7B9428BC657}: "URL" = hxxp://startsear.ch/?aff=1&src=sp&cf=38fd4d11-139b-11e1-971e-aab5fafa4350&q={searchTerms}
IE - HKLM\..\SearchScopes\{C9D931A8-1CD3-4759-8B1A-4A6725610C4B}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=169&systemid=406&sr=0&q={searchTerms}
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-1476532508-3764544762-616238270-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = J:\Downloads
IE - HKU\S-1-5-21-1476532508-3764544762-616238270-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-1476532508-3764544762-616238270-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-1476532508-3764544762-616238270-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-1476532508-3764544762-616238270-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = C2 BE A2 EF A7 58 CB 01  [binary data]
IE - HKU\S-1-5-21-1476532508-3764544762-616238270-1000\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - No CLSID value found
IE - HKU\S-1-5-21-1476532508-3764544762-616238270-1000\..\URLSearchHook: {937f343c-c9c2-4235-b544-7fc4da2f2594} - No CLSID value found
IE - HKU\S-1-5-21-1476532508-3764544762-616238270-1000\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE - HKU\S-1-5-21-1476532508-3764544762-616238270-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1476532508-3764544762-616238270-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&AF=109867&babsrc=SP_ss&mntrId=f8115da1000000000000002618b0744d
IE - HKU\S-1-5-21-1476532508-3764544762-616238270-1000\..\SearchScopes\{7862071E-B3FA-41BB-A18E-3AC338D16751}: "URL" = hxxp://www.google.de/search?q={searchTerms}
IE - HKU\S-1-5-21-1476532508-3764544762-616238270-1000\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=1083&systemid=1&sr=0&q={searchTerms}
IE - HKU\S-1-5-21-1476532508-3764544762-616238270-1000\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://startsear.ch/?aff=1&src=sp&cf=38fd4d11-139b-11e1-971e-aab5fafa4350&q={searchTerms}
IE - HKU\S-1-5-21-1476532508-3764544762-616238270-1000\..\SearchScopes\{9F2BCDDF-8BC2-420C-BC28-612FFF81A334}: "URL" = hxxp://suche.web.de/search/web/?mc=hp%40suche.suche%40home&mc=hp%40suche.suche%40home&su={searchTerms}&x=37&y=6
IE - HKU\S-1-5-21-1476532508-3764544762-616238270-1000\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2303923
IE - HKU\S-1-5-21-1476532508-3764544762-616238270-1000\..\SearchScopes\{C9D931A8-1CD3-4759-8B1A-4A6725610C4B}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=169&systemid=406&sr=0&q={searchTerms}
IE - HKU\S-1-5-21-1476532508-3764544762-616238270-1000\..\SearchScopes\{D590CFFB-B341-4BC9-A6EC-ADD604F1C796}: "URL" = hxxp://search.dpreview.com/?q={searchTerms}
IE - HKU\S-1-5-21-1476532508-3764544762-616238270-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1476532508-3764544762-616238270-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=8: C:\Program Files (x86)\Google\Update\1.2.183.23\npGoogleOneClick8.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\2nd\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\2nd\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\2nd\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
 
 
 
========== Chrome  ==========
 
CHR - homepage: hxxp://search.imesh.com
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: hxxp://search.imesh.com
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\2nd\AppData\Local\Google\Chrome\Application\20.0.1132.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Disabled) = C:\Users\2nd\AppData\Local\Google\Chrome\Application\20.0.1132.57\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\2nd\AppData\Local\Google\Chrome\Application\20.0.1132.57\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\2nd\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: vShare.tv plug-in (Enabled) = C:\Users\2nd\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpionmjnkbpcdpcflammlgllecmejgjj\1.3_0\chvsharetvplg.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U29 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
CHR - plugin: Garmin Communicator Plug-In (Enabled) = C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.2.183.23\npGoogleOneClick8.dll
CHR - plugin: Google Update (Enabled) = C:\Users\2nd\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\2nd\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - Extension: Splendid = C:\Users\2nd\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdfkbdkkfmmckaadapdipihjfaacnkgd\3_0\
CHR - Extension: YouTube = C:\Users\2nd\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google-Suche = C:\Users\2nd\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: vshare plugin = C:\Users\2nd\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpionmjnkbpcdpcflammlgllecmejgjj\1.3_0\
CHR - Extension: SPIEGEL ONLINE Extension = C:\Users\2nd\AppData\Local\Google\Chrome\User Data\Default\Extensions\lcmhmkhlpcieakngfbhgjkdpgibbmboc\1.0.9_0\
CHR - Extension: Google Mail = C:\Users\2nd\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2010.06.02 23:00:09 | 000,000,854 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 activate.adobe.com
O2:64bit: - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\SnagIt 9\DLLx64\SnagItBHO64.dll (TechSmith Corporation)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\SnagIt 9\SnagItBHO.dll (TechSmith Corporation)
O2 - BHO: (Wincore Mediabar) - {28387537-e3f9-4ed7-860c-11e69af4a8a0} - C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\ToolBar\wincoreimdtx.dll File not found
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WI3C8A~1\Datamngr\ToolBar\searchqudtx.dll File not found
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
O3:64bit: - HKLM\..\Toolbar: (BitDefender Toolbar) - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2010\IEToolbar.dll (BitDefender S.R.L.)
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (Wincore Mediabar) - {28387537-e3f9-4ed7-860c-11e69af4a8a0} - C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\ToolBar\wincoreimdtx.dll File not found
O3 - HKLM\..\Toolbar: (BitDefender Toolbar) - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2010\Antispam32\IEToolbar.dll (BitDefender S.R.L.)
O3 - HKLM\..\Toolbar: (SnagIt) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\SnagIt 9\SnagItIEAddin.dll (TechSmith Corporation)
O3 - HKLM\..\Toolbar: (no name) - {937f343c-c9c2-4235-b544-7fc4da2f2594} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WI3C8A~1\Datamngr\ToolBar\searchqudtx.dll File not found
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKU\S-1-5-21-1476532508-3764544762-616238270-1000\..\Toolbar\WebBrowser: (no name) - {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No CLSID value found.
O3 - HKU\S-1-5-21-1476532508-3764544762-616238270-1000\..\Toolbar\WebBrowser: (no name) - {937F343C-C9C2-4235-B544-7FC4DA2F2594} - No CLSID value found.
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [BDAgent] C:\Program Files\BitDefender\BitDefender 2010\bdagent.exe (BitDefender S.R.L.)
O4:64bit: - HKLM..\Run: [BitDefender Antiphishing Helper] C:\Program Files\BitDefender\BitDefender 2010\IEShow.exe (BitDefender S.R.L.)
O4:64bit: - HKLM..\Run: [BitDefender Antiphishing Helper 32] C:\Program Files\BitDefender\BitDefender 2010\Antispam32\IEShow.exe (BitDefender S.R.L.)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ATICustomerCare] C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [TurboV EVO] C:\Program Files\ASUS\TurboV EVO\TurboV_EVO.exe (ASUSTeK Computer Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1476532508-3764544762-616238270-1000..\Run: [AdobeBridge] C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe (Adobe Systems, Inc.)
O4 - HKU\S-1-5-21-1476532508-3764544762-616238270-1000..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-1476532508-3764544762-616238270-1000..\Run: [gStart] C:\Program Files (x86)\Garmin\Training Center\gStart.exe (GARMIN Corp.)
O4 - HKU\S-1-5-21-1476532508-3764544762-616238270-1000..\Run: [HydraVisionDesktopManager] C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe (AMD)
O4 - HKU\S-1-5-21-1476532508-3764544762-616238270-1000..\Run: [Speech Recognition] C:\Windows\Speech\Common\sapisvr.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\2nd\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\2nd\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{57E16631-861B-4F92-B298-A3EB76C8389C}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{57E16631-861B-4F92-B298-A3EB76C8389C}: NameServer = 216.146.35.35,216.146.36.36
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\navnet - No CLSID value found
O18 - Protocol\Handler\navnet {AD6E5643-7B0C-46AA-95AD-9773FF2A857A} - C:\Program Files (x86)\NavNetApp\ComUtilities.dll (MH)
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{74ab65ee-013b-11df-89ec-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{74ab65ee-013b-11df-89ec-806e6f6e6963}\Shell\AutoRun\command - "" = I:\.\Bin\ASSETUP.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.07.30 11:24:51 | 000,597,504 | ---- | C] (OldTimer Tools) -- C:\Users\2nd\Desktop\OTL.exe
[2012.07.30 11:07:01 | 000,000,000 | ---D | C] -- C:\Users\2nd\AppData\Roaming\Malwarebytes
[2012.07.30 11:06:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.07.30 11:06:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.07.30 11:06:52 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.07.30 11:06:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.07.27 21:26:33 | 000,000,000 | ---D | C] -- C:\Users\2nd\AppData\Roaming\hellomoto
[2012.07.16 13:54:07 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012.07.16 13:54:07 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012.07.16 13:54:06 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012.07.16 13:54:06 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012.07.16 13:54:05 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012.07.16 13:54:05 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012.07.16 13:54:05 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012.07.16 13:54:05 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012.07.16 13:54:04 | 002,311,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012.07.16 13:54:04 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012.07.16 13:54:04 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012.07.16 13:54:03 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012.07.16 13:54:03 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012.07.16 12:32:06 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2012.07.04 18:33:57 | 000,000,000 | ---D | C] -- C:\Garmin
[8 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[8 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Users\2nd\Desktop\*.tmp files -> C:\Users\2nd\Desktop\*.tmp -> ]
[1 C:\Users\2nd\*.tmp files -> C:\Users\2nd\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.07.30 22:31:00 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1476532508-3764544762-616238270-1000UA1cc09a654a4e488.job
[2012.07.30 22:25:00 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1476532508-3764544762-616238270-1000UA.job
[2012.07.30 22:00:04 | 000,017,536 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.07.30 22:00:04 | 000,017,536 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.07.30 21:58:48 | 001,036,240 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.07.30 21:58:48 | 000,711,272 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.07.30 21:58:48 | 000,154,258 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.07.30 21:58:48 | 000,126,288 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.07.30 21:58:48 | 000,051,864 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.07.30 21:54:00 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.07.30 21:52:57 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.07.30 21:52:54 | 000,000,212 | ---- | M] () -- C:\Windows\tasks\AutoKMS.job
[2012.07.30 21:52:51 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.07.30 21:52:48 | 2140,442,623 | -HS- | M] () -- C:\hiberfil.sys
[2012.07.30 21:52:02 | 000,000,052 | ---- | M] () -- C:\Windows\SysNative\ashttpstats.csv
[2012.07.30 21:49:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.07.30 11:24:46 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\2nd\Desktop\OTL.exe
[2012.07.30 11:08:06 | 004,503,728 | ---- | M] () -- C:\ProgramData\zak_lo0i7g.pad
[2012.07.30 11:06:53 | 000,001,127 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.07.27 08:49:18 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012.07.27 08:49:18 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012.07.23 09:45:08 | 000,193,179 | ---- | M] () -- C:\Users\2nd\Desktop\uni.pdf
[2012.07.23 09:44:27 | 000,193,179 | ---- | M] () -- C:\Users\2nd\Desktop\FBBewerberbestaetigungAKAWiSeXII.pdf
[2012.07.18 14:31:00 | 000,001,060 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1476532508-3764544762-616238270-1000Core1cc09a65244a480.job
[2012.07.16 19:21:20 | 004,907,144 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.07.07 11:00:55 | 000,000,212 | ---- | M] () -- C:\Windows\tasks\AutoKMSDaily.job
[2012.07.03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[8 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[8 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Users\2nd\Desktop\*.tmp files -> C:\Users\2nd\Desktop\*.tmp -> ]
[1 C:\Users\2nd\*.tmp files -> C:\Users\2nd\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.07.30 11:06:53 | 000,001,127 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.07.28 10:18:38 | 004,503,728 | ---- | C] () -- C:\ProgramData\zak_lo0i7g.pad
[2012.07.23 09:45:28 | 000,193,179 | ---- | C] () -- C:\Users\2nd\Desktop\uni.pdf
[2012.07.23 09:44:38 | 000,193,179 | ---- | C] () -- C:\Users\2nd\Desktop\FBBewerberbestaetigungAKAWiSeXII.pdf
[2012.06.29 21:19:38 | 000,151,552 | ---- | C] () -- C:\Windows\KMSEmulator.exe
[2011.12.01 21:50:21 | 000,122,184 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2011.04.09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011.01.20 14:22:36 | 000,000,091 | ---- | C] () -- C:\Users\2nd\AppData\Local\fusioncache.dat
[2010.11.19 16:13:49 | 001,013,198 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010.10.13 09:37:32 | 000,000,012 | ---- | C] () -- C:\Users\2nd\AppData\Roaming\ldcpfk.dat
[2010.06.07 08:23:26 | 000,001,456 | ---- | C] () -- C:\Users\2nd\AppData\Local\Adobe Für Web speichern 12.0 Prefs
[2010.05.07 15:00:44 | 000,005,632 | ---- | C] () -- C:\Users\2nd\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.04.13 13:13:11 | 000,000,208 | ---- | C] () -- C:\Users\2nd\.jupload.properties
[2010.03.30 07:46:45 | 000,002,516 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2010.03.30 07:46:45 | 000,000,008 | RHS- | C] () -- C:\ProgramData\CDC628C5ED.sys
[2010.02.17 16:21:18 | 000,000,025 | ---- | C] () -- C:\Users\2nd\AppData\Roaming\bdfvconp.ini
[2010.01.22 22:59:57 | 000,000,068 | ---- | C] () -- C:\Users\2nd\.gtk-bookmarks
[2010.01.22 02:50:32 | 000,000,085 | -HS- | C] () -- C:\ProgramData\.zreglib
[2010.01.19 01:18:40 | 012,730,368 | ---- | C] () -- C:\ProgramData\sandra.mda
 
========== LOP Check ==========
 
[2012.02.22 21:36:17 | 000,000,000 | ---D | M] -- C:\Users\2nd\AppData\Roaming\Babylon
[2011.11.14 11:42:05 | 000,000,000 | ---D | M] -- C:\Users\2nd\AppData\Roaming\Basta Computing
[2010.03.21 11:32:11 | 000,000,000 | ---D | M] -- C:\Users\2nd\AppData\Roaming\BD_TEMP
[2010.01.14 21:12:48 | 000,000,000 | ---D | M] -- C:\Users\2nd\AppData\Roaming\BitDefender
[2010.06.05 23:31:52 | 000,000,000 | ---D | M] -- C:\Users\2nd\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010.01.22 02:42:07 | 000,000,000 | ---D | M] -- C:\Users\2nd\AppData\Roaming\DAEMON Tools Lite
[2011.11.05 10:02:05 | 000,000,000 | ---D | M] -- C:\Users\2nd\AppData\Roaming\digital publishing
[2012.07.30 21:53:13 | 000,000,000 | ---D | M] -- C:\Users\2nd\AppData\Roaming\Dropbox
[2011.10.19 11:40:44 | 000,000,000 | ---D | M] -- C:\Users\2nd\AppData\Roaming\DVDVideoSoft
[2011.09.23 22:18:04 | 000,000,000 | ---D | M] -- C:\Users\2nd\AppData\Roaming\GARMIN
[2011.02.01 00:14:51 | 000,000,000 | ---D | M] -- C:\Users\2nd\AppData\Roaming\gtk-2.0
[2012.07.27 21:26:44 | 000,000,000 | ---D | M] -- C:\Users\2nd\AppData\Roaming\hellomoto
[2011.01.11 12:56:49 | 000,000,000 | ---D | M] -- C:\Users\2nd\AppData\Roaming\mkvtoolnix
[2012.05.25 16:21:32 | 000,000,000 | ---D | M] -- C:\Users\2nd\AppData\Roaming\Mp3tag
[2010.02.15 20:41:38 | 000,000,000 | ---D | M] -- C:\Users\2nd\AppData\Roaming\MP3toiPodAudioBookConverter
[2012.02.22 21:39:26 | 000,000,000 | ---D | M] -- C:\Users\2nd\AppData\Roaming\MusicNet
[2010.03.31 12:58:12 | 000,000,000 | ---D | M] -- C:\Users\2nd\AppData\Roaming\NavNet Solutions
[2011.01.10 13:04:26 | 000,000,000 | ---D | M] -- C:\Users\2nd\AppData\Roaming\phonostar GmbH
[2010.02.15 16:23:51 | 000,000,000 | ---D | M] -- C:\Users\2nd\AppData\Roaming\PlayFirst
[2012.03.03 21:34:51 | 000,000,000 | ---D | M] -- C:\Users\2nd\AppData\Roaming\SanDisk
[2010.01.16 03:01:02 | 000,000,000 | ---D | M] -- C:\Users\2nd\AppData\Roaming\SpeedProject
[2010.07.27 21:49:36 | 000,000,000 | ---D | M] -- C:\Users\2nd\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2010.06.03 20:31:04 | 000,000,000 | ---D | M] -- C:\Users\2nd\AppData\Roaming\SteelBytes
[2010.10.28 14:17:15 | 000,000,000 | ---D | M] -- C:\Users\2nd\AppData\Roaming\SuperUtils.com
[2010.01.18 02:32:10 | 000,000,000 | ---D | M] -- C:\Users\2nd\AppData\Roaming\The Bat!
[2010.03.04 15:20:31 | 000,000,000 | ---D | M] -- C:\Users\2nd\AppData\Roaming\The Creative Assembly
[2010.02.11 12:37:00 | 000,000,000 | ---D | M] -- C:\Users\2nd\AppData\Roaming\ThumbsPlus
[2011.12.22 12:01:22 | 000,000,000 | ---D | M] -- C:\Users\2nd\AppData\Roaming\Unity
[2012.07.30 21:52:54 | 000,000,212 | ---- | M] () -- C:\Windows\Tasks\AutoKMS.job
[2012.07.07 11:00:55 | 000,000,212 | ---- | M] () -- C:\Windows\Tasks\AutoKMSDaily.job
[2012.07.06 21:24:03 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 48 bytes -> C:\Windows:D71DBE6E793714E3
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:DFC5A2B2

< End of report >

Extras.txt

Code:

ATTFilter

OTL Extras logfile created on: 30.07.2012 22:40:31 - Run 4
OTL by OldTimer - Version 3.2.55.0     Folder = C:\Users\2nd\Desktop
64bit- Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,99 Gb Total Physical Memory | 3,48 Gb Available Physical Memory | 43,50% Memory free
15,98 Gb Paging File | 11,16 Gb Available in Paging File | 69,83% Paging File free
Paging file location(s): d:\pagefile.sys 0 0 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 50,88 Gb Total Space | 5,65 Gb Free Space | 11,10% Space Free | Partition Type: NTFS
Drive D: | 68,26 Gb Total Space | 31,00 Gb Free Space | 45,41% Space Free | Partition Type: NTFS
Drive E: | 200,00 Gb Total Space | 199,73 Gb Free Space | 99,87% Space Free | Partition Type: NTFS
Drive F: | 200,00 Gb Total Space | 99,36 Gb Free Space | 49,68% Space Free | Partition Type: NTFS
Drive G: | 400,00 Gb Total Space | 181,11 Gb Free Space | 45,28% Space Free | Partition Type: NTFS
Drive I: | 267,21 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive J: | 597,26 Gb Total Space | 284,14 Gb Free Space | 47,57% Space Free | Partition Type: NTFS
 
Computer Name: 2ND-PC | User Name: 2nd | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0514CD8A-B026-424A-BFCC-C5BD32CA769E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{34685825-30A4-4A06-BEB3-24CD81A4B384}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra professional business 2010c\wnt500x64\rpcsandrasrv.exe | 
"{3DECC3F5-85F9-4AEB-B79B-AB6F43079527}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{40EBD50C-061F-4364-ACD4-EAED0367A4A2}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra professional business 2010c\wnt500x64\rpcsandrasrv.exe | 
"{5541A1CF-F361-45CB-92B6-1F3278C3A0C8}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{5FC8DB35-D192-4CAD-A823-06C71242911C}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{66C01DF3-A2AD-4700-8AB4-91B57AEAEFF9}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra professional business 2010c\wnt500x64\rpcsandrasrv.exe | 
"{6D3E8EF5-818A-4722-965C-EFAA7B5DF485}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{78A40B3D-54A7-4358-8311-B4633072F935}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra professional business 2010c\wnt500x64\rpcsandrasrv.exe | 
"{7B5E9A2E-3398-43F6-A2CF-3316BC37E592}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{7C26D9C4-75CC-4A44-A3B6-7876B7F3C6E7}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe | 
"{7F26EFF5-6F08-4F6C-9B05-03E12DE8573E}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra professional business 2010c\wnt500x64\rpcsandrasrv.exe | 
"{80FFD376-DE2A-4252-B828-F341BEE389F9}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra professional business 2010c\rpcagentsrv.exe | 
"{8551A110-4A2F-4520-B326-55F9532641CD}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra professional business 2010c\wnt500x64\rpcsandrasrv.exe | 
"{909CBFB1-F835-41C1-9569-BFAECA18147D}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra professional business 2010c\wnt500x64\rpcsandrasrv.exe | 
"{B579790A-790E-4D7A-80CD-9122890CF1C9}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{C070FFB6-5D06-4C33-9922-FC6D1093FE8E}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{C189CB9C-C00E-4C3D-84D0-615D28428526}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{C903F219-CD0F-43A1-928A-4B4F988F37A3}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe | 
"{CD318F03-F85C-476F-906A-3D83ED9C9697}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra professional business 2010c\wnt500x64\rpcsandrasrv.exe | 
"{EF49AB77-0367-4554-9746-0D1BCABB3D41}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{EFB8F887-3243-40E9-A0B7-04E2A919C33F}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{007B6D72-A548-4246-9574-45E6F5ABFD7D}" = protocol=6 | dir=in | app=f:\call of duty 4 - modern warfare\iw3mp.exe | 
"{022C6CB3-95CC-4AAB-A5C0-5E3CDB8AC4B8}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{0522CDB8-3F31-49D9-B634-82E257D527F0}" = protocol=6 | dir=in | app=f:\sega\vancouver 2010\vancouver.exe | 
"{068BD55B-F00C-4734-89B6-31AA35E0F620}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{07070B9C-4651-4AC4-BA04-1CE137D8D768}" = protocol=1 | dir=in | app=c:\program files\sisoftware\sisoftware sandra professional business 2010c\wnt500x64\rpcsandrasrv.exe | 
"{07820B21-D244-4027-AA45-5C705FF4DB46}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{09181D24-5F35-4270-94B9-31A68B81736F}" = protocol=17 | dir=in | app=c:\program files (x86)\imesh applications\imesh\imesh.exe | 
"{0C0CCCBF-60BA-4439-BD4E-71EA5F068DE1}" = protocol=17 | dir=in | app=c:\users\2nd\appdata\roaming\dropbox\bin\dropbox.exe | 
"{113BCA9E-1C34-498F-B3FD-CA32EDB8C609}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{18959973-F4E6-4CBF-BC44-1B914E925294}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{1C606D60-9536-4B80-9506-13A04F44961F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{212CFB85-A1A5-4CBA-8483-584EBC13E634}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{2C54BFEC-EA97-4F37-AC34-5ADA2459D58B}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{2EC65984-9721-46EF-A992-A8FCE9D7494B}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe | 
"{34E44FF1-08A2-4CA0-9268-A1CAE2C8F35C}" = protocol=17 | dir=in | app=f:\call of duty - world at war\codwaw.exe | 
"{39D33C33-547C-4796-98F1-622437616C1A}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe | 
"{3C3CD2D6-40BA-45AA-8208-D5677CC205B6}" = protocol=6 | dir=in | app=c:\users\2nd\downloads\sweetimsetup.exe | 
"{3C94A017-C71C-4487-8F91-07F2FCC1C095}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{3D3462E3-9CB9-4A70-914A-4277FE1B678E}" = protocol=6 | dir=in | app=c:\users\2nd\appdata\roaming\dropbox\bin\dropbox.exe | 
"{3D7A7723-6B46-4E1A-B1E0-AAA70B4B518F}" = protocol=6 | dir=in | app=f:\call of duty - world at war\codwawmp.exe | 
"{439018D5-37F0-4410-A763-B8011D39A09F}" = protocol=17 | dir=in | app=f:\call of duty - world at war\codwawmp.exe | 
"{44E052D4-5F60-492E-B6AE-529C3FDE9374}" = protocol=17 | dir=in | app=f:\sega\vancouver 2010\vancouver.exe | 
"{49315E34-C2E5-4881-BDBC-DD695473CBB2}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{4D0B905B-2908-4F80-AFD7-FD03CAE99641}" = protocol=17 | dir=in | app=c:\program files (x86)\imesh applications\imesh\imesh.exe | 
"{51011D1F-B026-4410-B42F-887AB50199DE}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{5F565A90-97E9-4027-BAAF-644A01D32170}" = protocol=1 | dir=in | app=c:\program files\sisoftware\sisoftware sandra professional business 2010c\wnt500x64\rpcsandrasrv.exe | 
"{628A945F-B557-4A76-B02C-3AF5A7106444}" = protocol=1 | dir=in | app=c:\program files\sisoftware\sisoftware sandra professional business 2010c\wnt500x64\rpcsandrasrv.exe | 
"{66EB62DD-2D32-42D9-B4E0-7279467F8088}" = protocol=6 | dir=out | app=system | 
"{6D45FBD2-79DE-41F2-AE50-001273FD8948}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{6E3444E5-73DC-451B-8598-AADE38684888}" = protocol=6 | dir=in | app=c:\users\2nd\downloads\sweetimsetup (1).exe | 
"{75A3FF41-A950-402D-82DD-5073C84ADFFE}" = protocol=6 | dir=in | app=c:\program files (x86)\imesh applications\imesh\imesh.exe | 
"{770007F1-A07A-437F-A09F-02A0683F7AD7}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{78AA767D-58D7-4270-BE21-9563EB976821}" = protocol=17 | dir=in | app=c:\users\2nd\downloads\sweetimsetup.exe | 
"{7FE0A6FD-655F-4F30-973D-B9326C31B15D}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{843BC80F-6394-4878-BF40-3ED71E74267C}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{937F2054-E1E6-46C2-B948-E495CAA5D564}" = protocol=6 | dir=in | app=f:\race driver - grid\grid.exe | 
"{9A239344-6D3B-4529-9233-E29176AB7080}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | 
"{9BBE2A90-A427-4A29-9200-03AF842AB978}" = protocol=1 | dir=in | app=c:\program files\sisoftware\sisoftware sandra professional business 2010c\wnt500x64\rpcsandrasrv.exe | 
"{AA55F780-CAB0-4E46-8A59-F788460AFE6D}" = protocol=1 | dir=in | app=c:\program files\sisoftware\sisoftware sandra professional business 2010c\wnt500x64\rpcsandrasrv.exe | 
"{B2E25E17-0640-493B-B799-B1AF71D4E145}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{B33E2A1D-8F85-4E6B-9948-659E0AD25DEA}" = protocol=6 | dir=in | app=c:\program files (x86)\imesh applications\imesh\imesh.exe | 
"{B81C2611-DD12-4445-B67E-7713364EBA66}" = protocol=6 | dir=in | app=c:\program files (x86)\windows ilivid toolbar\datamngr\toolbar\dtuser.exe | 
"{BBE95D7A-2BBC-4876-9983-D306ED3FFB60}" = protocol=1 | dir=in | app=c:\program files\sisoftware\sisoftware sandra professional business 2010c\wnt500x64\rpcsandrasrv.exe | 
"{C3CF6698-8F8D-4F64-BBFE-A94A63EC213F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{CA6CA328-ABDC-4FD2-9D2F-EC1FDE417A67}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{CC321B08-003E-4BF9-B7DE-D6148D93F6D6}" = protocol=17 | dir=in | app=c:\users\2nd\downloads\sweetimsetup (1).exe | 
"{CD352FB7-9F26-4B3C-B33B-DA8267DF1243}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{CF28923C-E6B7-4423-A328-6776C205F5B7}" = protocol=1 | dir=in | app=c:\program files\sisoftware\sisoftware sandra professional business 2010c\rpcagentsrv.exe | 
"{D0D05EB8-6F4D-4037-B4CC-C21A132144C0}" = protocol=17 | dir=in | app=c:\program files (x86)\windows ilivid toolbar\datamngr\toolbar\dtuser.exe | 
"{D1270FBC-0E8A-4BE0-81F4-230498978671}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{D4BDC05F-9A33-493D-B86E-519C50E5991F}" = protocol=17 | dir=in | app=f:\call of duty 4 - modern warfare\iw3mp.exe | 
"{D9047E30-0FC9-41C2-A111-A193E67BF5B5}" = protocol=1 | dir=in | app=c:\program files\sisoftware\sisoftware sandra professional business 2010c\wnt500x64\rpcsandrasrv.exe | 
"{DA21084D-5377-489B-B682-F5FFB32DD969}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{DCFA6A6C-B61C-4AAB-9E8F-F0F3C3D0DDD0}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{E1C5FB94-B164-4031-8882-4025ED722C3F}" = protocol=6 | dir=in | app=f:\call of duty - world at war\codwaw.exe | 
"{E2FD0E12-89A3-4997-B69D-624029CA237F}" = protocol=1 | dir=in | app=c:\program files\sisoftware\sisoftware sandra professional business 2010c\wnt500x64\rpcsandrasrv.exe | 
"{E6727C34-DDD7-432F-B88E-BB3A25A56843}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{E9E046C8-B620-4F37-999F-464C7432DCA1}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{F9AB33A3-0D14-4590-AA03-14F239185F83}" = protocol=17 | dir=in | app=f:\race driver - grid\grid.exe | 
"{FDE417FA-3F6F-45AB-8751-1F2384FEF411}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1895A08A-0DEC-4855-B1F4-1B95FB39901B}" = BitDefender Total Security 2010
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{41BC9E31-0D39-462E-8E4C-767B21A3B1C3}" = MobileMe Control Panel
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4C315AA1-CD49-F046-0166-90D2DAE156DB}" = ATI AVIVO64 Codecs
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{956C3A74-CC73-4951-6FB7-1E484B0ABF85}" = ccc-utility64
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}" = Apple Mobile Device Support
"{BF7810F5-8413-09CF-FC2B-594AAEFF0CBE}" = ATI Problem Report Wizard
"{C3113E55-7BCB-4de3-8EBF-60E6CE6B2296}_is1" = SiSoftware Sandra Professional Business 2010c
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{CF8FFD12-602B-422D-AF1D-511B411E7632}" = iTunes
"{D1829BE5-F305-4576-9593-C66FC7E0B008}" = iCloud
"{ED49426D-A15D-D7E0-DF56-3AC844CEDF8E}" = ATI Catalyst Install Manager
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"49CF605F02C7954F4E139D18828DE298CD59217C" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (06/03/2009 2.3.0.0)
"CANONIJINBOXADDON100" = Canon Inkjet Printer Driver Add-On Module
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"SpeedCommander 13 (x64)" = SpeedCommander 13 (x64)
"WinRAR archiver" = WinRAR 4.00 beta 3 (64-bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0138F525-6C8A-333F-A105-14AE030B9A54}" = Visual C++ 9.0 CRT (x86) WinSXS MSM
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{07A8ED9E-B98E-437F-B750-241B412BE924}" = Garmin USB Drivers
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{217254AD-7DC2-8E55-B0AA-DF40293E2568}" = Catalyst Control Center Graphics Full Existing
"{2319A25C-57C8-148A-B89E-963B691F80AB}" = CCC Help Hungarian
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{25175695-4B20-4298-9F34-C2C57CD277B3}" = Elements STI Installer
"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java(TM) 6 Update 29
"{2E1A71D5-7897-4F3F-B0E3-B412C86A646D}" = Need for Speed™ ProStreet
"{2EAF7E61-068E-11DF-953C-005056806466}" = Google Earth
"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = JMicron JMB36X Driver
"{3B19CE3D-C4D3-A873-C5DB-11349E0B62DF}" = HydraVision
"{433EACD8-4747-4A6A-826A-FFA9F39B0D40}" = Elements 9 Organizer
"{462E2065-E54B-4CFD-87A2-BAE82EEFACD1}" = Catalyst Control Center Core Implementation
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{46D1B803-63C8-B1F7-F803-2CABFF3BADD3}" = CCC Help French
"{491D92A9-69CA-4EB4-81D3-0106F9337957}" = TurboV EVO
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4BBDC0E5-6457-CDB9-F1C4-C79321D448AA}" = CCC Help Portuguese
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{510D2239-6C2E-457B-9590-485EC552D94D}" = Garmin USB Drivers
"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
"{555868C6-49FB-484F-BB43-8980651A1B00}" = Nero BurnRights 10 Help (CHM)
"{557EDA52-5803-C91F-A0A5-635317063D8D}" = Catalyst Control Center Graphics Full New
"{56B83336-FBC1-4C46-8613-90A9E3B440D6}" = EPU-6 Engine
"{587178E7-B1DF-494E-9838-FA4DD36E873C}" = ASUSUpdate
"{5A0B7BA5-4682-4273-81C2-69B17E649103}" = GRID
"{5A9A2B89-58BC-DFB9-CF7F-1127A26A6D1D}" = CCC Help Spanish
"{5DB65884-C963-4454-AABA-4CA3089281FA}" = NVIDIA PhysX
"{6291FC10-FDF0-4022-A1A5-710C728D49C2}" = Vancouver 2010
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{65A7D970-7915-4311-E3CC-08745BDF6A66}" = CCC Help English
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{6748E773-5DA0-4D19-8AA5-273B4133A09B}" = SmartSound Quicktracks for Premiere Elements 9.0
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6AC06152-AD39-D387-6D3B-2A4D0556F207}" = Catalyst Control Center Graphics Previews Common
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser und SDK
"{7222FE15-CEDA-9142-A488-CB4AA559F7F9}" = Catalyst Control Center Graphics Previews Vista
"{72736F5F-520D-472A-88CC-7B02872FD34E}" = ATI Catalyst Registration
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78D8028B-D2BA-A3B9-2EA8-D30F25E3F87F}" = ccc-core-static
"{7A5D731D-B4B3-490E-B339-75685712BAAB}" = Nero Burning ROM 10
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7D542452-84EB-47C0-97BA-735C523AB555}" = Garmin Training Center
"{7E06305E-6E2C-EBFA-69E9-782891EF06EF}" = Catalyst Control Center Localization All
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{87BB78C4-F36D-4D93-A7C7-F80F18219848}" = AMD DnD V1.0.19
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver
"{8ACC73AA-6511-7C55-B1A9-8E5D1DEAFAA3}" = The Lord of the Rings FREE Trial 
"{8D7133DE-27D2-47E5-B248-4180278D32AA}" = Catalyst Control Center - Branding
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90DA7F39-B9D4-4FB1-93A0-6B10F83E35E2}" = Wer Wird Millionär? Party Edition
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{934DE9F7-7498-0FC4-FC6A-166097F218F4}" = CCC Help Italian
"{943CFD7D-5336-47AF-9418-E02473A5A517}" = Nero BurnRights 10
"{9527A496-5DF9-412A-ADC7-168BA5379CA6}" = Microsoft Flight Simulator X
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B6B24BE-80E7-46C4-9FA5-B167D5E0F345}" = Nero BurningROM 10 Help (CHM)
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-A92000000001}" = Adobe Reader 9.2 - Deutsch
"{ADDD6985-3A28-44D0-A1BA-FDD19A820491}" = SnagIt 9
"{AFBAB9A0-DDE8-49AE-8C17-A01B61BEE64B}" = Garmin MapSource
"{B39177F9-269D-4A9B-82F2-7A48589CCCEF}" = Garmin WebUpdater
"{B7E797F4-2642-BEF9-055B-13B930C9D665}" = CCC Help German
"{B9E848B3-A64D-4005-8DA1-DC3981C902A8}_is1" = NavNet
"{BBAB6D5D-1DD4-4D46-B5D9-121DCAB17DEC}" = Battlestations: Pacific
"{BBF0A67B-5DBA-452F-9D2E-6F168BC226E4}" = Need for Speed™ SHIFT
"{C139A440-9691-AB3C-8AFB-F8FCAC960014}" = CCC Help Polish
"{C3A5A0C9-5DBE-7A06-1285-D00F21E19FCF}" = Catalyst Control Center Graphics Light
"{C7DD94A8-F775-426C-B56C-8E555A59F9E2}" = Garmin Communicator Plugin
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC53FB29-E042-1744-2D35-DE2A100B6210}" = CCC Help Greek
"{CF42DBD4-99DC-4DC4-B839-AA2E089C5F5F}" = The Bat! Professional v4.2.18
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver
"{D80A6A73-E58A-4673-AFF5-F12D7110661F}" = Call of Duty(R) - World at War(TM)
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EB9955F8-467C-47FC-90F8-12CD5DF684C3}" = Adobe Premiere Elements 9
"{EE531675-A09C-51DD-F356-ECA9D6857039}" = Adobe Community Help
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
"{F2AF3E5D-9697-485C-A5AC-E2B9468C446A}" = Safari
"{FE2188AD-BDFA-AC75-F326-86043F06B48F}" = Catalyst Control Center HydraVision Full
"{FE83F463-7E61-4B18-9FA0-B94B90A0B6B9}" = Nero Burning ROM 10
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AVS Screen Capture_is1" = AVS Screen Capture version 2.0.1
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS Video Editor_is1" = AVS Video Editor 6
"AVS Video Recorder_is1" = AVS Video Recorder 2.4
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.4
"AVS4YOU Video Converter 7_is1" = AVS Video Converter 8
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"CrystalDiskInfo_is1" = CrystalDiskInfo 3.3.0
"dradio-Recorder_is1" = dradio-Recorder Version 3.02.0
"DynDNSUpdater" = DynDNS Updater
"EADM" = EA Download Manager
"ExifCleaner" = ExifCleaner 1.4
"FUSSBALL MANAGER 10" = FUSSBALL MANAGER 10
"Gtk+ Runtime Environment" = Gtk+ Runtime Environment 2.12.9-2
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Plattform-Geräte-Manager
"InstallShield_{6748E773-5DA0-4D19-8AA5-273B4133A09B}" = SmartSound Quicktracks for Premiere Elements 9.0
"InstallShield_{9527A496-5DF9-412A-ADC7-168BA5379CA6}" = Microsoft Flight Simulator X
"InstallShield_{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver
"InstallShield_{D80A6A73-E58A-4673-AFF5-F12D7110661F}" = Call of Duty(R) - World at War(TM)
"InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"ISRS1_15_676867" = Interaktive Sprachreise - Español Sprachkurs 1
"JDownloader" = JDownloader
"MagniDriver" = marvell 91xx driver
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"MediaInfo" = MediaInfo 0.7.41 (32-bit)
"MKVtoolnix" = MKVtoolnix 4.4.0
"Mp3tag" = Mp3tag v2.49b
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"OpenAL" = OpenAL
"oZone3D.Net FurMark_is1" = oZone3D.Net FurMark v1.7.0
"PremElem90" = Adobe Premiere Elements 9
"Pro Pinball : Big Race USA" = Pro Pinball : Big Race USA
"Pro Pinball : Fantastic Journey" = Pro Pinball : Fantastic Journey
"Pro Pinball : Timeshock!" = Pro Pinball : Timeshock!
"PunkBusterSvc" = PunkBuster Services
"SopCast" = SopCast 3.4.0
"Suche_Deutschland Toolbar" = Suche Deutschland Toolbar
"TVAnts 1.0" = TVAnts 1.0
"VLC media player" = VLC media player 1.0.3
"vShare.tv plugin" = vShare.tv plugin 1.3
"VTS_15_676872" = Interaktive Sprachreise - Español Vokabeltrainer
"WaveLabPro" = WaveLab 6
"Wincmd" = Windows Commander (Remove or Repair)
"Windows Searchqu Toolbar" = Windows iLivid Toolbar
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-1476532508-3764544762-616238270-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 18.07.2012 12:44:14 | Computer Name = 2nd-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "c:\program files
 (x86)\dradio-recorder\phonostar.exe". Fehler in  Manifest- oder Richtliniendatei 
"" in Zeile .  Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt
 mit  einer anderen, bereits aktiven Komponentenversion.  In Konflikt stehende Komponenten:.
Komponente
 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.
 
Error - 20.07.2012 12:51:14 | Computer Name = 2nd-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "c:\program files
 (x86)\dradio-recorder\phonostar.exe". Fehler in  Manifest- oder Richtliniendatei 
"" in Zeile .  Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt
 mit  einer anderen, bereits aktiven Komponentenversion.  In Konflikt stehende Komponenten:.
Komponente
 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.
 
Error - 23.07.2012 03:54:48 | Computer Name = 2nd-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: chrome.exe, Version: 20.0.1132.57,
 Zeitstempel: 0x4ffb8830  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00000001  ID des fehlerhaften
 Prozesses: 0x16c8  Startzeit der fehlerhaften Anwendung: 0x01cd68a86727c740  Pfad der
 fehlerhaften Anwendung: C:\Users\2nd\AppData\Local\Google\Chrome\Application\chrome.exe
Pfad
 des fehlerhaften Moduls: unknown  Berichtskennung: ac195d02-d49b-11e1-81be-ea78f2b07527
 
Error - 23.07.2012 03:54:48 | Computer Name = 2nd-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: chrome.exe, Version: 20.0.1132.57,
 Zeitstempel: 0x4ffb8830  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000096  Fehleroffset: 0x03a5e714  ID des fehlerhaften
 Prozesses: 0x16c8  Startzeit der fehlerhaften Anwendung: 0x01cd68a86727c740  Pfad der
 fehlerhaften Anwendung: C:\Users\2nd\AppData\Local\Google\Chrome\Application\chrome.exe
Pfad
 des fehlerhaften Moduls: unknown  Berichtskennung: aca0b651-d49b-11e1-81be-ea78f2b07527
 
Error - 23.07.2012 03:54:48 | Computer Name = 2nd-PC | Source = Application Error | ID = 1005
Description = Aus einem der folgenden Gründe kann nicht auf die Datei "" zugegriffen
 werden:  Es besteht ein Problem mit der Netzwerkverbindung, dem Datenträger mit der
 gespeicherten Datei bzw. den auf dem Computer installierten  Speichertreibern, oder
 der Datenträger fehlt.  Das Programm Google Chrome wurde wegen dieses Fehlers geschlossen.

Programm:
 Google Chrome  Datei:     Der Fehlerwert ist im Abschnitt "Zusätzliche Dateien" aufgelistet.
Benutzeraktion
1.
 Öffnen Sie die Datei erneut.  Diese Situation ist eventuell ein temporäres Problem,
 das selbstständig behoben wird, wenn das Programm erneut ausgeführt wird.  2.  Wenn
 Sie weiterhin nicht auf die Datei zugreifen können und   - diese sich im Netzwerk 
befindet,   dann sollte der Netzwerkadministrator überprüfen, dass kein Netzwerkproblem
 besteht und dass eine Verbindung mit dem Server hergestellt werden kann.   - diese
 sich auf einem Wechseldatenträger, wie z. B. einer Diskette oder einer CD, befindet,
 überprüfen Sie, ob der Datenträger richtig in den Computer eingelegt ist.  3. Überprüfen
 und reparieren Sie das Dateisystem, indem Sie CHKDSK ausführen. Klicken Sie dazu
 im Menü "Start" auf "Ausführen", geben Sie CMD ein, und klicken Sie auf "OK". Geben
 Sie an der Eingabeaufforderung CHKDSK /F ein, und drücken Sie die EINGABETASTE.
4.
 Stellen Sie die Datei von einer Sicherungskopie wieder her, wenn das Problem weiterhin
 besteht.  5. Überprüfen Sie, ob andere Dateien auf demselben Datenträger geöffnet
 werden können. Falls dies nicht möglich ist, ist der Datenträger eventuell beschädigt.
   Wenden Sie sich an den Administrator oder den Hersteller der Computerhardware, 
um weitere Unterstützung zu erhalten, wenn es sich um eine Festplatte handelt.    Zusätzliche
 Daten  Fehlerwert: 00000000  Datenträgertyp: 0
 
Error - 23.07.2012 04:26:46 | Computer Name = 2nd-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: AcroRd32.exe, Version: 9.2.0.124,
 Zeitstempel: 0x4ac7307c  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00000001  ID des fehlerhaften
 Prozesses: 0x10e0  Startzeit der fehlerhaften Anwendung: 0x01cd68aca9670b32  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
Pfad
 des fehlerhaften Moduls: unknown  Berichtskennung: 23d98811-d4a0-11e1-ac0b-870b940c7b26
 
Error - 27.07.2012 04:57:55 | Computer Name = 2nd-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "c:\program files
 (x86)\dradio-recorder\phonostar.exe". Fehler in  Manifest- oder Richtliniendatei 
"" in Zeile .  Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt
 mit  einer anderen, bereits aktiven Komponentenversion.  In Konflikt stehende Komponenten:.
Komponente
 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.
 
Error - 28.07.2012 03:53:09 | Computer Name = 2nd-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: chrome.exe, Version: 20.0.1132.57,
 Zeitstempel: 0x4ffb8830  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00000000  ID des fehlerhaften
 Prozesses: 0x17b4  Startzeit der fehlerhaften Anwendung: 0x01cd6c960662be45  Pfad der
 fehlerhaften Anwendung: C:\Users\2nd\AppData\Local\Google\Chrome\Application\chrome.exe
Pfad
 des fehlerhaften Moduls: unknown  Berichtskennung: 45890606-d889-11e1-b65f-d22a98890324
 
Error - 28.07.2012 04:20:30 | Computer Name = 2nd-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: SnagIt32.exe, Version: 9.0.2.9, Zeitstempel:
 0x48d72904  Name des fehlerhaften Moduls: SnagIt32.exe, Version: 9.0.2.9, Zeitstempel:
 0x48d72904  Ausnahmecode: 0xc0000005  Fehleroffset: 0x000fc8d2  ID des fehlerhaften Prozesses:
 0x1048  Startzeit der fehlerhaften Anwendung: 0x01cd6c946ac00a9b  Pfad der fehlerhaften
 Anwendung: C:\Program Files (x86)\TechSmith\SnagIt 9\SnagIt32.exe  Pfad des fehlerhaften
 Moduls: C:\Program Files (x86)\TechSmith\SnagIt 9\SnagIt32.exe  Berichtskennung: 
174641c4-d88d-11e1-b65f-d22a98890324
 
Error - 30.07.2012 05:10:50 | Computer Name = 2nd-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 9.0.8112.16447,
 Zeitstempel: 0x4fc9cd53  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00000000  ID des fehlerhaften
 Prozesses: 0xce8  Startzeit der fehlerhaften Anwendung: 0x01cd6e32911fab68  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Internet Explorer\iexplore.exe  Pfad
 des fehlerhaften Moduls: unknown  Berichtskennung: 74500365-da26-11e1-9f5b-ec5e8a1d708f
 
[ Media Center Events ]
Error - 16.06.2010 09:43:25 | Computer Name = 2nd-PC | Source = MCUpdate | ID = 0
Description = 15:43:22 - Fehler beim Herstellen der Internetverbindung.  15:43:22 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 10.07.2010 16:24:17 | Computer Name = 2nd-PC | Source = MCUpdate | ID = 0
Description = 22:24:17 - Fehler beim Herstellen der Internetverbindung.  22:24:17 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 10.07.2010 16:24:24 | Computer Name = 2nd-PC | Source = MCUpdate | ID = 0
Description = 22:24:22 - Fehler beim Herstellen der Internetverbindung.  22:24:22 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 16.07.2010 09:49:31 | Computer Name = 2nd-PC | Source = MCUpdate | ID = 0
Description = 15:49:27 - Fehler beim Herstellen der Internetverbindung.  15:49:27 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 22.07.2010 03:42:36 | Computer Name = 2nd-PC | Source = MCUpdate | ID = 0
Description = 09:42:33 - Fehler beim Herstellen der Internetverbindung.  09:42:33 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 01.08.2010 03:32:47 | Computer Name = 2nd-PC | Source = MCUpdate | ID = 0
Description = 09:32:44 - Fehler beim Herstellen der Internetverbindung.  09:32:44 
-     Serververbindung konnte nicht hergestellt werden..  
 
[ System Events ]
Error - 30.07.2012 05:06:03 | Computer Name = 2nd-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Google Update Service (gupdate)" wurde aufgrund folgenden
 Fehlers nicht gestartet:   %%1053
 
Error - 30.07.2012 05:12:15 | Computer Name = 2nd-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Google Update Service (gupdate) erreicht.
 
Error - 30.07.2012 05:12:15 | Computer Name = 2nd-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Google Update Service (gupdate)" wurde aufgrund folgenden
 Fehlers nicht gestartet:   %%1053
 
Error - 30.07.2012 05:16:09 | Computer Name = 2nd-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Google Update Service (gupdate) erreicht.
 
Error - 30.07.2012 05:16:09 | Computer Name = 2nd-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Google Update Service (gupdate)" wurde aufgrund folgenden
 Fehlers nicht gestartet:   %%1053
 
Error - 30.07.2012 05:25:35 | Computer Name = 2nd-PC | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
 nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
 
Error - 30.07.2012 15:02:54 | Computer Name = 2nd-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Google Update Service (gupdate) erreicht.
 
Error - 30.07.2012 15:02:54 | Computer Name = 2nd-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Google Update Service (gupdate)" wurde aufgrund folgenden
 Fehlers nicht gestartet:   %%1053
 
Error - 30.07.2012 15:52:54 | Computer Name = 2nd-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Google Update Service (gupdate) erreicht.
 
Error - 30.07.2012 15:52:54 | Computer Name = 2nd-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Google Update Service (gupdate)" wurde aufgrund folgenden
 Fehlers nicht gestartet:   %%1053
 
 
< End of report >

t'john · 30.07.2012, 22:54

Fixen mit OTL

Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).

Deaktiviere etwaige Virenscanner wie Avira, Kaspersky etc.
Starte die OTL.exe.
Vista- und Windows 7-User starten mit Rechtsklick auf das Programm-Icon und wählen "Als Administrator ausführen".
Kopiere folgendes Skript in das Textfeld unterhalb von Benuterdefinierte Scans/Fixes:

Code:

ATTFilter

:OTL
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD21} 
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC 
IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=1083&systemid=1&sr=0&q={searchTerms} 
IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=169&systemid=406&sr=0&q={searchTerms} 
IE - HKLM\..\URLSearchHook: {937f343c-c9c2-4235-b544-7fc4da2f2594} - No CLSID value found 
IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD21} 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC 
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=1083&systemid=1&sr=0&q={searchTerms} 
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2303923 
IE - HKLM\..\SearchScopes\{C8AE1891-D19D-4385-91E0-D7B9428BC657}: "URL" = http://startsear.ch/?aff=1&src=sp&cf=38fd4d11-139b-11e1-971e-aab5fafa4350&q={searchTerms} 
IE - HKLM\..\SearchScopes\{C9D931A8-1CD3-4759-8B1A-4A6725610C4B}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=169&systemid=406&sr=0&q={searchTerms} 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 
IE - HKU\S-1-5-21-1476532508-3764544762-616238270-1000\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - No CLSID value found 
IE - HKU\S-1-5-21-1476532508-3764544762-616238270-1000\..\URLSearchHook: {937f343c-c9c2-4235-b544-7fc4da2f2594} - No CLSID value found 
IE - HKU\S-1-5-21-1476532508-3764544762-616238270-1000\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} 
IE - HKU\S-1-5-21-1476532508-3764544762-616238270-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC 
IE - HKU\S-1-5-21-1476532508-3764544762-616238270-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&AF=109867&babsrc=SP_ss&mntrId=f8115da1000000000000002618b0744d 
IE - HKU\S-1-5-21-1476532508-3764544762-616238270-1000\..\SearchScopes\{7862071E-B3FA-41BB-A18E-3AC338D16751}: "URL" = http://www.google.de/search?q={searchTerms} 
IE - HKU\S-1-5-21-1476532508-3764544762-616238270-1000\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=1083&systemid=1&sr=0&q={searchTerms} 
IE - HKU\S-1-5-21-1476532508-3764544762-616238270-1000\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://startsear.ch/?aff=1&src=sp&cf=38fd4d11-139b-11e1-971e-aab5fafa4350&q={searchTerms} 
IE - HKU\S-1-5-21-1476532508-3764544762-616238270-1000\..\SearchScopes\{9F2BCDDF-8BC2-420C-BC28-612FFF81A334}: "URL" = http://suche.web.de/search/web/?mc=hp%40suche.suche%40home&mc=hp%40suche.suche%40home&su={searchTerms}&x=37&y=6 
IE - HKU\S-1-5-21-1476532508-3764544762-616238270-1000\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2303923 
IE - HKU\S-1-5-21-1476532508-3764544762-616238270-1000\..\SearchScopes\{C9D931A8-1CD3-4759-8B1A-4A6725610C4B}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=169&systemid=406&sr=0&q={searchTerms} 
IE - HKU\S-1-5-21-1476532508-3764544762-616238270-1000\..\SearchScopes\{D590CFFB-B341-4BC9-A6EC-ADD604F1C796}: "URL" = http://search.dpreview.com/?q={searchTerms} 
IE - HKU\S-1-5-21-1476532508-3764544762-616238270-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 
IE - HKU\S-1-5-21-1476532508-3764544762-616238270-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local 
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found 
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\2nd\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) 
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\2nd\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) 
O2 - BHO: (Wincore Mediabar) - {28387537-e3f9-4ed7-860c-11e69af4a8a0} - C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\ToolBar\wincoreimdtx.dll File not found 
O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WI3C8A~1\Datamngr\ToolBar\searchqudtx.dll File not found 
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. 
O3 - HKLM\..\Toolbar: (Wincore Mediabar) - {28387537-e3f9-4ed7-860c-11e69af4a8a0} - C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\ToolBar\wincoreimdtx.dll File not found 
O3 - HKLM\..\Toolbar: (no name) - {937f343c-c9c2-4235-b544-7fc4da2f2594} - No CLSID value found. 
O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WI3C8A~1\Datamngr\ToolBar\searchqudtx.dll File not found 
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. 
O3 - HKU\S-1-5-21-1476532508-3764544762-616238270-1000\..\Toolbar\WebBrowser: (no name) - {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No CLSID value found. 
O3 - HKU\S-1-5-21-1476532508-3764544762-616238270-1000\..\Toolbar\WebBrowser: (no name) - {937F343C-C9C2-4235-B544-7FC4DA2F2594} - No CLSID value found. 
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) 
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found 
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000 File not found 
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found 
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000 File not found 
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found 
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) 
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found 
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found 
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. 
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. 
O32 - HKLM CDRom: AutoRun - 1 
O33 - MountPoints2\{74ab65ee-013b-11df-89ec-806e6f6e6963}\Shell - "" = AutoRun 
O33 - MountPoints2\{74ab65ee-013b-11df-89ec-806e6f6e6963}\Shell\AutoRun\command - "" = I:\.\Bin\ASSETUP.exe 
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] 
[2012.07.30 11:08:06 | 004,503,728 | ---- | M] () -- C:\ProgramData\zak_lo0i7g.pad 

@Alternate Data Stream - 48 bytes -> C:\Windows:D71DBE6E793714E3 
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:DFC5A2B2 
 
[2012.07.27 21:26:33 | 000,000,000 | ---D | C] -- C:\Users\2nd\AppData\Roaming\hellomoto 
[2012.07.30 22:31:00 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1476532508-3764544762-616238270-1000UA1cc09a654a4e488.job 
[2012.07.30 22:25:00 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1476532508-3764544762-616238270-1000UA.job 
[2012.07.30 21:54:00 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job 
[2012.07.30 21:52:57 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job 
[2012.07.30 21:52:54 | 000,000,212 | ---- | M] () -- C:\Windows\tasks\AutoKMS.job 
 
[2012.07.30 21:49:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job 
[2012.07.18 14:31:00 | 000,001,060 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1476532508-3764544762-616238270-1000Core1cc09a65244a480.job 
[2012.07.07 11:00:55 | 000,000,212 | ---- | M] () -- C:\Windows\tasks\AutoKMSDaily.job 
[2012.02.22 21:36:17 | 000,000,000 | ---D | M] -- C:\Users\2nd\AppData\Roaming\Babylon 
:Files
C:\Users\2nd\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.lnk
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[emptyflash]

Schließe alle Programme.
Klicke auf den Fix Button.
Wenn OTL einen Neustart verlangt, bitte zulassen.
Kopiere den Inhalt des Logfiles hier in Code-Tags in Deinen Thread.
Nachträglich kannst Du das Logfile hier einsehen => C:\_OTL\MovedFiles\<datum_nummer.log>

Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!

Serti · 31.07.2012, 10:41

Nächster Schritt

Code:

ATTFilter

All processes killed
========== OTL ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{937f343c-c9c2-4235-b544-7fc4da2f2594} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{937f343c-c9c2-4235-b544-7fc4da2f2594}\ not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{C8AE1891-D19D-4385-91E0-D7B9428BC657}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C8AE1891-D19D-4385-91E0-D7B9428BC657}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{C9D931A8-1CD3-4759-8B1A-4A6725610C4B}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C9D931A8-1CD3-4759-8B1A-4A6725610C4B}\ not found.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-1476532508-3764544762-616238270-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{472734EA-242A-422b-ADF8-83D1E48CC825} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{472734EA-242A-422b-ADF8-83D1E48CC825}\ not found.
Registry value HKEY_USERS\S-1-5-21-1476532508-3764544762-616238270-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{937f343c-c9c2-4235-b544-7fc4da2f2594} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{937f343c-c9c2-4235-b544-7fc4da2f2594}\ not found.
HKEY_USERS\S-1-5-21-1476532508-3764544762-616238270-1000\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-1476532508-3764544762-616238270-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_USERS\S-1-5-21-1476532508-3764544762-616238270-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.
Registry key HKEY_USERS\S-1-5-21-1476532508-3764544762-616238270-1000\Software\Microsoft\Internet Explorer\SearchScopes\{7862071E-B3FA-41BB-A18E-3AC338D16751}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7862071E-B3FA-41BB-A18E-3AC338D16751}\ not found.
Registry key HKEY_USERS\S-1-5-21-1476532508-3764544762-616238270-1000\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}\ not found.
Registry key HKEY_USERS\S-1-5-21-1476532508-3764544762-616238270-1000\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found.
Registry key HKEY_USERS\S-1-5-21-1476532508-3764544762-616238270-1000\Software\Microsoft\Internet Explorer\SearchScopes\{9F2BCDDF-8BC2-420C-BC28-612FFF81A334}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9F2BCDDF-8BC2-420C-BC28-612FFF81A334}\ not found.
Registry key HKEY_USERS\S-1-5-21-1476532508-3764544762-616238270-1000\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
Registry key HKEY_USERS\S-1-5-21-1476532508-3764544762-616238270-1000\Software\Microsoft\Internet Explorer\SearchScopes\{C9D931A8-1CD3-4759-8B1A-4A6725610C4B}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C9D931A8-1CD3-4759-8B1A-4A6725610C4B}\ not found.
Registry key HKEY_USERS\S-1-5-21-1476532508-3764544762-616238270-1000\Software\Microsoft\Internet Explorer\SearchScopes\{D590CFFB-B341-4BC9-A6EC-ADD604F1C796}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D590CFFB-B341-4BC9-A6EC-ADD604F1C796}\ not found.
HKU\S-1-5-21-1476532508-3764544762-616238270-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKU\S-1-5-21-1476532508-3764544762-616238270-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\MozillaPlugins\@tools.google.com/Google Update;version=3\ deleted successfully.
C:\Users\2nd\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll moved successfully.
Registry key HKEY_CURRENT_USER\Software\MozillaPlugins\@tools.google.com/Google Update;version=9\ deleted successfully.
File C:\Users\2nd\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99079a25-328f-4bd4-be04-00955acaa0a7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{28387537-e3f9-4ed7-860c-11e69af4a8a0} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{937f343c-c9c2-4235-b544-7fc4da2f2594} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{937f343c-c9c2-4235-b544-7fc4da2f2594}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{99079a25-328f-4bd4-be04-00955acaa0a7} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1476532508-3764544762-616238270-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3}\ not found.
Registry value HKEY_USERS\S-1-5-21-1476532508-3764544762-616238270-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{937F343C-C9C2-4235-B544-7FC4DA2F2594} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{937F343C-C9C2-4235-B544-7FC4DA2F2594}\ not found.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeAAMUpdater-1.0 deleted successfully.
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe moved successfully.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Nach Microsoft E&xcel exportieren\ deleted successfully.
64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Nach Microsoft E&xel exportieren\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Nach Microsoft E&xcel exportieren\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Nach Microsoft E&xel exportieren\ not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\Windows\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{74ab65ee-013b-11df-89ec-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{74ab65ee-013b-11df-89ec-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{74ab65ee-013b-11df-89ec-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{74ab65ee-013b-11df-89ec-806e6f6e6963}\ not found.
File I:\.\Bin\ASSETUP.exe not found.
C:\Windows\SysWow64\tmpD817.tmp deleted successfully.
C:\Windows\SysWow64\tmpD818.tmp deleted successfully.
C:\ProgramData\zak_lo0i7g.pad moved successfully.
ADS C:\Windows:D71DBE6E793714E3 deleted successfully.
ADS C:\ProgramData\TEMP:DFC5A2B2 deleted successfully.
C:\Users\2nd\AppData\Roaming\hellomoto folder moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1476532508-3764544762-616238270-1000UA1cc09a654a4e488.job moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1476532508-3764544762-616238270-1000UA.job moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job moved successfully.
C:\Windows\Tasks\AutoKMS.job moved successfully.
C:\Windows\Tasks\Adobe Flash Player Updater.job moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1476532508-3764544762-616238270-1000Core1cc09a65244a480.job moved successfully.
C:\Windows\Tasks\AutoKMSDaily.job moved successfully.
C:\Users\2nd\AppData\Roaming\Babylon folder moved successfully.
========== FILES ==========
C:\Users\2nd\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk moved successfully.
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\2nd\Desktop\cmd.bat deleted successfully.
C:\Users\2nd\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: 2nd
->Temp folder emptied: 211729893 bytes
->Temporary Internet Files folder emptied: 662892105 bytes
->Java cache emptied: 25383022 bytes
->Google Chrome cache emptied: 242280100 bytes
->Apple Safari cache emptied: 9010176 bytes
->Flash cache emptied: 57013 bytes
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56502 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 629905 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50434 bytes
RecycleBin emptied: 349340 bytes
 
Total Files Cleaned = 1.099,00 mb
 
 
[EMPTYFLASH]
 
User: 2nd
->Flash cache emptied: 0 bytes
 
User: All Users
 
User: Default
->Flash cache emptied: 0 bytes
 
User: Default User
->Flash cache emptied: 0 bytes
 
User: Public
 
Total Flash Files Cleaned = 0,00 mb
 
 
OTL by OldTimer - Version 3.2.55.0 log created on 07312012_113514

Files\Folders moved on Reboot...
C:\Users\2nd\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...
File C:\Users\2nd\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!

Registry entries deleted on Reboot...

t'john · 31.07.2012, 10:45

Sehr gut!

Wie laeuft der Rechner?

1. Schritt

Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Malwarebytes Anti-Malware
- Anwendbar auf Windows 2000, XP, Vista und 7.
- Installiere das Programm in den vorgegebenen Pfad.
- Aktiviere "Komplett Scan durchführen" => Scan.
- Wähle alle verfügbaren Laufwerke (ausser CD/DVD) aus und starte den Scan.
- Funde bitte löschen lassen oder in Quarantäne.
- Wenn der Scan beendet ist, klicke auf "Zeige Resultate".

danach:

2. Schritt

Downloade Dir bitte AdwCleaner auf deinen Desktop.

Starte die adwcleaner.exe mit einem Doppelklick.
Klicke auf Search.
Nach Ende des Suchlaufs öffnet sich eine Textdatei.
Poste mir den Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner[R1].txt.

Serti · 31.07.2012, 11:42

Hallo,

der Rechner läuft soweit wieder normal, er beschäftigt sich bloß gerade mit anderen Dingen als sonst.

Mfg
Serti

Code:

ATTFilter

 Malwarebytes Anti-Malware  (Test) 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.07.31.06

Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
2nd :: 2ND-PC [Administrator]

Schutz: Aktiviert

31.07.2012 11:48:24
mbam-log-2012-07-31 (11-48-24).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|G:\|J:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 595204
Laufzeit: 49 Minute(n), 2 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

Code:

ATTFilter

# AdwCleaner v1.703 - Logfile created 07/31/2012 at 12:38:46
# Updated 20/07/2012 by Xplode
# Operating system : Windows 7 Ultimate  (64 bits)
# User : 2nd - 2ND-PC
# Running from : C:\Users\2nd\Desktop\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

Folder Found : C:\Users\2nd\AppData\Local\Babylon
Folder Found : C:\Users\2nd\AppData\Local\Ilivid Player
Folder Found : C:\Users\2nd\AppData\LocalLow\Conduit
Folder Found : C:\Users\2nd\AppData\LocalLow\searchquband
Folder Found : C:\Users\2nd\AppData\LocalLow\Searchqutoolbar
Folder Found : C:\Users\2nd\AppData\LocalLow\Suche_Deutschland
Folder Found : C:\ProgramData\Babylon
Folder Found : C:\ProgramData\boost_interprocess
Folder Found : C:\Program Files (x86)\Conduit
Folder Found : C:\Program Files (x86)\Suche_Deutschland
Folder Found : C:\Program Files (x86)\vShare.tv plugin

***** [Registry] *****
[*] Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2303923
Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\AppDataLow\Software\searchqutoolbar
Key Found : HKCU\Software\AppDataLow\Toolbar
Key Found : HKCU\Software\Cr_Installer
Key Found : HKCU\Software\DataMngr
Key Found : HKCU\Software\Softonic
Key Found : HKCU\Software\StartSearch
Key Found : HKCU\Software\SweetIm
Key Found : HKCU\Software\vshare.tv
Key Found : HKLM\SOFTWARE\Babylon
Key Found : HKLM\SOFTWARE\Classes\AppID\BHO.DLL
Key Found : HKLM\SOFTWARE\Conduit
Key Found : HKLM\SOFTWARE\DT Soft
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Suche_Deutschland Toolbar
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Windows Searchqu Toolbar
Key Found : HKLM\SOFTWARE\SearchquMediabarTb
Key Found : HKLM\SOFTWARE\Suche_Deutschland
Key Found : HKLM\SOFTWARE\SweetIM
Key Found : HKLM\SOFTWARE\Wise Solutions
Value Found : HKCU\Software\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]
[x64] Key Found : HKCU\Software\AppDataLow\Software\Conduit
[x64] Key Found : HKCU\Software\AppDataLow\Software\searchqutoolbar
[x64] Key Found : HKCU\Software\AppDataLow\Toolbar
[x64] Key Found : HKCU\Software\Cr_Installer
[x64] Key Found : HKCU\Software\DataMngr
[x64] Key Found : HKCU\Software\Softonic
[x64] Key Found : HKCU\Software\StartSearch
[x64] Key Found : HKCU\Software\SweetIm
[x64] Key Found : HKCU\Software\vshare.tv
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\BHO.DLL
[x64] Key Found : HKLM\SOFTWARE\DataMngr
[x64] Value Found : HKCU\Software\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]

***** [Registre - GUID] *****

Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{8F97BFF8-488B-4107-BCEE-B161AB4E4183}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{A1B48071-416D-474E-A13B-BE5456E7FC31}
Key Found : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{79D60450-56C5-4A8C-9321-6D5BC2A81E5A}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{99C22A61-21BA-4F81-85FF-CDC9EB5DB10B}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F97BFF8-488B-4107-BCEE-B161AB4E4183}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F97BFF8-488B-4107-BCEE-B161AB4E4183}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A1B48071-416D-474E-A13B-BE5456E7FC31}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{28387537-E3F9-4ED7-860C-11E69AF4A8A0}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{937F343C-C9C2-4235-B544-7FC4DA2F2594}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{28387537-E3F9-4ED7-860C-11E69AF4A8A0}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{937F343C-C9C2-4235-B544-7FC4DA2F2594}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A1B48071-416D-474E-A13B-BE5456E7FC31}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{3D782BB2-F2A5-11D3-BF4C-000000000000}
[x64] Key Found : HKLM\SOFTWARE\Classes\TypeLib\{79D60450-56C5-4A8C-9321-6D5BC2A81E5A}
[x64] Key Found : HKLM\SOFTWARE\Classes\TypeLib\{99C22A61-21BA-4F81-85FF-CDC9EB5DB10B}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F97BFF8-488B-4107-BCEE-B161AB4E4183}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{28387537-E3F9-4ED7-860C-11E69AF4A8A0}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{937F343C-C9C2-4235-B544-7FC4DA2F2594}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{28387537-E3F9-4ED7-860C-11E69AF4A8A0}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{937F343C-C9C2-4235-B544-7FC4DA2F2594}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A1B48071-416D-474E-A13B-BE5456E7FC31}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Google Chrome v20.0.1132.57

File : C:\Users\2nd\AppData\Local\Google\Chrome\User Data\Default\Preferences

Found :       "homepage": "hxxp://search.imesh.com",
Found :                "description": "vshare.tv plugin",
Found :                "name": "vshare plugin",
Found :                   "path": "chvsharetvplg.dll",
Found :    "homepage": "hxxp://search.imesh.com",
Found :          "name": "vShare.tv plug-in",
Found :          "path": "C:\\Users\\2nd\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\kp[...]
Found :          "name": "vShare.tv plug-in"
Found :          "path": "C:\\Users\\2nd\\AppData\\LocalLow\\Unity\\WebPlayer\\loader\\npUnity3D32.dll",

*************************

AdwCleaner[R1].txt - [7329 octets] - [31/07/2012 12:38:46]

########## EOF - C:\AdwCleaner[R1].txt - [7457 octets] ##########

t'john · 31.07.2012, 11:45

Sehr gut!

Schließe alle offenen Programme und Browser.
Starte die adwcleaner.exe mit einem Doppelklick.
Klicke auf Delete.
Bestätige jeweils mit Ok.
Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
Poste mir den Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner[S1].txt.

danach:

Malware-Scan mit Emsisoft Anti-Malware

Lade die Gratisversion von => Emsisoft Anti-Malware herunter und installiere das Programm.
Lade über Jetzt Updaten die aktuellen Signaturen herunter.
Wähle den Freeware-Modus aus.

Wähle Detail Scan und starte über den Button Scan die Überprüfung des Computers.
Am Ende des Scans nichts loeschen lassen!. Mit Klick auf Bericht speichern das Logfile auf dem Desktop speichern und hier in den Thread posten.

Anleitung: http://www.trojaner-board.de/103809-...i-malware.html

Serti · 31.07.2012, 13:37

Die nächsten beiden...

Code:

ATTFilter

# AdwCleaner v1.703 - Logfile created 07/31/2012 at 13:16:31
# Updated 20/07/2012 by Xplode
# Operating system : Windows 7 Ultimate  (64 bits)
# User : 2nd - 2ND-PC
# Running from : C:\Users\2nd\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Users\2nd\AppData\Local\Babylon
Folder Deleted : C:\Users\2nd\AppData\Local\Ilivid Player
Folder Deleted : C:\Users\2nd\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\2nd\AppData\LocalLow\searchquband
Folder Deleted : C:\Users\2nd\AppData\LocalLow\Searchqutoolbar
Folder Deleted : C:\Users\2nd\AppData\LocalLow\Suche_Deutschland
Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\ProgramData\boost_interprocess
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\Suche_Deutschland
Folder Deleted : C:\Program Files (x86)\vShare.tv plugin

***** [Registry] *****
[*] Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2303923
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\searchqutoolbar
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\Cr_Installer
Key Deleted : HKCU\Software\DataMngr
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\StartSearch
Key Deleted : HKCU\Software\SweetIm
Key Deleted : HKCU\Software\vshare.tv
Key Deleted : HKLM\SOFTWARE\Babylon
Key Deleted : HKLM\SOFTWARE\Classes\AppID\BHO.DLL
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKLM\SOFTWARE\DT Soft
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Suche_Deutschland Toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Windows Searchqu Toolbar
Key Deleted : HKLM\SOFTWARE\SearchquMediabarTb
Key Deleted : HKLM\SOFTWARE\Suche_Deutschland
Key Deleted : HKLM\SOFTWARE\SweetIM
Key Deleted : HKLM\SOFTWARE\Wise Solutions
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]
[x64] Key Deleted : HKLM\SOFTWARE\DataMngr

***** [Registre - GUID] *****

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8F97BFF8-488B-4107-BCEE-B161AB4E4183}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A1B48071-416D-474E-A13B-BE5456E7FC31}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{79D60450-56C5-4A8C-9321-6D5BC2A81E5A}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{99C22A61-21BA-4F81-85FF-CDC9EB5DB10B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F97BFF8-488B-4107-BCEE-B161AB4E4183}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F97BFF8-488B-4107-BCEE-B161AB4E4183}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A1B48071-416D-474E-A13B-BE5456E7FC31}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{28387537-E3F9-4ED7-860C-11E69AF4A8A0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{937F343C-C9C2-4235-B544-7FC4DA2F2594}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{28387537-E3F9-4ED7-860C-11E69AF4A8A0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{937F343C-C9C2-4235-B544-7FC4DA2F2594}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A1B48071-416D-474E-A13B-BE5456E7FC31}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3D782BB2-F2A5-11D3-BF4C-000000000000}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Google Chrome v20.0.1132.57

File : C:\Users\2nd\AppData\Local\Google\Chrome\User Data\Default\Preferences

Deleted :       "homepage": "hxxp://search.imesh.com",
Deleted :                "description": "vshare.tv plugin",
Deleted :                "name": "vshare plugin",
Deleted :                   "path": "chvsharetvplg.dll",
Deleted :    "homepage": "hxxp://search.imesh.com",
Deleted :          "name": "vShare.tv plug-in",
Deleted :          "path": "C:\\Users\\2nd\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\kp[...]
Deleted :          "name": "vShare.tv plug-in"
Deleted :          "path": "C:\\Users\\2nd\\AppData\\LocalLow\\Unity\\WebPlayer\\loader\\npUnity3D32.dll",

*************************

AdwCleaner[R1].txt - [7408 octets] - [31/07/2012 12:38:46]
AdwCleaner[S1].txt - [5528 octets] - [31/07/2012 13:16:31]

########## EOF - C:\AdwCleaner[S1].txt - [5656 octets] ##########

Code:

ATTFilter

Emsisoft Anti-Malware - Version 6.6
Letztes Update: 31.07.2012 13:42:02

Scan Einstellungen:

Scan Methode: Detail Scan
Objekte: Rootkits, Speicher, Traces, C:\, D:\, E:\, F:\, G:\, J:\
Archiv Scan: An
ADS Scan: An

Scan Beginn:	31.07.2012 13:42:18

Key: hkey_current_user\software\imesh 	gefunden: Trace.Registry.imesh!E1
Value: hkey_current_user\software\imesh --> lastopenfiledir 	gefunden: Trace.Registry.imesh!E1
C:\Windows\KMSEmulator.exe 	gefunden: Riskware.ActivationTool.KMS!E2
C:\Users\2nd\Downloads\OTK2010V214\Office 2010 Toolkit.exe 	gefunden: Trojan.Win32.Tool.Keygen!E1
F:\FUSSBALL MANAGER 10\Manager10.exe 	gefunden: possible-Threat.Crack.FifaManager!E2
F:\FUSSBALL MANAGER 10\Crack\Manager10.exe 	gefunden: possible-Threat.Crack.FifaManager!E2
G:\Software Win7\SuperUtils.ExifCleaner\SuperUtils.ExifCleaner.v1.4.6.92.Incl.Keygen-Lz0\SuperUtils.ExifCleaner.v1.4.6.92.Incl.Keygen-Lz0\Lz0\Keygen.exe 	gefunden: possible-Threat.Activator!E2

Gescannt	851031
Gefunden	7

Scan Ende:	31.07.2012 14:35:56
Scan Zeit:	0:53:38

G:\Software Win7\SuperUtils.ExifCleaner\SuperUtils.ExifCleaner.v1.4.6.92.Incl.Keygen-Lz0\SuperUtils.ExifCleaner.v1.4.6.92.Incl.Keygen-Lz0\Lz0\Keygen.exe	Quarantäne possible-Threat.Activator!E2
F:\FUSSBALL MANAGER 10\Manager10.exe	Quarantäne possible-Threat.Crack.FifaManager!E2
F:\FUSSBALL MANAGER 10\Crack\Manager10.exe	Quarantäne possible-Threat.Crack.FifaManager!E2
C:\Users\2nd\Downloads\OTK2010V214\Office 2010 Toolkit.exe	Quarantäne Trojan.Win32.Tool.Keygen!E1
C:\Windows\KMSEmulator.exe	Quarantäne Riskware.ActivationTool.KMS!E2
Key: hkey_current_user\software\imesh	Quarantäne Trace.Registry.imesh!E1
Value: hkey_current_user\software\imesh --> lastopenfiledir	Quarantäne Trace.Registry.imesh!E1

Quarantäne	7

t'john · 31.07.2012, 13:48

Sehr gut!

Deinstalliere:
Emsisoft Anti-Malware

ESET Online Scanner

Vorbereitung

Schließe evtl. vorhandene externe Festplatten und/oder sonstigen Wechselmedien (z. B. evtl. vorhandene USB-Sticks) an den Rechner an.
Bitte während des Online-Scans Anti-Virus-Programm und Firewall deaktivieren.
Vista/Win7-User: Bitte den Browser unbedingt als Administrator starten.

Los geht's

Lade und starte Eset Smartinstaller
Haken setzen bei YES, I accept the Terms of Use.
Klick auf Start.
Haken setzen bei Remove found threads und Scan archives.
Klick auf Start.
Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Finish drücken.
Browser schließen.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (manchmal auch C:\Programme\Eset\log.txt) suchen und mit Deinem Editor öffnen.
Logfile hier posten.
Deinstallation: Systemsteuerung => Software => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Serti · 31.07.2012, 15:41

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=35d8ca046e0bdb408b4539423d2d36ee
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-07-31 02:39:34
# local_time=2012-07-31 04:39:34 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776574 66 85 5151 95369243 0 0
# compatibility_mode=8192 67108863 100 0 87 87 0 0
# scanned=423077
# found=1
# cleaned=1
# scan_time=6181
G:\Software Win7\Nero 9.4.26.0\Nero_BackItUpAndBurn-1.2.17b_update.exe	Win32/Toolbar.AskSBar application (cleaned by deleting - quarantined)	00000000000000000000000000000000	C

t'john · 31.07.2012, 15:46

Java aktualisieren

Dein Java ist nicht mehr aktuell. Älter Versionen enthalten Sicherheitslücken, die von Malware missbraucht werden können.

Downloade dir bitte die neueste Java-Version von hier
Speichere die jxpiinstall.exe
Schließe alle laufenden Programme. Speziell deinen Browser.
Starte die jxpiinstall.exe. Diese wird den Installer für die neueste Java Version ( Java 7 Update 5 ) herunter laden.
Wenn die Installation beendet wurde
Start --> Systemsteuerung --> Programme und deinstalliere alle älteren Java Versionen.
Starte deinen Rechner neu sobald alle älteren Versionen deinstalliert wurden.

Nach dem Neustart

Öffne erneut die Systemsteuerung --> Programme und klicke auf das Java Symbol.
Im Reiter Allgemein, klicke unter Temporäre Internetdateien auf Einstellungen.
Klicke auf Dateien löschen....
Gehe sicher das überall ein Hacken gesetzt ist und klicke OK.
Klicke erneut OK.

Dann so einstellen: http://www.trojaner-board.de/105213-...tellungen.html

Serti · 31.07.2012, 15:59

Erledigt

t'john · 31.07.2012, 16:03

Sehr gut!

damit bist Du sauber und entlassen!

Tool-Bereinigung mit OTL

Wir werden nun die CleanUp!-Funktion von OTL nutzen, um die meisten Programme, die wir zur Bereinigung installiert haben, wieder von Deinem System zu löschen.

Bitte lade Dir (falls noch nicht vorhanden) OTL von OldTimer herunter.
Speichere es auf Deinem Desktop.
Doppelklick auf OTL.exe um das Programm auszuführen.
Vista- und Windows 7-User starten mit Rechtsklick auf das Programm-Icon und wählen "Als Administrator ausführen".
Klicke auf den Button "Bereinigung"
OTL fragt eventuell nach einem Neustart.
Sollte es dies tun, so lasse dies bitte zu.

Anmerkung: Nach dem Neustart werden OTL und andere Helferprogramme, die Du im Laufe der Bereinigung heruntergeladen hast, nicht mehr vorhanden sein. Sie wurden entfernt. Es ist daher Ok, wenn diese Programme nicht mehr vorhanden sind. Sollten noch welche übrig geblieben sein, lösche sie manuell.

Zurücksetzen der Sicherheitszonen

Lasse die Sicherheitszonen wieder zurücksetzen, da diese manipuliert wurden um den Browser für weitere Angriffe zu öffnen.
Gehe dabei so vor: http://www.trojaner-board.de/111805-...ecksetzen.html

Aufräumen mit CCleaner

Lasse mit CCleaner (Download) (Anleitung) Fehler in der

Registry beheben (mehrmals, solange bis keine Fehler mehr gefunden werden) und
temporäre Dateien löschen.

Lektuere zum abarbeiten:
http://www.trojaner-board.de/90880-d...tallation.html
http://www.trojaner-board.de/105213-...tellungen.html
PluginCheck
http://www.trojaner-board.de/96344-a...-rechners.html
Secunia Online Software Inspector
http://www.trojaner-board.de/71715-k...iendungen.html
http://www.trojaner-board.de/83238-a...sschalten.html

Serti · 31.07.2012, 16:23

Große Klasse, ich danke dir.

GVU 2.07 auf Win 7 64bit

Plagegeister aller Art und deren Bekämpfung: GVU 2.07 auf Win 7 64bit